Manalyze report for 235acaf0460560e87e8d6df23845de01

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jul-21 10:04:24
Detected languages	English - United Kingdom English - United States
Debug artifacts	c:\hudson\ZeusBase\ZeusGreen\GameMaker\Runner\VC_Runner\Win32\Release-Zeus\Runner.pdb
CompanyName
FileDescription
FileVersion	`1.0.0.2`
LegalCopyright
PrivateBuild	01.00.00.00
ProductName
ProductVersion	`1.0.0.2`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Interesting strings found in the binary:	`Contains domain names: RetroUSB.com adobe.com http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://yoyogames.zendesk.com https://yoyogames.zendesk.com/hc/en-us/articles/360002243797 ns.adobe.com www.w3.org yoyogames.zendesk.com zendesk.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1`
Suspicious	The PE is possibly packed.	`Unusual section name found: minATL` `Unusual section name found: .mydata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: ntohs ntohl` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow CallNextHookEx` `Has Internet access capabilities: InternetReadFile InternetCloseHandle InternetOpenA InternetCanonicalizeUrlA InternetWriteFile InternetConnectA InternetCrackUrlA InternetGetConnectedState` `Leverages the raw socket API to access the Internet: setsockopt sendto recvfrom recv listen inet_ntoa inet_addr getsockopt ioctlsocket socket closesocket bind accept getpeername select __WSAFDIsSet ntohs ntohl htons htonl gethostname WSAStartup WSACleanup WSAGetLastError WSAAddressToStringA getaddrinfo connect freeaddrinfo send` `Enumerates local disk drives: GetDriveTypeW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`52272 bytes of data starting at offset 0x4bd9d0.`
Safe	VirusTotal score: 0/67 (Scanned on 2021-10-23 10:18:13)	`All the AVs think this file is safe.`

Hashes

MD5	`235acaf0460560e87e8d6df23845de01`
SHA1	`eaad507624a6bd0ac5e70ebee68f6df4db1e4b7d`
SHA256	`cf64a70c3b28b3596f8c95e2ce9431cb5849f4cd7be6431d5f6f2abb093f4d38`
SHA3	`b4dcd78f7882c32766de2133ecf81d9d23e1d5fed09717916bbdcc341ba4fe9a`
SSDeep	`98304:WZi7TQFGtCnsTkBU5aWboQehVG9JcMAjqb8vWl7RlgtNOV8XkVgXMz6MdgrVjf:gCQgtCnsTkBU5aWboQehVG9JcMzq0bgR`
Imports Hash	`4c9c7471868bfe19e05444fa40f84069`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2021-Jul-21 10:04:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x331800`
SizeOfInitializedData	`0x198a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002C801D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x333000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x725000`
SizeOfHeaders	`0x400`
Checksum	`0x4c5d08`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3c182feda148e873f9f802d4e27a58ce`
SHA1	`8c802e418e3ea7daa6a95faa4c3b823af6bf819b`
SHA256	`9081a0b6604f013d0706e7f83067feff67daf60f213038b15868b1d350425668`
SHA3	`d62bb3461dbc2114f28526f7b7426368e14e690e6ba4fe7b929bfe5409b2a0f8`
VirtualSize	`0x331764`
VirtualAddress	`0x1000`
SizeOfRawData	`0x331800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63394`

.rdata

MD5	`667127cc91fd47ddb2c1f490e23c8290`
SHA1	`295c8d6cddc77ca12f73f80a6f872575e36866b3`
SHA256	`47625a8d29c33dd0b2d44928f4be3dffa6531ebbc5119c491d2e6a59e3de4f97`
SHA3	`4def7372407a25bc66ec59e02ca47b8c0b4ba16d93dad2cbeabac637fa4c8e61`
VirtualSize	`0xf7528`
VirtualAddress	`0x333000`
SizeOfRawData	`0xf7600`
PointerToRawData	`0x331c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.50617`

