Manalyze report for ffbd1daf3c3f96eda2d3bf813005c8a1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Jul-13 23:42:48
Detected languages	English - United States
Debug artifacts	wscript.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft ® Windows Based Script Host
FileVersion	`5.8.7600.16385`
InternalName	wscript.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	wscript.exe
ProductName	Microsoft ® Windows Script Host
ProductVersion	`5.8.7600.16385`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryExA LoadLibraryW LoadLibraryA` `Can access the registry: RegCreateKeyA RegCloseKey RegSetValueA RegOpenKeyA RegQueryValueA RegDeleteKeyA RegSetValueExW RegQueryValueExW RegCreateKeyExW RegCreateKeyExA RegOpenKeyExW RegQueryValueExA RegEnumKeyExA RegOpenKeyExA RegSetValueExA` `Can create temporary files: CreateFileW GetTempPathA CreateFileA`
Suspicious	VirusTotal score: 1/72 (Scanned on 2022-12-23 11:28:03)	`CrowdStrike: win/malicious_confidence_60% (W)`

Hashes

MD5	`ffbd1daf3c3f96eda2d3bf813005c8a1`
SHA1	`c70fca6fbbfcac2b45c941a4b3cded85a67e6683`
SHA256	`14ae3701fcac1ac7aa3b0b4d661513b42fbc84c58e8defbe89d6d641e395988c`
SHA3	`66e5538396452f015981d0d422e2cd5cf8fc0634b647da57c282d1fdaff8dd19`
SSDeep	`1536:ePQHBb0iQIPjDRaHYwqsm/DGDku1r5UOxgN:VhoiQ23MH3qsm/CDku1r5Hx`
Imports Hash	`62ea1d2da2b1481e969d080a6b29d775`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2009-Jul-13 23:42:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.1`
SizeOfCode	`0x17600`
SizeOfInitializedData	`0xb000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002F3B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x18000`
ImageBase	`0x450000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`6.1`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x26000`
SizeOfHeaders	`0x400`
Checksum	`0x2b2d4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x8000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fdb1c5b651926167fb4fb91ad513ec17`
SHA1	`06dcbc8b38dba5fa76dc6edeb34c30c31927f2b5`
SHA256	`9e6ae9e0b0088f90091211e0d84b85f7f4bc4bec588fb3764264aca938471bf2`
SHA3	`01410f133859fc6ef500242e4ea6022a854985a123e2d783902709f939e7e610`
VirtualSize	`0x1757c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x17600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`2.9832`

.data

MD5	`0aa4386a427c2cb0f5b5d65788aaa9eb`
SHA1	`9df9ec4abfb8554ed9a3f063bffabbb68c5cf4b1`
SHA256	`32bd1c0c7af64165daedbae8aec135644e0879d65166ee31af390dd35387de34`
SHA3	`8cdbfe9170f091b57e34aebcec6c6ecaba3f2e30997308b3bb1dfa561d7f8829`
VirtualSize	`0x4dc`
VirtualAddress	`0x19000`
SizeOfRawData	`0x600`
PointerToRawData	`0x17a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.972762`

.rsrc

MD5	`708fbcc35d7caab8b9a904d7e11cf7a3`
SHA1	`4644a013ffa161916c62ec2862da8d5735d0f6d8`
SHA256	`30cd4d18889b33a5f69404a1332ef959a1831ac0876345f6d5d655db2641ba04`
SHA3	`aa0ddd2ce306754a2706a39debfc9c31e8e3dfebb3a05ca629d51fb18634b495`
VirtualSize	`0x94b8`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x9600`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.13855`

.reloc

MD5	`70afb83647ccee576016e3db5e11ca58`
SHA1	`61363fdcc8c5ecc8725cea0c9452434f29441941`
SHA256	`a2d9821e202e5dec4dedcfc58c48eb6904adaba2c76e2df9a4768109eda51166`
SHA3	`c9235e33aa605bc72832b694aa30f5b27a15eeb8d983b60c685e28350c937246`
VirtualSize	`0x13d4`
VirtualAddress	`0x24000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x21600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.582`

