Manalyze report for 944ef0712c2eb9b6d6526665b55310add8d960f51a53604630170c389b824935

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Oct-02 05:03:49
Detected languages	English - United States
FileDescription	Setup/Uninstall
FileVersion	`51.1052.0.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regsvr32.exe` `May have dropper capabilities: CurrentVersion\Run` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` `Contains domain names: hanzify.org http://restools.hanzify.org http://restools.hanzify.org/ http://www.innosetup.com http://www.innosetup.com/ http://www.remobjects.com http://www.remobjects.com/ps innosetup.com remobjects.com restools.hanzify.org www.innosetup.com www.remobjects.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1`
Suspicious	The PE is possibly packed.	`Unusual section name found: .itext`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW SwitchToThread` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey RegSetValueExW RegQueryInfoKeyW RegFlushKey RegEnumValueW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses functions commonly found in keyloggers: MapVirtualKeyW GetForegroundWindow CallNextHookEx` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess` `Can take screenshots: GetDCEx GetDC FindWindowW CreateCompatibleDC BitBlt` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The PE is possibly a dropper.	`Resource HELPER_EXE_AMD64 detected as a PE Executable.` `Resource SHFOLDERDLL detected as a PE Executable.`
Suspicious	The file contains overlay data.	`22403 bytes of data starting at offset 0x16be00.`
Safe	VirusTotal score: 0/71 (Scanned on 2023-06-28 10:36:57)	`All the AVs think this file is safe.`

Hashes

MD5	`1d86f39fc77f4290b97b5463d3ad955f`
SHA1	`29423942bd6f7742b5cc9e2eb35d1b3084d29191`
SHA256	`944ef0712c2eb9b6d6526665b55310add8d960f51a53604630170c389b824935`
SHA3	`be7a1fd3a05615b5c50d9a123417f6542843328bcbe1f783c8a064052d8ee935`
SSDeep	`24576:YH9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjK0exL7V:gIEJxCWluyZ8UbM5l`
Imports Hash	`5743355277bb33d7c6a8c32736dc258b`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2012-Oct-02 05:03:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x14b000`
SizeOfInitializedData	`0x20a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0014C094 (Section: .itext)`
BaseOfCode	`0x1000`
BaseOfData	`0x14d000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`6.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x178000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`34d7eae17d7d81b7a927f2af9a818d03`
SHA1	`8478d768720feedea751a923fc6a11611f36a18c`
SHA256	`8e75b407cddfe13d7876af56702f9e5eac6697d98f3cd9cb04c7a84cabb79ff9`
SHA3	`179dbd1a4c7565852469827ec28ad1b93170cee7bd14bad016476b39adc06186`
VirtualSize	`0x149be0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x149c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46131`

.itext

MD5	`7232e87d461daa9f7e87081c9e585347`
SHA1	`70495bfeeb14760306b521ce9d6f5b142ff9596c`
SHA256	`eafbf479bca29c0f4d540b2bb713f9e5adc0574655c4d1e1b24f082c1bbbbe5f`
SHA3	`ceb1224da61e520f32481df95d10cc5a9af18268e028f0998e3e831e2441c96b`
VirtualSize	`0x12a8`
VirtualAddress	`0x14b000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x14a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.79846`

.data

MD5	`ed5eff5b560576bf17c9a920339b7f0e`
SHA1	`e5a8ca1ad16796bd48d70fb1c6560853140559b1`
SHA256	`271db1710d2c3b271074f42bf65ca36fc80d9443d5cf71a03c00f11db6fe3daa`
SHA3	`13aa1b61dbc2a0624156af9745ac7e1f9acbb4d51b7f6ccb09b3414bf51ff9ea`
VirtualSize	`0x34b8`
VirtualAddress	`0x14d000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x14b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.26332`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x61c0`
VirtualAddress	`0x151000`
SizeOfRawData	`0`
PointerToRawData	`0x14ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`ee483d9daa0dad0c5d8238650a4f09c3`
SHA1	`311806fe43b2bd68d6d9ff9d1028f32380d7d5aa`
SHA256	`b10272071986fb6fffb2d8519b053e3a78d02317a8491ea2319469f1fd9df9b1`
SHA3	`d5ace49d116f6f5ecdde852be70c4b97a1f76e6f54bd77fc01f6a7735f2dd86f`
VirtualSize	`0x3b60`
VirtualAddress	`0x158000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x14ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.24444`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3c`
VirtualAddress	`0x15c000`
SizeOfRawData	`0`
PointerToRawData	`0x152600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`e9f9b4db65cbb3a02158f41557105d5b`
SHA1	`5baea811442ab6b5fd9f4b3ceef124e686fb4442`
SHA256	`4e7eec94ed91393751a6b01a1b4f01dfc776038364d43fb8dd8bc81a0447b8c4`
SHA3	`7c25a336068fbfef8af566ee97c54788b6f0c189e59f126d3296d15d14cc8795`
VirtualSize	`0x18`
VirtualAddress	`0x15d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x152600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.210826`

.rsrc

MD5	`a734ca1b6e064e2c0cf8338b6976ebb2`
SHA1	`9dbec48c5ff8b0a205eaa7068ad88f2897c6bd1f`
SHA256	`cd374645d885c0a6c6cc137526788038f540c32b190fd972a509633f27d5865b`
SHA3	`f751ddc666a8ba347112ab4b90e6088cb901ce81491d36ba5827782a18f98e7b`
VirtualSize	`0x19508`
VirtualAddress	`0x15e000`
SizeOfRawData	`0x19600`
PointerToRawData	`0x152800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85501`

Imports

oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
advapi32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
user32.dll	`GetKeyboardType` `LoadStringW` `MessageBoxA` `CharNextW`
kernel32.dll	`GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `SetCurrentDirectoryW` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetLocaleInfoW` `GetCurrentDirectoryW` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `ExitThread` `CreateThread` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle` `CloseHandle`
kernel32.dll (#2)	`GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `SetCurrentDirectoryW` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetLocaleInfoW` `GetCurrentDirectoryW` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `ExitThread` `CreateThread` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle` `CloseHandle`
user32.dll (#2)	`GetKeyboardType` `LoadStringW` `MessageBoxA` `CharNextW`
msimg32.dll	`AlphaBlend`
gdi32.dll	`UnrealizeObject` `StretchDIBits` `StretchBlt` `StartPage` `StartDocW` `SetWindowOrgEx` `SetViewportOrgEx` `SetTextColor` `SetTextAlign` `SetStretchBltMode` `SetROP2` `SetPixel` `SetDIBColorTable` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SetAbortProc` `SelectPalette` `SelectObject` `SelectClipRgn` `SaveDC` `RoundRect` `RestoreDC` `RemoveFontResourceW` `Rectangle` `RectVisible` `RealizePalette` `Polyline` `Pie` `PatBlt` `MoveToEx` `MaskBlt` `LineTo` `LineDDA` `IntersectClipRect` `GetWindowOrgEx` `GetTextMetricsW` `GetTextExtentPointW` `GetTextExtentPoint32W` `GetSystemPaletteEntries` `GetStockObject` `GetRgnBox` `GetPixel` `GetPaletteEntries` `GetObjectW` `GetDeviceCaps` `GetDIBits` `GetDIBColorTable` `GetDCOrgEx` `GetCurrentPositionEx` `GetClipBox` `GetBrushOrgEx` `GetBitmapBits` `FrameRgn` `ExtTextOutW` `ExtFloodFill` `ExcludeClipRect` `EnumFontsW` `EnumFontFamiliesExW` `EndPage` `EndDoc` `Ellipse` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreatePenIndirect` `CreatePalette` `CreateICW` `CreateHalftonePalette` `CreateFontIndirectW` `CreateDIBitmap` `CreateDIBSection` `CreateDCW` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `Chord` `BitBlt` `Arc` `AddFontResourceW`
version.dll	`VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoW`
mpr.dll	`WNetOpenEnumW` `WNetGetUniversalNameW` `WNetGetConnectionW` `WNetEnumResourceW` `WNetCloseEnum`
kernel32.dll (#3)	`GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `SetCurrentDirectoryW` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetLocaleInfoW` `GetCurrentDirectoryW` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `ExitThread` `CreateThread` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle` `CloseHandle`
advapi32.dll (#2)	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoTaskMemAlloc` `CLSIDFromProgID` `CLSIDFromString` `StringFromCLSID` `CoCreateInstance` `CoFreeUnusedLibraries` `CoUninitialize` `CoInitialize` `IsEqualGUID`
comctl32.dll	`InitializeFlatSB` `FlatSB_SetScrollProp` `FlatSB_SetScrollPos` `FlatSB_SetScrollInfo` `FlatSB_GetScrollPos` `FlatSB_GetScrollInfo` `_TrackMouseEvent` `ImageList_GetImageInfo` `ImageList_SetIconSize` `ImageList_GetIconSize` `ImageList_Write` `ImageList_Read` `ImageList_GetDragImage` `ImageList_DragShowNolock` `ImageList_DragMove` `ImageList_DragLeave` `ImageList_DragEnter` `ImageList_EndDrag` `ImageList_BeginDrag` `ImageList_Copy` `ImageList_LoadImageW` `ImageList_GetIcon` `ImageList_Remove` `ImageList_DrawEx` `ImageList_Replace` `ImageList_Draw` `ImageList_SetOverlayImage` `ImageList_GetBkColor` `ImageList_SetBkColor` `ImageList_ReplaceIcon` `ImageList_Add` `ImageList_SetImageCount` `ImageList_GetImageCount` `ImageList_Destroy` `ImageList_Create` `InitCommonControls`
kernel32.dll (#4)	`GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `SetCurrentDirectoryW` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetLocaleInfoW` `GetCurrentDirectoryW` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `ExitThread` `CreateThread` `CompareStringW` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle` `CloseHandle`
oleaut32.dll (#3)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
winspool.drv	`OpenPrinterW` `EnumPrintersW` `DocumentPropertiesW` `ClosePrinter`
winspool.drv (#2)	`OpenPrinterW` `EnumPrintersW` `DocumentPropertiesW` `ClosePrinter`
shell32.dll	`ShellExecuteExW` `ShellExecuteW` `SHGetFileInfoW` `ExtractIconW`
shell32.dll (#2)	`ShellExecuteExW` `ShellExecuteW` `SHGetFileInfoW` `ExtractIconW`
comdlg32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
ole32.dll (#2)	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoTaskMemAlloc` `CLSIDFromProgID` `CLSIDFromString` `StringFromCLSID` `CoCreateInstance` `CoFreeUnusedLibraries` `CoUninitialize` `CoInitialize` `IsEqualGUID`
advapi32.dll (#3)	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
oleaut32.dll (#4)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`

Delayed Imports

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6633`
MD5	`ff4e5862f26ea666373e5fab2bddfb11`
SHA1	`cfa13c0ab30f1bbd566900dee3631902f9b6451c`
SHA256	`b8e6fc93d423931acbddae3c27dd3c4eb2a394005d746951a971cb700e0ee510`
SHA3	`91dae12a9f43c5443e0661091a336f882fa1482f75fa9a57c9298d1d70c8ae69`

2

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80231`
MD5	`2e87b3c111e3073a841775c1f8ec5a90`
SHA1	`20292304fa2ef1bfdc4a1000e90a1c16d4765a96`
SHA256	`ce19ace18e87b572e6912306776226af5b8e63959c61cde70a8ff05b3bbdcc41`
SHA3	`9527f09e739c2064835800a7e5c317cb422bdd7237f00fca079a1c62f58a2612`

3

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00046`
MD5	`a04c3c368cb37c07bd5f63e7e6841ebd`
SHA1	`699300bceaa1256818c43fecfc8cad93a59156b2`
SHA256	`ee1c9c194199c320c893b367602ccc7ee7270bd4395d029f727e097634f47f8c`
SHA3	`58722e3138aad1382e284c1605ecd665ced536de4906749ac8d6e11252cc9558`

4

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56318`
MD5	`9929115b21c2c59348058d4190392e75`
SHA1	`626fba1825d572ea441d36363307c9935de3c565`
SHA256	`9d9edf87ca203ecc60b246cc783d54218dd0ce77d3a025d0bafc580995a4abd8`
SHA3	`fea156e872544252c625076a6bf3baa733ee5b3d5399716e156734af7a841369`

5

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6949`
MD5	`f321ad13d1c3f35a05d67773b4bc27d6`
SHA1	`30aded8525417e2531d5eb88bf2f868172945baa`
SHA256	`99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593`
SHA3	`04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad`

6

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62527`
MD5	`5ca217e52bdc6f23b43c7b6a23171e6e`
SHA1	`d99dc22ec1b655a42c475431cc3259742d0957a4`
SHA256	`11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28`
SHA3	`b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f`

7

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91604`
MD5	`6be7031995bb891cb8a787b9052f6069`
SHA1	`487eb59fd083cf4df02ce59d9b079755077ba1b5`
SHA256	`6f938aab0a03120de4ef8b27aff6ba5146226c92a056a6f04e5ec8d513ce5f9d`
SHA3	`0f1c6c0378a3646c9fbf3678bbeeccf929d32192f02d1ea9d6ba0be5c769e6ab`

DISKIMAGE

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27885`
MD5	`9f36c65260f5b9b63749b80e87baa108`
SHA1	`606acb721dc20da5f8e1feb0a3d174cefbee4eda`
SHA256	`5ef379b2771118b2ce2d78c915d48230d8f9d4e4905e62a9b7f150c009c7bc67`
SHA3	`eab22bc47d1eacf9a480dc79e6e8f754469badd850d0a591a4324406100b190c`
Preview

STOPIMAGE

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34815`
MD5	`f21ffbe1149520d40d1a034da636c6fd`
SHA1	`db7c7bc0cd61d73be92b71bbb535a172f77ef2b5`
SHA256	`ea9b569ac7e3d063e22795d5f428289938caa4b74272a8870ebbca46f21b929b`
SHA3	`f56506ed838ee62feb25b27b2446acb95fc801a8430101566713d7e1f3262c30`
Preview

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x710`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06678`
MD5	`a6c4f1331821d2c15a64447d19ab8455`
SHA1	`d4e765ea17d90582ec199698f4902cd7e11246f6`
SHA256	`01dec9857113c5bb99065c03201b69f1a9836f3eae12297f9bfeb0b1e376f531`
SHA3	`d87c034b467b7c04953e1b338fcfd094da8361c31b6169542f22c63d8f3a5e64`

4077

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94555`
MD5	`f6db83c51a6b7301d394bcd88eca894d`
SHA1	`3733d8c9bedcb3d9e4f14606b28b8d47547ad1c2`
SHA256	`d5e37b212281164ab1c665561fe8eda02969d73c0b6bfcd4e971cd6da1d4493f`
SHA3	`d67d42e348cb346cec5ccb57664f67794b71df372675dae857fc63d88c37fa12`

4078

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x258`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33755`
MD5	`90a7ff1509707fa98ff835b06de1c901`
SHA1	`974f6417457413df2ccc40993cbfdb6c68a182b7`
SHA256	`53b8c089a394550f7796a02a91cfeef45d29084c7020c9ee8f01161d755b4902`
SHA3	`75efc29e291581df20879cf30ec194f495a69cd6785cae386bf7d57905efaa75`

4079

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x250`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43108`
MD5	`4d55b90daf5759ae92af09f35695bca5`
SHA1	`4e3ed1984036d825b65320a71885647c722bc0da`
SHA256	`45b8e3bf54baa870d201058a7eaffca9afc049273cf2110d26ea7cd6010744fa`
SHA3	`37254a6dd257d91eb7fca5dadbb92c654a4b22e0b78614a8f79362422bfde43f`

4080

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x470`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32684`
MD5	`d434edfd554b9c55e617558d674621cc`
SHA1	`990752dec377cfd5a8a93eb0ef2df0ffee6c077c`
SHA256	`f1516fddab0eda6ef3f9afc0b17083bd29fc815a33fc108cb7ecf8bafeb63073`
SHA3	`f759ffe43901c20d3d16d61a5d9e192783b01849b8c836242f4ade558a4fd255`

4081

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x470`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26496`
MD5	`94cba3367a44c8f1a03790e1fc4e1410`
SHA1	`ac40aaef66e0f1d41a1fc7c2999a18a118f8de94`
SHA256	`f0c0e65c6ac93ccf3227f0f011b73aeaedeff2fabfdbe98a287f39d6ecf154e0`
SHA3	`7807712a4216c4208959e034303e8686c2eabc2a025c1084a39afd11ae9f4a82`

4082

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32952`
MD5	`8ce2d6b99b8f585172951ff984cdd5a2`
SHA1	`bd2b85f09419f7ec0ad5ab04992a94131c38f1e4`
SHA256	`8e40bf910ddd5733fdea468d975c8e3426328dd0d1b131f806cd426e9fbe87f4`
SHA3	`bb01f65032b06e8aea2433d688c017875ae85f67b3904ea628703ca2077b20cf`

4083

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46049`
MD5	`66f3976afb0b132aa8ad58241dffc532`
SHA1	`a77b153dfe6d2c097fccd1fdf3786900759dcf5e`
SHA256	`b3504385cb10b7d82c82af540e0c06e63afbcfbbb743fa979ad02a6e621547db`
SHA3	`e765d3d75372f33074e749c40527335a30bd47f8a84dd8b0dab7a19ebd5d76e4`

4084

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x210`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39185`
MD5	`f7754cba7892e1b389371d442e6dc14a`
SHA1	`d488a5032240272e80699091cc1761de2394bb62`
SHA256	`5dcdb35d1d7a9111be5e01ac5360ddb5ae400e6a0020283c96945e5c39cd4b90`
SHA3	`967df26a75ccde27366b3214b6dd5e8aa5e6015b1eefc35bea1153d7244b0913`

4085

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27699`
MD5	`324f5521e47ae04b975b46a0ab76833a`
SHA1	`9c0c14ab416ab98e0b8d7acdb2a0497d3e0c7ac3`
SHA256	`d913a5efa8fcb2f50d6246268b73a30f9ca87b5030ef8bf811344274c4bb956b`
SHA3	`9b9c279b95aaaa5c83d746c2d8c2ed571af05ae5351404a9e0b454284b3e838b`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26412`
MD5	`f3e56019e59919f9dcc75ad80106cef4`
SHA1	`94eda71680cf7a9b77accc08d4ce6769cf19aeb7`
SHA256	`70e35075403a0d4bdaa02e0a1e39b2ec21f70e5413a913a82bae817434a4695c`
SHA3	`3865845bd50470b270b11bae6c6a721999948438e13c70e19043707db2b7fabb`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30556`
MD5	`c45481fd7240dd7a03e98ab2cff15284`
SHA1	`8a04683edf4c75154c3fc95eb91f2e066682e412`
SHA256	`2e35a8feec593437cf9936636eb85d7fd716a96ac2c127cc0738ec97919cd76c`
SHA3	`8f07ea6e4a3d5e699e03de8f7b50294d8090e4d4d22511dbac2e50c03ee53d86`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33597`
MD5	`a7ffb74414aa3b4009f871d4e8fa00c9`
SHA1	`b4033b4abdb809f6c1f44677c20b5d8ffadccb10`
SHA256	`f2d1b3b4cbc34656f1b2137ee136330f075c181604ceabcd3f1f94b6efaa241a`
SHA3	`c6d80074749b7f6c0d91308ee1cdc547f2e8deab971a01ec67763271e6dfb4ae`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29023`
MD5	`91f1c34846cf8f6268e1a8e4ce89c806`
SHA1	`8d96a15b1457c497fde5caec39b6160aa73e2a0f`
SHA256	`a8ddf576ecd916c742bd63e862c5794bdad9437251e0365ad43a33a026532704`
SHA3	`2fe7b3b9498337d368106945e5c526e1a0585818864b7f7605320d04919ffdda`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34723`
MD5	`937a9f6d6229ac46d38a3e33e6dd0e74`
SHA1	`238e155718167f746f97516bef64fff0f99c47bf`
SHA256	`9ca94f69dbbd5655127629df426d711002a8ff85ce3ca6a56f3ce1f38c35f5ed`
SHA3	`cd5e6e7760df7830f949ed1c650c1cc7edc92b5d2b274ab570a9f08592075685`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xd0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2023`
MD5	`2c445e7460778069a108bfa6e5838bf4`
SHA1	`ada7c52ba585077d914fb80b269ec8a841801795`
SHA256	`67fa84ed1924419c10197924c66863e6a229a1e590b17e32bde70bb75a809f82`
SHA3	`266c4ad63b3566332930feba77a9fb887467da0eb433709aa903dd5b70f234ec`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34911`
MD5	`4a1e6314536c88cfa0467bf5b0cc0dd1`
SHA1	`34d0696c00ac0a6e0171d94cdb9cb2b3bc662afb`
SHA256	`dbd0defe0cb0baca38eba086f1db49f41b260ac4f9cd2d6cdaed54074f04e2f9`
SHA3	`f1cc84f17e27543fee905fa4c85e54deef05696a42b067f54e122085710e76d2`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x274`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38314`
MD5	`4f5e4b8599bb67beee48225a670c085d`
SHA1	`fd060ca09ac26ff9b2328fe21ca61d02b368de27`
SHA256	`578c359bbb36060de8d60a8b1a12b4f670b6fac88a36bc918b03060c24a98cf2`
SHA3	`f6ffbff4f4ddcfeb5345c5c0dd57be9c5bb7f0dfe7ab83d2c7c27427f94e77b3`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25969`
MD5	`554e900fe50d4a3d3b373947d48d9b18`
SHA1	`4e1359c190f890b5b65c4146a0955fe44a441fe4`
SHA256	`e7de232f8671ff5d04aae8d2785cd25302a9e8065d2d8ea13c15e8ee1b933a09`
SHA3	`db4e7d64f7e831f914cbce1cd49e2842420b035b139c77afa1ff7d4631ecead8`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36546`
MD5	`a118f4a4890b14660b46fe2f52f4fa07`
SHA1	`0e75e093bfba403bd69db2fccdd3361b18d3c634`
SHA256	`9814aeb1a94e4cc3ebf1e69223d4399e9e246e07183ab7a1e9b644af872bda16`
SHA3	`b6f9333ad01b680e516dc783c06e7278e17ed732c83ab1f0c9b213118be66dbd`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28316`
MD5	`ce17eefa952521d5baed38d8da634065`
SHA1	`92bb906ad6e02578e29e001b6a78e3650b581c0a`
SHA256	`b8e942b0eb9854a81f44f87e8901d6f3b5bf701f112547769100577886e166e1`
SHA3	`e763d0fe9665223b6ac1877b19a91780f2bf36d44d7ceb1dcde670ad6201ec13`

CHARTABLE

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x82e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5072`
MD5	`6e9c1c8c0a0ec8d73165779560cd7ba4`
SHA1	`d044c45e2ffd24e1abef00079577df385e325ab4`
SHA256	`677245e2a6b2eb5495b4965b8c26025a4b26e8b8c21a825f658cb390b493b9a0`
SHA3	`3ec7819e8561ecad66b1ef2652d4f3b275030f7cf402f276daa38f28d288e4e7`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

HELPER_EXE_AMD64

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1800`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21599`
Detected Filetype	PE Executable
MD5	`4ff75f505fddcc6a9ae62216446205d9`
SHA1	`efe32d504ce72f32e92dcf01aa2752b04d81a342`
SHA256	`a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81`
SHA3	`02e12256d35338feb58de6ae0bcb19054c39a45341fc47892e6e39eba9beb7ff`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x730`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47044`
MD5	`572bacde0981128059cf9309a7c9dd5c`
SHA1	`9b7daede4073c0acbc77beaf7005813a23946e88`
SHA256	`a3ed66dccc12e19de86640d5250864d4d8c5316437f8ab95645c78254808b2a4`
SHA3	`cf96df6fd8141f41c2ce83902fe98c559a128372d9af7d2f593a666c50abe1c0`

SHFOLDERDLL

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5b10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.59624`
Detected Filetype	PE Executable
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
SHA3	`6c04a9206995500a984744fd15fcea5542f6f577f21c63ed00621a1acde31fe2`

TMAINFORM

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x147`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38242`
MD5	`260431439d6d6dc013128c21e764b02c`
SHA1	`4c9610714e7d98b0210551ff099f3f814fa02f38`
SHA256	`b13e27aecd8214f2e15bb087a83552639f613ae4ecb06b7e5ee32836f33e89b3`
SHA3	`e83b4830328d37bdf0a43f386faefe10320a3c23b4615c34b48e5655a81d2e5a`

TNEWDISKFORM

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3a2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.50778`
MD5	`5ce723642022c039f178c2aed86f52ac`
SHA1	`f60b54ad66ed10214ce479c7082ecc31099016a8`
SHA256	`0b40409be6235e4055c04cd92c0044e63375b0123f8dfcb6f9038b95cdbf3897`
SHA3	`772be5373fa748c11cf901059b0dc9c1957f7c40a01633071eb0f94fbb195425`

TSELECTFOLDERFORM

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x320`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45298`
MD5	`d2c6d81c9631e66915e8784d6a4cfd41`
SHA1	`a02fb6ccb639b1c2af3c83e8f7387a5afeae07e0`
SHA256	`24a91a7b458e7ffc84e316587ca0b8c9bb92b89eac88271a892c5ba18b40aced`
SHA3	`fd3cfc2bbb5e2613612e0c1bba8a061576b9adc68d87d149f8f695226889e34d`

TSELECTLANGUAGEFORM

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46511`
MD5	`98575f21ab9491e1b6ae5e852d4c4305`
SHA1	`9b642977985c5f8165ab104caa93481263367820`
SHA256	`c8cfb5e468a4a2376141c84f64d8431888dad485bfce8a6304a3d1e509fd2e28`
SHA3	`fe5f4907a9ab7f6cd607af666970009f4a927024a6b98d3ad6790a2546bfd29a`

TUNINSTALLPROGRESSFORM

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5d9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49396`
MD5	`52b0761ca7d2972fcfcbadcb577d444c`
SHA1	`ccc039edba58585a888ae6f856d8dd28868525f1`
SHA256	`0247d57b98275241c0999e00c11e1e8e7368121aa097856a980e0738d2e07360`
SHA3	`9c81a1fd9435070b1bd70c78436e17ebd439d9a4b8a929f15a0f0e7b9fecca64`

TUNINSTSHAREDFILEFORM

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x461`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.44622`
MD5	`4a32802bb5f3529cd029d0c2a8a5cec6`
SHA1	`2c4cb7d3e36c44852c227245a584657c868e526b`
SHA256	`683939c9900b86a18d49e77f21e39a6c15d4e7bb26bf7a59981c854c7ef5bb74`
SHA3	`52eb035d79cc6b2debf7730769cfc247df488983d02cf3b50ee85cecb0ac7687`

TWIZARDFORM

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2057`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49735`
MD5	`70f1e731c6ea743ce6dcdfafb5675034`
SHA1	`52624147daebc10579a223cacd5d5e17a66f8718`
SHA256	`4ddb37d4e5ab53c7c236ca3d12926cd2158815dd3e5646b30527d38d3a5206dd`
SHA3	`4b26c866bef8f4cfeab93d777caccc16a4bec78fe014d74b6edde78fd41949c4`

32761

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

32762

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

32763

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`48e064acaba0088aa097b52394887587`
SHA1	`310b283d52aa218e77c0c08db694c970378b481d`
SHA256	`43f40dd5140804309a4c901ec3c85b54481316e67a6fe18beb9d5c0ce3a42c3a`
SHA3	`38753084b0ada40269914e80dbacf7656dc94764048bd5dff649b08b700f3ed5`
Preview

32764

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`1ae28d964ba1a2b1b73cd813a32d4b40`
SHA1	`8883cd93b8ef7c15928177de37711f95f9e4cd22`
SHA256	`ff47a48c11c234903a7d625cb8b62101909f735ad84266c98dd4834549452c39`
SHA3	`a85dadd416ce2d22aa291c0794c45766a0613b853c6e3b884a2b05fc791427b8`
Preview

32765

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`0893f6ba80d82936ebe7a8216546cd9a`
SHA1	`0754cbdf56c53de9ed7fbd47859d20b788c6f056`
SHA256	`a0adcedb82b57089f64e2857f97cefd6cf25f4d27eefc6648bda83fd5fef66bb`
SHA3	`ce6148ade08ef9b829f83cb13b4c650d9d4a7012bfd1ab697a7870a05f4104f8`
Preview

32766

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`dcaa3c032fe97281b125d0d8f677c219`
SHA1	`58fe36409f932549e2f101515abee7a40cf47b2c`
SHA256	`6e1e7738a1b6373d8829f817915822ef415a1727bb5bb7cfe809e31b3c143ac5`
SHA3	`02ef292e1b4a70e439e362af6b4fa213e3816ade45222b78dabab712b6afba54`
Preview

32767

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Cursor file
MD5	`a95c7c78d0a0b30b87e3c4976e473508`
SHA1	`b19f3999f1b302a2d28977cb18a3416c918d486c`
SHA256	`326c048595bbc72e3f989cb3b95fbf09dc83739ced3cb13eb6f03336f95d74f1`
SHA3	`8157b4e6afa7ed2e2ffc174d655bec9fb81db609e4c5864faa5ead931ff60689`
Preview

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`811c1b936b990e5b9436926334ba228c`
SHA1	`897e75a309bc49b7d72c5e27af1796cb94951f9e`
SHA256	`a50148b80e2b2c892cb03d7d7ade8caa552e0a505a0d6ba0a6578b8014b271ec`
SHA3	`2fdaa200ae2885ae2c1d34b5e850e11dce70c41263b634bd8a7df8f86c28f18d`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07819`
MD5	`9d4f340b6295c457d23b240e8782d433`
SHA1	`a8ba1e73322c6d2ee8273093cecaed51de25a7dc`
SHA256	`5ce534f7c44cb2b71b44102f11ec16bb8fbf4dcee652e1b24602c3020eb818bf`
SHA3	`7e236b482bf7e435cadaaabaff91f126e172c31a337ca9831212b6a8f27f6e07`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x560`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05007`
MD5	`8d7accca43bc3864983dbbb9af490005`
SHA1	`07ae72350bcbfedb5015a78efd74fcfd3bab11ac`
SHA256	`ec233469005d39f4f2673be991a0415318631a59c5976c35d4dd22db45226fd0`
SHA3	`d340127cbdd815e5c2dd4b44e8755c28512ad5e969b757cfcec6612b00e9d186`

String Table contents

Capacity < Length
Nil interface
Unknown method
Expected return address at stack base
Type Mismatch
Unexpected End Of File
Version error
divide by Zero
Math error
Could not call proc
Out of Record Fields Range
Null Pointer Exception
Null variant error
Out Of Memory
Interface not supported
Unknown error
Invalid array
Out of string range
Cannot cast an interface
Cannot cast an object
Dispatch methods do not support more than 64 parameters
Unknown Identifier
Exception: %s
[Invalid]
No Error
Cannot Import %s
Invalid Type
Internal error
Invalid Header
Invalid Opcode
Invalid Opcode Parameter
no Main Proc
Out of Global Vars range
Out of Proc Range
Out Of Range
Out Of Stack Range
Failed to get object at index %d
Failed to set tab "%s" at index %d
Failed to set object at index %d
MultiLine must be True when TabPosition is tpLeft or tpRight
Invalid item level assignment
Invalid level (%d) for item "%s"
Invalid index
Unable to insert an item
Invalid owner
%s is already associated with %s
%d is an invalid PageIndex value. PageIndex must be between 0 and %d
This control requires version 4.70 or greater of COMCTL32.DLL
Invalid float
OLE error %.8x
Method '%s' not supported by automation object
Variant does not reference an automation object
Error loading dock zone from the stream. Expecting version %d, but found %d.
Multiselect mode must be on for this feature
Error setting %s.Count
Listbox (%s) style must be virtual in order to set Count
No OnGetItem event handler assigned
PageControl must first be assigned
No context-sensitive help installed
No help found for context
Unable to open Index
Unable to open Search
Unable to find a Table of Contents
No topic-based help system installed
No help found for %s
Failed to clear tab control
Failed to delete tab at index %d
Failed to retrieve tab at index %d
Right
Down
Ins
Del
Shift+
Ctrl+
Alt+
Unable to insert a line
Clipboard does not support Icons
Text exceeds memo capacity
There is no default printer currently selected
Menu '%s' is already being used by another form
Docked control must have a name
Error removing control from dock tree
- Dock zone not found
- Dock zone has no control
&Ignore
&All
N&o to All
Yes to &All
&Close
BkSp
Tab
Esc
Enter
Space
PgUp
PgDn
End
Home
Left
Up
%s on %s
GroupIndex cannot be less than a previous menu item's GroupIndex
Cannot create form. No MDI forms are currently active
A control cannot have itself as its parent
Cannot drag a form
Warning
Error
Information
Confirm
&Yes
&No
OK
Cancel
&Help
&Abort
&Retry
Error creating window class
Cannot focus a disabled or invisible window
Control '%s' has no parent window
Parent given is not a parent of '%s'
Cannot hide an MDI Child Form
Cannot change Visible in OnShow or OnHide
Cannot make a visible window modal
Scrollbar property out of range
%s property out of range
Menu index out of range
Menu inserted twice
Sub-menu is not in menu
Not enough timers available
Printer is not currently printing
Printing in progress
Printer selected is not valid
Tab position incompatible with current tab style
Tab style incompatible with current tab position
Bitmap image is not valid
Icon image is not valid
Invalid pixel format
Cannot change the size of an icon
Unsupported clipboard format
Out of system resources
Canvas does not allow drawing
Invalid image size
Invalid ImageList
Unable to Replace Image
Invalid ImageList Index
Failed to read ImageList data from stream
Failed to write ImageList data to stream
Error creating window device context
Property %s does not exist
Stream write error
Thread creation error: %s
Thread Error: %s (%d)
Cannot terminate an externally created thread
Cannot wait for an externally created thread
No help viewer that supports filters
String index out of range (%d). Must be >= 1 and <= %d
Invalid UTF32 character value. Must be >= 0 and <= $10FFF, excluding surrogate pair ranges
High surrogate char without a following low surrogate char at index: %d. Check that the string is encoded properly
Low surrogate char without a preceding high surrogate char at index: %d. Check that the string is encoded properly
''%s'' is not a valid date
''%s'' is not a valid date and time
''%s'' is not a valid integer value
''%s'' is not a valid time
Invalid argument to time encode
List count out of bounds (%d)
List index out of bounds (%d)
Out of memory while expanding memory stream
Number expected
ANSI or UTF8 encoding expected
%s on line %d
Error reading %s%s%s: %s
Stream read error
Property is read-only
Failed to get data for '%s'
Resource %s not found
%s.Seek not implemented
Operation not allowed on sorted list
String expected
%s expected
%s not in a class registration group
A component named %s already exists
String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Identifier expected
Invalid binary value
Invalid file name - %s
Invalid stream format
''%s'' is not a valid component name
Invalid property value
Invalid property path
Invalid property value
Invalid data type for '%s'
Invalid string constant
Line too long
List capacity out of bounds (%d)
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range
Can't write to a read-only resource stream
''%s'' expected
CheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists
List does not allow duplicates ($0%x)
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Monitor support function not initialized
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s
A call to an OS function failed
Jan
Feb
Mar
Apr
May
Jun
Format string too long
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
'%s' is not a valid floating point value
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	51.1052.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	Setup/Uninstall
FileVersion (#2)	51.1052.0.0

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x55c000`
EndAddressOfRawData	`0x55c03c`
AddressOfIndex	`0x54d7e8`
AddressOfCallbacks	`0x55d010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!

Leave a comment

No comments yet.