Advanced File Analysis System

CREATED / DROPPED FILES

File Path	Type and Hashes
D:\_R_E_A_D___T_H_I_S___SIZ9T2UH_.txt C:\Users\user\AppData\Roaming\microsoft\Outlook\_R_E_A_D___T_H_I_S___0Y9M_.txt	Type : ASCII text, with CRLF line terminators MD5 : 1c85f3fba77c5644a17161fc914b11a8 SHA-1 : cd4e1b64656516a9145c4ab3445a72ee260042ca SHA-256 : 2c6a94c8cb01c436781b94deedf3b03c247d95e98f2b04875afd1c5d0d0434a5 SHA-512 : bc0b5979f736b886c49aea399b5345bc964d390b4a891d973ee58cadf96de9447e7b04aadc20b141684844741dffc14c2b52b10c3e566358481b2465938f321f Size : 1.36 Kilobytes.
C:\Users\user\AppData\Local\microsoft\Outlook\RxPSr5YUl7.97bf	Type : Microsoft Outlook email folder (>=2003) MD5 : 56b7ec6297716c13a2930b621c1b3c3b SHA-1 : 97cb16312726562ff8fbc6afd0f341a4f8792fef SHA-256 : 99c94821874661d7c7ef6b3d80ad4391050929820682cddf8f754860736667d1 SHA-512 : 86c389d5dd7bb71d4ec99d487f2fa757a0e850e6ea11f82d49f78196228bb5176df94db960fc106d08de65f26d04cb16065dbfa668c737562eb5f026d762c488 Size : 271.78 Kilobytes.
C:\Users\user\AppData\Roaming\microsoft\Outlook\U0zWeuumVq.97bf	Type : Composite Document File V2 Document, No summary info MD5 : c4d154e1c4bca0bfc68d092d2e30654b SHA-1 : a028cf89fce5a948da74d6feb9bc46d4cf26449a SHA-256 : 796a4009c4c5850eeb3d04dd2e3c2ed8dc5f0c8b77bf074488dc4f614c564640 SHA-512 : 89beeffe2d2157e2596cedeb991e004f1281f4c482427ccf553ccca1014a829b56be678caf43dd614c2b6f9902c14114bcc2cf03bb32496ef8cd5023fb3d73d1 Size : 2.98 Kilobytes.
C:\Users\user\AppData\Roaming\microsoft\Outlook\0g4yPMug6i.97bf	Type : XML document text MD5 : 87385958e283c062e59cbd7102fe24ba SHA-1 : 6dc5002b8cc7509b2f28ebfad57eecfa03971e33 SHA-256 : 7a93156072cda78e85c31ddf149429cdc4ac7417686f16e4abce056609421af7 SHA-512 : bdf70ffe9367dbaa5afee8472b5770ad784da4d5e2f1bc637417e5c85ee1a1394940f8519183d125c2a99ea14fce92d54ca75087a147a28f8c5f238144520d2a Size : 3.447 Kilobytes.
C:\Users\user\AppData\Local\Temp\8902607b\40b9.tmp	Type : ASCII text, with very long lines, with no line terminators MD5 : 56bebe2a3b89fa49a75796e577df1026 SHA-1 : 16f40f1a8961bbc295790ebc379f4cd92cda3be5 SHA-256 : 247704b2bf39d5f8d491a6b910168d7d0966a527384b0ce5b8727e898f0015e1 SHA-512 : 8530db7b51a719131512d2f72a5e19c73a0ea90431df89b3025c279bd535098cc33b2ba5b02d8385eaf70e9e1f8e5c15b51a61dd4050d4afc5fe420b6a6209ef Size : 0.344 Kilobytes.
C:\Users\user\AppData\Local\Temp\8902607b\cafe.tmp	Type : b.out overlay separate pure segmented object file V3.0 86 Large Text Large Data MD5 : fb0f30181f7f4597752c8677b234ee32 SHA-1 : 6a1c808ddc3c75978202fedcda4e1af38bb4bbe6 SHA-256 : 6eb86bd7ca437beb2c4d61659edfe13607712c07463010617de78622f65f12df SHA-512 : 758c29a0f142fd829d5027b352594abcf67d5fa311e80837b5dfb05af1a0aa6781721d02ad0724a109f37e9afc600fbde5851ff47a944e79b6067da736053ce7 Size : 0.13 Kilobytes.
D:\CPbJPOO7nE.97bf	Type : data MD5 : d27721c778a037aae8afbf9af6db23dd SHA-1 : 6de5208d8999a7368be4395cae52a558eb003316 SHA-256 : 9b8667524ed96b50d41b8202dc986aa0391e22774ffbf29904a0e7480c6f4374 SHA-512 : 94bff6fc9d981a6cb6e89ae189770c831a5ce218e303a279126b46e4fb1073e3f86a6a9e4f610990491a54f9a69737b0519454b72061fc6bba05482e6815ce5f Size : 6.989 Kilobytes.
D:\_R_E_A_D___T_H_I_S___V5BE_.hta C:\Users\user\AppData\Roaming\microsoft\Outlook\_R_E_A_D___T_H_I_S___JN4MMCO_.hta	Type : HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators MD5 : c54e894b3139f7eff2ca1b1e3906b86c SHA-1 : f07bc3e64a7925147f4ec5e56483b2dec3ef9f5e SHA-256 : 382e8187f6da6e032c178334e310c2a78075419b79ff9410c78295e8d1637eba SHA-512 : 8d382a2cdeaec0038543ab6ed013ed1a2432ce479d0b53d275cf7dc8da82f7ca6650cf29e0ebb71f301acbffdab959e9ecf1f6db2a9ec64b6e95e3bd2204a268 Size : 77.335 Kilobytes.

