PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report

File Structure:
PE chart code: - The executable header is displayed in light blue. - The executable sections are pink. - Non-executable sections are black. - Code added to executables externally to a compiler appears in red. Chart code for other files: - Printable characters are blue. - Non-printable characters (Null Bytes) are black.

Information:

Icon:

Size: 5,44 MB
SHA-256 Hash: CBAC338A7470217C622CE0E4B25F21409FBB6E0DE34DFA20D87ADDE16AF5DA5B
SHA-1 Hash: BE5C8B087ABC0F221ACD6125082420BC8A8FB988
MD5 Hash: 65AC6667BAA1EFA3B94CF235E6708757
Imphash: 3996C130368DB844727837BFC553D566
MajorOSVersion: 5
CheckSum: 005753B0
EntryPoint (rva): 41868C
SizeOfHeaders: 400
SizeOfImage: 594000
ImageBase: 400000
Architecture: x86
ExportTable: 464000
ImportTable: 45F000
Characteristics: 81AE
TimeDateStamp: 66801F86
Date: 29/06/2024 14:51:50
File Type: EXE
Number Of Sections: 11
ASLR: Enabled
Section Names: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsrc
Number Of Executable Sections: 2
Subsystem: Windows GUI

Sections Info:

Section Name	Flags	ROffset	RSize	VOffset	VSize
.text	60000020 (Executable)	400	414A00	1000	41493C
.itext	60000020 (Executable)	414E00	2800	416000	2754
.data	C0000040 (Writeable)	417600	25A00	419000	25840
.bss	C0000000 (Writeable)	0	0	43F000	1F6A8
.idata	C0000040 (Writeable)	43D000	3A00	45F000	38FE
.didata	C0000040 (Writeable)	440A00	E00	463000	D0A
.edata	40000040	441800	200	464000	9D
.tls	C0000000 (Writeable)	0	0	465000	5C
.rdata	40000040	441A00	200	466000	5D
.reloc	42000040	441C00	5CC00	467000	5CB80
.rsrc	40000040	49E800	CFC00	4C4000	CFC00

Description:

InternalName: Proxy Server
OriginalFilename: proxyserver.exe
CompanyName: VOVSOFT
LegalCopyright: VOVSOFT
LegalTrademarks: VOVSOFT
ProductName: Proxy Server
FileVersion: 1.1.0.0

Entry Point:

The section number (2) - (.itext) have the Entry Point
Information -> EntryPoint (calculated) - 41748C
Code -> 558BEC83C4F0B850AB8000E8F089BFFF68008781006A006A00E816D0BFFFA148E283008B00E89A0EE3FFA148E283008B00B2
• PUSH EBP
• MOV EBP, ESP
• ADD ESP, -0X10
• MOV EAX, 0X80AB50
• CALL 0XFFBF9A00
• PUSH 0X818700
• PUSH 0
• PUSH 0
• CALL 0XFFBFE034
• MOV EAX, DWORD PTR [0X83E248]
• MOV EAX, DWORD PTR [EAX]
• CALL 0XFFE31EC4
• MOV EAX, DWORD PTR [0X83E248]
• MOV EAX, DWORD PTR [EAX]

Signatures:

Certificate - Digital Signature:
• The file is signed and the signature is correct

Packer/Compiler:

Detect It Easy (die)
• PE: compiler: Embarcadero Delphi(10.3 Rio)[-]
• PE: linker: Turbo Linker(2.25*,Delphi)[EXE32,signed]
• PE: Sign tool: Windows Authenticode(2.0)[PKCS 7]
• Entropy: 6.5733

Suspicious Functions:

Library	Function	Description
KERNEL32.DLL	CreateMutexW	Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	LoadLibraryW	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.
USER32.DLL	GetAsyncKeyState	Retrieves the status of a virtual key asynchronously.
SHELL32.DLL	ShellExecuteW	Performs a run operation on a specific file.

