Manalyze report for b1db1a15ab5a6047a7aea1737f7114a9eacaf082b04e46e13f31c302e304d4d9

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-17 05:53:20
Detected languages	Chinese - PRC English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Suspicious	The PE is possibly a dropper.	`Resources amount for 75.7715% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`764789dd9c095d74b6b258cf0f7568b2`
SHA1	`a368c43fa69e25172aaabe73d99cc04fbe15e211`
SHA256	`b1db1a15ab5a6047a7aea1737f7114a9eacaf082b04e46e13f31c302e304d4d9`
SHA3	`bc52e6c4c1897587069b6b0ad9c43f5df7c0444b8960da34313d53bd5332f0d5`
SSDeep	`768:2TISBcABCO/v5ZPBrURbb+i9aLR9Sbh9Sb:2TISaABCKBOqiMLRC`
Imports Hash	`da464bb241dbd2af96734d33179b25be`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Apr-17 05:53:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3800`
SizeOfInitializedData	`0x1b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000003B20 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x23000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d100471faf9d9fa066ae6afc6b074368`
SHA1	`0fc22bdd4c66e2b46c65b74d84ead48c473b944c`
SHA256	`881b4a0176c6607c0d83b740439814d617e1e2453d8361092294d24f9dae19c4`
SHA3	`d8ada697d977f0aaf34baf0c6ef499c5cb5bd9dbee0b99a33cdecb2258b0cc6a`
VirtualSize	`0x376c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20446`

.rdata

MD5	`92923662aa80c95c722ab1d9f3a100d3`
SHA1	`c434d80eeef2fb9d8ed25aabde2e30a03edc7f07`
SHA256	`e974f8bde2b176acbf59819034f3fa9c042ecf9fdfcc06cc0aa564ace8eef29d`
SHA3	`45b02ea3b3db204e817e619882402ef128c21b1c3676f99614cd65afb29817e7`
VirtualSize	`0x2832`
VirtualAddress	`0x5000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62912`

.data

MD5	`425c70561161f6875e4cf8550a5510a7`
SHA1	`55722aed0e8e9fe9a000272febc0218bb55b60dc`
SHA256	`fed9cb753af57856381a122ab54c57f4384c273320134d23bf93c21de1370e32`
SHA3	`4674a6812deabcf112aad8b5ef676a1a1034ba9d7c83e928358f4f78a5adabef`
VirtualSize	`0xa28`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.09313`

.pdata

MD5	`3098ac867b3f976d50c32a1356c34862`
SHA1	`8bb1878652aac594a572280fbce1baedac96ea1a`
SHA256	`90e7dea43b8bee5e4b9b782b21e3454300715e8c31f8a99026070cb848d60e17`
SHA3	`8ce3428f239e1a00b0cce9bfc4b4c12ecd2c674834c1779c6847b997e60caac7`
VirtualSize	`0x3e4`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.01893`

.rsrc

MD5	`7de126ff0c54ae81a2a291c8a99f84de`
SHA1	`b47dd45afd1644eef03f7da94f81b6ab733617e9`
SHA256	`80bc363b6bef54c4eae77e319c4e20d7fe95f2b9315e808fc77a53329df0ae0b`
SHA3	`0c53eac42f9a1aa90fcb8da0bbbc46563aa4618eb4c0284ce5ba976b55e39e29`
VirtualSize	`0x172c8`
VirtualAddress	`0xa000`
SizeOfRawData	`0x17400`
PointerToRawData	`0x6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.04047`

.reloc

MD5	`41df1035b36752ab47eebbf79750d7bb`
SHA1	`f473eda36becff04def5bad6946b3bca06752c06`
SHA256	`78404687ed785f03a93202d641e56d3174f8b4a8a68eae9537929b14b7cd2bf8`
SHA3	`90c77c2c55a6b36c9818bdd5f9c95e07def95726c2b5d961a6d38b8dc5ee8d1e`
VirtualSize	`0x58`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.20367`

Imports

KERNEL32.dll	`GetLastError` `CloseHandle` `GetFileSizeEx` `CreateFileA` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `CreateFileW` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `SetUnhandledExceptionFilter` `WideCharToMultiByte` `RtlCaptureContext`
USER32.dll	`GetMessageW` `DefWindowProcW` `DestroyWindow` `MessageBoxW` `SendMessageW` `EndDialog` `RegisterClassExW` `EndPaint` `LoadAcceleratorsW` `LoadStringW` `ShowWindow` `DispatchMessageW` `BeginPaint` `UpdateWindow` `DialogBoxParamW` `SystemParametersInfoW` `CreateWindowExW` `PostQuitMessage` `LoadCursorW` `LoadIconW` `TranslateMessage` `TranslateAcceleratorW`
MSVCP140.dll	`?good@ios_base@std@@QEBA_NXZ` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?uncaught_exception@std@@YA_NXZ` `?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z`
COMCTL32.dll	`InitCommonControlsEx`
VirtDisk.dll	`OpenVirtualDisk` `AttachVirtualDisk` `GetVirtualDiskPhysicalPath` `DetachVirtualDisk`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memset` `__current_exception_context` `__current_exception` `_CxxThrowException` `__std_exception_copy` `__std_exception_destroy` `__std_terminate` `memmove` `memcpy` `__C_specific_handler`
api-ms-win-crt-stdio-l1-1-0.dll	`fclose` `_wfopen_s` `fwrite` `fread` `__p__commode` `_set_fmode`
api-ms-win-crt-string-l1-1-0.dll	`wcscpy_s` `wcscat_s` `strncmp`
api-ms-win-crt-runtime-l1-1-0.dll	`_exit` `_c_exit` `_register_thread_local_exe_atexit_callback` `exit` `_initterm_e` `_set_app_type` `terminate` `_initialize_onexit_table` `_register_onexit_function` `_seh_filter_exe` `_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_cexit` `_invalid_parameter_noinfo_noreturn` `_crt_atexit` `_configure_wide_argv`
api-ms-win-crt-filesystem-l1-1-0.dll	`remove`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `free` `_set_new_mode` `malloc`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x115a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40514`
Detected Filetype	PNG graphic file
MD5	`80effeaf0f7f73030c8c163b1d372a73`
SHA1	`2fe13eb3e7bca557f85fc8f9b9cae0bcc471b2b8`
SHA256	`fb2d880da70a3656bd101b0abef32bf9fa1cd534f722390a89726d6688a9b69a`
SHA3	`09fc211cee1c94a133ffcd534ee37fbf0cbc1361fd7597fdae82672b1a5ed951`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26975`
MD5	`f1116353e3532f47558905b9bf055ccd`
SHA1	`c811f9279167c9403f4ace49d15ea4903e111a4c`
SHA256	`8449d82e04180f53b51638f4be40711c0ec460a6d8974814281ca3ad023a6f7c`
SHA3	`8b370bb368464c8ef4b224957a67081802a791c011f3a79505fcbb00750bf58d`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.1346`
MD5	`556efe1176ce501c76135e739a4e351f`
SHA1	`8111ff3a50a39de110c9e7ec763b6e8ff7ee0ef2`
SHA256	`4d473837de08a8436ca2395d0c5f32c21520932efdeddc1901a10af5392f88d9`
SHA3	`5ee61c09e5a367b13359b017f3154d6b35c0ba5c7ca0b56adde22d7aa36b8507`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.398`
MD5	`837e52eb38d74315e357d8f125c4df81`
SHA1	`03c8def2cd7c7cb2ed4104ecddfe81b6ddd4e658`
SHA256	`98174f3472ca0f9554ba63205b25c32599203ed666ed11fe97b0ea8e139bfcbb`
SHA3	`e311783462de1ba36b6ee0703350bf7e2e1d4bdd64e4290fbc2ac4d4be1fb838`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x90b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34276`
Detected Filetype	PNG graphic file
MD5	`6ddb2971171f0cbb5a7a1e24daf9c058`
SHA1	`a92c044ebf614033ebcecb80ab7da6db5b0f47ba`
SHA256	`29f3cf41dd19aae1f411e6682ad4076909714abcec3c7604da2865d8781f4435`
SHA3	`4e91d648365b090fd3d80a8178669937da27063df98faebc1f0e9b2bcc9fd26e`

6

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68124`
MD5	`020378554aef476bca9321efd923987b`
SHA1	`bf562d60d3cfcd46edc694b514067f794f889b4d`
SHA256	`f12c4d9291ec41fe83d9f607e7e5e97c9ad91d4b6ce630362c90a7bbb6a33f87`
SHA3	`5bdea54b791bb08ed05c13760559a65dc1094e9359b70070333f561218217d3c`

7

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80715`
MD5	`ee6aab0d2a2a3b593c956cf42f77ae3a`
SHA1	`80eea6b72d811395a7ae8faa087f6c4e023113c1`
SHA256	`5d3accd3fffb51a126c51b31c8c702eb82d7d263adc40f79cef611505b657b2e`
SHA3	`10af8fd3eb86072414476d7292ca23b3cc81a97950e0b2de7c174c7fdc0b2829`

8

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82161`
MD5	`754e2bdcacf6a45aeae73a4fe1e18874`
SHA1	`4201cb1e3adbad8d330ed3b4a5dbd93be8d7a23a`
SHA256	`26109c3d569485c1a47d9387a1c01c8ba80e5f72c5b3e68349e1fb445f3c8a91`
SHA3	`2b9b049adf2fa9fad570f5e40eaa1b32f374d686a03f2b3ca42dbd584e169a2e`

9

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9458`
MD5	`049adcf7dae1847bdc61e2839c33815f`
SHA1	`63ed6cc6be6dfc49080de6a75c19fdda47bb6e4d`
SHA256	`6b75bee5cf9b91b5365172e6cec8710325aea24bfd15eb71343b1e4e048f5558`
SHA3	`20ce7114961ea521dc59b71b0cad68fc3896c90b7813b067e75a3174dd19a79b`

10

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x115a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40514`
Detected Filetype	PNG graphic file
MD5	`80effeaf0f7f73030c8c163b1d372a73`
SHA1	`2fe13eb3e7bca557f85fc8f9b9cae0bcc471b2b8`
SHA256	`fb2d880da70a3656bd101b0abef32bf9fa1cd534f722390a89726d6688a9b69a`
SHA3	`09fc211cee1c94a133ffcd534ee37fbf0cbc1361fd7597fdae82672b1a5ed951`

11

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26975`
MD5	`f1116353e3532f47558905b9bf055ccd`
SHA1	`c811f9279167c9403f4ace49d15ea4903e111a4c`
SHA256	`8449d82e04180f53b51638f4be40711c0ec460a6d8974814281ca3ad023a6f7c`
SHA3	`8b370bb368464c8ef4b224957a67081802a791c011f3a79505fcbb00750bf58d`

12

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.1346`
MD5	`556efe1176ce501c76135e739a4e351f`
SHA1	`8111ff3a50a39de110c9e7ec763b6e8ff7ee0ef2`
SHA256	`4d473837de08a8436ca2395d0c5f32c21520932efdeddc1901a10af5392f88d9`
SHA3	`5ee61c09e5a367b13359b017f3154d6b35c0ba5c7ca0b56adde22d7aa36b8507`

13

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.398`
MD5	`837e52eb38d74315e357d8f125c4df81`
SHA1	`03c8def2cd7c7cb2ed4104ecddfe81b6ddd4e658`
SHA256	`98174f3472ca0f9554ba63205b25c32599203ed666ed11fe97b0ea8e139bfcbb`
SHA3	`e311783462de1ba36b6ee0703350bf7e2e1d4bdd64e4290fbc2ac4d4be1fb838`

14

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x90b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34276`
Detected Filetype	PNG graphic file
MD5	`6ddb2971171f0cbb5a7a1e24daf9c058`
SHA1	`a92c044ebf614033ebcecb80ab7da6db5b0f47ba`
SHA256	`29f3cf41dd19aae1f411e6682ad4076909714abcec3c7604da2865d8781f4435`
SHA3	`4e91d648365b090fd3d80a8178669937da27063df98faebc1f0e9b2bcc9fd26e`

15

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68124`
MD5	`020378554aef476bca9321efd923987b`
SHA1	`bf562d60d3cfcd46edc694b514067f794f889b4d`
SHA256	`f12c4d9291ec41fe83d9f607e7e5e97c9ad91d4b6ce630362c90a7bbb6a33f87`
SHA3	`5bdea54b791bb08ed05c13760559a65dc1094e9359b70070333f561218217d3c`

16

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80715`
MD5	`ee6aab0d2a2a3b593c956cf42f77ae3a`
SHA1	`80eea6b72d811395a7ae8faa087f6c4e023113c1`
SHA256	`5d3accd3fffb51a126c51b31c8c702eb82d7d263adc40f79cef611505b657b2e`
SHA3	`10af8fd3eb86072414476d7292ca23b3cc81a97950e0b2de7c174c7fdc0b2829`

17

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82161`
MD5	`754e2bdcacf6a45aeae73a4fe1e18874`
SHA1	`4201cb1e3adbad8d330ed3b4a5dbd93be8d7a23a`
SHA256	`26109c3d569485c1a47d9387a1c01c8ba80e5f72c5b3e68349e1fb445f3c8a91`
SHA3	`2b9b049adf2fa9fad570f5e40eaa1b32f374d686a03f2b3ca42dbd584e169a2e`

18

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9458`
MD5	`049adcf7dae1847bdc61e2839c33815f`
SHA1	`63ed6cc6be6dfc49080de6a75c19fdda47bb6e4d`
SHA256	`6b75bee5cf9b91b5365172e6cec8710325aea24bfd15eb71343b1e4e048f5558`
SHA3	`20ce7114961ea521dc59b71b0cad68fc3896c90b7813b067e75a3174dd19a79b`

109

Type	`RT_MENU`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24529`
MD5	`3768d661f1606dafe0bbd6dbcbb1aa50`
SHA1	`250a2f56a3becde33eceeb3ef69a502fc3bdfcca`
SHA256	`8f0d417b64215ec2f33379d29e91fbdcd15cd710652ef28e0478c7f4be0a030c`
SHA3	`e3cf07897350f1c39ad0376f00125782ae1786e1592554044d93e4f679f73935`

103

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x118`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34136`
MD5	`70539dd5bd526b3df38e8b1be6dcc568`
SHA1	`97b31a00072eab415968a6e58bf2e5ab1c851c3b`
SHA256	`ec8df01e10b8d44e0635dcaceb38f27820b032e23634ca9d92378738365d207f`
SHA3	`efe27a503dda9155ea3a63f7063493a23ff109aba1bb0072181547c0c7f77143`

7 (#2)

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.74869`
MD5	`ad6312d000ca43ab70498d65bbd9d774`
SHA1	`c86846b154f23186fb1a903c1b90f6dee93d3d19`
SHA256	`acd0baf9e5f2f3e1529795f9890184e275b0067a87e740623ca5de5df7f758fc`
SHA3	`ec671c78a3a477e045b7748c8afe4b2f08d08e994a4d5b29946439e547344032`

109 (#2)

Type	`RT_ACCELERATOR`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80887`
Detected Filetype	Icon file
MD5	`3c05e220887a3ece785e94ba01ef2365`
SHA1	`58b72f9ecac3827e770a073030bf1c48de0e31f1`
SHA256	`b89482d2dfd349ed0465241aa76507fd25a49dfafed3c7233afd53a3ff36f6a7`
SHA3	`2cd355b6a0b659201c97af9c629791d1d7e083c8a4dca9ab93ce5582cae117ae`

108

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85121`
Detected Filetype	Icon file
MD5	`761371fb444ffe3cba9630fa53a07e52`
SHA1	`09e05edf4a7a8d5b314e96d9aae9250fd86ea068`
SHA256	`ca27366c72f3cad07bc9e39d6626a6a059cb939d6985475e49dd8e5b93cbbe86`
SHA3	`32af3f3ea06c3d9cc09fb775f4610d3b91f2af87cb8a700b5d1b0ab04f95b0ce`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x27e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06467`
MD5	`d875a3e09bd74a8f760449a19a351827`
SHA1	`870df3cd183e92816fb4f92427cafa686f946a33`
SHA256	`a148bb733a7a6233501d6e615bcd37bedb995c29670798088e6c9c325b4429c8`
SHA3	`782f36c3fdf8521b0f1ebd9c721ce82161d3bd77c965734f3fd2714a3113db23`

String Table contents

SampleVC
SampleVC

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-17 05:53:20
Version	`0.0`
SizeofData	`780`
AddressOfRawData	`0x5cd8`
PointerToRawData	`0x48d8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Apr-17 05:53:20
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140008040`

RICH Header

XOR Key	`0x580c04c3`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
Imports (34321)	`6`
ASM objects (34321)	`4`
C objects (34321)	`10`
C++ objects (34321)	`26`
Imports (30795)	`9`
Total imports	`135`
C++ objects (LTCG) (34436)	`6`
Resource objects (34436)	`1`
151	`1`
Linker (34436)	`1`

Errors

Leave a comment

No comments yet.