Manalyze report for 21562c166079b96e25f73559d042522d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Oct-08 17:31:32
Detected languages	English - United States
Debug artifacts	c:\rmtest\pc\_base\util\DRMProtectRun2.pdb
CompanyName	PopCap.com
FileDescription	Bejeweled Twist
FileVersion	`1.0.3.7482`
InternalName	WinDM
LegalCopyright	Copyright © 2008
OriginalFilename	WinBejTwist.exe
ProductName	Bejeweled Twist
ProductVersion	`1.0.3.7482`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8` `Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	PEiD Signature:	`Crunch 4`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` Contains domain names: 2004-aia.verisign.com 2004-crl.verisign.com CSC3-2004-aia.verisign.com CSC3-2004-crl.verisign.com PopCap.com aia.verisign.com beta.popcap.com command.com crl.verisign.com http://CSC3-2004-aia.verisign.com http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0 http://CSC3-2004-crl.verisign.com http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D http://crl.verisign.com http://crl.verisign.com/ThawteTimestampingCA.crl0 http://crl.verisign.com/pca3.crl0 http://crl.verisign.com/tss-ca.crl0 http://ocsp.verisign.com0 http://ocsp.verisign.com0? http://www.microsoft.com http://www.microsoft.com/directx http://www.popcap.com http://www.popcap.com/0 http://www.popcap.com/register.php?theGame https://www.verisign.com https://www.verisign.com/rpa https://www.verisign.com/rpa0 https://www.verisign.com/rpa01 microsoft.com popcap.com verisign.com www.lua.org www.microsoft.com www.popcap.com www.verisign.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses known Mersenne Twister constants`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegCloseKey RegCreateKeyExA RegQueryValueExA RegOpenKeyExA RegSetValueExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetOpenA InternetReadFile InternetConnectA InternetCloseHandle` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationA` `Manipulates other processes: Process32Next OpenProcess Process32First` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Info	The PE is digitally signed.	`Signer: PopCap Games` `Issuer: VeriSign Class 3 Code Signing 2004 CA`
Suspicious	VirusTotal score: 1/68 (Scanned on 2022-02-10 11:45:58)	`eGambit: PE.Heur.InvalidSig`

Hashes

MD5	`21562c166079b96e25f73559d042522d`
SHA1	`9de7418cd2022cbd4b71e8e4245c5f10bef27ad3`
SHA256	`27d5524d122fc2c447f7519a247c8a0b2eba44790865a55691d27d23949379cf`
SHA3	`3ed37d8002a61d83c3aa8f1d539b7c46be54d949b4672d28d3143bb53bdea876`
SSDeep	`98304:H5tGPJv4QxMjH+o19IBiEkGlo0XuuXif93y7Mh+4:H5tGPJQUy+oQB3ZiV0M+4`
Imports Hash	`caa73f3854faf99325bb3b7b5cb4c400`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2008-Oct-08 17:31:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x122000`
SizeOfInitializedData	`0xb3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000E4F5A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x123000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x233000`
SizeOfHeaders	`0x1000`
Checksum	`0x6a481b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b920a6ab9eb0d53a44608fe92d77db26`
SHA1	`6945c2c127dbc41ebaf63308c84e043dc85af3e5`
SHA256	`1f071f3937fd721c6340d8139e9e8a3fefd8dd3df45efd5ec3d9945f6fa47cea`
SHA3	`9e17c2de6248ba528d69ab36e9ca65509f6a843ff56ac7daf12283fc5b044826`
VirtualSize	`0x121b9c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x122000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.69408`

.rdata

MD5	`ec51e0e00e34fcb1004cdcae40b834ba`
SHA1	`618285f365d8a9cd3a2751f13f5b1b74ba781739`
SHA256	`a257f6d92143a05dd9cf33c4e4e037532166087cf335c6e3ef8e931aaf7ad5a2`
SHA3	`739db2b4d70ee43039b86d4c60815f61935dc29d7e3f8345d876c079966d7886`
VirtualSize	`0x3f658`
VirtualAddress	`0x123000`
SizeOfRawData	`0x40000`
PointerToRawData	`0x123000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.8931`

