Manalyze report for 15254741ffe3cc840144f8c8404c889d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Sep-28 04:11:15
Detected languages	Chinese - PRC English - United States
CompanyName	3DMGAME
FileDescription	The Surge 2 v1.0-v20190927 Plus 13 Trainer
FileVersion	`1.0.0.1`
InternalName	The Surge 2 v1.0-v20190927 Plus 13 Trainer
LegalCopyright	FLiNG Copyright (C) 2019
OriginalFilename	The Surge 2 v1.0-v20190927 Plus 13 Trainer.exe
ProductName	The Surge 2 v1.0-v20190927 Plus 13 Trainer
ProductVersion	`1.0.679.1`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: virus` `Contains domain names: 3dmgame.com FLiNGTrainer.com bbs.3dmgame.com flingtrainer.com http://bbs.3dmgame.com http://bbs.3dmgame.com/thread- http://flingtrainer.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetOpenA InternetReadFile InternetOpenUrlA` `Enumerates local disk drives: GetDriveTypeW`
Malicious	The PE is possibly a dropper.	`Resource 110 detected as a PE Executable.` `Resource 101 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 13/67 (Scanned on 2022-03-13 19:37:36)	`K7AntiVirus: Unwanted-Program ( 0055d9971 )` `K7GW: Unwanted-Program ( 0055d9971 )` `Cyren: W64/Trojan.GKB.gen!Eldorado` `ESET-NOD32: a variant of Win64/GameHack.CT potentially unsafe` `ClamAV: Win.Dropper.GameHack-9917263-0` `McAfee-GW-Edition: BehavesLike.Win64.CoinMiner.th` `Sophos: 3DMGAME Trainer (PUA)` `AhnLab-V3: Unwanted/Win64.GameCheat.C4200600` `McAfee: Artemis!15254741FFE3` `Cylance: Unsafe` `SentinelOne: Static AI - Suspicious PE` `Fortinet: Riskware/GameHack` `CrowdStrike: win/grayware_confidence_60% (W)`

Hashes

MD5	`15254741ffe3cc840144f8c8404c889d`
SHA1	`343b999bb2b74767e82ba6d570e8b6d987a93116`
SHA256	`4e89c641629f065ba0bdfd74794a398a59a662c88287dcba8d58d518d5ea50ec`
SHA3	`3991bf7c36665ad91ac25a019beef4a9be55cd5ea6e69e85ea57386699e5734e`
SSDeep	`24576:t+1RT+AA01ZJ/7vcE5KoS1M9zvmo8mYLiDS:tA713jv7Kj1yzeF`
Imports Hash	`103f40c781cde79c1a4e9d31af227f24`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2019-Sep-28 04:11:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x69e00`
SizeOfInitializedData	`0xce600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000028838 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x13c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d2f7e5a34b1781cab8a48d5e121ab596`
SHA1	`cd4dd2a33dce4f747d488de37679b6da2f251c8a`
SHA256	`70b1a2b976648c330b61bc871ffe1229aafb90ad9d2f079fd5a195d0e8138fc4`
SHA3	`e09ace6ca159ac76148c12e563d604bec7db4b92dda1e536ddccb3e6be1bc79a`
VirtualSize	`0x69d44`
VirtualAddress	`0x1000`
SizeOfRawData	`0x69e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44127`

.rdata

MD5	`47af08478dce0035ebc5f8f59db947ab`
SHA1	`674af94662bb1a5bacd31026f0143cc212d530b9`
SHA256	`201ca9476643ce7407754630b5dea217d64be71f8a537823f8e4f555d7c4b14f`
SHA3	`4bed227df1b1f31bac420fa7ca2192e91c72203d2bc0bb43fd55b3afeaec4394`
VirtualSize	`0x2a8d0`
VirtualAddress	`0x6b000`
SizeOfRawData	`0x2aa00`
PointerToRawData	`0x6a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84878`

