Manalyze report for e5bd9ce66ca906935aa07c36a4f6e74a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:02
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
FileVersion	`0.3.1.5`
ProductVersion	`0.3.1.5`
CompanyName	Albu Cristian
FileDescription	Advanced Onion Router
InternalName	AdvOR
LegalCopyright	Copyright © by Albu Cristian, 2009-2017
OriginalFilename	AdvOR.exe
ProductName	Advanced Onion Router

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services CurrentVersion\Run`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW LoadLibraryW` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAlloc VirtualAllocEx WriteProcessMemory` `Code injection capabilities (mapping injection): CreateFileMappingW CreateRemoteThread MapViewOfFile` `Can access the registry: RegCloseKey RegCreateKeyExA RegDeleteValueA RegOpenKeyExA RegQueryValueExA RegSetValueExA RegisterHotKey` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptAcquireContextW CryptGenRandom CryptReleaseContext` `Can create temporary files: CreateFileA CreateFileW GetTempPathA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualAllocEx VirtualProtect` `Leverages the raw socket API to access the Internet: WSACleanup WSAGetLastError WSAIoctl WSASetLastError WSAStartup accept bind closesocket connect gethostbyname gethostname getservbyname getsockname getsockopt htonl htons inet_addr inet_ntoa ioctlsocket listen ntohl ntohs recv recvfrom select send sendto setsockopt socket` `Manipulates other processes: OpenProcess ReadProcessMemory WriteProcessMemory` `Can take screenshots: CreateCompatibleDC GetDC`

Hashes

MD5	`e5bd9ce66ca906935aa07c36a4f6e74a`
SHA1	`8ae9374abfad718c6e390cb9d255f7225312efbf`
SHA256	`a8e18c96c2c007a69764206c00df8b8ed5223d9b79b4ae94a43e7ecd41596231`
SHA3	`b1ba15109c8336070c993516aa2a059b1aa8e0e70253e793072b5d3763f463db`
SSDeep	`196608:06RfGQYatacQrJjQh5BZL9szLvwYdo7C+jIb1wyQG/Cu/UyvJGuko8DU+VWbVQ5:LzYata79jQhxmlzb`
Imports Hash	`a3c1ab093c47891d58ec1b05c0af16c4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	1970-Jan-01 00:00:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x96e000`
SizeOfInitializedData	`0xab8000`
SizeOfUninitializedData	`0x7a00`
AddressOfEntryPoint	`0x00001300 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x96f000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xac5000`
SizeOfHeaders	`0x1000`
Checksum	`0xabd6d4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`40988662e25bb7ebe3c56070d50330bb`
SHA1	`c91817d6e8044573df4347f109fc1763cf080479`
SHA256	`f2853d1006bfc1a333f1ae88dadfb678b06dbae9874bee61cfd3d055f9c10101`
SHA3	`672ca7a91046c8fd20485c90df8447a41274a983539cd4c12c2613ca673a1c2c`
VirtualSize	`0x96d0ac`
VirtualAddress	`0x1000`
SizeOfRawData	`0x96e000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_128BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.71894`

.data

MD5	`f2deb8f776070fbd8c897d5379200512`
SHA1	`a724be00fdc4f7ccd2bd8e94aaa6beebfae6cc78`
SHA256	`cc786a7f3f4b5d579673233e4f5c340fd3c8aee69bcac53a2dbcd93141acc441`
SHA3	`94accd41372b42666587e835100eb261bc3efea113e72b838acdac0a5a447a24`
VirtualSize	`0x1f530`
VirtualAddress	`0x96f000`
SizeOfRawData	`0x1f600`
PointerToRawData	`0x96f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.42061`

.rdata

MD5	`15b8571aab3464dca8b35551382f8329`
SHA1	`8749f3a198bfd249b1a5630cc3457df2e3ec8390`
SHA256	`098802c6ae080aa3841e3b5beba4ce8d5ad06832b2c4a6d6c2de38b2c4c3a6f4`
SHA3	`943c819276089f494b0235060ebb17a677a2d9f8e1af642be23f51ecf1251418`
VirtualSize	`0xa7778`
VirtualAddress	`0x98f000`
SizeOfRawData	`0xa7800`
PointerToRawData	`0x98e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96035`

