Static Analysis

PE Compile Time

2013-12-25 07:01:38

PE Imphash

e221f4f7d36469d53810a4b5f9fc8966

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00005e66 0x00006000 6.41940988746
.rdata 0x00007000 0x00001354 0x00001400 5.03751118879
.data 0x00009000 0x000202d8 0x00000600 3.76004840962
.ndata 0x0002a000 0x00026000 0x00000000 0.0
.rsrc 0x00050000 0x0003b330 0x0003b400 5.25864949509

Resources

Name Offset Size Language Sub-language File type
RT_BITMAP 0x00050478 0x00000368 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 96 x 16 x 4, image size 768
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON 0x0008a4f0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_DIALOG 0x0008ae20 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x0008ae20 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x0008ae20 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x0008ae20 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x0008ae20 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x0008ae80 0x000000bc LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x0008af40 0x000003ea LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with very long lines (1002), with no line terminators

Imports

Library KERNEL32.dll:
0x407060 CompareFileTime
0x407064 SearchPathW
0x407068 SetFileTime
0x40706c CloseHandle
0x407070 GetShortPathNameW
0x407074 MoveFileW
0x40707c GetFileAttributesW
0x407080 GetLastError
0x407084 GetFullPathNameW
0x407088 CreateDirectoryW
0x40708c Sleep
0x407090 GetTickCount
0x407094 CreateFileW
0x407098 GetFileSize
0x40709c GetModuleFileNameW
0x4070a0 GetCurrentProcess
0x4070a4 CopyFileW
0x4070a8 ExitProcess
0x4070b4 SetFileAttributesW
0x4070bc SetErrorMode
0x4070c0 LoadLibraryW
0x4070c4 lstrlenW
0x4070c8 lstrcpynW
0x4070cc GetDiskFreeSpaceW
0x4070d0 GlobalUnlock
0x4070d4 GlobalLock
0x4070d8 CreateThread
0x4070dc CreateProcessW
0x4070e0 RemoveDirectoryW
0x4070e4 lstrcmpiA
0x4070e8 GetTempFileNameW
0x4070ec lstrcpyA
0x4070f0 lstrcpyW
0x4070f4 lstrcatW
0x4070f8 GetSystemDirectoryW
0x4070fc GetVersion
0x407100 GetProcAddress
0x407104 LoadLibraryA
0x407108 GetModuleHandleA
0x40710c GetModuleHandleW
0x407110 lstrcmpiW
0x407114 lstrcmpW
0x407118 WaitForSingleObject
0x40711c GlobalFree
0x407120 GlobalAlloc
0x407124 LoadLibraryExW
0x407128 GetExitCodeProcess
0x40712c FreeLibrary
0x407134 GetCommandLineW
0x407138 GetTempPathW
0x407140 FindFirstFileW
0x407144 FindNextFileW
0x407148 DeleteFileW
0x40714c SetFilePointer
0x407150 ReadFile
0x407154 FindClose
0x407158 MulDiv
0x40715c MultiByteToWideChar
0x407160 WriteFile
0x407164 lstrlenA
0x407168 WideCharToMultiByte
Library USER32.dll:
0x40718c EndDialog
0x407190 ScreenToClient
0x407194 GetWindowRect
0x407198 RegisterClassW
0x40719c EnableMenuItem
0x4071a0 GetSystemMenu
0x4071a4 SetClassLongW
0x4071a8 IsWindowEnabled
0x4071ac SetWindowPos
0x4071b0 GetSysColor
0x4071b4 GetWindowLongW
0x4071b8 SetCursor
0x4071bc LoadCursorW
0x4071c0 CheckDlgButton
0x4071c4 GetMessagePos
0x4071c8 LoadBitmapW
0x4071cc CallWindowProcW
0x4071d0 IsWindowVisible
0x4071d4 CloseClipboard
0x4071d8 SetClipboardData
0x4071dc wsprintfW
0x4071e0 CreateWindowExW
