popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-05-29 21:12:40

PE Imphash

a723f6c3947c7a9054d33c021115e563

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0001542e 0x00015600 6.64177764539
.aVNDI 0x00017000 0x000068da 0x00006a00 6.02050117082
.rdata 0x0001e000 0x00005098 0x00005200 5.35582432022
.data 0x00024000 0x00072568 0x00070800 7.99127957815
.rsrc 0x00097000 0x000005e8 0x00000600 4.08372817129

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00097200 0x000003e4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000970a0 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x41e038 MultiByteToWideChar
0x41e03c GetModuleHandleA
0x41e040 GetProcAddress
0x41e04c Sleep
0x41e060 RtlUnwind
0x41e064 TerminateProcess
0x41e068 GetCurrentProcess
0x41e074 IsDebuggerPresent
0x41e078 RaiseException
0x41e07c GetCommandLineA
0x41e080 GetLastError
0x41e084 HeapFree
0x41e088 LCMapStringA
0x41e08c WideCharToMultiByte
0x41e090 LCMapStringW
0x41e094 GetCPInfo
0x41e098 GetModuleHandleW
0x41e09c TlsGetValue
0x41e0a0 TlsAlloc
0x41e0a4 TlsSetValue
0x41e0a8 TlsFree
0x41e0ac SetLastError
0x41e0b0 GetCurrentThreadId
0x41e0b4 HeapAlloc
0x41e0b8 ExitProcess
0x41e0bc WriteFile
0x41e0c0 GetStdHandle
0x41e0c4 GetModuleFileNameA
0x41e0d8 SetHandleCount
0x41e0dc GetFileType
0x41e0e0 GetStartupInfoA
0x41e0e4 HeapCreate
0x41e0e8 VirtualFree
0x41e0f0 GetTickCount
0x41e0f4 GetCurrentProcessId
0x41e0fc VirtualAlloc
0x41e100 HeapReAlloc
0x41e104 GetConsoleCP
0x41e108 GetConsoleMode
0x41e10c FlushFileBuffers
0x41e110 ReadFile
0x41e114 SetFilePointer
0x41e118 CloseHandle
0x41e11c HeapSize
0x41e120 GetACP
0x41e124 GetOEMCP
0x41e128 IsValidCodePage
0x41e12c GetLocaleInfoA
0x41e130 GetStringTypeA
0x41e134 GetStringTypeW
0x41e138 GetUserDefaultLCID
0x41e13c EnumSystemLocalesA
0x41e140 IsValidLocale
0x41e144 LoadLibraryA
0x41e14c WriteConsoleA
0x41e150 GetConsoleOutputCP
0x41e154 WriteConsoleW
0x41e158 SetStdHandle
0x41e15c GetLocaleInfoW
0x41e160 CreateFileA
Library GDI32.dll:
0x41e014 SelectObject
0x41e018 CreateFontIndirectA
0x41e01c SetTextColor
0x41e020 SetBkMode
0x41e024 DeleteObject
0x41e028 GetStockObject
0x41e02c GetObjectA
Library COMDLG32.dll:
0x41e008 GetOpenFileNameA
0x41e00c GetSaveFileNameA
Library ADVAPI32.dll:
0x41e000 RegDeleteKeyA
!This program cannot be run in DOS mode.
`.aVNDI
`.rdata
@.data
t}9>uyj
tz9uvj
F09^(u
QQSVWd
0WWWWW
0WWWWW
HtHu4j
s[S;7|G;w
tR99u2
t"SS9]
to=0AI
_VVVVV
^WWWWW
Y;=`@I
0SSSSS
>=Yt1j
j@j ^V
0A@@Ju
Fh=X:I
t+WWVPV
uL9=@SI
v$;5TAI
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
0SSSSS
_VVVVV
;t$,v-
UQPXY]Y[
URPQQh
u,VVWV
t VV9u
^SSSSS
^SSSSS
<+t(<-t$:
+t HHt
bad allocation
dcatasqejskhswtwksxhwbeghwjzckzz
looqlkuavurbncmahckxbomzusqeuneftlcudcqhehciqzetbazmlfcppnkapqdvpsbjsifxtse
fycbpycmekekqzvmj
jmukmlilolhzktqdwhrubsynfgrjfglrijjgvmsrxwkdxxondinhtidrkhynepxdjo
pwmwdchewvezyehrs
ahvbqoyudliddlemkmboazdfhcdr
ahvbqoyudliddlemkmboazdfhcdr
ahvbqoyudliddlemkmboazdfhcdr
ahvbqoyudliddlemkmboazdfhcdr
ahvbqoyudliddlemkmboazdfhcdr
ahvbqoyudliddlemkmboazdfhcdr
ahvbqoyudliddlemkmboazdfhcdr
ejjydudugmczzudqbgthf
vbkkqsqpyygvmgvvfcfijqqsnarffxqpkctzycbgktdukckwlopnoitgfaekpkpzbvyoedmfkilqsejsb
efhhxxhtjdpbmavtdtsafevlldgfmadjsjmpzwixdcxrbawmegtjfnuvhetfvwgbkyf
ylxhyowxhqrovdwsgudttkkqmjnsjhflvwgundsbipwlllnwg
mjqmptxppnoidbtblhcq
mjqmptxppnoidbtblhcq
mjqmptxppnoidbtblhcq
ygpdlxauymlspsebkaroanddfknukmjzkqcffizxqfvpxeshbvvmxzndvjbmfxsiajtxgxzifwhasxsprzhhzviqhajudtzqo
ygpdlxauymlspsebkaroanddfknukmjzkqcffizxqfvpxeshbvvmxzndvjbmfxsiajtxgxzifwhasxsprzhhzviqhajudtzqo
ygpdlxauymlspsebkaroanddfknukmjzkqcffizxqfvpxeshbvvmxzndvjbmfxsiajtxgxzifwhasxsprzhhzviqhajudtzqo
ygpdlxauymlspsebkaroanddfknukmjzkqcffizxqfvpxeshbvvmxzndvjbmfxsiajtxgxzifwhasxsprzhhzviqhajudtzqo
ygpdlxauymlspsebkaroanddfknukmjzkqcffizxqfvpxeshbvvmxzndvjbmfxsiajtxgxzifwhasxsprzhhzviqhajudtzqo
rfbrgfnowkzvuxtydncrggevmsamyeibcpzibtgjvgc
xfjznasspfi
xfjznasspfi
cglxcjxjursbmmivjrhhgyfvagxcaozxezntpysnpifzywkcffcggkltlnmcbccsdmpzuttigbuyqzqxqiuzzijengtnb
cglxcjxjursbmmivjrhhgyfvagxcaozxezntpysnpifzywkcffcggkltlnmcbccsdmpzuttigbuyqzqxqiuzzijengtnb
cglxcjxjursbmmivjrhhgyfvagxcaozxezntpysnpifzywkcffcggkltlnmcbccsdmpzuttigbuyqzqxqiuzzijengtnb
cglxcjxjursbmmivjrhhgyfvagxcaozxezntpysnpifzywkcffcggkltlnmcbccsdmpzuttigbuyqzqxqiuzzijengtnb
cglxcjxjursbmmivjrhhgyfvagxcaozxezntpysnpifzywkcffcggkltlnmcbccsdmpzuttigbuyqzqxqiuzzijengtnb
xfjznasspfi
xfjznasspfi
xfjznasspfi
sdqveaer
reazokonshrhfcbndqrxumwrvboxuroxfhmcqfvtmgybiebmhkpaupyqiauwjkfevctudbatc
nwhpgrhuezqhpdomcxdhnnugsixnierozcmemlwzjehqilqjhpyulydycrfmfueoyvdcmahidjwursqldvtmeeofeefruplx
reazokonshrhfcbndqrxumwrvboxuroxfhmcqfvtmgybiebmhkpaupyqiauwjkfevctudbatc
reazokonshrhfcbndqrxumwrvboxuroxfhmcqfvtmgybiebmhkpaupyqiauwjkfevctudbatc
vxtinujfodbfaggevvhjzecxjxevbjrtvwyyosmacyesqbruzxzrfcotbvhysgstkjuddrevfp
hcajgseozohmnrvfuqtbmdqoatsuomicwitbvvwrhzvguosbsjwkvenwhyunkpmvgoncseeio
mowjhxujjjslmghsijusqvreahcsahlzqhoywzjxbmwfldrgbukoeetfchmhsygtslsztx
iubrnwesfubmrmudslvepoedorkxbmtyahuatexeqlkskfkgksdvoozpumoouzxrzkymsdxswcrsepfhdqus
bvnehuvccrtpgwoahwuvqzdtdzaxoexjdqyllngzkrhuydnxiflel
orrmymlbiglm
alflixwosdstuxfongpbmnoytjmqqmumspvdxvptwppksqjexesllxborinlcihxgtchhznojgrrgyzhx
byqmpmjwwxpofvxbbteblgsoqbmtoqiqjfqllsv
egxqnvelwtjilkoojznutcblxevoijixsibbrxqejosqbgbrxqzglwxiboiqviaemxzujplnnyprwpfrchkyjjuaotpbrwa
rdglwbbrzliwerazvfegqkpqlfnqofwtgbnfjhociar
duqudmaqwsirblnasiaegwmrtxmepdbnsnwqdtxlzaycxitcunvxxi
jqabfqwuzcqfbzgdyxfrgxfaxtviyknyayfjafwuakxdzvorlmaioofelfuvpxfodswjvb
zpzfwoqeifkektxakliulhzjzmqmkthpqscwrzoaynumqmqvblgfpnskuipkquxzoubycmnrwfdiz
boyqpgwliipspwnrmnmnypdamydcpomcumtwkimjdbkhbmijajaz
edfawyspaufaduqdzpwmnaqjbyfkpwfxbmchiuumfc
lueiournqitpgxivkxmwivwrgsfvhifpbnohozqcobietdxzwfmarcbliyp
VirtualProtect
FreeConsole
Console freed.
Failed to retrieve function address.
I@ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
vector<T> too long
bad allocation
bad cast
string too long
invalid string position
Unknown exception
bad exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GAIsProcessorFeaturePresent
KERNEL32
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#SNAN
CONOUT$
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
QueryPerformanceFrequency
KERNEL32.dll
SelectObject
CreateFontIndirectA
SetTextColor
SetBkMode
DeleteObject
GetStockObject
GetObjectA
GDI32.dll
GetSaveFileNameA
GetOpenFileNameA
COMDLG32.dll
RegDeleteKeyA
ADVAPI32.dll
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetLastError
HeapFree
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA
Gr$:28)
]CIih!
\&}v*'
2Hxz_[\b
\i~U{4
B+p(Ig
"Hoq=lS
0q]e`4
RopPf#
D6PpR!f
v1Y0PM
_ASH2]
(^6"D.
kOt ,;
((E{X\`
\^wN{e
x7l<rI
+xgql#a~*
2>Zf/c
QPn=W"
Sze'Q_"
b0@fda
N,<SP,
a]iPO,a
H9))D5
Dj1`lTt
n.p[$
vnDK@q
`G-yik=
c|pk/8e
dW^#.4d
f5/p66f
0CFP/Q
q$Z|-@f
p7i&U#
TOPSf;
@I6JblnZ
wcx!60
kJ@.|m
7vpoO]/%
vmj^j6
"~f`f+F
P,sGs\%
k3&M$2(
.LbD>&
-u{EkOt
PsQH&f
s2`4F$Q
P%;\Q*%
]91/)<C?
d['ngfR
@CS643
0_}V3o
;,9TTF
N|#zO!yy
wyIHp$
ss1G(m
hy!GPT
)=gb-|O
]6T#QN
M_!H$e
\/b"uW
_V)v7/
9_J{bB
*4z<-m
%1c>qW
3rX@yq
:xu}Hxs
7\j{g=
XuePBU
H;~oC]*OMkN
Blx>]-
:.!m1K
O&'dx V
d#<vMbd
'i*)'.
*I_lUJ
(TlAnc`
=UR,mJ*/5
L8M4o@0IhO.