.data

MD5	`ece5347060cccabc982846c55e631932`
SHA1	`411e4ed5a9ab1cbc067567b75ed6d79fb114d0e9`
SHA256	`8f3f0efb893e549946754889d3e76446c65b4e3b33111b4a7d822b60c80dfff0`
SHA3	`c7c90ebaca6446812a10d7751ba0370204056c7c48a60df3016fa38e522b17a8`
VirtualSize	`0x57e4`
VirtualAddress	`0x96000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x94c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.26302`

.pdata

MD5	`2f8042a325f8e3c669e562a5b5851e73`
SHA1	`17fc3dbc9a854abd5320a87ce21c10c516e1cb04`
SHA256	`6a8a0a7c329248d13223d5a615b5af7b647df5da07c82493ef166152dffb55fd`
SHA3	`19fe05e580c1be27b29903282a58704fcd3613b7c5bc756f405cec2902a5902d`
VirtualSize	`0x5cdc`
VirtualAddress	`0x9c000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x97e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.7721`

.rsrc

MD5	`3eef91bb9e4f926f23abb43caa98e054`
SHA1	`bc208a51158b2bdb3103caf166777d859609f996`
SHA256	`348d04d3fae533d62422d09e04e612d5e8f9ddff13d6b5cfd1aaceb70177cae4`
SHA3	`04eff56c330bf742770190ce95c3d177cff0131d49fb0c1733e0400056fac819`
VirtualSize	`0x97110`
VirtualAddress	`0xa2000`
SizeOfRawData	`0x97200`
PointerToRawData	`0x9dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.26057`

.reloc

MD5	`d9e831ad4d58cf7c72542c40e14de944`
SHA1	`024c347734bb6ccdc04f31817f060d0768b0f2d5`
SHA256	`37539a19b457e00c114f42ee584983c658a6a64e970dd672f5f9f14c0e3bf09b`
SHA3	`3e5e655c8b7dd1a9c97e952d1a2e8411aff9464505c54e93af127a31f7f90579`
VirtualSize	`0x1334`
VirtualAddress	`0x13a000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x134e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.39253`

Imports

KERNEL32.dll	`UnmapViewOfFile` `Sleep` `CloseHandle` `LoadLibraryW` `GetProcAddress` `GetCurrentProcessId` `CreateFileMappingW` `MapViewOfFile` `ReadFile` `WritePrivateProfileStringW` `WriteFile` `CreateFileW` `GetModuleHandleA` `GetPrivateProfileStringW` `GetLastError` `LoadLibraryA` `WaitNamedPipeW` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `GetModuleHandleW` `GetModuleFileNameW` `GetFileAttributesW` `MultiByteToWideChar` `GetCurrentProcess` `FreeLibrary` `IsWow64Process` `SetLastError` `WaitForSingleObject` `ResumeThread` `CreateDirectoryW` `GetTempPathW` `WriteConsoleW` `HeapSize` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetTimeZoneInformation` `HeapReAlloc` `SetStdHandle` `GetFullPathNameW` `GetCurrentDirectoryW` `EnumSystemLocalesW` `GetUserDefaultLCID` `WideCharToMultiByte` `GetStringTypeW` `EnterCriticalSection` `LeaveCriticalSection` `TryEnterCriticalSection` `DeleteCriticalSection` `GetCurrentThreadId` `DuplicateHandle` `WaitForSingleObjectEx` `SwitchToThread` `GetCurrentThread` `GetExitCodeThread` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetTickCount` `EncodePointer` `DecodePointer` `QueryPerformanceCounter` `GetCPInfo` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `LocalFree` `CreateTimerQueue` `SetEvent` `SignalObjectAndWait` `CreateThread` `SetThreadPriority` `GetThreadPriority` `GetLogicalProcessorInformation` `CreateTimerQueueTimer` `ChangeTimerQueueTimer` `DeleteTimerQueueTimer` `GetNumaHighestNodeNumber` `GetProcessAffinityMask` `SetThreadAffinityMask` `RegisterWaitForSingleObject` `UnregisterWait` `GetThreadTimes` `FreeLibraryAndExitThread` `LoadLibraryExW` `GetVersionExW` `VirtualAlloc` `VirtualProtect` `VirtualFree` `ReleaseSemaphore` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `InterlockedFlushSList` `QueryDepthSList` `UnregisterWaitEx` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `ExitProcess` `GetModuleHandleExW` `GetDriveTypeW` `GetFileInformationByHandle` `GetFileType` `PeekNamedPipe` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `ExitThread` `GetStdHandle` `SetFilePointerEx` `HeapAlloc` `HeapFree` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `IsValidLocale`
USER32.dll	`MessageBoxA` `MessageBoxW`
SHELL32.dll	`SHGetFolderPathW`
OLEAUT32.dll	`SafeArrayAccessData` `SafeArrayCreateVector` `SafeArrayCreate` `SafeArrayUnaccessData` `SafeArrayDestroy`
mscoree.dll	`CLRCreateInstance` `CorBindToRuntime`
WININET.dll	`InternetOpenA` `InternetReadFile` `InternetOpenUrlA`
VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoW`
WINMM.dll	`PlaySoundW`

