Manalyze report for 39301819498909be7128a07e2518b40a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jun-09 11:07:51
Detected languages	English - United States
Comments	This installation was built with Inno Setup.
CompanyName
FileDescription	ЕngineGame Downloader
FileVersion	`7.5.0`
LegalCopyright	© ЕngineGame
OriginalFileName
ProductName	ЕngineGame
ProductVersion	`7.5.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: https://jrsoftware.org jrsoftware.org`
Suspicious	The PE is possibly packed.	`Unusual section name found: .itext` `Unusual section name found: .didata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryExW GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegOpenKeyExW RegQueryValueExW RegCloseKey` `Possibly launches other programs: CreateProcessW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationW GetDriveTypeW` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC+2 timezone.`
Info	The PE is digitally signed.	`Signer: EngineGame` `Issuer: Sectigo Public Code Signing CA R36`
Malicious	VirusTotal score: 29/72 (Scanned on 2025-01-10 16:31:46)	`Alibaba: AdWare:Win32/OfferCore.56ad88b8` `Avira: PUA/OfferCore.Gen` `Bkav: W32.Common.939E080B` `CAT-QuickHeal: Trojan.Ghanarava.173640663318b40a` `CTX: exe.adware.offercore` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win32/OfferCore.B potentially unwanted` `Elastic: malicious (moderate confidence)` `F-Secure: PotentialRisk.PUA/OfferCore.Gen` `Fortinet: Riskware/OfferCore` `GData: Win32.Trojan.Agent.3ZPYLW` `Google: Detected` `Gridinsoft: PUP.Win32.OfferCore.dd!c` `Ikarus: PUA.OfferCore` `K7AntiVirus: Adware ( 0058a4f11 )` `K7GW: Adware ( 0058a4f11 )` `Kaspersky: not-a-virus:AdWare.Win32.Agent.xxzxva` `Lionic: Adware.Win32.OfferCore.2!c` `Malwarebytes: PUP.Optional.BundleInstaller.DDS` `MaxSecure: Trojan.Malware.314448349.susgen` `McAfee: Artemis!393018194989` `Microsoft: PUADlManager:Win32/OfferCore` `Rising: Adware.OfferCore!1.DF2E (CLASSIC)` `Skyhigh: Artemis` `Sophos: Generic Reputation PUA (PUA)` `Symantec: PUA.Gen.2` `VBA32: Adware.Agent` `Varist: W32/ABApplication.DKLQ-3234`

Hashes

MD5	`39301819498909be7128a07e2518b40a`
SHA1	`81accbe9c29b4fe5c8288b5cdc73aca525f156ee`
SHA256	`aee638954c904f23a56d9163ffdf90ab051169379630ff27b94f46aeeed5c75d`
SHA3	`871e2681499c960801392f47d5acf6bd8a1fb5efa7a109adcf36e15d8f64b9c6`
SSDeep	`786432:1YvhXCxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHS:TEXFhV0KAcNjxAItjS`
Imports Hash	`4fedeec03d85f2e0d9939674af913942`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`10`
TimeDateStamp	2024-Jun-09 11:07:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xa7400`
SizeOfInitializedData	`0x16000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000A83BC (Section: .itext)`
BaseOfCode	`0x1000`
BaseOfData	`0xa9000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`0.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xcb000`
SizeOfHeaders	`0x400`
Checksum	`0x1ca362c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b889d302f6fc48a904de33d8d947ae80`
SHA1	`631854a32b101ffb32be28f95233f07ada997f31`
SHA256	`551f3a998c5d32cff8f58dd5c34a7e2aa5f6311a3e08553f8afc7a5872f0830d`
SHA3	`ac1bce0d4ea256bb92c0d562c20ae8017fe9aaab961de462c3c5d4a82012f531`
VirtualSize	`0xa568c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa5800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37719`

.itext

MD5	`588dd0a8ab499300d3701cbd11b017d9`
SHA1	`daa72022eeba5d1f662627399109e1ad10259292`
SHA256	`a82d14af241c308c43746a82a65e8598ba048304ae22b4c5e4fcd981d24c48df`
SHA3	`690a6e1273561395a87c3b220233e3aecbfb33fd88b154f020cfe2d3c538d74e`
VirtualSize	`0x1b64`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xa5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.10926`

