Manalyze report for 290e4aa7ed64c728138711c011e89aab7aa48dbc1ae430371dc2be4100b92bf0

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Oct-25 08:16:55
Detected languages	English - United States
Debug artifacts	C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb
FileDescription	SumatraPDF
FileVersion	`3.5.2`
LegalCopyright	Copyright 2006-2022 all authors (GPLv3)
ProductName	SumatraPDF
ProductVersion	`3.5.2`
CompanyName	Krzysztof Kowalczyk

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `May have dropper capabilities: %TEMP%` `Accesses the WMI: ROOT\CIMV2` `Miscellaneous malware strings: cmd.exe` Contains domain names: daisy.org deepl.com docs.oasis-open.org github.com google.com gribuser.ru http://docs.oasis-open.org http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile http://docs.oasis-open.org/ns/office/1.2/meta/pkg# http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document http://openoffice.org http://purl.org http://schemas.microsoft.com http://schemas.microsoft.com/office/drawing/2014/chartex http://schemas.microsoft.com/office/drawing/2015/10/21/chartex http://schemas.microsoft.com/office/drawing/2015/9/8/chartex http://schemas.microsoft.com/office/drawing/2016/5/10/chartex http://schemas.microsoft.com/office/drawing/2016/5/11/chartex http://schemas.microsoft.com/office/drawing/2016/5/12/chartex http://schemas.microsoft.com/office/drawing/2016/5/13/chartex http://schemas.microsoft.com/office/drawing/2016/5/14/chartex http://schemas.microsoft.com/office/drawing/2016/5/9/chartex http://schemas.microsoft.com/office/drawing/2016/ink http://schemas.microsoft.com/office/drawing/2017/model3d http://schemas.microsoft.com/office/thememl/2012/main http://schemas.microsoft.com/office/word http://schemas.microsoft.com/office/word/2006/wordml http://schemas.microsoft.com/office/word/2010/wordml http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing http://schemas.microsoft.com/office/word/2010/wordprocessingGroup http://schemas.microsoft.com/office/word/2010/wordprocessingInk http://schemas.microsoft.com/office/word/2010/wordprocessingShape http://schemas.microsoft.com/office/word/2012/wordml http://schemas.microsoft.com/office/word/2015/wordml/symex http://schemas.microsoft.com/office/word/2016/wordml/cid http://schemas.microsoft.com/office/word/2018/wordml http://schemas.microsoft.com/office/word/2018/wordml/cex http://schemas.microsoft.com/xps/2005/06/documentstructure http://schemas.microsoft.com/xps/2005/06/fixedrepresentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/drawingml/2006/main http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing http://schemas.openxmlformats.org/markup-compatibility/2006 http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes http://schemas.openxmlformats.org/officeDocument/2006/extended-properties http://schemas.openxmlformats.org/officeDocument/2006/math http://schemas.openxmlformats.org/officeDocument/2006/relationships http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties http://schemas.openxmlformats.org/officeDocument/2006/relationships/fontTable http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme http://schemas.openxmlformats.org/officeDocument/2006/relationships/webSettings http://schemas.openxmlformats.org/package/2006/content-types http://schemas.openxmlformats.org/package/2006/metadata/core-properties http://schemas.openxmlformats.org/package/2006/relationships http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties http://schemas.openxmlformats.org/schemaLibrary/2006/main http://schemas.openxmlformats.org/wordprocessingml/2006/main http://schemas.openxps.org http://schemas.openxps.org/oxps/v1.0/documentstructure http://schemas.openxps.org/oxps/v1.0/fixedrepresentation http://scripts.sil.org http://scripts.sil.org/OFL http://www.daisy.org http://www.daisy.org/z3986/2005/ncx/ http://www.google.com http://www.google.com/get/noto/http http://www.gribuser.ru http://www.gribuser.ru/xml/fictionbook/2.0 http://www.ibm.com http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd http://www.idpf.org http://www.idpf.org/2007/opf http://www.monotype.com http://www.monotype.com/studioThis http://www.w3.org http://www.w3.org/1998/Math/MathML http://www.w3.org/1999/02/22-rdf-syntax-ns# http://www.w3.org/1999/xhtml http://www.w3.org/1999/xlink http://www.w3.org/2000/svg http://www.w3.org/2001/04/xmlenc# http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2001/xml-events http://www.w3.org/2002/xforms http://www.w3.org/2003/g/data-view# http://www.w3.org/TR/REC-html40/strict.dtd http://www.w3.org/TR/css3-text/ http://www.w3.org/TR/html4/strict.dtd http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd https://github.com https://sumatra-website.onrender.com https://sumatra-website.onrender.com/update-check-rel.txt https://translate.google.com https://translate.google.com/?op https://www.bing.com https://www.bing.com/search?q https://www.deepl.com https://www.deepl.com/translator#-/$ https://www.google.com https://www.google.com/search?q https://www.sumatrapdfreader.org https://www.sumatrapdfreader.org/ https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2 https://www.sumatrapdfreader.org/docs/Contribute-translation https://www.sumatrapdfreader.org/docs/Corrupted-installation https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts https://www.sumatrapdfreader.org/docs/Submit-crash-report.html https://www.sumatrapdfreader.org/docs/Version-history.html https://www.sumatrapdfreader.org/download-free-pdf-viewer https://www.sumatrapdfreader.org/manual https://www.sumatrapdfreader.org/settings/settings3-5-1.html https://www.sumatrapdfreader.org/update-check-rel.txt microsoft.com monotype.com mozilla.zeniko.ch oasis-open.org onrender.com openoffice.org openxmlformats.org openxps.org schemas.microsoft.com schemas.openxmlformats.org schemas.openxps.org scripts.sil.org sumatra-website.onrender.com sumatrapdfreader.org translate.google.com website.onrender.com www.bing.com www.daisy.org www.deepl.com www.google.com www.gribuser.ru www.ibm.com www.idpf.org www.monotype.com www.sumatrapdfreader.org www.w3.org zeniko.ch
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA LoadLibraryW LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegQueryInfoKeyW RegCloseKey RegQueryValueExW RegGetValueW RegEnumKeyW RegSetKeySecurity RegOpenKeyExW` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptDestroyHash CryptAcquireContextW CryptCreateHash CryptHashData CryptGetHashParam CryptReleaseContext` `Can create temporary files: GetTempPathW CreateFileW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetForegroundWindow` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Functions related to the privilege level: CheckTokenMembership OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeW GetDriveTypeA` `Manipulates other processes: Process32FirstW Process32NextW OpenProcess` `Changes object ACLs: SetFileSecurityW` `Can take screenshots: FindWindowW GetDC BitBlt CreateCompatibleDC`
Info	The PE is digitally signed.	`Signer: Krzysztof Kowalczyk` `Issuer: Sectigo RSA Code Signing CA`
Suspicious	VirusTotal score: 1/66 (Scanned on 2026-03-10 15:27:48)	`VirIT: Deceptor.FlexDocu.EOA`