.data

MD5	`530c127af8f49c69a88e51af01d0739a`
SHA1	`4756f1d743fb0dd65b773d9aa5ba4bf6f71fcac1`
SHA256	`d7198599662be2c2b918db4cecab931e609f5a74890917f0809c91c3b83f2752`
SHA3	`3693d4de5cb6079c6bc9c6327ed80f69a7705f6c38cd8db7de1a4aed5796e153`
VirtualSize	`0x2daa60`
VirtualAddress	`0x42b000`
SizeOfRawData	`0x85a00`
PointerToRawData	`0x429200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.73437`

minATL

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0xc`
VirtualAddress	`0x706000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4aec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.mydata

MD5	`5b71e4c27591ccb21954d71d656b28fb`
SHA1	`9cf3bdc3e0e647cb864581406250a7c21f51524d`
SHA256	`6bafe4f53b35a27d41c72c80d8fdfcd2aca79ce310b990ee55c7a04d65b6e96f`
SHA3	`efdeae6073a6cce468f62cdbdfc2d0f9ea3d196156860e5cac0d2038149f9a3e`
VirtualSize	`0x8`
VirtualAddress	`0x707000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4aee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.gfids

MD5	`4258a0088c4711f8a29512afcdb65475`
SHA1	`9d80d458599d494e4475e728b0df033487b997e8`
SHA256	`a0d53de57ba52388659168a847028f9ce8fb88f58d6454be285566696b7a8017`
SHA3	`5618b2890b36ff67d9c77a56719046028aaa43c558ea459e68ca1f3036a099ca`
VirtualSize	`0x19c`
VirtualAddress	`0x708000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4af000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.77314`

_RDATA

MD5	`db8e2ffab91d2b70dc34c61ece8ea31a`
SHA1	`517b4acca92a45993dc92cd779faca547c2c5cb7`
SHA256	`48ea544e6c8b1796ea706bae5bd778baf6877632ca11f16caa633c3a05a086d8`
SHA3	`2306787d46c6b3d0cfa24279f2a1725056c233c087f091fe19dc6fb46efff574`
VirtualSize	`0x7e0`
VirtualAddress	`0x709000`
SizeOfRawData	`0x800`
PointerToRawData	`0x4af200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47747`

.rsrc

MD5	`54d737859b0393e724e6c3577412524e`
SHA1	`64297293cbdb4148bc47bba9e13a399b08d9d878`
SHA256	`16b5834b9aca7819b759f173a68ac3530c03f577d5cca32e364c86bbd34c51ef`
SHA3	`c1e98acfc93363f85ba6481303a947060c82da07ca54ea804c831465008b7099`
VirtualSize	`0x1ab3c`
VirtualAddress	`0x70a000`
SizeOfRawData	`0x1ac00`
PointerToRawData	`0x4afa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.40137`

