Manalyze report for f3e7a015c1d541528085d3f9581ab41f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - Australia

Plugin Output

Info	Matching compiler(s):	`Borland Delphi 3 -> Portions Copyright (c) 1983,97 Borland (h)`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey RegSetValueExA RegCreateKeyA` `Possibly launches other programs: ShellExecuteA` `Can take screenshots: CreateCompatibleDC BitBlt GetDC`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2006-Nov-02 22:33:50`
Suspicious	VirusTotal score: 2/65 (Scanned on 2017-09-06 02:01:27)	`Rising: Malware.Undefined!8.C (cloud:yCFTgSVGyHT)` `Antiy-AVL: Trojan/Win32.TGeneric`

Hashes

MD5	`f3e7a015c1d541528085d3f9581ab41f`
SHA1	`2aa7d3806d614fd9e1e6b099d134784a98b6dd9e`
SHA256	`160d6a3bdc9d64677643376f82e559eb4112289e6b6d722b5b3b32699d18bca9`
SHA3	`02d111e422af4041646056d620f7ef22e722cfa13e03e25991dbb7a2f60c0750`
SSDeep	`6144:C9DH/mHTUUo87osathhHbunP8kFZb15ZIqM:cf0TUY7osuhdunRFZpg`
Imports Hash	`561f33fe4bf8969a9416f471549dac50`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x2d000`
SizeOfInitializedData	`0x9c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0002DDDC (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x2e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`f2defa9427b80c89a1517edc7a056924`
SHA1	`9ab446bdf6855ad8e6ebd577c70502cc0f5fe424`
SHA256	`ba98c368463f3e009a79eb21b5ca6f483486e5d41b49ddb27f80b20caea0a05a`
SHA3	`251f15df117a55747ef172e703afff11fbc63329ce403a42875255d4306470d2`
VirtualSize	`0x2ce40`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2d000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43817`

DATA

MD5	`664903b2e045ca0312e94528660713ea`
SHA1	`9953567bdd2ab9754ee846c461190b889447c3f5`
SHA256	`70cadeddc4722e54fdb8886fce8f1a9f8ac0c06bbe6e65eeddddf679bfde0e9e`
SHA3	`7cea488d2670d64ac6aaec1384e3fbf752344995e653e6e2febfa85ca532a747`
VirtualSize	`0x7a8`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x800`
PointerToRawData	`0x2d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.97348`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7ed`
VirtualAddress	`0x2f000`
SizeOfRawData	`0`
PointerToRawData	`0x2dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`74008627ece32fef0ead8e2cf74db180`
SHA1	`f0ebd0add1fa17c21c286c43335a36e1e9ef5842`
SHA256	`36d182f039ccc01c47a0bc2bc33ec1a7cde260ca872c553844842913ffe71dc0`
SHA3	`4d0906bbba9cbf8ef5e8b5dbe0cb40c4918350f505501b3161896231e6490c05`
VirtualSize	`0x1474`
VirtualAddress	`0x30000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x2dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.70535`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xc`
VirtualAddress	`0x32000`
SizeOfRawData	`0`
PointerToRawData	`0x2f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`fd0142189d97181e49bab279e5bbf976`
SHA1	`2f9a1a3c7e01b300eab0057e9ef1ef018b707f76`
SHA256	`41f5f679c494bcfcfbd1e46491b53946b72fd3e1995cfeb46e5413e8705339a7`
SHA3	`7e53ed03c7343e2f28cd2fed45f985246115ec2417a9aaa4fbf50610457ba307`
VirtualSize	`0x18`
VirtualAddress	`0x33000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.210826`

.reloc

MD5	`6837bce54067a023a67fa483db2dea3a`
SHA1	`c46b6edbff0b2bf1897e3f21f0311a919894fe23`
SHA256	`5ab706a16f40775abfb12b162b1c1823dca2d7e10afe23127a7308ac4357cd95`
SHA3	`aefb59d4bddace12e2f0bf56229ac21042bdf49d2ce0f67265859ede8869a98e`
VirtualSize	`0x2c34`
VirtualAddress	`0x34000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x2f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.5757`

.rsrc

MD5	`12b7178e178cd0278d50094a32bd8ee8`
SHA1	`b5ee99002bc1d3b2cce001e24d3de81639a29f18`
SHA256	`a94d3cadc9c283c98c3254716b8c19b772d8274e4a2639f1e3076668383b95d5`
SHA3	`427169b15508056b1e27fc546dff5363cd57d4ab759a897c9e1c9bd8112d1e99`
VirtualSize	`0x4e00`
VirtualAddress	`0x37000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x32200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`5.78397`

Imports

kernel32.dll	`GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpyA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `ExitProcess` `CreateThread` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
user32.dll	`GetKeyboardType` `LoadStringA` `MessageBoxA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`VariantChangeTypeEx` `VariantCopyInd` `VariantClear` `SysStringLen` `SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
kernel32.dll (#2)	`GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpyA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `ExitProcess` `CreateThread` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#3)	`GetCurrentThreadId` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpyA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `ExitProcess` `CreateThread` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
gdi32.dll	`TextOutA` `SetTextColor` `SetTextAlign` `SetPixel` `SetBkMode` `SetBkColor` `SelectObject` `Rectangle` `Polyline` `Polygon` `MoveToEx` `LineTo` `GetTextMetricsA` `GetTextExtentPoint32A` `GetStockObject` `GetPixel` `GetObjectA` `GetDeviceCaps` `EnumFontFamiliesExA` `Ellipse` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreatePen` `CreateFontIndirectA` `CreateFontA` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBitmap` `BitBlt`
user32.dll (#2)	`GetKeyboardType` `LoadStringA` `MessageBoxA`
ole32.dll	`CoUninitialize` `CoInitialize`
oleaut32.dll (#2)	`VariantChangeTypeEx` `VariantCopyInd` `VariantClear` `SysStringLen` `SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
shell32.dll	`ShellExecuteA` `DragQueryFileA` `DragFinish` `DragAcceptFiles`
comctl32.dll	`InitCommonControls`
comdlg32.dll	`ChooseColorA` `GetSaveFileNameA` `GetOpenFileNameA`

Delayed Imports

160

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xb0`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.03503`
MD5	`71eaea33d99697d1a659fca12bcf3221`
SHA1	`074da26185950e1871480d232559f40ce877b934`
SHA256	`1c19fb7219f7436f5c5724e2f63945b4f6a7cb072a4d0c763dbfe7a7e5e1af5b`
SHA3	`937f2424490af5911590300ce3686f5859df86e385c0688cb6dca6e3d380ecaf`
Preview

161

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`3.76124`
MD5	`ffa56149d98789936f62255109ae3095`
SHA1	`71a7f823625b65511166a50184a2d324c077aef0`
SHA256	`dcd1f3ab4d41beb790dfaf33cda3a87608ced3d943da933026385dac4868be85`
SHA3	`33aced86fc6505bafc8a6d841450e970005a80d54e47a75686f8b5998d8c115c`
Preview

171

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.11641`
MD5	`028694280c9d79bf8de28d559b7c0772`
SHA1	`59f7964613d37afa8df0dc8f4d024e1cabdc06f6`
SHA256	`fc53bfd92dac21734819c621ea81393396f362bcf05dc81aaba3f34d019703a2`
SHA3	`b0b6052e56249288c9cb2125a46a29234d0c873c8f444b660ad80e4b5ff1ab73`
Preview

172

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.18318`
MD5	`a14967a7b93f8b8c48cee7b2be2276ba`
SHA1	`ce457e16ce1edbf28d414fe0e172108e0bc1a27f`
SHA256	`e02ee0be00ca848c54aa5cf797f86fcbc5d156bf04fb39f66d2477299b4ae58b`
SHA3	`1ee4da78921e9ee9b7e7c32fbe3a7c9858b69e5a4a6745d5c93178101b1691f9`
Preview

173

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.07466`
MD5	`1f3cd41b2bcfae895530e53b658fd2f2`
SHA1	`b852c2c4a35e31beace4c8c33c0a30aa70ccb83e`
SHA256	`0ddbc9516b824a4de24c460db88e6beb017b0f7e14cd956d99f0b43607a38dc4`
SHA3	`342f5b1ed2324418bf341c3d77b5aad371baed3a0d6e6691e5d26e1aadd67068`
Preview

174

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.03738`
MD5	`b0d79469f459f93d0a3a2d8ecc89ca25`
SHA1	`fb2d9e12f40fa438097e673b4eaaf1f6bb630ae7`
SHA256	`323c1fd5aaa9532cd8cfc821dfd831c56c6b104043a871578f3136d736dbe516`
SHA3	`aabdf1d7a954d4a5b9c98ba60219ba544ecbf1c3c9a800c668d5aee851866a5f`
Preview

175

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.03738`
MD5	`835a2a54acefadd9a93d70779012145e`
SHA1	`a77d1c11309e28829b0620d4ecd63f21ad5bac3c`
SHA256	`00f21b2ddc0eb26cec636243326f21bcce5b53dba13491bfcdd8c6e72a78a791`
SHA3	`9fd32fdffa1c1fc38afcbb28363c7417c71b00960a9b396fc2a7ba869aad6260`
Preview

