Manalyze report for e6e92ca1b5da8fbe18b7ec16e4de51092065a38c9ec7be9513024c43d1d5cdee

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Jun-20 09:04:20
Detected languages	English - United Kingdom
TLS Callbacks	1 callback(s) detected.
FileVersion	`0.0.0.6`
Comments	http://n1kobg.blogspot.com/
FileDescription	Optimizes System Memory
ProductName	MemoryBooster_v2.0
ProductVersion	`3.3.14.5`
CompanyName	n1kobgâ¢
LegalCopyright	Â© 2019 n1kobg
LegalTradeMarks	n1kobgâ¢

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regsvr32.exe` `May have dropper capabilities: CurrentControlSet\Services` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: blogspot.com cacerts.digicert.com crl3.digicert.com crl4.digicert.com digicert.com http://cacerts.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0 http://crl3.digicert.com http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O http://crl3.digicert.com/sha2-ha-cs-g1.crl00 http://crl4.digicert.com http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 http://crl4.digicert.com/sha2-ha-cs-g1.crl0L http://n1kobg.blogspot.com http://n1kobg.blogspot.com/ http://ocsp.digicert.com0A http://ocsp.digicert.com0C http://ocsp.digicert.com0I http://ocsp.digicert.com0R http://www.digicert.com http://www.digicert.com/ssl-cps-repository.htm0 https://www.digicert.com https://www.digicert.com/CPS0 n1kobg.blogspot.com www.digicert.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses known Mersenne Twister constants`
Suspicious	The PE is packed with Enigma Protector	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `Unusual section name found: .enigma1` `Section .enigma1 is both writable and executable.` `Unusual section name found: .enigma2` `Section .enigma2 is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryW LoadLibraryA LdrLoadDll` `Code injection capabilities: VirtualAlloc WriteProcessMemory VirtualAllocEx CreateRemoteThread` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey RegOpenKeyA` `Can create temporary files: GetTempPathW GetTempPathA CreateFileW CreateFileA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtectEx VirtualProtect VirtualAllocEx` `Enumerates local disk drives: GetLogicalDriveStringsW` `Manipulates other processes: WriteProcessMemory ReadProcessMemory`
Info	The PE's resources present abnormal characteristics.	`Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.` `Resource 313 is possibly compressed or encrypted.` `Resource SCRIPT is possibly compressed or encrypted.` `Resource 1 is possibly compressed or encrypted.`
Info	The PE is digitally signed.	`Signer: n1kobg` `Issuer: n1kobg`
Malicious	VirusTotal score: 26/72 (Scanned on 2025-04-25 11:43:01)	`APEX: Malicious` `CAT-QuickHeal: Trojan.Ghanarava.173908507105c41c` `CTX: exe.trojan.generic` `ClamAV: Win.Ransomware.Crypren-9864892-0` `CrowdStrike: win/malicious_confidence_70% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Fortinet: W32/PossibleThreat` `Google: Detected` `Gridinsoft: Malware.Win32.Gen.bot!se21766` `Ikarus: Trojan.Win32.Injector` `Kingsoft: malware.kb.a.979` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Floxif.Virus.FileInfector.DDS` `MaxSecure: Trojan.Malware.3411146.susgen` `McAfee: Artemis!C0D51E6B7BA3` `McAfeeD: ti!E6E92CA1B5DA` `Microsoft: PUAAdvertising:Win32/LoadMoney` `Paloalto: generic.ml` `Sangfor: Trojan.Win32.Save.a` `Sophos: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `Varist: W32/ABApplication.VPIR-0166`