.data

MD5	`ee2bc518faa765fd9c36efb197c288c2`
SHA1	`50d471f490b45df13c6b493e78defb620b25a563`
SHA256	`f12a0fce80152806ad6798b822b950045729405e9b167ba44e4fcd0067f87e13`
SHA3	`8a60e47985a4362783c22f3b1b001eec1511482515377c2af0feadcb1443cb7f`
VirtualSize	`0x69f20`
VirtualAddress	`0x163000`
SizeOfRawData	`0xd000`
PointerToRawData	`0x163000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.14447`

.rsrc

MD5	`0fbfe41431f6b25b8b9a2be183726783`
SHA1	`d1c57be2ebf4818042f51b9d495780fda6fa1bf9`
SHA256	`1681401d8c488d7e9f4aec3d01064dec100a38861025b6847a708f8861819b6a`
SHA3	`749bed22f3b852242f35f5f42fed4718501ae73872a659ad89ce3d200674da68`
VirtualSize	`0x65ce8`
VirtualAddress	`0x1cd000`
SizeOfRawData	`0x66000`
PointerToRawData	`0x170000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.19374`

Imports

WSOCK32.dll	`WSAStartup` `WSACleanup`
KERNEL32.dll	`DeleteFileA` `CreateFileA` `MoveFileExA` `SetThreadPriority` `Process32Next` `GetCommandLineW` `GetExitCodeProcess` `GlobalUnlock` `CreateMutexA` `OutputDebugStringA` `Sleep` `OpenProcess` `GetWindowsDirectoryA` `FreeLibrary` `EnumResourceNamesA` `SetFileAttributesA` `Process32First` `LeaveCriticalSection` `CreateFileMappingA` `CreateThread` `InitializeCriticalSection` `WaitForSingleObject` `DeleteCriticalSection` `EnterCriticalSection` `SetEvent` `GetModuleHandleA` `MapViewOfFile` `CreateEventA` `UnmapViewOfFile` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetCurrentProcessId` `VirtualFree` `VirtualAlloc` `CompareStringA` `InterlockedExchange` `SetLastError` `GetCurrentThread` `SetEnvironmentVariableA` `CloseHandle` `EnumSystemLocalesA` `GetLastError` `GetStringTypeA` `GetLocaleInfoA` `GetDateFormatA` `GetTimeFormatA` `CreatePipe` `GetFileAttributesA` `GetConsoleOutputCP` `WriteConsoleA` `SetCurrentDirectoryA` `GetCurrentDirectoryA` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `HeapCreate` `HeapDestroy` `GetOEMCP` `GetACP` `HeapSize` `ReadFile` `FlushFileBuffers` `GetConsoleMode` `GetConsoleCP` `WriteFile` `TlsFree` `TlsSetValue` `TlsAlloc` `TlsGetValue` `SetFilePointer` `SetHandleCount` `LCMapStringA` `MoveFileA` `DuplicateHandle` `GetFileType` `SetStdHandle` `GetFullPathNameA` `GetDriveTypeA` `RaiseException` `RtlUnwind` `GetStartupInfoA` `GetCommandLineA` `ExitProcess` `HeapReAlloc` `ExitThread` `GetSystemTimeAsFileTime` `GetProcessHeap` `HeapAlloc` `HeapFree` `SetEndOfFile` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `LoadLibraryA` `ResumeThread` `GetTickCount` `CreateToolhelp32Snapshot` `GetModuleFileNameA` `GlobalLock` `TerminateProcess` `GetVolumeInformationA` `CreateProcessA` `GetUserDefaultLCID` `IsValidLocale` `CreateDirectoryA` `InterlockedDecrement` `InterlockedIncrement` `GetTimeZoneInformation` `CopyFileA` `OpenMutexA` `GetConsoleScreenBufferInfo` `GetConsoleCursorInfo` `GetStdHandle` `ReleaseMutex` `WaitForMultipleObjects` `OpenFileMappingA` `OpenEventA` `SetFileTime` `ReadConsoleInputA` `AllocConsole` `SetConsoleCursorPosition` `SetConsoleCtrlHandler` `SetConsoleCursorInfo` `GetCurrentThreadId` `SetConsoleTitleA` `PeekConsoleInputA` `GetVersionExA` `FindClose` `FindFirstFileA` `FindNextFileA` `GlobalAlloc` `VirtualProtect` `VirtualQuery` `GetThreadPriority` `MulDiv` `GetFileTime` `FreeConsole` `SetConsoleTextAttribute`
USER32.dll	`FillRect` `CreateCursor` `DestroyCursor` `GetFocus` `GetQueueStatus` `WindowFromPoint` `DrawMenuBar` `SetClipboardData` `BeginPaint` `ReleaseDC` `UnregisterClassA` `GetSystemMenu` `DeleteMenu` `ScreenToClient` `GetWindowPlacement` `SetFocus` `PostThreadMessageA` `DestroyWindow` `DestroyCaret` `DispatchMessageA` `GetDesktopWindow` `SetWindowTextA` `GetCursor` `GetClientRect` `GetForegroundWindow` `SetTimer` `LoadImageA` `GetWindowThreadProcessId` `HideCaret` `IntersectRect` `RegisterClassA` `PostQuitMessage` `GetWindowTextLengthA` `SendMessageA` `GetMessageA` `GetCursorPos` `AppendMenuA` `TrackPopupMenu` `OpenClipboard` `CreateCaret` `MessageBoxA` `MoveWindow` `EnumDisplayMonitors` `GetWindowRect` `IsWindow` `IsIconic` `ShowCaret` `PostMessageA` `OpenIcon` `GetDC` `AdjustWindowRect` `EndPaint` `RegisterWindowMessageA` `TranslateMessage` `DefWindowProcA` `GetSystemMetrics` `IsWindowVisible` `BringWindowToTop` `CloseClipboard` `CreateWindowExA` `SetCaretPos` `GetWindowTextA` `SetForegroundWindow` `EnumWindows` `ShowWindow` `LoadCursorA` `ClientToScreen` `PeekMessageA` `CreatePopupMenu` `SetCursor` `GetParent` `ReleaseCapture` `SetCapture` `FlashWindowEx`
GDI32.dll	`SelectClipRgn` `GdiFlush` `GetStockObject` `GetDeviceCaps` `CreateFontA` `GetTextMetricsA` `GetCharABCWidthsA` `GetObjectA` `CreateFontIndirectA` `SetBkMode` `IntersectClipRect` `DeleteObject` `DeleteDC` `SelectObject` `CreateCompatibleDC` `CreateDIBSection` `BitBlt` `SetDIBitsToDevice` `SetTextColor` `StretchBlt`
ADVAPI32.dll	`RegCloseKey` `RegCreateKeyExA` `RegQueryValueExA` `RegOpenKeyExA` `RegSetValueExA`
SHELL32.dll	`ShellExecuteA`
ole32.dll	`CoUninitialize` `CoInitialize` `CoInitializeSecurity` `CoCreateInstance`
OLEAUT32.dll	`SysFreeString` `SysAllocStringByteLen`
WININET.dll	`InternetOpenA` `HttpOpenRequestA` `HttpQueryInfoA` `InternetReadFile` `InternetConnectA` `HttpSendRequestA` `InternetCloseHandle`
WINMM.dll	`timeEndPeriod` `PlaySoundA` `timeBeginPeriod` `timeGetTime`

