2749077e70813c150cd7d51ceeb0285e

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Jul-10 17:16:02
Detected languages English - Canada
English - United States
Debug artifacts D:\arcdps\build-release-x64\pdb\d3d9.pdb
FileDescription arcdps
FileVersion 0.0.0.1
ProductVersion 0.0.0.1

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • rundll32.exe
Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryW
 Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
 Uses Microsoft's cryptographic API:
  • CryptBinaryToStringA
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Reads the contents of the clipboard:
  • GetClipboardData
Safe VirusTotal score: 0/67 (Scanned on 2018-07-12 09:52:12) All the AVs think this file is safe.

Hashes

MD5 2749077e70813c150cd7d51ceeb0285e
SHA1 01496eb03814c5b42536a3a4ab83db67d3cf9dbf
SHA256 8aae87db64a9e0980dcf025c270f2fafc437bf06b92e25d2ad9c4077ec96b9d8
SHA3 92e56d6de376052a58cf5aabb3f0e6deddfb6142eddf52dfa2202a4088f7e568
SSDeep 6144:t5GfDpuDdsT1d028H5XljP4rmEytW4kLghSuUn5g3lcv1uj4OznHTnM2mOAkHA6:tOPqH4mEy0VXv1uj4OznHj5J
Imports Hash e9d75f70741b8fd0019f13fb813a0710

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2018-Jul-10 17:16:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 12.0
SizeOfCode 0x60400
SizeOfInitializedData 0x35800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000005F2D0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x9b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 96af4fda9fb9eafd2fd5cff3a9a18ccf
SHA1 a99b569a6b66dea584ef8a41f66fbd9bdfe91d2f
SHA256 dc8cb1ec3e64352985e7a3814c7232077469be6c2acf9e5353f5c7edb745b051
SHA3 3cad11c236b253ca65e35135468febc1d89f2a006bd667682e0766762a4054a4
VirtualSize 0x602f8
VirtualAddress 0x1000
SizeOfRawData 0x60400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.38707

.rdata

MD5 f9d34d4c51f8fe81987f02e67f364854
SHA1 dba08325329152db0a5b73d1cee671316aa3cce6
SHA256 65262941e0992a2c3cdfff62b6c522915f437f4cb8d2c4f05b530b9ad30d6ac0
SHA3 caa43644e593c234c606f1bb3e5207278540a0300de12c73516eeb6ed6ed3871
VirtualSize 0x11586
VirtualAddress 0x62000
SizeOfRawData 0x11600
PointerToRawData 0x60800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.05595

.data

MD5 6f1b437fc35b83c185be143f14497abe
SHA1 ba7f348cb1eabae93626b7c39737d2de92be0bf7
SHA256 f8dcfdf2678e2f386858f409e54913060469646114cb92a057569a9b2eff9cd4
SHA3 fbe8eb820f89eec11ecd386c38f7ba8402e08dd8a1f4c4b3344c3fe75dfbcced
VirtualSize 0x1e0a8
VirtualAddress 0x74000
SizeOfRawData 0x200
PointerToRawData 0x71e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.96399

.pdata

MD5 ff252367aa05acc0b514cd47d90c2483
SHA1 aed931c3d2136da663842657667916de2a6de7c6
SHA256 6f3cc8f52758c2a1cf6c6375d45c75728d08557a52024659dacc064325d8270d
SHA3 25fe696c6fc0f26794fb3df62d5461a286890571b4e11c0108709903182feb4f
VirtualSize 0x4bfc
VirtualAddress 0x93000
SizeOfRawData 0x4c00
PointerToRawData 0x72000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.8606

_RDATA

MD5 a1e3f3f598f6e1058959a13b41e0e0a8
SHA1 46c5b640ec9e29250ad420dd0088a3a60f59f549
SHA256 d41beef529e64e240bd62ad09dd0a7368999c686f22ffcd32b62e2b1299163a8
SHA3 c9423a750057a859c8656cdba4f17d713cbb371ec061f11f2d739fc783fc954b
VirtualSize 0xde0
VirtualAddress 0x98000
SizeOfRawData 0xe00
PointerToRawData 0x76c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.13437

.rsrc

MD5 cb5b6d6d9ee08f0f56edc4a5220e78a8
SHA1 72a1f0ce5fac48c2a793c6ae3b82113ede28abc7
SHA256 e7f32bd072560b4eda98cfb51f50f0e77dcaf8fc9d66bd025f41309a549c19c1
SHA3 c241a58cac826cbfe0176e496c1e89e5efb47c278d3c9da7ae1cd4f34a188792
VirtualSize 0x398
VirtualAddress 0x99000
SizeOfRawData 0x400
PointerToRawData 0x77a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.03146

.reloc

MD5 359eafbfdbd1dc25ec7e81a56fbae12c
SHA1 c53e2603f2cdc748167948f99f744a06a2a877a2
SHA256 0a14b3136f3f16b66a102c4372157c5d6b45f0bd07b578004a9f0276db5ae859
SHA3 4f349aba8deeb0897405dc066036b9aa883f8f9271aa9de5c1347dbca6de949d
VirtualSize 0x160
VirtualAddress 0x9a000
SizeOfRawData 0x200
PointerToRawData 0x77e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.98079

Imports

WINMM.dll timeGetTime
timeBeginPeriod
timeSetEvent
timeKillEvent
d3dx9_43.dll D3DXCreateFontA
D3DXCreateSprite
D3DXMatrixLookAtLH
D3DXMatrixPerspectiveFovLH
D3DXVec3Project
KERNEL32.dll GetCurrentProcess
ExitProcess
GetSystemDirectoryA
VirtualAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
K32GetModuleInformation
CreateTimerQueueTimer
CreateSemaphoreA
WideCharToMultiByte
CloseHandle
SetUnhandledExceptionFilter
QueryPerformanceFrequency
CreateThread
GetCurrentThread
SetThreadPriority
ResumeThread
GetThreadContext
GetVersion
GetTickCount64
MapViewOfFile
GetModuleFileNameW
GetLastError
FormatMessageA
CreateFileMappingA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetCurrentThreadId
QueryPerformanceCounter
CreateEventA
FindClose
FindFirstFileW
FindNextFileW
LoadLibraryW
GetPrivateProfileStringW
DeleteTimerQueueTimer
GlobalAlloc
GlobalLock
GlobalUnlock
K32GetProcessMemoryInfo
VirtualProtect
CreateFileW
ReadFile
ResetEvent
ReleaseSemaphore
WaitForSingleObject
GetCurrentProcessId
GetLogicalProcessorInformation
QueueUserWorkItem
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateProcessW
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LocalFree
USER32.dll FlashWindow
GetKeyState
GetCursorPos
ScreenToClient
CallWindowProcA
SetWindowLongPtrA
GetActiveWindow
AddClipboardFormatListener
SendMessageA
SetCursor
MessageBoxA
EmptyClipboard
GetClientRect
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SHELL32.dll SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
CRYPT32.dll CryptBinaryToStringA
SHLWAPI.dll PathFileExistsA
MSVCR120.dll fflush
?terminate@@YAXXZ
floorf
ceilf
sinf
cosf
_snprintf
fmodf
strncpy
strchr
memmove
isprint
_vacopy
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_wfopen
vfprintf
sscanf
ftell
_initterm_e
_initterm
fprintf
__iob_func
_malloc_crt
_amsg_exit
__CppXcptFilter
_vsnprintf
_onexit
__dllonexit
_calloc_crt
_unlock
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
__CxxFrameHandler3
qsort
strftime
_localtime64_s
_time64
__C_specific_handler
atan2f
memset
fclose
_vswprintf_c_l
_set_invalid_parameter_handler
wcstof
wcsstr
memcmp
roundf
_vsnprintf_s
strtoul
strncmp
mbstowcs
wcstoul
wcsncmp
memcpy
strstr
tolower
fread
fseek
fwrite
_wfsopen
_errno
sqrtf
_gmtime64_s
_vscprintf
exit
free
malloc
_msize
wcstol
_lock
IMM32.dll ImmSetCompositionWindow
ImmGetContext

Delayed Imports

D3DPERF_EndEvent

Ordinal 1
Address 0x10c0

DebugSetLevel

Ordinal 2
Address 0x10d0

DebugSetMute

Ordinal 3
Address 0x10e0

Direct3DShaderValidatorCreate9

Ordinal 4
Address 0x10f0

PSGPError

Ordinal 5
Address 0x1310

PSGPSampleTexture

Ordinal 6
Address 0x1320

errormsg

Ordinal 7
Address 0x34cb0

D3DPERF_BeginEvent

Ordinal 8
Address 0x14c0

D3DPERF_GetStatus

Ordinal 9
Address 0x14d0

D3DPERF_QueryRepeatFrame

Ordinal 10
Address 0x14e0

D3DPERF_SetMarker

Ordinal 11
Address 0x14f0

D3DPERF_SetOptions

Ordinal 12
Address 0x1500

D3DPERF_SetRegion

Ordinal 13
Address 0x1510

Direct3DCreate9

Ordinal 14
Address 0x1520

Direct3DCreate9Ex

Ordinal 15
Address 0x1590

1

Type RT_VERSION
Language English - Canada
Codepage UNKNOWN
Size 0x178
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.0653
MD5 3ef3780136ba5a8f3356fa9d225855d6
SHA1 1e8477fddb3344a7b2110bfc67135c62154652a5
SHA256 9bc914e1e37db5bfec457d44996be1b876c48e11308f373389a4762f8b9b1a5d
SHA3 c71693056ea663855d79fe63613868e75457899d374dbf56dcd71cee4a7515f6

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.1
ProductVersion 0.0.0.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language English - Canada
FileDescription arcdps
FileVersion (#2) 0.0.0.1
ProductVersion (#2) 0.0.0.1
Resource LangID English - Canada

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Jul-10 17:16:02
Version 0.0
SizeofData 65
AddressOfRawData 0x6b330
PointerToRawData 0x69b30
Referenced File D:\arcdps\build-release-x64\pdb\d3d9.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2018-Jul-10 17:16:02
Version 0.0
SizeofData 20
AddressOfRawData 0x6b374
PointerToRawData 0x69b74

TLS Callbacks

Load Configuration

Size 0x70
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x180074068

RICH Header

XOR Key 0x50d2f47e
Unmarked objects 0
221 (20806) 2
199 (41118) 2
ASM objects (20806) 5
C objects (20806) 10
C++ objects (20806) 5
Imports (21202) 2
Imports (65501) 19
Total imports 191
C++ objects (VS2013 UPD5 build 40629) 96
Exports (VS2013 UPD5 build 40629) 1
Resource objects (VS2013 build 21005) 1
151 1
Linker (VS2013 UPD5 build 40629) 1

Errors

<-- -->