Manalyze report for f5af9d859c9a031ab6bea66048fab6e1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Feb-24 19:19:59
Detected languages	English - United States
CompanyName	Reimage
FileDescription	Reimage Installer
FileVersion	`1.956`
InternalName	Reimage Installer
LegalCopyright	© Reimage 2019
LegalTrademarks	Reimage
OriginalFilename	ReimageRepair.exe
ProductName	Reimage Repair
ProductVersion	`1.956`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Can access the registry: RegEnumKeyW RegOpenKeyExW RegCloseKey RegDeleteKeyW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegQueryValueExW RegEnumValueW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW` `Manipulates other processes: OpenProcess` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Reimage Ltd.` `Issuer: Symantec Class 3 SHA256 Code Signing CA`
Malicious	VirusTotal score: 6/67 (Scanned on 2021-10-01 15:19:56)	`DrWeb: Program.Unwanted.4834` `Cylance: Unsafe` `ESET-NOD32: Win32/ReImageRepair.P potentially unwanted` `Comodo: Malware@#2hrlzf3umtwdd` `GData: NSIS.Application.ReimageRepair.F` `Malwarebytes: PUP.Optional.Reimage`

Hashes

MD5	`f5af9d859c9a031ab6bea66048fab6e1`
SHA1	`d0ee45d3534cc23cbd0d7c3765203ed926a7eb0a`
SHA256	`4efd1bc1bdc12da1bbdc597cf3f37f0c65e582f42e353cf781ac1fe422dfa68c`
SHA3	`0b26021ad0cc007d19aea49c12826b42ff2d57f8cb64c0e24f5db72cfd8fe5ee`
SSDeep	`12288:YEsvcQmY4ZHUDRHjYMCVdjQooYddMoAnUM22FT4i8BdK:Y30Q0HCFcXFRdyUKF`
Imports Hash	`32f3282581436269b3a75b6675fe3e08`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2012-Feb-24 19:19:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x7000`
SizeOfInitializedData	`0x6d200`
SizeOfUninitializedData	`0x4200`
AddressOfEntryPoint	`0x000039E3 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`6.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x3ac000`
SizeOfHeaders	`0x400`
Checksum	`0x94b3f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f569e353af0ed51bf4c216faa9bed4e7`
SHA1	`6a44a12f5af7cce9abbd9cd636f52401b2120209`
SHA256	`43b1b548befd5d2a4638048c6f234cbb66fa07c1fd709bbc3e73bb4d642da595`
SHA3	`2a5b3f035f6962e7f8bbe2adb74570e17e1925c226adfc81c2a4375bea2310a9`
VirtualSize	`0x6f10`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49788`

.rdata

MD5	`91eee43954e068e650f7b73a8b0e6915`
SHA1	`b547eb6e6cac33ee3733ac68385899629a5e5f17`
SHA256	`e0f96857d54993cd0a9a734ab76698d270a5311129cc442a3344bb196b9afe4a`
SHA3	`0e15cfd9c8ce1462c26fb202da97515881abdf0e9729f0cadfda0e8fbe60c89b`
VirtualSize	`0x2a92`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39389`

.data

MD5	`db9f7acbf1c3ddfe255077b699955dfa`
SHA1	`53188fc5923c982a5f95f3d84c9e65d33d887d59`
SHA256	`6db33451a2c8a909671725fe9d9e735e8c3bc704954f014503d33963aca37551`
SHA3	`defd360cc2dc6f7f28b1998314c9492a9f450dc1fad927840058dee2eb8cb32d`
VirtualSize	`0x67ebc`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.47278`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x331000`
VirtualAddress	`0x73000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`f87b434c0bd478b6a93563b2cb2ce50c`
SHA1	`2c8957b0344a260be91f4ff0a606ec6838b51f70`
SHA256	`4c4ef087d60ee2095a7977049f4781d7aefdc33ca487ba46ddd37c33170ead47`
SHA3	`0a39adeb02db68f356821ff77dcf797dd329368dd9dd973fea2e79d2f2184314`
VirtualSize	`0x682d`
VirtualAddress	`0x3a4000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.44043`

.reloc

MD5	`c51f4d9df0b278e3a4b7cbaa21dfe180`
SHA1	`e685e3c86c97623d199b3d1cb7b3abd840f5086e`
SHA256	`7240f4624382a474be6722c6598360524e64684fe7b3e682450e1092665f2f59`
SHA3	`4bbb800f0783e368fe96153c7d909aa8a9f2b8d7c90d1fc2873fe6c2ecf0f031`
VirtualSize	`0xf8a`
VirtualAddress	`0x3ab000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.2245`

Imports

KERNEL32.dll	`SetFileTime` `CompareFileTime` `SearchPathW` `GetShortPathNameW` `GetFullPathNameW` `MoveFileW` `SetCurrentDirectoryW` `GetFileAttributesW` `GetLastError` `CreateDirectoryW` `SetFileAttributesW` `Sleep` `GetTickCount` `CreateFileW` `GetFileSize` `GetModuleFileNameW` `GetCurrentProcess` `CopyFileW` `ExitProcess` `GetWindowsDirectoryW` `GetTempPathW` `GetCommandLineW` `SetErrorMode` `CloseHandle` `lstrlenW` `lstrcpynW` `GetDiskFreeSpaceW` `GlobalUnlock` `GlobalLock` `CreateThread` `LoadLibraryW` `CreateProcessW` `lstrcmpiA` `GetTempFileNameW` `lstrcatW` `GetProcAddress` `LoadLibraryA` `GetModuleHandleA` `OpenProcess` `lstrcpyW` `GetVersionExW` `GetSystemDirectoryW` `GetVersion` `lstrcpyA` `RemoveDirectoryW` `lstrcmpA` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalAlloc` `WaitForSingleObject` `GetExitCodeProcess` `GlobalFree` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `WideCharToMultiByte` `lstrlenA` `MulDiv` `WriteFile` `ReadFile` `MultiByteToWideChar` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `lstrcpynA`
USER32.dll	`GetAsyncKeyState` `IsDlgButtonChecked` `ScreenToClient` `GetMessagePos` `CallWindowProcW` `IsWindowVisible` `LoadBitmapW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `TrackPopupMenu` `GetWindowRect` `AppendMenuW` `CreatePopupMenu` `GetSystemMetrics` `EndDialog` `EnableMenuItem` `GetSystemMenu` `SetClassLongW` `IsWindowEnabled` `SetWindowPos` `DialogBoxParamW` `CheckDlgButton` `CreateWindowExW` `SystemParametersInfoW` `RegisterClassW` `SetDlgItemTextW` `GetDlgItemTextW` `MessageBoxIndirectW` `CharNextA` `CharUpperW` `CharPrevW` `wvsprintfW` `DispatchMessageW` `PeekMessageW` `wsprintfA` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `LoadCursorW` `SetCursor` `GetWindowLongW` `GetSysColor` `CharNextW` `GetClassInfoW` `ExitWindowsEx` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `FindWindowExW`
GDI32.dll	`SetBkColor` `GetDeviceCaps` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor` `SelectObject`
SHELL32.dll	`SHBrowseForFolderW` `SHGetPathFromIDListW` `SHGetFileInfoW` `ShellExecuteW` `SHFileOperationW` `SHGetSpecialFolderLocation`
ADVAPI32.dll	`RegEnumKeyW` `RegOpenKeyExW` `RegCloseKey` `RegDeleteKeyW` `RegDeleteValueW` `RegCreateKeyExW` `RegSetValueExW` `RegQueryValueExW` `RegEnumValueW`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `#17` `ImageList_Create`