0x4071e8 AppendMenuW
0x4071ec CreatePopupMenu
0x4071f0 GetSystemMetrics
0x4071f4 SetDlgItemTextW
0x4071f8 GetDlgItemTextW
0x4071fc MessageBoxIndirectW
0x407200 CharPrevW
0x407204 CharNextA
0x407208 wsprintfA
0x40720c DispatchMessageW
0x407210 PeekMessageW
0x407214 ReleaseDC
0x407218 EnableWindow
0x40721c InvalidateRect
0x407220 SendMessageW
0x407224 DefWindowProcW
0x407228 BeginPaint
0x40722c GetClientRect
0x407230 FillRect
0x407234 DrawTextW
0x407238 GetClassInfoW
0x40723c DialogBoxParamW
0x407240 CharNextW
0x407244 ExitWindowsEx
0x407248 DestroyWindow
0x40724c CreateDialogParamW
0x407250 SetTimer
0x407254 SetWindowTextW
0x407258 PostQuitMessage
0x40725c GetDC
0x407260 SetWindowLongW
0x407264 LoadImageW
0x407268 SendMessageTimeoutW
0x40726c FindWindowExW
0x407270 EmptyClipboard
0x407274 OpenClipboard
0x407278 TrackPopupMenu
0x40727c EndPaint
0x407280 ShowWindow
0x407284 GetDlgItem
0x407288 IsWindow
0x40728c SetForegroundWindow
Library GDI32.dll:
0x40703c SelectObject
0x407040 SetBkMode
0x407044 CreateFontIndirectW
0x407048 SetTextColor
0x40704c DeleteObject
0x407050 GetDeviceCaps
0x407054 CreateBrushIndirect
0x407058 SetBkColor
Library SHELL32.dll:
0x407178 SHBrowseForFolderW
0x40717c SHGetFileInfoW
0x407180 ShellExecuteW
0x407184 SHFileOperationW
Library ADVAPI32.dll:
0x407000 RegCloseKey
0x407004 RegOpenKeyExW
0x407008 RegDeleteKeyW
0x40700c RegDeleteValueW
0x407010 RegEnumValueW
0x407014 RegCreateKeyExW
0x407018 RegSetValueExW
0x40701c RegQueryValueExW
0x407020 RegEnumKeyW
Library COMCTL32.dll:
0x407028 ImageList_Create
0x40702c ImageList_AddMasked
0x407030 ImageList_Destroy
0x407034 None
Library ole32.dll:
0x4072a4 CoCreateInstance
0x4072a8 CoTaskMemFree
0x4072ac OleInitialize
0x4072b0 OleUninitialize
Library VERSION.dll:
0x407298 GetFileVersionInfoW
0x40729c VerQueryValueW
!This program cannot be run in DOS mode.
*jRichu
`.rdata
@.data
.ndata
SQSSSPW
#Vh},@
Instu_
softuV
NulluM
SUVWj 3
@j"@^f
D$(UPU
WSWh`s@
D$$+D$
D$,+D$$P
PPPPPP
\u f9O
90u'AAf
MulDiv
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
lstrcmpW
lstrcmpiW
CloseHandle
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
KERNEL32.dll
EndPaint
DrawTextW
FillRect
GetClientRect
BeginPaint
DefWindowProcW
SendMessageW
InvalidateRect
EnableWindow
ReleaseDC
LoadImageW
SetWindowLongW
GetDlgItem
IsWindow
FindWindowExW
SendMessageTimeoutW
wsprintfW
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
ExitWindowsEx
CharNextW
DialogBoxParamW
GetClassInfoW
CreateWindowExW
SystemParametersInfoW
RegisterClassW
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationW
ShellExecuteW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VERSION.dll
SHGetFolderPathW
SHFOLDER
SHAutoComplete
SHLWAPI
GetUserDefaultUILanguage
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyExW
ADVAPI32
MoveFileExW
GetDiskFreeSpaceExW
KERNEL32
[Rename]
%ls=%ls
wwwwww}
wwwwww}
wwwwww}
wwwwww}
wwwwww}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwwp}
wwwxp}
wwwwp}
wwwwp}
55;<Oq
3:9eHRSo
h="Rc`H
NE=B`M
yaK0$06!
_2,%()@
G1Jy4"C
>DmNrb"`
U>p,t'
pttf)fs
"5BqRC+
!%R{d\+
KIO8"U
&i)O{X
MEI~P@
!i&d3Y
{>V)W*
07_e`h
'@&rQ@c
axI7W_
fLWW?#
*U:KyV
ZzzK@H
IDATL<
,N,:%,
C&Pds!