Delayed Imports

__GDF_XML

Type	`DATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63545`
MD5	`82d7305f39174ef50fb04084f52d48df`
SHA1	`970201b4be17fe2e4a811f71be0e39dbf03105ad`
SHA256	`2a01456d4f9238f096a0092bfb8628bc0a8cf092999b2235ee9192c86378d202`
SHA3	`691be418e7e9f43b8312ff9773fde9527f1c412269083ab2431a959ce4073d37`

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70104`
MD5	`848b21075e5074cb78a9c346e23e16d0`
SHA1	`84f14bcbbebc32bf18f7734e31f9e3b2657d0770`
SHA256	`272fa826ad6f56a203139464b581ffd766f0897cf53c2560a9d2fe4d90027065`
SHA3	`1ddfe9eabf9a28b6d6cd59ba7a722005b04ec97ff2fc6fb3fc775a26653d0b62`

2

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66437`
MD5	`b64fe67cff894e1b740a738c00a07654`
SHA1	`1ad076171b948189e73807fbcee779034b8560fa`
SHA256	`7517fe96df00f863379f63972f73adebc548cecd4d3915d88cfdc06897f4df55`
SHA3	`a9850dfce10cc4f0d0d40837f7fe202763fb8ec468ac5dded0dd0d5ba5917fee`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa068`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.381`
MD5	`17b63c49b39f46c3c86958385628a557`
SHA1	`4bbe20cc915e91d92abfac28a63ed63dba7c68ff`
SHA256	`e5d7252bbf1f7571df75c4f4157e848c7763a77b91f3851ef4ff375944a94ed1`
SHA3	`b2c479d743c5c2ae54754dfe1707b4f034bec4d4704bc2ff30d879aac1a3d049`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.47613`
MD5	`5e99d0a409cb371ea3b46c8836529208`
SHA1	`fd1478e27cc786230b1ebb62406c7add31abc212`
SHA256	`7c8df76a00a9c1aaeb65bf85a6d85ff2c5d67db1a65e0a475f66bec8e1d43a86`
SHA3	`6578d2e5ce980bccdccbe871fa0ccf8fd0421004e2062a3f67c7f5bfcd2140a4`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63429`
MD5	`027606985bb460bf5ce648c9bc5d708f`
SHA1	`21442cc7a5c473faccf6eacc76f5d25e6a75a054`
SHA256	`7e6521039e07010e61c65fdf5ce3ce9e9991cf33a37fa2f936b528caf8fefa60`
SHA3	`7939020fc7a98f59fd53c818009a2f01459b154674388621a257b3949e1dff93`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69703`
MD5	`77ac39e6bdb36a19d0824c5eada34626`
SHA1	`e7ebbd2bf8a6c9d0a1df19ef004ec336da09b820`
SHA256	`a13ca243e2ca19264cb8d9316daa234ed87f7f17dab6bf04def776f2cfd2ebcb`
SHA3	`0b864ee99d9ad492c0c5533a6ce262995d5c042b60b7fbce9de2ca6e1da12272`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3746`
MD5	`2d819d11629f48779c74868da159df60`
SHA1	`fd58970e142c8c13b5b2f8d0b6bde5e6a6c1e66b`
SHA256	`437440e8a56118c407fc505786e2d44ac5a6624255c27e108a31f59f059e5456`
SHA3	`e05a533e3fabb16a6fb4b78b21d2c6430b9f3f45358b901324348c10f1814289`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.86956`
MD5	`cb6f16f058ba837b90097f2ef3c11c11`
SHA1	`8f8de2850e5c7b929ac1c22b964a887475b4ea5e`
SHA256	`b80fc639281aa0838208bf3f445b226a6a3faba72f49f266dde836dce067781f`
SHA3	`15121c37c370fcb8bb6ad6d6ee932d6231b1a1e1ffbc8b3a8f3a047ad348076d`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.22249`
MD5	`14e82a24f85236791fb1b66f84c5993d`
SHA1	`8dc5f4ee9adbdcfdc36eee1459aed150634744b2`
SHA256	`d67153804b6affc64b0201585a0289dd208a400de64b8c63d55002889566af5e`
SHA3	`b98dc3dc1fe8f72745e095713285adadd25fb4741584346513bd541d22e6de1a`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.90985`
MD5	`3bc96eb1afdfee38e387396bc8cdd02b`
SHA1	`ec2215ca7f9bbae02b3ceaee71bb5d712d59fa05`
SHA256	`2af26aa4814b5f272333c7c267b43ec6fb1a81cd420bf6361eed75c66ca743f6`
SHA3	`d32073012b64e86037d4a74207400f11e351a6f2d7631c00b681fd3c06a5ef23`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.90948`
MD5	`4b26dad0b8cd966961652a53189ae19a`
SHA1	`a5d33bc439e1625cbc7b8011ce54f9b3670c0f95`
SHA256	`b48cadc20c4468e46803b60898c5175eeebd2673515854985a44fb4a9661b848`
SHA3	`fcad7b40e466f3c510cf156416427725c07a70933665ed14b89dcec57dde8fd1`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64141`
MD5	`170aff766d0164acdd3c1648d748ebff`
SHA1	`37103d83bfcb862dde0e04320fbc9a677af5b0fb`
SHA256	`a4d8422e7699275cf51c534e8ced7aba606ed7c078d521f8b421e6dce8055df9`
SHA3	`a0e95d267103f6f1779012fd9e2101a5f5d04316e322b37313a65a4a2d325268`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71669`
MD5	`f809b79355878d826cd3310cd6c59751`
SHA1	`008e091721c1a1ca24eb2069c2eb22a62e6396d2`
SHA256	`8eff8fde9a18160e88f447b2f7f92bccfe6d0bd0c004ad4299842e808f14c19e`
SHA3	`3c987bc21b2e227026bf33d73facbafb4436ffbbeaaea2c9a564838bb16fb504`

