Manalyze report for 7b6acb5e2c245b8cfda77fced2cc0e94108384cd1b9ffc8510e7304fcb9feb6c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2009-Oct-23 02:08:07
Detected languages	English - United States

Plugin Output

Suspicious	PEiD Signature:	`ASPack v2.12`
Suspicious	The PE is packed with Aspack or Armadillo	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Section .rsrc is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found: .xpdata` `Section .xpdata is both writable and executable.` `Unusual section name found: .adata` `Section .adata is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCreateKeyExA` `Leverages the raw socket API to access the Internet: getservbyname`
Info	The PE's resources present abnormal characteristics.	`Resource 1 is possibly compressed or encrypted.` `Resource 2 is possibly compressed or encrypted.` `Resource 3 is possibly compressed or encrypted.` `Resource 4 is possibly compressed or encrypted.` `Resource 5 is possibly compressed or encrypted.` `Resource 6 is possibly compressed or encrypted.` `Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 111 is possibly compressed or encrypted.` `Resource 112 is possibly compressed or encrypted.` `Resource 113 is possibly compressed or encrypted.` `Resource 1 is possibly compressed or encrypted.`
Safe	VirusTotal score: 0/71 (Scanned on 2026-04-26 21:45:25)	`All the AVs think this file is safe.`

Hashes

MD5	`71354278675a4deea20fb3cbb5f77170`
SHA1	`073e9f1db6c1be847f186553e985e35e4de03c70`
SHA256	`7b6acb5e2c245b8cfda77fced2cc0e94108384cd1b9ffc8510e7304fcb9feb6c`
SHA3	`073cca8d0a6c6c399e76b618866d0ef4923a2d730e768c4a130f7c7e96836d32`
SSDeep	`12288:NRJ6OytWOdpAFN0i2J+twkFFNQXNxE+VOvQ3tKDuztSVPXQdlO3BuOmuVbAA/IFv:ND7rO7qNp2gNQ9xqkYDWYPgiEdgAA/VS`
Imports Hash	`0d800406595f24ab6ce45973f069b587`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2009-Oct-23 02:08:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x124400`
SizeOfInitializedData	`0x58e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x001CF001 (Section: .xpdata)`
BaseOfCode	`0x1000`
BaseOfData	`0x126000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x1f8000`
SizeOfHeaders	`0x400`
Checksum	`0x18d000`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`129f85cefab83d7a0301bef606e93685`
SHA1	`d708f73cbd9530e557b947e37ea4282fc3f55ce8`
SHA256	`4b34d59eb2d5943ed491bda4ded995021892d0607323d886c9b0c9566b17abc0`
SHA3	`1e4c717109c27bc73bc94a4a7b0588642c5df1229f55eb0f8c9ba0e61cb74ec3`
VirtualSize	`0x125000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6dc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99958`

Section_2

MD5	`f12b6f8d8c1812af710ac49d457aa989`
SHA1	`c4b7057e6cad1c6b34466c7083ea37d9b7f31247`
SHA256	`5af7296f8f764cd622479cb87a125a9538cb076c6019c4d3a1c4024594f0f9c9`
SHA3	`0ae0f7619e87c9f12bc2f6120e5695a5f0b528b1ea7a9f729ffe0fc9d1dd0bd9`
VirtualSize	`0x37000`
VirtualAddress	`0x126000`
SizeOfRawData	`0x14000`
PointerToRawData	`0x6e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.9975`

Section_3

MD5	`318e6e54a937b014383f40298d2daaac`
SHA1	`5b8b037b4cb6878aad984e30a1728e46f4d8a180`
SHA256	`83aa7439b6a0f4f6b8613249f878008e008570ab8f294d855ef82ebc0f7d8263`
SHA3	`1cb92be55ac746ebe900d3e6a4469c01204ffc78c8d73dcd0e7050f00f763d5c`
VirtualSize	`0x5c000`
VirtualAddress	`0x15d000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x82000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98817`

.rsrc

MD5	`e2a88a429869b2b8d04812d53a246e17`
SHA1	`8fe2542be73987cd388aaf3fb4094c9b588512af`
SHA256	`41ffa321cddbf6ea9f1e783f8ee38e782f7380573e3421a934c5134dfa1268d7`
SHA3	`a57e508ec74997e62f80d01951f8afc6ebb4117cec1375258ebf2c7abcea1933`
VirtualSize	`0x7000`
VirtualAddress	`0x1b9000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x85c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.84985`

Section_5

MD5	`968b149fc51fffed18cf232352dcde7f`
SHA1	`bafc8fd53fea36d9059d390d7ce0dde8cb059d11`
SHA256	`9f17c0d7ed9e4b2d8daf3bf21ec9ba41291702126bab497f48221509c1343961`
SHA3	`e6d7dda2670380946e7de898ec744cdc2c472672091ed60e12eab7960fd793bd`
VirtualSize	`0xe000`
VirtualAddress	`0x1c0000`
SizeOfRawData	`0x8200`
PointerToRawData	`0x88c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99461`

Section_6

MD5	`940cf7dd3cd5c453f3135d54a04dd897`
SHA1	`f9ab6ff41060dae9224d94fc7de0bb02a5cd2de2`
SHA256	`0e8506944b08ced3b9ccb60e8883d90272d1084152edc8e5eb985fd682be3455`
SHA3	`56a9a7c61e95c4620a01a0273ed39eb63f2cdc8c63316852aa4c0455bf98f0be`
VirtualSize	`0x1000`
VirtualAddress	`0x1ce000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x90e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.1652`

.xpdata

MD5	`c61d564bbe41601ca477cf09b8d1a9be`
SHA1	`4b233af268e2b25966d1806a4dc640376878713d`
SHA256	`fd4661b35bdfcfa4c3fc5c110fe1b37e469404547b981880576468bf78a53894`
SHA3	`d0bb0d7363a9b5ae006c634fedff78fdf5610d7af9e8897f93dc40582233bb5c`
VirtualSize	`0x28000`
VirtualAddress	`0x1cf000`
SizeOfRawData	`0x27400`
PointerToRawData	`0x91e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.87658`

.adata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x1f7000`
SizeOfRawData	`0`
PointerToRawData	`0xb9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Imports

kernel32.dll	`GetProcAddress` `GetModuleHandleA` `LoadLibraryA`
user32.dll	`GetDC`
gdi32.dll	`GetFontData`
advapi32.dll	`RegCreateKeyExA`
ole32.dll	`CoUninitialize`
winmm.dll	`mmioOpenA`
comctl32.dll	`PropertySheetA`
ws2_32.dll	`getservbyname`
msacm32.dll	`acmStreamOpen`
oleaut32.dll	`VariantChangeTypeEx`
kernel32.dll (#2)	`GetProcAddress` `GetModuleHandleA` `LoadLibraryA`

Delayed Imports

EncDefaultCharEncoding

Ordinal	`1`
Address	`0x15e71c`

RGSSAddRTPPath

Ordinal	`2`
Address	`0x69d0`

RGSSAudioFinalize

Ordinal	`3`
Address	`0x5b40`

RGSSAudioInitialize

Ordinal	`4`
Address	`0x5aa0`

RGSSClearRTPPath

Ordinal	`5`
Address	`0x69f0`

RGSSErrorMessage

Ordinal	`6`
Address	`0x66b0`

RGSSErrorType

Ordinal	`7`
Address	`0x6690`

RGSSEval

Ordinal	`8`
Address	`0x5c50`

RGSSFinalize

Ordinal	`9`
Address	`0x5a90`

RGSSGC

Ordinal	`10`
Address	`0x6a00`

RGSSGameMain

Ordinal	`11`
Address	`0x5b90`

RGSSGetBool

Ordinal	`12`
Address	`0x5c80`

RGSSGetDouble

Ordinal	`13`
Address	`0x5e70`

RGSSGetInt

Ordinal	`14`
Address	`0x5cb0`

RGSSGetPathWithRTP

Ordinal	`15`
Address	`0x66e0`

RGSSGetRTPPath

Ordinal	`16`
Address	`0x69b0`

RGSSGetStringACP

Ordinal	`17`
Address	`0x6160`

RGSSGetStringUTF8

Ordinal	`18`
Address	`0x60b0`

RGSSGetTable

Ordinal	`19`
Address	`0x6010`

RGSSInitialize

Ordinal	`20`
Address	`0x5a70`

RGSSSetString

Ordinal	`21`
Address	`0x6310`

RGSSSetStringACP

Ordinal	`22`
Address	`0x64d0`

RGSSSetStringUTF8

Ordinal	`23`
Address	`0x63f0`

RGSSSetupRTP

Ordinal	`24`
Address	`0x67d0`

RegDefaultSyntax

Ordinal	`25`
Address	`0x15e150`

RegEncodingASCII

Ordinal	`26`
Address	`0x15e5d8`

RegEncodingEUC_JP

Ordinal	`27`
Address	`0x160020`

RegEncodingSJIS

Ordinal	`28`
Address	`0x160168`

RegEncodingUTF8

Ordinal	`29`
Address	`0x15fed8`

RegSyntaxRuby

Ordinal	`30`
Address	`0x15e140`

enc_get_left_adjust_char_head

Ordinal	`31`
Address	`0xa0480`

enc_get_prev_char_head

Ordinal	`32`
Address	`0xa03d0`

enc_get_right_adjust_char_head

Ordinal	`33`
Address	`0xa0330`

re_alloc_pattern

Ordinal	`34`
Address	`0xa09b0`

regex_end

Ordinal	`35`
Address	`0x99b80`

regex_error_code_to_str

Ordinal	`36`
Address	`0xa0f90`

regex_foreach_name

Ordinal	`37`
Address	`0x88b30`

regex_free

Ordinal	`38`
Address	`0x90b00`

regex_get_encoding

Ordinal	`39`
Address	`0xa02c0`

regex_get_options

Ordinal	`40`
Address	`0xa02d0`

regex_get_syntax

Ordinal	`41`
Address	`0xa02e0`

regex_init

Ordinal	`42`
Address	`0x99b30`

regex_match

Ordinal	`43`
Address	`0x9a190`

regex_name_to_backref_number

Ordinal	`44`
Address	`0x88d70`

regex_name_to_group_numbers

Ordinal	`45`
Address	`0x88c30`

regex_new

Ordinal	`46`
Address	`0x99ab0`

regex_number_of_names

Ordinal	`47`
Address	`0x88c00`

regex_recompile

Ordinal	`48`
Address	`0x99850`

regex_region_clear

Ordinal	`49`
Address	`0x99ba0`

regex_region_copy

Ordinal	`50`
Address	`0x99ec0`

regex_region_free

Ordinal	`51`
Address	`0x99e10`

regex_region_new

Ordinal	`52`
Address	`0x99da0`

regex_region_resize

Ordinal	`53`
Address	`0x99c60`

regex_search

Ordinal	`54`
Address	`0x9e990`

regex_set_verb_warn_func

Ordinal	`55`
Address	`0x889c0`

regex_set_warn_func

Ordinal	`56`
Address	`0x889b0`

regex_version

Ordinal	`57`
Address	`0xa02f0`

ruby_re_adjust_startpos

Ordinal	`58`
Address	`0xa07e0`

ruby_re_compile_pattern

Ordinal	`59`
Address	`0xa08d0`

ruby_re_free_pattern

Ordinal	`60`
Address	`0xa0990`

ruby_re_free_registers

Ordinal	`61`
Address	`0xa07c0`

ruby_re_match

Ordinal	`62`
Address	`0xa0860`

ruby_re_mbcinit

Ordinal	`63`
Address	`0xa09f0`

ruby_re_recompile_pattern

Ordinal	`64`
Address	`0xa0920`

ruby_re_search

Ordinal	`65`
Address	`0xa0890`

ruby_re_set_casetable

Ordinal	`66`
Address	`0xa09d0`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.19984`
MD5	`8461a48406c8aa3bc0f90125ab5aa76f`
SHA1	`bb7f9d754cf90cf85969adcea7c4047187120ab1`
SHA256	`bc6d1d370421fcf25e132d03e55f9139dcec014b106185827fcd47cb7d803438`
SHA3	`24f1dc3f374ce6afe5defd206b18a3de760d44e7b266a365176405c71f71cc31`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84945`
MD5	`3cfecd577c0bce63e680bf65b836ce89`
SHA1	`fd3502695a2160dce90e467eea350013723a2c50`
SHA256	`f4cd30cc5708b01fc1c0942da22d3566016d17cbcf4c2a10a37801e5c5bc4302`
SHA3	`d6b508a82a4cff728f2b77af1ee97aedf6e41b2d2e1f5664500e2854b09c9261`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83978`
MD5	`8affd5ea560acfaae5463e1344dd0f31`
SHA1	`b770d05c6cb563efea30379af11591c4541f2477`
SHA256	`2662e513aceff350855c7f398e11ddf4fef0e1fc2f447ea69dc5bdd3ef890e81`
SHA3	`110460a8a45e9ec8e8dce1a0317520c31d2096819da38c0bd259dddabc83f354`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73622`
MD5	`49326ffc783e3e3a039631e39fc7c828`
SHA1	`58d1c09b9b7b2b3f460641aeeeb2abd82495400c`
SHA256	`c7b6649b515a71cb9643b6e0273d44e0c1e9fc316270b3e2db2d216187e2be11`
SHA3	`1e04ec179e390379060182e98f6efa8df59f712b51cee8805e844b49ac511a22`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91672`
MD5	`f679e3ec4d715b95da868e406c7906ad`
SHA1	`1a48711a88ceaab74ca5b7f2da870f5d7b89ae0d`
SHA256	`6d03d6c27f6a30996205bfc5a21295c68551d855064d79b4b48c6b4c409c6af5`
SHA3	`6f5098d56d7d7bf11069e813d789a40778f0e7565c853a842609b315f20424b7`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95288`
MD5	`978f2ebd3357427ff68e4a0cb0fca8b3`
SHA1	`04cadc6ea5c082c876b9cc87451f40b7a0ec5436`
SHA256	`f9597061cc42ba90102a9225289dfbb4f0401d14e4553389eb5b913971ca68a4`
SHA3	`861a78a9959206e516f14a82ab62cb587174fb70e3d6a9b8be6c119c0b577cc9`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94687`
MD5	`b778504d298e754f9fb922acdc3da67d`
SHA1	`529fe12b395e50b21cd65cb30271123e5c2f487f`
SHA256	`60fc1e0a203c4cc464375cf01f568e912252472b04cf066364ee6dcbe1c717a1`
SHA3	`4d5ae6be9ccdab2cc93bcde2f7ada01d8eca5696fbcb3be3f8e85df0c58821d3`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98218`
MD5	`0eb6f898d437ee780f4092521b8d67e8`
SHA1	`b65420ec6a711ae08f991360ac6d9a46bde0b4c8`
SHA256	`7c4543de5e2dd111e9b3455b62ed95e56654ca903a4c05ae1d327dfa8d75cb1d`
SHA3	`3efa482ba68a71714fb7abe8cf3f54052717a5f24e44be36c4f729825e574757`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x186`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.4935`
MD5	`e39d9f6d56aff8c9dda3d476fd8201de`
SHA1	`0b972f939c50657a2a8b23db80577ea1da322b83`
SHA256	`d179e53fc54e69810c1964db3f67ce916362fe6c14e9f5bcc8a08fdb06e7b59c`
SHA3	`9bfb27d6f1152f722810c3d17f9e2700364cb622d7ceebb7d595bc10a82a7d08`

112

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80894`
MD5	`7df8740bbd1812487ce09fb7532154d3`
SHA1	`0852bfe9110440257b09a202dc84b4e7aaea8551`
SHA256	`a8907c348214c8d49d4c48d01bdf779be3382a2e2b755cb05950192a2e9ad6c8`
SHA3	`6a590406682e58fea8e3e19cc51bcc629b67a06b549b7342028052d1c2a87fd7`

113

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82547`
MD5	`8f1cce9df9d324f38df3c1a017319a1d`
SHA1	`9df949c6a005563e480f36379573eb94e8951ff0`
SHA256	`1a8720d8047c784317c721c53f0ca453c67cc3fd6a26c198511085ab32939a15`
SHA3	`b311be3fd9095e902df6e403062509b0f6a2dc295af29317999c9b883c71726f`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76179`
MD5	`fc6fdc582434346b184c2dea9b729e21`
SHA1	`b1a919d63d0fee9694b5e7bf164dcdd94970cb9d`
SHA256	`0eda135a90dc288a44aa3cbf2edc52e064524a34731b3b3ebc63f4c40d3fcd65`
SHA3	`f82848e6628f7332dd5d81ed0852b4dc5b8efc5a0bcc1ef3214f1b8245a77f45`

102

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.4183`
MD5	`632020e586d81a9df3ed6dc0ee43c3db`
SHA1	`1fed3753ef8c00f513a6b32bfcfc01f5d0f8f6c0`
SHA256	`068c3007712c742244e29dc212dca181a52afa446e2ed569044e9b2f9ca85e45`
SHA3	`4182ccb73c24f0abaf7a51ccd21d6c172f26ab3416c4e68c29b9415e366506ee`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.42917`
MD5	`c55f0fff3f477d5565f02d8ae93ae53b`
SHA1	`fe4c63aa02f895b0bd42e038d8e912747ec636c2`
SHA256	`876b4db1dbb909bd832550df538c4b38da1cec9613d2f47d66e2e6a4daeaa1d8`
SHA3	`5168f1cc36f9c9a3fe8dfef5fc2382e580d6dc4ecc4dad7e5b19eb80a9870141`

2 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9aabda6`
Unmarked objects	`0`
C++ objects (VS2003 (.NET) build 4035)	`1`
150 (20413)	`26`
ASM objects (VS2008 SP1 build 30729)	`69`
C objects (VS2012 build 50727 / VS2005 build 50727)	`3`
Imports (VS2012 build 50727 / VS2005 build 50727)	`19`
Total imports	`309`
C++ objects (VS2008 SP1 build 30729)	`128`
C objects (VS2008 SP1 build 30729)	`318`
Exports (VS2008 SP1 build 30729)	`1`
Linker (VS2008 build 21022)	`1`
151	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

[*] Warning: Section .adata has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Resource 103 is empty!

Leave a comment

No comments yet.