Windows REG (UNICODE):

Software\Embarcadero\Locales
Software\CodeGear\Locales
Software\Borland\Locales
Software\Borland\Delphi\Locales
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
SOFTWARE\Microsoft\Cryptography
SOFTWARE\Microsoft\VS\ServiceModules\
SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
System\CurrentControlSet\Control\Keyboard Layouts\%.8x

File Access:

proxyserver.exe
TTask.Exe
TTask.Exe
Crypt32.dll
Shcore.dll
shell32.dll
DWMAPI.DLL
imm32.dll
uxtheme.dll
windowscodecs.dll
advapi32.dll
kernel32.dll
msimg32.dll
user32.dll
wtsapi32.dll
gdi32.dll
ole32.dll
SHFolder.dll
winhttp.dll
msvcrt.dll
netapi32.dll
oleaut32.dll
version.dll
comctl32.dll
oleacc.dll
winmm.dll
DWinapi.MsI
Winapi.PenInputPanelWinapi.MsI
System.Sys
dSystem.Sys
SysInitSystem.RTLConstsSystem.TypInfoSystem.RttiSystem.Sys
System.Net.URLClientSystemSystem.Generics.DefaultsSystem.Generics.CollectionsSystem.Sys
System.Sys
?System.Sys
System.Ini
System.Ini
Temp

File Access (UNICODE):

fujixerox.doc
lang.txt
kernel32.dll
Msctf.dll
comctl32.dll
user32.dll
libeay32.dll
ssleay32.dll
GetLogicalProcessorInformationkernel32.dll
oleaut32.dll
ole32.dll
imm32.dll
Wship6.dll
Fwpuclnt.dll
IdnDL.dll
Normaliz.dll
iphlpapi.dll
libssl32.dll
secur32.dll
security.dll
Kernel32.dll
winhttp.dll
proxyserver.exe
notepad.exe
start.bat
license.txt
key.txt
\*lang.txt
settings.ini
wordprocessingml.doc
ms-word.doc
Temp

Interest's Words:

JFIF
ToolBar
Encrypt
Decrypt
Encryption
PassWord
exec
attrib
start
pause
cipher
hostname
shutdown
systeminfo
ping
expand
regini
replace
setx

Interest's Words (UNICODE):

ToolBar
Encrypt
Decrypt
Encryption
PassWord
exec
attrib
start
cipher
hostname
shutdown
certreq
ping
expand
replace
route

URLs:

http://vovsoft.com/ParentCustomHint
http://www.iec.ch
http://www.w3.org/1999/02/22-rdf-syntax-ns
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceRef
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings
http://ccsca2021.crl.certum.pl/ccsca2021.crl
http://ccsca2021.ocsp-certum.com
http://repository.certum.pl/ccsca2021.cer
http://crl.certum.pl/ctnca2.crl
http://subca.ocsp-certum.com
http://repository.certum.pl/ctnca2.cer
http://www.cer
http://crl.certum.pl/ctsca2021.crl
http://repository.certum.pl/ctsca2021.cer
http://crl.certum.pl/ctnca.crl
http://repository.certum.pl/ctnca.cer
https://vovsoft.com/translation/Align
https://www.cer

URLs (UNICODE):

http://direct:80
http://vovsoft.com
http://vovsoft.com/blog/how-to-activate-using-license-key/
http://vovsoft.com/
http://vovsoft.com/blog/how-to-uninstall-vovsoft-software/
http://vovsoft.com/help/
http://www.indyproject.org/Original Author - Gregor Ibic
https://vovsoft.com/blog/credits-and-acknowledgements/
https://vovsoft.com/translation/

IP Addresses:

127.0.0.1
255.255.255.255

Strings/Hex Code Found With The File Rules:

