Manalyze report for 4d035fbf95d287181543a9283d0ad2c65da798718e0140dca2b39c5d37a427f7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-26 02:58:46
Detected languages	English - United States
TLS Callbacks	8 callback(s) detected.
Debug artifacts	Z:\_SOURCE_CODE\ClientModLauncher\Launcher\Release\CMLauncher.pdb
LegalCopyright	ClientMod (C) 2025
ProductName	ClientMod Launcher
ProductVersion	`1.5.9`
FileVersion	`1.5.9`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System SYSTEM\CurrentControlSet\Control\SystemInformation` `May have dropper capabilities: CurrentControlSet\Services` `Accesses the WMI: ROOT\CIMV2` `Miscellaneous malware strings: exploit` `Contains domain names: api.gameanalytics.com dht.libtorrent.org example.com gameanalytics.com http://schemas.xmlsoap.org http://schemas.xmlsoap.org/soap/encoding/ http://schemas.xmlsoap.org/soap/envelope/ https://curl.se libtorrent.org openssl.org schemas.xmlsoap.org xmlsoap.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to Whirlpool` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .msec` `Unusual section name found: .cdata` `Unusual section name found: .XxT` `Unusual section name found: .X4&` `Unusual section name found: .>']`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: FindWindowA CreateToolhelp32Snapshot SwitchToThread` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowA` `Can access the registry: RegOpenKeyExW RegNotifyChangeKeyValue RegCloseKey RegQueryValueExA RegOpenKeyExA RegGetValueA RegEnumKeyExA` `Possibly launches other programs: CreateProcessA` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptGenRandom CryptAcquireContextW CryptAcquireContextA CryptReleaseContext CryptGetHashParam CryptCreateHash CryptHashData CryptDestroyHash` `Can create temporary files: CreateFileA GetTempPathW CreateFileW GetTempPathA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetGetConnectedState InternetCanonicalizeUrlA` Leverages the raw socket API to access the Internet: inet_ntoa WSASendTo gethostbyaddr shutdown WSARecvFrom freeaddrinfo getaddrinfo WSAAddressToStringW WSASocketW WSASend WSARecv WSAStringToAddressW inet_addr listen recv getpeername accept inet_ntop inet_pton WSAWaitForMultipleEvents WSAResetEvent WSAEventSelect WSAEnumNetworkEvents WSACreateEvent WSACloseEvent getsockopt WSAIoctl getservbyport WSAGetLastError WSASetLastError setsockopt send ioctlsocket connect bind getservbyname gethostname WSAStartup socket closesocket WSACleanup htonl select __WSAFDIsSet gethostbyname ntohl getsockname recvfrom sendto htons ntohs `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess Process32First Process32Next` `Can take screenshots: GetDC FindWindowA` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenSystemStoreW CertOpenSystemStoreA`
Info	The PE is digitally signed.	`Signer: ClientModGame` `Issuer: ClientModGame`
Malicious	VirusTotal score: 4/71 (Scanned on 2026-03-29 12:24:38)	`Bkav: W32.AIDetectMalware` `Malwarebytes: Malware.Heuristic.2108` `Trapmine: malicious.moderate.ml.score` `VBA32: Malware-Cryptor.Inject.gen`

Hashes

MD5	`1156e9c4436a8f1b01612cd6cb408b10`
SHA1	`f80551d3e170b86890d00755a5df775d261cbd35`
SHA256	`4d035fbf95d287181543a9283d0ad2c65da798718e0140dca2b39c5d37a427f7`
SHA3	`387cbfa72e53db01555956a4c1d39f56d46dadb8e722942e894d4530baa878a5`
SSDeep	`786432:DORkzFfsNXFsQ5+uciDqfWSK+40uIcLG/zOY:DOqzqN7M1Jeh+9cQzL`
Imports Hash	`4bc64e2df63cbd843ada82eb7a86ac8f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x1a8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`10`
TimeDateStamp	2025-Dec-26 02:58:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x922000`
SizeOfInitializedData	`0x496200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x01BF9522 (Section: .>'])`
BaseOfCode	`0x10000`
BaseOfData	`0x940000`
ImageBase	`0x400000`
SectionAlignment	`0x10000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x21c0000`
SizeOfHeaders	`0x600`
Checksum	`0x1819db8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cd74a3c6312a3a5d2a0290e66ff9b3ae`
SHA1	`749c2abf05324f363a46c8e14d97e3879c4049b0`
SHA256	`a824a5821265c230132fd6b4ac328a9c1b01b35f57a7607f46f9623ad2a03207`
SHA3	`70838f41ec766e01f39dae93c7a29ded2d72d95b54d1775f9f2f84e17d786681`
VirtualSize	`0x71be46`
VirtualAddress	`0x10000`
SizeOfRawData	`0x71c000`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`6.70079`

.msec

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x205e73`
VirtualAddress	`0x730000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`8b308f88919c0120494a1dec0389e29d`
SHA1	`594aaf1987d504b76ab6c22043116876cf786755`
SHA256	`3610148347359c488b0cf69a7f2942ecceae2ae923852d82440b7af713fce5e1`
SHA3	`1a59b720710529484ec5838c259fad67effdb7a5eef881e6c12f090f1f7546dd`
VirtualSize	`0x397a0c`
VirtualAddress	`0x940000`
SizeOfRawData	`0x397c00`
PointerToRawData	`0x71c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.26343`

.data

MD5	`c0de54a6f7541bcfc635de0610e6c40b`
SHA1	`48cd6c23151cafb441c93747d650024adb41f729`
SHA256	`d0d5cdb38782adb835c4f14a840bc70c51abbfbe387d60e1ad61b0ccfadc9f44`
SHA3	`42175dcc05a7fb7eb8f51ba7cab83e11a8e6902bac31a2da9ef59aaf071ab90b`
VirtualSize	`0x8dbb8`
VirtualAddress	`0xce0000`
SizeOfRawData	`0x63a00`
PointerToRawData	`0xab4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.3338`

.cdata

MD5	`06cd4611efbedddfff5de56ceebc9482`
SHA1	`291e0b07324644c74b13f5581c44799425990297`
SHA256	`9948f583c96f59ff57d1c2b4293b503c714a6306b24af11199a5619ff88bc44d`
SHA3	`5007c916f4715707ecbac43a41de98483b36591b0a94e21e4501e52881def048`
VirtualSize	`0x204`
VirtualAddress	`0xd70000`
SizeOfRawData	`0x400`
PointerToRawData	`0xb17c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`2.32457`

_RDATA

MD5	`5c2d75c9d32c819a368ee0e85fc4c392`
SHA1	`fda8982cdb297bbbc9cf4a80c9e73114a086b7e8`
SHA256	`75a6d46d2a452638e4f011a15d2bdba8b9876b1299c303c6a4b2cd787c06995f`
SHA3	`2af7b91e9ece054c31379b7996afe99f87ad2263692c4dd504c853d5d79db21f`
VirtualSize	`0x2608`
VirtualAddress	`0xd80000`
SizeOfRawData	`0x2800`
PointerToRawData	`0xb18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`6.08164`

.XxT

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x71d62b`
VirtualAddress	`0xd90000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`

.X4&

MD5	`126457dba725d73b606e71083aa060bc`
SHA1	`05ff4c21d6993df938327cf18fdbb438d5e40293`
SHA256	`77d4b6246c3bfa70a23cb5416bdba9e1673fe66f008f387bfd31e0792f1c142d`
SHA3	`3812972d165a0a0c38e22c445bc07ff886d8687e816758f11c8c8c9f0e2e1153`
VirtualSize	`0x3060`
VirtualAddress	`0x14b0000`
SizeOfRawData	`0x3200`
PointerToRawData	`0xb1a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.51367`

.>']

MD5	`a9c42a61a775ce5fcb04fbb9a4ceec71`
SHA1	`9799cf0277898eabd03d6f37e4665c901e96030c`
SHA256	`46d172523647f8e8e80f1c8ef54e9a2732d4e109fc4e1186dcd29dd324bce41f`
SHA3	`64f5df175c6e364d42b7867f82041836cf582fecc9145baae2a20198b789feab`
VirtualSize	`0xcd74e4`
VirtualAddress	`0x14c0000`
SizeOfRawData	`0xcd7600`
PointerToRawData	`0xb1da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.93547`

.rsrc

MD5	`543579f67393cf871bc76acaa6cf105c`
SHA1	`5b4d21e6c8f8074a569e90b5cb8a39f99455f112`
SHA256	`85d56b516b90927fd94d3a18b193bbb1625de3b773a51848c386d591571b2466`
SHA3	`f0cda65c0f9c3b821ae992540b4ca8c84ca87edc39cf182c6850eda052e4991e`
VirtualSize	`0x199ed`
VirtualAddress	`0x21a0000`
SizeOfRawData	`0x19a00`
PointerToRawData	`0x17f5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.19157`

Imports

SHELL32.dll	`SHGetKnownFolderPath`
imagehlp.dll	`StackWalk64`
ntdll.dll	`VerSetConditionMask` `RtlNtStatusToDosError` `RtlCaptureContext` `RtlUnwind`
IMM32.dll	`ImmReleaseContext` `ImmSetCandidateWindow` `ImmGetContext` `ImmSetCompositionWindow`
WINMM.dll	`timeBeginPeriod`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueA` `GetFileVersionInfoSizeW`
WS2_32.dll	`inet_ntoa` `WSASendTo` `gethostbyaddr` `shutdown` `WSARecvFrom` `freeaddrinfo` `getaddrinfo` `WSAAddressToStringW` `WSASocketW` `WSASend` `WSARecv` `WSAStringToAddressW` `inet_addr` `listen` `recv` `getpeername` `accept` `inet_ntop` `inet_pton` `WSAWaitForMultipleEvents` `WSAResetEvent` `WSAEventSelect` `WSAEnumNetworkEvents` `WSACreateEvent` `WSACloseEvent` `getsockopt` `WSAIoctl` `getservbyport` `WSAGetLastError` `WSASetLastError` `setsockopt` `send` `ioctlsocket` `connect` `bind` `getservbyname` `gethostname` `WSAStartup` `socket` `closesocket` `WSACleanup` `htonl` `select` `__WSAFDIsSet` `gethostbyname` `ntohl` `getsockname` `recvfrom` `sendto` `htons` `ntohs`
USER32.dll	`TranslateMessage` `PeekMessageA` `GetDesktopWindow` `EnumDisplaySettingsA` `MessageBoxW` `GetUserObjectInformationW` `IsWindowVisible` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `GetWindowThreadProcessId` `FindWindowExA` `EnumDisplayDevicesA` `GetWindowLongW` `AdjustWindowRectEx` `GetKeyState` `CloseClipboard` `OpenClipboard` `GetCursorPos` `ReleaseDC` `SetCursorPos` `IsIconic` `SetForegroundWindow` `ReleaseCapture` `RegisterClassExA` `IsWindowUnicode` `SetProcessDPIAware` `UnregisterClassA` `GetClientRect` `SetWindowLongW` `LoadCursorA` `DestroyWindow` `GetDC` `SetWindowPos` `MonitorFromWindow` `EnumDisplayMonitors` `LoadIconA` `SetCursor` `SetCapture` `SendMessageA` `ScreenToClient` `LoadStringA` `RegisterClassA` `EnumWindows` `GetClassNameA` `FindWindowA` `MsgWaitForMultipleObjects` `DispatchMessageA` `BringWindowToTop` `SetFocus` `SetLayeredWindowAttributes` `CreateWindowExA` `DefWindowProcA` `GetForegroundWindow` `GetMonitorInfoA` `TrackMouseEvent` `IsChild` `ClientToScreen` `SetWindowLongA` `GetCapture` `ShowWindow` `WindowFromPoint` `SetWindowTextW` `GetProcessWindowStation`
KERNEL32.dll	`GetStringTypeW` `GetFileInformationByHandleEx` `GetFinalPathNameByHandleW` `FindFirstFileExW` `GetLocaleInfoEx` `GetModuleHandleExW` `CloseThreadpoolWork` `SubmitThreadpoolWork` `CreateThreadpoolWork` `FreeLibraryWhenCallbackReturns` `InitOnceComplete` `InitOnceBeginInitialize` `GetExitCodeThread` `TryAcquireSRWLockExclusive` `AcquireSRWLockShared` `ReleaseSRWLockShared` `InitializeSListHead` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `EncodePointer` `DecodePointer` `LCMapStringEx` `CompareStringEx` `GetCPInfo` `CreateSemaphoreA` `MultiByteToWideChar` `GlobalAlloc` `GlobalFree` `GlobalLock` `WideCharToMultiByte` `GlobalUnlock` `GetModuleHandleA` `LoadLibraryA` `QueryPerformanceFrequency` `GetProcAddress` `GetProcessId` `GetCurrentProcessId` `FormatMessageW` `LocalFree` `FormatMessageA` `QueryPerformanceCounter` `CloseHandle` `GetModuleFileNameA` `SetThreadPriority` `GetCurrentThread` `OpenProcess` `Sleep` `GetExitCodeProcess` `GetProcessDEPPolicy` `SetProcessDEPPolicy` `SetLastError` `GetLastError` `VirtualProtect` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `GetSystemInfo` `SetThreadAffinityMask` `GetCurrentProcess` `SetProcessAffinityMask` `GetProcessAffinityMask` `DuplicateHandle` `SystemTimeToFileTime` `GetSystemTime` `CreateToolhelp32Snapshot` `Thread32First` `OpenThread` `ResumeThread` `Thread32Next` `GetCurrentThreadId` `CreateFileA` `InitializeCriticalSectionEx` `VerifyVersionInfoW` `EnterCriticalSection` `WaitForMultipleObjects` `LeaveCriticalSection` `ResetEvent` `SetEvent` `WaitForSingleObject` `SleepEx` `CreateEventW` `QueueUserAPC` `TerminateThread` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `ReleaseMutex` `CreateMutexA` `SetSearchPathMode` `GetLocalTime` `CreateWaitableTimerExW` `SetWaitableTimerEx` `GetUserDefaultUILanguage` `GetLocaleInfoA` `FreeLibrary` `CreateEventA` `GetTimeZoneInformation` `FileTimeToSystemTime` `GetSystemTimeAsFileTime` `GetTimeFormatW` `SetEnvironmentVariableW` `GetEnvironmentVariableW` `GetEnvironmentVariableA` `LoadLibraryW` `OutputDebugStringA` `SetPriorityClass` `GetPriorityClass` `ReadConsoleA` `GetLogicalProcessorInformation` `GlobalMemoryStatusEx` `GetProcessTimes` `AreFileApisANSI` `ReadFile` `TryEnterCriticalSection` `HeapCreate` `HeapFree` `GetFullPathNameW` `WriteFile` `GetDiskFreeSpaceW` `LockFile` `InitializeCriticalSection` `SetFilePointer` `GetFullPathNameA` `SetEndOfFile` `UnlockFileEx` `GetTempPathW` `CreateMutexW` `CreateFileW` `GetFileAttributesW` `GetVersionExW` `UnmapViewOfFile` `HeapValidate` `HeapSize` `GetTempPathA` `GetDiskFreeSpaceA` `GetFileAttributesA` `GetFileAttributesExW` `OutputDebugStringW` `FlushViewOfFile` `WaitForSingleObjectEx` `GetVersionExA` `DeleteFileA` `DeleteFileW` `HeapReAlloc` `RaiseException` `HeapAlloc` `HeapCompact` `HeapDestroy` `UnlockFile` `CreateFileMappingA` `LockFileEx` `GetFileSize` `GetProcessHeap` `CreateFileMappingW` `MapViewOfFile` `GetTickCount` `FlushFileBuffers` `GetStdHandle` `GetModuleHandleW` `Process32First` `K32GetProcessImageFileNameA` `TerminateProcess` `Process32Next` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `VirtualFree` `VirtualAlloc` `VirtualQuery` `SuspendThread` `GetThreadContext` `FlushInstructionCache` `SetThreadContext` `SetFileAttributesW` `SetFileAttributesA` `GetCommandLineA` `CreateProcessA` `K32EmptyWorkingSet` `LCMapStringA` `GetUserDefaultLCID` `GetStringTypeExA` `LoadLibraryExA` `SetCurrentDirectoryW` `GetCurrentDirectoryW` `CreateDirectoryW` `GetDiskFreeSpaceExW` `GetFileInformationByHandle` `GetFileTime` `RemoveDirectoryW` `SetFilePointerEx` `DeviceIoControl` `CreateDirectoryExW` `CopyFileExW` `MoveFileExW` `ReleaseSemaphore` `WaitForMultipleObjectsEx` `OpenEventA` `SetWaitableTimer` `CreateWaitableTimerA` `InitializeConditionVariable` `WakeConditionVariable` `CompareStringW` `SleepConditionVariableCS` `CreateThread` `RegisterWaitForSingleObject` `UnregisterWait` `ExpandEnvironmentStringsA` `CreateIoCompletionPort` `GetQueuedCompletionStatusEx` `PostQueuedCompletionStatus` `SetFileCompletionNotificationModes` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `GetSystemDirectoryA` `MoveFileExA` `GetFileType` `PeekNamedPipe` `FindClose` `FindFirstFileW` `FindNextFileW` `InitializeSRWLock` `SleepConditionVariableSRW` `SwitchToThread` `lstrcmpA` `GetQueuedCompletionStatus` `GetDriveTypeW` `CancelIoEx` `CopyFileW` `CreateHardLinkW` `GetFileSizeEx` `GetOverlappedResult` `GetACP` `CancelIo` `FindFirstFileA` `FindNextFileA` `LCMapStringW` `ReadConsoleW` `LoadLibraryExW` `GetConsoleMode` `GetThreadPriority` `ExitThread` `GetLocaleInfoW` `IsValidLocale` `EnumSystemLocalesW` `FreeLibraryAndExitThread` `SystemTimeToTzSpecificLocalTime` `SetConsoleCtrlHandler` `ExitProcess` `SetStdHandle` `IsValidCodePage` `GetOEMCP` `GetCommandLineW` `SetConsoleMode` `WriteConsoleW` `GetConsoleOutputCP` `K32GetProcessMemoryInfo` `GetDateFormatW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetModuleFileNameW` `WakeAllConditionVariable`
GDI32.dll	`GetDeviceCaps`
MSWSOCK.dll	`GetAcceptExSockaddrs` `AcceptEx`
ADVAPI32.dll	`RegOpenKeyExW` `GetSecurityInfo` `CryptGenRandom` `CryptAcquireContextW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `RegNotifyChangeKeyValue` `SystemFunction036` `GetTokenInformation` `OpenProcessToken` `RegCloseKey` `RegQueryValueExA` `RegOpenKeyExA` `RegGetValueA` `RegEnumKeyExA` `CryptAcquireContextA` `CryptReleaseContext` `CryptGetHashParam` `CryptCreateHash` `CryptHashData` `CryptDestroyHash`
dbghelp.dll	`MiniDumpWriteDump` `SymFromAddr`
ole32.dll	`CoInitializeSecurity` `CoTaskMemFree` `CoCreateGuid` `CoInitializeEx` `CoCreateInstance` `CoSetProxyBlanket` `CoUninitialize`
OLEAUT32.dll	`SafeArrayGetElement` `SysAllocStringLen` `SafeArrayGetUBound` `SafeArrayGetLBound` `VariantChangeType` `VariantClear` `VariantInit` `SysFreeString` `SysAllocString`
WININET.dll	`InternetGetConnectedState` `InternetCanonicalizeUrlA`
bcrypt.dll	`BCryptCloseAlgorithmProvider` `BCryptSetProperty` `BCryptGetProperty` `BCryptGenerateSymmetricKey` `BCryptGenRandom` `BCryptDestroyKey` `BCryptCreateHash` `BCryptHashData` `BCryptOpenAlgorithmProvider` `BCryptFinishHash` `BCryptDestroyHash` `BCryptDeriveKeyPBKDF2` `BCryptEncrypt`
CRYPT32.dll	`CertFindCertificateInStore` `CertOpenSystemStoreW` `CertOpenSystemStoreA` `CertCloseStore` `CertEnumCertificatesInStore` `CertFreeCertificateContext`
IPHLPAPI.DLL	`CancelMibChangeNotify2` `if_indextoname` `NotifyIpInterfaceChange` `GetUnicastIpAddressTable` `FreeMibTable` `GetAdaptersAddresses` `GetBestRoute2` `if_nametoindex` `NotifyUnicastIpAddressChange`
WLDAP32.dll	`#301` `#200` `#30` `#79` `#143` `#217` `#46` `#211` `#60` `#50` `#41` `#22` `#26` `#27` `#32` `#33` `#35`
d3d9.dll (delay-loaded)	`Direct3DCreate9` `Direct3DCreate9Ex`

Delayed Imports

Attributes	`0x1`
Name	`d3d9.dll`
ModuleHandle	`0xd43840`
DelayImportAddressTable	`0xd43758`
DelayImportNameTable	`0x1b8c2b4`
BoundDelayImportTable	`0xcd4cb0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0xd4372c`

GetInterface

Ordinal	`2`
Address	`0xcf5b48`

NvOptimusEnablement

Ordinal	`3`
Address	`0xd43730`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97311`
MD5	`6442a005e8657f10fa6566ee093c5450`
SHA1	`a8c7ca3c462f6fa8bdfb19b7e36805877d479c44`
SHA256	`1151f9de7f58596f4ef5c4521bbe9e533c62aa9e38de44e1881ec2061367e19f`
SHA3	`628a894942bb9e3ba798d59ba9d7f46fdf07430352c8b28277e75940781aa2a3`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.20032`
MD5	`8f8ebee3313fe18dca99593c44278599`
SHA1	`887c0ebb440890baebe465c82be1362b1cab6ee0`
SHA256	`b316f2eb62af2f150cbae081631c961c493d24b4bbd3ec1224b995a0c4f704d2`
SHA3	`9313fe9568d2d10201e0c99ce816737f0b4d5b72798f89c6ae3f7568b303817c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31233`
MD5	`64a900c03065667d19f458c0b51b5db9`
SHA1	`29f35c981eeb07f4f4633ba979a218b7f6b5c005`
SHA256	`888da86e76ff601748f6c513fd57c1abfb18f3def86d8745dbd5e44ff6c2d932`
SHA3	`0dcb230f4838f7f1970997f9e188904312e68c395f4f9dbbb648b6fa723047f5`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58088`
MD5	`ace06876e55d3e62e8968938cfad88af`
SHA1	`28732c3c422e3cf850401008a4a48d93fec23254`
SHA256	`5a54b19110e7779cd035a5649c1d3c9a9273d1285bed340f7cdef25268d1f9fb`
SHA3	`ccdac9d4af6b0ebd0b5c173a0938082bc4714ea36f18e77064f2924533120fc4`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70219`
MD5	`0539f79cbba080d1de5eaabf3a3bba11`
SHA1	`3b211228c0b071870f079217cfde794e8763427a`
SHA256	`fbe3990a39812eded6db9f2b4444e03b3250a552f143178bcaaefa48466ea369`
SHA3	`7b58eb98b2b6e929f5a8d7bba8fdfb5424b5307cd5cb87bec660e05f9e40ec07`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.66742`
MD5	`f214386a55a875f4b9999b3f54f99f0d`
SHA1	`28a031ceda47c38161303fbe1d6b5d0e33b7bdc6`
SHA256	`837af8cc3ad0c64f25b43ef3f8e2d9341c4ef6bb01c9e09ae107f4d5755497e6`
SHA3	`5e1be549eaed3fd8166885f583bf682efb79b91d2ee24a1e181d167f56049b18`

102

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93166`
Detected Filetype	Icon file
MD5	`dbd79b4a81056b7c1989bf72374f0df8`
SHA1	`abdf3214f13178a5cfce8fc3cc86be060da1241c`
SHA256	`773b28fc21f6ffd62253114684836150068215fbe37c4425a6e282e70a167e10`
SHA3	`62e4d9750dfb2a6c07470a6facaaedf83c8e9a465029793402373b047e424f45`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35821`
MD5	`9f74124d3f63650ef9a5e3489fa66321`
SHA1	`6018a4eba9fa519e87368aba8746d5f882ef2903`
SHA256	`23943268159ab6f7adbb2117f416d8c1c5bd23262cdcf43167ffe312104769a8`
SHA3	`38939c8f471dca36c52de8bb958d4a51939ac114f1783b3215aa43070f823012`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x715`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16514`
MD5	`f59ea89b9f16c268e23e7dbde7f85660`
SHA1	`d3996a1053faf2fdb45af4954db6d8dce84aa739`
SHA256	`4e6560de3e4a5eb77c30f5cbe314a7ad578687401a6ed9e69f4a8d3b60ee572b`
SHA3	`5f6c3fc7818cf6e2a18047870cad343f8dc0db5071313ee87d2242e210396171`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.5.9.0
ProductVersion	1.5.9.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
LegalCopyright	ClientMod (C) 2025
ProductName	ClientMod Launcher
ProductVersion (#2)	1.5.9
FileVersion (#2)	1.5.9

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Dec-26 02:58:46
Version	`0.0`
SizeofData	`90`
AddressOfRawData	`0x2192a00`
PointerToRawData	`0x17f0400`
Referenced File	Z:\_SOURCE_CODE\ClientModLauncher\Launcher\Release\CMLauncher.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Dec-26 02:58:46
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2192a60`
PointerToRawData	`0x17f0460`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-26 02:58:46
Version	`0.0`
SizeofData	`1776`
AddressOfRawData	`0x2192a80`
PointerToRawData	`0x17f0480`

TLS Callbacks

StartAddressOfRawData	`0x18b07d8`
EndAddressOfRawData	`0x18b3048`
AddressOfIndex	`0x115bdb0`
AddressOfCallbacks	`0x21344e4`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_32BYTES`
Callbacks	`0x0235C230` `0x00BD07C0` `0x004732F0` `0x00850167` `0x00C5F280` `0x0085021A` `0x00C97100` `0x00BD3400`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10f2a00`
SEHandlerTable	`0x25931d0`
SEHandlerCount	`4293`

RICH Header

XOR Key	`0x91c009`
Unmarked objects	`0`
ASM objects (30795)	`31`
C++ objects (30795)	`212`
Unmarked objects (#2)	`22`
Imports (VS2015 UPD3.1 build 24215)	`2`
C objects (30795)	`39`
253 (35207)	`10`
ASM objects (35207)	`37`
C objects (35207)	`23`
C objects (VS2019 Update 5 (16.5.2-3) compiler 28612)	`72`
C++ objects (33523)	`115`
C++ objects (VS2019 Update 10 (16.10.2) compiler 30038)	`1`
C++ objects (34441)	`6`
C objects (VS2022 Update 8 (17.8.0-2) compiler 33130)	`736`
C++ objects (VS2019 Update 8 (16.8.5-6) compiler 29337)	`3`
C objects (VS2019 Update 10 (16.10.2) compiler 30038)	`27`
C objects (34440)	`1`
C++ objects (34440)	`99`
C objects (34123)	`77`
C objects (VS2022 Update 5 (17.5.4) compiler 32217)	`39`
C++ objects (VS2019 Update 11 (16.11.19) compiler 30147)	`120`
C objects (34435)	`278`
C++ objects (33519)	`10`
C++ objects (35207)	`107`
C objects (CVTCIL) (30795)	`1`
Imports (30795)	`43`
Total imports	`670`
C++ objects (POGO O) (35222)	`197`
Exports (35222)	`1`
Resource objects (35222)	`1`
151	`1`
Linker (35222)	`1`

Errors

[*] Warning: Section .msec has a size of 0!
[*] Warning: Section .XxT has a size of 0!

Leave a comment

No comments yet.