Hashes

MD5	`c02dc2ca96fe9841963883c0fe177399`
SHA1	`7e42e66e9198c258da48a6194577e3dbd424463a`
SHA256	`290e4aa7ed64c728138711c011e89aab7aa48dbc1ae430371dc2be4100b92bf0`
SHA3	`0c5943a02c9967f5c71f3ce5e1a56e8502f5d6decf67859f3f07378afce24c77`
SSDeep	`393216:Y6OPZedL1pUAuPXiuZ08RBCxXJq3oeNy8x:KedJp9uPXiuZ08RBCxXJxWy8x`
Imports Hash	`fd73dd6df0326ffa5eb5f63e40739980`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Oct-25 08:16:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x59b200`
SizeOfInitializedData	`0xa1c000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000005548C4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xfbd000`
SizeOfHeaders	`0x400`
Checksum	`0xf61aef`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`503b41bd8b2c2ba39327e60a2b1797f1`
SHA1	`8cc8310b30307df2b53509f9e3f0b46322aec16f`
SHA256	`11e43b56f5458f1766a1c665c61738920eb2e2fddf109fd0c658fdddef628bdc`
SHA3	`aac689a858367aa5d1432866274e5b5ab6957d46657e2777adbcdb16d9cd6695`
VirtualSize	`0x59b1e4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x59b200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.71634`

.rdata

MD5	`14ef811286d37dbb54bcc47206717044`
SHA1	`a5fcefa98485d721c5d7cd03864e6df0d668cd2c`
SHA256	`e53335b3f00214425b313473bbc1a0c57bbe22b15f72309c781a68fe496b96e4`
SHA3	`9f271a0f4c8b4a3594cf92cc8e569674901d7b5b90990dbf1695d8be1ce45bba`
VirtualSize	`0x279290`
VirtualAddress	`0x59d000`
SizeOfRawData	`0x279400`
PointerToRawData	`0x59b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.82592`

.data

MD5	`de4ad32ce98fd7772fa90ca2d0ed8b5a`
SHA1	`4e89fb57094c223395e34f24289c72f3efbffb67`
SHA256	`4de4bd8145e67cd022fc9e0fd0aa8966806772c3f27b2b4a3c91fb39a9ab0282`
SHA3	`fe9cb2c301a2acb0d67e2bde2bb5a8702151d19485e4271039121bc82e5a1ede`
VirtualSize	`0x697278`
VirtualAddress	`0x817000`
SizeOfRawData	`0x62d600`
PointerToRawData	`0x814a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.49735`

.pdata

MD5	`d2221f544567f88c907ea454206c35dd`
SHA1	`2be80404b8330fafc020a040964ff23afb8066c6`
SHA256	`f0cc08dc2115598bf64c500220069f47d99e3bf48ebc708efcb16a02c4fc67c3`
SHA3	`761639cedf77e6d275cff789bc88f66e27801ea3dd2c95d0241934475f4ee4dd`
VirtualSize	`0x21e7c`
VirtualAddress	`0xeaf000`
SizeOfRawData	`0x22000`
PointerToRawData	`0xe42000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.30918`

_RDATA

MD5	`089d101f3919aa13556907694bc92ddf`
SHA1	`e4e6fd2b515a03badd832b590ac3253cd52fca5c`
SHA256	`4b65422385187448eb5e9e4408ad908409af3e72596131545859cba1b184343b`
SHA3	`b07b50b770baa6c9eef7442227af5ceab813fedf12455942a31b91690fafb06b`
VirtualSize	`0x15c`
VirtualAddress	`0xed1000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe64000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.29299`

.rsrc

MD5	`5e5589d2ac272c4d073f658deb8ec97f`
SHA1	`c9da53de52036fb57d189949965dcce73395b73f`
SHA256	`6c010ab926aadba5a7b91896612f7a22bec0c548a9bd499e526816ffc601cc2d`
SHA3	`e3152aba89c169dd29a61278145594393788d2dda438be559ed5b2134adb3f59`
VirtualSize	`0xe0258`
VirtualAddress	`0xed2000`
SizeOfRawData	`0xe0400`
PointerToRawData	`0xe64200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.65346`

.reloc

MD5	`d29ee96fa252a54bb44b8f4291855f74`
SHA1	`24aa8adc387999051c5bf8f2ccb5dd3d0f229065`
SHA256	`9c9f75cde37bbcde2c14fd24c0afde750dd71be577106c49226159f92fbe9b2f`
SHA3	`70d289018521020e39ce9ee6227b2c0f7d4dc405b648f2573b3c39549ec60990`
VirtualSize	`0x9170`
VirtualAddress	`0xfb3000`
SizeOfRawData	`0x9200`
PointerToRawData	`0xf44600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4605`