Imports

WININET.dll	`InternetReadFile` `InternetCloseHandle` `HttpOpenRequestA` `HttpSendRequestA` `InternetOpenA` `InternetCanonicalizeUrlA` `InternetWriteFile` `InternetConnectA` `InternetCrackUrlA` `HttpEndRequestW` `HttpQueryInfoA` `InternetGetConnectedState`
dxgi.dll	`CreateDXGIFactory1`
d3d11.dll	`D3D11CreateDevice`
dbghelp.dll	`MiniDumpWriteDump` `SymInitialize` `SymFromAddr`
WINMM.dll	`mciSendStringA` `joyGetPosEx` `joyGetPos` `timeGetDevCaps` `timeBeginPeriod` `timeEndPeriod` `mciGetErrorStringA`
WS2_32.dll	`setsockopt` `sendto` `recvfrom` `recv` `listen` `inet_ntoa` `inet_addr` `getsockopt` `ioctlsocket` `socket` `closesocket` `bind` `accept` `getpeername` `select` `__WSAFDIsSet` `ntohs` `ntohl` `htons` `htonl` `gethostname` `WSAStartup` `WSACleanup` `WSAGetLastError` `WSAAddressToStringA` `getaddrinfo` `connect` `freeaddrinfo` `send`
gdiplus.dll	`GdiplusStartup` `GdiplusShutdown`
COMCTL32.dll	`InitCommonControlsEx`
VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoW`
RPCRT4.dll	`UuidToStringW` `UuidCreate`
KERNEL32.dll	`GetFullPathNameA` `SetCurrentDirectoryW` `HeapReAlloc` `GetTimeZoneInformation` `MoveFileExW` `SetFilePointerEx` `SetStdHandle` `ReadConsoleW` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `EnumSystemLocalesW` `IsValidLocale` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `DecodePointer` `GetStringTypeW` `GetACP` `WriteFile` `GetStdHandle` `GetModuleFileNameA` `PeekNamedPipe` `GetFileType` `GetDriveTypeW` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `FindFirstFileExW` `ReadFile` `SetFileAttributesW` `GetFileAttributesExW` `GetModuleHandleExW` `HeapWalk` `HeapValidate` `LoadLibraryExW` `InterlockedFlushSList` `InterlockedPushEntrySList` `EncodePointer` `RtlUnwind` `VirtualQuery` `GetProcessHeap` `HeapFree` `HeapAlloc` `InitializeSListHead` `FindFirstFileExA` `FindNextFileA` `GetSystemTimeAsFileTime` `RaiseException` `GetStartupInfoW` `IsDebuggerPresent` `EnterCriticalSection` `RtlCaptureStackBackTrace` `InitializeCriticalSectionAndSpinCount` `GetProcAddress` `LoadLibraryW` `WideCharToMultiByte` `CloseHandle` `WaitForSingleObjectEx` `CreateEventExW` `OutputDebugStringA` `IsValidCodePage` `GetConsoleWindow` `GetLastError` `GetCurrentDirectoryW` `DeleteFileW` `GetFullPathNameW` `SetLastError` `CreateThread` `GetExitCodeThread` `GetModuleHandleW` `LocalFree` `FormatMessageW` `SetCurrentDirectoryA` `GetCurrentDirectoryA` `FreeLibrary` `GetEnvironmentVariableW` `CreateDirectoryW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetFileAttributesW` `RemoveDirectoryW` `Sleep` `GetExitCodeProcess` `CreateProcessW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WaitForSingleObject` `SetWaitableTimer` `GetTickCount` `CreateWaitableTimerW` `GetCurrentProcess` `GetCurrentThread` `SetThreadPriority` `SetPriorityClass` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GlobalMemoryStatusEx` `GetSystemInfo` `GetVersionExW` `GetLocaleInfoW` `GetUserDefaultLCID` `ExitProcess` `lstrlenA` `GetCommandLineW` `ExpandEnvironmentStringsW` `CreateFileW` `GetFinalPathNameByHandleW` `SetUnhandledExceptionFilter` `SetErrorMode` `GetCurrentProcessId` `GetCurrentThreadId` `GetModuleFileNameW` `MoveFileA` `DeleteCriticalSection` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `TerminateProcess` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableA` `SetEnvironmentVariableW` `SetConsoleCtrlHandler` `OutputDebugStringW` `WriteConsoleW` `SetEndOfFile` `MultiByteToWideChar` `HeapSize` `LeaveCriticalSection`
