Manalyze report for c127da8d06ff467e2dfb7a6fa73a3100829ec38061e8280dbb4e35aa1d73cc4e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Jan-04 17:47:34
Detected languages	Process Default Language

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExA GetProcAddress LoadLibraryExW` `Can create temporary files: CreateFileW GetTempPathW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`2933966 bytes of data starting at offset 0xef400.` `The overlay data has an entropy of 7.9983 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 12/69 (Scanned on 2026-05-08 22:23:51)	`AVG: FileRepMalware [Misc]` `Avast: FileRepMalware [Misc]` `CrowdStrike: win/malicious_confidence_60% (D)` `Cylance: Unsafe` `Elastic: malicious (high confidence)` `Fortinet: W32/SchoolGirl.OY!tr` `Gridinsoft: Trojan.Win32.Downloader.oa!s1` `Jiangmin: Trojan.Sdum.anm` `McAfeeD: ti!C127DA8D06FF` `NANO-Antivirus: Trojan.Win32.Dwn.jvlqmk` `VBA32: Trojan.Diztakun` `Zillya: Trojan.Sdum.Win32.10190`

Hashes

MD5	`7d1c6bcabf22729473a19b482a064488`
SHA1	`e9f67af7cd5593bdefd8ce9ddc8111fea160b56d`
SHA256	`c127da8d06ff467e2dfb7a6fa73a3100829ec38061e8280dbb4e35aa1d73cc4e`
SHA3	`1b95c1c95921ab366d0728715a5051b731ff17755f5765d07259716f0a6044d5`
SSDeep	`49152:48ntDZAcCVT1Zgg3Sk5Tx6CtcX4EwgGWYAiRzg1vR7ep1VR+kA231M6q2WateUKC:rZAcCKaZuX4EwNBd2ypR+Ho+2WbHTC`
Imports Hash	`0627a95a8266372ea419d8fff78eff26`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2023-Jan-04 17:47:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x84200`
SizeOfInitializedData	`0x6ae00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00063713 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x86000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xf4000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e467d5beeec0315b0b116dea2582dc9f`
SHA1	`608fadecb6bad176dd6f9ec82cbd1ddc29c0e714`
SHA256	`5bd0aef7306a33a402f0e9ef92a045dfbd3eb62b34816b59068a21f2d81771ed`
SHA3	`18520e510b7f4a6c117a175c19e0d0fc3b2b1dd08625409263bf9b39ba155348`
VirtualSize	`0x841f3`
VirtualAddress	`0x1000`
SizeOfRawData	`0x84200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60186`

.rdata

MD5	`af4d66136e48c2b66ee70de429fc9df1`
SHA1	`a63cec62d347119ef6aa17e6f12aa4e87ec364b7`
SHA256	`1998433e980aa2703f50945b294805dee2e47f6f54f828191de08a5fbc2dbe29`
SHA3	`5256f2c43918d5584c9286f67c6ae3e16359f7ccb2163a0f134256e81b3f0ca7`
VirtualSize	`0x1a7c2`
VirtualAddress	`0x86000`
SizeOfRawData	`0x1a800`
PointerToRawData	`0x84600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.05374`

.data

MD5	`72432e11987e452959e244ac3397d7ad`
SHA1	`61ceee0145ff87265624957113b13e1841a3885a`
SHA256	`308b29c91cfe0d713beb2270dafce8168bed4f3113560786d9e999be7e9dcaee`
SHA3	`41f86b9a723756eab85fbcc975e5b501b52daeb27c1d876b56b37121c8276720`
VirtualSize	`0x27fc`
VirtualAddress	`0xa1000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x9ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.99058`

.rsrc

MD5	`caca81f5cc224ebb39c12cc7291a227f`
SHA1	`99077cc8e46319e2bcc4db4fe7675c6471be8470`
SHA256	`8f6400fb319a43b7418b1ab6960cc62f6ac6f157e89ce31b6825e26f3e195414`
SHA3	`e8e42f702ff2442d8089123478eab42789d34cbb363853979757842613bc2d7d`
VirtualSize	`0x48594`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x48600`
PointerToRawData	`0xa0800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.21967`

.reloc

MD5	`bd27598504291e4bc9856a2b04f2f91e`
SHA1	`21033c8d06cdfba68dc58ea9ec1417c18a480bb7`
SHA256	`ffedd5b55a0eaddf0bae78363f66e9dcd051b8f15e36cfd7e15db7130bbfb8c5`
SHA3	`e57639d8857a9fd992229be81b4a9bc0cfe58acb9272d0e2de54a2da9b9249be`
VirtualSize	`0x6590`
VirtualAddress	`0xed000`
SizeOfRawData	`0x6600`
PointerToRawData	`0xe8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.72099`

Imports

COMCTL32.dll	`#17`
WINMM.dll	`timeBeginPeriod` `joyGetDevCapsW` `joyGetPosEx` `timeEndPeriod`
KERNEL32.dll	`MultiByteToWideChar` `WideCharToMultiByte` `GlobalAddAtomW` `GlobalDeleteAtom` `lstrlenW` `GetCommandLineW` `GetExitCodeProcess` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `SetErrorMode` `GetCurrentDirectoryW` `GlobalFree` `LoadLibraryW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineA` `FindNextFileA` `FindFirstFileExA` `DecodePointer` `GetFileType` `GetProcessHeap` `LCMapStringW` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetOEMCP` `IsValidCodePage` `GetStringTypeW` `GetCPInfo` `HeapFree` `HeapReAlloc` `HeapAlloc` `GetStdHandle` `FindNextFileW` `GetModuleHandleExW` `ExitProcess` `SetEnvironmentVariableW` `DeleteFileW` `HeapSize` `GetACP` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `EncodePointer` `RtlUnwind` `InitializeSListHead` `GetCurrentThreadId` `GetCurrentProcessId` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetSystemTimeAsFileTime` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `QueryPerformanceFrequency` `QueryPerformanceCounter` `LoadLibraryExA` `GetModuleHandleW` `VirtualQuery` `VirtualProtect` `GetSystemInfo` `RaiseException` `CreateMutexW` `GetModuleFileNameW` `Sleep` `SetCurrentDirectoryW` `ReleaseMutex` `WaitForSingleObject` `FindClose` `FindFirstFileW` `CloseHandle` `SetFilePointerEx` `SetFilePointer` `WriteFile` `GetLastError` `ReadFile` `CreateFileW` `CreateDirectoryW` `GetTempFileNameW` `GetTempPathW` `WriteConsoleW` `RemoveDirectoryW` `GetVersionExW` `GetLocaleInfoW` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `SetStdHandle` `GetConsoleCP` `GetConsoleMode` `FlushFileBuffers` `GetModuleFileNameA`
USER32.dll	`DrawTextW` `OffsetRect` `DestroyWindow` `PostQuitMessage` `DrawEdge` `GetUpdateRect` `DefMDIChildProcW` `EndPaint` `BeginPaint` `InflateRect` `GetClassNameW` `GetDlgItemTextW` `SendDlgItemMessageW` `EndDialog` `GetDlgItem` `SetDlgItemTextW` `GetTabbedTextExtentW` `MapVirtualKeyW` `GetInputState` `DrawMenuBar` `SetMenuInfo` `DestroyMenu` `LoadMenuIndirectW` `GetMenuItemCount` `SetWindowPlacement` `GetWindowPlacement` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `GetDesktopWindow` `GetSystemMenu` `UpdateWindow` `GetWindow` `RegisterClassW` `RegisterClassExW` `ModifyMenuW` `GetMenuStringW` `GetMenuItemID` `DialogBoxParamW` `FillRect` `LoadImageW` `LoadIconW` `GetMonitorInfoW` `MonitorFromWindow` `GetSystemMetrics` `RedrawWindow` `IsIconic` `IsDialogMessageW` `SetTimer` `GetClipboardData` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `IsClipboardFormatAvailable` `CheckMenuItem` `EnableMenuItem` `GetMenu` `PtInRect` `PostMessageW` `InvalidateRect` `SetFocus` `GetFocus` `CallWindowProcW` `RemovePropW` `SetPropW` `SetWindowLongW` `GetPropW` `MessageBoxW` `GetParent` `GetActiveWindow` `ShowCursor` `SetCapture` `ReleaseCapture` `GetKeyState` `GetWindowRect` `GetWindowDC` `SetCursorPos` `ClientToScreen` `ScreenToClient` `GetCursorPos` `LoadStringW` `MapWindowPoints` `SetWindowPos` `IsZoomed` `GetWindowLongW` `AdjustWindowRectEx` `SendMessageW` `LockWindowUpdate` `ShowWindow` `IsWindowVisible` `GetClientRect` `SetWindowTextW` `wsprintfW` `IntersectRect` `KillTimer` `DestroyIcon` `GetSubMenu` `DeleteMenu` `GetMenuState` `LoadCursorW` `SetCursor` `SystemParametersInfoW` `GetSysColor` `ReleaseDC` `CreateIconIndirect` `GetDC` `MsgWaitForMultipleObjects` `DispatchMessageW` `TranslateMessage` `TranslateMDISysAccel` `GetMessageW` `PeekMessageW` `DialogBoxIndirectParamW`
GDI32.dll	`CreatePalette` `SelectPalette` `RealizePalette` `EnumFontFamiliesExW` `GetStockObject` `SelectObject` `GetTextExtentPointW` `GetDeviceCaps` `GetObjectW` `CreateFontIndirectW` `DeleteObject` `CreatePen` `Rectangle` `LineTo` `SetBkColor` `ExtTextOutW` `SetTextColor` `SetBkMode` `CreateRectRgn` `GetClipRgn` `ExcludeClipRect` `SelectClipRgn` `SetDIBits` `CreateCompatibleBitmap` `CreateSolidBrush` `CreateBitmap`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
SHELL32.dll	`DragFinish` `DragQueryFileW` `ShellExecuteExW` `DragAcceptFiles`
MMFS2.dll (delay-loaded)	`#3` `#172` `#831` `#19` `#1033` `#1145` `#425` `#1144` `#423` `#430` `#1146` `#121` `#31` `#1105` `#255` `#281` `#174` `#419` `#688` `#192` `#120` `#333` `#80` `#468` `#280` `#67` `#125` `#249` `#276` `#366` `#959` `#945` `#123` `#124` `#11` `#1049` `#1036` `#173` `#493` `#487` `#372` `#520` `#585` `#341` `#342` `#417` `#355` `#610` `#445` `#344` `#50` `#62` `#34` `#982` `#1106` `#1017` `#876` `#361` `#32` `#63` `#832` `#742` `#102` `#101` `#17` `#16` `#103` `#753` `#536` `#756` `#343` `#686` `#443` `#1000` `#265` `#1068` `#162` `#765` `#1069` `#379` `#661` `#1031` `#433` `#184` `#191` `#825` `#201` `#158` `#177` `#186` `#163` `#176` `#189` `#1073` `#183` `#153` `#1072` `#10` `#9` `#6` `#8` `#7` `#766` `#64` `#43` `#65` `#66` `#264` `#587` `#448` `#286` `#568` `#169` `#849` `#571` `#701` `#703` `#170` `#51` `#74` `#83` `#97` `#81` `#979` `#79` `#187` `#82` `#76` `#78` `#106` `#107` `#105` `#168` `#691` `#75` `#241` `#272` `#245` `#274` `#363` `#645` `#584` `#519` `#356` `#739` `#713` `#137` `#554` `#155` `#786` `#619` `#462` `#761` `#411` `#1120` `#469` `#1134` `#95` `#1123` `#1126` `#94` `#1124` `#1125` `#98` `#91` `#47` `#24` `#59` `#61` `#60` `#70` `#69` `#68` `#819` `#820` `#77` `#72` `#389` `#755` `#795` `#1054` `#1077` `#204` `#205` `#1071` `#203` `#195` `#198` `#196` `#199` `#808` `#813` `#809` `#807` `#811` `#810` `#814` `#812` `#826` `#827` `#828` `#422` `#803` `#806` `#800` `#802` `#804` `#798` `#805` `#799` `#801` `#797` `#830` `#829` `#607` `#1074` `#494` `#1130` `#1029` `#611` `#1081` `#27` `#39` `#29` `#834` `#1101` `#1007` `#837` `#896` `#975` `#953` `#893` `#986` `#954` `#895` `#1048` `#929` `#677` `#412` `#234` `#612` `#678` `#413` `#679` `#1118` `#680` `#573` `#414` `#415` `#416` `#232` `#972` `#681` `#476` `#620` `#762` `#236` `#114` `#104` `#171` `#789` `#790` `#46` `#111` `#42` `#113` `#115` `#254` `#785` `#722` `#328` `#116` `#90` `#84` `#1010` `#92` `#1008` `#1011` `#117` `#997` `#996` `#998` `#108` `#109` `#73` `#110` `#71` `#913` `#859` `#878` `#994` `#894` `#974` `#882` `#948` `#991` `#269` `#267` `#268` `#976` `#1006` `#985` `#1037` `#794` `#1053` `#1128` `#35` `#1080` `#18` `#340` `#14` `#984` `#5` `#418` `#750` `#695` `#23` `#1070` `#373` `#740` `#546` `#4` `#1055` `#2` `#1104`

Delayed Imports

Attributes	`0x1`
Name	`MMFS2.dll`
ModuleHandle	`0xa28e8`
DelayImportAddressTable	`0xa23d0`
DelayImportNameTable	`0x9e724`
BoundDelayImportTable	`0x9ec3c`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0xa2260`

NvOptimusEnablement

Ordinal	`2`
Address	`0xa2264`

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.92854`
MD5	`f717f8caa074daba1206266e9bd62464`
SHA1	`1637551b882445888ae46ae4100ab788600593e5`
SHA256	`54f1d140b9d2d84a3c145ee525741f98549ddcf3adcd9c4fbc919ec1782b31e7`
SHA3	`e47c63e7f65986b0085ba0014bdb9aad7f3a506aebd2e6025435c5ac9cfe36d7`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.99773`
MD5	`cf827ab9deb647913237045cfa841cbc`
SHA1	`4606da709ace5c98160edca3593f5aea9bfbfcff`
SHA256	`0c90ed09db3ff455b2d684aaf489f366a14ba8c3b7fa3e7e0cea27fe9c82dd71`
SHA3	`b0e8eb9eaa546b0711f722766c7e9dbb3792b207ef9577fcc14e5bfbe770dc42`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58939`
MD5	`fa4afc6abe95e8971e039f30a8768d41`
SHA1	`7f11e496b205cb24dd6ae4314ef96128e67a227d`
SHA256	`16c6d3cf02803d67929ffb6ad2abc3913bd52583802a10b2782e9233099c61ad`
SHA3	`b03488c7d61448b3267fccee9390f12c2683f630bec1372ced99792fedf5e043`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08745`
MD5	`b9590f17ca67a84fa5a72c2e6110596a`
SHA1	`f5c28e30fecf97462d704449d9f9c1fc36793ba7`
SHA256	`0a71554b8e31ff057f2ba2b721eb31bd5d13e087fb262b29abbfc937cd61843c`
SHA3	`256658029e3158e6d9834ef20a9cbb7743f31ac9b337e4872d3d6c54dc4b29e5`

5

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2601`
MD5	`1c98e0ad5050767586fbb226a820cdce`
SHA1	`dea2bc41ac818f71edaea1e28e9d91da974d73a0`
SHA256	`72d742c0ffc745ae2a6d767ecb9b0f27c9756c4e4afe645caf1651a5868ec0ca`
SHA3	`1a9a85645354bc802adbee3d1f1008fb09aa17d27cdccb0f2a1a942852b9ce31`

6

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2453`
MD5	`4d7587f6678519a128e30245da5a9281`
SHA1	`25d2fad63ce1dd07104deb4a46b3940d6f0251e4`
SHA256	`8cb563af8f6ac570810893e0f56ecfd595e3c540d44bdbc06f11bc2422fd220d`
SHA3	`44edc6dafd9c1ff416cfa793c8a8b2eaa0e8dcd6028130dbc50befabab399c99`

7

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.38291`
MD5	`67f51be7c8d2d8518afff0559b73c268`
SHA1	`7d71c8aa5000ea3c24f9a1637c2b40d1334a3942`
SHA256	`de8dd355722cc66eaa28fe77cfe67ffafe990852bbf8215ba4c0aba2c971d958`
SHA3	`250ed5f028ebfef8d6a3614a38c7adc38272e3b992d19fa36cf1a5865ba88b35`

13

Type	`RT_STRING`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x3fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33132`
MD5	`47897e2e76d81b02b69bf23319e01acb`
SHA1	`d7ae02d437b4500f0b5774705d3a2ea7b5026c93`
SHA256	`d2bd40af065b3134d2c0f5814bb6a18487635e928b6c764fda1874de4c2bb5a3`
SHA3	`bcdb9e70e4a7ab11ca7839067981bc85828c64fdd5db8c97c5f9bd8e1d8df104`

11

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`1e38289635b35278e8ba641b79216991`
SHA1	`75b4b2281c1eb47be1a42968af2d41a04e278a87`
SHA256	`457f3a7cb71f50ba3c8db8849a45c8a6c3576f91438a0f746ab181d4740c089d`
SHA3	`2e4b3559e89129066e3af515e4051757726609ea6403f2790f0c4b8caf51ffb6`

100

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71787`
Detected Filetype	Icon file
MD5	`eee2def6081be6fc6c237a1035cd0d47`
SHA1	`8806faa001a31ea3b44f50dd48cc65beaeaf5980`
SHA256	`b4a86ff543995d1a1dcad86ec767539180bbe55d27b306186eb5fa4bc3d5872f`
SHA3	`293718c08c74df16bc3e220b2edcbf174192ba2080a5b914811bc9c27d661b57`

1 (#2)

Type	`RT_VERSION`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x168`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11177`
MD5	`4c14b1accb2c3e04bd43e75d5f4bc5c8`
SHA1	`b3626a8ec8145d39c631fd388ba8d0781ff7922c`
SHA256	`a9900986f7638a77cc3255f9a0c15af41c9af7f51b1829ae2a8521425cbaa16b`
SHA3	`db69be58e913feada9e989f3bb9defc8dc6d3d04c15d2098c92c1b2613c4ae51`

1 (#3)

Type	`RT_MANIFEST`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x53b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38395`
MD5	`639d2b74908ce3cb46327138733e373e`
SHA1	`1a1677233858b32a2e44cf3f4d286aa7c17f0601`
SHA256	`ee2d6c35da95cc404e1abe9a41fab1ed25f2ae797e20cc44dedcf0c7acf5d356`
SHA3	`e0383144d1c9b195250bdbc90af8504ccd4824299a15e3bedb2c7b3daf682169`

String Table contents

ee67d99d-0785-45a2-8089-04dceeafb554
Impossible d'initialiser l'application.
Erreur lors de l'ouverture du fichier.
Pas assez de mémoire!
Erreur de fichier!
Impossible de trouver %s!
Impossible de charger %s. Cet objet a peut-être besoin d'un programme externe ou d'une librairie non installée.
Il n'y a pas assez d'espace disponible sur le drive temporaire. Libérez de l'espace disque et ré-essayez.
Cette application a été construite avec une version incompatible de Clickteam Fusion.
Format inconnu!

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.294.14
ProductVersion	3.0.294.14
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Process Default Language

Resource LangID	Process Default Language

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Jan-04 17:47:34
Version	`0.0`
SizeofData	`884`
AddressOfRawData	`0x9d4c4`
PointerToRawData	`0x9bac4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Jan-04 17:47:34
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4a1014`
SEHandlerTable	`0x49d420`
SEHandlerCount	`41`

RICH Header

XOR Key	`0xd8cfa4c9`
Unmarked objects	`0`
241 (40116)	`46`
243 (40116)	`139`
242 (40116)	`35`
ASM objects (VS 2015/2017 runtime 26706)	`20`
C objects (VS 2015/2017 runtime 26706)	`20`
C++ objects (VS 2015/2017 runtime 26706)	`43`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`617`
C++ objects (LTCG) (27048)	`43`
Exports (27048)	`1`
Resource objects (27048)	`1`
Linker (27048)	`1`

Errors

Leave a comment

No comments yet.