4b4a95cc250b63651d079c372989be16

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Apr-25 11:28:29
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
MASM/TASM - sig1(h)
Safe VirusTotal score: 0/68 (Scanned on 2022-05-27 18:46:09) All the AVs think this file is safe.

Hashes

MD5 4b4a95cc250b63651d079c372989be16
SHA1 8cb35bcefeb1aa54c373bb4a13d8e14e08a3d1bd
SHA256 957043465aff2255e4d11c99055609f6c1e34a9417012248eb4afce1bb6e5dd4
SHA3 2c0084c725afdd41204cf6a6fda46a30a34e614714a4f01e60679b1283444754
SSDeep 384:sQ2cLXnFhooq5stFcp6p+LM03RUUvLeq3qwCrs1xq3UZU91g:jOstWEpc0qawCKZU91
Imports Hash b275747225f8b9a03c3f92aa2a813e6d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2022-Apr-25 11:28:29
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2000
SizeOfInitializedData 0x8600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000022A4 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xf000
SizeOfHeaders 0x400
Checksum 0xee1c
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d62849476e6cd7a85b85a10f2014be85
SHA1 ab29bdac69a226362a72521d415adbfa9d1da572
SHA256 b2500b9e59f6043767680465992ae818b5983e603a04550ca031bce93863a896
SHA3 adfb14c0fb4d29d41241c1faf8c319dc629558b685c6f12aac18f5308a2f5453
VirtualSize 0x1e72
VirtualAddress 0x1000
SizeOfRawData 0x2000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.98608

.rdata

MD5 bcdfa6ffe536a263d0bbb214da1c2848
SHA1 77bd2c10898b727fa2208bf59c8eba79c12a4f5d
SHA256 e101d5c580ff9c7f30a912019565503449b922ec0d444fa0a425e4a9deb787fb
SHA3 d143ac42c88ddff3771ff23eb69bce34d23cea28514633d7c4ebc84a614220fd
VirtualSize 0x1828
VirtualAddress 0x3000
SizeOfRawData 0x1a00
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.01927

.data

MD5 6077c49c9d7c10a4f4a98a76acc8c3d1
SHA1 d06b509621de85a05e252eeb10c9d0736db39691
SHA256 0f50ac1ba4cf678b33ff0a670e2965a4e5e4fc0152fe11112c5b297b62a8e048
SHA3 f5fb09d5703481d196d91f43afdc5aec94d99bfa0d9548a9b796b2cb65a8770d
VirtualSize 0x6e8
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.09412

.pdata

MD5 21983ef6d695da93df6a282b64d360d0
SHA1 4c89cb3e693c2b8f40cb06806ef546b89855abc3
SHA256 d5dca585dae8370e98968ede02e0d6923bfc2093a10dc8d7f0ad1f1b3c132cf2
SHA3 6361155c6c589911038e5823bfb1e8881c4dd75d4a7a04d3cdc54bcdc57fddc3
VirtualSize 0x33c
VirtualAddress 0x6000
SizeOfRawData 0x400
PointerToRawData 0x4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.39793

.rsrc

MD5 b82fa12db8fedab77623e25db3162890
SHA1 a7453ae9a952e99e33573baaf56de1fe442f6c63
SHA256 e987eb3c660ff6208a21b0be8767d518c069138f68b4e64cd111ffa9ee0ebe95
SHA3 fb66f39fcdcfb3ca981372c77279dbc2d05527380a1160889915dba6e7f38953
VirtualSize 0x6324
VirtualAddress 0x7000
SizeOfRawData 0x6400
PointerToRawData 0x4400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.52729

.reloc

MD5 5a45b2577bf01c96e79cfa18910e24b4
SHA1 fa46c46f777ffc6dc1c9458410907f645a498ef4
SHA256 380614d57ea5f3ab454ac5c78660c36ed5d03e070fb2787fdc7f9d4f0a7b12ca
SHA3 0b4a427f255e9069f8c558ad4cb77b43620c20663e3ca6ab2d43bd8d48c8612c
VirtualSize 0x5c
VirtualAddress 0xe000
SizeOfRawData 0x200
PointerToRawData 0xa800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.23089

Imports

UABE_Win32.dll ??1Win32AppContext@@UEAA@XZ
?Run@Win32AppContext@@QEAAH_KPEAPEAD@Z
??0Win32AppContext@@QEAA@PEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
KERNEL32.dll GetStartupInfoW
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetLastError
SetLastError
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
RtlCaptureContext
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
MSVCP140.dll ?_Xlength_error@std@@YAXPEBD@Z
VCRUNTIME140.dll memcpy
memmove
memset
__C_specific_handler
__current_exception
__current_exception_context
__std_terminate
__std_exception_destroy
__std_exception_copy
_CxxThrowException
VCRUNTIME140_1.dll __CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll _initialize_onexit_table
_register_onexit_function
_get_wide_winmain_command_line
_c_exit
terminate
_cexit
_initterm
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_initterm_e
_exit
__p___wargv
__p___argc
_crt_atexit
exit
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
api-ms-win-crt-heap-l1-1-0.dll malloc
_callnewh
free
_set_new_mode
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.89005
MD5 6084b8ad73747b299699eb3eec45e7dc
SHA1 2c9ce3ea9a49025409f4fbe0fbaa8d505c07a378
SHA256 b4b2f722234d9e7f31ff4facd631adcc0482b81c4ad1eb1458fc822175277c21
SHA3 bb24114010889c9f80fd5363f152c6315e4f275b8582e304a385531de5d61957

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.54353
MD5 e8658c45887b965ef05fc75aa46500e3
SHA1 0091c56d319743f075ce4d7af0ef65b896a02041
SHA256 803572ed52c34a6b6c2efa70c0f7a5279e21bad55a4d5d18744b270937404fe2
SHA3 fe1cde23bbcac573b68e909b1f54a64f8d189045e58a9d185f6d93ee3d0ec3af

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.35478
MD5 d042f1c698b7e67ab19323c03defcfaa
SHA1 a7f6b7f33babceb621f66db8e4932e4668ad916d
SHA256 0a4938500c6f3d33430c7fed3c2271a78b34ee727a78475eb6d1a435f4a00bdb
SHA3 53ba211529ed344097e112c4d327f04e8f09951109c686c8291b58004de28755

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.17501
MD5 43553baed02ba66915b18d4e17cfce16
SHA1 f00698b999f0887c350c61e4aa083d79bea26cb7
SHA256 2ae3c5d4d767d49adf27595ac6e6c282cba327b4cdb89f9dc2a735c314eb7d18
SHA3 8acbc751b6d2a0f54b1ac8df53fc05b74e6774c176b94e6876afad010dd15e4f

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.47748
MD5 4ac79bef346bca3604bba0e200cbda0b
SHA1 f45f4f77b61adba0151d1942c978689e41e28dae
SHA256 b1f2927559496473b1bd7ca8d8cb21b67e56eefa87fc06945eba67c71d268645
SHA3 07ca004b480e2182e3be16a4706a0653bc4c76de33ba8853eb9529aeeeb34fed

6

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.83156
MD5 4786e9acb4ceb2b23d50e0dabb6cecd5
SHA1 164fadfaa648ed5c8adb7dd14b494b3501ed77de
SHA256 10f2dfcb31c0f0816447923633e79ef4ff7ca1bf89d5f6984e4cce62615ea729
SHA3 cc4907d29a3eeee6042b743fa967b659f8eef2975da67a6143489be39014d52f

7

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.44197
MD5 4f6369dca29c639671dd504fa585b183
SHA1 09b1ab98de685f3f09d47b93f6186963c03b7946
SHA256 aec3c266b0f119a982069893611ffd2cdd271fdbcf915b17fdf9b00d445676c9
SHA3 3ec84b0f83e5972044ed977444b56836a03dc0b42df2b59ccd78ad6ebedf83fd

8

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.05874
MD5 d10df39d7ee26d29c547f5df1da71fa1
SHA1 dcbba9f2f7c3c5f6e884d4ed8b36f6cb6055317c
SHA256 7ad7dd241cc84dad41c3f1ee55c9272bd835e6172e6144423af4be38ce3fe2a1
SHA3 ffd528465a691f1a4f797c3f9bfcdb4579dbc2708ad3c2ff0bf46f14563d6205

7 (#2)

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x74
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71575
MD5 524ef385df885cdf60bbbb38d2d8564f
SHA1 fb0fdd1779c676270249a289c88233b258e77f3c
SHA256 a633719a2452a9730f8a85eb94ca87cc130900cb230370bfedb445954ab25e06
SHA3 5f72b5f2a4872443c2d70988563c78ce3f168994cd11151eef3252491b06656a

107

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.81158
Detected Filetype Icon file
MD5 c0b3e66fcb80cecddabf09088b3e8188
SHA1 f112cc8039776eaebae28f9be81059bbdda5f357
SHA256 0f8e66b41e930335fa661b03299b12d6e7d8f04e7e35a117cb6966b9d1258497
SHA3 e25f05b084976b3701054e42f311d42d2ef54fe0f7ac69e7ec201d9b4f5959b6

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x437
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25907
MD5 da59eabf06332733e5e4eebbebc5a0bd
SHA1 579b5e64e7f537e4d20254cccc2b43f2a3f23893
SHA256 a1eeaebbf62f9b0a6dc39947e547ecabd3508ba33426ff88438b559311bb0464
SHA3 d3ac245c21ac2d3c94650fc89de8aa00fb238d29c632eeb17d3a1cd37097dbd9

String Table contents

Asset Bundle Extractor
ASSETBUNDLEEXTRACTOR

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-Apr-25 11:28:29
Version 0.0
SizeofData 720
AddressOfRawData 0x37e0
PointerToRawData 0x2be0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140005010

RICH Header

XOR Key 0xd4ba15f8
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
C++ objects (VS 2015-2022 runtime 30818) 26
C objects (VS 2015-2022 runtime 30818) 10
ASM objects (VS 2015-2022 runtime 30818) 3
Imports (VS 2015-2022 runtime 30818) 6
Imports (27412) 2
Imports (VS2022 Update 1 (17.1.2-3) compiler 31105) 3
Total imports 75
C++ objects (VS2022 Update 1 (17.1.2-3) compiler 31105) 2
Resource objects (VS2022 Update 1 (17.1.2-3) compiler 31105) 1
Linker (VS2022 Update 1 (17.1.2-3) compiler 31105) 1

Errors

<-- -->