Manalyze report for 237353f81801b83f0f0af40637129a7a19c87855f6d3392419dcb012562ef32a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2037-Dec-31 21:15:09
Detected languages	English - United States
Debug artifacts	BootstrapPackagedGame-Win64-Shipping.pdb
CompanyName	KONAMI
LegalCopyright	Copyright 2025 Konami Digital Entertainment
ProductName	SILENT HILL f
InternalName	SHf

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to TEA`
Suspicious	The PE is possibly packed.	`Unusual section name found: .bind`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW`
Suspicious	The file contains overlay data.	`440 bytes of data starting at offset 0xa4048.`
Malicious	VirusTotal score: 4/72 (Scanned on 2026-02-12 15:07:24)	`Cylance: Unsafe` `Jiangmin: HackTool.AmsiETWPatch.cn` `Trapmine: malicious.moderate.ml.score` `Zillya: Trojan.Zapchast.Win64.79`

Hashes

MD5	`67ddd92bb0bef58b4951c1643388f35b`
SHA1	`a52db4ec12bca765f6e47a67400a2ff90698fb4e`
SHA256	`237353f81801b83f0f0af40637129a7a19c87855f6d3392419dcb012562ef32a`
SHA3	`132a473c90a2ff39cb03ef91abd1cd16540aff1b6e93d02482452f5817d51b4e`
SSDeep	`12288:yYT6VhMEMKmIq92KGjPlFAv+TFmyGiakYgbXBZSUCirERVXIBBiHE/QVcImJFbs:iYKmIq92KGjPlFAv+TFmyGiakYgbXBZ`
Imports Hash	`efcf1052e12adb55a48955419dcfea0d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2037-Dec-31 21:15:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x11200`
SizeOfInitializedData	`0x5a600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001E88 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xaa000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0xb71b00`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1b5eaaf3f7a0e181f0ac1bbd315aa294`
SHA1	`8a39171bc65cb71cd00141775ac04696ce3da1f3`
SHA256	`d17a7669f0316159c98de093ebe956c46bb75a8cee0b91e87cd7a3241972d020`
SHA3	`af6ecdeb56ab539c59583613abb4c3b2af4b439a44b2ff3e8e431eaf7021093f`
VirtualSize	`0x111e0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50923`

.rdata

MD5	`0b6b005b29e9640215aa7739d7fed52a`
SHA1	`f6d3f57be20f6885487034c0a8c78a6575729bf1`
SHA256	`e350c7206ca64579120a1a347d5156014120c1c04d7f3cc8da16b8fb68349ba7`
SHA3	`ca96ad894369d98dc6608837fda48b69ad0c6c774ae7e94fdbf2a050c6832a60`
VirtualSize	`0xae1a`
VirtualAddress	`0x13000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x11600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.85509`

.data

MD5	`7df8154ac41703d7ecf6d5ff99a9abb1`
SHA1	`3e7cb8eb7fe9a7b81c12046d2dd5ff083120a70c`
SHA256	`44ceb42680e2a9c861f8092580952f6c3788ae6a87d1ca2642857476802b6b72`
SHA3	`cb1e713fcd242aa8e421230903a145439d6b05ddfe61d58cc6e873bf45e55ab0`
VirtualSize	`0x1dc8`
VirtualAddress	`0x1e000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.97888`

.pdata

MD5	`8e66ceca96601cffa0b953fa2d55175e`
SHA1	`1cd2f9ba931cfbb4bd3fdcb6bbdf6b8ea2ba085e`
SHA256	`92e973016e50e4634c1ad3174cb67fb3d26855816502ba632a7a5c7366a27645`
SHA3	`c765abb65c147bbc785227cee5b2d390da1c3373e31cda375544c0c90010ceed`
VirtualSize	`0x1014`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.55441`

_RDATA

MD5	`61f3e2216eb1cfc643297a01421a8e5d`
SHA1	`7269204be79da948bd7ec1c06466eee345d5778c`
SHA256	`484fadac7ded393f335190325f4be7181692a3a71a163af61d86e9171d42054e`
SHA3	`90c557b4b54cd9d22915fda1ef6524f6bc7f91e318190eff105995a6ad25c390`
VirtualSize	`0x1f4`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.70405`

.rsrc

MD5	`6a8aea43c9302f4f425282eafcbe5d99`
SHA1	`290d36d58117b82b2ebd45a9969a8523b1a4e453`
SHA256	`e0b039d9317079e8e49faf372c7269005c66c8aa6f68642a5ecde17294223e26`
SHA3	`9be0a736b2e57742046b1a669e9b920c52d5f2d8085c98c78bf4712169c7b184`
VirtualSize	`0x4cc64`
VirtualAddress	`0x23000`
SizeOfRawData	`0x4ce00`
PointerToRawData	`0x1e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84423`

.reloc

MD5	`0a4f81baa47357f80afcba2318410954`
SHA1	`b73e093e0fefff60eceb71258e97e2f6425cef93`
SHA256	`fe0eb8e94a1e3a0aad5ecb1f8361de0b2d52a7fad6113736d12ba0be9beb9ee9`
SHA3	`659668758f2fb75e1ca401c9bfcb44696f331cff8eae060664d6293dfa5fcaf8`
VirtualSize	`0x68c`
VirtualAddress	`0x70000`
SizeOfRawData	`0x800`
PointerToRawData	`0x6b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.96413`

.bind

MD5	`2d03ecb3ab0cdc264395caad40f4e394`
SHA1	`3aeb4ad0d1efc0399bfae34713ca207b4a3bdb87`
SHA256	`2485e3cc9157413b77e55cb5466d95c4aae9d63dc02ad3a7e643ede20d84bf5b`
SHA3	`e26b6e2fd706a321444a439c9e849adff80c9e53a1d88b3fd1d7b1e34b6f33f2`
VirtualSize	`0x38448`
VirtualAddress	`0x71000`
SizeOfRawData	`0x38448`
PointerToRawData	`0x6bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95838`

Imports

KERNEL32.dll	`GetExitCodeProcess` `CreateProcessW` `FreeLibrary` `GetModuleFileNameW` `LoadResource` `LockResource` `WaitForSingleObject` `FindResourceW` `LoadLibraryW` `WriteConsoleW` `CreateFileW` `GetLastError` `CloseHandle` `SizeofResource` `GetFileAttributesW` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `SetFilePointerEx` `GetProcessHeap` `LCMapStringW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `HeapFree` `HeapAlloc` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW`
USER32.dll	`MessageBoxW` `wsprintfW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `RegQueryValueExW`
SHELL32.dll	`ShellExecuteExW`
SHLWAPI.dll	`PathCanonicalizeW` `PathRemoveFileSpecW` `PathCombineW`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.96507`
MD5	`1aef61af01a13a6e7f4f8791a3435f1c`
SHA1	`0fa89fba5402a0aa48224aaaf82b857c3259e8c8`
SHA256	`4a4651446c5afdc2c1d6617091828ba14a3674b229322b407a04f00bb1c5d788`
SHA3	`45ce9b62aae0bcc035d343a54135df3a6e4bf4353f751dd538f11a61dc45cefe`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84826`
MD5	`577d96855a1aed2d1d0d8622379e3449`
SHA1	`dbd742032c190cdd01678ed3be22644809343e5f`
SHA256	`837a87b1eddf48c76ef00021fef18d8327a9b8f709451c5177c7a567300949e1`
SHA3	`8851bbc4ddc4b8d1f3159006d1044fb0c4c3067f644a5d2b85f9a7cec12c566e`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.81739`
MD5	`7c58458bbfed9dfb7523e42eead40771`
SHA1	`860ebe0bb67e56f54a618c9d2121b3b02c1ae3ce`
SHA256	`3f85828aecd36908c17404bba62ed5e893240a27c6594c75819a28cb8777d93b`
SHA3	`e0d7f7077c53a1afb18724839012c7f9c13f56c7dca4581fdb7c4d6d2e0358c0`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.76155`
MD5	`8b31abc690375d5cdd049f1b764deff9`
SHA1	`904a23845d85ed02e83fc323f8190a79995b8728`
SHA256	`cc7f6b0cd209a6ad2a0bd1d72276663cf4c3d27742dc375b4de0d99ebd186c17`
SHA3	`f51927892480e4e3824397daf791ea0636a7bc4048ecc06631da05ff16b53550`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.72027`
MD5	`ab788f208ae923156b2d6620ba7bcd58`
SHA1	`49ca7998d8ec68475632bd6d604db7a3fa341c85`
SHA256	`c882bea6f9092e788b1afca0d214ebf6982a59d6921133ccc791990b24f873e0`
SHA3	`b10ffde59b77b4803589ed352c710c911798fa6648c019d41691e3b8f8477380`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87442`
MD5	`f7ed88fd05c5e244c8f5d31d163ec876`
SHA1	`0c6fa94e00c90edfae58ec04e6955bee2c5e2d23`
SHA256	`855a89f2a928b2b0e26d336d83a9781ca716289bb9f4f733cbc90086490329f0`
SHA3	`50f4d9ccf39906fbfa07eb7fd7f4f01d02f450c317a102c572ac6105b95ae626`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86157`
MD5	`019e53729806a203a1358183271f5b03`
SHA1	`8e5593cab423750c514dcd2ccd9172a2c14e6b7d`
SHA256	`7b3edbf942bf2e58cf183fd743dc915fcccb448734323fd3634a155cdca7355a`
SHA3	`0bf54d229f8cb83810bee793e3ccf7517e611a10c242c62719e65182cb523adb`

201

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99822`
MD5	`3911df7e90c6b17bacf7b7717490af0c`
SHA1	`be11e2532aa4f2a4d7472eeb4657ab0bc353c505`
SHA256	`01caa823c6f8acece1ac6841e834d028dbd4d1ddf7811ea86b5e74a0facc01f4`
SHA3	`9c676831d1ef8372d8ae7ff1cb6d3b68924a4d48a27461d00154f8a4e9a5dcf5`

202

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.54879`
MD5	`2af8122bb30105ff402d2de0e5fcc822`
SHA1	`d8269d1423fe77ff8c96d7b8abd01e2d06d85ac1`
SHA256	`df862a1810b3f296b2e06b12932df7c917fcad05098c9c3426e22e4e38d0261f`
SHA3	`99c4dd8ab2812e95aea6507256bad13f31b2be64424fa625f1a1bd90d86fcb93`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.83484`
Detected Filetype	Icon file
MD5	`2f9dd133c121cbe66867733ca2aab132`
SHA1	`754ea4ce1b9a5ba720c66a098b94781f11b94e6f`
SHA256	`6502b2306a5f05c8d2d9c6875b11d7f2e630d94e9dbd94512d0edaa8f3f13aee`
SHA3	`698b7f2632ae6dae0af5fac90853a7938e97391d9cce7ce2a8bd7090a491b98e`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x260`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35826`
MD5	`162bc0a74f343ea1dcb7f228224df1b5`
SHA1	`e876935a671bc024a5d1bdd395a32e194945ef1d`
SHA256	`a2d3538dcf65e51e12447ad32e403916a4db80bf5de058c990c42202052e9054`
SHA3	`f56e050a8a6a50d269bd8197625d6f4d2f913a51d17c29944e3999de1963a8e7`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x580`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29956`
MD5	`c61240657e13443faa673941f5309de2`
SHA1	`c0fbe2a825d7b0526747bf774f0924ded81b7462`
SHA256	`527ba3511f5e6271211343cd03168ec681b1afc356ed87eeece038bbd480731b`
SHA3	`e61279125dbdfd1216bc206250bdaf599743f063b1fb74df33968dee1f3c874d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.4.2.0
ProductVersion	5.4.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	KONAMI
LegalCopyright	Copyright 2025 Konami Digital Entertainment
ProductName	SILENT HILL f
InternalName	SHf

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2037-Dec-31 21:15:09
Version	`0.0`
SizeofData	`65`
AddressOfRawData	`0x1c1c8`
PointerToRawData	`0x1a7c8`
Referenced File	BootstrapPackagedGame-Win64-Shipping.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2037-Dec-31 21:15:09
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1c20c`
PointerToRawData	`0x1a80c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2037-Dec-31 21:15:09
Version	`0.0`
SizeofData	`836`
AddressOfRawData	`0x1c220`
PointerToRawData	`0x1a820`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2037-Dec-31 21:15:09
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1c58c`
PointerToRawData	`0x1ab8c`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001e000`

RICH Header

Errors

Leave a comment

No comments yet.