Manalyze report for 110c2f02be7113f4e23757fd44c1037a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Aug-26 18:47:34
Detected languages	English - United States

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	This PE is packed with Themida	`Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot`
Suspicious	The PE contains functions most legitimate programs don't use.	`Uses Microsoft's cryptographic API: CryptEnumProvidersA CryptMsgClose` `Has Internet access capabilities: InternetCloseHandle WinHttpConnect` `Leverages the raw socket API to access the Internet: ntohs`
Info	The PE is digitally signed.	`Signer: Manthe Industries` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Malicious	VirusTotal score: 4/71 (Scanned on 2026-01-30 06:15:37)	`Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: Unsafe` `McAfeeD: ti!43286F5E6373`

Hashes

MD5	`110c2f02be7113f4e23757fd44c1037a`
SHA1	`bdda2ebc35f0050705549ca4093b0b1501621389`
SHA256	`43286f5e6373633c9b82b9ec604efdc8d82a45cf00c5e8f6c99c52deafc283f2`
SHA3	`b2d206960129ab63a9d0ad81a9e4356bd0d98afe5f980b4b66dd503c2b761e5e`
SSDeep	`196608:K2jpvNC14u6+6zsPPfAiH9d0cWc2xw91z8TyHsKQL7qrRhqHtVqCuAYi:VjpvNC1O+44fA00cqknHsdL7qrHqNVq0`
Imports Hash	`6f3cf0531c2d9ec4a8f6ef25004860b9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x148`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`13`
TimeDateStamp	2024-Aug-26 18:47:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x38e200`
SizeOfInitializedData	`0x1bde00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000FAF058 (Section: .boot)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1702000`
SizeOfHeaders	`0x600`
Checksum	`0x968565`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`4560e7db293aaca7244660a26424c484`
SHA1	`1e865f744721016b5f62eb27aa5a0199fade7734`
SHA256	`a04f632222fd0fc9c0b879d43af2d12b12ea8a80617d9625bbe6085a413cda2d`
SHA3	`11d9ae5eefab86cb1ba4d0b2cf25e816db3842f90ca3ddd124d881135b600bb1`
VirtualSize	`0x38e159`
VirtualAddress	`0x1000`
SizeOfRawData	`0x171400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98927`

(#2)

MD5	`843c1bef1fe5acd4f38d7b6b81e3ad9b`
SHA1	`90e405a698b0a645b6ff73a5201c10145da05d39`
SHA256	`f4db3b6b8e693e4d89be01ae480c67f6a412e6e1101312e1a2f3eb30d7a81a7e`
SHA3	`a3bd36f755bc07aa0e4461103ce757d5deb3cce9e159a6960f8efc12a0f8777d`
VirtualSize	`0xf58ea`
VirtualAddress	`0x390000`
SizeOfRawData	`0x54800`
PointerToRawData	`0x171a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.96328`

(#3)

MD5	`4c3098f108db4d8924156277784c4cc9`
SHA1	`0b9eb0afbc6cd0d00f96058c9bed4a93f0dafbae`
SHA256	`d5bc42a4c43bfadc10058c94319a78b5de1881218a30ecd7879b1a16c2028339`
SHA3	`b5057df9c627cc96eebfb89228b573397e3966179ca6c393f119928530784aea`
VirtualSize	`0x7a7cc`
VirtualAddress	`0x486000`
SizeOfRawData	`0x22000`
PointerToRawData	`0x1c6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.97622`

(#4)

MD5	`2273faa36f9f4a829059887180b3e4f9`
SHA1	`a838cc2f1ec01562734cfcf52a4705c0f156292c`
SHA256	`9b0b627911820617a9fbaf0f2a6bd7d32b37f501228baaef7908a55e1f9bf62b`
SHA3	`de838fbfcea258bdd8981ffea62b8ecba18eef1e5c7558d2f9864ae9faa757b5`
VirtualSize	`0x36c24`
VirtualAddress	`0x501000`
SizeOfRawData	`0x1d400`
PointerToRawData	`0x1e8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.77073`

