Manalyze report for 40e474ed2d8b79386778c291117d30bdbf62cafacf8c599e4885b5291c7063a4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Nov-18 17:20:10
Detected languages	English - United States
Debug artifacts	O:\mainstream\archive.pdb

Plugin Output

Suspicious	The PE is packed with Aspack or Armadillo	`Unusual section name found: .esap` `Unusual section name found: .adata` `Unusual section name found: .adata` `Section .data is both writable and executable.` `Unusual section name found: .case`
Malicious	VirusTotal score: 61/71 (Scanned on 2025-02-03 08:26:26)	`ALYac: Trojan.Generic.KDZ.12022` `APEX: Malicious` `AVG: Win32:Fareit-CT [Trj]` `AhnLab-V3: Trojan/Win32.PornoAsset.R59043` `Alibaba: Ransom:Win32/PornoAsset.7e4f5bbb` `Antiy-AVL: Trojan[Ransom]/Win32.PornoAsset` `Arcabit: Trojan.Generic.KDZ.D2EF6` `Avast: Win32:Fareit-CT [Trj]` `Avira: WORM/Phorpiex.EB.2` `BitDefender: Trojan.Generic.KDZ.12022` `Bkav: W32.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.1715708589014853` `CTX: exe.trojan.pornoasset` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.Hosts.6409` `ESET-NOD32: a variant of Win32/Kryptik.AXNU` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.Generic.KDZ.12022 (B)` `F-Secure: Worm.WORM/Phorpiex.EB.2` `FireEye: Generic.mg.0005772b14d18ad9` `Fortinet: W32/Kryptik.WEX!tr` `GData: Trojan.Generic.KDZ.12022` `Google: Detected` `Gridinsoft: Trojan.Heur!.030500A1` `Ikarus: Trojan-PWS.Win32.Fareit` `Jiangmin: Trojan/PornoAsset.rjk` `K7AntiVirus: Spyware ( 0040f03a1 )` `K7GW: Spyware ( 0040f03a1 )` `Kaspersky: Trojan-Ransom.Win32.PornoAsset.cezc` `Kingsoft: Win32.Trojan-Ransom.PornoAsset.cezc` `Lionic: Trojan.Win32.Generic.m6YM` `Malwarebytes: Malware.AI.1344498334` `MaxSecure: Trojan.Malware.7164915.susgen` `McAfee: PWS-Zbot-FANF!0005772B14D1` `McAfeeD: ti!40E474ED2D8B` `MicroWorld-eScan: Trojan.Generic.KDZ.12022` `Microsoft: VirTool:Win32/Obfuscator.ACP` `NANO-Antivirus: Trojan.Win32.Phorpiex.burzhb` `Paloalto: generic.ml` `Panda: Trj/Genetic.gen` `Rising: Spyware.Zbot!8.16B (TFE:1:ngykZCtRkVR)` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.jh` `Sophos: Troj/Katusha-S` `Symantec: Trojan Horse` `Tencent: Win32.Trojan.Pornoasset.Umhl` `Trapmine: malicious.high.ml.score` `TrendMicro: WORM_DORKBOT.SMD` `TrendMicro-HouseCall: WORM_DORKBOT.SMD` `VBA32: BScope.Backdoor.IRCBot.3013` `VIPRE: Trojan.Generic.KDZ.12022` `Varist: W32/S-d50995f6!Eldorado` `Xcitium: TrojWare.Win32.Kryptik.AXOV@4vvbks` `Yandex: Trojan.GenAsa!xlGHewUwGUo` `Zillya: Trojan.PornoAsset.Win32.22986` `alibabacloud: Ransomware:Win/Obfuscator.AWD` `huorong: HEUR:VirTool/Obfuscator.gen!L` `tehtris: Generic.Malware`

Hashes

MD5	`0005772b14d18ad9cd991356a1014853`
SHA1	`4b8c0849735fe40419cb291c1623b21539ab17d7`
SHA256	`40e474ed2d8b79386778c291117d30bdbf62cafacf8c599e4885b5291c7063a4`
SHA3	`92926a40025114f0e3dfced7251ea02564f83038236cbf096e3f1a8d0bb3cd38`
SSDeep	`12288:J0M/y2VGLfXlKKkY7CNrBs8GpS5mo+hOgWkLdBPeiz/tygo:bJGzoNY7CNrBFI66DbWg/tro`
Imports Hash	`9c9eaf247cb5e4cdaa18b9358e652fb7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2012-Nov-18 17:20:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x26a00`
SizeOfInitializedData	`0x78600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001148 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x22000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x11e000`
SizeOfHeaders	`0x400`
Checksum	`0xa3314`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e4fa5891189976022f03990aca51b732`
SHA1	`a35677b2db64577917a2b159faf31fb84e731023`
SHA256	`b0228209e6b31cb3ffee43a48c402817cc0e91cc8b22f7ac05d0704e5101e333`
SHA3	`fa43f613f520c03304d00e868f3dda4f6700cbaf8219d6fd372d47d4a7a55572`
VirtualSize	`0x20c1f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x20e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.01236`