ole32.dll	`CoTaskMemFree` `OleInitialize` `OleUninitialize` `CoCreateInstance`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89612`
MD5	`9a833d366ac23338e928893d35112ca9`
SHA1	`c3080e2238a72e4686c8649296cf2d49f7c67318`
SHA256	`8fabef0cc51b6a00edf609262eafba83a7b7d93728cb8f2702dbc7124dba371c`
SHA3	`adbe9806417364e55ec4681fd4ec06f6a9775b2b07577f0141d2f19f5d35ddba`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`0d3a12fd3f68decc694da04b57e61d8c`
SHA1	`f73d4d591f6ef0b2b04fc90d2e840329f7590743`
SHA256	`ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76`
SHA3	`42ec79da319d9c0b1f8ee21fbb28002d15857d9af0c8a1f2db5e41f6c5e23c88`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`28f8d082df931688124f25f23c688904`
SHA1	`2f057655ecdd3ab25cfe985714e270786ce16cae`
SHA256	`4e7a8c59942ff527ff680aa88cc66bb8c8e7b6c02a018bc85ba36794e278670f`
SHA3	`99f004163a598b6df87372bd9b7d5e7704dbfdf7cfb3ec96da9e31c0275f7465`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a42b23f1c58701e073db2e9de0b27333`
SHA1	`f22232cbadff165ceb212527a6d77124312d0688`
SHA256	`e253c6a87bdd62e771c0ef1b9850dbc9523c51408ca282f994d3530dbbad9b11`
SHA3	`bc93a26ac3218cac12b89fa3242b509e44b087d2c22a54d9a47c63692dc8dc57`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7e1b34650fb04bc15a494a1d712cffee`
SHA1	`43e1808e4308baf093556946552f4fabc05278d8`
SHA256	`3731b0a75ab19d96b774da62d37eccacd517c6593af20aa66525dc0b951cdba9`
SHA3	`79a9c096a1a56ae4f98f1e8ad4c44fa5c08e5d98e745898df9031e3b3a13c46c`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`809457c05fe696f5d34ac5ac8768cdd4`
SHA1	`a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9`
SHA256	`1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be`
SHA3	`002d1b10f28d74c7572fc7c5b403eb32f2a0540c4958d7878ef67edfd17c8109`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x220`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69442`
MD5	`bfacbffc9074a90431b40e06147cf7e9`
SHA1	`cc7dcb6873511b806cb5c1ba8c481285b3996556`
SHA256	`b6ed90b756c3c5f48555184ec16d634b93047008d5ef3143cf6a9bf2c5a45257`
SHA3	`97a4d9cb92743a872b7b4d768f1ef0a0d51fe418c44ccd475ab76f6a137b8646`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92787`
MD5	`5dfa289639a3bcc0497da8db163f01fe`
SHA1	`6e2c6ea1e2594b66f563fb589276642c127e875f`
SHA256	`18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01`
SHA3	`85abdc8c431d91c72f3595a39881c96637ead09a0278d3cec0c1c9a8d873f031`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x218`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73745`
MD5	`c4045dc09aedee520b6f3021f22b8d9e`
SHA1	`c7c708230a7c1244f8e06ecf99a0fc2c37d53c08`
SHA256	`ad2b0c0db646a0fcbb397e33846a7e13a7220a3f0011fab9de042d3913f2421e`
SHA3	`8a7196da1db9fc22352fe855e231c5ffb519a852c9edd58dedc3ee598db81818`