Delayed Imports

117

Type	`COVER`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x8071`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93306`
Detected Filetype	JPEG graphic file
MD5	`06111bf5b2ba3ebe7c16b567dbcad6e1`
SHA1	`b368897bdae779a0660bd073747b6da205ff7bb7`
SHA256	`1844d29fa43c21ddffcf7bcd9ef4eb2b7428fb63094893eacc53b0adc853ecb4`
SHA3	`071cf893cd4a23e7998295c4c9eb05ba50e25e519fc55b910aa4a7f0617435bb`

105

Type	`REMOTE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a54f0041a9e15b050f25c463f1db7449`
SHA1	`d9be6524a5f5047db5866813acf3277892a7a30a`
SHA256	`ad95131bc0b799c0b1af477fb14fcf26a6a9f76079e48bf090acb7e8367bfd0e`
SHA3	`904200c7d454fe3e8e1dfaa21b4e667f250cabd8f5730bd361feacf77fab1686`

110

Type	`REMOTE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x48600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.11324`
Detected Filetype	PE Executable
MD5	`b4bfe52ae82f6392d5ce7b2e18b923c8`
SHA1	`e86410c8a776ed8aa02308f825979e2ea8e5dc30`
SHA256	`ba197afcc4249e003d9203f1551ce0c32685991ead5d55a3e608b0e5340598f5`
SHA3	`d26c5a06469a4246a071d29962e5a874fc974d2502b7e5d76148175576ead38f`

101

Type	`UI`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2aa00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93025`
MD5	`e13a6c7c3cb443d1f342416fb935330f`
SHA1	`1046b9cf122fe1731dd89a4942822a91365a8c63`
SHA256	`88d926260b392c689b8235ae7616b3f00ea0e577cd67a0120aba4d6907ce0061`
SHA3	`2c8a029c3f2aa9e9d8f80fad4d1d53e54f9d07fc2d0757fc6a2a3ecdfeb7f03e`

103

Type	`WAVE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2a02`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75428`
Detected Filetype	WAV Resource Interchange File Format
Detected Filetype (#2)	Windows animated cursor
MD5	`66ef17cf7672a90b1e3e788965266560`
SHA1	`d14ec49c74a164cf823dd660bd626ac7b581bb57`
SHA256	`99886fcb79df75f95c19c3a9504bf8bdea593d3447c8c1b4eaf4f044e1138a05`
SHA3	`868c104cd77862f976e3d918120ab980049e2759eaa2f2564687deb0300d6ad3`