200

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0x21cc`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`6.73454`
MD5	`f720cd58db16a5b0ea37bf7c05f64fee`
SHA1	`a7ebe303a3d82c303b1758c5792099aaa8d0b31f`
SHA256	`d543f4971f2f87415912b0cbecd6a12bb6c851dd44e33c7fd04b397eef6dbca6`
SHA3	`85307456c3c869d9235ce90c5cdf9e303784728a1e6f925e4264a18089148b39`
Preview

2000

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.85965`
MD5	`e64625dcee5a55b9d13f0ad5ffa0325a`
SHA1	`1a8d0a2b57a957ce0d18e515be3312a2b8c480b6`
SHA256	`dfc5939e2e3a151073b31df958db85e57436ac62d7b87896790847a067c549c8`
SHA3	`eea470474c71ca766c06e445a114dd5bd5dd9a54a3fc3d51be961fc17ec5a4ac`
Preview

2005

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`3.09096`
MD5	`bcdd9f32480759e80721748c1b2b18fe`
SHA1	`b95a129eac01cfcb6003dfab50c5262728385a13`
SHA256	`a9940644caeabcbf039d70c846d3c8df8ba280223bb188cf0cb07916d9fcf30b`
SHA3	`30a8439db41df5aa9d7604ce4def70e9fb0cb2bd83e7a5a03ae5a76257e9a4f9`
Preview

2006

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.18661`
MD5	`254793a9f70bc4180bb11d5643a3d25b`
SHA1	`dff36d8962fbb91e40b3e8ecf5aef226d109da13`
SHA256	`785b4e322b447999d9fb7f654a47ab561f236033eb7b9e25f492569aec6a8787`
SHA3	`91e790571bbdb8a4d44744ec5b3d6c02da73a057223513f380e71acea8e64384`
Preview

2007

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.39602`
MD5	`f9ef013d285fa5a8d960806629e49127`
SHA1	`2434100153f18b31be6454f0c0322c3da493ee7b`
SHA256	`653b5c3bca5315917925477ac4039cc07d81030fa3874a358cf7b14e8431a37f`
SHA3	`ef0d649017a280a3b3cd15e8ed183cd044ab3136a851c208242cd14e4cf040e1`
Preview

2008

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.6962`
MD5	`393f6b334c6283d81bf673742e2fbf47`
SHA1	`6002b781af4c240f636adea0a55d2ffdcc3121b3`
SHA256	`cfb2a520b7d20999692dea4f28e889fe84ac5be3eab928e27f3db579b65d5f2c`
SHA3	`604986446a215055c76af7910183ddb7ea24db7e7970b06c2cba54f0fd270270`
Preview

2009

Type	`RT_BITMAP`
Language	English - Australia
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.37769`
MD5	`a99b76f40c4cfe3da6fbb36ef5f92124`
SHA1	`8ef5364d0c0fd60fd21f98c05bb6744d68714d56`
SHA256	`063a337f9c271c6bb7b4c3efa13653f2082c05161adcbc350bcf1583b55275af`
SHA3	`c4f90fb60b95158469774c4ff2fb0ece9db80dcf062c2862ca0cee70bdb3bc02`
Preview

1

Type	`RT_ICON`
Language	English - Australia
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.50499`
MD5	`123ef252d9d4e060a5a7fb87d0f5f427`
SHA1	`e1312eae3e5b25e7f5cae5d0b57a0dbb874704d8`
SHA256	`2a41f4528643cd626a23ce9b4d5e9a139276e9662df4742c76bc25fcb7cdb475`
SHA3	`a22c8c40ac0100be0dc21af5d4ddb325f9529e188b56f8fbfdef0269207e26ef`