84V4iX
U/~}>h
$LLM126IOg'
q%W_y!{
LMM351
33sfbf6Y
3sLNL23?
t5[k06^
=C(r,Y
4VB.[ _
FD3r4ggR
ZEgG'K
D7u<S)6
A_A1t\
s,679u~
:kt{]t
)f&FY<s
$BU\d*
b+jJHY
N21ZA7$y*
"RI?)2
ES(9UTS!
3:Vguy
g'W./0<4
'.PSay
0I{=f'G
QY^i"EN
#DVFIAd);w
@U3TS"IA
02d195M
"s4%'IC
Ur"vLM
):kKMJ
R*l,7q=
^?DUM2U
34\gaa
SSLMnc
h3AW4&
,GST4Meu
]&MstUG(
ZH-ctx';'
$Ms._:
Y3>:b>
bE#<B6
K/]d{g
?f|tH:
PV%J5^
k+`-{[
DH^dHUq
;-&{3Z'
UFYfTe
ZxN@U7b
AGS$5I
4zL$([
4rf@XK]
`,'7Ns4
5Zijk(
$Nm0YBnr
^GQy5n
7s)8yb
iBR[l]
2&t@(E^
Y^jC-i{C
\mi},m
xqH;h1
M(KK<K)fcn=
[p<[QH
Q2DIEV
Vk2O`z
(`gwJ^
om1K+|7
*r6nm
C]6(kQ
)c4v~E
=|/UYr
#5Eah*M
tSa,Dq
qhtMQ6d
8QH^hz
z]66vx
>{{SVWV
P8Rqk{L#
kM^edU
}GX]^f
FQK:CP
EHE[8$
'tB<7bsc
up}!U
!z.BI&
IDAT*+Y
1UCEMa
Q,1T`$
[KUe4uM
!R9,-vQ
9sO)EY
c|/da0
f3\+q0D
18R!LCoa
U[;S5
X.002@7i
9.3suZ
y`d4Z-
c?P*{cR
O=ymj~
~#'@Z*
]r#GT=
6K*5Fje"
0P+\g)
Ipmrnz
5K W=OC
|$h4:s
#$$amp
!#[hsw
#$;(/0
6==S189
KVW-IUW
DKK\5?@
IRRh"''
$((<6=>
(.-=3:;
!!::BC
"#3078
"!@9BC
$**A3;<
',-P>HI
7@BI%-.
CLM^6=>
8BB8P\^
ISSjJUV
CLKRKTU
/458T`a
"&&DR^`
KVX{ &&
=EF?/78
]jl^ITT
OZ\4aqs
JUXsDPR
k7Q%3Q$
2$96$nP
8T9PT&
II&6#7QQ8YY&XS2
XK695#29VZYXA]mQ<2
{X77KTY8Yl
iWPS]S
IKI$WZQin
~L8/6LlZl
~7=9""W
3#Lnh::h
L22=@iiV
uuQ7RK
8@B_Vdh
>1>GPt!~
yIM:ImrtV
vI)4*bSS
s4 55M5I
qGG9M^PTI*)y
WDMXv]b
I*#^d\_Sc
rGFI9AaA8
PH$ 2,5
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0a2</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInst
=BO_/X
L%I(YV
0$;9cPy
f ?Z$G^
k^ O_x
=M(4=1
Y[C7yy>o
D<pM'$
J'2_v5
EK3?v=
VUa!0`
e`fIfh
_Q$$w&B}?
co<$?|
h,CB"C]
2'J]'?
:l."5j
Pa%~0_/
<[zL#8
$YKPq
ZrSC0
]sQmAn6%J
McZW-}y^
l~$QvNh
=({"*m
E)A[v\
7Tm,Z T
cc*?<ZO
l-:b_<S
#a`J59;P
XH0lo
1Ji?Wyyg
j0Uqe=
~h6o9L
<c|z+4`
I5aI{r$
B?R}7^
zfW$||1
?uXDCP!
-bWgEmU
x]1hwk~
I0V#sG
yP*TZIL
&V;nbY
(mIHJt
)QzvpP
m`E^RS
s#Jz"_
'UAu}Vi
/4G4"M
g5gGz'
gE(%n8
R&oj3h/U
Gbw5td
vH)eF#
r8=fX?