Hashes

MD5	`c0d51e6b7ba3610e79a4bbc0b705c41c`
SHA1	`48edfe6bbc12a4b287a28dbc7b608a36968e6aeb`
SHA256	`e6e92ca1b5da8fbe18b7ec16e4de51092065a38c9ec7be9513024c43d1d5cdee`
SHA3	`b9bd9aeb48a2abf452453bbfb96d6f5479a4e36db73891ae743f1727e8b15341`
SSDeep	`24576:aBXu9HGaibJeU/p1kymWoV7BXu9HGaibJeU/p1kygN+Sr5u7WmAGf2n8v+Sc2Bc:aw9ix1E7w9ixsFr5L8Bc`
Imports Hash	`7354cbf722a071639ee8ba97deef46ca`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Jun-20 09:04:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x65000`
SizeOfInitializedData	`0x3b000`
SizeOfUninitializedData	`0xd0000`
AddressOfEntryPoint	`0x00135D50 (Section: UPX1)`
BaseOfCode	`0xd1000`
BaseOfData	`0x136000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1b5000`
SizeOfHeaders	`0x1000`
Checksum	`0x1d42b5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x800000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xd0000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`ee63de89f9420f0757324e16b392a434`
SHA1	`206da564ddee4c18677086e7425b944b9158b82f`
SHA256	`7981079836171701a5a3b60e35db07da26ec5014d30e5905e8c46fd7f2ea5a4f`
SHA3	`4a66e72bf9df2947602ddf640071834d7ec4b8312966927fd0c1774df739dbd0`
VirtualSize	`0x65000`
VirtualAddress	`0xd1000`
SizeOfRawData	`0x65000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93509`

.rsrc

MD5	`09f8d51ea937a9abfce91a88260400f7`
SHA1	`b9b258eba84621cf9afecab3b9f8568994282da0`
SHA256	`2048f23948f3583b0dd0e4b09f25130e4754a49824891b46f7ff1070ba0e98cb`
SHA3	`fc08e577a45075065884f6ad385992e86947097badfaa554b5ed6ea03c7d9aa7`
VirtualSize	`0x3b000`
VirtualAddress	`0x136000`
SizeOfRawData	`0x3a200`
PointerToRawData	`0x65400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.59634`

.enigma1

MD5	`79b69ec5d923707da003796e36fbc0cf`
SHA1	`3fc26b0cd95d555145392784c5805e5fbac3689c`
SHA256	`9c9701910df5307555de727f5bd5abac3a0dbcf5582c3829bf41309fb69f7fe6`
SHA3	`722fd3c791f315154a53d797ee9c173e0a1c5b9d3a3a757e6a1b92581f751b6d`
VirtualSize	`0x1000`
VirtualAddress	`0x171000`
SizeOfRawData	`0xef000`
PointerToRawData	`0x9f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.4101`

.enigma2

MD5	`8f14a701c136f62bb7791ba5cd1476da`
SHA1	`10578b6313ef87475848dd00b9f217c757dd5f8a`
SHA256	`920baa2d647aeec69140381d43a0866c58dba622a3c33cdc2b27adeb8cf17422`
SHA3	`608dd1157e90916156dcf747321d19d20ad6691562cd75b359ee7cdb7327221a`
VirtualSize	`0x43000`
VirtualAddress	`0x172000`
SizeOfRawData	`0x43000`
PointerToRawData	`0x18e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.06108`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll (#2)	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
kernel32.dll (#4)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
kernel32.dll (#5)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
ole32.dll	`CreateStreamOnHGlobal` `CoUninitialize` `CoInitialize`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
oleaut32.dll (#3)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
ntdll.dll	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`
SHFolder.dll	`SHGetFolderPathW` `SHGetFolderPathA`
ntdll.dll (#2)	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`
shlwapi.dll	`PathMatchSpecW`
ntdll.dll (#3)	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66371`
MD5	`d6f27bf763eb666af934477958acf362`
SHA1	`f724ee386cda31b32b5c88e08b9abf562c016a57`
SHA256	`62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5`
SHA3	`6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05883`
MD5	`78f30e363a0499f530d057b4d639d36e`
SHA1	`360bd6476101b0cddc23d2c7eade326c1b16ceaf`
SHA256	`08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e`
SHA3	`001ac9f6e8e52f9c3eb7101189fb953e2f4babfdea5b6e26b23b99173af38de4`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25499`
MD5	`ad424f5f5d5ff4460343686c61e4f75e`
SHA1	`29a1f0faadc42f1b9f9767d8c724fdc58dd165c8`
SHA256	`245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9`
SHA3	`4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8986`
MD5	`8158ba96fb4e718736cae45929b1d91b`
SHA1	`c7705149e914823acf8e08d16ef1c57b2f1c6b6e`
SHA256	`fc37626a861c1d7a18ca56e69fffa5df53e90825de11e156e847edf4b05c082d`
SHA3	`ad6f1dfe47d46fae0ddc42ab97e59fb4c73caca5f5525f60ea0d254ab8e81287`

