Manalyze report for e64405507428ec6fac64a3bbc0955cf2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Mar-13 02:40:18
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: github.com http://185.193.66.217 http://185.193.66.217/initialize http://185.193.66.217/post https://github.com https://indiantypefoundry.comNinad https://scripts.sil.org https://scripts.sil.org/OFLThis https://scripts.sil.org/OFLhttps paint.net scripts.sil.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW` `Code injection capabilities: CreateRemoteThread VirtualAllocEx WriteProcessMemory` `Can access the registry: RegQueryValueExA RegSetValueExA RegCloseKey RegCreateKeyExA RegOpenKeyExA` `Possibly launches other programs: CreateProcessA` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptReleaseContext CryptGenRandom` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Has Internet access capabilities: WinHttpCloseHandle WinHttpConnect WinHttpReadData WinHttpQueryDataAvailable WinHttpOpenRequest WinHttpAddRequestHeaders WinHttpSendRequest WinHttpReceiveResponse WinHttpOpen` `Enumerates local disk drives: GetVolumeInformationA` `Manipulates other processes: WriteProcessMemory` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`e64405507428ec6fac64a3bbc0955cf2`
SHA1	`405a56c357e759730cd73621eaf88568bf67f922`
SHA256	`f04e02e9821e1494e0b76bdda05fcbeaaf45dfe8b102f25d68844fd793ac609e`
SHA3	`eabb0276c724c23625567e37ed71d8eb6a252ce6159c3df9df8b8c3516ae56bf`
SSDeep	`98304:c1iho/hxo5LMcHrTzRisFeEB6GR+9XSUL:pho5CFXHrv0sutC`
Imports Hash	`2a429805d07a5c055cd386da92f60c9c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Mar-13 02:40:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xbce00`
SizeOfInitializedData	`0x322400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000082300 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3e3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5c269b6ee70cae163a3fc7fa3dc5d421`
SHA1	`7049f732cdfd656f9aa9e524866563e6a6322758`
SHA256	`8cb663ef74521b252438547aadfc79c0ee2ee32d12da4931aef1e4d408f52354`
SHA3	`802c26ed2172a5553f085ede7951b849574d7bc63acd3ad704c6da2e96824b5c`
VirtualSize	`0xbcdcc`
VirtualAddress	`0x1000`
SizeOfRawData	`0xbce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55812`

.rdata

MD5	`ef59d890cf5e68852ee72561a5f2962b`
SHA1	`a12aa7b095f2d49e39c8826df6756606938c461d`
SHA256	`0e1c9f9467d939f8b1dabc72cadc5102afdfc374dff7ab5fcd122b050f0a9857`
SHA3	`c5f3d276f80ec97ec51bc4ad179fb71510ea38a1ae7405d10b415539e4dee5a5`
VirtualSize	`0x2fdea`
VirtualAddress	`0xbe000`
SizeOfRawData	`0x2fe00`
PointerToRawData	`0xbd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.47271`

.data

MD5	`ea7c8f852f18c9b3996735815c095b04`
SHA1	`890be487f636f4a1119ee9e374cf807338176205`
SHA256	`1369429371ff5e31187b315c1cd2a7a4f2b346ccae2e0d75438c36f386a9e7a6`
SHA3	`2ce2e8b930233bfc1fd43f701acde0bac9aafa82ecc3a156e6f26106ff3b1983`
VirtualSize	`0x27fb9c`
VirtualAddress	`0xee000`
SizeOfRawData	`0x27b200`
PointerToRawData	`0xed000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.87631`

.pdata

MD5	`76b41ff94ad03a67ba9c6414f6d0c253`
SHA1	`c7a0add5bf4a3be41d7516e22a914abd4b2c5c5a`
SHA256	`cda0f2fb00339d1a479c07073f29381835a2263938d64d4876562245379dba2c`
SHA3	`52f067695987799994149a69202fabd34eccf37952a8ed5a36cc590eea6eb1fe`
VirtualSize	`0x765c`
VirtualAddress	`0x36e000`
SizeOfRawData	`0x7800`
PointerToRawData	`0x368200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.82538`