C9<%]X
0|e%)"=
6%JQ4S4
n},9I+50
h;C<S,
&L"}82L
-y6Dq
JVkMDo
\J;|RAZ
DZXJ5SH
"Mqp6
IkP$r1w
KjJn$!n
QmHKTq
5jXn_DD
wqdly_
]5X:NL6
LK'Jm?&
^P{f>~
`d'Ob-%*Cb
b;(I[8
L:0Y]-
L$.9-J@'^'
Lq3"zCz~
\b{G~4
+zHG,ysr
P`LR]x
kj}l):%W
!be_DVi
'"!pV^/'
/w2z[$l
W m)jZ^%A^
z&o1B!u
xq~H%Y
\;'{_T
& Zzj8~p
O.I`t.
T(O9'^K
cV5#RIa
U{/p\J
+c/$;n
Ocp'Y
&MX@_8
0F4I"g
[`]DN)
NT(<:"
"zvE#vK
zMeCX)
^sZaw\
-V^Mnv
Ke#K^_
uFCm_3VL
)W6-Bh
XY~P_j5
hHH:o!j
7_$VtE
ez)ZX!
D<KO76E
c^=v^y
;;f\MB
m`q+0B
np,~X_H
{d9*=B
76z"{y
6nPcZf
P-p<ho
#Vo(rn
YX:<*u
:G.ZbR
Y~2]BD
.+sYv2=5
,?0RX/GK
sZ?+"v
.layPq
#P<Z@D
N7;>}I
p3yx{|8V
=8NSWWw!
[_=l(d
I6=l/4
f#>Vw!t9
{u$vu*n1
P}"%>2]
qJQ({nHG
NBZJ9o3B
\`M>q%
]+poP
,@!A;
@< vV)R
Mngbj<
0n#E'#
~f2to\P-
@k(G4"{
]" I.#
{otQXN
8'[!oa
gmP1pjf
`pej#;
jZfx$Q
OJk33YQ
QzdVb&
9E>Tp=
V2f&\{t
b~Pn3.U
_N;Jmz{
,U.-v]~
M@f:kwpF|I
%M>[pH%
r(IH|3
{cL-L~
.7|pjU
^'np=$
ua?BE
_8S;sf
H4l-m"
g.!=Sd
~Zg}@$3n
LILS2%
3dcF'M
+!x07L
v8*Fz
NR(QPpT1j
!|U-C_
-QD;._g7,
3/boyg
io_<z%
Ymx[nC7D
>VDdx2
AD,X+~
3k@v)]
Xph6{x
3'?G)6
-*=pSQ
B_(Uh}
SbBe-,
oX:S3"
ZB|}zkC
*,\H}p
;h?MRF
|gX= )
r"/q(1
G"hw~L
2t%$QU
5yI ']
p;p)'=
]lw1:8
T~#tI)
TD0]DM
EFC!Z[
yRw&kM3]
vxR5zX
`Fk_<z
[Yc11r
=^s&h4
RpY(M7
K}~|1V
";SMJn
%&g|i?>
F b&Ys
%Y2ZXF
6-#;
j#LRq)}
S2'PHSxAXfa
j1YMXh>
u$v,_
Aj8_]P
E?/miS;Y
jsT[%
3&A<'X
@Su3rx
(p`k"0
=]=1;
wmF^.y
/Pj2#D
s\Sv_e
DQ3%8o
]$'TVx
B&6edSQ
$3Q$Dq
6yQWU9.Vn`
?>k_n
OcrUFu~=
"wUll.yGw
Nk14D5
VZM4*a
"YGqg~7
J!ymx:
kcZ!q
`Niqrz
&<z8D6
34@S%;
bN9AnStJ
a]<"FE_
_@4HA<\8
.5Glz64
id*7J
1C, BK<
1uWVH0
oXXZRB
=hKe~E
#!k]dM
^OI4+1o
C<[.7
,bQb+'
f~'i,c
0vp$ov
|I8nOn
.xd5*2
H/i"L3
\g|Dtw2
d/K}^a
LR'u|`[
P-#%<;
$p89,8
(Y&Rc/
_9K4kd
xDD}Zr
V:>9FR
da(& v
z@d|0{
_<N{Zw
x2e_GX=
}pNDmg
PZ`fW;
&k0TS|
OmQ]<^
ZBk&"F
><+^9bM
X<oy <
zg)GhV
Eo"BTb
Unr]|x
CoDixX
0*v%(4.F
QV|jo
pJ:^`w
4QK[zD
1duVuZs
C"Fg O
6.YN!K
Y_w+1-
{hkIP$
\zIzU^
I{bf%:
n "d(8^eD
z~^R4
q`@cqv
<RJ[&(
oO8~}t
lbp-UI
j#&w\;_z,
{,09AE
;%]0?q
x_eSUY
8%U%u@
Kv#\w2
TM-CF1
W\r!6nFR
7`#sHIH'
TPcW#<
b2P[aP
ESiWag
i#_31`
=!@6Ct
NrG~ tL
r^/[@?
$ySQs~
Gh:ocV
<;Fu0gcxy
\WFnuq
SdG,te^
SxK\89
nD#wU0
@SF_S&
9!bNn(
Mxf%CY
F8\+Ob
ot<l~3H@
,]^d&J
oJ&C4Zm%
w:Y4Uu
s^&YoO
{`W >X
:L?Z-T
5|[[qwY
t%K3j
;epWAw(
q{J9(-
}|6, k
Y"S]D>
Xl>(rve
o ,D4b
jDtJeT
nV+``_
<e]ZE|
;\,8mO
<_N^sp
&}C=&N
yOb*Z"
&N5\eN
`b9=Y+
zXHi$?
qY6.J
sTukJ[
C<5z}0
(yds\#
T+"Y[.
3<g!XY
3wh<+|
e1aZ\Y
A6I5)*
E0#OE@d
1e =HE
6jN_r%
.CINZ4v]/@i
Z/i5<tn
lj`cGw
l1>sT/
pNi|q2
Et%2S)g>
.KK]vT
q7NAP}8
i[(_ 1 |
*=}><%
<Iw7_;
_FtFu8?
hU^k!w
X)WVh{
ZMk1o%y
7M&&b'
w,$<J7
I3 Pwp
0)UjO-
4AXFKr
R(fBe9
h/KYUX
6 S_x,
emEJ%.
FRf@/a
nq;M%
W}y8ol
YV]Hu;
QkL"Il
*.ZGf\
,W"m)T
NA8rn_
jBMc%S
;=2uso
64!6}m
H&OuqBZ
tUtCq1
|QXkay/
bb/fmw
8vz~OB
'\[rL&U
5H=>er6
F#R6Aap
8FccJ7
:w[PW/
>j+e" e=Xv
ll2e]Q#
\2V.S|
l/<INo
1@@lV=
NQ!V`8]
`|$v[$?
DEr@d-i
ZCidFD
?6[.6x
)F6$d}
Z,4ftR3
,h4bz+{&_
c<YGkY
'&$ZP
5?cpq$
Tztm{F
:wz.^v
s{h`C9
,#(xWd
clVIJt
,%"MG^
6<,L(2
@yH3}Z
Bey2H`
wipaiy
ULZ4TD
h"!gZ<
gBO:+S
3WME.zW{
M*f`8
y_7B\t
2RKj1W
s%R0%Xz
K%4QEg(
x2[Z[S
mPetE1C
I$o<S
@iN (;
9 v/9a
u6rxg-p
6t^|rw
9<;fl=
L8:=<H
%r-VNH
JHx?9B
)d0Sqi
9xmEu|
yNeXANn
Y:`v(c
)t+:U}Q
(yFW,9y
8]>vaV
nN}$Dy
vR%Za~
n9IgXcf
%V9g!R"
:)Z+kak
JkT-2+
p[*AfKTUF
_VLUd^
,Eeult
`AL 3
HM>x{q
nThPvK
xzA'JU
+\)\Qh
8F^%3?
sCY3P+
"dlqE(+
);9,MB
tc+"ro
(]c1oi
&H T||
1-abqj
@-'|$K
F&&b!~vU
fG%oo q
;"_L]du
F5-)3_
G\+Dk_)
tQy{,g
QvRG'q_
luMUD6\S
[>`^B
&C|e&
\'z9fON
,<)jTQ}x>
Jk!iL }
5)C+LN:
.}&\8
cP*A>ES
#)Nyth
N}/#16
Q6K.q.I
Hr1=g'
u]S/1L
GvY":n
>G["Dk
/5A3!
