Manalyze report for f79bdde05e8bc98f0e8c13d23d925f22c6e92f447e01174dd9ebee6fe758c365

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jun-08 22:51:54
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryExW LoadLibraryW` `Can access the registry: RegCloseKey RegOpenKeyExW RegQueryValueExW` `Possibly launches other programs: system CreateProcessW WinExec ShellExecuteW` `Uses functions commonly found in keyloggers: AttachThreadInput CallNextHookEx GetAsyncKeyState GetForegroundWindow MapVirtualKeyW` `Can take screenshots: BitBlt CreateCompatibleDC GetDC` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-05-22 21:36:56)	`APEX: Malicious`

Hashes

MD5	`7c3410267ca6dc850ccf2edbb9775032`
SHA1	`ce3bb0133807cd9322feee8f7f5105c904a2e7f2`
SHA256	`f79bdde05e8bc98f0e8c13d23d925f22c6e92f447e01174dd9ebee6fe758c365`
SHA3	`89780bf346599c0e3dd471632fd000fc6fa1df216d993c34a834f07974b71ff2`
SSDeep	`49152:nR5aSiQIgW89MZOxQ1JGX1L4ZRhbkAvd0k7W/LujDY+BRYvO+5lYeFFoK1agFbL:z089MZOxQ1q1L4Hq2UH7IeFKwPj+`
Imports Hash	`bcba5e88452d0e8381196d2b58ccc4f7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2025-Jun-08 22:51:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x370c00`
SizeOfInitializedData	`0xe4600`
SizeOfUninitializedData	`0x12a00`
AddressOfEntryPoint	`0x00000000000013E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x46d000`
SizeOfHeaders	`0x400`
Checksum	`0x462e07`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8e1cf8051fbc2a84bd94a25fb44d2dbd`
SHA1	`f32a82d4ee1125041a6ad2ce361e69f5c1d485df`
SHA256	`80d9bf4aa770ba461ea4818c150c9d4e1b9261f4c462a16accc0a80e3f34d431`
SHA3	`ac821a3a4f1cfa835f685634c700609f10dc01f5228b53f53086143088b13bac`
VirtualSize	`0x370bb0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x370c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45649`

.data

MD5	`dfb94ae168f9690f91e712a7b76d4371`
SHA1	`a14743a7f9369e3877c9de32bfb3e7c66cb666b7`
SHA256	`fc86ef733f5bbfa618be489026356986081806e852cb3dd22b917809d39e4b49`
SHA3	`2d7aaea6e0e9c04d025925167ac1d3b44ac8cf83f1d21abd104edaae4fa8cb44`
VirtualSize	`0x13610`
VirtualAddress	`0x372000`
SizeOfRawData	`0x13800`
PointerToRawData	`0x371000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.62917`

.rdata

MD5	`73e8374380ff508bfc3bcba2795ab288`
SHA1	`be6ae7836a1cf5dceac366340c7cb9a587539c35`
SHA256	`d587dfb82c1ba42e1f1f4ae548c83af9d59099e7a318c549aa3c8ad09912ce8b`
SHA3	`dc52ca87aa1fdaafd024ec55ce55025b24b5eae5ff520e46764bb4245ef3afd5`
VirtualSize	`0x89648`
VirtualAddress	`0x386000`
SizeOfRawData	`0x89800`
PointerToRawData	`0x384800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.12548`

.pdata

MD5	`775f9277040612f6153ec3914b469c77`
SHA1	`8835bea62b657d039ae21c062cd513330ec5a112`
SHA256	`ede66f07ad975c3a28cd05fe0a9d0caa1dfa03657b20794a5d6a2fc0b58e10dd`
SHA3	`5be290c994fedf2bb2b61b09c6fba5f25a04a2f1238ebce47e26a40df8fc535f`
VirtualSize	`0x10584`
VirtualAddress	`0x410000`
SizeOfRawData	`0x10600`
PointerToRawData	`0x40e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.1867`

.xdata

MD5	`152eb7d3960e166afd74eb1ddef745dd`
SHA1	`23b8d7b440e30098ac1a9cea8d006376fe030f66`
SHA256	`ce39be5aab152fd4e4b3b376fe350a3e2cfe654898985859bf2cd015bb069197`
SHA3	`c03b2b7fde90ea092a59655ac3f9f628b2a31f2b7714e9fea87c0f6963077035`
VirtualSize	`0x12c7c`
VirtualAddress	`0x421000`
SizeOfRawData	`0x12e00`
PointerToRawData	`0x41e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.64144`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x128e0`
VirtualAddress	`0x434000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`6bf5acc7e986954243a5f571f50393a8`
SHA1	`fa8775b633b86a2df0c6a22a14e5d8ffd55285b8`
SHA256	`67460c244e51742226e8087d8a40299a93c9bd8119e9e06e4323d16083f28ca4`
SHA3	`df2d4856b0a443898444bbd01a5dc36f729f0377625e6d9135378af7ad7b2d54`
VirtualSize	`0x4148`
VirtualAddress	`0x447000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x431400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.67738`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x44c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x435600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`3eb05f7d0f51bb1908e6ce2440829ec8`
SHA1	`29eb270dfab14ba5438b89a57e15ea7df16b3039`
SHA256	`f170ceec75aeeb2657310776438fd827bdccde43d091e71ae0f7216e7ef2edb8`
SHA3	`df9a9f7763c9326721124ff8613624cdea91ef13321da32460e8f04ff38b9e17`
VirtualSize	`0x1bf10`
VirtualAddress	`0x44d000`
SizeOfRawData	`0x1c000`
PointerToRawData	`0x435800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.76416`

.reloc

MD5	`e4602728cb86a629967b253b58af66bc`
SHA1	`31d78ccfcb063b2dd3edc65236809efd4309ecd0`
SHA256	`85fe104993dded34f6330caac36d94b7c2eafa998b629eaa143b3ec4b5785945`
SHA3	`d90457aca432e5b2b2ddd8e2a256935285e783ecdd775bd7e18f50cf42551b0e`
VirtualSize	`0x3dc0`
VirtualAddress	`0x469000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x451800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41524`

Imports

msvcrt.dll	`___lc_codepage_func` `___mb_cur_max_func` `__getmainargs` `__initenv` `__iob_func` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_assert` `_beginthreadex` `_cexit` `_commode` `_endthreadex` `_errno` `_fmode` `_gmtime64` `_i64toa` `_initterm` `_ismbblead` `_itoa` `_localtime64` `_lock` `_ltoa` `_mktime64` `_pclose` `_popen` `_setjmp` `_strrev` `_strtoui64` `_strtoi64` `_time64` `_ui64toa` `_ultoa` `_unlock` `_wchdir` `_wfullpath` `_wmkdir` `_wstat` `abort` `acos` `asin` `atan` `atexit` `atof` `atoi` `calloc` `clearerr` `difftime` `clock` `exit` `fclose` `feof` `ferror` `fflush` `fgets` `fopen` `fprintf` `fputc` `fputs` `fread` `free` `freopen` `fseek` `ftell` `fwrite` `getc` `getenv` `isalnum` `isalpha` `iscntrl` `isdigit` `isgraph` `islower` `ispunct` `isspace` `isupper` `isxdigit` `localeconv` `log10` `longjmp` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `qsort` `rand` `remove` `realloc` `rename` `setlocale` `setvbuf` `signal` `strcat` `strchr` `strcmp` `strcoll` `strcpy` `strerror` `strftime` `strlen` `strncmp` `strncpy` `strpbrk` `strrchr` `strspn` `strstr` `strtol` `strtoul` `system` `tan` `tmpfile` `tmpnam` `tolower` `ungetc` `toupper` `vfprintf` `wcscmp` `wcslen` `wcsncmp` `wcsstr` `wcstol`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExW` `RegQueryValueExW`
GDI32.dll	`BitBlt` `ChoosePixelFormat` `CombineRgn` `CreateBitmap` `CreateCompatibleBitmap` `CreateCompatibleDC` `CreateDCW` `CreateDIBSection` `CreateFontIndirectW` `CreateRectRgn` `CreateSolidBrush` `DeleteDC` `DeleteObject` `DescribePixelFormat` `GetDIBits` `GetDeviceCaps` `GetICMProfileW` `GetPixelFormat` `GetTextExtentPoint32A` `GetTextMetricsW` `SelectObject` `SetPixel` `SetPixelFormat` `SwapBuffers`
IMM32.dll	`ImmAssociateContext` `ImmGetCandidateListW` `ImmGetCompositionFontW` `ImmGetCompositionStringW` `ImmGetContext` `ImmGetIMEFileNameA` `ImmNotifyIME` `ImmReleaseContext` `ImmSetCandidateWindow` `ImmSetCompositionStringW` `ImmSetCompositionWindow`
KERNEL32.dll	`AddVectoredExceptionHandler` `AttachConsole` `CancelIoEx` `CloseHandle` `CompareStringA` `CopyFileExW` `CreateDirectoryW` `CreateEventW` `CreateFileA` `CreateFileMappingA` `CreateFileW` `CreateNamedPipeA` `CreatePipe` `CreateProcessW` `CreateSemaphoreW` `CreateThread` `DebugBreakProcess` `DeleteCriticalSection` `DeleteFileW` `DuplicateHandle` `EnterCriticalSection` `EnumResourceNamesW` `ExitProcess` `FileTimeToSystemTime` `FindClose` `FindFirstFileExW` `FindNextFileW` `FlushFileBuffers` `FormatMessageA` `FormatMessageW` `FreeEnvironmentStringsW` `FreeLibrary` `GenerateConsoleCtrlEvent` `GetCommandLineW` `GetConsoleMode` `GetCurrentDirectoryW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetEnvironmentVariableA` `GetExitCodeProcess` `GetFileAttributesExW` `GetFileSizeEx` `GetFileTime` `GetFileType` `GetLastError` `GetLocaleInfoA` `GetLocaleInfoW` `GetLogicalDrives` `GetModuleFileNameA` `GetModuleFileNameW` `GetModuleHandleExW` `GetModuleHandleW` `GetOverlappedResult` `GetProcAddress` `GetProcessHeap` `GetProcessId` `GetStartupInfoA` `GetStdHandle` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetTickCount` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalMemoryStatusEx` `GlobalSize` `GlobalUnlock` `HeapAlloc` `HeapFree` `HeapReAlloc` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `IsDBCSLeadByteEx` `IsWow64Process` `LeaveCriticalSection` `LoadLibraryA` `LoadLibraryExA` `LoadLibraryExW` `LoadLibraryW` `LocalFree` `MapViewOfFile` `MoveFileExW` `MulDiv` `MultiByteToWideChar` `OutputDebugStringW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `RaiseException` `ReadDirectoryChangesW` `ReadFile` `ReleaseSemaphore` `RemoveDirectoryW` `RemoveVectoredExceptionHandler` `SetEnvironmentVariableA` `SetErrorMode` `SetEvent` `SetFilePointer` `SetFilePointerEx` `SetHandleInformation` `SetLastError` `SetNamedPipeHandleState` `SetThreadExecutionState` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SystemTimeToFileTime` `SystemTimeToTzSpecificLocalTime` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnmapViewOfFile` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WaitForSingleObjectEx` `WideCharToMultiByte` `WinExec` `WriteConsoleW` `WriteFile` `__C_specific_handler`
ole32.dll	`CoInitializeEx` `CoUninitialize` `OleInitialize` `OleUninitialize` `RegisterDragDrop` `ReleaseStgMedium` `RevokeDragDrop`
SETUPAPI.dll	`SetupDiDestroyDeviceInfoList` `SetupDiEnumDeviceInfo` `SetupDiGetClassDevsA` `SetupDiGetDeviceInstanceIdA` `SetupDiGetDeviceRegistryPropertyW`
SHELL32.dll	`CommandLineToArgvW` `DragAcceptFiles` `DragFinish` `DragQueryFileW` `SHGetFolderPathW` `ShellExecuteW` `Shell_NotifyIconW`
USER32.dll	`AdjustWindowRectEx` `AttachThreadInput` `BeginPaint` `CallNextHookEx` `CallWindowProcW` `ChangeDisplaySettingsExW` `CheckMenuItem` `ClientToScreen` `ClipCursor` `CloseClipboard` `CreateIconFromResource` `CreateIconIndirect` `CreatePopupMenu` `CreateWindowExW` `DefWindowProcW` `DeleteMenu` `DestroyCursor` `DestroyIcon` `DestroyMenu` `DestroyWindow` `DialogBoxIndirectParamW` `DispatchMessageW` `DrawTextW` `EmptyClipboard` `EnableMenuItem` `EnableWindow` `EndDialog` `EndPaint` `EnumClipboardFormats` `EnumDisplayDevicesW` `EnumDisplayMonitors` `EnumDisplaySettingsW` `FillRect` `FlashWindowEx` `GetAsyncKeyState` `GetClassInfoExW` `GetClientRect` `GetClipCursor` `GetClipboardData` `GetClipboardFormatNameA` `GetClipboardSequenceNumber` `GetCursorPos` `GetDC` `GetDlgItem` `GetDoubleClickTime` `GetFocus` `GetForegroundWindow` `GetKeyState` `GetKeyboardLayout` `GetKeyboardState` `GetMenu` `GetMenuItemInfoW` `GetMessageExtraInfo` `GetMessagePos` `GetMessageTime` `GetMonitorInfoW` `GetPropW` `GetQueueStatus` `GetRawInputBuffer` `GetRawInputDeviceInfoA` `GetRawInputDeviceList` `GetSystemMetrics` `GetUpdateRect` `GetWindowLongPtrW` `GetWindowLongW` `GetWindowPlacement` `GetWindowRect` `GetWindowTextLengthW` `GetWindowTextW` `GetWindowThreadProcessId` `InsertMenuW` `IntersectRect` `InvalidateRect` `IsClipboardFormatAvailable` `IsIconic` `IsZoomed` `KillTimer` `LoadCursorW` `LoadIconW` `MapVirtualKeyW` `MessageBoxA` `MonitorFromPoint` `MonitorFromWindow` `MsgWaitForMultipleObjects` `OpenClipboard` `PeekMessageW` `PostMessageW` `PtInRect` `RegisterClassExW` `RegisterClassW` `RegisterClipboardFormatW` `RegisterRawInputDevices` `RegisterWindowMessageA` `ReleaseCapture` `ReleaseDC` `RemovePropW` `ScreenToClient` `SendMessageW` `SetActiveWindow` `SetCapture` `SetClipboardData` `SetCursor` `SetCursorPos` `SetFocus` `SetForegroundWindow` `SetLayeredWindowAttributes` `SetMenuItemInfoW` `SetParent` `SetPropW` `SetRectEmpty` `SetTimer` `SetWindowLongPtrW` `SetWindowLongW` `SetWindowPos` `SetWindowRgn` `SetWindowTextW` `SetWindowsHookExW` `ShowWindow` `SystemParametersInfoA` `SystemParametersInfoW` `ToUnicode` `TrackMouseEvent` `TrackPopupMenu` `TranslateMessage` `UnhookWindowsHookEx` `UnregisterClassW` `ValidateRect`
VERSION.dll	`GetFileVersionInfoA` `GetFileVersionInfoSizeA` `VerQueryValueA`
WINMM.dll	`timeBeginPeriod` `timeEndPeriod`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.37615`
Detected Filetype	PNG graphic file
MD5	`a3a026912af6e4885ac7a35dfafbd553`
SHA1	`708b612fdce43634b14d802ec1925857cb89177b`
SHA256	`0efcf32d75efc458a7ec99045897cbc2f589c34d9343637cf56289b9252385e0`
SHA3	`9d4f60c722bbe29de13ff4d674e8a2c7c4f427a5be681df79099e7c1169f2b4d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf9b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76831`
Detected Filetype	PNG graphic file
MD5	`39061b784636c10b82714a6e7582ae51`
SHA1	`4d636a7d395f9bd9e1bdb3d6fbd5f25b69df0001`
SHA256	`5d5ff7862d347e937bef51075363dfe5c818b69884857aba672dc4cee270ef73`
SHA3	`83f9b06470e0d71809cad39b6a6009a2fab0fcf91bb1e180a70c8f56f325fb9a`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.65129`
MD5	`05cddf67c8bf10dccad952088cb30d33`
SHA1	`85fb13815586d8386754ae00c89c9a6957c80fea`
SHA256	`dde0c9d3dfbd7c404decbf833644b5f58796a2c5f089ef296a3c56cf57040b01`
SHA3	`a72f73e9b1009fddd36b40cc4b92973e247cc185e637bf302ab291b98abdac6a`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88023`
MD5	`db632fa4c58bb63228a2ed15ade89808`
SHA1	`e86802e4ccd0c6a837935028cd1c42c2345dfd5f`
SHA256	`88d5f027c05e907b9f66163aef4b59fd977cc3aeced5aed10862d414cf7e3340`
SHA3	`8580f4b0dbc4944b055d187e98d280dd5b90b47c5ce2c73bb841449f5e741c99`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.128`
MD5	`1603bc446591d2b61f90d4dc6c8b48cc`
SHA1	`8437455396d77c052265e82a1c9299225803b0be`
SHA256	`29d5fa87979b93c2d121df7e5800acb76ccc20bcb24633e183fe65e4550fab80`
SHA3	`550307894d293728fd959efb03844ade31dffd450a2db16070204012b47e98d5`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34766`
MD5	`97dee5d8469752bef993c2a13eb7410e`
SHA1	`94e693f105ce5b7773c27159a8ddfdae02d28836`
SHA256	`4a6d55271b2817546571213b1ff4814938f84278f54dfa4646666bc1b6160598`
SHA3	`fbd3e1d8e41df601fea9926e4ee266c94a14f5b77c468e7282df8cd600ac6649`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57259`
MD5	`8feec359a3e0715dde68aaa5a6fd8d5a`
SHA1	`7f49f871246af395098532f094be3265375d0b34`
SHA256	`7ba28a237e8fc8e733766a4ec7d46dc2114f0f717b2142088a03447c658ccfb6`
SHA3	`0d332b7809a079c31900053c8b65b79f451f7768e15fa84d792efe4bd0b3aad9`

ID

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79933`
Detected Filetype	Icon file
MD5	`1da3a7de52ee0f0c8b63af6db028fd37`
SHA1	`a23190f871d04ca3f31ed2ba430a4c586a4d32d1`
SHA256	`69ff490a255901e8b354a54217baec4f8ff72c6b390a43d57b61eff87e42aa6e`
SHA3	`3cdcde40803dd3d82aae6b12d362c60e090757333d00c5cc321965353af32448`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x768`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12963`
MD5	`991487d96138ce19cc13c42f8982e993`
SHA1	`aadf56d361e7a55a1882974dce1c4d7c155e5bb4`
SHA256	`1bafdae9ed7b709e33866492c80b1e77024f27f7458a616069ec6ad5b0551f81`
SHA3	`ce8efab802698f25ff494cc28566b2247b94f95da093300888db4941c8b3e0f0`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x14044c000`
EndAddressOfRawData	`0x14044c008`
AddressOfIndex	`0x140445dcc`
AddressOfCallbacks	`0x14040f620`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x000000014035FA40` `0x000000014035FA20`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.