• Rule Text (Unicode): WinAPI Sockets (WSACleanup)
• Rule Text (Ascii): WinAPI Sockets (bind)
• Rule Text (Unicode): WinAPI Sockets (bind)
• Rule Text (Ascii): WinAPI Sockets (listen)
• Rule Text (Unicode): WinAPI Sockets (listen)
• Rule Text (Ascii): WinAPI Sockets (accept)
• Rule Text (Unicode): WinAPI Sockets (accept)
• Rule Text (Ascii): WinAPI Sockets (connect)
• Rule Text (Unicode): WinAPI Sockets (connect)
• Rule Text (Unicode): WinAPI Sockets (recv)
• Rule Text (Ascii): WinAPI Sockets (send)
• Rule Text (Unicode): WinAPI Sockets (send)
• Rule Text (Ascii): Registry (RegCreateKeyEx)
• Rule Text (Ascii): Registry (RegOpenKeyEx)
• Rule Text (Ascii): Registry (RegSetValueEx)
• Rule Text (Ascii): Registry (RegDeleteKeyEx)
• Rule Text (Ascii): File (GetTempPath)
• Rule Text (Ascii): File (CreateFile)
• Rule Text (Ascii): File (WriteFile)
• Rule Text (Ascii): File (ReadFile)
• Rule Text (Ascii): Anti-Analysis VM (IsDebuggerPresent)
• Rule Text (Ascii): Anti-Analysis VM (GetSystemInfo)
• Rule Text (Ascii): Anti-Analysis VM (GetVersion)
• Rule Text (Ascii): Stealth (VirtualAlloc)
• Rule Text (Ascii): Stealth (VirtualProtect)
• Rule Text (Ascii): Execution (ShellExecute)
• Rule Text (Ascii): Execution (ResumeThread)
• Rule Text (Unicode): Antivirus Software (etrust)
• Rule Text (Ascii): Antivirus Software (panda)
• Rule Text (Unicode): Keyboard Key (Alt+)
• Rule Text (Ascii): Keyboard Key (Scroll)
• Rule Text (Unicode): Keyboard Key (Scroll)
• Rule Text (Unicode): Keyboard Key (UpArrow)
• Rule Text (Ascii): Keyboard Key (PageDown)
• Rule Text (Ascii): Keyboard Key (PageUp)
• Rule Text (Ascii): Information used to authenticate a users identity (Credential)
• Rule Text (Unicode): Information used to authenticate a users identity (Credential)
• Rule Text (Ascii): Ability of malware to remain on a system after a reboot (Persistence)
• Rule Text (Ascii): Process of gathering information about network resources (Enumeration)
• Rule Text (Ascii): Information used for user authentication (Credential)
• Rule Text (Unicode): Information used for user authentication (Credential)
• Rule Text (Ascii): Unauthorized movement of funds or data (Transfer)
• Rule Text (Unicode): Unauthorized movement of funds or data (Transfer)
• Rule Text (Ascii): Malicious rerouting of traffic to an attacker-controlled site (Redirect)
• Rule Text (Ascii): Technique used to capture communications between systems (Intercept)
• Rule Text (Unicode): Technique used to capture communications between systems (Intercept)
• EP Rules: BobSoft Mini Delphi -> BoB / BobSoft
• EP Rules: Borland Delphi 4.0
• EP Rules: Borland Delphi v6.0 - v7.0
• EP Rules: Microsoft Visual C++ 8
• EP Rules: Microsoft Visual C++ 8.0
• EP Rules: TrueVision Targa Graphics format

Resources:

