fa5e4d28f7cc02e6032203e969d7474a

FileName: 1012716_fa5e4d28f7cc02e6032203e969d7474a.exe
Size : 1012716
Md5 : fa5e4d28f7cc02e6032203e969d7474a
PEiD : None
Virus Total Result:
Symantec -> Trojan.ADH.2
Kaspersky -> not-a-virus:RemoteAdmin.Win32.WinVNC.gc
Emsisoft -> Trojan-PWS.Keylogger!IK
DrWeb -> Trojan.KillProc.16316
VIPRE -> RealVNC (not malicious)
AntiVir -> JOKE/MSG.B
PCTools -> Trojan.ADH
Rising -> Trojan.Win32.Generic.12C70E0C
Ikarus -> Trojan-PWS.Keylogger
AVG -> PSW.KeyLogger.AVS

FileInfo:
----------DOS_HEADER----------

[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x90
0x4 0x4 e_cp: 0x3
0x6 0x6 e_crlc: 0x0
0x8 0x8 e_cparhdr: 0x4
0xA 0xA e_minalloc: 0x0
0xC 0xC e_maxalloc: 0xFFFF
0xE 0xE e_ss: 0x0
0x10 0x10 e_sp: 0xB8
0x12 0x12 e_csum: 0x0
0x14 0x14 e_ip: 0x0
0x16 0x16 e_cs: 0x0
0x18 0x18 e_lfarlc: 0x40
0x1A 0x1A e_ovno: 0x0
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0x0
0x26 0x26 e_oeminfo: 0x0
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0xD8

----------NT_HEADERS----------

[IMAGE_NT_HEADERS]
0xD8 0x0 Signature: 0x4550

----------FILE_HEADER----------

[IMAGE_FILE_HEADER]
0xDC 0x0 Machine: 0x14C
0xDE 0x2 NumberOfSections: 0x5
0xE0 0x4 TimeDateStamp: 0x4B1AE3C1 [Sat Dec 05 22:50:41 2009 UTC]
0xE4 0x8 PointerToSymbolTable: 0x0
0xE8 0xC NumberOfSymbols: 0x0
0xEC 0x10 SizeOfOptionalHeader: 0xE0
0xEE 0x12 Characteristics: 0x10F
Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_RELOCS_STRIPPED

----------OPTIONAL_HEADER----------

[IMAGE_OPTIONAL_HEADER]
0xF0 0x0 Magic: 0x10B
0xF2 0x2 MajorLinkerVersion: 0x6
0xF3 0x3 MinorLinkerVersion: 0x0
0xF4 0x4 SizeOfCode: 0x5A00
0xF8 0x8 SizeOfInitializedData: 0x1D400
0xFC 0xC SizeOfUninitializedData: 0x400
0x100 0x10 AddressOfEntryPoint: 0x30CB
0x104 0x14 BaseOfCode: 0x1000
0x108 0x18 BaseOfData: 0x7000
0x10C 0x1C ImageBase: 0x400000
0x110 0x20 SectionAlignment: 0x1000
0x114 0x24 FileAlignment: 0x200
0x118 0x28 MajorOperatingSystemVersion: 0x4
0x11A 0x2A MinorOperatingSystemVersion: 0x0
0x11C 0x2C MajorImageVersion: 0x6
0x11E 0x2E MinorImageVersion: 0x0
0x120 0x30 MajorSubsystemVersion: 0x4
0x122 0x32 MinorSubsystemVersion: 0x0
0x124 0x34 Reserved1: 0x0
0x128 0x38 SizeOfImage: 0x30000
0x12C 0x3C SizeOfHeaders: 0x400
0x130 0x40 CheckSum: 0x0
0x134 0x44 Subsystem: 0x2
0x136 0x46 DllCharacteristics: 0x8000
0x138 0x48 SizeOfStackReserve: 0x100000
0x13C 0x4C SizeOfStackCommit: 0x1000
0x140 0x50 SizeOfHeapReserve: 0x100000
0x144 0x54 SizeOfHeapCommit: 0x1000
0x148 0x58 LoaderFlags: 0x0
0x14C 0x5C NumberOfRvaAndSizes: 0x10
DllCharacteristics: IMAGE_DLL_CHARACTERISTICS_TERMINAL_SERVER_AWARE