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	2
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	0dddca0add163af6238f2b68bc25a88ada1f35d5
MD5:	cc52ba8f6f250704f6ed9139a242382f
First Seen Date:	2017-05-22 08:24:48.646232 ( 2017-05-22 08:24:48.646232 )
Number of Clients Seen:	7
Last Analysis Date:	2018-08-07 13:56:12.808825 ( 2018-08-07 13:56:12.808825 )
Human Expert Analysis Date:	2020-12-06 13:50:28.374153 ( 2020-12-06 13:50:28.374153 )
Human Expert Analysis Result:	Malware

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	4
trid	[[41.0, u'Win32 Executable MS Visual C++ (generic)'], [36.3, u'Win64 Executable (generic)'], [8.6, u'Win32 Dynamic Link Library (generic)'], [5.9, u'Win32 Executable (generic)'], [2.6, u'OS/2 Executable (generic)']]
compilation time stamp	0x59229958 [Mon May 22 07:55:04 2017 UTC]
CompanyName	IObit
entry point	0x454a40 (.text)
machine type	Intel 386 or later - 32Bit
file size	452608
ssdeep
sha256	b076d68a304f781505c27fd7e6b2c7d1d247aa676f5fda360c86718ce0920712
exifinfo	[]
mime type	application/x-dosexec
imphash	fe97a329c0136b1755732853ef345541

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0x5450e	0x54600	5.60898088057	47f65ab5880a617e4b17d686d29e0980
.rdata	0x56000	0x2248	0x2400	5.44278324885	01658a0edbe083c39e299d57aaf37960
.data	0x59000	0x71c	0x800	4.17726006954	e2e4624986edd8db71cc356ae5a1438f
.rsrc	0x5a000	0x17070	0x17200	5.85967888392	2f3c4406275f887d7075c80fb94156dd