Imports

COMCTL32.dll	`ImageList_EndDrag` `ImageList_Add` `ImageList_DragEnter` `ImageList_DragMove` `ImageList_BeginDrag` `ImageList_Create` `ImageList_AddMasked` `#345` `#410` `#413` `InitCommonControlsEx` `#412` `ImageList_Destroy` `CreatePropertySheetPageW` `ImageList_GetIconSize` `ImageList_Draw`
KERNEL32.dll	`SystemTimeToFileTime` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `GetLogicalDrives` `CloseHandle` `FindResourceW` `GetModuleHandleW` `MulDiv` `VerSetConditionMask` `VerifyVersionInfoW` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSection` `DeleteCriticalSection` `HeapCreate` `HeapFree` `GetCurrentProcess` `TerminateProcess` `GetEnvironmentVariableA` `WaitForSingleObject` `GetCurrentThreadId` `GetLocaleInfoA` `CreateToolhelp32Snapshot` `QueryPerformanceFrequency` `Sleep` `IsDebuggerPresent` `DebugBreak` `CreateMutexW` `ReleaseMutex` `DecodePointer` `LoadLibraryExA` `WriteConsoleW` `GetStringTypeW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `GetOEMCP` `IsValidCodePage` `FindFirstFileExW` `GetTimeZoneInformation` `HeapSize` `GetProcessHeap` `SetStdHandle` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `LCMapStringW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `GetConsoleOutputCP` `ReadConsoleW` `SetEnvironmentVariableW` `GetModuleHandleExW` `FreeLibraryAndExitThread` `SetFilePointerEx` `LCMapStringEx` `TlsFree` `InitializeCriticalSectionAndSpinCount` `EncodePointer` `RtlUnwind` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeCriticalSectionEx` `GetStartupInfoW` `InitializeSListHead` `SleepConditionVariableSRW` `WakeAllConditionVariable` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `CreateSemaphoreW` `GetProcessAffinityMask` `ReleaseSemaphore` `GetConsoleMode` `MoveFileW` `FlushFileBuffers` `GetFileType` `SetEndOfFile` `CreateHardLinkW` `RemoveDirectoryW` `DeviceIoControl` `SetThreadPriority` `SetLastError` `SetConsoleCtrlHandler` `GetCurrentDirectoryW` `FoldStringW` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `TzSpecificLocalTimeToSystemTime` `IsDBCSLeadByte` `GetCPInfo` `CompareStringW` `AreFileApisANSI` `LocalFileTimeToFileTime` `RaiseException` `FileTimeToDosDateTime` `FileTimeToLocalFileTime` `SetThreadContext` `FlushInstructionCache` `VirtualAlloc` `VirtualFree` `VirtualProtect` `GetSystemDirectoryW` `OpenThread` `VirtualQuery` `GetThreadContext` `GetModuleHandleA` `ResumeThread` `SuspendThread` `Thread32First` `Thread32Next` `AllocConsole` `FormatMessageA` `CreateProcessW` `InitializeSRWLock` `InitializeConditionVariable` `GetThreadGroupAffinity` `InitOnceBeginInitialize` `InitOnceComplete` `WakeConditionVariable` `GetEnvironmentVariableW` `FreeLibrary` `LoadLibraryW` `OutputDebugStringW` `LoadLibraryExW` `GetProcAddress` `GetModuleFileNameW` `GetFileAttributesW` `OutputDebugStringA` `GetTempPathW` `GetUserDefaultUILanguage` `MapViewOfFile` `CreateFileMappingW` `UnmapViewOfFile` `SetErrorMode` `GetDateFormatW` `GetTimeFormatW` `MoveFileExW` `LoadResource` `LockResource` `SizeofResource` `SetThreadExecutionState` `GlobalAddAtomW` `GlobalDeleteAtom` `GetTickCount` `GetSystemTime` `GlobalUnlock` `GlobalLock` `GlobalFree` `GlobalAlloc` `GetCurrentThread` `Process32FirstW` `Process32NextW` `OpenProcess` `ExitProcess` `GetCommandLineW` `GetLastError` `SetUnhandledExceptionFilter` `Module32NextW` `PeekNamedPipe` `LocalFree` `SetCurrentDirectoryW` `LoadLibraryA` `AttachConsole` `GetVersionExW` `GetStdHandle` `SetConsoleScreenBufferSize` `GetCurrentProcessId` `HeapDestroy` `AddVectoredExceptionHandler` `GlobalMemoryStatusEx` `Module32FirstW` `HeapAlloc` `CreateThread` `GetSystemInfo` `HeapReAlloc` `SetEvent` `GetConsoleScreenBufferInfo` `ReadDirectoryChangesW` `QueueUserAPC` `ResetEvent` `ExitThread` `WaitForMultipleObjectsEx` `CompareFileTime` `CancelIo` `GetFileTime` `GetDriveTypeW` `GetTempFileNameW` `CopyFileW` `DeleteFileW` `GetFileAttributesExW` `GetFileInformationByHandle` `SetFileAttributesW` `GetVolumePathNameW` `SetFileTime` `GetDriveTypeA` `GetPrivateProfileIntW` `CreateEventW` `GetShortPathNameW` `GetLongPathNameW` `WritePrivateProfileStringW` `GetFileSizeEx` `GetACP` `MultiByteToWideChar` `GetExitCodeProcess` `ReadFile` `SetFilePointer` `TlsSetValue` `TlsAlloc` `TlsGetValue` `CreateEventA` `GetModuleFileNameA` `GetFullPathNameA` `FindClose` `FindFirstFileW` `GetFullPathNameW` `FindNextFileW` `lstrcpynW` `GetWindowsDirectoryW` `WideCharToMultiByte` `GetLocaleInfoW` `SetNamedPipeHandleState` `WriteFile` `CreateFileW` `CreateDirectoryW`