206

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04696`
MD5	`c7239ce55362dabbe3887e5fc4bdf5fe`
SHA1	`a2908207ffb889a12da3cbdbe7446e04b254e7ed`
SHA256	`012557f58e68234d4a88df0b713c59800f798ecce19dfd589d326b458dddcbd8`
SHA3	`34f4adf15b3169820de0c298735a1ea7bc4e5c9737c5baac458a5fbfb356b1f6`

211

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09674`
MD5	`30dab3583979c2008e8de9295ab7c36b`
SHA1	`186cd9560b358bbf8b523d1050573f22bb00264d`
SHA256	`8c64a2341dc473a7d8ab4956af589e9a7257c4f05a8dc229f862c16d49ba37e5`
SHA3	`4449f57b4725dc59d7d66dc9b817250112828d0f5d6b31cba247cd36ff544268`

305

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6366`
MD5	`fd0a150898fcbb9ce104bc0b8350c04b`
SHA1	`55db758c081821c2037790e62a5842b799535370`
SHA256	`549204cd198df9a07c4dcfbbbc90e46741b7c748f0803ffb6aa74053d0439089`
SHA3	`4401d445707bdbe64f0dcf4a97cfcc75bbff85ba0f6540747472a48d5a492ead`

306

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86295`
MD5	`cc0021533c65b44747600689ff5fbd43`
SHA1	`b1d1e4594f5ad7b08d56a25cdbe6d9b9378e482b`
SHA256	`ab1e3ad5b5d87630cb0f6a6671c10fe49d9c33839be0d5daeba89ec053dda92c`
SHA3	`84d6def5cee15efe0091dd2b0c1f1293ccd14684a0736bd33e1c5aa70c3471f7`

311

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xda`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92694`
MD5	`408a7443d8f432b28a248059d8669d1c`
SHA1	`c199828e8051a2825b1d5e216360eb57cd0b37f7`
SHA256	`4677979c1665998318fcb65b9a0c0b3dd9204c12dbddbd5e76df8822ed6e347a`
SHA3	`a3fbf76ef107912c1222e3203143386903416d7d7c171d53f3e0988bea2e4923`

405

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64186`
MD5	`742e377208b58731a76b2e05c3ce5ed8`
SHA1	`fd26fdae738883335133283de5e69dadc7f550cf`
SHA256	`6503ef2a4bf149d46e78c4c70af7e38cc5361bc27ec7a1ef73dc11f745fc5459`
SHA3	`5fd9bb7964bd791ee28d83fd97c227abeaccb51ff8f0d10f8b9e648f10719448`

406

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86626`
MD5	`8c69d2c81dd2d9050d0fa94df90ff16b`
SHA1	`cd71d904da747d7141e5abdde9363f7e240b26bd`
SHA256	`1a39a3aabdee2aa68c507c55ff37c38722b05b7f8bde66185a2462792381d8cd`
SHA3	`b80b33ab6bf40b07bc32c7a6a11831084f7c97a27dff86d576769d0aab14b979`

411

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xda`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9304`
MD5	`2497a44fff8b76b5129662b60a617c85`
SHA1	`f73bd7c9caa4c1f7a0e4840d69b0accdc6d167a0`
SHA256	`a10617b39293152a65ad5c91ca4f35135845c7b785e3a582e58f6c8229045b85`
SHA3	`aaf1dc708c305944a11a7180ef5ee2c8f722c3dd6d4bf91e0ae0f6c2b1a331ca`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23969`
Detected Filetype	Icon file
MD5	`7026736a32a0312be05f73017a85b0e8`
SHA1	`325170994c3b0eac38d23c66cc2182c56a1fc074`
SHA256	`744692442542d2bbe8dd55ebdbd11ff2afc733ecca111aa18bdde5d110dc7be5`
SHA3	`feb8cd1cd6f0331f16c05fc6023d607d8b2e825f0454263963b8612ec6f1b25a`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26197`
MD5	`abd2acac058c3598b6ef7a1947fa747f`
SHA1	`cabe60b62bd0102ca85f6b3e50fd1565f61cb8ab`
SHA256	`4d50ebc7c08070b092360d2440e2a1250c91bb2a17a2c8c2487c3fb520dd71dd`
SHA3	`2203e062511bc2c11087309924f85c2a17a03e7d177b3fae9f2c078cd9202399`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5b5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.4032`
MD5	`faf01623d723ff93fe9e19346eb46a4a`
SHA1	`6a9fe03063400ca13cb82b63b379db28c0d96638`
SHA256	`d0b5191f9255969f4b6336605c17d2d0c0e93e4ec1fc64a4c48950b3b0ca4a8e`
SHA3	`c23deee785f0f022672f28e1c5aa3b88cae650488f2537db983231ff0023200f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.9.5.6
ProductVersion	1.9.5.6
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Reimage
FileDescription	Reimage Installer
FileVersion (#2)	1.956
InternalName	Reimage Installer
LegalCopyright	© Reimage 2019
LegalTrademarks	Reimage
OriginalFilename	ReimageRepair.exe
ProductName	Reimage Repair
ProductVersion (#2)	1.956

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x38bf1a05`
Unmarked objects	`0`
C objects (VS2008 SP1 build 30729)	`3`
Imports (VS2008 SP1 build 30729)	`17`
Total imports	`172`
C objects (VS2010 SP1 build 40219)	`12`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Section .ndata has a size of 0!