PE Imports

KERNEL32.dll
- WriteFile
- WideCharToMultiByte
- WaitForSingleObject
- VirtualFree
- VirtualAlloc
- VerifyVersionInfoW
- UnhandledExceptionFilter
- TlsSetValue
- TlsGetValue
- TlsFree
- TlsAlloc
- Thread32Next
- TerminateProcess
- Sleep
- SetUnhandledExceptionFilter
- SetLocalTime
- SetLastError
- SetHandleCount
- SetConsoleScreenBufferSize
- RtlUnwind
- RaiseException
- QueryPerformanceCounter
- MultiByteToWideChar
- LocalFree
- LoadLibraryA
- LeaveCriticalSection
- LCMapStringW
- LCMapStringA
- IsValidCodePage
- IsDebuggerPresent
- InterlockedIncrement
- InterlockedDecrement
- InitializeCriticalSectionAndSpinCount
- HeapSize
- HeapReAlloc
- HeapFree
- HeapCreate
- GetVersionExA
- GetTickCount
- GetTempPathA
- GetSystemTimeAsFileTime
- GetStringTypeW
- GetStringTypeA
- GetStdHandle
- GetStartupInfoA
- GetProcAddress
- GetOEMCP
- GetModuleHandleW
- GetModuleHandleA
- GetModuleFileNameA
- GetLocaleInfoA
- GetLastError
- GetFileType
- GetEnvironmentStringsW
- GetEnvironmentStrings
- GetCurrentThreadId
- GetCurrentProcessId
- GetCurrentProcess
- GetCommandLineA
- GetCommMask
- GetCPInfo
- BeginUpdateResourceA
- GetACP
- FreeEnvironmentStringsW
- FreeEnvironmentStringsA
- FormatMessageA
- FindNextFileA
- FindFirstFileA
- FindClose
- ExitProcess
- EnumLanguageGroupLocalesA
- EnterCriticalSection
- DeleteCriticalSection
- CloseHandle
- HeapAlloc
USER32.dll
- GetProcessWindowStation
- IsIconic
- EndMenu
- GetOpenClipboardWindow
- GetClipboardSequenceNumber
- GetCaretBlinkTime
- IsWindow
- CharUpperA
- GetActiveWindow
- PaintDesktop
- GetWindowDC
- IsCharAlphaNumericA
- GetDesktopWindow
- CloseDesktop
- GetKeyboardLayout
- GetInputState
- IsWindowVisible
- GetMenuContextHelpId
- GetLastActivePopup
- CloseClipboard
- LoadCursorFromFileA
- CharLowerW
- IsCharAlphaNumericW
- DestroyCursor
- VkKeyScanA
- VkKeyScanW
- GetQueueStatus
- GetSysColor
- GetWindowTextLengthW
- IsGUIThread
- CharLowerA
- GetDialogBaseUnits
- IsCharLowerA
- ShowCaret
- GetKeyState
- GetMessageExtraInfo
- GetTopWindow
- CharNextA
- IsCharAlphaA
- DestroyIcon
- UserHandleGrantAccess
- TranslateMessage
- TranslateMDISysAccel
- ToAscii
- SystemParametersInfoW
- ShowWindow
- SetWindowTextW
- SetWindowPos
- IsWindowEnabled
- SetTimer
- SetScrollInfo
- SetMenuContextHelpId
- SetForegroundWindow
- SetDlgItemTextW
- SetClipboardViewer
- SendMessageW
- SendMessageTimeoutA
- SendDlgItemMessageW
- ReplyMessage
- RegisterClipboardFormatA
- RegisterClassExA
- PostQuitMessage
- PostMessageW
- OpenIcon
- MonitorFromRect
- MessageBoxW
- MessageBoxA
- LoadStringW
- LoadKeyboardLayoutW
- LoadImageW
- LoadBitmapW
- KillTimer
- IsCharUpperW
- HiliteMenuItem
- GetWindowLongW
- GetSystemMetrics
- GetSysColorBrush
- GetScrollPos
- GetMonitorInfoW
- GetMessageW
- GetMenuItemRect
- GetInputDesktop
- GetDlgItem
- GetDlgCtrlID
- GetClientRect
- FindWindowW
- EnumWindowStationsA
- EndDialog
- DispatchMessageW
- DestroyWindow
- DefWindowProcW
- CreateWindowExW
- CreateMenu
- CreateIconIndirect
- GetMenu
- LoadCursorFromFileW
- WindowFromDC
- GetCursor
- CallWindowProcW
- ChangeDisplaySettingsExW
- CharNextW
- CloseWindow
- CopyIcon
- SetWindowLongW
- GetThreadDesktop
- CreateIconFromResourceEx
- CreateIcon
- CreateDialogIndirectParamW
- IsMenu
GDI32.dll
- GdiPlayJournal
- GdiPlayPrivatePageEMF
- GdiSetBatchLimit
- GetCharABCWidthsFloatW
- GetCharABCWidthsW
- GetCurrentPositionEx
- GetDeviceCaps
- GetEnhMetaFileW
- GetFontData
- GetGlyphIndicesA
- GetTextExtentExPointWPri
- GetWinMetaFileBits
- ModifyWorldTransform
- NamedEscape
- PathToRegion
- PolyDraw
- ScaleViewportExtEx
- SetDIBColorTable
- SetMetaRgn
- SetPolyFillMode
- SetROP2
- SetTextAlign
- UpdateColors
- GetSystemPaletteUse
- CreateMetaFileW
- FlattenPath
- GdiEntry8
- BeginPath
- CreatePatternBrush
- GetTextCharacterExtra
- CancelDC
- GdiGetBatchLimit
- GetColorSpace
- EndPath
- EndPage
- SaveDC
- SwapBuffers
- CloseMetaFile
- GetDCPenColor
- AbortDoc
- GetTextCharset
- GdiFlush
- FillPath
- CloseFigure
- GetTextAlign
- GetMapMode
- GetBkMode
- GetStretchBltMode
- CreateMetaFileA
- FillRgn
- EngTextOut
- EngPaint
- EngFillPath
- GdiDeleteSpoolFileHandle
- GdiConvertBrush
- GdiAlphaBlend
- FontIsLinked
- DeleteEnhMetaFile
- FloodFill
- EngDeleteSurface
- EngCreatePalette
- EngCreateDeviceSurface
- DeleteObject
- AbortPath
- CreateFontA
- CreateCompatibleDC
- CreateColorSpaceW
- CopyEnhMetaFileA
- CloseEnhMetaFile
- AngleArc
- AddFontResourceExW
- EndDoc
ADVAPI32.dll
- RegSetValueExA
- CryptReleaseContext
- RegCloseKey
- RegCreateKeyExW
- RegDeleteKeyW
- RegDeleteValueA
- RegOpenKeyExA
- RegQueryValueExA
- RegSetValueExW
- RegQueryValueExW
- RegOpenKeyW
- CryptGetHashParam
- CryptDestroyHash
- CryptCreateHash
- CryptAcquireContextW
- CryptHashData
SHELL32.dll
- SHGetFolderPathW
- CommandLineToArgvW
- ShellExecuteExA
ole32.dll
- CoUninitialize
- CoCreateInstance
- CoInitialize
SHLWAPI.dll
- StrCmpNA
- StrStrA
COMCTL32.dll
- CreateStatusWindowW
- ImageList_Create
- ImageList_Destroy
- InitCommonControlsEx
- ImageList_AddMasked
msvcrt.dll
- wcslen
- _XcptFilter
- __dllonexit
- __p__commode
- __p__fmode
- __set_app_type
- __setusermatherr
- __wgetmainargs
- _adjust_fdiv
- _c_exit
- _cexit
- _controlfp
- _except_handler3
- _exit
- _initterm
- _onexit
- _purecall
- _snwprintf
- _wcmdln
- _wcsicmp
- _wcsnicmp
- exit
- wcscat
- wcscmp
- wcscpy
IMM32.dll
- ImmDisableIME

PE Resources

{u'lang': u'LANG_NEUTRAL', u'name': u'MAD', u'offset': 370864, u'sha256': u'a22abdb37c6ee8509574c60d5ed0b01bccc3501969b76b5ba4d50ff11597c0d9', u'type': u'data', u'size': 20}

{u'lang': u'LANG_NEUTRAL', u'name': u'MAD', u'offset': 370888, u'sha256': u'57a48b81b376f6b172e6493a0c152b3cc4af2848ba29379b3011951d299da01a', u'type': u'data', u'size': 20812}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 391704, u'sha256': u'79b57981370a365630c38347a72faae39178f2a966f3255f86d4d1093b680dbc', u'type': u'dBase IV DBT, block length 4096, next free block index 40, next free block 0, next used block 0', u'size': 4136}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 395840, u'sha256': u'3a77f0b86773d8e38579de4dde3e4653bdcb511c8356d0da3f308d2bc4058d85', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1064}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 396904, u'sha256': u'8508136dfa1d6d0c5f83ac380e3135a082ac51c1569169334fd1cf77e88b47eb', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1064}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 397968, u'sha256': u'6e02c6e2d9e4d7b1ee9e9447ad9092ade890923991299620fa3ecb6576e0b80c', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1064}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 399032, u'sha256': u'ade53dffb0f3cdfef249a1dba71227bd8f61102aa2860f07e11b268aeadfafdf', u'type': u'dBase IV DBT, block length 4096, next free block index 40, next free block 0, next used block 0', u'size': 4136}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 403168, u'sha256': u'fc1664a227956d727418bfbef2aa7c93aca65b135f04e42378411424ebae5f11', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1064}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 404232, u'sha256': u'c62165726722a9bf988f39ac1aa95366766c2af4eff9f25fc662d4548c440bcd', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1064}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 405296, u'sha256': u'fb7edb68625e48b2265ee382e1e56eddda1c0d2d8a7cd0da7663d892d29b7da2', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1064}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 406360, u'sha256': u'4e97f521449f95b5e0b395db0eb8b87d92e66a76948bb267431cdee3cf24a8a0', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1064}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 407424, u'sha256': u'f060483634c2e364d9cc6cd256a8b5adbdd4cbcf1ae890da65274915c4d5ab2a', u'type': u'dBase IV DBT, block length 4096, next free block index 40, next free block 0, next used block 0', u'size': 4136}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_BITMAP', u'offset': 411560, u'sha256': u'30ad678fa5f9840550fa060ca4fa2599849c0ced2839daac9b0a3c7f7e92cf80', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1064}