.esap

MD5	`aa1d2c7f8e960abeb7f1c3876074a074`
SHA1	`df966179642240151d3dfee50b446785c3360498`
SHA256	`a7ae8cf32dbd0126287165867290e22399a6315967dfe811c84a571521f8d9ed`
SHA3	`f7f07dd3818566a0585bc1c2b9811c6a2cfab8df65f96d5832c9b2fd09747c60`
VirtualSize	`0xce`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x21200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.93614`

.adata

MD5	`32f1db838b05bf5d2bc6a9cfca8e6944`
SHA1	`78e68393ce49133ea08df94a1150c5bc9825348c`
SHA256	`0b19a51ec2d3bc5b7ff875d90bf531ea8f27500ac394e90a17b35c5d5f541112`
SHA3	`4ae2a84a0605c7e7e9e7f1f5d124ee2a56753d47b669b0b2de527cb614d7e85a`
VirtualSize	`0x80`
VirtualAddress	`0x23000`
SizeOfRawData	`0x200`
PointerToRawData	`0x21400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.5447`

.adata (#2)

MD5	`1a4571a48e5377dea0378c74c3648397`
SHA1	`e6f524f0bc06e95c3bb59924360a1b84c4b4bbc0`
SHA256	`24c0ed848ccd89ebf4bf3251805a456ca7e7c07257b60de03b026741bf77999d`
SHA3	`8b6b328bc9fbee39c8d3073385ee6a2f8063e03081ac445e7b042f71c33e53d9`
VirtualSize	`0x80`
VirtualAddress	`0x24000`
SizeOfRawData	`0x200`
PointerToRawData	`0x21600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.30589`

.data

MD5	`1bba5a8ab8f25bfbfae8347424066ae9`
SHA1	`9c7c1c418cea3f45d6030564b8df2e2a1a85dfcf`
SHA256	`f513b82fd43bf149162b335a39ade883435ac6ad490c3f4b590d45cea050aefe`
SHA3	`b3ff1adc96d9ca06aa1c761b68cff4e636c317a05e79a72c596f230f4a2061b0`
VirtualSize	`0x7fc8f`
VirtualAddress	`0x25000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x21800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.05759`

.case

MD5	`dfb240c53e09abfc0eea36a6a2cafdac`
SHA1	`ae3c67bad946cf84782a650d2e29274a5348e111`
SHA256	`84417368d0520b189fa9eaf326ebb02a7f76d5c41ef02d72f6a492ec9661f135`
SHA3	`04f265b178ac3c592256e77566992e2bccc5737a4762453e280a837480c5f51e`
VirtualSize	`0x74c00`
VirtualAddress	`0xa5000`
SizeOfRawData	`0x74c00`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.72342`

.rsrc

MD5	`cb0e42a6d717a8f93e0caf6e1347b56c`
SHA1	`3ce5bac47d97c53c0da54b9312c5bc6094fdb2f2`
SHA256	`2908b38c0eba55cf3a414526a78aaee44b980dd12e1763ac1e574bbc225c9bf8`
SHA3	`0ecc51ec6520e52a8ce58840c389e27ed7e957c531f7de0aa10e490bc1c4c015`
VirtualSize	`0x2870`
VirtualAddress	`0x11a000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x9c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.99925`

.reloc

MD5	`0e0bdc5593d519dff40e242ee922f8f8`
SHA1	`06b4683087278ed87682f693cdbccb329f639dec`
SHA256	`19e90b06d9c65be67130f7ab5ca883f7a0fcd17f35f1ed515ee1f082d1a094d5`
SHA3	`79efe7f5b68de4362c174b83b1341e856262dee71dd012c3f403cf6d94abf29b`
VirtualSize	`0x974`
VirtualAddress	`0x11d000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x9ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57951`

Imports

msvcrt.dll	`_isctype` `abs`
KERNEL32.dll	`CompareStringW` `lstrcmpW` `FindResourceW` `MulDiv`
USER32.dll	`UnloadKeyboardLayout` `GetNextDlgGroupItem` `EqualRect` `GetActiveWindow` `UnionRect`

Delayed Imports

colorpix

Ordinal	`1`
Address	`0x1000`

?adjustRectLuma@@YGEUdrivenumberA@@PR

Ordinal	`2`
Address	`0x4831`

529

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22993`
MD5	`d7ac889e3f07f134e592704e5d3f7b8f`
SHA1	`8f3e216b45e373a2862ff30a32d8933f0a73fc3a`
SHA256	`8da57b7cb3af827a37667e3c9bd2a72f3a43f4f24c4f93985f15c44e5cfa8d43`
SHA3	`1a7471098772c8b9f50d7b9d8c5d764bf739271b947dd8674f6312f9d8ecaed4`

530

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22993`
MD5	`d7ac889e3f07f134e592704e5d3f7b8f`
SHA1	`8f3e216b45e373a2862ff30a32d8933f0a73fc3a`
SHA256	`8da57b7cb3af827a37667e3c9bd2a72f3a43f4f24c4f93985f15c44e5cfa8d43`
SHA3	`1a7471098772c8b9f50d7b9d8c5d764bf739271b947dd8674f6312f9d8ecaed4`

531

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22993`
MD5	`d7ac889e3f07f134e592704e5d3f7b8f`
SHA1	`8f3e216b45e373a2862ff30a32d8933f0a73fc3a`
SHA256	`8da57b7cb3af827a37667e3c9bd2a72f3a43f4f24c4f93985f15c44e5cfa8d43`
SHA3	`1a7471098772c8b9f50d7b9d8c5d764bf739271b947dd8674f6312f9d8ecaed4`

532

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22993`
MD5	`d7ac889e3f07f134e592704e5d3f7b8f`
SHA1	`8f3e216b45e373a2862ff30a32d8933f0a73fc3a`
SHA256	`8da57b7cb3af827a37667e3c9bd2a72f3a43f4f24c4f93985f15c44e5cfa8d43`
SHA3	`1a7471098772c8b9f50d7b9d8c5d764bf739271b947dd8674f6312f9d8ecaed4`

533

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22993`
MD5	`d7ac889e3f07f134e592704e5d3f7b8f`
SHA1	`8f3e216b45e373a2862ff30a32d8933f0a73fc3a`
SHA256	`8da57b7cb3af827a37667e3c9bd2a72f3a43f4f24c4f93985f15c44e5cfa8d43`
SHA3	`1a7471098772c8b9f50d7b9d8c5d764bf739271b947dd8674f6312f9d8ecaed4`

7175

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.62756`
MD5	`76ab2e22ea110d60eb9d1610302c0a91`
SHA1	`94a321668603171c0a80c353d04ab1b711556c1e`
SHA256	`883ce5238c24730360f36fb4d3494c15556d54b134ae5976ca7480e66b17aae2`
SHA3	`46729e92614e103b20df54f2bff0f45da9148f9c07a3ed8e7b944ec7650313a0`

7176

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54342`
MD5	`a9778474d74941782544ad0a88f332b6`
SHA1	`70b25902e24f3b34532c7d4ea72ea4bc034447ad`
SHA256	`ff603d7db3d9676d2b8e10b7537776c1fc4760f6e9cd4c2b26829148dfa31f65`
SHA3	`f6f2990954935033653c5c5407c3eba58e0bf775ebac0af4389ef61410a3b4ba`

7177

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x274`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58799`
MD5	`2ae643eeadc13e3c6b0b9fffc9ef483b`
SHA1	`145f14c8124351daa415ef246f56868c7976aa5f`
SHA256	`cac9a3f215627befa6f1629000ceb7627bf8e4d7489f87447c38db078b3dd02d`
SHA3	`4082483cc83775d1889a3235adefe9c994ba60dbd47abbc26fa3e2cc988bbc10`

7178

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x270`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51556`
MD5	`4122f1ab2489b58cc9f8586011e86873`
SHA1	`039b292418992a5e93cddd992d57541cf08929db`
SHA256	`77a2bc607ab256880785be53edc381c66d612249eb1845e3c150babfcb4d7ddc`
SHA3	`b4a4aed970d0bb709e3c41dec713d5a333f7e21554f955572993ccbc65e489d1`

7179

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.6091`
MD5	`7b9b50ad6318c8c1dacdc728ed239cb0`
SHA1	`06eb5b4e2bd4d728728b6bec7f83b3966f9e8a7e`
SHA256	`4f568748f572ddf15068f6e2d69285497be60182bbc199142ec33a7afc136cb2`
SHA3	`422313f74c18dec4ddfbc68f23d88d75b756f45f9b52bdd010933f55d6ee0272`

7180

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x290`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63441`
MD5	`1274bdcf14c9dd94c1234ddac8b4b84a`
SHA1	`4774f4c9b9d78b49112c6b7e86cfe4a951c24ce4`
SHA256	`4fb3eeebdaa3bb4b10f50a0608b39ef918e4a4fb66d7e22a2de7ae9197527b7d`
SHA3	`aecc218f5d0a6ba1858abcbc60894440735eadfc002bb443dc119e03c0ded851`

7181

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x234`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.445`
MD5	`a653b7add6f9bdda56cc88c543608b72`
SHA1	`9587776177aa1a7f6c5729b29732357cd08632ea`
SHA256	`490e0c0520547f60fde9564b7e902bf88a86121087a7c37719f532c9a42417ce`
SHA3	`bfb360ba407d2418bd691393bcdf0d25d313914e3c54b062334f019ec7ee5840`

7182

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x33c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58964`
MD5	`5e5a58479be81bbca075f1f634336b37`
SHA1	`6bac9edf4a88b27d1bc2518f535ff322cc357f7e`
SHA256	`d1bf75beab496b2fcfae5a83f97c9bc1221ac3bc0d040ab75d9aeb80ebaf98ba`
SHA3	`648f515d1b96cbc5db5de4ad63ba485d5200f98e0ee02b700d83e54cbf7600db`

7183

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x264`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57575`
MD5	`e87d0938e6ae7da1c6a7ec26c780bd00`
SHA1	`eac4747d37900dfe637fc752543f06b870f80e05`
SHA256	`0b32ccd7c418b584029a6ad1be487350d2518bbb735f7bbb8001dfb01415c962`
SHA3	`32f66d349d7e2dfe3f420eb39d7399434451b83068801b03028f1ab4f59852ea`

7184

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66971`
MD5	`03820990c57466ac1fddf722f9bb6fea`
SHA1	`becff2859b6fea8d11305644e27f66cfc6bac5fb`
SHA256	`480a77971b686d51fe63d647f84032de8693071fd36a02eff966252a4b462c5a`
SHA3	`b1efb2f861ea61ca527f604d8f5f232e1893b5851424d8d9dd86145904fc437e`

7185

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.60999`
MD5	`73cb6151d5d7a1a3d665f8c3104a9c33`
SHA1	`68fa5e49d2036ac670af5c79ba97597fb01796d7`
SHA256	`0b39a86168a65d3f89b533f0d3f89e17a2fc81abbb1b89c2fb4473907b2df10e`
SHA3	`589e45cb7b448570469c750c0dd4813fbb976ce0e2468b259c5f353afc31f2e5`

7186

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x284`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.62803`
MD5	`a0e63dc6c92d75ff04e98b2fb6ab92c7`
SHA1	`866d5542384df58c8798ea8fa0e5f9dc133cd1cc`
SHA256	`3055e648ee0302a2aa7db224ee61048a1e4fff2488b28f85f8095f2c113dc605`
SHA3	`dd58ef8e720e959448e3b2ad834d00441ae2a9eb8bffd0b5b418fa264582d956`

1105

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36834`
Detected Filetype	Icon file
MD5	`1952a28c4359f3818cfba1da590dabd9`
SHA1	`1dc694722885b14eb8892f5f54ed4cfab56f13df`
SHA256	`3a3a135800d3cffa2a8996d4bd807f1051e5328b45298ebd43970f52551f3eb5`
SHA3	`7c67028312e1d203aff0f18ed87bd21df4df02f5cafd7ea0c19477f88861728e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Jun-21 15:55:26
Version	`0.0`
SizeofData	`50`
AddressOfRawData	`0x260f8`
PointerToRawData	`0x228f8`
Referenced File	O:\mainstream\archive.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x835c5c7d`
Unmarked objects	`0`
ASM objects (VS2008 SP1 build 30729)	`1`
Total imports	`27`
Imports (VS2008 SP1 build 30729)	`15`
175 (VS2010 SP1 build 40219)	`17`
Exports (VS2010 SP1 build 40219)	`1`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[!] Error: Could not locate RT_ICON with ID 1!
[*] Warning: Resource 1105 is empty!

Leave a comment

No comments yet.