USER32.dll	`GetDlgItem` `SetDlgItemTextW` `GetDlgItemTextW` `DrawTextW` `GetDC` `ReleaseDC` `SetWindowTextW` `ScreenToClient` `MoveWindow` `SetCursorPos` `ClientToScreen` `MapWindowPoints` `GetActiveWindow` `GetCursorPos` `wsprintfW` `GetAsyncKeyState` `keybd_event` `OpenClipboard` `CloseClipboard` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `IsClipboardFormatAvailable` `GetFocus` `MessageBoxA` `EndDialog` `TranslateMessage` `DispatchMessageW` `PeekMessageW` `LoadImageW` `SetProcessDPIAware` `GetForegroundWindow` `UpdateWindow` `SetWindowLongW` `ChangeDisplaySettingsW` `EnumDisplaySettingsW` `MonitorFromWindow` `GetMonitorInfoW` `AdjustWindowRectEx` `GetWindowRect` `GetClientRect` `SetForegroundWindow` `GetSystemMetrics` `ReleaseCapture` `SetCapture` `GetKeyState` `SetFocus` `BringWindowToTop` `SetWindowPos` `ShowWindow` `DestroyWindow` `DialogBoxParamW` `SetDlgItemTextA` `CreateDialogParamW` `CreateWindowExW` `RegisterClassExW` `DefWindowProcW` `PostMessageW` `SendMessageW` `MessageBoxW` `GetRawInputDeviceList` `GetRawInputDeviceInfoA` `LoadCursorW` `CallNextHookEx` `IsDialogMessageW` `SetCursor`
GDI32.dll	`GetDeviceCaps` `SelectObject` `DeleteObject` `GetStockObject` `CreateFontA`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW`
SHELL32.dll	`ShellExecuteW` `SHGetFolderPathW`
ole32.dll	`CoInitialize` `CoCreateInstance` `CoTaskMemFree` `CoCreateFreeThreadedMarshaler`
dwmapi.dll	`DwmGetCompositionTimingInfo`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.56087`
MD5	`67b5e7bc7a97608b4d919bc944064b02`
SHA1	`f86bb8601877cb2428a21ed87446204ccd179599`
SHA256	`bb2e173dace37f6a494542ed0413bb417d18e0041b49493dcd147c005065ebbb`
SHA3	`7c60e23dde334369de0b594ae5b84ab7855957914d62dabccae386f8581a1c06`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82125`
MD5	`321b6eb0cfc492b05a0ae704778cf8da`
SHA1	`dad6688c99e31a89cd6c072c26d1874d10801f34`
SHA256	`83ba6397a41864e194119773191276c9b8897d6f926c45c9824e3f1e90dc47d7`
SHA3	`d169791335b24cca839b51d0b49a85c86b92a72cbcefb89a7a9dfaea4ce121fa`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89367`
MD5	`713948be21003dfb618ecdb185e50a59`
SHA1	`e1b814c0073be99d0f28e2ddb7d13b073f3dc67c`
SHA256	`f07f55d8a2d3e560f02673c49c8469b51a8d3548d7a1f0ee47355d6f080c9de8`
SHA3	`c1a3d3c7b76024fac53f24210b659a9bb52b0c6230589d095090e6b7e467fd2a`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36684`
MD5	`4b54f097cdb6fa39423033d47fa200db`
SHA1	`bde6c7a67f2b92f27aa875d4955999a9772ff2bf`
SHA256	`6a73143cfacd86719eecf2cc45bb66c23391ac62d0ffa167a1acda97b218a1a1`
SHA3	`2d1407d8b37f12533b8c67a507e830cf7c707f921c4f1dc2bb2f685733046eda`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4c28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.04121`
MD5	`5862fb822647bb0222206552d93026f2`
SHA1	`c8df9419ceba783553fc9f5da52146a52d950867`
SHA256	`91b02dbfc7de3d446cfa0c582ffcd94754e063ab54450b8545e926755c301d9f`
SHA3	`00567047bfdf427cf64883cba41b3bee99520b33a6ad22c0d5d8f2108cee0d5e`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1ae3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86085`
Detected Filetype	PNG graphic file
MD5	`e602c6a4d4ddd15813cc8ab00888f496`
SHA1	`60bf529178e5f05463719555bd52551798e6ac88`
SHA256	`22813a19603dfdabbc152571db92cadd0f0a4192d8cff8942baae650c820c808`
SHA3	`58da0492c870c76a71c95de41ddb4735f69f314788516ad71b50c190c14b3cb7`