_RDATA

MD5	`6170854c7dcee9e23f9f80524dbf208e`
SHA1	`8f4f7d2b3c21c19e63b0512765438302c4e7704c`
SHA256	`a392c8101597372751136697b7cbe60c35d97acb0831e23fecdaa15d7cdeb694`
SHA3	`7b60a7cbffe3f20815ed67542999270fd6fcb11dc28cf62a7897f53ad30fdad9`
VirtualSize	`0xf4`
VirtualAddress	`0x376000`
SizeOfRawData	`0x200`
PointerToRawData	`0x36fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.44603`

.rsrc

MD5	`639a58cbb158ae12ca693cde0a8d2aab`
SHA1	`014d1668558a95023535b476a2724a383859e080`
SHA256	`13888f342ffc91f687e2045a772f82d2b5e5a2ec20208063c22e251da0bf7e62`
SHA3	`e58e358e69b6ead61b78f56615392a9efd885a3957d739045bf659d70aa424ea`
VirtualSize	`0x69470`
VirtualAddress	`0x377000`
SizeOfRawData	`0x69600`
PointerToRawData	`0x36fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.4015`

.reloc

MD5	`b0ff89ba2756ccc0604f91d215be1306`
SHA1	`a308edb203bd06ab9760aca632bf4db7359941d9`
SHA256	`687afed5f02fc26948b780e366b53ad5b56277c85a29432cb01ca9a434f02eca`
SHA3	`579bd8159d5059b420264ba684dae2769b41a1ba786708d1a57ed4e363b36054`
VirtualSize	`0x1964`
VirtualAddress	`0x3e1000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x3d9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41989`