?F2/\G
6>hRl}W
9`[ $h"
nFbc78-b@M
bvs"@4v
L|n.&lt!-
7KsI<n\
T*{78Gc3
=]~+'Q
^Qy:ki
@*8BrU
"w6j0L
D!ON{PY
9/qYDd^
JjrUn!
ohBNj[
u6%0!p6
x4;[!H
hih\dW
OMi[^s\
=.?>>;*
|HfqT9
XN2Qs4
VYl#_
e=@JNjw98
2q,QI|
h~EO`W
R9fW{tK
mW;0jc
f0,:d3V
G\e0wJ
0jGn9T
5IX2uA
"ph0&4
T.<fBb
kv+zy[
Y...pj
1%Q@FM
^tz Vk
L.)epc
%nyTKqP(
$9vjmY
lQ)M, j
!Mq)_l@
j3d:*y|
K"}G2]s
?QCX?:Tg
*D)s9{
0673^N
\U=s;I8
n+ddO'
M#zp,S
0l1%GC
['gEj!i
JSMUhKsw%
_"Gj>
z%213Vs
K6fltO
^8nyg.
2Gq xy
L|<v[l
VbvC6J
ia:9Jr
<CaC5=
gJgI)(
\g/<p8
,VwlPMS&
I/P zY
kYqf8^
-qKfit
Exkc!o
.li)Oi
x-x4(St
aYLs@d
Wx'c%;
~X(6BM
9f~5d&
#jd#An
}uc.!
g^NrL&
tGQE]F
3tDbRJ
NI#7Yr
QrPsfDo
~49HZX
:GNwecc
b{K,Y9g|
U|D@YYu
kur#Rp
oF'07w
#f$-k_
ZNQ /|
n~*7{S3Dd
)X$#XZ
O 25)d{
;BO@@$
u_uh]h,B
gUCIQ4?u
:2m06L
Gg2|M"H
TRV]W)
mOVh7p
7H[QP4
~q>Vkg@
xsSL4qs1
gxO&S
"qc2yyRh!
Y"Dff
c9_7S=
DU[V\k
sjjGCbI
+)=hFa
#G_w\u
Xj&vfdj7
Xu)v;u
Kq=Z7@RD
rjFSWB
1{Vs%*&0gm"w{
[A>[.aA8
RX_${<
h+L W_D
|%oXBZ
\BY*A4mG
rzuh}1
~+;'Z
5m7<rVQnv
y\7X}:h$
=l9<%D
$,[UtFD}
J6nViR^
X_LP?}
.\*z+Su
k;J0e~
t=xmvx?
#aoHme
aH%H#L
q]MU>F\
^aOa?q
t;jSA-l
;F2RW.0*
.&}et|&
\w%[J|
5A-CUd
5F-GHbc
V\NbVP
iGVOgD
]c$7DmC
N~WPFz
V&JsF}
w]!9)&^C<$
Eta#!~rD
ANR"e1
M.@z}{
0}Xo&e
2(iE^3
BnA2\T
;q0/x".
:wUxa_:
^{adf0
V@{4}]\
v;mT)r
Qv|![f
!ZGzmt"
%0q@[7
F D@T}o
v(@c_Efn
WJLC2u
rqa8Md
TM}}kje
R7~fU&
?!^5lc_
@LIm)N
$gPJ@m
*wMv@(C!1.
<kLFkm
#nL6S)_G
)+,^zQ
BFthB2"
{L2gI1%st*%
[=>[t"
`44 16>
<<Y~%Y
0nDX=K
l6%4(9
mHkJ{|f\WE
+CgC7w
:6u&`T9p
|=KkGz%
AVt*(f*n
j_Ia-/
VL{h.@8
"QL,.E
(B57X8
OM{uNz
i"JgY^&
ZtJYH\
;{h90%
Uwi>vk
z??VY@
p$o=&|j
&#bC^r
neqP.2%
S0hF1kn
`Q=QIw
&"FK[!