(#5)

MD5	`65fc309538aee98850e5a82f7e50a922`
SHA1	`1b0d0d0d10909a96aef4da409917abdabb2b259b`
SHA256	`b3c5e8bd4dbb534bb2b2655dbe9f6c86e94fa886db4cd512203a90c6c5a5394d`
SHA3	`eec6e84c6f8bbf0c7d042580db50f8cc336f6c9b81f83daf864ccbc47249f70a`
VirtualSize	`0x15c`
VirtualAddress	`0x538000`
SizeOfRawData	`0x200`
PointerToRawData	`0x205600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.09135`

(#6)

MD5	`d603e283a57e41f3df842f8166c69d2f`
SHA1	`5f85abdb6fadf701e54b7d78e9c3d19f7a1d3cf2`
SHA256	`7dfb392c8e4ae63a35db0a7483176f4d65f790ff46888ac7b3085c48caaa0323`
SHA3	`fc0158fec047d54ea58ee1437816bd0beafb43ac26f3dfc0914fc85f9f83d882`
VirtualSize	`0xd9d0`
VirtualAddress	`0x539000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x205800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.93231`

(#7)

MD5	`d86b974657c494d528af43fb7045fc74`
SHA1	`005b87c6734cd3f7139fe1bd2ee2656659ea033a`
SHA256	`ac79b20ba3b429a53ef6e5655e2cc52915229b4aee70aff5fa9b3b787a76d0db`
SHA3	`e4c084f13010aea62b07eea48a1938f36667d75f00deb3a4f9502103a2b520f9`
VirtualSize	`0x9004`
VirtualAddress	`0x547000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x210600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.87571`

.idata

MD5	`02347383e386c495a8b775ef82042d55`
SHA1	`86bae140746b94d72fb382dadac1397a53146941`
SHA256	`d1d4190e4919287d24fd743d9131998404af6bcec52f67a3285824531f99637d`
SHA3	`723a0c4644dae75de1ceceb5fbe41d47b9761e06b878c83b4478de2a8897f1ca`
VirtualSize	`0x1000`
VirtualAddress	`0x551000`
SizeOfRawData	`0x600`
PointerToRawData	`0x212800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.95362`

.tls

MD5	`c7ef4f97c48ed26608e455e28ff60211`
SHA1	`d420e2f3ce8b6d3ef8b8c430db9e3b5c7d840c82`
SHA256	`87846b4f9edd9150d8bf3fb0c644d1004a745fc812fc2b68410eafb51c4e4c55`
SHA3	`7092d7fe05474c2c59cf7d9c5cf0625b2f5232df2908ba2954e60c7068e3b738`
VirtualSize	`0x1000`
VirtualAddress	`0x552000`
SizeOfRawData	`0x200`
PointerToRawData	`0x212e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.284569`

.rsrc

MD5	`db78e02831e996796ebe86469d74189f`
SHA1	`e7a60aedca803ab5a524c93ff21773e590429da6`
SHA256	`d8a056fe1f825cb401a19b71361c59760ed9d433d52243f0d16e79a42328eeec`
SHA3	`5dafea402ec14d64ff4c51a7a736be0743e9c5560ceb57af48e6d352f668cc77`
VirtualSize	`0x1e00`
VirtualAddress	`0x553000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x213000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60307`

.themida

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa5a000`
VirtualAddress	`0x555000`
SizeOfRawData	`0`
PointerToRawData	`0x214e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.boot

MD5	`160294349fd809be88d335d0826fb03f`
SHA1	`198a614d47eff06416a2d9ae120866b005589d28`
SHA256	`6ecebf7ec5702dd8e93579f7b423faac563adb8ecd99e376d70a0d7a157d772b`
SHA3	`aa8430f440b3ee3ad4e3f8f7584555739a8fb4ba3adcb84d4ca915f17637eb38`
VirtualSize	`0x751a00`
VirtualAddress	`0xfaf000`
SizeOfRawData	`0x751a00`
PointerToRawData	`0x214e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.9511`