Imports

ADVAPI32.dll	`RegCreateKeyA` `RegCloseKey` `RegSetValueA` `RegOpenKeyA` `RegQueryValueA` `RegDeleteKeyA` `RegSetValueExW` `RegQueryValueExW` `RegCreateKeyExW` `RegCreateKeyExA` `RegOpenKeyExW` `ImpersonateLoggedOnUser` `RegisterEventSourceW` `GetUserNameW` `LookupAccountNameW` `ReportEventW` `DeregisterEventSource` `IsTextUnicode` `RegQueryValueExA` `RegEnumKeyExA` `RegOpenKeyExA` `RegSetValueExA`
KERNEL32.dll	`GetCommandLineA` `lstrlenW` `GetCommandLineW` `HeapAlloc` `HeapFree` `GetProcessHeap` `GetProcAddress` `SearchPathW` `GetUserDefaultUILanguage` `GetSystemDefaultUILanguage` `GetLocaleInfoW` `GetVersionExW` `CreateFileMappingW` `LoadLibraryExW` `SetLastError` `LoadResource` `FindResourceExW` `CreateFileW` `GetFileSize` `CreateFileMappingA` `MapViewOfFile` `UnmapViewOfFile` `GetPrivateProfileIntW` `GetPrivateProfileIntA` `GetPrivateProfileStringW` `GetPrivateProfileStringA` `GetFullPathNameW` `GetFullPathNameA` `GetLocaleInfoA` `LoadLibraryExA` `LoadLibraryW` `HeapReAlloc` `GetStdHandle` `GetConsoleMode` `GetSystemDirectoryA` `GetTempPathA` `GetTempFileNameA` `CreateFileA` `WriteFile` `FlushFileBuffers` `GetUserDefaultLCID` `GetCPInfo` `GetFileAttributesW` `FindFirstFileW` `GetFileAttributesA` `FindFirstFileA` `FindClose` `GetACP` `CreateEventA` `CreateThread` `CloseHandle` `SetEvent` `FormatMessageW` `LocalAlloc` `LocalFree` `FormatMessageA` `GetVersionExA` `GetModuleFileNameW` `LoadLibraryA` `FreeLibrary` `lstrlenA` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `RtlUnwind` `OutputDebugStringA` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetTickCount` `QueryPerformanceCounter` `InitializeCriticalSection` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `GetCurrentThreadId` `InterlockedIncrement` `InterlockedCompareExchange` `InterlockedExchange` `InterlockedDecrement` `ExitProcess` `GetModuleHandleA` `GetStartupInfoA` `GetLastError` `WideCharToMultiByte` `MultiByteToWideChar` `GetModuleFileNameA`
USER32.dll	`GetMessageA` `DispatchMessageA` `GetActiveWindow` `MessageBoxW` `PostThreadMessageA` `GetParent` `TranslateMessage` `PeekMessageA` `MsgWaitForMultipleObjects` `SendMessageA` `PostMessageA` `LoadStringW` `LoadStringA` `CharNextA` `GetClassInfoA` `RegisterClassA` `CreateWindowExA` `GetWindowLongA` `SetWindowLongA` `SetTimer` `DefWindowProcA` `PostQuitMessage` `KillTimer` `EnumThreadWindows` `IsWindowVisible` `GetClassNameA`
msvcrt.dll	`_iob` `_vsnwprintf` `_errno` `_vsnprintf` `_beginthread` `memcpy` `memmove` `malloc` `free` `mbtowc` `isleadbyte` `_snprintf` `_itoa` `wctomb` `ferror` `_swab` `wcsrchr` `_itow` `__badioinfo` `__pioinfo` `_fileno` `_lseeki64` `_write` `_isatty` `??3@YAXPAX@Z` `wcsncmp` `_wcsnicmp` `_wcsicmp` `__mb_cur_max` `??2@YAPAXI@Z` `memset` `_endthread` `bsearch`
OLEAUT32.dll	`SafeArrayGetLBound` `SysAllocStringByteLen` `SetErrorInfo` `CreateErrorInfo` `VariantClear` `VariantCopy` `VariantInit` `SafeArrayCopy` `SafeArrayCreate` `SafeArrayPutElement` `LoadTypeLib` `VariantChangeType` `SafeArrayGetElement` `SafeArrayGetUBound` `SysFreeString` `SysAllocStringLen` `SafeArrayDestroy` `UnRegisterTypeLib` `LoadTypeLibEx` `SysAllocString` `LoadRegTypeLib` `SysStringLen`
ole32.dll	`CLSIDFromString` `CLSIDFromProgID` `MkParseDisplayName` `CoGetClassObject` `CoInitializeSecurity` `CreateFileMoniker` `CreateBindCtx` `CoMarshalInterThreadInterfaceInStream` `CoGetInterfaceAndReleaseStream` `CoUninitialize` `CoInitialize` `CoCreateInstance` `CoRevokeClassObject` `CoRegisterClassObject` `StringFromCLSID` `CoGetMalloc` `CoRegisterMessageFilter`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoA` `VerQueryValueA` `GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeA`