USER32.dll	`SystemParametersInfoW` `GetMessagePos` `WindowFromDC` `IsWindowEnabled` `GetUpdateRect` `SetRectEmpty` `GetClassInfoExW` `RegisterWindowMessageW` `GetCursorPos` `ClientToScreen` `SetLayeredWindowAttributes` `DeferWindowPos` `GetPropW` `RemovePropW` `BeginDeferWindowPos` `SetPropW` `EndDeferWindowPos` `HideCaret` `SetClassLongPtrW` `ShowCaret` `IsCharAlphaNumericW` `WindowFromPoint` `GetWindowThreadProcessId` `GetMessageW` `AllowSetForegroundWindow` `LoadBitmapW` `TranslateAcceleratorW` `LoadCursorW` `GetClassNameW` `SetParent` `MapVirtualKeyW` `ScreenToClient` `IsWindow` `CharLowerBuffW` `GetAncestor` `IsCharUpperW` `CheckRadioButton` `EndDialog` `SetDlgItemTextW` `SendDlgItemMessageW` `DialogBoxIndirectParamW` `IsDlgButtonChecked` `BringWindowToTop` `SetWindowLongW` `CheckDlgButton` `DialogBoxParamW` `MoveWindow` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `ReuseDDElParam` `ShowWindowAsync` `IsWindowUnicode` `UnpackDDElParam` `ModifyMenuW` `CheckMenuRadioItem` `GetMenuItemID` `GetMenu` `SetMenuItemInfoW` `SetMenu` `DrawTextExW` `InsertMenuW` `GetWindowLongW` `GetWindow` `FindWindowExW` `GetFocus` `IsChild` `MessageBeep` `GetDesktopWindow` `UpdateWindow` `MessageBoxW` `MsgWaitForMultipleObjects` `DispatchMessageW` `SendMessageW` `PeekMessageW` `TranslateMessage` `GetDlgItem` `PostQuitMessage` `PostMessageW` `EnableWindow` `MessageBoxA` `CreateMenu` `LoadIconW` `SetActiveWindow` `DestroyWindow` `GetMenuItemInfoW` `GetSystemMenu` `CallWindowProcW` `GetWindowRect` `IsWindowVisible` `SetWindowPos` `GetMenuItemCount` `SetWindowLongPtrW` `CreateWindowExW` `CreatePopupMenu` `GetWindowLongPtrW` `RegisterClassExW` `GetClassLongPtrW` `SendInput` `DdeFreeStringHandle` `DdeDisconnect` `DrawTextW` `CheckMenuItem` `SetClipboardData` `DdeFreeDataHandle` `DdeClientTransaction` `DdeUninitialize` `DdeInitializeW` `TrackMouseEvent` `GetMonitorInfoW` `GetWindowInfo` `DdeConnect` `DdeCreateStringHandleW` `DestroyCursor` `EnumDisplayMonitors` `MonitorFromWindow` `MonitorFromRect` `CopyImage` `GetKeyState` `AdjustWindowRectEx` `OemToCharA` `CharToOemA` `OemToCharBuffA` `CharLowerW` `CharUpperW` `CharToOemBuffW` `TrackPopupMenu` `ShowWindow` `InvalidateRgn` `OffsetRect` `RedrawWindow` `MapWindowPoints` `SetMenuDefaultItem` `GetSysColor` `GetForegroundWindow` `DestroyAcceleratorTable` `DestroyMenu` `FindWindowW` `GetWindowDC` `TrackPopupMenuEx` `RemoveMenu` `GetClientRect` `IsZoomed` `AppendMenuW` `DrawIconEx` `EnableMenuItem` `DrawEdge` `GetParent` `DrawFrameControl` `InvalidateRect` `SetScrollInfo` `DefWindowProcW` `ShowScrollBar` `GetDC` `FillRect` `GetCursor` `GetScrollInfo` `GetScrollPos` `GetCapture` `SetTimer` `SetFocus` `SetCapture` `SetCursor` `KillTimer` `ReleaseCapture` `IsIconic` `ReleaseDC` `GetSystemMetrics` `BeginPaint` `SetForegroundWindow` `EndPaint` `CreateAcceleratorTableW` `IsDialogMessageW`
GDI32.dll	`SetROP2` `GetObjectA` `GetTextExtentPoint32W` `ExtTextOutW` `GetObjectW` `CreateDIBSection` `GetTextExtentPoint32A` `SetLayout` `CreateRoundRectRgn` `SelectClipRgn` `RoundRect` `BitBlt` `StartPage` `AbortDoc` `EndDoc` `CreateDCW` `GetDeviceCaps` `SetMapMode` `StartDocW` `EndPage` `Polyline` `LineTo` `MoveToEx` `SetBkColor` `Ellipse` `CreateFontIndirectW` `CreatePatternBrush` `CreateBitmap` `SetBkMode` `GetClipBox` `CreateRectRgn` `SetViewportOrgEx` `ExcludeClipRect` `ExtSelectClipRgn` `SetBrushOrgEx` `SelectObject` `CreateCompatibleDC` `PatBlt` `StretchBlt` `GetStockObject` `DeleteDC` `SetTextColor` `CreatePen` `Rectangle` `DeleteObject` `CreateSolidBrush` `GetDIBColorTable` `SetWorldTransform` `SetStretchBltMode` `SetDIBits` `TextOutW` `GetDIBits` `SetGraphicsMode` `SetDIBColorTable` `CreateCompatibleBitmap`
WINSPOOL.DRV	`DocumentPropertiesW` `#203` `OpenPrinterW` `GetPrinterW` `EnumPrintersW` `DeviceCapabilitiesW` `ClosePrinter`
COMDLG32.dll	`GetOpenFileNameW` `GetSaveFileNameW` `PrintDlgExW`
ADVAPI32.dll	`CryptDestroyHash` `RegQueryInfoKeyW` `RegCloseKey` `RegQueryValueExW` `RegGetValueW` `RegEnumKeyW` `InitializeSecurityDescriptor` `CheckTokenMembership` `FreeSid` `OpenProcessToken` `RegSetKeySecurity` `SetFileSecurityW` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `CryptAcquireContextW` `CryptCreateHash` `CryptHashData` `RegOpenKeyExW` `CryptGetHashParam` `CryptReleaseContext` `SetSecurityDescriptorDacl` `AllocateAndInitializeSid`
SHELL32.dll	`SHGetDesktopFolder` `ShellExecuteExW` `DragAcceptFiles` `SHChangeNotify` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetFileInfoW` `SHGetMalloc` `DragFinish` `DragQueryFileW` `SHBindToParent` `SHAddToRecentDocs` `SHGetFolderPathW` `SHFileOperationW` `CommandLineToArgvW`
ole32.dll	`CoSetProxyBlanket` `CreateStreamOnHGlobal` `CoInitialize` `CoCreateInstance` `OleUninitialize` `OleInitialize` `CoTaskMemAlloc` `CoTaskMemFree` `CoGetMalloc` `ReleaseStgMedium` `CoUninitialize`
OLEAUT32.dll	`VariantInit` `VariantClear` `SysFreeString` `SysAllocString` `SafeArrayPutElement` `SafeArrayCreateVector`
gdiplus.dll (delay-loaded)	`GdipMeasureString` `GdipRotateWorldTransform` `GdipCreateBitmapFromGraphics` `GdipResetWorldTransform` `GdipDrawString` `GdipGetGenericFontFamilySansSerif` `GdipSetPageUnit` `GdipCreateFont` `GdipSetSmoothingMode` `GdipCreateFontFamilyFromName` `GdipSetCompositingQuality` `GdipDeleteFontFamily` `GdipCreateStringFormat` `GdipSetSolidFillColor` `GdipSetPenWidth` `GdipWindingModeOutline` `GdipDrawPath` `GdipFillPath` `GdipCreatePath` `GdipDeletePath` `GdipAddPathRectangleI` `GdiplusShutdown` `GdiplusStartup` `GdipSetTextRenderingHint` `GdipGetLogFontW` `GdipGetFontHeight` `GdipDeleteRegion` `GdipGetClip` `GdipCreateBitmapFromGdiDib` `GdipCreateRegion` `GdipGetDC` `GdipReleaseDC` `GdipGetRegionHRgn` `GdipSetCompositingMode` `GdipStringFormatGetGenericDefault` `GdipCloneStringFormat` `GdipFillEllipseI` `GdipDeleteStringFormat` `GdipScaleWorldTransform` `GdipSetStringFormatTrimming` `GdipSetStringFormatLineAlign` `GdipCreateFontFromLogfontA` `GdipDeleteFont` `GdipTranslateWorldTransform` `GdipDrawImageI` `GdipSetStringFormatAlign` `GdipSetStringFormatFlags` `GdipGetImageHeight` `GdipBitmapUnlockBits` `GdipCloneBitmapAreaI` `GdipCreateHBITMAPFromBitmap` `GdipBitmapSetResolution` `GdipBitmapLockBits` `GdipGetImageWidth` `GdipCreateBitmapFromScan0` `GdipCloneImage` `GdipCreateBitmapFromHBITMAP` `GdipGetFamilyName` `GdipDeleteMatrix` `GdipTranslateMatrix` `GdipInvertMatrix` `GdipSetWorldTransform` `GdipCreateMatrix` `GdipTransformMatrixPoints` `GdipGetFamily` `GdipGetPropertyItemSize` `GdipDrawImageRectRectI` `GdipImageGetFrameCount` `GdipSetImageAttributesWrapMode` `GdipImageSelectActiveFrame` `GdipCreateImageAttributes` `GdipGetImagePixelFormat` `GdipSetInterpolationMode` `GdipGetImageHorizontalResolution` `GdipDisposeImageAttributes` `GdipGetPropertyItem` `GdipDrawLine` `GdipDrawImageRectRect` `GdipSetStringFormatMeasurableCharacterRanges` `GdipGetImageEncodersSize` `GdipStringFormatGetGenericTypographic` `GdipGetStringFormatFlags` `GdipMeasureCharacterRanges` `GdipGetRegionBounds` `GdipCreateBitmapFromStream` `GdipScaleMatrix` `GdipRotateMatrix` `GdipImageRotateFlip` `GdipGetImageEncoders` `GdipSetPropertyItem` `GdipDisposeImage` `GdipSaveImageToFile` `GdipCreateSolidFill` `GdipFillRectangleI` `GdipCreatePen1` `GdipDrawLineI` `GdipDrawRectangleI` `GdipDeleteBrush` `GdipAlloc` `GdipCreateHatchBrush` `GdipFree` `GdipGetImageGraphicsContext` `GdipCreateFromHDC` `GdipCloneBrush` `GdipCreatePen2` `GdipDeleteGraphics` `GdipCreateFontFromDC` `GdipDeletePen`