50

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8986`
MD5	`8158ba96fb4e718736cae45929b1d91b`
SHA1	`c7705149e914823acf8e08d16ef1c57b2f1c6b6e`
SHA256	`fc37626a861c1d7a18ca56e69fffa5df53e90825de11e156e847edf4b05c082d`
SHA3	`ad6f1dfe47d46fae0ddc42ab97e59fb4c73caca5f5525f60ea0d254ab8e81287`

166

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.92806`
MD5	`0be74708312a2d791bfe19562ffa4ef8`
SHA1	`28a05d82ba2c1324b871a12faaf5b0a87229f022`
SHA256	`866906b6319ef6ba4572fb4b4f5e4709e1e6c9e40ef50be44912ddf1e02a7e2c`
SHA3	`2530b12e4c2568bf45874a8f59a961d24dc9c4016c55c3cde7feaf99a52e72ee`

7

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x594`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75908`
MD5	`656325d6c1d0606ce3c49556f8ddc47b`
SHA1	`25ccf8c9353f9e62fa6bd973ebbaf985b8c2537b`
SHA256	`3c629d1278c15ecce0329bc3aeec37d244e94fd90f2f59c517c42b67fb0b4811`
SHA3	`dbf5c2558756c1899912825ee82a436dbc3d2bedacae3f86fa52eabba325a0cb`

8

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x68a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77734`
MD5	`826a8ed169e83b7288616dfcdedc0f1f`
SHA1	`4df00fa6c3653a80147ada4580c55060163e82a6`
SHA256	`96750787239f660fa38ece41707d9ca1438d31448c29dd09ea1709b07ef801fd`
SHA3	`1fa4ebcced1614a91262b69f405f3e06fd874dc2f1b7433a12126ab28b9fbbe8`

9

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73712`
MD5	`05680dee31d87f0ca62b77a6a1571ae5`
SHA1	`6e4748433eeba5eec4266687ebb1369fd7661db8`
SHA256	`54966838d6f6e65697e2875d01606ad3be88a61a106f2207016bbe6a6af9144e`
SHA3	`ba7a4b28606f1c82a83c9e34b948cb25feddb7ba43370359f1fd6d5e247dcb06`

10

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x5fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75915`
MD5	`a1a41432920601b46e25106cfb4b5ce2`
SHA1	`e9969a6c7151ff48a8e92c1a981a122104040fe9`
SHA256	`8c13782029783bc9430bab7aa40610702138264321fc18abb1b8d5ffdc89232b`
SHA3	`a863b24230ad3274ec5fe28a5dff40b6a80fbf3c74414b080d62920d73416c79`

11

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x65c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.79123`
MD5	`11bad1ecb6d1b69a3172efbc1c7c3bf7`
SHA1	`605a899ba42e402262a96b3335d1e6830ba4b59b`
SHA256	`53b55006e93bf18c0b9b34b0d45153a5dae0ed7b8162f54cccdcbc42cfe139d1`
SHA3	`b3c9958cc1b76105f2099c7f1c16914ede0d0372499f6540b62fe294b7410bc8`

12

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x466`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7189`
MD5	`ce80dc879cac757aebb382b821d48d5d`
SHA1	`79c47695df5369ee84086dbe41f3c1a453fae7d1`
SHA256	`c7968a6f299a7a576a8fa85f587158a52287273e7773b738d920bf871a9e1b0c`
SHA3	`df557f7991c7405f5ad83f23f07e7ebe6ad070a7ecc5f04ebefc061dc6e06988`

313

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.31291`
MD5	`eb8d196b82f927a2403e33bf39b84c9a`
SHA1	`0c094eb5a0c28239e3394dfc4235039040e78908`
SHA256	`f7d5d0b9fb2e1cda2376efe6a58070d8d3a03f7b66b7eb835201a11458803fad`
SHA3	`2042611332112df18ac5406ea7ed7ac5f18351c72c13d0c10ba94fc986903322`