Delayed Imports

Ordinal	`1`
Address	`0x2bb9`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80473`
MD5	`5ec23dd4d2b9a4bc302913edb27f86c3`
SHA1	`1a4c14438b1b4faceed7b631812e3474e1b569ab`
SHA256	`972da42c9ecc09b315675d3a3b13133b5d0250fefb345a1a8f8cfbb4d728193c`
SHA3	`2665780093a16c1ef26c15d2a9db552a315033c79670943e779dc0a777ef1edb`

1 (#2)

Type	`TYPELIB`
Language	English - United States
Codepage	UNKNOWN
Size	`0x50cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.256961`
MD5	`fae1b06d2f552e50e71b135bc06e1279`
SHA1	`6e3240bf41021a7b994cdbb593fa0de1ef45b545`
SHA256	`d908e362eabb6c58b8fba402d70bc4d8888e08e0d98f2501edac4a299979de51`
SHA3	`04ae903ded3ee1f49052d8dae886fdbb440aa7148533ad4829235b1e67d94c5d`

2

Type	`TYPELIB`
Language	English - United States
Codepage	UNKNOWN
Size	`0xca0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`8d6c8e199b366d5f5770b8a1c6d6f48f`
SHA1	`d78f6bc684ac16028e6706cc80ae167da5c094cb`
SHA256	`df66d6e43afb0468eda3149e5eaaffda44271cf157a9d9ea4ff6b6dafccb030c`
SHA3	`987533c83aa70cf4a638c4d7e20ca832e3630716efc0d7bace1a213c85a98b56`

1 (#3)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56892`
MD5	`7cbc67d89e560d38ec689996dc98f94c`
SHA1	`28add5a63c570cf2279e94bccbc952b588392526`
SHA256	`402380cc207c0eefdc2aec7bd0081da181fe3a28c3bdc573942e438bbdda22a2`
SHA3	`66dd4f8da736358acc772bdd8a5adc6f2410a6476c3c05faf31cee2a94c43e9e`