.reloc

MD5	`ee546ad740407dd953e162fe227f05b1`
SHA1	`fc3d0b61c6ec2d99f78d67843489b820ac4dc745`
SHA256	`70911de27487975b06bf67ab3999c015c33d8c3a008ae686bffd258fecf43df3`
SHA3	`4829aac09af2ed5c34a0b9e43db95186fe057c1d7d065913b13ee23efb547a94`
VirtualSize	`0x1000`
VirtualAddress	`0x1701000`
SizeOfRawData	`0x10`
PointerToRawData	`0x966800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`2.3496`

Imports

kernel32.dll	`GetModuleHandleA`
OPENGL32.dll	`glGetString`
USER32.dll	`IsWindowVisible`
GDI32.dll	`SwapBuffers`
ADVAPI32.dll	`CryptEnumProvidersA`
SHELL32.dll	`CommandLineToArgvW`
ole32.dll	`CoCreateInstance`
bcrypt.dll	`BCryptGenRandom`
WININET.dll	`InternetCloseHandle`
WS2_32.dll	`ntohs`
WINHTTP.dll	`WinHttpConnect`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
IMM32.dll	`ImmSetCompositionWindow`
IPHLPAPI.DLL	`GetAdaptersInfo`
CRYPT32.dll	`CryptMsgClose`
WINTRUST.dll	`WinVerifyTrust`

Delayed Imports

1

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59559`
MD5	`7a195c9bc2ff8dc6f8161a031ae2232d`
SHA1	`0942b87720da4d67fbd4ff90873821f5cce61399`
SHA256	`de47f8f2fb85e91935a7580d1f32f07693526ff19409d54c40b566d5e9cf4355`
SHA3	`ffa49d60539a2edf07138d454d6c7cee63807a7c579607455e22a6486d0c4e1b`

2

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6765`
MD5	`83cafe8bded0b4b7e885e28dd81ec77e`
SHA1	`44945c59fa6989434d0bcc004657b48748d5ee1b`
SHA256	`cfadf6abf5910cba444a265c459b474cf8e13b17c4dc9764324472b0e7991183`
SHA3	`fc99d38faf7aaeb7fc04ccfdfc892a01b7dcb3c2c9b2a90b2f4d98cdb479c335`

3

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58929`
MD5	`9d216072e1e98c841717e9cfdad4e281`
SHA1	`361de96b71ca8c6f098591ad28f97e2d8a46dd9b`
SHA256	`ac94bbd75ea4d687f64d94128883097e18f5960734a5c1f90776fc857566facf`
SHA3	`ecfd5933b27b74691e264f5696a73d9f4dcbdf5d47e44356f8ddf35b669a58c8`

4

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69833`
MD5	`2e94ab67a4079b0bb3691e9400237585`
SHA1	`9b911da84c72ca7a094b4255d1c644ad78c4b584`
SHA256	`a38f65efab7e9326fa7a4034b21c6146eca773b0107b6fa0d8854654ae0f5419`
SHA3	`25014c1a617f0ef645239eba9b666e49f07191abde416f513447bb494b458ad2`

5

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56378`
MD5	`6a14f7ca4df01ac9962137021e698804`
SHA1	`ed6caa78396ca338262bfbaf565dfb22f43dd6b2`
SHA256	`dbad88d6072e3f562424b34666be5544da56efb37657c34596d55668f08cd605`
SHA3	`da3df926853c01a667a9ff0506ddf5ee794b2d2fb4e87637cc17feca78a606f0`

6

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64197`
MD5	`a9ddfdbb98b787f9fbeef1dd0109a898`
SHA1	`94bf48ff565e0e6a3db1baea14627e2711939ade`
SHA256	`7812c110a0b532eb9247e33907c70916d3d00b7c4af414e0a4dcf9bc2d686b2a`
SHA3	`ad22c209eb01b6b5f3979407be255d475308368db7a93e4b82f669ec089defec`

7

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7424`
MD5	`31d24bf2fbdb864e67079d745711d61c`
SHA1	`e9c384f522104bd4925a5062cb8936f445b975a9`
SHA256	`764b89cab6236951ae4661f8ef72c50e734e443da142cb7b58d8710c2e73ea68`
SHA3	`75e6f77a585d795f40f1fda5b33fe79f44890e10505ca87a0358e688c59555d0`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.5`
MD5	`3cbefee35712f37b726ddda08edca22d`
SHA1	`02437e6e3036e417168cc7922882861f7bf28fb4`
SHA256	`9d603a1b598b8f025c0d7adb35e15ffa6f1bca7595cbc83451fcd83c51196c66`
SHA3	`ea502dc387ce58969d28672f807cb0bd8d4578498867a5511bca58ab3f8598b0`

2 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75`
MD5	`d8e27a26e41cc126f2fe5be9a7b1a623`
SHA1	`db541600e9b51bd8ad13a1cee4bf2625267fe93d`
SHA256	`2b4dcf8dd81b51a90c611c2bb6e28c57312bf77a43141fd9b583b4ca1e63f8cb`
SHA3	`6d559ce46bb2d369a2fcf662f5d8186ba0be22accdb3b409e2e531662f95d429`

3 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02206`
MD5	`b6271caecaa937f1af7b578203b7fc22`
SHA1	`a3c4b814769ec6715db9cdf0006b0a16c0405426`
SHA256	`9f95e9808744d48d864006ee4d60e6181ee12d2d645b16bf53e6a740090161f6`
SHA3	`5c28391d2ccfe79dad61c9d0d6b064932d370efeb637e45c6dba6ab5ff75d9e4`

4 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3`
MD5	`c8439afebfd45fd6c6cf4d4cc8abc06c`
SHA1	`0218b3dcc6a24450a8447d3206dfca11916f5b93`
SHA256	`c01fd56f4cc76451370c8d3a7e44a92c16369541f5bc534db6b20a7ef766faea`
SHA3	`14ae6d70e742fed60ad5e3f151eff44ae2b883b4380684c89384e3021e3ed33b`

5 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58496`
MD5	`78083c125ea45f16b4a6fcda80fa2cd4`
SHA1	`ec216e416669c10692cbca1a055dca75ad7c3d0f`
SHA256	`ad9890f3827a6ee496b34b3af84cee1af7f49cf3d1d154eddef6b19c7c8a9cdf`
SHA3	`16769107969f4884d11fc72de828845783285371a57eb692da19223f3bf0f53b`

6 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43162`
MD5	`76ee92411931aff0bd97b9d8065f92b4`
SHA1	`261d70ef8033a16b7eab27eae236fc52a8de34fe`
SHA256	`b34df717602cebf7138ff5bfa995500fd524316ee69724564e83777ba306a229`
SHA3	`6eb6a2303578aa82978fefe9af79f235f94db01e42646290ba213e8b0540af5b`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23593`
MD5	`53989c252804e58217b16992ad9cda22`
SHA1	`ff990be7127c09a627a199c8ca78f79939254313`
SHA256	`8076378dbd4f0197bc7deb9c784cd9bc3e12a4ee7fe5ff5fc5a68bb53e8c0518`
SHA3	`8c581b246c77d6ac6f9a6a676769a66bce969e1156b4c8aec28e66688088b983`

1 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84158`
MD5	`0172ad1a2299d7709796892aacff2f71`
SHA1	`5c217fa40a6d7e0aa3255657089d9249cc371ba0`
SHA256	`7949fbea7fc291e823134d99ddac207399ece79ee83ca96dd6253dfc8c48f030`
SHA3	`d9f30b301ca4a8a295e45b3c7285a310005cf8ab90d283e28e1f407e903540bc`

2 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89356`
MD5	`ab96e93fcaa3cba81425a6a54a5980c2`
SHA1	`580b720cec6715f6ca8ee0b9ee5240cf67ce8f5a`
SHA256	`f2b1810488ec2555a660331acf2949007de88df6d4d16da6a1f8604ddb1394e6`
SHA3	`e90476de1d82f312bccf71fb882ada982bd8c3dbcefc5ce9acaf1a4d93302af5`

3 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3b9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8752`
MD5	`f7250e5ded31b7c18da45a04c6ed7a7b`
SHA1	`05a363889b0e6a55316df85f256f9d7ebe0a97cc`
SHA256	`d50f7765e6b736bdccecd97df2edbe09c8347104435b4a6dc6eaac71ea5b416a`
SHA3	`f57f87fcc7c761b28db22d59ad425aca1b6619040c0ceda07a46fc8b6101f8af`

4 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2f6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8649`
MD5	`3069f58b8106adc60127002d39de4746`
SHA1	`af5205aaa30cb662b8d6d3b43349d6b6a44b403e`
SHA256	`b5f6a8d1c185ddcebb0a4451b403cb7bbf2f493115f7ce83bac804a7d78f34f0`
SHA3	`5a4f396f684faae0766c2e88c54dfed29c8857e319a4543e7594b89078a5737e`

5 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xfd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7921`
MD5	`cbb10758f00c319367df4c0b08395c44`
SHA1	`41cf5fbe7ceb4c68964fa3cdd01679a74bf45d18`
SHA256	`0ed1effdbb0951c296e84c3d54c4076f84c2d2470aecdc0a39daefd7eb94976d`
SHA3	`bb87efa255484abd77db79bdd4938e42abc0373472df87eeb504c4bc59524eca`

6 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71302`
MD5	`35acb3800dcc0795d4b180f242160006`
SHA1	`6eb48f41bb7634d79f0e315e48fe1177da359e7c`
SHA256	`357a1279adabcec2255dbd2ae7685b3a5b19203a2d3882fd166e4f02af4077c2`
SHA3	`ca88ea8006d5ca860b4287ebc832eaea42231b16f781d51f3041f5c7e5fb3bc3`

7 (#3)

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x26f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85385`
MD5	`c6d011a7a5a5786ae6a0de1a08e13196`
SHA1	`db7521f30ce7f4c9a68546cf4f5734c553ca4012`
SHA256	`0d639dea5d06f33376f66e1522b60e9298f55124fcaa250cb2bbc54785d1a01e`
SHA3	`f6b88ebe3b6c5928f547171d5fcea04d0787ed850a92d67db08e96f31e4e1c4c`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x6035d903`
Unmarked objects	`0`
ASM objects (29395)	`21`
C++ objects (29395)	`206`
C++ objects (VS2017 v15.9.0-1 compiler 27023)	`6`
253 (VS 2015-2022 runtime 32533)	`2`
C objects (VS 2015-2022 runtime 32533)	`20`
ASM objects (VS 2015-2022 runtime 32533)	`12`
Imports (2207)	`2`
C++ objects (VS 2015-2022 runtime 32533)	`99`
C objects (29395)	`25`
C objects (VS2017 v15.9.5-6 compiler 27026)	`6`
C objects (VS2017 v15.5 compiler 25830)	`26`
C objects (VS2013 UPD5 build 40629)	`1`
C++ objects (VS2017 v15.3.* compiler 25506)	`33`
ASM objects (VS2017 v15.3.* compiler 25506)	`1`
C objects (24231)	`480`
C objects (27045)	`14`
Imports (29395)	`33`
Total imports	`476`
C++ objects (LTCG) (32824)	`147`
Resource objects (32824)	`1`
Linker (32824)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!