----------PE Sections----------

[IMAGE_SECTION_HEADER]
0x1D0 0x0 Name: .text
0x1D8 0x8 Misc: 0x58D2
0x1D8 0x8 Misc_PhysicalAddress: 0x58D2
0x1D8 0x8 Misc_VirtualSize: 0x58D2
0x1DC 0xC VirtualAddress: 0x1000
0x1E0 0x10 SizeOfRawData: 0x5A00
0x1E4 0x14 PointerToRawData: 0x400
0x1E8 0x18 PointerToRelocations: 0x0
0x1EC 0x1C PointerToLinenumbers: 0x0
0x1F0 0x20 NumberOfRelocations: 0x0
0x1F2 0x22 NumberOfLinenumbers: 0x0
0x1F4 0x24 Characteristics: 0x60000020
Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Entropy: 6.433100 (Min=0.0, Max=8.0)
MD5 hash: c69726ed422d3dcfdec9731986daa752
SHA-1 hash: 4546608e3b1a2ab1d69a34018d2ddfa7fa411885
SHA-256 hash: da167f61fb84d3c5eb7bbcad3d8fac3a1106a633803d7a6241886b22fac9e22e
SHA-512 hash: 4671540dc278bc07e76101f30288dc8533d29b981136792eea5249c9da3fbe9f0c3f54a8a4f1bcc28c481833a0782e757c0e92285eac1c6771c4fa6e2b0c9624

[IMAGE_SECTION_HEADER]
0x1F8 0x0 Name: .rdata
0x200 0x8 Misc: 0x1190
0x200 0x8 Misc_PhysicalAddress: 0x1190
0x200 0x8 Misc_VirtualSize: 0x1190
0x204 0xC VirtualAddress: 0x7000
0x208 0x10 SizeOfRawData: 0x1200
0x20C 0x14 PointerToRawData: 0x5E00
0x210 0x18 PointerToRelocations: 0x0
0x214 0x1C PointerToLinenumbers: 0x0
0x218 0x20 NumberOfRelocations: 0x0
0x21A 0x22 NumberOfLinenumbers: 0x0
0x21C 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 5.179764 (Min=0.0, Max=8.0)
MD5 hash: a2c7710fa66fcbb43c7ef0ab9eea5e9a
SHA-1 hash: 60485025c47935e745e57b6efc7042f2261b7d53
SHA-256 hash: 68b13cb687c587beff511baf9a361b9c0266769c060b1c4521cf77feb6185c10
SHA-512 hash: 1a33aa4b7b4b5afbff0c9a471710843abe0c7e9ef102d365c755735141ae8be03d8ebdec991a63f3fa9e63f400aeb1f5a726fa41d8d154b2a7b49184eb331e51

[IMAGE_SECTION_HEADER]
0x220 0x0 Name: .data
0x228 0x8 Misc: 0x1AF78
0x228 0x8 Misc_PhysicalAddress: 0x1AF78
0x228 0x8 Misc_VirtualSize: 0x1AF78
0x22C 0xC VirtualAddress: 0x9000
0x230 0x10 SizeOfRawData: 0x400
0x234 0x14 PointerToRawData: 0x7000
0x238 0x18 PointerToRelocations: 0x0
0x23C 0x1C PointerToLinenumbers: 0x0
0x240 0x20 NumberOfRelocations: 0x0
0x242 0x22 NumberOfLinenumbers: 0x0
0x244 0x24 Characteristics: 0xC0000040
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 4.617802 (Min=0.0, Max=8.0)
MD5 hash: e59cdcb732e4bfbc84cc61dd68354f78
SHA-1 hash: ffc24489dd56b406f9078ba1cb9c71e9b430dbee
SHA-256 hash: 75dcd6ea146722e46abe7b69a0c0c202d88b980baedc3c0fed0b3f37ba189891
SHA-512 hash: 458419ec7052e55920965f4ab09cd13d23fcdc75c4fd7a4402b4a8489aa0fb624792f31e2165ad1c3638b0b91db52c949f297f0865dab47ac3812639cfc1841d