Imports

KERNEL32.DLL	`GetProcAddress` `LoadLibraryA` `CreateRemoteThread` `VirtualAllocEx` `WriteProcessMemory` `CloseHandle` `Sleep` `GetCurrentProcess` `TerminateProcess` `CreateThread` `OpenThread` `ResumeThread` `CreateProcessA` `GetModuleFileNameA` `GetLastError` `SetLastError` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `HeapSize` `HeapReAlloc` `GetTimeZoneInformation` `GetFileSizeEx` `SetFilePointerEx` `QueryPerformanceCounter` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `FreeLibrary` `CompareStringW` `GetFileType` `HeapFree` `HeapAlloc` `WriteFile` `GetStdHandle` `GetModuleFileNameW` `GetModuleHandleExW` `ExitProcess` `ReadFile` `LoadLibraryExW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `RtlUnwindEx` `InterlockedPushEntrySList` `RaiseException` `RtlPcToFileHeader` `GetCPInfo` `GetStringTypeW` `VerSetConditionMask` `WideCharToMultiByte` `MultiByteToWideChar` `GlobalFree` `GlobalLock` `GlobalUnlock` `GlobalAlloc` `GetComputerNameA` `GetVolumeInformationA` `LCMapStringW` `QueryPerformanceFrequency` `GetModuleHandleA` `CreateFileW` `SetEndOfFile` `WriteConsoleW` `ReadConsoleW` `RtlUnwind` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `InitializeSListHead` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `GetModuleHandleW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `LCMapStringEx`
ADVAPI32.dll	`CryptAcquireContextA` `RegQueryValueExA` `RegSetValueExA` `RegCloseKey` `CryptReleaseContext` `CryptGenRandom` `RegCreateKeyExA` `RegOpenKeyExA`
d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCOMPILER_43.dll	`D3DCompile`
d3dx11_43.dll	`D3DX11CreateShaderResourceViewFromMemory`
GDI32.dll	`GetDeviceCaps`
IMM32.dll	`ImmReleaseContext` `ImmAssociateContextEx` `ImmSetCompositionWindow` `ImmSetCandidateWindow` `ImmGetContext`
USER32.dll	`OpenClipboard` `CloseClipboard` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `TrackMouseEvent` `DefWindowProcA` `UnregisterClassA` `GetDesktopWindow` `GetWindowRect` `UpdateWindow` `GetAsyncKeyState` `PostQuitMessage` `PeekMessageA` `DispatchMessageA` `TranslateMessage` `EnumDisplayMonitors` `GetMonitorInfoA` `MonitorFromWindow` `LoadCursorA` `SetWindowLongW` `SetWindowLongA` `GetWindowLongW` `WindowFromPoint` `ScreenToClient` `ClientToScreen` `GetCursorPos` `SetCursor` `SetCursorPos` `RegisterClassExA` `GetClientRect` `SetWindowTextW` `ReleaseDC` `GetDC` `SetForegroundWindow` `GetForegroundWindow` `ReleaseCapture` `SetCapture` `GetCapture` `GetKeyState` `SetFocus` `BringWindowToTop` `IsIconic` `SetWindowPos` `SetLayeredWindowAttributes` `ShowWindow` `DestroyWindow` `IsChild` `CreateWindowExA` `AdjustWindowRectEx`
WINHTTP.dll	`WinHttpCloseHandle` `WinHttpConnect` `WinHttpReadData` `WinHttpQueryDataAvailable` `WinHttpOpenRequest` `WinHttpAddRequestHeaders` `WinHttpSendRequest` `WinHttpReceiveResponse` `WinHttpOpen`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06358`
MD5	`a2ca05e6237618825ded91eca2c87106`
SHA1	`a1cd6cee3ee519368448bcd8b361192686a44f5b`
SHA256	`b9ccb29477abd7c182ac7bcd6a9ba070fa4b0f1fa74eda6e13dd8595316e050e`
SHA3	`36de07cf863945b2232e3b541bf107c14e80b0216d516863ec7dcd935f4818ea`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68495`
MD5	`f2fb0cb4034dc4fa3c29ea13405d43fd`
SHA1	`ab599aafcdb692a62ba812cdddc30e03d50249ca`
SHA256	`5f405d1dea6dcd73d04a83ec753929dddcef8fb76f3a69f37d77a2f1b2bfe942`
SHA3	`a88c896cb390f78cd8417bfd2adb5ec4292ebb8ab9a0a34dff88fb938070c8d6`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27566`
MD5	`7ca946e5ab9ef1133a2150214e803ae7`
SHA1	`b83da8d1e589137a84112d780d056c80d6114afa`
SHA256	`ab4234218cda6f28450c1119046875d7d0c5c53fbd10ad2438c729d8522d721e`
SHA3	`984d2d73950504813c31c97056096995eb37837a125750a02752960661f84271`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63436`
MD5	`9043c546390378b792afdc2084cdf0ee`
SHA1	`723baec0c4df3890f91bb1e2ec45e33dcd6fca26`
SHA256	`c1b829d4e5d3f4f92b1b45c6c805b313fe6db490c2f0d10e083dc0aa9e1a2879`
SHA3	`c7cacef2f8bf122fc30301d8244f5f49aee63b054bc9d760afbc3dd7a56c032a`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.37364`
MD5	`00e99dcc94924034fa6dbaf49049c818`
SHA1	`71afb46cb56a4cb8b58c755addc1c2edd6c41470`