.data

MD5	`5c0c76e77aef52ebc6702430837ccb6e`
SHA1	`ba7dbb2689a94327d20535cad24689725d9f0dd8`
SHA256	`2a1b24bbf6a4c52410949a50d70d70c5b6b02b4c0c69794a20c8ae4cdf90c938`
SHA3	`c75b256a96d1484f217f88e80af6bb8222c4fdb10efee71fa5a6081ca1bd2e99`
VirtualSize	`0x3838`
VirtualAddress	`0xa9000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0xa7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.95916`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7258`
VirtualAddress	`0xad000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`627340dff539ef99048969aa4824fb2d`
SHA1	`24cfe989547aa50de659512bce7e2a6e77786c59`
SHA256	`e7c1a2b5618072b58a6948a7c7e0d9f4a7bce8086f8957d45d287acab7351fc1`
SHA3	`ba6e203f0f1e298cc5762dd8fb3a28578674f4dd0dcaa08802b9986c38804e11`
VirtualSize	`0xfec`
VirtualAddress	`0xb5000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xab200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.0204`

.didata

MD5	`fd11c1109737963cc6cb7258063abfd6`
SHA1	`f6b9fa45a8f34bd2cb9218ce88c11e20d3fc71a3`
SHA256	`da813677d0ab6c0ef688beb594ebd76cf4980cb614cee01b756efda9b3316742`
SHA3	`bbfadba84d740dfd46a08ed84111a5327ada5b7c1c883797e859c36cd7d0043e`
VirtualSize	`0x1a4`
VirtualAddress	`0xb6000`
SizeOfRawData	`0x200`
PointerToRawData	`0xac200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.72929`

.edata

MD5	`7de8ca0c7a61668a728fd3a88dc0942d`
SHA1	`ba95bf2c856634a9f69d90861654962600b646de`
SHA256	`78383375db293ffadb4418ce339ec010bc78832dfdb6cf8f58d535f7a38e41fd`
SHA3	`b8c408c4762e0631353f37bb98cdf3be3b97c15c108d3cd83c7c50f5e0a0ba72`
VirtualSize	`0x71`
VirtualAddress	`0xb7000`
SizeOfRawData	`0x200`
PointerToRawData	`0xac400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.30558`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x18`
VirtualAddress	`0xb8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`d84006640084dc9f74a07c2ff9c7d656`
SHA1	`0379022c42b8971c66f5c503046d0ab125118679`
SHA256	`a1f69e8471e1728aef0f39cfe3f833c244d412e375d9538d47fca3cc8f148401`
SHA3	`064a2c4885c5e43b07674dc5448234cd0eeabfec6652ec78f6ba14b27207cbed`
VirtualSize	`0x5d`
VirtualAddress	`0xb9000`
SizeOfRawData	`0x200`
PointerToRawData	`0xac600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.38928`

.rsrc

MD5	`aa247a730ff1fff173c9c5190a8b5fef`
SHA1	`11c1e0f3eeb650e3fecd9b6fbfc3c4ec62add9ee`
SHA256	`032aa086921a1b8c4e92a0bbce37dbe641d6f18f847e6720f3d1a1bda251d7db`
SHA3	`310ceccf9571c7ef3b80b999bd145b573a87b3a27447c426e50b76fb64910329`
VirtualSize	`0x11000`
VirtualAddress	`0xba000`
SizeOfRawData	`0x11000`
PointerToRawData	`0xac800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.71781`

Imports

kernel32.dll	`GetACP` `GetExitCodeProcess` `CloseHandle` `LocalFree` `SizeofResource` `VirtualProtect` `QueryPerformanceFrequency` `VirtualFree` `GetFullPathNameW` `GetProcessHeap` `ExitProcess` `HeapAlloc` `GetCPInfoExW` `RtlUnwind` `GetCPInfo` `GetStdHandle` `GetModuleHandleW` `FreeLibrary` `HeapDestroy` `ReadFile` `CreateProcessW` `GetLastError` `GetModuleFileNameW` `SetLastError` `FindResourceW` `CreateThread` `CompareStringW` `LoadLibraryA` `ResetEvent` `GetVolumeInformationW` `GetVersion` `GetDriveTypeW` `RaiseException` `FormatMessageW` `SwitchToThread` `GetExitCodeThread` `GetCurrentThread` `LoadLibraryExW` `LockResource` `GetCurrentThreadId` `UnhandledExceptionFilter` `VirtualQuery` `VirtualQueryEx` `Sleep` `EnterCriticalSection` `SetFilePointer` `LoadResource` `SuspendThread` `GetTickCount` `GetFileSize` `GetStartupInfoW` `GetFileAttributesW` `InitializeCriticalSection` `GetSystemWindowsDirectoryW` `GetThreadPriority` `SetThreadPriority` `GetCurrentProcess` `VirtualAlloc` `GetCommandLineW` `GetSystemInfo` `LeaveCriticalSection` `GetProcAddress` `ResumeThread` `GetVersionExW` `VerifyVersionInfoW` `HeapCreate` `GetWindowsDirectoryW` `LCMapStringW` `VerSetConditionMask` `GetDiskFreeSpaceW` `FindFirstFileW` `GetUserDefaultUILanguage` `lstrlenW` `QueryPerformanceCounter` `SetEndOfFile` `HeapFree` `WideCharToMultiByte` `FindClose` `MultiByteToWideChar` `LoadLibraryW` `SetEvent` `CreateFileW` `GetLocaleInfoW` `GetSystemDirectoryW` `DeleteFileW` `GetLocalTime` `GetEnvironmentVariableW` `WaitForSingleObject` `WriteFile` `ExitThread` `DeleteCriticalSection` `TlsGetValue` `GetDateFormatW` `SetErrorMode` `IsValidLocale` `TlsSetValue` `CreateDirectoryW` `GetSystemDefaultUILanguage` `EnumCalendarInfoW` `LocalAlloc` `GetUserDefaultLangID` `RemoveDirectoryW` `CreateEventW` `SetThreadLocale` `GetThreadLocale`
comctl32.dll	`InitCommonControls`
user32.dll	`CreateWindowExW` `TranslateMessage` `CharLowerBuffW` `CallWindowProcW` `CharUpperW` `PeekMessageW` `GetSystemMetrics` `SetWindowLongW` `MessageBoxW` `DestroyWindow` `CharUpperBuffW` `CharNextW` `MsgWaitForMultipleObjects` `LoadStringW` `ExitWindowsEx` `DispatchMessageW`
oleaut32.dll	`SysAllocStringLen` `SafeArrayPtrOfIndex` `VariantCopy` `SafeArrayGetLBound` `SafeArrayGetUBound` `VariantInit` `VariantClear` `SysFreeString` `SysReAllocStringLen` `VariantChangeType` `SafeArrayCreate`
advapi32.dll	`ConvertStringSecurityDescriptorToSecurityDescriptorW` `OpenThreadToken` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `RegOpenKeyExW` `OpenProcessToken` `FreeSid` `AllocateAndInitializeSid` `EqualSid` `RegQueryValueExW` `GetTokenInformation` `ConvertSidToStringSidW` `RegCloseKey`
kernel32.dll (delay-loaded)	`GetACP` `GetExitCodeProcess` `CloseHandle` `LocalFree` `SizeofResource` `VirtualProtect` `QueryPerformanceFrequency` `VirtualFree` `GetFullPathNameW` `GetProcessHeap` `ExitProcess` `HeapAlloc` `GetCPInfoExW` `RtlUnwind` `GetCPInfo` `GetStdHandle` `GetModuleHandleW` `FreeLibrary` `HeapDestroy` `ReadFile` `CreateProcessW` `GetLastError` `GetModuleFileNameW` `SetLastError` `FindResourceW` `CreateThread` `CompareStringW` `LoadLibraryA` `ResetEvent` `GetVolumeInformationW` `GetVersion` `GetDriveTypeW` `RaiseException` `FormatMessageW` `SwitchToThread` `GetExitCodeThread` `GetCurrentThread` `LoadLibraryExW` `LockResource` `GetCurrentThreadId` `UnhandledExceptionFilter` `VirtualQuery` `VirtualQueryEx` `Sleep` `EnterCriticalSection` `SetFilePointer` `LoadResource` `SuspendThread` `GetTickCount` `GetFileSize` `GetStartupInfoW` `GetFileAttributesW` `InitializeCriticalSection` `GetSystemWindowsDirectoryW` `GetThreadPriority` `SetThreadPriority` `GetCurrentProcess` `VirtualAlloc` `GetCommandLineW` `GetSystemInfo` `LeaveCriticalSection` `GetProcAddress` `ResumeThread` `GetVersionExW` `VerifyVersionInfoW` `HeapCreate` `GetWindowsDirectoryW` `LCMapStringW` `VerSetConditionMask` `GetDiskFreeSpaceW` `FindFirstFileW` `GetUserDefaultUILanguage` `lstrlenW` `QueryPerformanceCounter` `SetEndOfFile` `HeapFree` `WideCharToMultiByte` `FindClose` `MultiByteToWideChar` `LoadLibraryW` `SetEvent` `CreateFileW` `GetLocaleInfoW` `GetSystemDirectoryW` `DeleteFileW` `GetLocalTime` `GetEnvironmentVariableW` `WaitForSingleObject` `WriteFile` `ExitThread` `DeleteCriticalSection` `TlsGetValue` `GetDateFormatW` `SetErrorMode` `IsValidLocale` `TlsSetValue` `CreateDirectoryW` `GetSystemDefaultUILanguage` `EnumCalendarInfoW` `LocalAlloc` `GetUserDefaultLangID` `RemoveDirectoryW` `CreateEventW` `SetThreadLocale` `GetThreadLocale`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0xb6080`
DelayImportAddressTable	`0xb6090`
DelayImportNameTable	`0xb60b4`
BoundDelayImportTable	`0xb60d8`
UnloadDelayImportTable	`0xb60f0`
TimeStamp	`1970-Jan-01 00:00:00`

dbkFCallWrapperAddr

Ordinal	`1`
Address	`0xb063c`

__dbk_fcall_wrapper

Ordinal	`2`
Address	`0xfc10`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa68`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`1.74641`
MD5	`2073a3bce01223d897c6e67e18e677e7`
SHA1	`f12d3ad97307acd4b6283883ff2535a1162b847f`
SHA256	`dadedca04ae6f15e735054a8844a0bb8c303e28e6a20a7b54393218ac9dac901`
SHA3	`e46bdf2c29fbea8826e7fbe4a23b787838298a2c57522375d89b84e0dadafb64`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`1.98658`
MD5	`54aab9687517924a6f0872d3db85eefa`
SHA1	`62922bb6f27fbb4249513a00d0249079706901df`
SHA256	`49e1fd7235582a5fcda21ad7019a28f07be0bf5758e58ce433622ad2c186890f`
SHA3	`f088eafbfb352a9b54edad9f0b94b7222fb44a8593945940d99d3dd13d26e8dc`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`2.01586`
MD5	`57086a45c3525554f76a843b8ea0ceb0`
SHA1	`bb3b05066884d9c430e0b242802c280ac263b894`
SHA256	`aaa0ec91899e3916e363e4670f8073cdd5de32024c330183e3e06a5c402ee7ae`
SHA3	`c79a0a88119906e5258eff43faafc4b86f3f5b6bb2871cce6de3d9cf379d4c66`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`2.1704`
MD5	`c9113f4798daee1ff04397b4699fee20`
SHA1	`04a77a02cdada1d0adb3af383475cf77ed177e76`
SHA256	`029b2163ec401f4b713e6870760f636551fab3fa800dbb940d4b0c547a922072`
SHA3	`47db69117d269446375dfe691c9444c7f9bbd176e1d529ba1748f54262d34cb9`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1628`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`1.912`
MD5	`a3ecd0150aa90c103ffd60e970a79b04`
SHA1	`155aa3f218939e3accb8578679c03dcbc88f5e52`
SHA256	`5426a3cf123eedfefc4fc0e764de1bd8c8f69edf6e0c68af1984438b28074de3`
SHA3	`212acca720a6b223f41cece9fd8589bbd1a13bbda47f2594ef695cac349254ba`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`1.8663`
MD5	`c519cde0a3de8b3fae65ec263d0211f2`
SHA1	`b5ec2ab4e4b832bbce774c34b575512f417dbea1`
SHA256	`aaa4217a07f23dc3124979542a8e1105ae36b6bd6e2951fd33e37fb66bfa6e97`
SHA3	`d126ff50d5c59f801cea6ba3220990d077af1349152fea03feb60a7e4fe71b0d`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`1.49649`
MD5	`07484b7d7d2de97ae274c997b13fcd95`
SHA1	`505d59bc4593dc34851764ff10e31a163db98f2d`
SHA256	`eab50ea5ff7abfa5e9c64cc691ea9cce1cac6d3a913a599902f486a05ce951e6`
SHA3	`fe754e115793dab307b8d9c1cf7eed88457e4fbe84d43324f4ad20d29dbb95dc`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`0.972379`
MD5	`d4e7ffb2c44d42dd0361bdf025ddc1cf`
SHA1	`b2f0d88ce66caf4e0efca16007174289977cf11b`
SHA256	`37265ae581f5649902228e063059ee88f390f5b67176020840d586a5cd55bd24`
SHA3	`0f814a879813c5f3705704e6b19fa66a7839ebf98df1941ad9e76825050843d9`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12e5`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`7.68913`
Detected Filetype	PNG graphic file
MD5	`2bdb3ce74738954decb4aa7784bc1dad`
SHA1	`7c1a93a6508fd2ab9998c87735e2e4cefebfdfef`
SHA256	`463eae02434b126bc01fc4aa5b1efd88fcb53313b05d180a199bfe064273cefd`
SHA3	`974d364c75b622f15c6c3f9f6fe645353b7aeaaf881f9285c1a568181ea6512d`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`2.03031`
MD5	`2f8da60b986b88d85ae9bf8741138629`
SHA1	`35b96991f3c9de50adc6a854314d7c4b3b762b4c`
SHA256	`83e1da080a4c85ba6c53a8b73a88a43bda96f0af2f63565aeacc8020c57fb711`
SHA3	`422e7d3d156266b34b571d202b0d2dcd4c42ebf317ab5755e4d4ab84837f5ed4`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`2.4506`
MD5	`b7a61dbaf8fed9e8fd55586271a7a2fe`
SHA1	`1bf83736a9459f39e8ad4415a8a55f0fd03031d9`
SHA256	`1b9e2b76fb8a6306d71a58e8277e61cf775b329f259833b48539dabc55564dde`
SHA3	`ad3d753b9786fa2d2920812cb8dfb9cc077f392df40690a3dcf584e51d55b6e9`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`2.25978`
MD5	`74fa412d3b673173879e1694849b16fe`
SHA1	`fd666f6bd32077a3b3ad97d4591ed6e170179911`
SHA256	`e1cdcfc343bd2be7111edf269de89a61f6bed13a5780a79fec57110350d2b175`
SHA3	`59c23cb88d5b074c0e9d5dbc3af87739c0d65b11acab261f17e191f3575af7f4`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`2.88786`
MD5	`208b4b138664f95bc9c28daa5d6240b7`
SHA1	`79131678428163495ffee79cf6c3cd70a4622804`
SHA256	`c98be6a1843a183920435a4ebcfcd9e8b1595b05aa7eb74e646fde7e2a22145b`
SHA3	`5f193d529afeb126339e38e17cffc7868ea66de29a81db907d1c031d9c5822e3`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3f8`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.27436`
MD5	`16c83a530551674c0549067380ee799d`
SHA1	`fb015722bc9b8bd10e901b4a6063887e9075d9c8`
SHA256	`6bb30c8a1df395a8e73321f5feb010ad66b1440f85df19b0b66611d8c029730a`
SHA3	`5363ab577c0955f1c6ec3d3690ce43f74bf16e69a9dd6a3d60cec490d4655a27`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2dc`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.52568`
MD5	`6389af7862593e7ce4db180f39e50140`
SHA1	`88b9651a981bf3348a74e5ab7d73a68c00eacb34`
SHA256	`91a2703df665f2d3201c6a5071fafb0b9aef1f7cf2ee36c53ba1d463251b1d90`
SHA3	`b14fffd73c83498cf4e53e90f20804af158c45088ae7f345668efc50088a4508`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x430`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.24973`
MD5	`c585062fd9508d9ef6eed11299d5cdb9`
SHA1	`a86d3099f1ff650e0fbbcfa50dcc7069eb12a9bd`
SHA256	`a33f03dda00385bdf0b927b77ab2d02256f5dbb3d1e973a4bacd49a8e835d497`
SHA3	`dbce279b2b5fa3baae5d5fc5c390abd14c3467917892d72491220e955459fe7b`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x44c`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.37757`
MD5	`fdf50a2ec296ee0c6f14f17dcbb4d033`
SHA1	`89e1dd972c2cf0f03819f154e20b41147317ab57`
SHA256	`86c9c0f8051440577615ce48dea198071272529bb7202e1be19cd89b54a41501`
SHA3	`e785bebb46272c3a4adc7ce895af83ab4c68bc9f3888bad61bf1f8ed09f1afba`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2d4`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.36723`
MD5	`d2467f70311fc072d9202909bdfa9fcb`
SHA1	`c8abb69fb38434daf6811309cc88e9d0df65e2cd`
SHA256	`51209c8034cd5c2127a7b877a3280699d6bad965bcc102e830420c836f535c97`
SHA3	`4386b5d28f8adc0eccd1a396c2d0689b85cd7cfcf727c8d08a87940c92bd64c7`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.33978`
MD5	`e8e4995b464abd85d77008d3750ca7af`
SHA1	`2c39cf9c2c1cfab48077cda2d4d6312fdb53c54b`
SHA256	`22296669c2c50d3fdfee9de9f7730d0a5cc498b7cc54cd2aa8ded74d7e69f654`
SHA3	`5480674ca53405ca327424ca774da73700d535e5ca7d51363d86511e5268bb0c`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x9c`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.15425`
MD5	`d0969cc9a96275d54a109de740708a5a`
SHA1	`2c365c0341faf71f810a39c69859a7eb5bc0de8d`
SHA256	`3c45c82b39b3c90c9c22342a8f6be98073faf1dcd26dbc578b3a6fa9a499cb46`
SHA3	`99f949ba47f1c5cd7b313b0b89e2b14f238be4bd78199a590c1f257e4f562967`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.31895`
MD5	`4ac29bb5f7361e85771807112cd4ec93`
SHA1	`b164bf0882b60c0d7d4643495a2c1db5a20a1343`
SHA256	`2e6d8102640132ccabd2fa3c3a61c77c2b41a80d7f60013cf7149819c2b5c9d2`
SHA3	`ee5ab8846732cb786d250fc1780293072aff157ae61cf7f671eb4e6e29018bf7`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.28786`
MD5	`110abe16232608d8671eaca8ee324f45`
SHA1	`30704560832bafa440df1fd20693653c2a30f815`
SHA256	`b33f156b0a8ce96c7182dfb6afa9f6a7020433a6e16ca21f6092ba03695bdd12`
SHA3	`0179804f22369dabd55b8e4ca79a33645191c197c0474cabc4e13546c7e7fcd6`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.33385`
MD5	`1c9252919f0a0d2072f3fe0565f0b443`
SHA1	`dc6002a243c7567105aef957d8b01142df42b3d2`
SHA256	`734b698aafc2cfabfd0750c88498022d650f6ee025250dc8795de56a6e122445`
SHA3	`4d0c5d27e1b222f09e17dc6fa9ec0bc174b3e58bba30ce90cb89b3594622e627`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a4`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.2935`
MD5	`d1efb0d972603f09c3a2a866a8b36d48`
SHA1	`64a194ea368bb16ffac3e7a4ca84b3c00bf15920`
SHA256	`351e7d3c756242cde2e4a2bef16d636d5e073e0cf3e9cfa2b1da1efccd7806ae`
SHA3	`545cc79af077359ed49f0ba5cdc74b58bef1f6fd71725c976ad9c892dc9a0b56`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.75`
MD5	`fa1c96712ab8720f82ad4095daf7cee5`
SHA1	`abe71b9873e6e494a7d9de8f1f1985c550fc6b59`
SHA256	`10ca7c7ba673f29383bc50d1becb5fbeddddecaa6109de088da9a94c74d4f1c4`
SHA3	`c3be1ab5871e6568c50c4c2dd73e7c8c09d9e9451b256e9871c537b6da54a299`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x310`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`5.17718`
MD5	`b9e23c55f2dd32f84d54b7c723c182fe`
SHA1	`5e1e4f56e2e23a804ff69d8b87e2f09506c8fdae`
SHA256	`dfce236a2088f4fc6942fc74d8529e9285da32eddeecd9143c799861645ccfce`
SHA3	`1653b3bcabbe26085cae294ee9f3a1eee0185b53b620099373c89a329afb13c7`

11111

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2c`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`4.78875`
MD5	`797cdb1e8326f5d88f954c04a32e6caf`
SHA1	`d2c0943b9238e8a0a889e0260615fb20348e4d4c`
SHA256	`e8a5ee1e5fab7954d62b1f438101f2ae0583b5469c9144071de1e77a9d774a2e`
SHA3	`52561730605d1603e66f212072ac3b79001eb755e48bfb92ab68aeb763cf564b`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`3.08095`
Detected Filetype	Icon file
MD5	`ee0da5fbb3d343c27941fb3f8b77164a`
SHA1	`c2be29713ab52dcf391d34d14f367cbbab966cc0`
SHA256	`81341db39d8fdec0bd34960423a41a5e2ba5c5830b957f070d1563580b52011b`
SHA3	`f3d78fc2b713ea2475d919525d0e8019ea390471c9899df1b1345093fb558919`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x584`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`2.5954`
MD5	`116a86ed5d7270a826b65651ed01742d`
SHA1	`f3138402b31d105f15084802f795130fed916192`
SHA256	`738ee799d26b98c350da5f6f5e2ee97166b3788f04b018f89467f4733c124fb4`
SHA3	`79b53151c2bb7e129ec5a5fc045389765f2fecadb37ed324aa322e40e72170a9`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7a8`
TimeDateStamp	2024-Jun-09 13:07:50
Entropy	`4.89085`
MD5	`e07ab8c9030f776ce0f6d9040d41c616`
SHA1	`593953973c74066bcd09b22402948425dab9b12f`
SHA256	`75bb01fe4bafdef22d879aaea5b85d1165a30ec0e558536e1b4c6002c4730d5d`
SHA3	`51b78d43db0954fcaa7c6fd2558eece5eb98a1c5f6e95a3033891777bfd00a7c`

String Table contents

Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows 8
Windows 8.1
Windows 10
Windows 11
Observer is not supported
Cannot have multiple single cast observers added to the observers collection
The object does not implement the observer interface
No single cast observer with ID %d was added to the observer collection
No multi cast observer with ID %d was added to the observer collection
Must wait on at least one event
Cannot call BeginInvoke on a TComponent in the process of destruction
VAR and OUT arguments must match parameter type exactly
%s (Version %d.%d, Build %d, %5:s)
%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)
32-bit Edition
64-bit Edition
Windows
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 R2
Windows Server 2012
Windows Server 2012 R2
Property is read-only
%s.Seek not implemented
Property %s does not exist
Stream write error
Thread creation error: %s
Thread Error: %s (%d)
Cannot terminate an externally created thread
Cannot wait for an externally created thread
Cannot call Start on a running or suspended thread
Invalid argument
Source and Destination arrays must not be the same
Argument out of range
Duplicates not allowed
Insufficient RTTI available to support this operation
Parameter count mismatch
Type '%s' is not declared in the interface section of a unit
Cannot assign a %s to a %s
CheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
List does not allow duplicates ($0%x)
A component named %s already exists
''%s'' is not a valid component name
Invalid property value
Invalid property path
Invalid property value
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%0:d). %2:s object range is 0..%1:d
Out of memory while expanding memory stream
%s has not been registered as a COM class
Error reading %s%s%s: %s
Stream read error
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid source array
Invalid destination array
Character index out of bounds (%d)
Start index out of bounds (%d)
Invalid count (%d)
Invalid destination index (%d)
Invalid code page
No mapping for the Unicode character exists in the target multi-byte code page
Invalid StringBaseIndex
Ancestor for '%s' not found
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Monitor support function not initialized
Feature not implemented
Method called on disposed object
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s%s
A call to an OS function failed
Variant method calls not supported
Read
Write
Execution
Invalid access
Error creating variant or safe array
Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid NULL variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
'%s' is not a valid integer value
'%d.%d' is not a valid timestamp
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	7.5.0.0
ProductVersion	7.5.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	This installation was built with Inno Setup.
CompanyName
FileDescription	ЕngineGame Downloader
FileVersion (#2)	7.5.0
LegalCopyright	© ЕngineGame
OriginalFileName
ProductName	ЕngineGame
ProductVersion (#2)	7.5.0

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x4b8000`
EndAddressOfRawData	`0x4b8018`
AddressOfIndex	`0x4a9c24`
AddressOfCallbacks	`0x4b9010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!