2 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41512`
MD5	`8bb745b18c479987cda0e15d0adbafd6`
SHA1	`0f20f2481169f289affcd0141ab54e00825c4162`
SHA256	`50416d483dffdfb89263521bb38273c41d752a1faafbf6d904089e085f3147ac`
SHA3	`cb8e4afdf9d1b7e70ad3597b73ed647850fca20190a5ed8ab44c371f2b28b50e`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33172`
MD5	`a34b2a422a9a9ec554bede2e8645edfa`
SHA1	`8535a3fbf151e9f1cb64472d4cc89230ac485d1f`
SHA256	`6c5f283e265de2cb31e673c0c1d7364a1afa48b114ea154019ae94d737953946`
SHA3	`904d09157de40697f574f26c310809d27e524019e7242ad224b9225f9b63edc7`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88973`
MD5	`81f7331ee250ce678642c92838a70d0e`
SHA1	`8cd52b313ba20a1e98b7f936c3042a7a34a9b313`
SHA256	`969c17a1a4bd1f2bc831d1212956c9095aa310b307813bccfc12088df95d1c5a`
SHA3	`36ce3e73d0aa6f3ecbd0d6e207f168a9c4bda43dfe8cd3bb3f8955b51399976d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33542`
MD5	`789ada30cc8d4fa383b14b33b0713510`
SHA1	`6f49ee38448565efbd323b8e3ea19161c484420b`
SHA256	`1786f022b5225428e61d68aa9330a8fe2503e48c4ad2e2abf6f877b9175aeaec`
SHA3	`3d2f5f88a550a4450c23474701456b7664972816397a0600194db74931adc542`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08736`
MD5	`a37529a0f69b66ae4a48274912dcb54e`
SHA1	`ebf42b885c60fbedd21e2184d055bef94cb46bdc`
SHA256	`656b6e6810bd4d061a717ac2ab560929dd6bcfabb60260632b666cd430e40951`
SHA3	`3eda536d1d337a87e38bedbe3fc64313f723b5a16c383acc558ef355ba97592d`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06677`
MD5	`91b29cbacb281384c8840f2d416909b8`
SHA1	`774e8409a9a80d162b6839fa2cdf28f7bfa2297e`
SHA256	`44528408b839cea9d7b9c1a75eaf4db478bdac0245e82a63b54653f4e2ed9d56`
SHA3	`69d64b7a7eca199a65190fb769b87a3d9c88043a5019f033c69a013be52c5cb9`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74743`
MD5	`9cc516d4170471776d2cb62dce36a5e1`
SHA1	`4ae3586e62b55048c2aeb903e0ec9e2c244908d2`
SHA256	`bb6ecc992483748a9fe62b5682d239a1a96c80977f31dda29519d400a3f2f12f`
SHA3	`f095244b41a3bf6041acd026777eb9225505dddb1129ba3e813e208a9adf1cc5`

1 (#4)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x96`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`87a4924b0060d1e79c729f24cd134986`
SHA1	`2894ac4ba83af7de1cdcef23d72e68aed68b6624`
SHA256	`1d83518b897b14e2943990eff655838246cc0207a7c95a5f3dfccc2e395f8bbf`
SHA3	`cb341b552e4f98e4568ac9cefda8ff6b7ab14144e71346c6405ac050ceeaa89f`

2 (#3)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d26937a0a615266ccd9fb199e7fb7fb9`
SHA1	`7aeae9bc21885be7c7fe2cae0dc68b9e745c31f4`
SHA256	`5c55c8f4db4010ba9203d83536d0609856af8c847ac039e37e7dde8fbd574b61`
SHA3	`5fb43d93ac061cdc8923151a93668fd1d87775584a1348099c51fc81d92455f7`

3 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c183857770364b05c2011bdebb914ed3`
SHA1	`040e5ac904de86328cca053a15596e118fc5da24`
SHA256	`094c4931fdb2f2af417c9e0322a9716006e8211fe9017f671ac6e3251300acca`
SHA3	`729e62ace660b283ddd5b0ecc9805db459a3375c8e0a2a3b80274d24bdd9142c`

63

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`f3a534d52e3fe0c7a85b30ca00ca7424`
SHA1	`d576c908b43ed0023cd12557d5831f20b24e42ab`
SHA256	`762b023699a0e48aa95763f0cf7c0467f1d6e9880308c78ebbc1c423de7072d3`
SHA3	`13a124f6f9b1f7a9c7fa00fbce0afa27d87b3cf09b2020deb81d7cb2a86bd0f3`

157

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x602`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.351578`
MD5	`26c4b49746e78d5414ac51fcbe79e01e`
SHA1	`5cf72433bde8cf5364dc84e37aa461c98863358b`
SHA256	`fb137ad651e86159176875ddc8923bce4a9be83f9905f9566c2f8b1ad39a4dba`
SHA3	`f639ab2f33436f240a68d7e3f84ddeda4aa5e13a9168cf9042d42c6496655b46`

158

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x180`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09944`
MD5	`a563deec12608ff210034dbbd17e6c8a`
SHA1	`b47f8098946ef1e666e7cb5f157b8362f3bc8f6d`
SHA256	`3a09efe9098a66029f7697219ce53538bcd515c5daa589557d1c1ca5264b92be`
SHA3	`1518cb5690f6d1c574e62eecd163eb1dc938ce6fb879b90a11fe35b36fb7f865`

163

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28339`
MD5	`822f7441ca868256f84c9653ed5d7f52`
SHA1	`8528c552edfc15d9f2da081335169b6039866a2a`
SHA256	`fbf264f8458f5aa97023d2dd83f35336be52a0bd8453607e1edbaf915a352d64`
SHA3	`4df61aef05f3d49acee04838a17d47fb20ea35d38f37f573a1a9e0dc66c9307b`

191

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x264`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`6841a847b560d1a1483bdbd28d212ad7`
SHA1	`2492203ee8031ad1124efc5471688474490cd5ab`
SHA256	`fea95ee6654315a11e31ce972ff371fc74f2ad8dc02dd7439dafe6ceff383e9a`
SHA3	`7c5133e81882fb136125ede0063ba848794ae8bfd098ffd30c8346341ae6729e`

194

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`023fb285bf9850ccc10287a3a8db3603`
SHA1	`7f07762fad599cd96c903e7f279ff06607db667a`
SHA256	`1fe2373734955e60c172999142934b52e69ba7ab9039b3c18ea54082ba32afcd`
SHA3	`400f7572d8b30e134eed155d05e5f56251f5da4bfd1f3fbe4a9531805ab3f4b4`

201

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`677bb0dcac881a5a4638ede690ca721c`
SHA1	`ab8e52e9f345d8152a39110c9ebbc07bfe37b182`
SHA256	`97d364e2d3d35f030a038c41bbadc42d0c15fa8d79ba569987e19fddb2e80f9a`
SHA3	`b2b05793e5975c31bbfbb614f74e6de4c8c35794ec22d037f23c20b79297d920`

207

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`b1a232021c419a0243f14b3163dd4487`
SHA1	`0f2ab03cebfd4aa73c69fa2ab255023a15f82073`
SHA256	`fcefeed6eb97cee99cf0781cb3882d0cf2c2d1d82da1e7d0ea686ad2a28d6d7c`
SHA3	`5f55f5a4013349d85a567bb0621035f30ba881306ff9287be3fd2b262fe80584`

208

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x212`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`120bc01b4688cadcaf28acca2edc6497`
SHA1	`b72f0d700b923539a770ec72714e89564cbdf2af`
SHA256	`e98e4a1c4f8fd13a613808f1f7c6ee826b997d657966542e3b1d1288eb2f740c`
SHA3	`deb422a1ec7eb23b9057330fdc01b0625f70f40dc4852abb4f809720862eda5a`

213

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`27418f9aeb0fae483bcf13272efe6310`
SHA1	`9a28ce8233f1be05276f787e06f872f7dd49f8ed`
SHA256	`e3c2af35d1dfc500e16f826a071cc311bf55003a3de77de7ea3376c6b6fa2857`
SHA3	`befaebb14926b3bc6d3330ea240dc2f202a15ddebd0ac4f50a0195d7928acf5f`

219

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`363c2e67f9e853fbc532d0b6404db30a`
SHA1	`ea7d2164761f6945601634e6a9bc53d1809faef1`
SHA256	`d37ed83de65b33e0a0d73e0fe3045ec685df14c0342d21c476910211a95b8c46`
SHA3	`7884d94d01a8e21274e563201d7a88480ba02645c42e7ad13675b15ea40b15b0`

1 (#5)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55805`
Detected Filetype	Icon file
MD5	`f6bfdcc9b84f40cd4f2f4986395461da`
SHA1	`978b284331426882bfe26c946469ba240854153d`
SHA256	`7b7cc020e1888740524df4831d80184a709a3cf52ed76335cb247253157f6e60`
SHA3	`bf2a54731d19e929f970d2d44a01de475c1c45ecd7a26d7eb6ac6cb90f5ba6e8`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55805`
Detected Filetype	Icon file
MD5	`8655b844bfee663f0d289f7e08cc609e`
SHA1	`8ef87ed45f7e495d1c52eb85996cec07ae5aca12`
SHA256	`b9526937ca2715e9b12796a65392e1913bb5c77f5e2420c78e31baf7dadac873`
SHA3	`23cbd20dfe62169dce3b5b154f7f0f6ce71dfca1b9cdcec0fc5c541cca5a08a1`

102

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47702`
Detected Filetype	Icon file
MD5	`30d3c08a7e102b3c76c369e7d689187e`
SHA1	`0bedf3194368bdd38e251794b400804a566942f0`
SHA256	`cd07dc2185fca682e34141b058a2b4794bfde621a0e355e6e7080686a8c78750`
SHA3	`7f64f455d9bf5e37478805ed41507967845c44a11beb202cbc5f6eacf8327d15`

1 (#6)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x378`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51023`
MD5	`5b55b1c33398c34ede1694ced22d596a`
SHA1	`f4e846bd73f08c7ff29300a9f897bd1416ca7ab3`
SHA256	`f1395d161ba4d630c7fa1d12eb9bc41ce5192786d2aeb1f6bcdb77b9f27bfef9`
SHA3	`a059cebc7ddfca930943e98f730cc0f0d0a1c9e7d0c4382919edadec0c2d307a`

String Table contents

WScript Error - Windows Script Host
Input Error - Windows Script Host
This Unicode version of WScript will only execute under Windows NT.

Please use the ANSI version of WScript.
Script: %1!ls!
Line: %2!lu!
Char: %3!ld!
Error: %4!ls!
Code: %5!lX!
Source: %6!ls!
WScript - Script Execution Error
Windows Script Host Remote Script
Remote script object can only be executed once.
Unable to execute remote script.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.8.7600.16385
ProductVersion	5.8.7600.16385
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Microsoft ® Windows Based Script Host
FileVersion (#2)	5.8.7600.16385
InternalName	wscript.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	wscript.exe
ProductName	Microsoft ® Windows Script Host
ProductVersion (#2)	5.8.7600.16385

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2009-Jul-13 23:42:48
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x18558`
PointerToRawData	`0x17958`
Referenced File	wscript.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2009-Jul-13 23:42:48
Version	`565.6526`
SizeofData	`4`
AddressOfRawData	`0x18554`
PointerToRawData	`0x17954`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x469004`
SEHandlerTable	`0x45b6d0`
SEHandlerCount	`2`

RICH Header

XOR Key	`0x99c414f3`
Unmarked objects	`0`
ASM objects (VS2008 SP1 build 30729)	`9`
C objects (VS2008 SP1 build 30729)	`66`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`257`
C++ objects (VS2008 SP1 build 30729)	`58`
126 (VS2012 build 50727 / VS2005 build 50727)	`1`
Exports (VS2008 SP1 build 30729)	`1`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

ffbd1daf3c3f96eda2d3bf813005c8a1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

2

1 (#3)

2 (#2)

3

4

5

6

7

8

1 (#4)

2 (#3)

3 (#2)

63

157

158

163

191

194

201

207

208

213

219

1 (#5)

100

101

102

1 (#6)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_RESERVED

TLS Callbacks

Load Configuration

RICH Header

Errors