.eh_fram

MD5	`40b8cba492269523871b0dac3be147f9`
SHA1	`4429e5939cc48cb3bf00b81d52700d057e9696e9`
SHA256	`69a3191378d0eb223ef5468442761f0e2eea1508b059ec3c5fc4d39b317d024e`
SHA3	`f9d1e729009663aa8cfb579201858512e3429bf590204a80d8bb15eec3e99d19`
VirtualSize	`0x6b7c0`
VirtualAddress	`0xa37000`
SizeOfRawData	`0x6b800`
PointerToRawData	`0xa35e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.04899`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x79e0`
VirtualAddress	`0xaa3000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`e57e074ee6ea3e9f516017094c8f1e0e`
SHA1	`02be763b0dc5cc68efe93ec7e5aba029718d486c`
SHA256	`4a8f99b137f3fdbc9cc19a127befa76f7380c0564e87803a8cf5bec13499ad1e`
SHA3	`69d86e0c0731ff2a79ed7b2e2c7972d451bc534487d3e188df60f15bc46f3295`
VirtualSize	`0x29c0`
VirtualAddress	`0xaab000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0xaa1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.53464`

.CRT

MD5	`0f91b8f122222adf3be685b9db09d92e`
SHA1	`e1a0f7d4cec2eaae49f06d1185ef4d0f3fcd4b4b`
SHA256	`17b26d4a6282e4b8c745299ce10541cf5fe1b62cd00fbcdb233c3e95b4864cb4`
SHA3	`02bc7b6dafb775b6a837dfc5ee3ac8e8a6fcfe1c8c5b4e903b105c6dd1aff182`
VirtualSize	`0x18`
VirtualAddress	`0xaae000`
SizeOfRawData	`0x200`
PointerToRawData	`0xaa4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.11837`

.tls

MD5	`155c6c5e8f23c79f564da1297f88eaaf`
SHA1	`7817e03fc2e41a95e7f60716b26f6def32725153`
SHA256	`660a08f8db2231f7a3f653de25ee54c9ff5978574226ef2e1c557220bf35a520`
SHA3	`b6e9b030f0faca05afa923a54d7f58bc7df4603273a7b3cf393541dc6e008927`
VirtualSize	`0x20`
VirtualAddress	`0xaaf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xaa4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.22482`

.rsrc

MD5	`7a718cbacafac95f26096c1063ee0f75`
SHA1	`797ef3dde996b696fe67cec29193cd6d5fbc88ce`
SHA256	`65c48f7eb6bf19a63796a46aa5439896f5265c1d869aee253d39d1fa03601cda`
SHA3	`57457797f850ce7c6a334b0fe813dfd708e40788404addd696e45a353bd79590`
VirtualSize	`0x14b70`
VirtualAddress	`0xab0000`
SizeOfRawData	`0x14c00`
PointerToRawData	`0xaa4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.05005`