14

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05752`
MD5	`5ea2e733e80fe10445113ac2f2894c7d`
SHA1	`448e056baf6ee682e021499cc9600fb105e8e63d`
SHA256	`b5a46875681eb5575f47d02d9ff31e3b8b2c291515ea232ee8a89983816963ab`
SHA3	`d2ccba2b95d5884f13384a5141681c324686b3f881d212e0818c5f3acddb6a9c`

102

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.23629`
MD5	`1551b413f781b3b40fdfaddbc25196c8`
SHA1	`9d2ea25cddfeb254b8271b275929ff926a6f5bc2`
SHA256	`6cded6cd7bd52dfde065dc3696cd5f9f07df121f76091a47fde4df1f2d7b6203`
SHA3	`87aa37682c88c306ada8220fafb9925ebdce133ded845cf0b3cfaf4882efe1e7`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x11c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99296`
MD5	`a4954216820a5a5ac36e6e3c1e0cf3da`
SHA1	`3e1d3a809a940d280a31745f379bf10632f7369c`
SHA256	`186de7659f15775e4cb5d2e0f77d4bfb372cd97e16143964b8d9449de6c86932`
SHA3	`11a92a187755751b55b33c845a18c2f55bc681acaf3a4df97722559979e1a221`

IDC_DRAGGING

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Cursor file
MD5	`aff0f5e372bd49ceb9f615b9a04c97df`
SHA1	`e3205724d7ee695f027ab5ea8d8e1a453aaad0dd`
SHA256	`b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c`
SHA3	`9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712`
Preview

IDC_FINGER

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`
Preview

IDI_MAIN_ICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94543`
Detected Filetype	Icon file
MD5	`b80a95690efa6ce982b303116df97a5e`
SHA1	`326a3840c34b8279f895e622394902a8f4680ca9`
SHA256	`6d21af90847d8d89dc578228a97e4b25d5ab55992695b1646aba53348ac5a84c`
SHA3	`e2b7ad6f6c3b265168ae19650dd17fd66a8072cb91f7dabca8dc6237c8bb16a9`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.466`
MD5	`832c866474e65b6b5596ec46d20a6b55`
SHA1	`a5471b54672c9b9c3d6ffca2931035dea07c44f9`
SHA256	`b7ee8f1a63f1cd6eacbd359cc5dccb5941b85231f1c20dbb0c8148a4485d44ee`
SHA3	`bd8ecc101299f379a96a8eb4aa15ffb1fc5303b6109234111f47feee2bd07731`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x192`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84915`
MD5	`850259469c6edd54afd1be91fe9dfd47`
SHA1	`9c3a37987c6071023cd1cd57b0e638b03be21958`
SHA256	`9f4b418013f868597243471be8da0cef6b5fc276177112b0b076326359452ac0`
SHA3	`1d6a3cb40df2c60e6a1a8084a699e2f2ec45c5cb539f8e6d477c6a1e7d61d3e8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.3.7482
ProductVersion	1.0.3.7482
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	PopCap.com
FileDescription	Bejeweled Twist
FileVersion (#2)	1.0.3.7482
InternalName	WinDM
LegalCopyright	Copyright © 2008
OriginalFilename	WinBejTwist.exe
ProductName	Bejeweled Twist
ProductVersion (#2)	1.0.3.7482

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2008-Oct-08 17:31:32
Version	`0.0`
SizeofData	`67`
AddressOfRawData	`0x14e7e8`
PointerToRawData	`0x14e7e8`
Referenced File	c:\rmtest\pc\_base\util\DRMProtectRun2.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x56b62c`
SEHandlerTable	`0x556570`
SEHandlerCount	`509`

RICH Header

XOR Key	`0xf6fcbbe0`
Unmarked objects	`0`
126 (50327)	`8`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`64`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`140`
Imports (VS2012 build 50727 / VS2005 build 50727)	`21`
Total imports	`281`
126 (VS2012 build 50727 / VS2005 build 50727)	`36`
C objects (VS2012 build 50727 / VS2005 build 50727)	`361`
114 (VS2012 build 50727 / VS2005 build 50727)	`45`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

Errors

[*] Warning: [plugin_authenticode] Hashing algorithm 1.2.840.1015.13.2.5 is not supported.