IDD_ERROR_CODE

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11903`
MD5	`ac3f07c5aa93e413823a32f659240ad1`
SHA1	`d78e110cb30ccff6366e410f6a16009383f8f2e9`
SHA256	`b45c6a3366adc913f8d1f3cd2289aeddc2b4dae28c0e39daa911009f50234c43`
SHA3	`89f27075d14968fef9bdad5097adf1e3f751b7238149ba82eec741da3e19086a`

IDD_INPUTQUERY

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06903`
MD5	`c2624d0a67009076569b24ceaf5c25f0`
SHA1	`9430e62b31117c2a62b30d5067a9a485b2b92262`
SHA256	`6bd1990b830571c05426131c936352f081dbf227a5f1f8708be380bb68c0ef1e`
SHA3	`87c0e1470f39b15c7cde38546d123ea57c64a448bb9ec5e30e1582325f7d6497`

IDD_LOGIN_ASYNC

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x13c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07583`
MD5	`6b0f04cd06a91ff5ee96decd8eb6dbc6`
SHA1	`240236f7e7f1c2cea21c1d5eac0bef98094eb18a`
SHA256	`28ae1807e280b537ef8a9b5df66942cd52adf418cd5a2e0b07ef48b25bd08955`
SHA3	`f3d6f5a0f7c6fb4bd8a283c4f8bfc9337364cb28e696784dcb8f543d9d79e89b`

IDD_MESSAGE_ASYNC

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00453`
MD5	`ed9d6ad0e3e5f287913a8c39386eb08e`
SHA1	`3856ad95adbb8ffdb971bd44a43e32ff7da10c9e`
SHA256	`09ae8082cc363799b57616423e47409390c11fc632c0958826d98420683aa83a`
SHA3	`19d277b2aea915c99d664198e3339347acae3070829ba1269eda8de02a6b820e`

IDD_QUESTION

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11344`
MD5	`c73c99bc6638f100b097bf7fcca8f264`
SHA1	`1713cd590521632bcfb0be68c27b18a740edec1c`
SHA256	`a0c9982c1806c9802b63ba6a73a9deedd2825fe0b7a6b86ec16c098d8422587d`
SHA3	`ac3b5ddd8e27e4d89cce23d9fd85784ffc8e1a7b827a762e384f4a9bb45b3f08`

152

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`38388dda6548693f4d42f2241a4218d7`
SHA1	`78bedd12a20f97e31e58742381f3d0ca1edb4715`
SHA256	`cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba`
SHA3	`9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17473`
MD5	`f190ca13417d10b7a596c378f6335f9b`
SHA1	`5353fc1815634a0018c2a06be8e357d1378604c9`
SHA256	`2528d2f3ad3eba80ac36f02776073e9149a712305d7884b283c8a61a439ef4e4`
SHA3	`c6d6fb148dd839a72be8bbef58f06ba929e7515b147d28cdf9ca8740780b4e72`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3ed`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.1455`
MD5	`3e6e632b2b185b437f93065c7c3426ae`
SHA1	`5fa71bc80f327b1ec2eeb873cfd4e42e329ae8e8`
SHA256	`303329582a7a97ae5d873a1497b4af9edee9dd407e63cdad6dc268b3e1401419`
SHA3	`091a2aa6b7e002e26ec7e475c9a3da7a8109243a053bd65c5f6fc696e5f3e46a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.2
ProductVersion	1.0.0.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United Kingdom
CompanyName
FileDescription
FileVersion (#2)	1.0.0.2
LegalCopyright
PrivateBuild	01.00.00.00
ProductName
ProductVersion (#2)	1.0.0.2

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Jul-21 10:04:24
Version	`0.0`
SizeofData	`110`
AddressOfRawData	`0x41bd2c`
PointerToRawData	`0x41a92c`
Referenced File	c:\hudson\ZeusBase\ZeusGreen\GameMaker\Runner\VC_Runner\Win32\Release-Zeus\Runner.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Jul-21 10:04:24
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x41bd9c`
PointerToRawData	`0x41a99c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Jul-21 10:04:24
Version	`0.0`
SizeofData	`900`
AddressOfRawData	`0x41bdb0`
PointerToRawData	`0x41a9b0`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x8ad784`
SEHandlerTable	`0x81ada0`
SEHandlerCount	`995`

RICH Header

XOR Key	`0x60fbb457`
Unmarked objects	`0`
241 (40116)	`49`
243 (40116)	`192`
242 (40116)	`44`
199 (41118)	`6`
ASM objects (VS2015 UPD3 build 24123)	`33`
C++ objects (VS2015 UPD3 build 24123)	`41`
C objects (VS2015 UPD3 build 24123)	`24`
C++ objects (VS2010 build 30319)	`1`
C++ objects (65501)	`1`
Imports (21202)	`4`
Imports (65501)	`33`
Total imports	`282`
C objects (VS2015 UPD3.1 build 24215)	`175`
C++ objects (VS2015 UPD3.1 build 24215)	`347`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.