Delayed Imports

Attributes	`0x1`
Name	`gdiplus.dll`
ModuleHandle	`0xe44480`
DelayImportAddressTable	`0xe440c8`
DelayImportNameTable	`0x811668`
BoundDelayImportTable	`0x812618`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

27

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10076`
MD5	`543614c235a564524ccc6fae795aafbd`
SHA1	`dc3fe6a65e32b605ccb6de318df397d7998e07fd`
SHA256	`0b5346565377327b867466e6a019463232eb675a47a942b603427cae30afd369`
SHA3	`edbd39b4d297d09ed6c04f0fded610a9bfde75d3f42bf7ccfd29c15af5ada45a`

2010

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.59197`
MD5	`c8dc7066ee193d7a7f019a87003cf5ac`
SHA1	`e4706d99695cdea52d43e36263f0914efefbb8eb`
SHA256	`75d759df62eb9430574eb6ed86baa764eedf3700b35e60511f42f5a81bbff0e0`
SHA3	`02054d64a83d66b3e3c47dd2426f1c0a9b6e47ddc762488d1383efc14b5a7d2f`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16014`
MD5	`74d8bff94c16769207a2ab1f5f011629`
SHA1	`4533ef028895ef4a16128bc48f8908b21b9fbf32`
SHA256	`0e271cfdfe4ca0e14a139ba50152d55ddb2efd7273e34aab175d394bc20ed5ff`
SHA3	`0e071e6ea2e0f1a2f3dc37d9af1c4ccbbf18e7fee9f3df19ced82a59c84346ff`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08501`
MD5	`74866e18fc16702226844af58bfd7b40`
SHA1	`0bcfacf833aa8ffe50a98ce2fc219a8aa2a5b3fb`
SHA256	`c264632663debd3e4aa1778f4cc39204ea94918d6ac1f5ad1dbf0c4689cf4cfb`
SHA3	`9a8ba64c178c0f0473b10e37e385de6edba216f387c23b6227dbecb969e76a93`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63946`
MD5	`448fc5c3d40314cea91ab0499ffd968a`
SHA1	`cccba75249f34064c437aa17869aaae2dd7b741c`
SHA256	`ed85f941523f0124e8ce6fc8e77c0ffdcd7f31901d3d10bed953684c5c083423`
SHA3	`25f3a2b2bcde66ab8298007b592cc39e8f362787f93cfb6ee2af8be8b49dd9be`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3add`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92741`
Detected Filetype	PNG graphic file
MD5	`61498fe6d39a015532b6766908f9e464`
SHA1	`b2b9bae7470af9442cce46c84d537b3afaf4af62`
SHA256	`8b5c075b9cc59a6f6ae7ac9d2a10b17c4c62013969672ac87b77e1175b49edd0`
SHA3	`48d63f57866b0f59e6e347e8118bd39736b35b1c620342077e94ea2368f3019e`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.7944`
MD5	`eb0d29703039960753d5365adbff37cd`
SHA1	`29736bdaa30ff15130665c10b1144089cd0d4bfa`
SHA256	`e5edff47d516dcd065416ae6258ee37502a427085355280c5a72e68af7aa0212`
SHA3	`0106932a86eefef922b6c136cea15eb689889e035a3759cfd048d463bad7a7c1`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.02762`
MD5	`10d04f9e1a56b019ad77c2f7c03fc279`
SHA1	`4f08c60577471a32a1a9de5e724e845daa24793d`
SHA256	`080db56e5279a82ebb30f07be7833d2d200f202ca5fcedc69f3994f00eabfb34`
SHA3	`d3e6b6300cf9c9d6011a2c42d5e8031dfc472de93024302ed604b06c3e04b23e`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.57658`
MD5	`ab3963c4d362f897d2384e76c6130b02`
SHA1	`610e8d8990071cc8fa59ab888c1d607b6a79bd95`
SHA256	`2f668e3b0cd33b329367e1d88a5eafe7ce1c684c137f9b127eae0d1e477558a0`
SHA3	`a2c6af5cb023b2f845e11e73ab3462a45beda36d60dd8346e6413ec69cd5e85d`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.8689`
MD5	`024c57f3cd1bd8d0dd9863802e0aa393`
SHA1	`c10f419566b288595aab09cb722e7ed93adf62c0`
SHA256	`0b18bbfe38cac877bae2c39a8a6ce6c218310409b74a58ff26d79dc5ff20dd3b`
SHA3	`04650ffe8c980eb9e42cae4e6f17a3d21c953dae3de33d407a5f5842432f84d5`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31573`
MD5	`97523476b9c5c7c2bad75dcd6cc32b76`
SHA1	`d6e802a54f63b22810ec37f363993ad49f964ccc`
SHA256	`7f1538614048e3c19fa8f928fb7b8701fc27a3cabbba7c0561adcf302c24b9d0`
SHA3	`d19911e0ce56a8192cbdea6e2ac872b6d28e9f22149d330b9d41241f72e42e00`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68396`
MD5	`da24f3f3abcefffc1eec1a2351d988b0`
SHA1	`bf14de4b7359301f619120fe5f823a84b69d91e9`
SHA256	`c82110d594df8d3bcbeedb099357a845f4860aed733fd4d6958d984ed43ccd8a`
SHA3	`65f55ae10f701329b8d28a93f53cfbe804e02657c24dc2d8a6ccd1e5c7450c8e`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xeec1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97296`
Detected Filetype	PNG graphic file
MD5	`192422e00cd874e895913f2084cccf07`
SHA1	`2dee348e45cd1d27e80d4e3f1634c5a9da2dbd52`
SHA256	`a12bc983acfd6198745553271f4cd8a5b21c322d3bc097be44697db6267a408c`
SHA3	`7531fe812afe4a9ea5afdb9be2212990d73ba1584268218cc0f2bb740b1f01a2`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57324`
MD5	`580f54a60d82007d993d79a0e97cb91c`
SHA1	`3bf6ef8670d87757689890a126c349a081a8b5a5`
SHA256	`5473fac5678eca9ad2446b9040f11390b1a154e2315221d0e70d4ee5af12591f`
SHA3	`02079863de7fbf679cb8527f602976a39892a2b881106b42db252ad300c6195d`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.00378`
MD5	`60aa1a79ae86792544da1583df538d93`
SHA1	`c263e36a71a86064cf2cb0cc5cc1e780be80a91c`
SHA256	`46df2ec92306c28827b21b28f2aa8bd8f25306511c2e2bf48ee248ce61fae303`
SHA3	`5f241dc738a5451957d511502a11a250ccf4c532f4fe89caa72eeae20c99b7b5`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.498`
MD5	`deddc3470411322c6d1afe284ff37ae6`
SHA1	`036aab95c590729e1822f2500e98b4f7c62a764d`
SHA256	`b7afb7de87bfe24072db8238222869857a9b9c0cf1b522e98bf7d11e77c91ae3`
SHA3	`e2eb48b14425bc5c733883ce2231ccee3eb7f01375a1bbe1203c74c852cb6f97`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42a9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90692`
Detected Filetype	PNG graphic file
MD5	`fc2c9614bc77b333204ced4db30359c5`
SHA1	`fb2c69a54d648e5d8bc8fe0b53a7d1f163fd4d0c`
SHA256	`bb2b55edeaeb6e64c5c8d574c0cf7aa7684673ae2bc880e139470ededf9d76b0`
SHA3	`220e5c1cf376fa371e65516955b31ad83e5ffc63a46c00de1865e45457e7d9ed`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.86737`
MD5	`44edc60499bda67f34c76e340259bb15`
SHA1	`935f21fcbc6fddf7bea2f1c9cb8fafe2aecab5b3`
SHA256	`7963b23ad204718e4458aead2c2c549a198fef6f8c080456f8e7501660fe1a63`
SHA3	`ba4220f7f6f1ad6b40c41b843a054524cf03021ac1486b56a471a7905029817d`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.8439`
MD5	`d165ce0f6564886abe0ab73917671621`
SHA1	`f5e74e0f4f82d5caca6e80c36c73943514646491`
SHA256	`38655623f762dc0399025d31fe4fd7842c50d60c54c96480b0f96604af567874`
SHA3	`3753c7a1d31f9b55473ff7bd8e5d2d0ec4af581a98eac6a1655cbb8bc4bfb987`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.83818`
MD5	`a151b02a013a433d1a6b00c692027482`
SHA1	`7697a4013ac60a26d138974b74c9b5c63e02dca7`
SHA256	`002b05a3f707f98f444d122bf7a410c8d5ae4b2554becb9228d824228ae35803`
SHA3	`554e7b9ceb4b997e72639e4af79733d4da084f9f17e52df2aae29d2e0de06353`

19

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69644`
MD5	`68f1c7c8d273a0dfeb5502b7ab63244a`
SHA1	`e150616873d6b3341f4d486ce7c789085ab934c9`
SHA256	`1acbbdd8ae4a3fa354222338c03517d0ff89dd3348af49715ff510506c39726a`
SHA3	`61170dcc47241b7c991c6c2548163708304fc749bd969fd838203dc19bbe28be`

20

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55699`
MD5	`469f800215d06c3e9a6ce970049c0585`
SHA1	`feae5874bdda1795db4e086a89f98099922e66ba`
SHA256	`ba5cba842bdc36d554b2b03b6bc7058a156f6095d4591eb0b9ba36ccb1e8e6f2`
SHA3	`79f22fe63201e58f8e96f9f1d601126063aaa51fdcd6ad98045b07995034b18f`

21

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x47ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89682`
Detected Filetype	PNG graphic file
MD5	`d432c744f82982ef533272e4cc429e82`
SHA1	`5d1148f4d17e7dff3f03d58bea8d1765f1ac83b8`
SHA256	`bec14a02c013f9c4569b04acadc95cc101607bbdf9584d1c1babda868d684682`
SHA3	`71a94e5a133f38a758a2323ce68655caf21c1f25f17cc972ccef1a4d083ee46c`

22

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.60482`
MD5	`204e88a4a1cc7d33fb57b477a6f44d36`
SHA1	`b7f553427c7ca718bd1c2965d6a1dba03217e2e9`
SHA256	`3fe98fe4165f19fdb3cb05c71a0d708947723364727ecb100a4d7ef84d476bbb`
SHA3	`7a2246c3ed47ffc15c43035208a4ccfb95238a38543b5537f28732d21db16594`

23

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5538`
MD5	`69dabe0bcbd2b612a1ea0d9ad66dbb96`
SHA1	`9072293c7776e5726556e6512992ec0ba7e0135f`
SHA256	`68929ac17d882e0fa92dbc2fab8394132dfbfece31cc56213460a930a3b2fbaf`
SHA3	`1696c52bb932b5b1005dd59c4abbc16b91c78479b301b641d8bd7ecc30c2d3a6`

24

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56961`
MD5	`c42da32f1b3de6fdcabde49b48a6e17d`
SHA1	`0cf83b7c98a7f6bc988e0ac289cbc402811c3724`
SHA256	`7f079fd40c772fe7193dd6008004f5612016d59368fd2f27713817055b727f63`
SHA3	`dc84203e077ebfb08d2b3906d2f60726905d7060a8b800d3a3539add4a6cb6f9`

25

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46893`
MD5	`8aa5e1188088ffc758bb7e18cfcefdb8`
SHA1	`86aebb7e3b1b4825e640a70125f4d505b1b80fb3`
SHA256	`0eeef027db7c0b1829557130fed18beb0083d086c6e24434e670de633a336dbe`
SHA3	`9ed2089e390db307aab5e1f522900d691a20cec275d6c5bdd14e694dabc131a3`

26

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34572`
MD5	`1973904403a557928a8829b180fcf3b6`
SHA1	`4adaa69e99840331b8989a5a3edc224efbfb299f`
SHA256	`9e0b62cdea2615e12adc443311e763c8fb412e14434f9476ed255025e6a96793`
SHA3	`8e234e1a8330e1382ae2faf4890af6716e50f921a310fc1fa2cbe3dd58a095b3`

129

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x140`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06988`
MD5	`c9a9f30678e639e90027a345ac8026c0`
SHA1	`5e7299b8683823bebad574557321519592d5871c`
SHA256	`0fdfbca94b6afd008d955c1a04c73c0f2e04b55ee348890f8f5246f5391c2e53`
SHA3	`73207b5015d3f0ebb5bfb122f93b7693657fb731d00d6fe09a3ae7f7225457e2`

130

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24806`
MD5	`5d153901bc55b3c51ab24b218652b800`
SHA1	`612b95559504a930fa54963a559eb33fbf8f73c8`
SHA256	`6b6ccd9065eec7596b4923531dfade3c9a0a89b8fe78dffdc6e6606d6399b967`
SHA3	`b8063660cd4e408fb9115c49b9be33f3d37bc67ccf67c0362ba6ed0b022ebe0c`

131

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x102`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98087`
MD5	`9f559c0dac724cfa662bc23a8c0dbd1d`
SHA1	`ab17787c7c3e341bc42af547924375341c649fc3`
SHA256	`1d4b9f6aae9582c255f21d91bf689d8c37612a0c26c229aaae627c1777497386`
SHA3	`61b3629d15cbf181c32d6102e5630d817ea5973b5017d87b1572ce05c82ecbf4`

134

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89411`
MD5	`fca2c69f62c98add9c43806e1b611d1a`
SHA1	`f854060ac05d00adda8d00bed3ff25d6fea0efc3`
SHA256	`844cfcec4f321d70bc0afa7cfa49d98d42589859c74cb02a208e6792bce1aab9`
SHA3	`f1b45404112b1f1358fbcb63f6a6289fc54bcc1aead753477b1dc85633f1248e`

136

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39083`
MD5	`bd13f7446055d28d0c018998c274f4f1`
SHA1	`657894e3b2c013316bf3b9151c4df4eb6b4be2d6`
SHA256	`7b59ae602d63c2090bca7ef4c6255a266686d5bdcc3b958ec6039744d03e8dd2`
SHA3	`02884a71c5887fd2564abd1678061d66e352bf5af759f3349b9acb7bb1743450`

137

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x198`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16277`
MD5	`e45db0823e6a604d7a0c09ff02d37846`
SHA1	`55faf840009bf8ff44093d68af828e838b65e54d`
SHA256	`b1a4a0e4a7a60b4c8087a6969b52f5f472653d8cf249889b0f70b067d310ab79`
SHA3	`7621df7091fc3ebf834c23fcbaf91d1be4064d42fb4153ed0d6b56c680f38336`

138

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9405`
MD5	`02855a4d9b4b962e8a9fba2043fa2a81`
SHA1	`e67e40301ad00748f7dcd831704870c837a33a09`
SHA256	`086b39a7f06931a839c2139eb900bfb99cf4a5fedf04baf23a64d449a7143ce5`
SHA3	`de7e5c2d8ee4ac95209ab2397e30cb65ef9fd1bb111c41b33e17d7dc3466cc1a`