SCRIPT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x17d93`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99811`
MD5	`98017d97bd1ca79d633f7a815940bca6`
SHA1	`7d811db5d1171f4b56f23e475037ab99fcabc58c`
SHA256	`6abde0911ba319d25c8fdeec348bd549f382eff1ae2b04a8a968614655d19f54`
SHA3	`4c4008fc9058426949bf23554a7ff02f28b023d0fd2263d639fb55114fff9a21`

1 (#2)

Type	`RT_MESSAGETABLE`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x220a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93919`
MD5	`e11be165f3a90a355ca75f5a217a4d15`
SHA1	`87683f16ba42f084dd088a96e1594d3156236092`
SHA256	`ac00ded9777c5924016747322bf0aa67c5d29b1138800b60f13a09ee68fbe21d`
SHA3	`d79f7846128e3fea5ed51b0893a85d522be64f03abf56f610b08ca9ab7badb44`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`07e38267557c804d5e66d253009a81a9`
SHA1	`9283fdada476521d8525a84489d1f18afd992ed3`
SHA256	`54849507902009a1803879ea61d283a51035533e37a17df764a702513a110805`
SHA3	`2bdaf8fd2726d257c9cbed330a14393e6fcc5af3c0572c7218406630f144dcd9`

162

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

164

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84274`
Detected Filetype	Icon file
MD5	`f64c60b749269fcf6659c450dda98486`
SHA1	`42945c3496bc4e1943a1a05926a9b5ee31d3e450`
SHA256	`ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1`
SHA3	`443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`60f05e3b8ea9e18928923bdbcc112277`
SHA1	`d97726a6e9c326a37507f879feca7e152157839c`
SHA256	`7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a`
SHA3	`390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6`

201

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`965f00ad6aba199599d14fac54385d9c`
SHA1	`e62a27b62b9ecec7f8308777804e9425314a995c`
SHA256	`b2ba21465dfecc0687accab8a25dc9c8c490a88913409c2da863f6616ad234f8`
SHA3	`d0034d997bdde83a63b51014b2d353fed4827e934100831944ae6c2b543cd807`

1 (#3)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46922`
MD5	`854ab7dc23183ba8794a59a2cc24e141`
SHA1	`177a09ce334899cf03c2f757598334971746994d`
SHA256	`ef6814ff77fc9e0a832997d0ee5e659a73d8de5598f04d75629bc420369607ff`
SHA3	`c0b75fb67bfbf4bc70d8846f6abb315eda53ef11bd35559ce2cf648c0ff0b214`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39264`
MD5	`79ff2b6cfbaed20d0761e88f8b47dc80`
SHA1	`7ef2897a5a54be6eb3e82c3a936d070dc001e537`
SHA256	`2fb51dac382441e19215b5016eddd256a4fdf99d325fe691d77a6e450988ecbe`
SHA3	`02bda12ac26ccf7986d96ff43cdceb70ea576bb4a29fba484a5200fb71103412`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.6
ProductVersion	3.3.14.5
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United Kingdom
FileVersion (#2)	0.0.0.6
Comments	http://n1kobg.blogspot.com/
FileDescription	Optimizes System Memory
ProductName	MemoryBooster_v2.0
ProductVersion (#2)	3.3.14.5
CompanyName	n1kobgâ¢
LegalCopyright	Â© 2019 n1kobg
LegalTradeMarks	n1kobgâ¢

Resource LangID	English - United Kingdom

TLS Callbacks

StartAddressOfRawData	`0x571018`
EndAddressOfRawData	`0x571040`
AddressOfIndex	`0x571040`
AddressOfCallbacks	`0x571044`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x005A5CA0`

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4bfd50`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xc1fc1252`
Unmarked objects	`0`
C++ objects (20806)	`2`
199 (41118)	`1`
ASM objects (VS2013 build 21005)	`51`
C objects (VS2013 build 21005)	`177`
C++ objects (VS2013 build 21005)	`53`
C objects (VS2008 SP1 build 30729)	`9`
Imports (VS2008 SP1 build 30729)	`37`
Total imports	`544`
234 (VS2013 UPD5 build 40629)	`80`
ASM objects (VS2013 UPD5 build 40629)	`1`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!

Leave a comment

No comments yet.