b82486b1bfba8696a7b9925eb813350cd32cc94a5779767e3af434d77c33e6ae

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States
Comments Extractor for TONEX library.db presets with optional BCho liberation
CompanyName Lib2Txp - Bcho
FileDescription Lib2Txp - Bcho
LegalCopyright Copyright (c) 2026 Bcho
ProductName Lib2Txp - Bcho
ProductVersion 1.5.0

Plugin Output

Suspicious PEiD Signature: XWD graphics format
HQR data file
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to internet browsers:
  • chrome.exe
  • firefox.exe
Looks for Qemu presence:
  • QEmU
Contains domain names:
  • --From.apk.bin.bmp.com
  • -From.apk.bin.bmp.com
  • -github.com
  • .console-entry.info
  • .eq.github.com
  • .eq.golang.org
  • .eq.modernc.org
  • .github.com
  • .hash.github.com
  • .hash.golang.org
  • .hash.net
  • .xz.7z.pl.py.au
  • 0github.com
  • 1github.com
  • 3github.com
  • 4github.com
  • 6github.com
  • 7z.pl.py.au
  • 9github.com
  • Cgithub.com
  • Dgithub.com
  • From.apk.bin.bmp.com
  • Ggithub.com
  • adobe.com
  • api.github.com
  • apk.bin.bmp.com
  • bin.bmp.com
  • cases.info
  • collada.org
  • console-entry.info
  • earth.google.com
  • entry.info
  • eq.github.com
  • eq.golang.org
  • eq.modernc.org
  • fonts.googleapis.com
  • garmin.com
  • github.com
  • go.microsoft.com
  • golang.org
  • google.com
  • googleapis.com
  • hash.github.com
  • hash.golang.org
  • http://earth.google.com
  • http://earth.google.com/kml/2.0
  • http://earth.google.com/kml/2.1
  • http://earth.google.com/kml/2.2
  • http://ns.adobe.com
  • http://ns.adobe.com/xfdf/
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/3dmanufacturing/core/2015/02
  • http://wails.localhost
  • http://www.collada.org
  • http://www.collada.org/2005/11/COLLADASchema
  • http://www.garmin.com
  • http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2
  • http://www.ibm.com
  • http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdapplication/x-vnd.oasis.opendocument.presentation-templatexml
  • http://www.opengis.net
  • http://www.opengis.net/gml
  • http://www.opengis.net/gml/3.2
  • http://www.opengis.net/gml/3.3/exr
  • http://www.opengis.net/kml/2.2
  • http://www.topografix.com
  • http://www.topografix.com/GPX/1/1
  • http://www.w3.org
  • http://www.w3.org/2000/svg
  • http://www.w3.org/2001/XMLSchema-instance
  • http://www.w3.org/2002/07/owl#
  • http://www.w3.org/2005/Atom
  • https://api.github.com
  • https://api.github.com/repos/bchosoft/Lib2Txp/releases/latestSELECT
  • https://bcho-donations.bcho.workers.dev
  • https://bcho-donations.bcho.workers.dev/config?app
  • https://bcho-donations.bcho.workers.dev/redeem?app
  • https://fonts.googleapis.com
  • https://fonts.googleapis.com/css2?family
  • https://github.com
  • https://go.dev
  • https://go.microsoft.com
  • https://go.microsoft.com/fwlink/p/?LinkId
  • https://ko-fi.com
  • https://wails.io
  • ko-fi.com
  • microsoft.com
  • modernc.org
  • ns.adobe.com
  • opengis.net
  • pl.py.au
  • schemas.microsoft.com
  • topografix.com
  • www.collada.org
  • www.garmin.com
  • www.ibm.com
  • www.opengis.net
  • www.topografix.com
  • www.w3.org
  • xz.7z.pl.py.au
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Uses constants related to Blowfish
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 08a2390d5e0151dc72e7da1f7c787469
SHA1 7ad974a537d0c4461727d97acef819825ee35db3
SHA256 b82486b1bfba8696a7b9925eb813350cd32cc94a5779767e3af434d77c33e6ae
SHA3 146540bbffb2a81e8a45e0b92e6554a123402ffe96364605fa17c3b05f2d5a59
SSDeep 98304:A7GXKx6+G98+qouE8XZAEKxm51z9abgNFkh5NRZf9Ph3ZaQEmF1l:ebg+G9diIbAFoRnvA
Imports Hash 4e2bd2c481372f7ab13b83b63b424e97

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0xe0e600
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x652000
SizeOfInitializedData 0xe6600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000008CA00 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x2e89000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 609d743d2ca2ec8fe080eec3f7627fe2
SHA1 da059a30743f16c502d769d3983327e7d5790b8a
SHA256 8f7fe27367f506b960dc5c974ca362ec4180b9778e41fd7ac11d5c7e22683354
SHA3 ecb5de9a4dee3f4def3bd459b11f4a2fbca9de7f8e6f2cb1c7d61a637e253522
VirtualSize 0x651e51
VirtualAddress 0x1000
SizeOfRawData 0x652000
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.17247

.rdata

MD5 811a026be8543c52182af56e68a3ad70
SHA1 bd0406d5647658b25173e80cc166d9beb00d18da
SHA256 a7be967b2e2afc7d2cc31f973199b666703138c123c8e9609c7cecd8cb19e9d0
SHA3 e992bf871151fd686517a2ee92153a78c3893734ffb1dbde81c7313e528d98d9
VirtualSize 0x690680
VirtualAddress 0x653000
SizeOfRawData 0x690800
PointerToRawData 0x652600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.84685

.data

MD5 33d42a5a7cd8183f7c6fc8707e4344c6
SHA1 7e0ea20db05ef1c0f0ba0a415cbb8d775acb25c2
SHA256 12abfd0d8cab4180e27d693220ec5e43a57f1d50277c1cb8d102a4b3fba5c797
SHA3 0147727b948b1600804f06668713e98c3afb53705810ce452319b0ec15227464
VirtualSize 0x21440e0
VirtualAddress 0xce4000
SizeOfRawData 0xe6600
PointerToRawData 0xce2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.084

.pdata

MD5 18f507e2bf9674f89bbca80a250a0e73
SHA1 e5de7f49b6345043c919ddb1bf24e46838d2567a
SHA256 232c19853fa1e8d73a0e2f045c70c79d5343ffc8ab8d2129db7ab5c9888baa06
SHA3 4589f7a663eb0abcf3b29151922d4bcd63c40e81245091c1e1e59933c7c04baf
VirtualSize 0x287e8
VirtualAddress 0x2e29000
SizeOfRawData 0x28800
PointerToRawData 0xdc9400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.81711

.xdata

MD5 8a16930def765d266b7468f27fb81084
SHA1 b454849da70bb34049b959f74bc4f5169c382a11
SHA256 152ec8b5bff93847284184d1e5de9f171ebcd33ca009fb2f059f877a4bb5feff
SHA3 9caba355478993ad13e690326f067e87d6e3bdfdd7e8da51850d85526f11390e
VirtualSize 0xb4
VirtualAddress 0x2e52000
SizeOfRawData 0x200
PointerToRawData 0xdf1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.76749

.idata

MD5 750a72f816cd803fb6d44f74398a4855
SHA1 2a183442611f035eea797a7ff4908e3c2640ea61
SHA256 47cf9df756b50f834a9130dcc66f28a7eff978d3c76849420ba8e6535cd7a4fe
SHA3 873f864493560b3d4d09e8cbb9aa888eab3b13317c5d4c86607fb940b31ffb0c
VirtualSize 0x57c
VirtualAddress 0x2e53000
SizeOfRawData 0x600
PointerToRawData 0xdf1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.30783

.reloc

MD5 f9104867cb0630b628293fe5fe870d44
SHA1 7bee4d546a90fbd167556d805d496532f97b553a
SHA256 dc9dc945b15d42a77dd5825238a75904b239be2cd3fddb84b85c9743c9fe4728
SHA3 87f6ba8cd01e8b2d9eb76cd8ac50869f0ac869b850abe21afcf8e6c005699aa3
VirtualSize 0x1c0dc
VirtualAddress 0x2e54000
SizeOfRawData 0x1c200
PointerToRawData 0xdf2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.43795

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x2e71000
SizeOfRawData 0x200
PointerToRawData 0xe0e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

.rsrc

MD5 2c4574f5465d67b0fb3403a4aa2cc837
SHA1 b44f673f0544efe80e00ff44de8f887311b19191
SHA256 ea06edeb01834dd3415f68a1d328473a7934c7da48bd616978b1a106e057f536
SHA3 8f8a79e12e635bfffb937ce85b3479e6e8795a2386e887886b9576117f66fb7a
VirtualSize 0x16328
VirtualAddress 0x2e72000
SizeOfRawData 0x16400
PointerToRawData 0xe0e800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.97904

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
QueryPerformanceCounter
PostQueuedCompletionStatus
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler
GetProcAddress
LoadLibraryExW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x13ea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.996
Detected Filetype PNG graphic file
MD5 29ab0b1f0decc05c257956ac0118b118
SHA1 8081c5370945af96a68eb7d64489d024ce343a40
SHA256 aa07b41f6fb26a54edafa033aeca785effa593325c8f7b1a04894675fcbf7afc
SHA3 161b5dfa9ee068f45e38a97e7100844d0cd1374a2c711ba0137761dbf7a0aba9

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xf80
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94279
Detected Filetype PNG graphic file
MD5 5b85647fb15729bf5bc8739d924c5190
SHA1 e8335f1fb2a43ae53e502dfd64e4db3af2993bbf
SHA256 ac4e6ef3e916a8a6ce0acc36cbae3ca0ac61c73ab2205f00dc61777c75f57589
SHA3 dc7dfe3e85617abaed7ebb5f3d08d5f922e72455b318889e4bf73b003c74cd54

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x7e2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.88794
Detected Filetype PNG graphic file
MD5 94ef5ac52dced5b3793cbdf8e4d7739a
SHA1 46d128bb7db03deb29fa7bfadc556f292f6d4b49
SHA256 cc064c33da3b0a055f7e29b3cf9edcb45103b91170771e009b3716161c0290e6
SHA3 255e92ef3eecaa9ec2fbaeabc44aab1ba89501063099ac98c569dc08efe28a86

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x294
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.62987
Detected Filetype PNG graphic file
MD5 91f682f7497a72cf143ecc8bd3ddb2cb
SHA1 2ad01eb2bbfc9fbbdf42ebe9ab025e3b4941be97
SHA256 ef188b50ab87f8d799ade99708b552bed570ad3aeae58efdc210e282000deb8b
SHA3 4f409d9964012617752f7fd253be5f350b9720917fb92489a2e19b3a670fcf3d

3 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.38945
Detected Filetype Icon file
MD5 1b20ce5776e77d29125ac2781fdd1bce
SHA1 444108eadad274dcf03e9b44f5bdf93aeb246f5c
SHA256 89993891eb95d5508e978be1293eec51ab3fc6a9584d9027be933ddf688470d6
SHA3 26b9efa696c295b203e06b3818254fd8c0290a9df47767270160ad04e1068497

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x2cc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38672
MD5 22aa94f42772f6ee0d81140174f6b124
SHA1 a0759fabbcdd7adf304cf9a83b42dc5f19357714
SHA256 3412c112cb0f7e25ab763f9f108a8c0df880af99d3c06e00ccfec19360801a15
SHA3 e7ce82baf90f8c8ddb49319de2848d049d7fbaa613ad2b5585c746b32c20f175

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x5ad
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.23978
MD5 5f447551c08feb75f1975d7cf4bddc9d
SHA1 eb642c2d8476d0b7a4db509b97072bf4faccd6c4
SHA256 5803230f99ee5ad12cc84c69f63e03d6a7a8af157947331b96d6b2616389adbb
SHA3 e5f04b50b3f6f7a39e3620b55bca35a4754b6252070765729cced8dfdb3721c2

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.5.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Extractor for TONEX library.db presets with optional BCho liberation
CompanyName Lib2Txp - Bcho
FileDescription Lib2Txp - Bcho
LegalCopyright Copyright (c) 2026 Bcho
ProductName Lib2Txp - Bcho
ProductVersion (#2) 1.5.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.