[IMAGE_SECTION_HEADER]
0x248 0x0 Name: .ndata
0x250 0x8 Misc: 0x8000
0x250 0x8 Misc_PhysicalAddress: 0x8000
0x250 0x8 Misc_VirtualSize: 0x8000
0x254 0xC VirtualAddress: 0x24000
0x258 0x10 SizeOfRawData: 0x0
0x25C 0x14 PointerToRawData: 0x0
0x260 0x18 PointerToRelocations: 0x0
0x264 0x1C PointerToLinenumbers: 0x0
0x268 0x20 NumberOfRelocations: 0x0
0x26A 0x22 NumberOfLinenumbers: 0x0
0x26C 0x24 Characteristics: 0xC0000080
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 0.000000 (Min=0.0, Max=8.0)
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
SHA-1 hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA-512 hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

[IMAGE_SECTION_HEADER]
0x270 0x0 Name: .rsrc
0x278 0x8 Misc: 0x3888
0x278 0x8 Misc_PhysicalAddress: 0x3888
0x278 0x8 Misc_VirtualSize: 0x3888
0x27C 0xC VirtualAddress: 0x2C000
0x280 0x10 SizeOfRawData: 0x3A00
0x284 0x14 PointerToRawData: 0x7400
0x288 0x18 PointerToRelocations: 0x0
0x28C 0x1C PointerToLinenumbers: 0x0
0x290 0x20 NumberOfRelocations: 0x0
0x292 0x22 NumberOfLinenumbers: 0x0
0x294 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 5.220000 (Min=0.0, Max=8.0)
MD5 hash: c8c2cbe51a5e26ecb4185380705bb90d
SHA-1 hash: 8c8b0b61e4e342c58adc6ca8cb053782e4fb88ef
SHA-256 hash: f833581982767f737afd1cec0f2b885a9e8b2f5841d67f34bf61ae2516c38050
SHA-512 hash: 8ef69f5900f64680b2628c0459cf35e9d86d1b4b8fb0dfa247073cca0117b5bd2916a1a071f4be4981a6a46f7b8b16710cb8ca8527f2b3fabf693d6b00490442

----------Directories----------

[IMAGE_DIRECTORY_ENTRY_EXPORT]
0x150 0x0 VirtualAddress: 0x0
0x154 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0x158 0x0 VirtualAddress: 0x73A4
0x15C 0x4 Size: 0xB4
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x160 0x0 VirtualAddress: 0x2C000
0x164 0x4 Size: 0x3888
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x168 0x0 VirtualAddress: 0x0
0x16C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x170 0x0 VirtualAddress: 0x0
0x174 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x178 0x0 VirtualAddress: 0x0
0x17C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_DEBUG]
0x180 0x0 VirtualAddress: 0x0
0x184 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]
0x188 0x0 VirtualAddress: 0x0
0x18C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
0x190 0x0 VirtualAddress: 0x0
0x194 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_TLS]
0x198 0x0 VirtualAddress: 0x0
0x19C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
0x1A0 0x0 VirtualAddress: 0x0
0x1A4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
0x1A8 0x0 VirtualAddress: 0x0
0x1AC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IAT]
0x1B0 0x0 VirtualAddress: 0x7000
0x1B4 0x4 Size: 0x28C
[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
0x1B8 0x0 VirtualAddress: 0x0
0x1BC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
0x1C0 0x0 VirtualAddress: 0x0
0x1C4 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_RESERVED]
0x1C8 0x0 VirtualAddress: 0x0
0x1CC 0x4 Size: 0x0

----------Imported symbols----------

[IMAGE_IMPORT_DESCRIPTOR]
0x61A4 0x0 OriginalFirstThunk: 0x74B8
0x61A4 0x0 Characteristics: 0x74B8
0x61A8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x61AC 0x8 ForwarderChain: 0x0
0x61B0 0xC Name: 0x7AD4
0x61B4 0x10 FirstThunk: 0x7060