Path	DataRVA	Size	FileOffset	Code	Text
\CURSOR\1\1033	4C5608	134	49FE08	070001002800000020000000400000000100010000000000000200000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\2\1033	4C573C	134	49FF3C	000000002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\3\1033	4C5870	134	4A0070	000000002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\4\1033	4C59A4	134	4A01A4	0E000C002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\5\1033	4C5AD8	134	4A02D8	10000E002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\6\1033	4C5C0C	134	4A040C	000000002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\7\1033	4C5D40	134	4A0540	020002002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\BITMAP\BBABORT\1033	4C5E74	1D0	4A0674	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBALL\1033	4C6044	1E4	4A0844	28000000240000001300000001000400000000007C0100000000000000000000100000000000000000000000000080000080	(...$...............\|.............................
\BITMAP\BBCANCEL\1033	4C6228	1D0	4A0A28	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBCLOSE\1033	4C63F8	1D0	4A0BF8	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBHELP\1033	4C65C8	1D0	4A0DC8	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBIGNORE\1033	4C6798	1D0	4A0F98	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBNO\1033	4C6968	1D0	4A1168	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBOK\1033	4C6B38	1D0	4A1338	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBRETRY\1033	4C6D08	1D0	4A1508	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBYES\1033	4C6ED8	1D0	4A16D8	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\PREVIEWGLYPH\1033	4C70A8	E8	4A18A8	2800000010000000100000000100040000000000800000000000000000000000000000000000000000000000000080000080	(.................................................
\BITMAP\SPINDOWN\1033	4C7190	98	4A1990	2800000009000000060000000100040000000000300000000000000000000000100000001000000000000000000080000080	(...................0.............................
\BITMAP\SPINUP\1033	4C7228	98	4A1A28	2800000009000000060000000100040000000000300000000000000000000000100000001000000000000000000080000080	(...................0.............................
\ICON\1\1033	4C72C0	2E8	4A1AC0	2800000020000000400000000100040000000000800200000000000000000000100000000000000000000000000080000080	(... ...@.........................................
\ICON\2\1033	4C75A8	128	4A1DA8	2800000010000000200000000100040000000000C00000000000000000000000100000000000000000000000000080000080	(....... .........................................
\ICON\3\1033	4C76D0	EA8	4A1ED0	2800000030000000600000000100080000000000800A000000000000000000000001000000000000000000003F3429004035	(...0......................................?4).@5
\ICON\4\1033	4C8578	8A8	4A2D78	28000000200000004000000001000800000000008004000000000000000000000001000000000000000000003F3429004035	(... ...@...................................?4).@5
\ICON\5\1033	4C8E20	568	4A3620	280000001000000020000000010008000000000040010000000000000000000000010000000000000000000044392E004A3F	(....... ...........@.......................D9..J?
\ICON\6\1033	4C9388	3411	4A3B88	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000033D84944415478DAED9D07801CC595	.PNG........IHDR.............\r.f..3.IDATx........
\ICON\7\1033	4CC79C	4228	4A6F9C	2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000	(...@......... ......B............................
\ICON\8\1033	4D09C4	25A8	4AB1C4	2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000	(...0........ ......%............................
\ICON\9\1033	4D2F6C	1A68	4AD76C	2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000	(...(...P..... .....@.............................
\ICON\10\1033	4D49D4	10A8	4AF1D4	2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\11\1033	4D5A7C	988	4B027C	2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000	(.......0..... ..................................
\ICON\12\1033	4D6404	6B8	4B0C04	2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000007FFF0200DF	(.......(..... ...................................
\ICON\13\1033	4D6ABC	468	4B12BC	280000001000000020000000010020000000000040040000000000000000000000000000000000000000000000E5FF1400E1	(....... ..... .....@.............................
\DIALOG\DLGTEMPLATE\0	4D6F24	52	4B1724	44040054000000000100000000003C014C0000000000000008004D0053002000530061006E00730020005300650072006900660000000000000002400000000000000000CC004C005F04FFFF820000000000	D..T..........<.L.........M.S. .S.a.n.s. .S.e.r.i.f........@..........L._.........
\DIALOG\TEXTFILEDLG\0	4D6F78	52	4B1778	44040054000000000100000000003C014C0000000000000008004D0053002000530061006E007300200053006500720069006600000000000000024000000000000000003C0137005F04FFFF820000000000	D..T..........<.L.........M.S. .S.a.n.s. .S.e.r.i.f........@........<.7._.........
\STRING\4050\0	4D6FCC	328	4B17CC	1B004500720072006F0072002000720065006100640069006E006700200064006100740061003A0020002800250064002900	..E.r.r.o.r. .r.e.a.d.i.n.g. .d.a.t.a.:. .(.%.d.).
\STRING\4051\0	4D72F4	434	4B1AF4	2C004D006100780069006D0075006D0020006E0075006D0062006500720020006F0066002000720065006400690072006500	,.M.a.x.i.m.u.m. .n.u.m.b.e.r. .o.f. .r.e.d.i.r.e.
\STRING\4052\0	4D7728	734	4B1F28	6F0053006F006D00650020006F007000650072006100740069006F006E00200063006F0075006C00640020006E006F007400	o.S.o.m.e. .o.p.e.r.a.t.i.o.n. .c.o.u.l.d. .n.o.t.
\STRING\4053\0	4D7E5C	B38	4B265C	5B0043006F0075006C00640020006E006F00740020006400650063006F006D00700072006500730073002000740068006500	[.C.o.u.l.d. .n.o.t. .d.e.c.o.m.p.r.e.s.s. .t.h.e.
\STRING\4054\0	4D8994	6A0	4B3194	2D00540068006500200072006500710075006900720065006400200073006500630075007200690074007900200063006F00	-.T.h.e. .r.e.q.u.i.r.e.d. .s.e.c.u.r.i.t.y. .c.o.
\STRING\4055\0	4D9034	1158	4B3834	A300540068006500200073006D00610072007400630061007200640020006300650072007400690066006900630061007400	..T.h.e. .s.m.a.r.t.c.a.r.d. .c.e.r.t.i.f.i.c.a.t.
\STRING\4056\0	4DA18C	960	4B498C	710054006800650020006F007400680065007200200065006E00640020006F00660020007400680065002000730065006300	q.T.h.e. .o.t.h.e.r. .e.n.d. .o.f. .t.h.e. .s.e.c.
\STRING\4057\0	4DAAEC	994	4B52EC	3800540068006500200063006C006F0063006B00730020006F006E002000740068006500200063006C00690065006E007400	8.T.h.e. .c.l.o.c.k.s. .o.n. .t.h.e. .c.l.i.e.n.t.
\STRING\4058\0	4DB480	928	4B5C80	430054006800650020006D0065007300730061006700650020006F00720020007300690067006E0061007400750072006500	C.T.h.e. .m.e.s.s.a.g.e. .o.r. .s.i.g.n.a.t.u.r.e.
\STRING\4059\0	4DBDA8	688	4B65A8	14005300750063006300650073007300660075006C006C0020004100500049002000630061006C006C0037004E006F007400	..S.u.c.c.e.s.s.f.u.l.l. .A.P.I. .c.a.l.l.7.N.o.t.
\STRING\4060\0	4DC430	1E8	4B6C30	16004D006F0064006500200068006100730020006E006F00740020006200650065006E0020007300650074002E001B004300	..M.o.d.e. .h.a.s. .n.o.t. .b.e.e.n. .s.e.t.....C.
\STRING\4061\0	4DC618	4EC	4B6E18	2B0045004F004600200077006100730020006F00620073006500720076006500640020007400680061007400200076006900	+.E.O.F. .w.a.s. .o.b.s.e.r.v.e.d. .t.h.a.t. .v.i.
\STRING\4062\0	4DCB04	400	4B7304	0E004E006F0074002000410063006300650070007400610062006C006500100055006E006B006E006F0077006E0020005000	..N.o.t. .A.c.c.e.p.t.a.b.l.e...U.n.k.n.o.w.n. .P.
\STRING\4063\0	4DCF04	408	4B7704	240042007500660066006500720020007400650072006D0069006E00610074006F00720020006D0075007300740020006200	$.B.u.f.f.e.r. .t.e.r.m.i.n.a.t.o.r. .m.u.s.t. .b.
\STRING\4064\0	4DD30C	440	4B7B0C	1A004F0062006A006500630074002000740079007000650020006E006F007400200073007500700070006F00720074006500	..O.b.j.e.c.t. .t.y.p.e. .n.o.t. .s.u.p.p.o.r.t.e.
\STRING\4065\0	4DD74C	34C	4B7F4C	1D0053006F0063006B0073002000730065007200760065007200200064006900640020006E006F0074002000720065007300	..S.o.c.k.s. .s.e.r.v.e.r. .d.i.d. .n.o.t. .r.e.s.
\STRING\4066\0	4DDA98	4A0	4B8298	2400430061006E0020006E006F0074002000620069006E006400200069006E00200070006F00720074002000720061006E00	$.C.a.n. .n.o.t. .b.i.n.d. .i.n. .p.o.r.t. .r.a.n.
\STRING\4067\0	4DDF38	370	4B8738	1C0053006F0063006B0065007400200069007300200061006C0072006500610064007900200063006F006E006E0065006300	..S.o.c.k.e.t. .i.s. .a.l.r.e.a.d.y. .c.o.n.n.e.c.
\STRING\4068\0	4DE2A8	390	4B8AA8	11004D00650073007300610067006500200074006F006F0020006C006F006E0067002E001F00500072006F0074006F006300	..M.e.s.s.a.g.e. .t.o.o. .l.o.n.g.....P.r.o.t.o.c.
\STRING\4069\0	4DE638	27C	4B8E38	0A0043006F006E006E00650063007400650064002E000E0044006900730063006F006E006E0065006300740069006E006700	..C.o.n.n.e.c.t.e.d.....D.i.s.c.o.n.n.e.c.t.i.n.g.
\STRING\4070\0	4DE8B4	3C8	4B90B4	0D0049006E00760061006C006900640020006F0077006E00650072001D005200690063006800450064006900740020006C00	..I.n.v.a.l.i.d. .o.w.n.e.r...R.i.c.h.E.d.i.t. .l.
\STRING\4071\0	4DEC7C	454	4B947C	14005300740079006C0065002000270025007300270020006E006F007400200066006F0075006E0064001A00530074007900	..S.t.y.l.e. .'.%.s.'. .n.o.t. .f.o.u.n.d...S.t.y.
\STRING\4072\0	4DF0D0	3B0	4B98D0	B7004E006F00200041006300740069006F006E00420061006E00640020007300740079006C006500200075006E0069007400	..N.o. .A.c.t.i.o.n.B.a.n.d. .s.t.y.l.e. .u.n.i.t.
\STRING\4073\0	4DF480	480	4B9C80	6500430061006E006E006F0074002000610073007300690067006E002000610020007300750062006900740065006D002000	e.C.a.n.n.o.t. .a.s.s.i.g.n. .a. .s.u.b.i.t.e.m. .
\STRING\4074\0	4DF900	400	4BA100	1900430061006E006E006F00740020006F00700065006E00200063006C006900700062006F006100720064003A0020002500	..C.a.n.n.o.t. .o.p.e.n. .c.l.i.p.b.o.a.r.d.:. .%.
\STRING\4075\0	4DFD00	158	4BA500	030045006E006400040048006F006D00650004004C0065006600740002005500700005005200690067006800740004004400	..E.n.d...H.o.m.e...L.e.f.t...U.p...R.i.g.h.t...D.
\STRING\4076\0	4DFE58	D4	4BA658	0600430061006E00630065006C0005002600480065006C00700006002600410062006F007200740006002600520065007400	..C.a.n.c.e.l...&.H.e.l.p...&.A.b.o.r.t...&.R.e.t.
\STRING\4077\0	4DFF2C	194	4BA72C	0400260041006C006C001200430061006E006E006F0074002000640072006100670020006100200066006F0072006D000900	..&.A.l.l...C.a.n.n.o.t. .d.r.a.g. .a. .f.o.r.m...
\STRING\4078\0	4E00C0	294	4BA8C0	1A005000720069006E00740065007200200069006E0064006500780020006F007500740020006F0066002000720061006E00	..P.r.i.n.t.e.r. .i.n.d.e.x. .o.u.t. .o.f. .r.a.n.
\STRING\4079\0	4E0354	3AC	4BAB54	1B004500720072006F00720020006300720065006100740069006E0067002000770069006E0064006F007700200063006C00	..E.r.r.o.r. .c.r.e.a.t.i.n.g. .w.i.n.d.o.w. .c.l.
\STRING\4080\0	4E0700	3C4	4BAF00	2100430061006E006E006F00740020006300680061006E006700650020007400680065002000730069007A00650020006F00	!.C.a.n.n.o.t. .c.h.a.n.g.e. .t.h.e. .s.i.z.e. .o.
\STRING\4081\0	4E0AC4	464	4BB2C4	1E0049006E00760061006C00690064002000740069006D00650020004F006600660073006500740020007300740072006900	..I.n.v.a.l.i.d. .t.i.m.e. .O.f.f.s.e.t. .s.t.r.i.
\STRING\4082\0	4E0F28	400	4BB728	1300570069006E0064006F00770073002000530065007200760065007200200032003000300033001600570069006E006400	..W.i.n.d.o.w.s. .S.e.r.v.e.r. .2.0.0.3...W.i.n.d.
\STRING\4083\0	4E1328	3A0	4BBB28	350049006E00730075006600660069006300690065006E00740020005200540054004900200061007600610069006C006100	5.I.n.s.u.f.f.i.c.i.e.n.t. .R.T.T.I. .a.v.a.i.l.a.
\STRING\4084\0	4E16C8	378	4BBEC8	1300560061006C00750065002000630061006E006E006F00740020006200650020004E0061004E0033004E00650067006100	..V.a.l.u.e. .c.a.n.n.o.t. .b.e. .N.a.N.3.N.e.g.a.
\STRING\4085\0	4E1A40	65C	4BC240	72004800690067006800200073007500720072006F0067006100740065002000630068006100720020007700690074006800	r.H.i.g.h. .s.u.r.r.o.g.a.t.e. .c.h.a.r. .w.i.t.h.
\STRING\4086\0	4E209C	568	4BC89C	190054006800720065006100640020006300720065006100740069006F006E0020006500720072006F0072003A0020002500	..T.h.r.e.a.d. .c.r.e.a.t.i.o.n. .e.r.r.o.r.:. .%.
\STRING\4087\0	4E2604	394	4BCE04	1D004C00690073007400200063006F0075006E00740020006F007500740020006F006600200062006F0075006E0064007300	..L.i.s.t. .c.o.u.n.t. .o.u.t. .o.f. .b.o.u.n.d.s.
\STRING\4088\0	4E2998	3F4	4BD198	450043006800650063006B00530079006E006300680072006F006E0069007A0065002000630061006C006C00650064002000	E.C.h.e.c.k.S.y.n.c.h.r.o.n.i.z.e. .c.a.l.l.e.d. .
\STRING\4089\0	4E2D8C	394	4BD58C	080053006100740075007200640061007900140049006E00760061006C0069006400200073006F0075007200630065002000	..S.a.t.u.r.d.a.y...I.n.v.a.l.i.d. .s.o.u.r.c.e. .
\STRING\4090\0	4E3120	CC	4BD920	07004F00630074006F0062006500720008004E006F00760065006D00620065007200080044006500630065006D0062006500	..O.c.t.o.b.e.r...N.o.v.e.m.b.e.r...D.e.c.e.m.b.e.
\STRING\4091\0	4E31EC	B0	4BD9EC	03004A0075006E0003004A0075006C000300410075006700030053006500700003004F006300740003004E006F0076000300	..J.u.n...J.u.l...A.u.g...S.e.p...O.c.t...N.o.v...
\STRING\4092\0	4E329C	2C0	4BDA9C	170049006E00740065007200660061006300650020006E006F007400200073007500700070006F0072007400650064001C00	..I.n.t.e.r.f.a.c.e. .n.o.t. .s.u.p.p.o.r.t.e.d...
\STRING\4093\0	4E355C	43C	4BDD5C	190049006E00760061006C00690064002000760061007200690061006E00740020006F007000650072006100740069006F00	..I.n.v.a.l.i.d. .v.a.r.i.a.n.t. .o.p.e.r.a.t.i.o.
\STRING\4094\0	4E3998	32C	4BE198	0D0043006F006E00740072006F006C002D00430020006800690074001600500072006900760069006C006500670065006400	..C.o.n.t.r.o.l.-.C. .h.i.t...P.r.i.v.i.l.e.g.e.d.
\STRING\4095\0	4E3CC4	2E8	4BE4C4	1200460069006C00650020006100630063006500730073002000640065006E00690065006400170052006500610064002000	..F.i.l.e. .a.c.c.e.s.s. .d.e.n.i.e.d...R.e.a.d. .
\STRING\4096\0	4E3FAC	34C	4BE7AC	09003C0075006E006B006E006F0077006E003E002100270025007300270020006900730020006E006F007400200061002000	..<.u.n.k.n.o.w.n.>.!.'.%.s.'. .i.s. .n.o.t. .a. .
\RCDATA\DVCLAL\0	4E42F8	10	4BEAF8	A28CDF987B3C3A7926713F090F2A2517	....{<:y&q?..*%.
\RCDATA\PACKAGEINFO\0	4E4308	1060	4BEB08	000010CC00000000F1000000016C70726F787973657276657200100F4964436D645443505365727665720010185379737465	.............lproxyserver...IdCmdTCPServer...Syste
\RCDATA\PLATFORMTARGETS\1033	4E5368	2	4BFB68	0100	..
\RCDATA\TABOUTBOX\0	4E536C	2355B	4BFB6C	54504630095441626F7574426F780841626F7574426F78044C65667403190103546F700315010B426F7264657249636F6E73	TPF0.TAboutBox.AboutBox.Left....Top....BorderIcons
\RCDATA\TADFORM\0	5088C8	2DB	4E30C8	5450463007544164466F726D064164466F726D044C656674020003546F7002000A416C706861426C656E64090F416C706861	TPF0.TAdForm.AdForm.Left...Top...AlphaBlend..Alpha
\RCDATA\TAPPFORM\0	508BA4	E46F	4E33A4	545046300854417070466F726D07417070466F726D044C656674020003546F7002000C436C69656E7448656967687403C201	TPF0.TAppForm.AppForm.Left...Top...ClientHeight...
\RCDATA\TFEEDBACKFORM\0	517014	3831	4F1814	545046300D54466565646261636B466F726D0C466565646261636B466F726D044C656674020003546F7002000B426F726465	TPF0.TFeedbackForm.FeedbackForm.Left...Top...Borde
\RCDATA\TNAGSCREEN\0	51A848	7CAE	4F5048	545046300A544E616753637265656E094E616753637265656E044C656674020003546F7002000B426F7264657249636F6E73	TPF0.TNagScreen.NagScreen.Left...Top...BorderIcons
\RCDATA\TNEWVER\0	5224F8	CF8	4FCCF8	5450463007544E6577566572064E6577566572044C656674020003546F70020006437572736F72070763724172726F770B42	TPF0.TNewVer.NewVer.Left...Top...Cursor..crArrow.B
\RCDATA\TTRANSLATEFORM\0	5231F0	6FD6C	4FD9F0	545046300E545472616E736C617465466F726D0D5472616E736C617465466F726D044C656674020003546F7002000B426F72	TPF0.TTranslateForm.TranslateForm.Left...Top...Bor
\GROUP_CURSOR\32761\1033	592F5C	14	56D75C	0000020001002000400001000100340100000100	...... .@.....4.....
\GROUP_CURSOR\32762\1033	592F70	14	56D770	0000020001002000400001000100340100000200	...... .@.....4.....
\GROUP_CURSOR\32763\1033	592F84	14	56D784	0000020001002000400001000100340100000300	...... .@.....4.....
\GROUP_CURSOR\32764\1033	592F98	14	56D798	0000020001002000400001000100340100000400	...... .@.....4.....
\GROUP_CURSOR\32765\1033	592FAC	14	56D7AC	0000020001002000400001000100340100000500	...... .@.....4.....
\GROUP_CURSOR\32766\1033	592FC0	14	56D7C0	0000020001002000400001000100340100000600	...... .@.....4.....
\GROUP_CURSOR\32767\1033	592FD4	14	56D7D4	0000020001002000400001000100340100000700	...... .@.....4.....
\GROUP_ICON\MAINICON\1033	592FE8	BC	56D7E8	000001000D002020100001000400E8020000010010101000010004002801000002003030000001000800A80E000003002020	...... ....................(.....00............
\VERSION\1\1033	5930A4	354	56D8A4	540334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000100	T.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033	5933F8	70B	56DBF8	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String:

• 1.1.0.0
• DEFAULT_CHARSET
• user32.dll
• kernel32.dll
• advapi32.dll
• 0.0.0.0
• .lang.txt
• chk.tmp
• http://vovsoft.com
• System.Net.HttpClient.Win
• .pfx
• ssleay32.dll
• libeay32.dll
• comctl32.dll
• ole32.dll
• uxtheme.dll
• .bss
• @.tls
• NTDLL.DLL
• oleaut32.dll
• 3TLoginCredentialService.TLoginCredentialEventObject:>HCreate
• FLoginFunc
• 'TLoginCredentialService.TLoginFuncProxy:EHCreate
• ALoginFunc
• TLoginCredentialServiceM
• ?HRegisterLoginHandler
• O?HUnregisterLoginHandler
• E@HGetLoginCredentialEvent0E
• XAHGetLoginCredentials
• HPBHGetLoginCredentials
• ZBHGetLoginCredentials
• jPEHGetLoginCredentials
• :\NCreate
• :\mNCreate
• .wmf
• TaskDialogIndirect
• Msctf.dll
• imm32.dll
• RICHED20.DLL
• LoginEvent
• bH\LoginEventUsrPw
• TCustomPanelX7\1VVcl.ExtCtrls
• MAPI32.DLL
• m:\"iCreate
• WS2_32.DLL
• MSWSOCK.DLL
• Wship6.dll
• Fwpuclnt.dll
• IdnDL.dll
• Normaliz.dll
• iphlpapi.dll
• 127.0.0.1
• 255.255.255.255
• 0.0.0.1
• .sid=audio/prs.sid
• .xwd=image/x-xwindowdump
• .fdf=application/vnd.fdf
• .pko=application/vnd.ms-pki.pko
• .rmf=application/vnd.rmf
• .stl=application/vnd.ms-pki.stl
• .wml=text/vnd.wap.wml
• EIdSocksSvrInvalidLogin
• nEIdSocksSvrInvalidLoginnpn
• default_passwd_callback
• default_passwd_callback_userdata
• libssl32.dll
• SSL_CTX_set_default_passwd_cb
• SSL_CTX_set_default_passwd_cb_userdata
• secur32.dll
• security.dll
• dump
• application/prs.cww
• application/vnd.accpac.simply.aso
• application/vnd.accpac.simply.imp
• application/vnd.adobe.fxp
• application/vnd.airzip.filesecure.azf
• application/vnd.airzip.filesecure.azs
• application/vnd.americandynamics.acc
• application/vnd.amiga.ami
• application/vnd.aristanetworks.swi
• application/vnd.bmi
• application/vnd.curl.car
• application/vnd.data-vision.rdz

Extra 4n4lysis:

Metric	Value	Percentage
Ascii Code	3365971	59,0024%
Null Byte Code	1123207	19,6888%
NOP Cave Found	0x9090909090	Block Count: 253 \| Total: 0,0111%