Imports

ADVAPI32.DLL	`CryptAcquireContextA` `CryptAcquireContextW` `CryptGenRandom` `CryptReleaseContext` `DeregisterEventSource` `RegCloseKey` `RegCreateKeyExA` `RegDeleteValueA` `RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA` `RegisterEventSourceW` `ReportEventW`
COMCTL32.DLL	`InitCommonControls`
COMDLG32.DLL	`GetOpenFileNameW` `GetSaveFileNameW`
GDI32.dll	`CreateCompatibleDC` `CreateDIBSection` `CreatePen` `DeleteDC` `DeleteObject` `GetStockObject` `Rectangle` `SelectObject` `SetBkMode` `SetROP2` `SetTextColor` `StretchDIBits` `TextOutA`
KERNEL32.dll	`CloseHandle` `ConvertFiberToThread` `ConvertThreadToFiber` `CreateFiber` `CreateFileA` `CreateFileMappingW` `CreateFileW` `CreateIoCompletionPort` `CreateMutexA` `CreateRemoteThread` `CreateSemaphoreA` `CreateThread` `DeleteCriticalSection` `DeleteFiber` `DeleteFileW` `EnterCriticalSection` `ExitProcess` `ExitThread` `FindClose` `FindFirstFileA` `FindFirstFileW` `FindNextFileA` `FindNextFileW` `FormatMessageA` `FreeLibrary` `GetCommandLineA` `GetCommandLineW` `GetConsoleMode` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentVariableW` `GetExitCodeProcess` `GetExitCodeThread` `GetFileAttributesW` `GetFileSize` `GetFileTime` `GetFileType` `GetLastError` `GetLocalTime` `GetModuleFileNameA` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetQueuedCompletionStatus` `GetStdHandle` `GetSystemDirectoryA` `GetSystemTime` `GetSystemTimeAsFileTime` `GetTempPathA` `GetTickCount` `GetVersion` `GetVersionExA` `GlobalAlloc` `GlobalFree` `GlobalMemoryStatus` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `InterlockedCompareExchange` `InterlockedExchange` `InterlockedExchangeAdd` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExW` `LoadLibraryW` `LocalAlloc` `LocalFlags` `LocalFree` `LocalLock` `LocalSize` `LocalUnlock` `MapViewOfFile` `MoveFileW` `MultiByteToWideChar` `OpenMutexA` `OpenProcess` `PostQueuedCompletionStatus` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReadConsoleA` `ReadConsoleW` `ReadFile` `ReadProcessMemory` `ReleaseSemaphore` `RemoveDirectoryW` `ResumeThread` `SetConsoleMode` `SetCurrentDirectoryW` `SetFilePointer` `SetLastError` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SuspendThread` `SwitchToFiber` `SystemTimeToFileTime` `TerminateProcess` `TerminateThread` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnmapViewOfFile` `VirtualAlloc` `VirtualAllocEx` `VirtualFree` `VirtualFreeEx` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `WriteProcessMemory`
msvcrt.dll	`_close` `_open` `_stat` `_strdup` `_stricmp` `_stricoll` `_unlink` `_write`
msvcrt.dll (#2)	`_close` `_open` `_stat` `_strdup` `_stricmp` `_stricoll` `_unlink` `_write`
SHELL32.DLL	`SHGetMalloc` `SHGetPathFromIDListA` `SHGetSpecialFolderLocation` `SHGetSpecialFolderPathA` `Shell_NotifyIconA`
USER32.dll	`AppendMenuA` `AppendMenuW` `BringWindowToTop` `CallWindowProcA` `CheckDlgButton` `CheckMenuItem` `ClientToScreen` `CreateDialogParamW` `CreatePopupMenu` `CreateWindowExA` `DefWindowProcA` `DestroyMenu` `DestroyWindow` `DialogBoxParamW` `EnableWindow` `EndDialog` `EnumWindows` `FindWindowExA` `GetCapture` `GetClassLongA` `GetClientRect` `GetCursorPos` `GetDC` `GetDesktopWindow` `GetDlgItem` `GetDlgItemInt` `GetDlgItemTextA` `GetDlgItemTextW` `GetForegroundWindow` `GetParent` `GetProcessWindowStation` `GetScrollPos` `GetScrollRange` `GetUserObjectInformationW` `GetWindowDC` `GetWindowLongA` `GetWindowPlacement` `GetWindowRect` `GetWindowTextW` `GetWindowThreadProcessId` `InsertMenuA` `InsertMenuW` `InvalidateRect` `InvertRect` `IsDlgButtonChecked` `IsIconic` `IsWindowEnabled` `IsWindowVisible` `IsZoomed` `KillTimer` `LoadCursorA` `LoadIconA` `MessageBoxA` `MessageBoxW` `MoveWindow` `PostMessageA` `RedrawWindow` `RegisterClassExA` `RegisterHotKey` `ReleaseCapture` `ReleaseDC` `ScreenToClient` `SendDlgItemMessageA` `SendDlgItemMessageW` `SendMessageA` `SendMessageW` `SetCapture` `SetClassLongA` `SetCursor` `SetDlgItemInt` `SetDlgItemTextA` `SetDlgItemTextW` `SetFocus` `SetForegroundWindow` `SetScrollPos` `SetScrollRange` `SetTimer` `SetWindowLongA` `SetWindowPos` `SetWindowTextA` `SetWindowTextW` `ShowScrollBar` `ShowWindow` `TrackPopupMenu` `UnregisterHotKey` `WindowFromPoint`
WS2_32.dll	`WSACleanup` `WSAGetLastError` `WSAIoctl` `WSASetLastError` `WSAStartup` `accept` `bind` `closesocket` `connect` `gethostbyname` `gethostname` `getservbyname` `getsockname` `getsockopt` `htonl` `htons` `inet_addr` `inet_ntoa` `ioctlsocket` `listen` `ntohl` `ntohs` `recv` `recvfrom` `select` `send` `sendto` `setsockopt` `socket`

Delayed Imports

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38877`
MD5	`b87c19d7e1afb5e98d31787a1565e144`
SHA1	`95fa8f022144c1f4e5a5cc9ebe17e5649868c299`
SHA256	`a5dd722907b5ee6b5062bfe39ad7a9e87f8b64b8668d7f6a51dbe066eb069d32`
SHA3	`e59c137b750aa62867020633c1a3260d4c9feaf10837a6245b47d229330efea4`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18578`
MD5	`6e914246ad9da8af11a07c19a7a90e15`
SHA1	`072cacc43ce71b4edb549edee9c147f36543d441`
SHA256	`a8adb93247032a4ecb62c7e39bac0b33e7bbf18e789bf4b996d3b3cdb15a16d4`
SHA3	`b639892d5bd57b2aef41945d5cc05004993c564c279f3a81efb27ccc7b90ac31`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76852`
MD5	`1f178c8f054a87f549d3eaaa4932ba2b`
SHA1	`befce30c999ce16bfc9f574bf08aba985740ee30`
SHA256	`f4d245b6863a4d002c7986d1c4082dc6b1ce29d8508b4415aec723f27b300973`
SHA3	`592e48521cdc3271cb9b6b7c4b5d23a6fc6379d5ed6d4513ecdd8f57fd64c1de`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61383`
MD5	`0865a6d555f70cfd5691c072f2ad6a77`
SHA1	`d3446526ab990fdbe8b07fa0fc7b80ecce470b12`
SHA256	`a33645683ca93eeabc76c6192ac2588fd61e7ec621068d4ff7d8d7cc15c9af8e`
SHA3	`937668cf3c7880ff49418037f23793b1e9cd1e480dae2ff350918b10c9ef6ca2`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.08696`
MD5	`3e544e81611f9cd330cb804a824f4173`
SHA1	`38f3b4ed304115ae244a8bb00e7d8fed7e55fce4`
SHA256	`975728deb2c34bfcb8c20619c5da72d4948188b9ef1071e210cac5b210645a44`
SHA3	`041235081d5d3d98d5481b829317c53474602834fe8d8778d282babedadddc4b`

1000

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x380`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12433`
MD5	`d256b789924f3559562b4b9b69cbb46d`
SHA1	`3ba16ad4a78a6e01f5cebf72bd2fbdcf14cd2ffe`
SHA256	`2968a06d26a79e5350d44b4aec87121b7d7d7a7bbdd4e6e75a60fb91833cd685`
SHA3	`58411672dfca34d9a3cc8153ebbdf5f6c5745bfd7f84bf469ee6e1c15c774fc4`

1001

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x424`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3296`
MD5	`17cbc8aadb90ab5f0780674b703458f5`
SHA1	`838b303325fdea4d7ca86fd35bd2d69656d79d4c`
SHA256	`6c6fbb1d522db06e21a7590b0c982fa79ce8ee53504c68108dd95da290535403`
SHA3	`3dd7af70b43b843cdb3997f7418241153b32aed1101e506998c6ae66b040bdd8`

1002

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22632`
MD5	`1e19372bbb8ba4b2b1626dca47bbb04a`
SHA1	`1b60d4cca34411e8e23786b5802d9cbecdd9bbc3`
SHA256	`dbcf77bbba15f831707a711a7a656e225a17e39f01fbef1e965b65d80e6794c5`
SHA3	`f42d17932a9eaeff571dbe86810c26bf3227236966c199b449cf8a92375bbdf5`

1003

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x34c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02572`
MD5	`aae5e3a04f09bf604a6fdc39fbb6bad8`
SHA1	`4090f320c96589d50109bfcd8952d0475d9fa730`
SHA256	`dbbcbe7007c3596b41ba814a3a033fa644f95df7474862b4c9c9aa5c5619e0ec`
SHA3	`b032b39d9d0140af732cfd92ebf7c46eedf3ff7f9d63d5b47f5abb337b4cb93b`

1004

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15759`
MD5	`1c3039d7341afa05e12732377579acf8`
SHA1	`1a9c85e2411726b9c547b6b59fe0e740af933901`
SHA256	`bd9e6adb0afb18d3d9585bc48e4b31cb9b89f756635d4a05cc2ae3543e34d0eb`
SHA3	`c95760299e6fce4f2de3a3c935fc7041b8207e3fcf385e970e59f7f0068579a9`

1005

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14634`
MD5	`742b5a77b59bc615d235004eaeb05226`
SHA1	`c50c5bbe0ffc96b3582891cbac964fb9e62f2854`
SHA256	`6b4da14d12a3813ff3d1bb1e01f29656c40ed575e18e3546c04517e7c9951e69`
SHA3	`58b5b6ba68d9015cf32169010d91d5c80459c0c43cd5a462f8f69773cc29b964`

1006

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21914`
MD5	`9c81d5eb055e55546c19e40f53e61b79`
SHA1	`c9d05fec0e60ba010fce225a7436bcbe1ae2f4bb`
SHA256	`17a8d2f6e50ba73210a3e85729991e2233e0ffb452a278fc0827ccb822661b77`
SHA3	`31e68065caaee2a9e7d7b04989c73cfac4434deac35bd42528eefa9196048801`

1010

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ca`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28975`
MD5	`d8b09f8a9da8dcfad5104fde962248af`
SHA1	`0bbfefc52c5490ec5c76cb566538b90b015d2bd4`
SHA256	`8fef1f59f59e174f349a0e0f01c063f574d6f4816be6d785484193d3bd0da901`
SHA3	`8d0feec7ad7d12f097da68e1ae8611ac2d5e332aa4825b2a4b84ebb16585c08c`

1011

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x34c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17699`
MD5	`b2dfe50913e079a2070545c126624862`
SHA1	`d4b7c32fa7094836465aa7e666965d917c3aaf2f`
SHA256	`6d7e1a7585ab26160b2d9bb8a0b0728a4c837f5ea1812a01d547ba850f372e38`
SHA3	`b616abdb8e54e974455d4bb9e4c7ca8d85108cd04d84fb104d139c03378af550`

1012

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26791`
MD5	`0f87af58da7ff5d17eab6edce806c99e`
SHA1	`cffa4e291ca2d617c8eaeea621d42a7f4c231561`
SHA256	`c31efac0c4f1adf047f78e8a01c3af19990e508db997c0188ce5dc6472ed30fa`
SHA3	`3451aab2ab5822ee14d276a012a66c2220ca221f45d7ea11426bfad642193627`

1013

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17327`
MD5	`85ef41a2d0c062cf19304313de43f67c`
SHA1	`96d977d3859b871ac87ab5641c333caac00eb342`
SHA256	`1b344245b941e9d9a66929d173e3b250922b8826346a4564e48bd1f5cdb4d5c4`
SHA3	`cb9f1b1dcc718d839666b23fcf74f7c3956042af8a9eee58ef16ca952d69d211`

1014

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18608`
MD5	`236a2a146a445896d7ccf57aab8d1b13`
SHA1	`1005d8cb244f86c75311557eb077084559f2b74b`
SHA256	`7325c9f3bb9f6c9e923967710335fa7bd5ff6fe277a0bdb5e666e0c07c3c6c84`
SHA3	`2391f00247a03581543ce161e3be858d5c949785d4a0b471a85909ce212f385b`

1015

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20851`
MD5	`adf2aee116c146559910c3f9c03d61ae`
SHA1	`748e0a9589c852d6ec8a740d841d168b2a8efdd4`
SHA256	`6ca6b5e59d617ba0c83154e3f2f58e95fd2d21abb73d46a14924cd21629c2690`
SHA3	`f8057e6ae527139bf5be0cceb7a1aad8eeaab749f71358c676399a4005774fd3`

1100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x738`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3788`
MD5	`6c5dbf55f58c5ecf1eca4331b8feb40d`
SHA1	`0d7cbc234a5c8b5a3015914f5531eb749e694217`
SHA256	`462f60bf9763e9792681ec43b196b4e93435e3081b7d1e8bbd3af1549d1ed76c`
SHA3	`bada219c3cbd6d1b1617e739297b2266b4ae7623563a0cfe031a5b61f8d009e3`

1101

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x876`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41656`
MD5	`b106fb3d8f110820e2d68032ced41368`
SHA1	`d2a0d7abc63ed685b29d6b43e8513e5dcd407b0d`
SHA256	`b3c64a9c93280c103215d1750f91917d9203816f14416ab53c55d132e9812fd0`
SHA3	`b4a4db6ff5fcb52d0ce2dc92fa84cae789192f43d328e2b2e73b85a22b6b0389`

1102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x53c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40187`
MD5	`1d4145be5e2e27853ca879cd0d5fa3ec`
SHA1	`daef934a427007aa0a5777bd8902fc9ca1143f1a`
SHA256	`f53854b9e19c160c7f0d2f4fe247ffd59c4e2e27d49ab2a0fa42be30cc4bcb79`
SHA3	`10df154905467b1e18fbcef1f82fa239f6a20fe6e109819594b1df6100062e38`

1103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36539`
MD5	`8f5dc9c7ab57189603cae432cda028ad`
SHA1	`3a7040940ec01104e319445dfa54ca8d38b3923d`
SHA256	`ae7505194a7b9f66a08f5407fd3be8fc7ec754495d03554fbeff553102f53761`
SHA3	`f5606c3b8d72f52adf6bce479db6846c70e38a1302264f47ed2c2a1e70311272`

1104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3564`
MD5	`53d1180d8c177a02a48d191e160165e3`
SHA1	`daa69bb761467dfaf2fa8dabc3a52baa955f76ae`
SHA256	`218df53d00ebe638f4d4f6de39f3edfd85e8429bf8fbead8d47468fa7c305520`
SHA3	`e64f98826ab135a2d57b057b0cce57cc916f43c36f1fa765b8811c31eeb3281f`

1105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9de`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46436`
MD5	`d469b35f9bcbffda7111a3f77191ac07`
SHA1	`44c07ba99f1f5bf5ba844538ee52204296d82977`
SHA256	`f2ec23a50091b264366050b68fd19c4bf32e10bb6c48e434df5e809cf3559c96`
SHA3	`ae594be036b1f66401617e5ab6664d2de80bd8d018b5a42369d23e8b463af1b9`

1106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x72e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3061`
MD5	`37841ae3dfd56f9ec55f7ffe02975048`
SHA1	`4b2132da2f435869d3de679faafc8a2834ae8e52`
SHA256	`904cf9dab7cc4ab521c801c5eb7b874667ecb48b0792b5472e58a53f180ebca5`
SHA3	`117d72f62111d3f7d8ca9b0acfdce31f5d4187189ab7b6640873b9cef8a60bd1`

1107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9698`
MD5	`309a87cbdc99290d7415823ea2a20bbb`
SHA1	`6e5dc7f5ab0b33946904b157e84163c14748959f`
SHA256	`db93707074243ec12e23cc3857c7ec9144f3e1e214ff71aa50a381233a338711`
SHA3	`b616a3bf9439325fd81f9869239780ec0fcf52a299679e780d465aa0db0493b2`

1108

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45792`
MD5	`ca5a26af78cd3e88e000eb6019bfafca`
SHA1	`5b1540e4c14a73a9b3e5a7e7e1e9e20d7b4e2419`
SHA256	`f164156c4874de46edb3f6015b2edd8965b7a62519b8ff4ee9a4f115f67615e8`
SHA3	`0004b0efb31aa24018275953207bd69572386ed3089d17c178c9861a42c4c341`

1109

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x104`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25331`
MD5	`ead120784d68a354dff8ddde5cb30b71`
SHA1	`efe6fd65798afce222770787eb1a629095d2eb57`
SHA256	`fdc8d4761a651cb1051d2497287384dcbff6450591b0569fac8f57266e050f7f`
SHA3	`0caefae5c715c27d19d541bc4c3a4f8a5c4cd918d8b59d2680041c5e0401c6e4`

1110

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x920`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37539`
MD5	`782ab001f5f6b345182d1e6ecf199917`
SHA1	`cfe02469d60082a411bcf305b1c2373962adc245`
SHA256	`4a8ed07a6fe579c3878c84c012a6c39a7d6ef2a6d923b7255df03f5277860298`
SHA3	`2c63a4a2ecd4f7b2c9b510f6a9c5a52b596a2eb8a7fcec0c0299f1e5fac79fa7`

1111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x402`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0966`
MD5	`614fcc24a6ec894375388c3d262f72e6`
SHA1	`6537047787b7c30f6e1048adf04c6a19abfda486`
SHA256	`916bb869961b6e25b5b8a16d108be6b328393f24b4b3d808f48c53cca48d498f`
SHA3	`6a191fbad2a138c0127bd019d555c0ecaedf0650cfa3e915863d860a7d245d80`

1112

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x196`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12383`
MD5	`6e10ae93c4ed5fdae4847abf5f7838e6`
SHA1	`01179ffa8dd41af8e778dd54532b4a25259808af`
SHA256	`d0bb53ff31794c3e79267ee2736edec1fa91a40a2a01f1638420bae957aae3a1`
SHA3	`49044d146ebf8f6e1abf87f7f0ed58981dd5c34ce49e87b654f48a7cd12a43ba`

1113

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76706`
MD5	`c4e739ee51781e2a616d2cdf938e6d71`
SHA1	`d51d11c20819128d9039ea9c7e092ee6f32be4a6`
SHA256	`faf0a95ae958c770ec429997d03422b258f278a8cd85a068276aaba0d1592a56`
SHA3	`fd16a037857e8ce63f920b8fd5aa7cb5b2f0bc39af8ce3dc20c58eb4f7c317ca`

1114

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51919`
MD5	`59d48d506b7a66a90906fe79bce194e2`
SHA1	`58ceb2f0eba3168ca42598c908180274a1676072`
SHA256	`8889142b7d8feef9778e94adf3b5be6f074c886bca08b04f30f1241e4a5d546f`
SHA3	`d1f9d6e2d32faccca874c80cfbf61c9023113dd3267b78d57975c741eef4484e`

1115

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45342`
MD5	`0424faf2462cd72bcb03018578206f76`
SHA1	`81694825e66c8ef929b1ef352652b28194b875db`
SHA256	`2948183b780720748be3d790c2e6a4cfd43163df24cc097f5043a8ea2156b295`
SHA3	`ffec94df913faf23135938e2c6bb884a70c0e244a9a6f0e94a1ea6cc49ac51dc`

1116

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7a2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39591`
MD5	`9bd29a498e8f7cdaa4bcb37ed60e2e2a`
SHA1	`5e45bff881f757c3477b75366a65b5c75519c026`
SHA256	`f74fd7a0e27aa43776860d0da3b8c95272182a1e8332342f8f096eeac86215a8`
SHA3	`e8cd8a0dbcc66d3457d133bd25c017a15cfa8835b8d817dc96c1b71120422f51`

1117

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44694`
MD5	`d063f584c44ff7078dc40ca8bfacfd07`
SHA1	`c5588dc1cc470a30ed446fcd2d63bcee8dc0dd42`
SHA256	`f51c19509fffb59cf601319e5d13b35b70ea8023eab7ea2c58f51883c84e5b6e`
SHA3	`cf4999b09417ff547c472354e4bf22d1a9a52c5067bf75e3eedf09bed25994b1`

1118

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x332`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50243`
MD5	`4f77f85752d24092f98eb6c5203b8be7`
SHA1	`7fd452f6649a1e93158a92622517e62209a1bd09`
SHA256	`10a7b21dfbd3c55594f0f6a6038b545e44c8a897d24c5bfa03a73c5f8c4adaac`
SHA3	`512b9ed330b76ac954203fc070329f735428e191ae1b3d8a572ad5cce6865079`

1119

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x49e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3724`
MD5	`44a09644f03a5904788bef2d17f6349c`
SHA1	`8a6b0b26cf317be65510e2e1f0bca80eab89e2e3`
SHA256	`fac0534d1b1b1bff560174bee1cfaa8526e0d73b58c5a08631f5890bc07007d1`
SHA3	`7518d60f3c21bfab2cf72dd4ca5ce2a4abc7735c7eecae878f710f9ec9dd19c3`

1120

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1378`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40715`
MD5	`d350fbc28ede07ab22006601371fd6de`
SHA1	`519816379152e01f67cdc50f64ea02fa440cc0cf`
SHA256	`1d91a2ede25b09137ccfb87a43ee4c694bafe1b3f6ff251899abe6078c9723a8`
SHA3	`ca1397c54fb39d7f7b15cd97f5abe3e786fe699107c51993f5a12ade8fd8ca0f`

1121

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x24a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16888`
MD5	`bd5020c9073a3ecee219c2a580674994`
SHA1	`9e122b8a46a7082f3a2a7cfca3d2730688e4bdea`
SHA256	`69e6fccd050bea45cb58b2ecc4ca423b51c6d546f5e539d8b0894e67fbba8ab8`
SHA3	`d456d17fb4d13365e77e962e6fceacc6bc8717bd4d7cc6e8729f01cca4d7512c`

1122

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34138`
MD5	`2a39a88854f0d10b51d06918d6a0dec6`
SHA1	`0e8ec789621cf5015099a5144a05df3bd8010d9a`
SHA256	`7a58c62635a5ede7f64efe728773e56b3665c64223941e2bcd61b812e0a424fb`
SHA3	`5f51954c0369df85f3febee8508beda1de2d15ff03a051425cd8b6a34531608a`

1123

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31762`
MD5	`f9a292b00fa4f9756e64313acd518ffd`
SHA1	`360a2085fa50253eafd9ab32142051c259ac01c9`
SHA256	`e22578c9c0c0814a5b025291df4bd8b1631978b795a552487d45e85723c66f8a`
SHA3	`f3433051b86e77d2352795645904386877e4c1d24c56b0c31671a96d25dc39d1`

10

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`72d28244d045b9329b8e22ed00bc2a63`
SHA1	`88f957e442aaa65964eff07b6c58d8fd4f4c9116`
SHA256	`89849cdd66c9e609d62998beb10e409a3a78d96a6e8111c77a484d848dc54976`
SHA3	`5c78aba2136deb9bc2886e0a634de7da9fd3570c624e16421f217d6a8e150f64`
Preview

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`8e72e7ddbef7df09a4f7b469f9c31952`
SHA1	`7ce9b388d9c40fc2a481ef425b6dfecbe0525104`
SHA256	`006291c263d07b15ea9473fa0cd550fbcc45dabbcb907ab3e7c2b64b037dbfdb`
SHA3	`207badb9a264a3605895fb6a7bb8555072f65dbe2bd38f6ed62f8d3f8b318932`

2 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83321`
Detected Filetype	Icon file
MD5	`339fae252ee947f71448ee78133e7663`
SHA1	`91f8c3a7587f5398ef53e82aa322627deb55b060`
SHA256	`2561671578bdb7efa455169fb2c74c18ca6865a9fd6bfac6c20abc741b53bc62`
SHA3	`52f42fd83f3e466f82c979f5a208a696b8c5cbeae34deb587f1475540eb08fe9`

3 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83321`
Detected Filetype	Icon file
MD5	`c4b22959c25a1c70d0b0cb68af9d34e7`
SHA1	`0bffd581a8f6fc65706c3f067abe0ee22573e6c9`
SHA256	`be722235c5faee24b92ab2437d4e786efa28b43431b0901deb3cb485ab166031`
SHA3	`6f7059ec6782ec72596670a95e797bf353977e5533ca71e268e9f62aaef33960`

9

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83321`
Detected Filetype	Icon file
MD5	`59bfd49dca0a79444232c14936422fd1`
SHA1	`6a7194e562d7abe9ca0860a5081bf787f38be58b`
SHA256	`ce13f17bfae8667f965abd289ad5604cab5612c43a945a551f67b75d4f67b4b9`
SHA3	`afa37f4fdd9b318fad0a103fdfe904bc456d57e69c7f4ec9886c6797bfca462c`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4196`
MD5	`80cd8dd8d4c707fc88f0a249efc36c2b`
SHA1	`714937bb78371f85b28b347bd6df8820204e479c`
SHA256	`a03a3823999f28a881c5ed677b1d42299ff7db8df589ef2f17a21d293f7a870f`
SHA3	`707a4f74f150c69c0c66b374f35be90506a0a82e3e532a17cd52aa6b6d08c2b6`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.3.1.5
ProductVersion	0.3.1.5
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
FileVersion (#2)	0.3.1.5
ProductVersion (#2)	0.3.1.5
CompanyName	Albu Cristian
FileDescription	Advanced Onion Router
InternalName	AdvOR
LegalCopyright	Copyright © by Albu Cristian, 2009-2017
OriginalFilename	AdvOR.exe
ProductName	Advanced Onion Router

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0xeaf001`
EndAddressOfRawData	`0xeaf01c`
AddressOfIndex	`0xea6fcc`
AddressOfCallbacks	`0xeae004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00D60540` `0x00D604F0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!