Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
vlc-3.0.20-win64.exe

Overview

General Information

Sample name:vlc-3.0.20-win64.exe
Analysis ID:1431704
MD5:3d63e3a94c39a18f4da866b896b41e80
SHA1:c9520268936bfa6d060c8603cdee753db214d0ce
SHA256:d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Drops PE files
Found dropped PE file which has not been started or loaded
Uses 32bit PE files

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64_ra
  • vlc-3.0.20-win64.exe (PID: 7044 cmdline: "C:\Users\user\Desktop\vlc-3.0.20-win64.exe" MD5: 3D63E3A94C39A18F4DA866B896B41E80)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: vlc-3.0.20-win64.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: vlc-3.0.20-win64.exeStatic PE information: certificate valid
Source: vlc-3.0.20-win64.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: vlc-3.0.20-win64.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engineClassification label: clean1.winEXE@1/2@0/0
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeFile created: C:\Users\user\AppData\Local\Temp\nsj252D.tmp
Source: vlc-3.0.20-win64.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeFile read: C:\Users\user\Desktop\vlc-3.0.20-win64.exe
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: oleacc.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: shfolder.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: vlc-3.0.20-win64.exeStatic PE information: certificate valid
Source: vlc-3.0.20-win64.exeStatic file information: File size 44420344 > 1048576
Source: vlc-3.0.20-win64.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeFile created: C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeFile created: C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dllJump to dropped file
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\vlc-3.0.20-win64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dllJump to dropped file

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		OS Credential Dumping1
File and Directory Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
vlc-3.0.20-win64.exe4%ReversingLabs
vlc-3.0.20-win64.exe1%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431704
Start date and time:2024-04-25 16:57:02 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:13
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:vlc-3.0.20-win64.exe
Detection:CLEAN
Classification:clean1.winEXE@1/2@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\LangDLL.dll

Download File
Process:C:\Users\user\Desktop\vlc-3.0.20-win64.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):7680
Entropy (8bit):4.738131570640122
Encrypted:false
SSDEEP:
MD5:20850D4D5416FBFD6A02E8A120F360FC
SHA1:AC34F3A34AAA4A21EFD6A32BC93102639170E219
SHA-256:860B409B065B747AAB2A9937F02D08B6FD7309993B50D8E4B53983C8C2B56B61
SHA-512:C8048B9AE0CED72A384C5AB781083A76B96AE08D5C8A5C7797F75A7E54E9CD9192349F185EE88C9CF0514FC8D59E37E01D88B9C8106321C0581659EBE1D1C276
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.J_...........#..."...........................l......................................@... ......................P..I....`.......p..X.......................,....................................................`..h............................text............................... .0`.rdata..t.... ......................@.0@.bss....L....0........................`..edata..I....P......................@.0@.idata.......`......................@.0..rsrc...X....p......................@.0..reloc..,...........................@.0B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsz25DB.tmp\System.dll

Download File
Process:C:\Users\user\Desktop\vlc-3.0.20-win64.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):27136
Entropy (8bit):5.98616973067504
Encrypted:false
SSDEEP:
MD5:4F25D99BF1375FE5E61B037B2616695D
SHA1:958FAD0E54DF0736DDAB28FF6CB93E6ED580C862
SHA-256:803931797D95777248DEE4F2A563AED51FE931D2DD28FAEC507C69ED0F26F647
SHA-512:96A8446F322CD62377A93D2088C0CE06087DA27EF95A391E02C505FB4EB1D00419143D67D89494C2EF6F57AE2FD7F049C86E00858D1B193EC6DDE4D0FE0E3130
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.J_...........#...".F...f....../4.......`....td......................................@... .................................................................x...........................Tt......................4................................text....E.......F..................`.P`.data...4....`.......J..............@.0..rdata.......p.......L..............@.`@.bss..................................`..edata...............V..............@.0@.idata...............X..............@.0..CRT....,............`..............@.0..tls.................b..............@.0..reloc..x............d..............@.0B........................................................................................................................................................................................................................................................................

Static File Info

General

File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):7.999873560676055
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:vlc-3.0.20-win64.exe
File size:44'420'344 bytes
MD5:3d63e3a94c39a18f4da866b896b41e80
SHA1:c9520268936bfa6d060c8603cdee753db214d0ce
SHA256:d8055b6643651ca5b9ad58c438692a481483657f3f31624cdfa68b92e8394a57
SHA512:9dfcdeca8fbfb655d3a4a8d0297fdc7f4c34a46c1b4238436d6e51e8621cbcd866ebfbd2a738a50dccdcf18d162b213b086a5e2a720205751ae07147e800838a
SSDEEP:786432:3ESqSGUR5EpRsHXEiGxu9XjXlQGPmVaiTZiq+gB18wgMu232zhkYwWmA9d:0k1eqX6ucRX+C1xgMu232zhkYjD7
TLSH:60A7338C8E35B888C904147F60D3426B441CED336C5568A276739A72DEAF2D9375ECBB
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.J_..............."............HF............@.................................._....@... ............................

File Icon

Icon Hash:4e1616963371238e

Static PE Info

General

Entrypoint:0x404648
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x5F4AAD3C [Sat Aug 29 19:32:12 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:730491907e677638ab304e28646ba09c

Authenticode Signature

Signature Valid:true
Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 14/12/2020 01:00:00 19/12/2023 00:59:59
Subject Chain
  • CN=VideoLAN, O=VideoLAN, L=Paris, C=FR
Version:3
Thumbprint MD5:0E5EA08681034EBE89728706556954B1
Thumbprint SHA-1:BCB40C7D23C9DB41766C780B5388FB70F3D570BF
Thumbprint SHA-256:450F7ADBC34DEFB85C2D170F0AF534DE61D42A143F59D18CF9FA6410197BA4EE
Serial:0407ABB64E9990180789EACB81F5F914

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 000002FCh
mov dword ptr [esp], 00008001h
call dword ptr [00434480h]
push esi
call dword ptr [00434440h]
and eax, BFFFFFFFh
mov dword ptr [0042AA40h], eax
cmp ax, 0006h
je 00007F5BF469ACEDh
mov dword ptr [esp], 00000000h
call 00007F5BF469F6A7h
push ebx
test eax, eax
je 00007F5BF469ACDCh
mov dword ptr [esp], 00000C00h
call eax
push ecx
mov ebx, 0040C560h
mov dword ptr [esp], ebx
call 00007F5BF469F5FBh
push eax
mov dword ptr [esp], ebx
call dword ptr [004344BCh]
lea ebx, dword ptr [ebx+eax+01h]
push edx
cmp byte ptr [ebx], 00000000h
jne 00007F5BF469ACB6h
mov dword ptr [esp], 0000000Bh
call 00007F5BF469F66Bh
push ebx
mov dword ptr [esp], 00000009h
call 00007F5BF469F65Eh
push esi
mov dword ptr [0042AA44h], eax
mov dword ptr [esp], 00000007h
call 00007F5BF469F64Ch
push edi
test eax, eax
je 00007F5BF469ACEAh
mov dword ptr [esp], 0000001Eh
call eax
push ecx
test eax, eax
je 00007F5BF469ACDCh
or dword ptr [0042AA40h], 40000000h
call dword ptr [00434394h]
mov dword ptr [esp], 00000000h
call dword ptr [004344D4h]

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x340000x13f8.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x6a0000x16c80.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x2a57e900x4e68
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x00x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x94580x9600e926a136ca67c5fd949bb685219a89bdFalse0.526328125data5.9286362394460665IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0xb0000xe00x200f01b4b05b5c4607047634c71f303f4e7False0.19140625data1.5041375629518143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata0xc0000x764c0x7800f4837a238aaeda4b73306021103e8e88False0.6804036458333333data7.1304183393172496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss0x140000x1fe200x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata0x340000x13f80x1400350475874cf34da3f737c1b4b196ed1cFalse0.393359375data5.348274196082192IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata0x360000x340000x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x6a0000x16c800x16e00e7171b533c9a6d7194e4c85596a4a84cFalse0.6884925717213115data6.7457105473854115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_BITMAP0x6ab680x666Device independent bitmap graphic, 96 x 16 x 8, image size 1538, resolution 2868 x 2868 px/m, 15 important colorsEnglishUnited States0.18192918192918192
RT_ICON0x6b1d00xd49ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9958478780084512
RT_ICON0x786700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.34221991701244814
RT_ICON0x7ac180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.37570356472795496
RT_ICON0x7bcc00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.44133574007220217
RT_ICON0x7c5680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.30057803468208094
RT_ICON0x7cad00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.524822695035461
RT_DIALOG0x7cf380xb4dataEnglishUnited States0.6166666666666667
RT_DIALOG0x7cff00x144dataEnglishUnited States0.5339506172839507
RT_DIALOG0x7d1380x164dataEnglishUnited States0.5337078651685393
RT_DIALOG0x7d2a00x23edataEnglishUnited States0.39198606271777003
RT_DIALOG0x7d4e00x104dataEnglishUnited States0.6076923076923076
RT_DIALOG0x7d5e80xa0dataEnglishUnited States0.60625
RT_DIALOG0x7d6880xeedataEnglishUnited States0.6176470588235294
RT_DIALOG0x7d7780xa0dataEnglishUnited States0.6
RT_DIALOG0x7d8180x130dataEnglishUnited States0.5296052631578947
RT_DIALOG0x7d9480x150dataEnglishUnited States0.5267857142857143
RT_DIALOG0x7da980x22adataEnglishUnited States0.38086642599277976
RT_DIALOG0x7dcc80xf0dataEnglishUnited States0.6083333333333333
RT_DIALOG0x7ddb80x8cdataEnglishUnited States0.5857142857142857
RT_DIALOG0x7de480xdadataEnglishUnited States0.6284403669724771
RT_DIALOG0x7df280xa4dataEnglishUnited States0.6158536585365854
RT_DIALOG0x7dfd00x134dataEnglishUnited States0.538961038961039
RT_DIALOG0x7e1080x154dataEnglishUnited States0.5352941176470588
RT_DIALOG0x7e2600x22edataEnglishUnited States0.3906810035842294
RT_DIALOG0x7e4900xf4dataEnglishUnited States0.6270491803278688
RT_DIALOG0x7e5880x90dataEnglishUnited States0.6041666666666666
RT_DIALOG0x7e6180xdedataEnglishUnited States0.6396396396396397
RT_DIALOG0x7e6f80xacdataEnglishUnited States0.6337209302325582
RT_DIALOG0x7e7a80x13cdataEnglishUnited States0.5506329113924051
RT_DIALOG0x7e8e80x15cdataEnglishUnited States0.5459770114942529
RT_DIALOG0x7ea480x236dataEnglishUnited States0.3957597173144876
RT_DIALOG0x7ec800xfcdataEnglishUnited States0.6388888888888888
RT_DIALOG0x7ed800x98dataEnglishUnited States0.625
RT_DIALOG0x7ee180xe6dataEnglishUnited States0.6478260869565218
RT_DIALOG0x7ef000xa0dataEnglishUnited States0.60625
RT_DIALOG0x7efa00x130dataEnglishUnited States0.5328947368421053
RT_DIALOG0x7f0d00x150dataEnglishUnited States0.5297619047619048
RT_DIALOG0x7f2200x22adataEnglishUnited States0.3862815884476534
RT_DIALOG0x7f4500xf0dataEnglishUnited States0.6208333333333333
RT_DIALOG0x7f5400x8cdataEnglishUnited States0.5928571428571429
RT_DIALOG0x7f5d00xdadataEnglishUnited States0.6330275229357798
RT_DIALOG0x7f6b00xb4dataEnglishUnited States0.6944444444444444
RT_DIALOG0x7f7680x144dataEnglishUnited States0.5648148148148148
RT_DIALOG0x7f8b00x164dataEnglishUnited States0.5702247191011236
RT_DIALOG0x7fa180x23edataEnglishUnited States0.41289198606271776
RT_DIALOG0x7fc580x104dataEnglishUnited States0.6384615384615384
RT_DIALOG0x7fd600xa0dataEnglishUnited States0.68125
RT_DIALOG0x7fe000xeedataEnglishUnited States0.6428571428571429
RT_DIALOG0x7fef00xb4dataEnglishUnited States0.6944444444444444
RT_DIALOG0x7ffa80x144dataEnglishUnited States0.5648148148148148
RT_DIALOG0x800f00x164dataEnglishUnited States0.5702247191011236
RT_DIALOG0x802580x23edataEnglishUnited States0.41289198606271776
RT_DIALOG0x804980x104dataEnglishUnited States0.6384615384615384
RT_DIALOG0x805a00xa0dataEnglishUnited States0.68125
RT_DIALOG0x806400xeedataEnglishUnited States0.6428571428571429
RT_GROUP_ICON0x807300x5adataEnglishUnited States0.7222222222222222
RT_MANIFEST0x807900x4f0XML 1.0 document, ASCII text, with very long lines (1264), with no line terminatorsEnglishUnited States0.4865506329113924

Imports

DLLImport
ADVAPI32.dllAdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegCloseKey, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, SetFileSecurityW
COMCTL32.DLLImageList_AddMasked, ImageList_Create, ImageList_Destroy, InitCommonControls
GDI32.dllCreateBrushIndirect, CreateFontIndirectW, DeleteObject, GetDeviceCaps, SelectObject, SetBkColor, SetBkMode, SetTextColor
KERNEL32.dllCloseHandle, CompareFileTime, CopyFileW, CreateDirectoryW, CreateFileW, CreateProcessW, CreateThread, DeleteFileW, ExitProcess, ExpandEnvironmentStringsW, FindClose, FindFirstFileW, FindNextFileW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetDiskFreeSpaceW, GetExitCodeProcess, GetFileAttributesW, GetFileSize, GetFullPathNameW, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetPrivateProfileStringW, GetProcAddress, GetShortPathNameW, GetSystemDirectoryW, GetTempFileNameW, GetTempPathW, GetTickCount, GetVersion, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, LoadLibraryExW, MoveFileExW, MoveFileW, MulDiv, MultiByteToWideChar, ReadFile, RemoveDirectoryW, SearchPathW, SetCurrentDirectoryW, SetEnvironmentVariableW, SetErrorMode, SetFileAttributesW, SetFilePointer, SetFileTime, Sleep, WaitForSingleObject, WideCharToMultiByte, WriteFile, WritePrivateProfileStringW, lstrcatW, lstrcmpW, lstrcmpiA, lstrcmpiW, lstrcpyA, lstrcpynW, lstrlenA, lstrlenW
ole32.dllCoCreateInstance, CoTaskMemFree, IIDFromString, OleInitialize, OleUninitialize
SHELL32.dllSHBrowseForFolderW, SHFileOperationW, SHGetFileInfoW, SHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteExW
USER32.dllAppendMenuW, BeginPaint, CallWindowProcW, CharNextA, CharNextW, CharPrevW, CheckDlgButton, CloseClipboard, CreateDialogParamW, CreatePopupMenu, CreateWindowExW, DefWindowProcW, DestroyWindow, DialogBoxParamW, DispatchMessageW, DrawTextW, EmptyClipboard, EnableMenuItem, EnableWindow, EndDialog, EndPaint, ExitWindowsEx, FillRect, FindWindowExW, GetClassInfoW, GetClientRect, GetDC, GetDlgItem, GetDlgItemTextW, GetMessagePos, GetSysColor, GetSystemMenu, GetSystemMetrics, GetWindowLongW, GetWindowRect, InvalidateRect, IsWindow, IsWindowEnabled, IsWindowVisible, LoadCursorW, LoadImageW, MessageBoxIndirectW, OpenClipboard, PeekMessageW, PostQuitMessage, RegisterClassW, ReleaseDC, ScreenToClient, SendMessageTimeoutW, SendMessageW, SetClassLongW, SetClipboardData, SetCursor, SetDlgItemTextW, SetForegroundWindow, SetTimer, SetWindowLongW, SetWindowPos, SetWindowTextW, ShowWindow, SystemParametersInfoW, TrackPopupMenu, wsprintfA, wsprintfW

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States