SHA256	`5415528f3ae606bfbacb9188eb2a943d8d96978f05d8ac098a2996261ee1488f`
SHA3	`cd155f5775d3cef0a77894b59583cf741dc6f48d66e43130bf2d8725d985f57f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21053`
MD5	`0056fc09e893bb31380db2e96d8d6a88`
SHA1	`177621e55f44f73fba94ee0df6679956c4ea560e`
SHA256	`b73f6ff18036525e6653cd0bdfd4b84adfac0d4b40262fb16b5e526fb54470fa`
SHA3	`bc89b4f3859e9aaf4c48542cb3b266060f2a99778003901928f32272d0242c3a`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03658`
MD5	`920eb17fb45ab317ac1ece4a17cc76aa`
SHA1	`b875b745371117ec7ffd806b553832b2d94e2b9a`
SHA256	`a3f55b92a6165c58c2d365d54e5a44a9610cd6197be49cd45af3e4725955d830`
SHA3	`870c3ea8b7cca263d7bccf8359e5738f9df50a362a702cf63de4ac10367e5362`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85689`
MD5	`4e711f572af2fc961c67c49e7a5ef9c2`
SHA1	`f9df7dba8c543ba6ea9612cf6033e69d6ffc0905`
SHA256	`51dbea2ee2fa75fd6189597aee8ff067e8823463a8e7d56ca9af0cd2da8ac4ea`
SHA3	`ea80014d76840b5ba91be94cc54f5075bb900d6763fff761d6066e2b24a47e24`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcd75`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98745`
Detected Filetype	PNG graphic file
MD5	`76dd3658acb7c77ea44a828002f31939`
SHA1	`d4cd34784771e016ff6b57ebe0be406a84a6281c`
SHA256	`d12703443c713c73e352dad667d956210404f37a1909939b5e8537f0bed54af8`
SHA3	`7ce66e4b7f97f3734f2a625be141fbe2a91f64a4ce1a123911748e601cd03bb4`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.06358`
MD5	`a2ca05e6237618825ded91eca2c87106`
SHA1	`a1cd6cee3ee519368448bcd8b361192686a44f5b`
SHA256	`b9ccb29477abd7c182ac7bcd6a9ba070fa4b0f1fa74eda6e13dd8595316e050e`
SHA3	`36de07cf863945b2232e3b541bf107c14e80b0216d516863ec7dcd935f4818ea`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68495`
MD5	`f2fb0cb4034dc4fa3c29ea13405d43fd`
SHA1	`ab599aafcdb692a62ba812cdddc30e03d50249ca`
SHA256	`5f405d1dea6dcd73d04a83ec753929dddcef8fb76f3a69f37d77a2f1b2bfe942`
SHA3	`a88c896cb390f78cd8417bfd2adb5ec4292ebb8ab9a0a34dff88fb938070c8d6`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27566`
MD5	`7ca946e5ab9ef1133a2150214e803ae7`
SHA1	`b83da8d1e589137a84112d780d056c80d6114afa`
SHA256	`ab4234218cda6f28450c1119046875d7d0c5c53fbd10ad2438c729d8522d721e`
SHA3	`984d2d73950504813c31c97056096995eb37837a125750a02752960661f84271`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63436`
MD5	`9043c546390378b792afdc2084cdf0ee`
SHA1	`723baec0c4df3890f91bb1e2ec45e33dcd6fca26`
SHA256	`c1b829d4e5d3f4f92b1b45c6c805b313fe6db490c2f0d10e083dc0aa9e1a2879`
SHA3	`c7cacef2f8bf122fc30301d8244f5f49aee63b054bc9d760afbc3dd7a56c032a`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.37364`
MD5	`00e99dcc94924034fa6dbaf49049c818`
SHA1	`71afb46cb56a4cb8b58c755addc1c2edd6c41470`
SHA256	`5415528f3ae606bfbacb9188eb2a943d8d96978f05d8ac098a2996261ee1488f`
SHA3	`cd155f5775d3cef0a77894b59583cf741dc6f48d66e43130bf2d8725d985f57f`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21053`
MD5	`0056fc09e893bb31380db2e96d8d6a88`
SHA1	`177621e55f44f73fba94ee0df6679956c4ea560e`
SHA256	`b73f6ff18036525e6653cd0bdfd4b84adfac0d4b40262fb16b5e526fb54470fa`
SHA3	`bc89b4f3859e9aaf4c48542cb3b266060f2a99778003901928f32272d0242c3a`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03658`
MD5	`920eb17fb45ab317ac1ece4a17cc76aa`
SHA1	`b875b745371117ec7ffd806b553832b2d94e2b9a`
SHA256	`a3f55b92a6165c58c2d365d54e5a44a9610cd6197be49cd45af3e4725955d830`
SHA3	`870c3ea8b7cca263d7bccf8359e5738f9df50a362a702cf63de4ac10367e5362`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.85689`
MD5	`4e711f572af2fc961c67c49e7a5ef9c2`
SHA1	`f9df7dba8c543ba6ea9612cf6033e69d6ffc0905`
SHA256	`51dbea2ee2fa75fd6189597aee8ff067e8823463a8e7d56ca9af0cd2da8ac4ea`
SHA3	`ea80014d76840b5ba91be94cc54f5075bb900d6763fff761d6066e2b24a47e24`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcd75`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98745`
Detected Filetype	PNG graphic file
MD5	`76dd3658acb7c77ea44a828002f31939`
SHA1	`d4cd34784771e016ff6b57ebe0be406a84a6281c`
SHA256	`d12703443c713c73e352dad667d956210404f37a1909939b5e8537f0bed54af8`
SHA3	`7ce66e4b7f97f3734f2a625be141fbe2a91f64a4ce1a123911748e601cd03bb4`