Om@X/88
<=f-Tyg+K;5-
2^\Y|G
`/D^Gj
%\ &&d8
hAl~<S
Y$TXa;
c69Gzi
z.Fw=|F
r W\pCC
V3jXk
vEKsXZ5
U2V!;lk
,SU'xq
S/jIH}
~k)X"i
);l!K<j
LD~g5p
{$&WQ}
{@d^.v
?^w[K@
}x?fOc
2Piek8%
4wJ7-Q
$ccdK8%
XkOkQ8
hp)2-5
NVB.[*qJ
3.&2w3
\M|'NUt
B8rD<Z
Yp?b#1v
lf1< ;+
n5Hs?B
NP3$Y5
E=>u4y
^&Hbc
mr q[Q
j5B3Zxs
d5Wq{r
tg;w<(iH
~-/LiQ
yi%iBNhU:-
i/SnK?
5`V.9q1
K=.7WQ3
MgKW[?
LB%q+iC
A_,ymE)
unp*QJ
g](iF <
{.@+*-
(:f:?}
H5V}rgE
GX|>}a
AmX}bY
V$n~~3h
0,X44YUl
K$f~S2Xo
mNf^2_
8~3Im&H
07Na&)
6aOMiO
.cR\H-
,E{uJ@G
R%;FC(
NA'u<*
p$tY3c7vK
O]kkU^
.|%4N
d,Vw.P
d>Je#BT+
h<6L7|&
fV<J{J0
@RN'h_PWJX
nx!zw!-a
Cs4++a
{\!QoUy
"&J{)b
7GSIl0
ce=r%E
1a5pE7
?16(/`
T/[E~D\,
3||*p_
tZ}YNg
MtUee,
8$f:\gM
,MV3%Cc
Nkj}qGmX
$f*1f
86u7mC
xuytIuP
x>ahEC
$B:V/N
seR<#r
w2Z4N_
0}%^xDS#
XyGg*}
:,jOP;
3.goCyI)*
1A*s3a
hrQV=:
Bnuh`#{
fXu$`6e
Hu2!!+
Gma%U@
Hy_0uX^GF
jlJe-e
LK#a85!
}NUx`He
8J>Wq9
~?eDE@
g.;yg
kv^Rm9i
9uUGB6
c6y/d6
^9=.y}
uym\1&
Ik"LU<
2e,u"?>
Gru#bw
hkZ:E@
mA@pYF
P#IYe.E
=6Oxvs
3/JYY7
6R[kjA
UImq27
X(:|cD:K
xi{|/F
)J:kvX
bevc6<
ZMNl4L
;D~u$d
&(o4.`
>3v:Wi=`
qZ"2Z_
1y3.IR^` o
VGrv?B
J0zwmV
_Pl$(>
'G*A7*
NA//Y!jj%R>
PLEj;9h
Q:?$@
M=BS0A)
>db sauZ^P
R@a\TSB^O
4F N1U7{?
H&u-Qg,}
DJ--[
s8;amM
[`nx'EYt
'3D7u;
+R#~sD
Q9qAR`F
H-Cd/v
SZ:I)
l.YBy"
)H\(I"
$~`&RJ
2GmB-U
a)f@> yI
vQs|R}
}gfcwg
u^^"|zG)qR#
@M+\q,!
k~jY\s
4uKh>,
m qLgO
M?.#e{
..avE2Pngr^z
_j$fdqt
E{*L~3
T{3.W5
&)1|t3
8^I_gn
UPErn=w}
}!(z/"
=7gbTkZe
\<iiu|
Y="CUD
C0F!^!
z1/qK',Vv
5OY/d<`
hE}lLkp
Hf\wJJ"
4LYFcO
vUQIld
8R,L.{
R<(@u]
Qk,M+\A
[GT/l&
TM<reY
t80S[z
v\SoI
EzbGxVAsR
Q_F%rS
?4,%h>
N5vJgY
`C55|UG)
<q{.'B/
L=HNO`
uR=|/'
FK;5?>|0l
*4.sOR
9!g(\Sut4>`
XaM+U5?8
cRFTD
e|}uoXZ))
:[R&a6
&-2#+c
Sx>Wv+\
sXPl6d
f(0YO5
H$>w\mPV_
l_ie9e
\J|/#F5
O7>]a
;%(yVpY
MR<6Hy
uVLPWiY
4n]whsK<jX9{
N!hugv
WiSS),<W
jl@'[])
Is\g4r
<>:-iv
;h||L\
$6N~+M.
D*b9Kl|
h_[9`P
z8)gCV
L#tK-(
EbD3{f{a
xO}F\i
zKkRf}
zw[(DI
*F~l\#
:w#UT7
+?KR/n
"JJ@6*
.}.?x%
<9fKs]h
bOVDLG
bB\)RF,
9AiRf5
HG0\S<`
G<%xod
X[.fR2
|_5O?'
}iY2G'
5lNmh
/$0Zne
BS 1)N|)
/IBuf7W
u%@0c!
}Ov|SU
lt+#iwY
6Gc:&&W
-A^6w7fO
XrPFBP
}q)E4zI
v<x!_(
|Avk3s"-A)
2TY&zL
fe)|-t1
nG&#W3
Ju06lyr
v/u#v:
H*2b<#
kou/YS
A3hB6m_
79d>gtrOO
!-W0)A
!\9*%F34C
h"~GKt
e+WP)
5M4tio
}L_f8U`Y
DZs$+3
*HWrEl
`yS>b_
HI=lR"A
s37K]?
J7\y_0
H/$e(-K+
1>@ne%[..5
. Tu8{
Q}Y%(C
?QRsMc
h6v[.K
^a*|G:U
)]qJL/` $
DAf,od
UE_GP8
NEoSo;
-L(unV
x8*"|o
t7[YKf
u7jHW"
my,QSB
+,1RwMw
]TU%6c
=xtjLn
E<7MKM
(C}~]H"
=s;DuK
W$8Fe>z~
cy6:W>
J&+aae%9
`2|RGkq
V$jQCn4
QSx~p`
8{MP}ZK
B_R48L
6A|k)!
tKo6Bin
m.~(?e
K}pyO~m/
+dM;43
VK+B?i
ANsza[H<
/".iy~&
sl2;e
fi~B#F
`9NX4}
Jg!r`W
}BQ\l"
4+r"'e~
c14Fglu?
*nT\^$
:fa>(K
/D|1mr
rcGda8
n~|JZ7
+kp w*
`{@_`
T235l^
n#)@
4eitlU
bXz^{R]
/QSQLt
 Bw!=
7frvb;
g`@fL1
=}Gz4W
S]-12"
ig`QC'
.Q8p/k
kL9AmL.
d6Q+[.P
JVT bS
EVALbt
zuqyOW
&YWSxfL
^= Im}
PUgE^bC>[*Pz+p
^-FRoX
_?FGMyy
t_C<#lb
M+$;IH=Z
1#<hvF
3C #AD
t5_L3rB
MOA}~8
0KVrN#
^K@i?T
6t$<!v
C6sKRn
UV7Zn4
FL^sE_:
Vg{S.(!
n=k2[)[
k2uL x
ppgswR
DFUvk2>+4
luN,M}
L<+0S9
=H]HP#
s<$pa
W31h_f<
0{/Rf@O
]o/.GN0
iNB;cA
7.ltgQ
R=$\6V
hla5|V
TvF!5t`
.Zeb)OON
T E+QE
K+^dKU
E/jmD$
Hs..jF
J9l+ :Gw
jpC9Isk
,GGl:g
ZC5io
`fdeQ5
{DUVgm
#4|;2\n
V4Ln]a
T0E)~9
du\PN{
HGN7PT\
!+un2c
Yifx]
'Y,BG5
"!n7]+m11s
wF7;=n
}sr#%/
miB|j9
$p;@=*
~)qIVt
ik#Eql
*<T}m_
3KE]l
Jl7k|`
odATJ\
:vp5TR5
.BOBzcU
QFxsw@
gP20Gl
{-W`6Z
&?{b$!
KFcV=rO
d"0GCpa>1"HQ
(nCE}U
,O)l3g0
i8`T'2;\!
]1bhet
9z@%NO|-<
N)KEKt^
lLd)ONI
!Pz.X)
10-Raw
(\&\`\
f.3JS8K
CaM}S2?&
FkQX-35[Z
mg<L6?
dmQH}U
+L^@j{
{Yb*n(
VqUh=q
^C/P*o
YQ~hdJ
$kc^$zuO
zwG.A=
{vY2RY'
Oag03^
|4SJ%I.
lO83L
_3gTRd
y!h.u^
f$-3^{
s,OYN
'~}z'/A
T#@PCo'
gR6XfA
#'>CSZx
>=@6\Md9
K?@z=
7`nQO-
mcGhkq
Uty\i;
\ZB:[,
3t3o:4C
BrH=}c
D+q.Y.
a,frF6
hIkAj_K!
1B|l$d
v;r\+u{Q
o_e;TS
/v;VuT
F&BGiY
\u}y+/f
4U;+M?=a
#&1I6+
/<5~.UM
'4<*v9
E1J-xwB
g]qA_08
\n<cj"
Rr('I!
h)nPY{
si<% 6MAM
VTf/uK]
mj1du3
J=jv+q
ru7(Cw
B0}4E
^WC|Yr
l+:8{i
K9gh8F
5evs{t
tgOReh
S5}C{c
[s>eO
]l8L~Q
Y674hM=
p&Gc2
#] FJwN
Qi(qAA
WNC0\|
m;uwhH
GuAxt~
D>h}3b
xAR8t q
p$P<'N
C(oL '
Hz*$_d
9K*%XZa,
TvBD9D
EbY+E2
zuv,j|b
K$#-6>U
]d{^bfUU.
]*2`a$
"Hu~z>O
z;"a3"
%_&[HL
i!y#6N|
8(:kvXa
bUQ(S|
LdW6U&
1#9.(8LZ
o3aKE]
Nk`m)A
GjHClND
2p]G"]
_5,*q\
m:S)6
U?qm]k
9.[H D
H7-.yv
#@vG'(i
A$?S`$
W~UK8\
Q#2VZ]0Z
i[f?CMkg
32eXmPH
>NAXNf
JA^EZ7
3C B%!
9i6[(6
*.b1@b
\GV^;7
2ACE5/w
blm!GYB
q/?6Il
n.!Z.L
p68uu::
X"R)'$l
_Q[4>#[b
DMA]t{
zJNJg
3HnC:Fh
:eD7GI
{bvBl.M
BlNax#
D|EVwQ
3k5dC5a
qOA3\S
V/'+F;
%&HB\}`
<Qi5Ff
y\=,'Y)[
MlT&j7
K)jL#MJ
3 e:LE8
Mh8)v4uL=
4g;I<pa
<\0z9y
c`ZJ9!
1$Njqr
&JWcs(
{2HY8<F
k"fg0_2B
x:^0Kh
9C:X~,\
@;u31:
1U},=t
%u~`W<
?&92t&
&_vvc@
[ky"Ap
FVZnDiga
"?l^Y12
d57X+sbE
${60@l
M2V8_j,:
n:HLH0
BaRo+k
jj;Y*F+
WDh:w
tpk"Jr
m6/ |P
U2`n4p
XPeB 7
peKC\/7
)I5Kc'
(Szm33@
Z=$grJ
SN,U2Q
=rpIm^R]
vT_27;~fK
&L''1?
\$AK}X
Q'C>YM
_5qwL3Zc-LN#
EypV_Jxo
Aw0|9.y
D<Rs9I&f
$pVl_
iOa3*'
H\iV'/
=a8"L
~Cs2x^
NPSX+1
nDY;9W
tpkj<#
vPG>!S
mV3=jq
zTjfgF
(e^`'x
o=V_~\
555K-^
(oyK}4
X4^C\t
BoZEJ[
_XOQ~zb
q2hSYc
4QrVae-(
1i1~|>d
o"c?S-
'?G&=\9
kg4$Q
QAJHt@1}
^>HOF7d
o-!Yr$
y?kGz
6#pN"6
wU8*2/
Y_PkOp
<NQ\az
@{xL2_e
$Bd0ZW
P[P[@H
joL|=`
r#fX6W
1;]/RG
gt}#Xpl;
BbU1*%
cSW8 P
Bz:L,i+
mRMAK
%GLe[p
aK!)J*
W*.fEb
sI6N?+
^>PH"GrPw
y1AAgW
jl?|Wm
G$tthVmq?
Mr@wDF
ILO?Oq
$+h]3[
o^;vTn
eMh.0S
isR,~&F
P<Uyk[
,=:]&F
x9&X%|3E
LaJ%IB
:gU9{!jL
mivegi
Us>W@p
qDHn}M#
i@s/q<
J2][Hu
R\yZgr
$Lc?EM5]
;_j6 6
;j9<>?
PgOo^J
Gm:<B3
u.zH+%/
p[n}G\
$wignTt
t3`a}7
9S.S)zi
;Z!n;S
e8k#e!
YR=tHP
)[!yqH1(
4o8#ZO/
.?AVfailure@ios_base@std@@
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVbad_alloc@std@@
.?AVfacet@locale@std@@
.?AUctype_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@DDH@std@@
.?AVbad_cast@std@@
.?AVout_of_range@std@@
.?AV_Locimp@locale@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
220512204559Z
230511204559Z0t1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
cAv9Fc3
Microsoft Corporation1
230012+4705280
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
Ifs${z
5ZgjZv0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110708205909Z
260708210909Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
*?*kXIc
QEX82q'
WqVNHE
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2011
http://www.microsoft.com0
K`t,+O
Washington1
Redmond1
C2RService1
C2RService0
170217001257Z
391231235959Z0^1
Washington1
Redmond1
C2RService1
C2RService0
Washington1
Redmond1
C2RService1
C2RService
Washington1
Redmond1
C2RService1
C2RService
20230427194916.378Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:2264-E33E-780C1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
221104190127Z
240202190127Z0
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:2264-E33E-780C1%0#
Microsoft Time-Stamp Service0
Ws%gx-p
Nhttp://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
Phttp://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
210930182225Z
300930183225Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
3http://www.microsoft.com/pkiops/Docs/Repository.htm0
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
as.,k{n?,
Washington1
Redmond1
Microsoft Corporation1%0#
Microsoft America Operations1&0$
Thales TSS ESN:2264-E33E-780C1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20230427194228Z
20230428194228Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
BHaW(n
((((( H
h(((( H
H
KERNEL32.DLL
mscoree.dll
VS_VERSION_INFO
StringFileInfo
040904E4
Comments
pBubp6VTGYWfVPf2H0hj9MYB2G8Z1i
CompanyName
IBM Corporation
FileDescription
IBM Corporation Product
FileVersion
1,471,10,666
InternalName
usPHLAPpLe
LegalCopyright
Copyright
IBM Corporation All rights reserved.
LegalTrademarks
Trademark
IBM Corporation
OriginalFilename
FlC5lC73
ProductName
IyNC9yR3r6x9
ProductVersion
1,471,10,666
VarFileInfo
Translation
Legal_policy_statement
.Visual Studio Installe
&sku&community&channel&Release&cid&2030:ed909b9ee943406bad953c10ddc0700b&includerecommended&Tru
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
tehtris Clean
MicroWorld-eScan Gen:Variant.Midie.124739
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Trojan.MalPack.RV
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.Midie.124739
K7GW Clean
Cybereason malicious.b03a8c
Baidu Clean
VirIT Clean
Cyren W32/Kryptik.JWA.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.HTQS
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan-Spy.Win32.Stealer.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Stealer.Agent!8.C2 (CLOUD)
TACHYON Clean
Sophos Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.68a12439e64b2e4f
Emsisoft Clean
Ikarus Trojan.Win32.Crypt
GData Clean
Jiangmin Clean
Webroot W32.Spyware.Gen
Avira Clean
Antiy-AVL Trojan/Win32.Sabsik
Gridinsoft Trojan.Heur!.00012031
Xcitium Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.Win32.Stealer.gen
Microsoft Trojan:Win32/Redline.CAW!MTB
Google Detected
AhnLab-V3 Spyware/Win.Hpdyre.R492527
Acronis Clean
McAfee Artemis!68A12439E64B
MAX malware (ai score=80)
DeepInstinct MALICIOUS
VBA32 BScope.TrojanPSW.RedLine
Cylance Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet W32/Kryptik.HTQK!tr
BitDefenderTheta Clean
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.