2

Type	`RT_ICON`
Language	English - Australia
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.5245`
MD5	`077cc621439198ca3e23838b505282ca`
SHA1	`36eb22b1f0cba0e4079d306faab85609e4dac04a`
SHA256	`ae7556aebd0acaa319acebb782b9bf3a2be50aec66f3ff4f929c99738201a29a`
SHA3	`6ee8d15d78a61a5f7207c82f3ba1374db5b5c81de0e053dbf595e22a9aec4e46`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x370`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`3.18097`
MD5	`f8b055fda268268539f8e45c93f9b00c`
SHA1	`ac021c8657128f34faaf3f449319583a7fb7013d`
SHA256	`e55a73817a63be520cf1ac3763c7fde3676ae48a4bd966cbeb34af51f3e7b0c0`
SHA3	`821d12b73e650308257ab89b04333af73f98f7df7fc20ecd54cb678895e915e1`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xec`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.94991`
MD5	`76b269d85b322790b6a99e3f8b603311`
SHA1	`1361ca26f29c62b7b591f79ea677c71a38aa98b8`
SHA256	`369c5223029ea6d1b17b7f24a8d84c10f528457e79be3349a6c55efd0e8f0e02`
SHA3	`5ef9310cf2c895a94d39a4f7bab21bb432404fd4ded0240fe78a324936bac55e`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.94916`
MD5	`24f859ee6a1b2a0281d58e744c4d931c`
SHA1	`d0768e52c1cd646ea9ad0e752d71dcb2709ea74e`
SHA256	`968bbd325d5403ab654fd9308ea2497bce206395d77c4729d07b638480b7cc47`
SHA3	`4df3e7394f0291d46352f6b60d17d78c8da7ff6d1e3deb8e52dd43c51ab1e2da`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a4`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`3.24388`
MD5	`605bb6c6121c8fc34548e70411df3184`
SHA1	`a8354a7c82f0e42b43b5f7baa07bb08e1849ce7f`
SHA256	`de9635dc9430c6ad7c8b87f7bfc1333cf28a683523f8948b1c241d64d0dcb261`
SHA3	`4038124ac3546009adb7d39637a339da305785a03e3d66112100a3c9f33ab08d`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`3.24062`
MD5	`e3d4d35e9836f20ed9ca1b1a0763cc41`
SHA1	`fa5f723b3a087489a3b9ee2b07bf841a89955dbe`
SHA256	`f00071bb1b5f37d12500223b2e453a83710d906a00965283f873a3867fc02e32`
SHA3	`7d6bfbcca04170557f700febbc2e13c54d90dcd0a7d8b9c0ea6e2862e3af603f`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b4`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`3.18591`
MD5	`fe522eba644ae5f88eb858b4cb3a5829`
SHA1	`61656d4304b98eb2715ee0c24e5b60009f1a278b`
SHA256	`ce28bb03eda08a374750ce5be8f32f5739cfed85bf3b6d667be80938fd92615b`
SHA3	`55193077c744d8c6053726c9f617bb72428265da1e3b006434ca6997b39ec067`

500

Type	`RT_ACCELERATOR`
Language	English - Australia
Codepage	UNKNOWN
Size	`0x20`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.35279`
MD5	`8297994af84fe5b9851ec5c91cbbbf79`
SHA1	`706db72ed61ca46efe19a006020c13bb7a54ae9c`
SHA256	`ec0130153623597574deb1c1617dd3670eacf2578e41b53be2f7741dfd56a4b8`
SHA3	`676b957766c3ef25613af042a2897b43ad5a41514281384ef1762c19de605497`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`4`
MD5	`a40263c75fde7440b1086b7da9c51fc2`
SHA1	`139a84f87110fb5cb16a386adade21f30cae98b0`
SHA256	`e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5`
SHA3	`d3a734fa7d36868d301f9569de92e1bfc551e4b5cf6d7c59eace8d0a554093c0`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x44c`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`5.26608`
MD5	`e5fe426d36f24172b4684cb179c83a14`
SHA1	`1bffd13fd288da2347e0a2c857d78400f78220ff`
SHA256	`ae65b2d09763921eac19d98fd803ab6131730bec9f3d20336d2f99e728272def`
SHA3	`4416c5c69f942b303d9f51bed42ce4e8b88c6bb9d11c14a3dfc94bb64cc72462`

100

Type	`RT_GROUP_ICON`
Language	English - Australia
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#2)

Type	`RT_MANIFEST`
Language	English - Australia
Codepage	UNKNOWN
Size	`0x2b7`
TimeDateStamp	2006-Nov-02 22:33:50
Entropy	`4.88401`
MD5	`9fa99429826e6dcc0ee20936ed07b2e6`
SHA1	`df47f1d90280962b64ce9110085199632ae1f453`
SHA256	`1b0f8ba207416fbcd9073781bdd7ab31979d88963badfa8cad1a183c4cf0c351`
SHA3	`180a6cb62efe1dd403732bcf8de6fceb322e640551f5814eea57f53a70d4b447`

String Table contents

Saturday
Cannot assign a %s to a %s
Cannot create file %s
Cannot open file %s
Stream read error
Stream write error
List index out of bounds (%d)
List capacity out of bounds (%d)
List count out of bounds (%d)
Operation not allowed on sorted string list
String list does not allow duplicates
Invalid property value
OLE error %.8x
Method '%s' not supported by automation object
Variant does not reference an automation object
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
Error creating variant array
Variant is not an array
Variant array index out of bounds
External exception %x
Assertion failed
Interface not supported
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
Win32 Error. Code: %d.
%s
A Win32 API function failed
Jan
Feb
Mar
Apr
May
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant type conversion
Invalid variant operation
Variant method calls not supported
Read
Write
'%s' is not a valid integer value
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow

Version Info

TLS Callbacks

StartAddressOfRawData	`0x432000`
EndAddressOfRawData	`0x43200c`
AddressOfIndex	`0x42f4d4`
AddressOfCallbacks	`0x433010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!