109

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71163`
MD5	`2886ccd7dc1bd6dec8413a00b53046a0`
SHA1	`a09dea8ae745541a9d191d42d68510db8f648b5d`
SHA256	`a29831e4a3fac395e2aa86df5a0906ed2beebda018745be869477d636148f7af`
SHA3	`fc89873b946c12a8b176b7eff05b2c4445b56a96c045e40e9d49ecc09a4d0fcb`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17495`
MD5	`9bba896e57477ff734cade3154363abb`
SHA1	`1413054572e0fef6fd39d47315382e2b170f09ce`
SHA256	`646e4dbaabcd05bdb796f695c3386cc258e44fd6591e29583fa33d5a126b140d`
SHA3	`909f774f2eb8857c6d27f30261c5631774665f4d6a534cbaac5f80bf5b2c72ff`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.23951`
MD5	`e26d4628dbbe2a52d256028c1d0e99c3`
SHA1	`1ca333fb78d59e4d85a4b708a074eee67117b3dd`
SHA256	`73257d6c5a7a3eed7931d67ccb67ab3c610d84e9b5bb57095f51b968d9e6d1fd`
SHA3	`bd2fb4fd1426d7d5b2bca07ea59a6eb173e15dd6dc26a731dcbbfdcc2b240942`

109 (#2)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03466`
Detected Filetype	Icon file
MD5	`8279ecf0581daa157c2d64b91e3f9aa4`
SHA1	`5e88084834df306e26484c53a365580cd668c874`
SHA256	`0d6b9a43345e0b9d80a90d1701042daeed73525a0cf119ed87964e82df975980`
SHA3	`15a87a817857c5bb135b3c339ed1180567c8a4c15961d42645f8604024ae47de`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09886`
Detected Filetype	Icon file
MD5	`620c52fe6bbda7e0ba3ec40cfc2e7fcc`
SHA1	`9e6069ed9d7d64bfb7d602f2f29da53de30275fb`
SHA256	`174bf17a925e062c6d14ce88551279a51fb6b8a84a9f4de92ba87ed8d3fb08ae`
SHA3	`3e083857a862be18e5911b2456809d09b08ffafcbb21f9bc594d3afc13afea99`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

String Table contents

login-client
LOGINCLIENT

Version Info

TLS Callbacks

StartAddressOfRawData	`0x1400e2448`
EndAddressOfRawData	`0x1400e2450`
AddressOfIndex	`0x14036c1a0`
AddressOfCallbacks	`0x1400be7b0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1403657d8`

RICH Header

XOR Key	`0x3b02b1f8`
Unmarked objects	`0`
C objects (27412)	`26`
ASM objects (27412)	`23`
C++ objects (27412)	`187`
C++ objects (30034)	`92`
C objects (30034)	`17`
ASM objects (30034)	`10`
Imports (27412)	`16`
C++ objects (VS 2015/2017/2019 runtime 29913)	`37`
ASM objects (VS 2015/2017/2019 runtime 29913)	`1`
Imports (21202)	`7`
Total imports	`239`
C objects (30157)	`2`
C++ objects (30157)	`15`
Resource objects (30157)	`1`
151	`1`
Linker (30157)	`1`

e64405507428ec6fac64a3bbc0955cf2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

109

103

7 (#2)

109 (#2)

107

108

1 (#2)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors