Manalyze report for 5209b5be8af5b81f0ca8d2fd3dba395e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-May-05 22:51:47
Detected languages	English - United States
Debug artifacts	c:\buildslave\csgo_pcbeta_win32\build\src\launcher_main\Release\csgo.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc VirtualAllocEx` `Manipulates other processes: WriteProcessMemory`
Info	The PE is digitally signed.	`Signer: Valve Corp.` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/70 (Scanned on 2022-08-03 12:23:04)	`All the AVs think this file is safe.`

Hashes

MD5	`5209b5be8af5b81f0ca8d2fd3dba395e`
SHA1	`02b431af041e3e305d673862ae73567e9cf9b69d`
SHA256	`386dc04f6ae0b8cfc61e7762a6310197d255ef37e3d63a4590fec8249e3432f7`
SHA3	`b21fcb9a5fb38bd8bfe009ab104634ba158b2d8b84ca7e04e91c5395e33efa5f`
SSDeep	`49152:Q58rZI+ndHzXXuGVRVirw7g+jzTV2oiKYlzLikRWca:MGZTfZYlzLikR8`
Imports Hash	`5fb6ab06805d8acf2b05002031e32bea`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2022-May-05 22:51:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x57a00`
SizeOfInitializedData	`0x1e2400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000F29D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x59000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x23f000`
SizeOfHeaders	`0x400`
Checksum	`0x1b296f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`76a0f678d2981e14681b6222c0e03495`
SHA1	`73b6c71ad31487091821e319df2a5475563b5cba`
SHA256	`e621c540fa158fd4490603a8de3315c918faa92d3bf8f6931120a8ad6a67ae15`
SHA3	`95e77dc8b455db4bfad541156d2d4d2030fe5f01dbb2382154270eebab2ee0e4`
VirtualSize	`0x5781d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x57a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.68336`

.rdata

MD5	`724f2147681c5b9f6e571f47d322ea66`
SHA1	`5d84f3e920064ed825e5853bc44353d2d765ba08`
SHA256	`ae47edc06626e17b3053d69b04064330f48952bf37e37d312efc7e0a5e94f053`
SHA3	`450fe21430a367bcaa00e76b66c521b99f5128bf0918b8190308f12e15ba9489`
VirtualSize	`0x1c40c`
VirtualAddress	`0x59000`
SizeOfRawData	`0x1c600`
PointerToRawData	`0x57e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.2365`

.data

MD5	`1cc7dc1ce9ef6c1200df781b6eb68517`
SHA1	`3767af88a415e76bb74fa99310b47cc71993ba5b`
SHA256	`14883e07aebff24a8d44d67fc57fd87602b92e0438bbe7e2a356bc6d040ed3b7`
SHA3	`835a10373a3cd7149cb9ad04bdc3e22325888722cf28f2fccfdb58dbf119660a`
VirtualSize	`0x11b834`
VirtualAddress	`0x76000`
SizeOfRawData	`0x83000`
PointerToRawData	`0x74400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.286623`

.gfids

MD5	`9f4d98b8819dbecac5ddef53f606b8dd`
SHA1	`a18f8a7867ed192085004514b442372f21e4b8aa`
SHA256	`49a018ee34d7e40a77d33ec3c94acee749b6427c373629acf1d7fa412e10370e`
SHA3	`0e91bfbad1a5b7060044ac122288675fecd0c842d5b04cbbb7c33403a32d3886`
VirtualSize	`0x19c`
VirtualAddress	`0x192000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.0941`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x193000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`8616790018ed63fcc28a1ecdc219e29f`
SHA1	`2d75b9d73d4590eddcc0e563a13ff1dc4a39ac25`
SHA256	`c21c90c6767e54ad011e903fe83ac6a7765d62f81d16026b010a24fa030a0aea`
SHA3	`46b3133e7a0dbc1a384febd972eae1dff9385ae99fa845515d9f0646d7fa914d`
VirtualSize	`0xa4240`
VirtualAddress	`0x194000`
SizeOfRawData	`0xa4400`
PointerToRawData	`0xf7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.78384`

.reloc

MD5	`5ae9eab63963b6a888e2d0fcee29c665`
SHA1	`87f598724586ad3b199a592f9e14a3fedfa311fc`
SHA256	`02087553deed9c64f2f93faa8d225c6c96bbcd336bfa12d1beee27ddc50d734a`
SHA3	`f779d2ea19ecc9509898704b6762194e31e87cf8a56ca87791a34a0f3485a78f`
VirtualSize	`0x5bf0`
VirtualAddress	`0x239000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x19bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56272`

Imports

USER32.dll	`MessageBoxW` `wsprintfA` `wsprintfW`
KERNEL32.dll	`SetEvent` `FindFirstFileW` `GetFileSizeEx` `FindNextFileW` `GetModuleFileNameW` `GetEnvironmentVariableW` `GetEnvironmentVariableA` `FindClose` `CreateFileW` `UnmapViewOfFile` `MultiByteToWideChar` `FormatMessageW` `GetLastError` `CloseHandle` `GetProcAddress` `CreateFileMappingA` `LocalFree` `MapViewOfFile` `LoadLibraryExW` `VirtualProtect` `SetLastError` `WriteFile` `VirtualAlloc` `SetFilePointer` `GetSystemDirectoryW` `GetModuleHandleA` `GetSystemInfo` `AddVectoredExceptionHandler` `GetWindowsDirectoryW` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `VirtualQuery` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSection` `GetExitCodeThread` `CreateFileA` `CreateThread` `WideCharToMultiByte` `WriteProcessMemory` `GetCurrentProcess` `CreateMutexA` `WaitForSingleObject` `ReleaseMutex` `VirtualAllocEx` `DeleteCriticalSection` `FlushInstructionCache` `LocalAlloc` `GetFileInformationByHandle` `LoadLibraryA` `CreateFileMappingW` `InitializeSListHead` `QueryPerformanceCounter` `GetCurrentThreadId` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `TerminateProcess` `ResetEvent` `InterlockedPushEntrySList` `RaiseException` `EncodePointer` `RtlUnwind` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `SetEnvironmentVariableW` `SetCurrentDirectoryW` `GetCurrentDirectoryW` `GetStdHandle` `GetModuleFileNameA` `ExitProcess` `GetModuleHandleExW` `GetACP` `HeapFree` `HeapAlloc` `GetStringTypeW` `GetFileType` `SetFilePointerEx` `GetConsoleMode` `WaitForSingleObjectEx` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `SetStdHandle` `GetProcessHeap` `FlushFileBuffers` `GetConsoleCP` `HeapSize` `HeapReAlloc` `WriteConsoleW` `DecodePointer` `QueryPerformanceFrequency` `CreateEventW`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x7688c`

BSecureAllowed

Ordinal	`2`
Address	`0x14b0`

CountFilesCompletedTrustCheck

Ordinal	`3`
Address	`0x14a0`

CountFilesNeedTrustCheck

Ordinal	`4`
Address	`0x1490`

GetTotalFilesLoaded

Ordinal	`5`
Address	`0x1480`

NvOptimusEnablement

Ordinal	`6`
Address	`0x76888`

RuntimeCheck

Ordinal	`7`
Address	`0x1500`

103

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

1002

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7eb82`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.26806`
MD5	`abc20eabf708fc73dcaa57d87672f4c0`
SHA1	`236d1b97a98a0e6d6f24b5cb7fe47b266dab54ce`
SHA256	`b3826a0dcba994f08593dd31854d5cfd097e8c5e7a9a9ed71dcf5586b60c3601`
SHA3	`2ad076a244db16fafff3dce65bf72c8fb35d91f7a5718c3613bc4aff136f3287`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.52239`
MD5	`07605112029904baba5a0356b7faaf55`
SHA1	`387c21dddba560b07c2f6eb4cbab49ab6718b29b`
SHA256	`cbb6e4f5eb7e8655941a35945a5b605130d03a677a8a520bec4e954989116e7e`
SHA3	`d6fe9fffd698bd8158c8a4b47d8c3a23f07cbb931e21fad973fa6e22ac01e2af`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.63981`
MD5	`8af3313fb8f92fbcd82e2cf1d14baf91`
SHA1	`f0013c9be8dfe2c35801dd36b647841463b851ce`
SHA256	`e09eb51823b5357f710b9fb11b54fd80924abf56e78bbce209d46ded9a882dfe`
SHA3	`ede934ff414cc8f61eafb8e81665a2d1eb09a45925223fc17268c520524ae26f`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.42929`
MD5	`041c80f8568d0e1e7d601b930d491d9e`
SHA1	`0bf4a6e9a3e408a736b0ef109926c3465b65ec21`
SHA256	`a86aeff99209f2b1a59a612949c19a047f87297b84812ef01990819024894c81`
SHA3	`a0d34cae36ff9a25a827eb9e4440f156008725bf844680b967d43ae2ee90e4b0`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35762`
MD5	`425533a113d39f73d678c3c4f3e5b42f`
SHA1	`e431512c5ff0fa13d47868ab9b14f32a0f7008d6`
SHA256	`da49a9c8dc080be4a0df2e99a03bdc60a3dfb4714464f66a457b62218c14ce8b`
SHA3	`52974985d37f0e0bf250a4ad7914caa1c1b9edda8af232f71d0aa354bb71016d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.19289`
MD5	`c4bb71532cfd46fb4f1b7da0d5f55142`
SHA1	`46b2dedb30e18dd3a7fb517812b049584ace703e`
SHA256	`2518190cab02efe253678f0848eff41f009399acf84ff3ebeee38b105de889bf`
SHA3	`b5f0325475d422ff6e139a253155f8efd28ce0ff08916b9e5e3fa67f930591c4`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcb1a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98875`
Detected Filetype	PNG graphic file
MD5	`0a7637766ada9606356e4e2aa44de249`
SHA1	`35211f7bf7d92702c3855a5245e0ad3b64610758`
SHA256	`3852b15fbfb7d8dc376ec4b3732a8a2ebf7f28585f6f95634570f51e266df1da`
SHA3	`0f734123642450c331cd769bc10495971c5f0888b8a27b3047d058c562483b0f`

103 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76347`
MD5	`2e28d2a804e58d853b6ae44eedbf695e`
SHA1	`f0ae30d49dede58d6f7c2d6b8346ecd81cc15eeb`
SHA256	`1f43561f3fa02109a5e657582da6195becfaab8d21d3ba701416b8703f0e24d2`
SHA3	`e3b5a4c0a4b9385f1333a251f196cdc9f0df505aba2e376c40fd13200e9e0c06`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`446acd579b9bf93be8fdfb84056cb8d8`
SHA1	`ec3fec3a73559a80fa2618b4435b96beb984e4e4`
SHA256	`0452825a413fcc7115acd8472d1bc0d47aad815457c4961e590c6788bff32329`
SHA3	`cf3c608485775483aa11194dce06427d4832c1ecb7ff24f3ba28d9a0ef6d115d`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28127`
MD5	`340845c2b18c3184e4f6d50ba5c1fb30`
SHA1	`14e37f6e1cd88bad00aa861245b14a63e8bc136a`
SHA256	`c0e348596b2999c4bf617e957056a16313d42c2573cf99200324fe2141797a00`
SHA3	`4e0baa30bdedff0065b965326e16f88a630de0d96f6f70cf4f107d9218809b6a`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-May-05 22:51:47
Version	`0.0`
SizeofData	`97`
AddressOfRawData	`0x6ff18`
PointerToRawData	`0x6ed18`
Referenced File	c:\buildslave\csgo_pcbeta_win32\build\src\launcher_main\Release\csgo.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-May-05 22:51:47
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x6ff7c`
PointerToRawData	`0x6ed7c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-May-05 22:51:47
Version	`0.0`
SizeofData	`952`
AddressOfRawData	`0x6ff90`
PointerToRawData	`0x6ed90`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-May-05 22:51:47
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x593000`
EndAddressOfRawData	`0x593008`
AddressOfIndex	`0x4facd0`
AddressOfCallbacks	`0x459248`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x476018`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

5209b5be8af5b81f0ca8d2fd3dba395e

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.gfids

.tls

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

BSecureAllowed

CountFilesCompletedTrustCheck

CountFilesNeedTrustCheck

GetTotalFilesLoaded

NvOptimusEnablement

RuntimeCheck

103

1002

1

2

3

4

5

6

103 (#2)

101

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors