Manalyze report for d797600296ddbed4497725579d814b7e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Aug-30 11:16:49
Detected languages	English - United Kingdom

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Info	The PE's resources present abnormal characteristics.	`Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.` `Resource 313 is possibly compressed or encrypted.` `Resource SCRIPT is possibly compressed or encrypted.`
Malicious	VirusTotal score: 57/71 (Scanned on 2026-02-14 17:45:11)	`ALYac: Trojan.GenericKD.73970718` `APEX: Malicious` `AVG: Script:SNH-gen [Trj]` `Alibaba: Trojan:Win32/Strab.0fbc437d` `Antiy-AVL: Trojan/Win32.Formbooks` `Arcabit: Trojan.Generic.D468B41E` `Avast: Script:SNH-gen [Trj]` `Avira: HEUR/AGEN.1379798` `BitDefender: Trojan.GenericKD.73970718` `Bkav: W32.AIDetectMalware` `CTX: exe.trojan.autoit` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.AutoIt.1343` `ESET-NOD32: Win32/Injector.Autoit.GHK trojan` `Elastic: malicious (moderate confidence)` `Emsisoft: Trojan.GenericKD.73970718 (B)` `F-Secure: Heuristic.HEUR/AGEN.1379798` `Fortinet: AutoIt/FormBook.HFC!tr` `GData: Trojan.GenericKD.73970718` `Google: Detected` `Ikarus: Trojan.Autoit` `K7AntiVirus: Trojan ( 005e7f8a1 )` `K7GW: Trojan ( 005e7f8a1 )` `Kaspersky: Trojan.Win32.Strab.orn` `Kingsoft: Win32.Trojan.Strab.orn` `Lionic: Trojan.Win32.Autoit.4!c` `Malwarebytes: Malware.AI.1501273720` `MaxSecure: Trojan.Malware.277913912.susgen` `McAfeeD: ti!C25A6673A24D` `MicroWorld-eScan: Trojan.GenericKD.73970718` `Microsoft: Trojan:Win32/AgentTesla.SKAV` `Paloalto: generic.ml` `Panda: Trj/RnkBend.A` `Rising: Trojan.Injector/Autoit!1.1050C (CLOUD)` `Sangfor: Virus.Win32.Save.a` `Skyhigh: BehavesLike.Win32.TrojanAitInject.hc` `Sophos: Mal/AuItInj-D` `Tencent: Win32.Trojan.Strab.Wylw` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!D797600296DD` `TrendMicro: Trojan.AutoIt.FORMBOOK.SM` `TrendMicro-HouseCall: Trojan.AutoIt.FORMBOOK.SM` `VBA32: Trojan-Downloader.Autoit.gen` `VIPRE: Trojan.GenericKD.73970718` `Varist: W32/AutoIt.ADX.gen!Eldorado` `ViRobot: Trojan.Win.Z.Autoit.602112` `VirIT: Trojan.Win32.PSWStealer.DBI` `Xcitium: Malware@#2zxy7wxzfu46k` `Yandex: Trojan.Igent.b2Uuh9.4` `Zillya: Trojan.Strab.Win32.9666` `ZoneAlarm: Mal/AuItInj-D` `alibabacloud: Trojan:Win/AgentTesla.SHZT` `huorong: Trojan/AutoIT.Injector.e!crit` `tehtris: Generic.Malware`

Hashes

MD5	`d797600296ddbed4497725579d814b7e`
SHA1	`54b22078651dcee13472858d706f886a34678b2e`
SHA256	`c25a6673a24d169de1bb399d226c12cdc666e0fa534149fc9fa7896ee61d406f`
SHA3	`37528a4cdcf9de54cfec8aee77ad7d79827d6deac88e7c15a3eb172b6334ed96`
SSDeep	`12288:NYV6MorX7qzuC3QHO9FQVHPF51jgcQTimghLdJ0BNajn5:iBXu9HGaVHNhdUun5`
Imports Hash	`fc6683d30d9f25244a50fd5357825e79`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2024-Aug-30 11:16:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x57000`
SizeOfInitializedData	`0x3d000`
SizeOfUninitializedData	`0xbe000`
AddressOfEntryPoint	`0x00115060 (Section: UPX1)`
BaseOfCode	`0xbf000`
BaseOfData	`0x116000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x153000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x400000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xbe000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`e35b0e55d58c05ae7c351d7e909afa36`
SHA1	`5f5178b67686d5b41129074bfa3fabc3205b3cf5`
SHA256	`92a8667f73049af15aee2299d33b8739f153bad7c1d4c9e087dc46d064484f45`
SHA3	`de5d997dbf0a5d821de15da44c1b49dc16a66dba8455faa966d1f5e039506104`
VirtualSize	`0x57000`
VirtualAddress	`0xbf000`
SizeOfRawData	`0x56400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93538`

.rsrc

MD5	`aa8fb4b6e367f56ceece43b3a6dc8da1`
SHA1	`e559cc2734cd7758632832199f1cf917496940d5`
SHA256	`b1f171feaced1dc30817f2f70c252671e253527e1f393ac6965ecd76813e50d2`
SHA3	`7528c75420c2a747c08a3cbab7367953ce7565692fc360da3060b2de2ae8a456`
VirtualSize	`0x3d000`
VirtualAddress	`0x116000`
SizeOfRawData	`0x3c800`
PointerToRawData	`0x56800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.87011`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
ADVAPI32.dll	`GetAce`
COMCTL32.dll	`ImageList_Remove`
COMDLG32.dll	`GetOpenFileNameW`
GDI32.dll	`LineTo`
IPHLPAPI.DLL	`IcmpSendEcho`
MPR.dll	`WNetUseConnectionW`
ole32.dll	`CoGetObject`
OLEAUT32.dll	`VariantInit`
PSAPI.DLL	`GetProcessMemoryInfo`
SHELL32.dll	`DragFinish`
USER32.dll	`GetDC`
USERENV.dll	`LoadUserProfileW`
UxTheme.dll	`IsThemeActive`
VERSION.dll	`VerQueryValueW`
WININET.dll	`FtpOpenFileW`
WINMM.dll	`timeGetTime`
WSOCK32.dll	`connect`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66371`
MD5	`d6f27bf763eb666af934477958acf362`
SHA1	`f724ee386cda31b32b5c88e08b9abf562c016a57`
SHA256	`62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5`
SHA3	`6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05883`
MD5	`78f30e363a0499f530d057b4d639d36e`
SHA1	`360bd6476101b0cddc23d2c7eade326c1b16ceaf`
SHA256	`08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e`
SHA3	`001ac9f6e8e52f9c3eb7101189fb953e2f4babfdea5b6e26b23b99173af38de4`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25499`
MD5	`ad424f5f5d5ff4460343686c61e4f75e`
SHA1	`29a1f0faadc42f1b9f9767d8c724fdc58dd165c8`
SHA256	`245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9`
SHA3	`4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.65355`
MD5	`60719bac037d0712f35c5c90be495c9d`
SHA1	`a3041d7ee6ba7615452806f77a1c943595c21191`
SHA256	`30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7`
SHA3	`20b10baff88665c15ede11f5f30b5422805da2105be8358b0a1b3a41e89b13c6`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43704`
MD5	`982c00bdd1b0ecc4c6ae5e68d8f1b87a`
SHA1	`489bbfba215b27140f141a2f394b0e65062cf357`
SHA256	`4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797`
SHA3	`84b3279e6fdd3055caf0f08cad67c578b24c6efc055823442d2d8a2f4a3cf547`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16139`
MD5	`9366bb6f5fa80ec08957cad372d3facc`
SHA1	`16ceb7528f7b4306ecc56beb210331e415759c79`
SHA256	`7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812`
SHA3	`471da3b7ffcb18564e3e4540ccbf2367ea343c40f28eab72e41caa70f1cd8871`

7

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.07494`
MD5	`82837923a319386e182d74bceffdcd9a`
SHA1	`23bef5e2545d16d60bd84c8dc592698c6d6e9ca5`
SHA256	`34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832`
SHA3	`082d792ee6346e3ba3fcbc617a8365f6f5a4a32d518afee86445eef4fdfb5eca`

8

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18302`
MD5	`68d9845aa5d81b5ec9af61f410e35b16`
SHA1	`792b2a2e934bea082f9fa18aecc9cf7c56fec0cb`
SHA256	`e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f`
SHA3	`3fbf18c6eae48b380506d26d691dd958d8d6c215e0c66402ea65e822fafc4da1`

9

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52312`
MD5	`2a1613d0845d00b916aa58adf0d41788`
SHA1	`9b80e5a340e2b46e6c1d1f5cdc71f70987a6362e`
SHA256	`c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d`
SHA3	`6be13a8f2c46fc7d016e5e1338619a9c6aab8a2538fb392ad95ca1860d53663d`

10

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65168`
MD5	`9ea19e6905b73670bf173b6ed270f52d`
SHA1	`0990bc33abfc67bf30fa225c39caac330248ce4e`
SHA256	`1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a`
SHA3	`6f95f1bd2ea42683b37b905d1215789ccae50a552cdf454d0f859234f5789216`

11

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.39178`
MD5	`37ead5d2c4490f465242d3a884f19c37`
SHA1	`144dbce865b6cfccb00c3a1f2767639b166d90c7`
SHA256	`e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634`
SHA3	`97917334c00067d77ca349a361aeb6c9408e4dfda72615f0735be852c777ccf0`

166

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.78749`
MD5	`81d5af2006087c608554916beb9bda52`
SHA1	`f346cdec16f0e1bc092bb7c038bebc8c6a7f6409`
SHA256	`e3ae77a702c9e3d0c1e98b07dc07e9b1ecb1d72ca8b92af639e493fb3cf437a7`
SHA3	`a89ed93d23bbcde83db5a2abe7a8d17e0e55c746c014b033ac550f3ca0170ded`

7 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x594`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.14023`
MD5	`dc7d9afe53c36009cd5565f0c8f476da`
SHA1	`7ee3a7772c426707d873249232bb0e085d1ef672`
SHA256	`47f46136c71defeb613f263b1965ae77c69d9cd6fde08232fa914f4598a7f31e`
SHA3	`862ad84c0bfc5ed7981139b52d75552a450502be2c857c977b04ec5762b79f81`

8 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x68a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.27985`
MD5	`6325dbe9ae06f49734610a203bbfa8d5`
SHA1	`ee42a640a077313e963ad479a6a9387f31534e33`
SHA256	`5c3f9bcf6ffd58a8ff50fbeb3a7b82bd6552825b5aa3f6b0f8120ab6a43c9c53`
SHA3	`7af36e044cc4319f5d2f3afcebb83c486d1fa01188ac228640b2d40ece7dad19`

9 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.6826`
MD5	`7908f45b08354ac7da9a6c8bf7150531`
SHA1	`d1cd7c6702dc63dbc3ddd3eb0eed2570225c3df4`
SHA256	`f4c8fcfd7971458e95ad95098302cd6f02a4f17625425b719c0be2443cf20e79`
SHA3	`91c10cc52cf42798d45a0e0257b98c588191473989de901302a4303f1c16ea26`

10 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x5fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76462`
MD5	`27f711857495a2bda0fdbb3d1695eb87`
SHA1	`4b1fe2ab20c0a0b4ff291bc78f80fa1955f5fd00`
SHA256	`fb3a200319c63a3ee00d3c132d4e63c94915e003289d5fbcf109adee430d573e`
SHA3	`a4c6b6586832cd6545e2c5272e569f459a3ccfb482546e4bdd633104d56184d8`

11 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x65c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7193`
MD5	`d7907ccda9e375d954e2310518441681`
SHA1	`dc6c4b0125833753b1693db1a8841197df9ab359`
SHA256	`6daee5aeb6b3c543384d85706578ac7e444dce7a80d0a133bde9f64786299b49`
SHA3	`aceeab9465ed9ab4aac525d6f5d515f6d4aa26b9d42550a68e54eccfc7f70098`

12

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x466`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.48147`
MD5	`3e9db54e6c1aa5e837e4970e005b325f`
SHA1	`83ce9fb8ddaf8a5574cd0cf47cb883a7cb708e30`
SHA256	`676ef07676601d0f41ea71b9f753291cc5c1a331583262203e783b4875730a87`
SHA3	`2a1ef98379bae1076562eb9dc76ed90e1e9f51b5a3ce4dc6ec3aa03c89f50ab7`

313

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34622`
MD5	`aac3abddc2b25f02f1c30348ec988aac`
SHA1	`9df41a26a7bdfc5275c042fe513cadc92926a595`
SHA256	`b268076678b054da560df6097854e785a16ef4061eeb2719d2b5494c5aadc3e2`
SHA3	`b56c98d55ab3a60313d64b75500528bd23be61b3c5d693246ee9fe9b9d7300df`

SCRIPT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x358d6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9992`
MD5	`7564ffcab5aee9791418770d6f59b6bd`
SHA1	`0d26cfa2cb96c8665993ed3e373ab6c558dae5f0`
SHA256	`c0cd19fc3b5e63c309e74ca49278e5964463cbcdf784e153230e6bef8b3577b4`
SHA3	`6608d01347f6b11a70a0205e5c53b03024079779e7763e16e165d82965bd438a`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8695`
Detected Filetype	Icon file
MD5	`c88fc27c85891ac172b4d141b24c12ad`
SHA1	`342ea9dc007660254454fef30878c99bb3f9b525`
SHA256	`d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b`
SHA3	`8b6669089819d1c4a15a968c334b83ee57e42664e4d850e8a37e958e1deeb036`

162

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

164

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84274`
Detected Filetype	Icon file
MD5	`f64c60b749269fcf6659c450dda98486`
SHA1	`42945c3496bc4e1943a1a05926a9b5ee31d3e450`
SHA256	`ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1`
SHA3	`443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`60f05e3b8ea9e18928923bdbcc112277`
SHA1	`d97726a6e9c326a37507f879feca7e152157839c`
SHA256	`7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a`
SHA3	`390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77862`
MD5	`410f594f3ad95b1dd20e08e299b97c51`
SHA1	`523aa56f00d4d21ffcbd0f82cda655d88349a740`
SHA256	`ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5`
SHA3	`e785abf691c076cc1fc9cd02b8b7cc3ea433971151b12bd00999ac83071094c5`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3ef`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40026`
MD5	`a8983985aa631a15210e820fc8e1e52e`
SHA1	`fed4e5d714e5b12f8a61604ba61eaf6e2bee2fbd`
SHA256	`1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39`
SHA3	`8582ac809cc76ad6f98d859f53bd4eed751c5aeb31783f353e10875eae68ce64`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United Kingdom

Resource LangID	English - United Kingdom

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4bfd50`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xc1fc1252`
Unmarked objects	`0`
C++ objects (20806)	`2`
199 (41118)	`1`
ASM objects (VS2013 build 21005)	`51`
C objects (VS2013 build 21005)	`177`
C++ objects (VS2013 build 21005)	`53`
C objects (VS2008 SP1 build 30729)	`9`
Imports (VS2008 SP1 build 30729)	`37`
Total imports	`544`
234 (VS2013 UPD5 build 40629)	`80`
ASM objects (VS2013 UPD5 build 40629)	`1`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!