104

Type	`WAVE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2ccc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.031`
Detected Filetype	WAV Resource Interchange File Format
Detected Filetype (#2)	Windows animated cursor
MD5	`358876c4000c1f391207c56c11ae9ed4`
SHA1	`1b7ce8967ba7f53d5e2a3d2a0c585753666272c4`
SHA256	`7a6a21f87454c38fb8a7ffd227680a74d9e0d7667fb08807200503e4f4866de9`
SHA3	`1fd6863bea4078d422e07dae0c31ae74b9ddc82e4006a1e301bc855ebabc5bcf`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1299c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95488`
Detected Filetype	PNG graphic file
MD5	`6329d2b89025253e8e3bbbed8477d4ec`
SHA1	`959fc28ea803ea12542500c0ca5ccf9b1e9ac958`
SHA256	`146865d774a3ec39bed23a542982fe5642ab61701ef9c3c25636600d37cf37d6`
SHA3	`a7283dbf866d0ced14013a7d1c55bcc2fcb459ba847f8261d7538276f23da4ba`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.00357`
MD5	`f700621a113ad8d022648296f823863f`
SHA1	`1816ed906e602c518bc11ab579b7466e8325ca46`
SHA256	`310802e16f33d275b3eccdc079576a07f1ccff8c3cfabc6ce5ecd14c0392d984`
SHA3	`4a4746f9c96e6560550d57550637d6113854a029756d29e7f7e487927bfe4a96`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99705`
MD5	`71858424d836cef950ec19713cad7c11`
SHA1	`930eb7fbd79ab1b7894e1a89dd67e8c30bc71cd1`
SHA256	`b4f0bdf03ca9444a7854d1ba47c65c28f2dec2e5bedb030b0cac8f2af701a8fc`
SHA3	`f25d2941465af8228cc591a7619aa5d9ca6d1f1cc1ef3d3e8c269bfef1b1fcab`

108

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.57863`
Detected Filetype	Icon file
MD5	`cd2a6bcc75400d2d8a2f06d744b2d093`
SHA1	`1995268d1d1adda434477fa0763f1000b3c61b25`
SHA256	`ed19d065d5b7b0752c8c3a633a2a831631ea4bda5d2772b8e2227455187639ce`
SHA3	`b19cdba762359e133fa5b7f5c141aff32c3ce411652a15f8f26fe0471858eb8d`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x3c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42696`
MD5	`49a96d24434991562dd8f689180373ed`
SHA1	`39b3d0682b1b64cbb4172a15df1c2011afbcf28a`
SHA256	`99af47673ccb05bf31e4146305d19483040674e2f1a6649ca5a128309af33909`
SHA3	`14ba367100e07b9d58bb35267d9791c1a93a025a998c21f06e20f73eac644803`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05755`
MD5	`93d5224d5a82a661e8067030cadda827`
SHA1	`80ae07b1d4ae5129d749dee8815fc3608dd307f6`
SHA256	`8ccd16f837dc37da3052b31c1b21490a6b16409797d50b1298e9980999a6fc42`
SHA3	`358623f5ee1d9680dfdec18d01c1365b5ad31f48af6346283ca93d2e3cded683`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	3DMGAME
FileDescription	The Surge 2 v1.0-v20190927 Plus 13 Trainer
FileVersion (#2)	1.0.0.1
InternalName	The Surge 2 v1.0-v20190927 Plus 13 Trainer
LegalCopyright	FLiNG Copyright (C) 2019
OriginalFilename	The Surge 2 v1.0-v20190927 Plus 13 Trainer.exe
ProductName	The Surge 2 v1.0-v20190927 Plus 13 Trainer
ProductVersion (#2)	1.0.679.1

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Sep-28 04:11:15
Version	`0.0`
SizeofData	`856`
AddressOfRawData	`0x8adc4`
PointerToRawData	`0x89fc4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Sep-28 04:11:15
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140096080`

RICH Header

XOR Key	`0x5f066423`
Unmarked objects	`0`
ASM objects (26213)	`11`
C objects (26213)	`20`
C++ objects (26213)	`178`
Imports (VS2008 build 21022)	`2`
ASM objects (VS 2015/2017 runtime 26706)	`9`
C++ objects (VS 2015/2017 runtime 26706)	`126`
C objects (VS 2015/2017 runtime 26706)	`36`
Imports (26213)	`15`
Total imports	`180`
C++ objects (LTCG) (VS2017 v15.9.11 compiler 27030)	`16`
Resource objects (VS2017 v15.9.11 compiler 27030)	`1`
151	`1`
Linker (VS2017 v15.9.11 compiler 27030)	`1`

15254741ffe3cc840144f8c8404c889d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

117

105

110

101

103

104

1

2

3

108

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors