https://github.com/libyal/libexe/blob/master/documentation/Executable%20(EXE)%20file%20format.asciidoc#55-resource-data-types
I've done some digging on these values, and some unknown values actually seems to be the Windows Locale ID values.
For example, pwrshmsg.zip pwrshmsg.dll seems to have 1033 as a nameId on Byte 0x478, which corresponds to en-US.
In same way, the unknown value on the document seems to be ms-BN. Although this might need more research for confirmation, at least I think this gives a header to start.
https://ss64.com/locale.html I used this site to check for locale values, but pretty sure that a windows certified site would exist somewhere else.
BTW, your resources have been greatly helpful for Windows forensic. Thanks a lot!
https://github.com/libyal/libexe/blob/master/documentation/Executable%20(EXE)%20file%20format.asciidoc#55-resource-data-types
I've done some digging on these values, and some unknown values actually seems to be the Windows Locale ID values.
For example, pwrshmsg.zip pwrshmsg.dll seems to have 1033 as a nameId on Byte 0x478, which corresponds to en-US.
In same way, the unknown value on the document seems to be ms-BN. Although this might need more research for confirmation, at least I think this gives a header to start.
https://ss64.com/locale.html I used this site to check for locale values, but pretty sure that a windows certified site would exist somewhere else.
BTW, your resources have been greatly helpful for Windows forensic. Thanks a lot!