KERNEL32.dll.CompareFileTime Hint[57]
KERNEL32.dll.SearchPathA Hint[731]
KERNEL32.dll.GetShortPathNameA Hint[437]
KERNEL32.dll.GetFullPathNameA Hint[361]
KERNEL32.dll.MoveFileA Hint[622]
KERNEL32.dll.SetCurrentDirectoryA Hint[778]
KERNEL32.dll.GetFileAttributesA Hint[350]
KERNEL32.dll.GetLastError Hint[369]
KERNEL32.dll.CreateDirectoryA Hint[75]
KERNEL32.dll.SetFileAttributesA Hint[793]
KERNEL32.dll.Sleep Hint[854]
KERNEL32.dll.GetTickCount Hint[479]
KERNEL32.dll.GetFileSize Hint[355]
KERNEL32.dll.GetModuleFileNameA Hint[381]
KERNEL32.dll.GetCurrentProcess Hint[322]
KERNEL32.dll.CopyFileA Hint[67]
KERNEL32.dll.ExitProcess Hint[185]
KERNEL32.dll.GetWindowsDirectoryA Hint[499]
KERNEL32.dll.SetFileTime Hint[799]
KERNEL32.dll.GetCommandLineA Hint[272]
KERNEL32.dll.SetErrorMode Hint[789]
KERNEL32.dll.LoadLibraryA Hint[594]
KERNEL32.dll.lstrcpynA Hint[969]
KERNEL32.dll.GetDiskFreeSpaceA Hint[333]
KERNEL32.dll.GlobalUnlock Hint[522]
KERNEL32.dll.GlobalLock Hint[515]
KERNEL32.dll.CreateThread Hint[111]
KERNEL32.dll.CreateProcessA Hint[102]
KERNEL32.dll.RemoveDirectoryA Hint[708]
KERNEL32.dll.CreateFileA Hint[83]
KERNEL32.dll.GetTempFileNameA Hint[467]
KERNEL32.dll.lstrlenA Hint[972]
KERNEL32.dll.lstrcatA Hint[957]
KERNEL32.dll.GetSystemDirectoryA Hint[449]
KERNEL32.dll.GetVersion Hint[488]
KERNEL32.dll.CloseHandle Hint[52]
KERNEL32.dll.lstrcmpiA Hint[963]
KERNEL32.dll.lstrcmpA Hint[960]
KERNEL32.dll.ExpandEnvironmentStringsA Hint[188]
KERNEL32.dll.GlobalFree Hint[511]
KERNEL32.dll.GlobalAlloc Hint[504]
KERNEL32.dll.WaitForSingleObject Hint[912]
KERNEL32.dll.GetExitCodeProcess Hint[346]
KERNEL32.dll.GetModuleHandleA Hint[383]
KERNEL32.dll.LoadLibraryExA Hint[595]
KERNEL32.dll.GetProcAddress Hint[416]
KERNEL32.dll.FreeLibrary Hint[248]
KERNEL32.dll.MultiByteToWideChar Hint[629]
KERNEL32.dll.WritePrivateProfileStringA Hint[937]
KERNEL32.dll.GetPrivateProfileStringA Hint[412]
KERNEL32.dll.WriteFile Hint[932]
KERNEL32.dll.ReadFile Hint[693]
KERNEL32.dll.MulDiv Hint[628]
KERNEL32.dll.SetFilePointer Hint[795]
KERNEL32.dll.FindClose Hint[206]
KERNEL32.dll.FindNextFileA Hint[220]
KERNEL32.dll.FindFirstFileA Hint[210]
KERNEL32.dll.DeleteFileA Hint[131]
KERNEL32.dll.GetTempPathA Hint[469]

[IMAGE_IMPORT_DESCRIPTOR]
0x61B8 0x0 OriginalFirstThunk: 0x75C4
0x61B8 0x0 Characteristics: 0x75C4
0x61BC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x61C0 0x8 ForwarderChain: 0x0
0x61C4 0xC Name: 0x7ED8
0x61C8 0x10 FirstThunk: 0x716C

USER32.dll.EndDialog Hint[198]
USER32.dll.ScreenToClient Hint[561]
USER32.dll.GetWindowRect Hint[372]
USER32.dll.EnableMenuItem Hint[194]
USER32.dll.GetSystemMenu Hint[348]
USER32.dll.SetClassLongA Hint[583]
USER32.dll.IsWindowEnabled Hint[430]
USER32.dll.SetWindowPos Hint[643]
USER32.dll.GetSysColor Hint[346]
USER32.dll.GetWindowLongA Hint[366]
USER32.dll.SetCursor Hint[589]
USER32.dll.LoadCursorA Hint[442]
USER32.dll.CheckDlgButton Hint[56]
USER32.dll.GetMessagePos Hint[316]
USER32.dll.LoadBitmapA Hint[440]
USER32.dll.CallWindowProcA Hint[27]
USER32.dll.IsWindowVisible Hint[433]
USER32.dll.CloseClipboard Hint[66]
USER32.dll.SetClipboardData Hint[586]
USER32.dll.EmptyClipboard Hint[193]
USER32.dll.RegisterClassA Hint[534]
USER32.dll.TrackPopupMenu Hint[676]
USER32.dll.AppendMenuA Hint[8]
USER32.dll.CreatePopupMenu Hint[94]
USER32.dll.GetSystemMetrics Hint[349]
USER32.dll.SetDlgItemTextA Hint[595]
USER32.dll.GetDlgItemTextA Hint[275]
USER32.dll.MessageBoxIndirectA Hint[482]
USER32.dll.CharPrevA Hint[45]
USER32.dll.DispatchMessageA Hint[161]
USER32.dll.PeekMessageA Hint[512]
USER32.dll.DestroyWindow Hint[153]
USER32.dll.CreateDialogParamA Hint[85]
USER32.dll.SetTimer Hint[634]
USER32.dll.SetWindowTextA Hint[646]
USER32.dll.PostQuitMessage Hint[516]
USER32.dll.SetForegroundWindow Hint[599]
USER32.dll.wsprintfA Hint[727]
USER32.dll.SendMessageTimeoutA Hint[574]
USER32.dll.FindWindowExA Hint[228]
USER32.dll.SystemParametersInfoA Hint[665]
USER32.dll.CreateWindowExA Hint[96]
USER32.dll.GetClassInfoA Hint[246]
USER32.dll.DialogBoxParamA Hint[158]
USER32.dll.CharNextA Hint[42]
USER32.dll.OpenClipboard Hint[502]
USER32.dll.ExitWindowsEx Hint[225]
USER32.dll.IsWindow Hint[429]
USER32.dll.GetDlgItem Hint[273]
USER32.dll.SetWindowLongA Hint[640]
USER32.dll.LoadImageA Hint[448]
USER32.dll.GetDC Hint[268]
USER32.dll.EnableWindow Hint[196]
USER32.dll.InvalidateRect Hint[403]
USER32.dll.SendMessageA Hint[571]
USER32.dll.DefWindowProcA Hint[142]
USER32.dll.BeginPaint Hint[13]
USER32.dll.GetClientRect Hint[255]
USER32.dll.FillRect Hint[226]
USER32.dll.DrawTextA Hint[188]
USER32.dll.EndPaint Hint[200]
USER32.dll.ShowWindow Hint[658]

[IMAGE_IMPORT_DESCRIPTOR]
0x61CC 0x0 OriginalFirstThunk: 0x7494
0x61CC 0x0 Characteristics: 0x7494
0x61D0 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x61D4 0x8 ForwarderChain: 0x0
0x61D8 0xC Name: 0x7F6A
0x61DC 0x10 FirstThunk: 0x703C

GDI32.dll.SetBkColor Hint[533]
GDI32.dll.GetDeviceCaps Hint[363]
GDI32.dll.DeleteObject Hint[143]
GDI32.dll.CreateBrushIndirect Hint[41]
GDI32.dll.CreateFontIndirectA Hint[58]
GDI32.dll.SetBkMode Hint[534]
GDI32.dll.SetTextColor Hint[572]
GDI32.dll.SelectObject Hint[526]

[IMAGE_IMPORT_DESCRIPTOR]
0x61E0 0x0 OriginalFirstThunk: 0x75A8
0x61E0 0x0 Characteristics: 0x75A8
0x61E4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x61E8 0x8 ForwarderChain: 0x0
0x61EC 0xC Name: 0x7FF6
0x61F0 0x10 FirstThunk: 0x7150

SHELL32.dll.SHGetPathFromIDListA Hint[188]
SHELL32.dll.SHBrowseForFolderA Hint[121]
SHELL32.dll.SHGetFileInfoA Hint[172]
SHELL32.dll.ShellExecuteA Hint[263]
SHELL32.dll.SHFileOperationA Hint[154]
SHELL32.dll.SHGetSpecialFolderLocation Hint[195]

[IMAGE_IMPORT_DESCRIPTOR]
0x61F4 0x0 OriginalFirstThunk: 0x7458
0x61F4 0x0 Characteristics: 0x7458
0x61F8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x61FC 0x8 ForwarderChain: 0x0
0x6200 0xC Name: 0x8098
0x6204 0x10 FirstThunk: 0x7000

ADVAPI32.dll.RegQueryValueExA Hint[503]
ADVAPI32.dll.RegSetValueExA Hint[516]
ADVAPI32.dll.RegEnumKeyA Hint[477]
ADVAPI32.dll.RegEnumValueA Hint[481]
ADVAPI32.dll.RegOpenKeyExA Hint[492]
ADVAPI32.dll.RegDeleteKeyA Hint[468]
ADVAPI32.dll.RegDeleteValueA Hint[472]
ADVAPI32.dll.RegCloseKey Hint[459]
ADVAPI32.dll.RegCreateKeyExA Hint[465]

[IMAGE_IMPORT_DESCRIPTOR]
0x6208 0x0 OriginalFirstThunk: 0x7480
0x6208 0x0 Characteristics: 0x7480
0x620C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6210 0x8 ForwarderChain: 0x0
0x6214 0xC Name: 0x80E4
0x6218 0x10 FirstThunk: 0x7028

COMCTL32.dll.ImageList_AddMasked Hint[52]
COMCTL32.dll.ImageList_Destroy Hint[56]
COMCTL32.dll Ordinal[17] (Imported by Ordinal)
COMCTL32.dll.ImageList_Create Hint[55]

[IMAGE_IMPORT_DESCRIPTOR]
0x621C 0x0 OriginalFirstThunk: 0x76D0
0x621C 0x0 Characteristics: 0x76D0
0x6220 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6224 0x8 ForwarderChain: 0x0
0x6228 0xC Name: 0x8138
0x622C 0x10 FirstThunk: 0x7278

ole32.dll.CoTaskMemFree Hint[101]
ole32.dll.OleInitialize Hint[238]
ole32.dll.OleUninitialize Hint[261]
ole32.dll.CoCreateInstance Hint[16]

[IMAGE_IMPORT_DESCRIPTOR]
0x6230 0x0 OriginalFirstThunk: 0x76C0
0x6230 0x0 Characteristics: 0x76C0
0x6234 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x6238 0x8 ForwarderChain: 0x0
0x623C 0xC Name: 0x8184
0x6240 0x10 FirstThunk: 0x7268

VERSION.dll.GetFileVersionInfoSizeA Hint[1]
VERSION.dll.GetFileVersionInfoA Hint[0]
VERSION.dll.VerQueryValueA Hint[10]

----------Resource directory----------

[IMAGE_RESOURCE_DIRECTORY]
0x7400 0x0 Characteristics: 0x0
0x7404 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7408 0x8 MajorVersion: 0x0
0x740A 0xA MinorVersion: 0x0
0x740C 0xC NumberOfNamedEntries: 0x0
0x740E 0xE NumberOfIdEntries: 0x3
Id: [0x3] (RT_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7410 0x0 Name: 0x3
0x7414 0x4 OffsetToData: 0x80000028
[IMAGE_RESOURCE_DIRECTORY]
0x7428 0x0 Characteristics: 0x0
0x742C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7430 0x8 MajorVersion: 0x0
0x7432 0xA MinorVersion: 0x0
0x7434 0xC NumberOfNamedEntries: 0x0
0x7436 0xE NumberOfIdEntries: 0x6
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7438 0x0 Name: 0x1
0x743C 0x4 OffsetToData: 0x800000A8
[IMAGE_RESOURCE_DIRECTORY]
0x74A8 0x0 Characteristics: 0x0
0x74AC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x74B0 0x8 MajorVersion: 0x0
0x74B2 0xA MinorVersion: 0x0
0x74B4 0xC NumberOfNamedEntries: 0x0
0x74B6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x74B8 0x0 Name: 0x409
0x74BC 0x4 OffsetToData: 0x198
[IMAGE_RESOURCE_DATA_ENTRY]
0x7598 0x0 OffsetToData: 0x2C238
0x759C 0x4 Size: 0x10A8
0x75A0 0x8 CodePage: 0x0
0x75A4 0xC Reserved: 0x0
Id: [0x2]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7440 0x0 Name: 0x2
0x7444 0x4 OffsetToData: 0x800000C0
[IMAGE_RESOURCE_DIRECTORY]
0x74C0 0x0 Characteristics: 0x0
0x74C4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x74C8 0x8 MajorVersion: 0x0
0x74CA 0xA MinorVersion: 0x0
0x74CC 0xC NumberOfNamedEntries: 0x0
0x74CE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x74D0 0x0 Name: 0x409
0x74D4 0x4 OffsetToData: 0x1A8
[IMAGE_RESOURCE_DATA_ENTRY]
0x75A8 0x0 OffsetToData: 0x2D2E0
0x75AC 0x4 Size: 0x988
0x75B0 0x8 CodePage: 0x0
0x75B4 0xC Reserved: 0x0
Id: [0x3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7448 0x0 Name: 0x3
0x744C 0x4 OffsetToData: 0x800000D8
[IMAGE_RESOURCE_DIRECTORY]
0x74D8 0x0 Characteristics: 0x0
0x74DC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x74E0 0x8 MajorVersion: 0x0
0x74E2 0xA MinorVersion: 0x0
0x74E4 0xC NumberOfNamedEntries: 0x0
0x74E6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x74E8 0x0 Name: 0x409
0x74EC 0x4 OffsetToData: 0x1B8
[IMAGE_RESOURCE_DATA_ENTRY]
0x75B8 0x0 OffsetToData: 0x2DC68
0x75BC 0x4 Size: 0x8A8
0x75C0 0x8 CodePage: 0x0
0x75C4 0xC Reserved: 0x0
Id: [0x4]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7450 0x0 Name: 0x4
0x7454 0x4 OffsetToData: 0x800000F0
[IMAGE_RESOURCE_DIRECTORY]
0x74F0 0x0 Characteristics: 0x0
0x74F4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x74F8 0x8 MajorVersion: 0x0
0x74FA 0xA MinorVersion: 0x0
0x74FC 0xC NumberOfNamedEntries: 0x0
0x74FE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7500 0x0 Name: 0x409
0x7504 0x4 OffsetToData: 0x1C8
[IMAGE_RESOURCE_DATA_ENTRY]
0x75C8 0x0 OffsetToData: 0x2E510
0x75CC 0x4 Size: 0x6C8
0x75D0 0x8 CodePage: 0x0
0x75D4 0xC Reserved: 0x0
Id: [0x5]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7458 0x0 Name: 0x5
0x745C 0x4 OffsetToData: 0x80000108
[IMAGE_RESOURCE_DIRECTORY]
0x7508 0x0 Characteristics: 0x0
0x750C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7510 0x8 MajorVersion: 0x0
0x7512 0xA MinorVersion: 0x0
0x7514 0xC NumberOfNamedEntries: 0x0
0x7516 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7518 0x0 Name: 0x409
0x751C 0x4 OffsetToData: 0x1D8
[IMAGE_RESOURCE_DATA_ENTRY]
0x75D8 0x0 OffsetToData: 0x2EBD8
0x75DC 0x4 Size: 0x568
0x75E0 0x8 CodePage: 0x0
0x75E4 0xC Reserved: 0x0
Id: [0x6]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7460 0x0 Name: 0x6
0x7464 0x4 OffsetToData: 0x80000120
[IMAGE_RESOURCE_DIRECTORY]
0x7520 0x0 Characteristics: 0x0
0x7524 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7528 0x8 MajorVersion: 0x0
0x752A 0xA MinorVersion: 0x0
0x752C 0xC NumberOfNamedEntries: 0x0
0x752E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7530 0x0 Name: 0x409
0x7534 0x4 OffsetToData: 0x1E8
[IMAGE_RESOURCE_DATA_ENTRY]
0x75E8 0x0 OffsetToData: 0x2F140
0x75EC 0x4 Size: 0x468
0x75F0 0x8 CodePage: 0x0
0x75F4 0xC Reserved: 0x0

Id: [0x5] (RT_DIALOG)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7418 0x0 Name: 0x5
0x741C 0x4 OffsetToData: 0x80000068
[IMAGE_RESOURCE_DIRECTORY]
0x7468 0x0 Characteristics: 0x0
0x746C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7470 0x8 MajorVersion: 0x0
0x7472 0xA MinorVersion: 0x0
0x7474 0xC NumberOfNamedEntries: 0x0
0x7476 0xE NumberOfIdEntries: 0x3
Id: [0x69]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7478 0x0 Name: 0x69
0x747C 0x4 OffsetToData: 0x80000138
[IMAGE_RESOURCE_DIRECTORY]
0x7538 0x0 Characteristics: 0x0
0x753C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7540 0x8 MajorVersion: 0x0
0x7542 0xA MinorVersion: 0x0
0x7544 0xC NumberOfNamedEntries: 0x0
0x7546 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7548 0x0 Name: 0x409
0x754C 0x4 OffsetToData: 0x1F8
[IMAGE_RESOURCE_DATA_ENTRY]
0x75F8 0x0 OffsetToData: 0x2F5A8
0x75FC 0x4 Size: 0x100
0x7600 0x8 CodePage: 0x0
0x7604 0xC Reserved: 0x0
Id: [0x6A]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7480 0x0 Name: 0x6A
0x7484 0x4 OffsetToData: 0x80000150
[IMAGE_RESOURCE_DIRECTORY]
0x7550 0x0 Characteristics: 0x0
0x7554 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7558 0x8 MajorVersion: 0x0
0x755A 0xA MinorVersion: 0x0
0x755C 0xC NumberOfNamedEntries: 0x0
0x755E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7560 0x0 Name: 0x409
0x7564 0x4 OffsetToData: 0x208
[IMAGE_RESOURCE_DATA_ENTRY]
0x7608 0x0 OffsetToData: 0x2F6A8
0x760C 0x4 Size: 0x11C
0x7610 0x8 CodePage: 0x0
0x7614 0xC Reserved: 0x0
Id: [0x6F]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7488 0x0 Name: 0x6F
0x748C 0x4 OffsetToData: 0x80000168
[IMAGE_RESOURCE_DIRECTORY]
0x7568 0x0 Characteristics: 0x0
0x756C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7570 0x8 MajorVersion: 0x0
0x7572 0xA MinorVersion: 0x0
0x7574 0xC NumberOfNamedEntries: 0x0
0x7576 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7578 0x0 Name: 0x409
0x757C 0x4 OffsetToData: 0x218
[IMAGE_RESOURCE_DATA_ENTRY]
0x7618 0x0 OffsetToData: 0x2F7C8
0x761C 0x4 Size: 0x60
0x7620 0x8 CodePage: 0x0
0x7624 0xC Reserved: 0x0

Id: [0xE] (RT_GROUP_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7420 0x0 Name: 0xE
0x7424 0x4 OffsetToData: 0x80000090
[IMAGE_RESOURCE_DIRECTORY]
0x7490 0x0 Characteristics: 0x0
0x7494 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7498 0x8 MajorVersion: 0x0
0x749A 0xA MinorVersion: 0x0
0x749C 0xC NumberOfNamedEntries: 0x0
0x749E 0xE NumberOfIdEntries: 0x1
Id: [0x67]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x74A0 0x0 Name: 0x67
0x74A4 0x4 OffsetToData: 0x80000180
[IMAGE_RESOURCE_DIRECTORY]
0x7580 0x0 Characteristics: 0x0
0x7584 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x7588 0x8 MajorVersion: 0x0
0x758A 0xA MinorVersion: 0x0
0x758C 0xC NumberOfNamedEntries: 0x0
0x758E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x7590 0x0 Name: 0x409
0x7594 0x4 OffsetToData: 0x228
[IMAGE_RESOURCE_DATA_ENTRY]
0x7628 0x0 OffsetToData: 0x2F828
0x762C 0x4 Size: 0x5A
0x7630 0x8 CodePage: 0x0
0x7634 0xC Reserved: 0x0