139

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31044`
MD5	`cc6075e8a868d531715c1c49672e6760`
SHA1	`3ebcfb07238814c9052de119374d26dccb448cdb`
SHA256	`41c84cfef9c0d7522b4bd9d34fe60e104767630c71d2940fb6d5d85133c70a5a`
SHA3	`d2af5927e5c2b00f0f322776a18cf993489b145a6443076b21ac5b4e2df47f0f`

140

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x148`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19759`
MD5	`1215cf59d4ff737080c602087f325663`
SHA1	`2f8eff9a6c4dae667965fdc865f4cbafe629e993`
SHA256	`a3c80e02f3eb1bf625e2cac9f3ba2b3bba22162cff733329242127554af88519`
SHA3	`cb5f4fbd348a4650f0a50c7fa63b36e3f6395ba71c9745891c288f1dbc9a9d8e`

2 (#2)

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x86ceb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.22724`
MD5	`7bd5aeddd4035a8af4c94249a1b7e61c`
SHA1	`420f1c2b58c6a2ea19a4df9c610aa9f9647605e1`
SHA256	`04662ca2d8dc5572bf49a9ba2dbf14d8c364395a27c3fbf5fb9d376e67081eac`
SHA3	`4b11953672446d18503c9c596b28d2e729b946b259a413bafdcc89ad0a638864`

132

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`b17264d20faaa8ae0bcfffd2a28b5821`
SHA1	`cc3a0c683d3a70e81de9bd8dca7c7da25df1ec9a`
SHA256	`04fe4c49379fb61d65560745031cf797d5234fbc2886e1ee5245141e3f71cdba`
SHA3	`b9748f87bc9a8bad6f25bd2088709ce4bf07c044674cd302e3cc76e3bc878a83`
Preview

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71858`
Detected Filetype	Icon file
MD5	`043a6db564edfaa6f3fb2199f951d37b`
SHA1	`3f2ba23cd0866bbf3a0c2b3e564c28f74014160f`
SHA256	`e05ecb2a13d1d1bd31b619f87c6649d62b07729f4c36c64b71e06ac34529c02a`
SHA3	`877dda4a22094d6afef4925b5b4e4b605c5b12586d25faf11407254cc8c575ac`

2 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76588`
Detected Filetype	Icon file
MD5	`c675899f05da694fbcf4ab6e9a700699`
SHA1	`38c0f3fce425673415329b19fe1cb314dbd810a7`
SHA256	`c35c37073a389e089bbd46736d1aff386b57af9b523b5d5cb137721263a58463`
SHA3	`cee788e0cc53bbe75449b77eee6a268d9eed9078b85c94afc5b95c87e9bfaf7d`

3 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.83557`
Detected Filetype	Icon file
MD5	`0d5abe8257c881f2ef989cdec4a98d45`
SHA1	`c7afc057186bafb564356dff8880c7519409680b`
SHA256	`11f0bf6793059cf874379af76a708b770cf0bee02874f946a861731053208119`
SHA3	`3967946797b95f63476ebd3a9ee9b55f76f278a705756900439fc40578b4567c`

4 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89385`
Detected Filetype	Icon file
MD5	`1ab6466571b924c36f28fa326e90aee6`
SHA1	`60e8ff42d394da9b1ce4dce9603e138def2da73c`
SHA256	`e5d85484f27fd0c0ced319f3294bbac7267ce78daf32eac3c5dc25c8fc66cab5`
SHA3	`7b6ec4caebd5e2caba0e3b3ccefc5bc47daff901c13f35d11555ad9667933e1f`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x26c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44904`
MD5	`6f0e0205fed41755ab12af721d1c9c58`
SHA1	`71d8d28a97fbc07e998fb88784510802db76e63f`
SHA256	`3d745e8d4cbf6d56decdf79e9c481336efb8fc2f48dfb8c5d327234621753451`
SHA3	`90dc7a1602ee4c98752f919bb18f29b87b81aa068a80778b571ed85936ef9b6d`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x643`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35726`
MD5	`753e06273f2fbf938bece267b61e5135`
SHA1	`f32bb2e62ac126d112c33c9304a37f2f4deca6d6`
SHA256	`4be66c98d8f3e8962b04bb1ad8bae0c4ed34a66fc2c2e3cb303f6f57cbe44f88`
SHA3	`a19e0c25664b7e703228daa91dd0b0aa997841b622510169065f814bee20693d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.5.2.0
ProductVersion	3.5.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	SumatraPDF
FileVersion (#2)	3.5.2
LegalCopyright	Copyright 2006-2022 all authors (GPLv3)
ProductName	SumatraPDF
ProductVersion (#2)	3.5.2
CompanyName	Krzysztof Kowalczyk

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Oct-25 08:16:55
Version	`0.0`
SizeofData	`77`
AddressOfRawData	`0x7f7540`
PointerToRawData	`0x7f5b40`
Referenced File	C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Oct-25 08:16:55
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x7f7590`
PointerToRawData	`0x7f5b90`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Oct-25 08:16:55
Version	`0.0`
SizeofData	`1144`
AddressOfRawData	`0x7f75a4`
PointerToRawData	`0x7f5ba4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Oct-25 08:16:55
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1407f7a50`
EndAddressOfRawData	`0x1407f7a70`
AddressOfIndex	`0x140e44a70`
AddressOfCallbacks	`0x14059e370`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140e20a10`

RICH Header

XOR Key	`0x93f8d3b1`
Unmarked objects	`0`
ASM objects (30795)	`35`
253 (VS 2015-2022 runtime 32533)	`9`
C objects (VS 2015-2022 runtime 32533)	`20`
ASM objects (VS 2015-2022 runtime 32533)	`12`
C objects (30795)	`47`
C objects (CVTCIL) (30795)	`1`
C++ objects (30795)	`231`
C++ objects (CVTCIL) (30795)	`1`
C++ objects (VS 2015-2022 runtime 32533)	`95`
Imports (30795)	`25`
Total imports	`724`
Unmarked objects (#2)	`85`
C objects (LTCG) (VS2022 Update 7 (17.7.4) compiler 32825)	`723`
Resource objects (VS2022 Update 7 (17.7.4) compiler 32825)	`1`
Linker (VS2022 Update 7 (17.7.4) compiler 32825)	`1`

Errors

Leave a comment

No comments yet.