P=\V36
~@Bj}6M1
J9RnlJS
K6/15#q
U]TQG
fMXd~}
lV6H9s
jHa9=&Cz
OQ'f4Q
S9oF\J
|tR@na\A
#o15Hg
Xw ##k
3c>Jy*.r
,.AL -
Z*WvYq
^G-F2m
&o1l|n
dI|`j5
60[9-Q
yY$-ct
S.]#gXK
`nT.d%Y
U0'S`a
gGxkw=F
WI%eyh
%wfk/e
zt--Ep
neLA6vK
r'hHB$~
nz1z+@
7-?T@Z
W"y**S
sqbcf%&y
7/yBn=
.R<YZj
A)9{gi6
P u"Y>
l#Z[Sh5
^V+N'D
\"R@'t
#v&y>}
t(o$MS(bF
zq*Tj,
3t2jP@
C_gE*S7
gN\k#A
|#Vhl0
%I*4D3^'
pNT;hD_
!/,K24
H?s2z<
WrHs}`
poG0@\
Sn lj{
d>:u*p
l3e.ns
SM2fl7
RichEdit
RichEdit20W
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
verifying installer: %d%%
unpacking data: %d%%
... %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
~nsu.tmp
NSIS Error
%u.%u%s%s
*?|<>/":
MS Shell Dlg
MS Shell Dlg
SysTreeView32
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.GuLoader.4!c
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Genericml
Skyhigh BehavesLike.Win32.Dropper.jc
ALYac Trojan.GenericKD.75932461
Cylance Unsafe
Zillya Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Clean
K7GW Trojan ( 005c2c201 )
K7AntiVirus Trojan ( 005c2c201 )
huorong HEUR:Trojan/Injector.ba
Baidu Clean
VirIT Trojan.Win32.GenusT.EREZ
Paloalto generic.ml
Symantec Trojan.Gen.MBT
tehtris Clean
ESET-NOD32 NSIS/Injector.DNH
APEX Malicious
Avast NSIS:InjectorX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Agent.gen
BitDefender Trojan.GenericKD.75932461
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.75932461
Tencent Win32.Trojan.Agent.Aujl
Sophos Mal/Generic-S
F-Secure Trojan.TR/Injector.bpooo
DrWeb Trojan.Inject5.17805
VIPRE Trojan.GenericKD.75932461
TrendMicro Backdoor.Win32.REMCOS.YXFCDZ
McAfeeD ti!7DCA3DBF4A0D
Trapmine Clean
CTX exe.trojan.guloader
Emsisoft Trojan.GenericKD.75932461 (B)
Ikarus Trojan.NSIS.Agent
FireEye Trojan.GenericKD.75932461
Jiangmin Clean
Webroot Clean
Varist W32/Trojan.DWOU-1399
Avira TR/Injector.bpooo
Fortinet NSIS/Injector.CKR1!tr
Antiy-AVL Trojan/Win32.GenericML.xnet
Kingsoft Win32.Trojan.GenericML.xnet
Gridinsoft Clean
Xcitium Malware@#2eo9bpbd93847
Arcabit Trojan.Generic.D486A32D
SUPERAntiSpyware Adware.Linkury/Variant
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.A!ml
Google Detected
AhnLab-V3 Downloader/Win.GuLoader.C5736681
Acronis Clean
McAfee Artemis!0519C157D2D7
TACHYON Clean
VBA32 Trojan.GuLoader
Malwarebytes Trojan.GuLoader
Panda Clean
Zoner Clean
TrendMicro-HouseCall Backdoor.Win32.REMCOS.YXFCDZ
Rising Clean
Yandex Trojan.Igent.b3ZEnl.11
SentinelOne Clean
MaxSecure Trojan.Malware.336863331.susgen
GData Trojan.GenericKD.75932461
AVG NSIS:InjectorX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan:Win/Wacatac.B9nj
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) NSIS:MalwareX-gen [Inj]
C4S ClamAV (Linux) Clean
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Troj/Inject-JYK
Bitdefender Antivirus (Linux) Trojan.GenericKD.75932461
G Data Antivirus (Windows) Virus: Trojan.GenericKD.75932461 (Engine A)
WithSecure (Linux) Heuristic.HEUR/AGEN.1381105
ESET Security (Windows) NSIS/Injector.DNH trojan
DrWeb Antivirus (Linux) Trojan.Inject5.17805
ClamAV (Linux) Clean
eScan Antivirus (Linux) Trojan.GenericKD.75932461(DB)
Kaspersky Standard (Windows) HEUR:Trojan.Win32.Agent.gen
Emsisoft Commandline Scanner (Windows) Trojan.GenericKD.75932461 (B)
Cuckoo

We're processing your submission... This could take a few seconds.