{u'lang': u'LANG_CHINESE', u'name': u'RT_ICON', u'offset': 451496, u'sha256': u'a94f3eae5b9ad7fc0c9ad2b74ca775f72505adb104eb20d413b35ba88b98cb6c', u'type': u'data', u'size': 2217}

{u'lang': u'LANG_CHINESE', u'name': u'RT_ICON', u'offset': 453720, u'sha256': u'da0359262ac75d0afbb3de3aa7713c631509fc1e96ee431db25d54ce683dfc19', u'type': u'data', u'size': 1736}

{u'lang': u'LANG_CHINESE', u'name': u'RT_ICON', u'offset': 455456, u'sha256': u'a37c109e095c6e08e243c3ee9ddc729f376470374de52c2f721a241753e621c2', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 458664, u'sha256': u'ca1a224b0a01ec8fa7f0c2b3f7081fdd76c0ac9f60bed5a2d695d6414c2daf60', u'type': u'data', u'size': 582}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 459248, u'sha256': u'b0468f892ac62fb3d94cdb4c9359ca8fb20f75fa3f85658506c18c780ec41feb', u'type': u'data', u'size': 880}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 460128, u'sha256': u'6a65302c89c7ba229f1b21b3daa3b991c648234cc5c027a1492220c2f2370f09', u'type': u'data', u'size': 266}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 460400, u'sha256': u'c6ec1e31e5a3b39db364ef98b5f44727eb821481518601e0d62a61a597231363', u'type': u'data', u'size': 204}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 460608, u'sha256': u'd73479e1eaa6a8f97c82b597e2184dc24167b1663d17924f550b35c684c46124', u'type': u'data', u'size': 566}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 461176, u'sha256': u'6b96d88f3182ca0a51213c6378b452178c3d17ab9eb99516f862f306a1efe878', u'type': u'data', u'size': 980}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 462160, u'sha256': u'cb7dedaebad394640a5aa87950b89368a2e4fe11941b75717de27701890865c8', u'type': u'data', u'size': 796}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 412624, u'sha256': u'677245e2a6b2eb5495b4965b8c26025a4b26e8b8c21a825f658cb390b493b9a0', u'type': u'data', u'size': 33512}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 446136, u'sha256': u'88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610', u'type': u'Sendmail frozen configuration ', u'size': 16}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 446152, u'sha256': u'7897c32507b4982280a72489c545de7228061dab0be4f3a903bc45f6d3411e89', u'type': u'data', u'size': 580}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 446736, u'sha256': u'7ff0b5c1677be36127872446d06f9b2cfd44792e07f2e0b32691751291c5d793', u'type': u"Delphi compiled form 'TMadExcept'", u'size': 2680}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 449416, u'sha256': u'6535aff16f7dbc6e9de5441e7d8c37c05b5561ca35133207371910806886e460', u'type': u"Delphi compiled form 'TMEContactForm'", u'size': 846}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 450264, u'sha256': u'3ac3b9b5ce96065d66e43a39cfd94a2537f1fe814b207a91e98809233c08788f', u'type': u"Delphi compiled form 'TMEDetailsForm'", u'size': 552}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 450816, u'sha256': u'59969b70b6bc055a7e1bc5e8162e9689972d3c76af959d22ded3bdad37088810', u'type': u"Delphi compiled form 'TMEScrShotForm'", u'size': 675}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_RCDATA', u'offset': 457096, u'sha256': u'57c2e5664a7397eab29502b4a13024d8aa81ab6c54037d808030bc994bd05cce', u'type': u'exported SGML document, ASCII text, with CRLF line terminators', u'size': 1564}

{u'lang': u'LANG_CHINESE', u'name': u'RT_GROUP_ICON', u'offset': 456840, u'sha256': u'881824ef0c1b86bc95fee30f24eba14ed0728264013fdb13e44bca0c935e6028', u'type': u'MS Windows icon resource - 3 icons, 32x32', u'size': 48}

{u'lang': u'LANG_DUTCH', u'name': u'RT_VERSION', u'offset': 456888, u'sha256': u'a613afcf7d6ca3984e9e15e00b78bc91aa9e1a9c2587686553dfb2b24005922f', u'type': u'data', u'size': 202}

File Name: 2

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 0dddca0add163af6238f2b68bc25a88ada1f35d5

MD5: cc52ba8f6f250704f6ed9139a242382f