Manalyze report for 5c9349952c34ebf972694877d470b5d3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Oct-04 02:32:56
Detected languages	English - United States
CompanyName	ClassicConquer
FileDescription	ClassicConquer Launcher
FileVersion	`2.0.2-imgui.10`
InternalName	ImLauncher.exe
LegalCopyright	Copyright (C) 2022
OriginalFilename	ImLauncher.exe
ProductName	ClassicConquer Launcher
ProductVersion	`2.0.2.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: openssl.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptCreateHash CryptAcquireContextW CryptReleaseContext CryptDestroyKey CryptSetHashParam CryptGetProvParam CryptGetUserKey CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptDecrypt CryptExportKey` `Leverages the raw socket API to access the Internet: setsockopt closesocket recv send select __WSAFDIsSet shutdown ioctlsocket WSAGetLastError getaddrinfo freeaddrinfo connect ntohs getnameinfo getpeername WSAStartup WSACleanup inet_pton WSASocketW socket WSASetLastError getsockopt` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: Process32FirstW OpenProcess Process32NextW` `Reads the contents of the clipboard: GetClipboardData` `Interacts with the certificate store: CertOpenSystemStoreW CertOpenStore`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`5c9349952c34ebf972694877d470b5d3`
SHA1	`4ed6e897dd6d07d0dcef6d79beb4114c815a3e93`
SHA256	`9cdbeb46b5a1842f97a65b9163e5333cc6e5abc870bb43ba848a22348df72b1b`
SHA3	`3c66a67ddb378bcc2993af9a884b60ba7f17edf990fc03240644be2920c9dccb`
SSDeep	`49152:nGtlqfIU6ikgVwASOnLdxCf2Qla26WwcSlo6p0Hvea91Z6odZ6mHiREMzXsXWDV:m+VLdKa2JSiqXeFkVcqfMGa/2A`
Imports Hash	`4c21b78ed5158839b2a6971110149852`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Oct-04 02:32:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2d5400`
SizeOfInitializedData	`0x13d200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000002968CC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x417000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e009e6d472f697fe4b6135f31a74ddae`
SHA1	`3b82a583a7d28ba77ef9cb43e93588f9b323e407`
SHA256	`7c162981c92cae58b4d0dd18ee81ed5f60b8d2187ed53bc67cd0e62c9a190496`
SHA3	`1a2f217c83483245066eeaebc3965a2d314c7632224d629d7ce2d2b3b9231cd4`
VirtualSize	`0x2d5284`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2d5400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.73212`

.rdata

MD5	`e6012320ada1de95e1cdcdda3ea31d5b`
SHA1	`2d6eaf5c8df8e9e646143a6fe6b27b6ef59b2a1d`
SHA256	`111b9dc4e22845c1f3cf96d9f97c1831bc2add3bf9ca6bac8ce9ab32982399f3`
SHA3	`ff714be5d49e55674cd20b3f26494896421dbd67c7fbfa0d21cb12d9cedc89e9`
VirtualSize	`0xd9de4`
VirtualAddress	`0x2d7000`
SizeOfRawData	`0xd9e00`
PointerToRawData	`0x2d5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.91066`

.data

MD5	`19cae62a04ef16b7a4881d0c8278e74e`
SHA1	`c42a10bedfb3c5b5362d0fb6db796e343f4cf003`
SHA256	`ee7d82921794f957329bc9648eaf30d3ed417cd0cd2c2acf1b7f78ee526f2b37`
SHA3	`c3d715bd8e66ff69943e050178f8fb097064bc4e27de3c2972de5aa25cf40ba4`
VirtualSize	`0xe3d4`
VirtualAddress	`0x3b1000`
SizeOfRawData	`0x8e00`
PointerToRawData	`0x3af600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.93517`

.pdata

MD5	`e741ea155598dc0aa1152f23bbe023de`
SHA1	`bfae4e05707983892a4a7c7ba234e2fedfd25d73`
SHA256	`527196f49ffd9ca340ed35c3e51a636cf2d94f8afacca9d349ae79e79f167982`
SHA3	`e7974f53a7435621b59fce94f8207765606545ad896287875942f85ead893ef6`
VirtualSize	`0x1f6e0`
VirtualAddress	`0x3c0000`
SizeOfRawData	`0x1f800`
PointerToRawData	`0x3b8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.35246`

_RDATA

MD5	`ce5a899ffdd0dc4d1f800c85128e3a1e`
SHA1	`572d1889ca9d14214b97166a30dace9838c38aba`
SHA256	`2571e3588dfafe0a46da4db96f249378f5cb80c2590bb1e502bdd7f5c83d472f`
SHA3	`6b0c4a67f3ac2f4ca1193fb125ff6979bc4d2c3d48ff71e820b159292fa8be06`
VirtualSize	`0x15c`
VirtualAddress	`0x3e0000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3d7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.33744`

.rsrc

MD5	`2b618985165597f334fd8a4577dd5076`
SHA1	`3f7db82981bd87b7bd35921465ff618a02f5c45b`
SHA256	`56e370e7799ac873ef1817c83f40d8efc317608c50d75d0f9f5560f46910d5af`
SHA3	`ee1af950541187c8cc04cd5b771d9cc69c509ed6cd5076320ed083281af1e58c`
VirtualSize	`0x2d980`
VirtualAddress	`0x3e1000`
SizeOfRawData	`0x2da00`
PointerToRawData	`0x3d7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.78165`

.reloc

MD5	`9e044f178bc9a1a5284c8dfe41afb8f9`
SHA1	`fe325a040621f3cfd435df7ebb49965078d3a5fc`
SHA256	`44524debc5cfc745fa3365451c1cb7f9fd5047a3f76cd18214dba8da431a7c98`
SHA3	`7b6c637af3ddb75d9119b5c6baafca24b4350b4e7ff73abea13d2fdc4a93992b`
VirtualSize	`0x7a1c`
VirtualAddress	`0x40f000`
SizeOfRawData	`0x7c00`
PointerToRawData	`0x405800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43762`

Imports

d3d10_1.dll	`D3D10CreateDeviceAndSwapChain1`
D3DCOMPILER_47.dll	`D3DCompile`
d3dx10_43.dll	`D3DX10CreateTextureFromFileW`
KERNEL32.dll	`CreateToolhelp32Snapshot` `Process32FirstW` `OpenProcess` `K32GetModuleFileNameExW` `Process32NextW` `CreateFileA` `GetFileSizeEx` `ReadFile` `HeapAlloc` `HeapReAlloc` `HeapFree` `GetProcessHeap` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `SetLastError` `GetEnvironmentVariableW` `GetFileType` `GetModuleHandleW` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetModuleHandleExW` `RtlVirtualUnwind` `SwitchToFiber` `DeleteFiber` `CreateFiber` `GetSystemTimeAsFileTime` `ConvertFiberToThread` `ConvertThreadToFiber` `FreeLibrary` `LoadLibraryW` `FindClose` `FindFirstFileW` `FindNextFileW` `SetConsoleMode` `ReadConsoleA` `ReadConsoleW` `GetSystemTime` `SystemTimeToFileTime` `GetConsoleOutputCP` `FlushFileBuffers` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetModuleFileNameW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `GetConsoleScreenBufferInfo` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `PeekNamedPipe` `GetDriveTypeW` `SetConsoleCtrlHandler` `ExitProcess` `TzSpecificLocalTimeToSystemTime` `LoadLibraryExW` `GetConsoleMode` `RtlUnwindEx` `InitializeSListHead` `GetStartupInfoW` `IsDebuggerPresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlLookupFunctionEntry` `RtlCaptureContext` `CreateEventW` `ResetEvent` `SetEvent` `GetStringTypeW` `CloseHandle` `CreateProcessW` `ReleaseMutex` `GetLastError` `SetConsoleTextAttribute` `WriteConsoleA` `WriteFile` `GetDynamicTimeZoneInformation` `GetCurrentProcessId` `QueryPerformanceCounter` `GetProcAddress` `QueryPerformanceFrequency` `LoadLibraryA` `GlobalUnlock` `WideCharToMultiByte` `GlobalLock` `GlobalFree` `GlobalAlloc` `CreateMutexW` `GetWindowsDirectoryW` `Sleep` `GetFileAttributesA` `GetLocaleInfoW` `GetCurrentThreadId` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetTimeZoneInformation` `GetCPInfo` `CompareStringEx` `LCMapStringEx` `DecodePointer` `EncodePointer` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `InitOnceComplete` `InitOnceBeginInitialize` `GetFileInformationByHandleEx` `GetACP` `MultiByteToWideChar` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `RtlUnwind` `GetStdHandle` `HeapSize` `WriteConsoleW` `IsValidCodePage` `SetStdHandle` `FreeLibraryWhenCallbackReturns` `CreateThreadpoolWork` `SubmitThreadpoolWork` `CloseThreadpoolWork` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `SleepConditionVariableCS` `SleepConditionVariableSRW` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `InitializeCriticalSectionEx` `TryEnterCriticalSection` `IsProcessorFeaturePresent` `RtlPcToFileHeader` `RaiseException` `FormatMessageA` `WaitForSingleObjectEx` `GetExitCodeThread` `LocalFree` `GetCurrentDirectoryW` `CreateDirectoryW` `CreateFileW` `FindFirstFileExW` `GetFileAttributesExW` `GetFileInformationByHandle` `GetFullPathNameW` `SetEndOfFile` `SetFileInformationByHandle` `SetFilePointerEx` `SetFileTime` `AreFileApisANSI` `MoveFileExW`
USER32.dll	`SetClipboardData` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `OpenClipboard` `GetCursorPos` `SetCursorPos` `ReleaseCapture` `LoadCursorFromFileW` `GetClientRect` `SetCursor` `SetCapture` `LoadCursorW` `GetForegroundWindow` `TrackMouseEvent` `ClientToScreen` `GetCapture` `ScreenToClient` `GetKeyState` `LoadIconW` `RegisterClassExW` `GetSystemMetrics` `MessageBoxW` `GetUserObjectInformationW` `GetProcessWindowStation` `DefWindowProcW` `DestroyWindow` `PostQuitMessage` `DispatchMessageW` `CreateWindowExW` `PeekMessageW` `UpdateWindow` `ShowWindow` `UnregisterClassW` `TranslateMessage`
ADVAPI32.dll	`CryptCreateHash` `RegisterEventSourceW` `ReportEventW` `CryptAcquireContextW` `CryptReleaseContext` `CryptDestroyKey` `CryptSetHashParam` `CryptGetProvParam` `CryptGetUserKey` `CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `DeregisterEventSource` `CryptDecrypt` `CryptExportKey`
IMM32.dll	`ImmAssociateContextEx` `ImmSetCandidateWindow` `ImmSetCompositionWindow` `ImmReleaseContext` `ImmGetContext`
WS2_32.dll	`setsockopt` `closesocket` `recv` `send` `select` `__WSAFDIsSet` `shutdown` `ioctlsocket` `WSAGetLastError` `getaddrinfo` `freeaddrinfo` `connect` `ntohs` `getnameinfo` `getpeername` `WSAStartup` `WSACleanup` `inet_pton` `WSASocketW` `socket` `WSASetLastError` `getsockopt`
CRYPT32.dll	`CertOpenSystemStoreW` `CertEnumCertificatesInStore` `CertFreeCertificateContext` `CertCloseStore` `CertOpenStore` `CertFindCertificateInStore` `CertDuplicateCertificateContext` `CertGetCertificateContextProperty`
bcrypt.dll	`BCryptGenRandom`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14d59`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99201`
Detected Filetype	PNG graphic file
MD5	`1fe1ee9e9d8fda0a0e1f7909573d5d41`
SHA1	`94cffc4983c1d410c2166ab46f863e32f3811916`
SHA256	`902712a06adf7c0eb999fc4fd6dabd4733f5c3907e71ef0b6b2f70bd888ac215`
SHA3	`c7df6e9ffb904012cd5a46af7a501f18b52c94ebf15df3d77567c014baac3716`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06643`
MD5	`96f51b9b7a514ddc1025685bf136acd4`
SHA1	`0c238b2001b98f8f0f70371a1d8d3a2cde348868`
SHA256	`c1cbe06260830bf4c691222c17a66aec1d88d8662dbbfd129f229820d0b17d86`
SHA3	`a4c0336944695dc497c5f74202c26860f116404de42bce21e9d86f8910245de5`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16859`
MD5	`f599f156c09ce95b83b59b8cf9b69cb1`
SHA1	`052aab37adcee08ec1af282ab8814004503160de`
SHA256	`969ea980a57ddfa4906d14050f5366eb161dab5434893b8238114dcca1b3a3b8`
SHA3	`e7db790ce00a606d6aca97bacdf6af10b3752ba59379b716450772e49910d5e4`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21556`
MD5	`8b90faf0abf700e21fdd560c3c228c27`
SHA1	`36b9fecbafdc5196fdb38bef053272ad3457264f`
SHA256	`2276443f0f4a480bfc2b41f869d705f35905b14448faf209a1cf06da7e3f9548`
SHA3	`8b6792f3da1330dc21e5a0f060ceceada32f795de901b9877885f35267e261bf`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32282`
MD5	`4df937e4ce176e98186669f74761ae5a`
SHA1	`fdd54c5654bcc7fb5b1f29d20faac605a280ea58`
SHA256	`5fa5d11d6c32261b440218d1a60387ab5b9e45c23c7032072565327dac901040`
SHA3	`67f668e7ca1c6de0e0a1068fcec5e7388264c94fcc186bbc1235168a7ae6fa2e`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37082`
MD5	`65b7166af794641dd5c54d1af1576b37`
SHA1	`a1339443a97c2813670889a910e24d72f18daa12`
SHA256	`5f763024abab206c13a351851262b793bb0e866a9c0f312d6832467c4dfdd527`
SHA3	`42157569baba03001820128d093a88bc952276d1e029dbf007d92d13898f017f`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82454`
Detected Filetype	Icon file
MD5	`1320041978741a65b074d9f9cb303cf8`
SHA1	`63d33f06e87159c6a586dfbd608664c3e3c79670`
SHA256	`16906bc86a93510ca27c4f1c2ebcbbd1e51e102ebabc6f34ff0ffae12ca29367`
SHA3	`899eb2b3ac37bad65510bb5feeb3782e36f6ed4aa33433c9b118cd8e8fa3e291`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36005`
MD5	`8864f2e3325bb94fda075fe29659fe39`
SHA1	`4ae176e42fa0cae964cc261a13ad0d8132ca3421`
SHA256	`7596b26a4968475e7e75e479783418283d4799b25dda4e3d0493e161fd1ad261`
SHA3	`e3764b90ac5ca7bf0f2d9ab4cd83d184bb3d6955041cb12e36e47510b7a135e3`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.2.0
ProductVersion	2.0.2.0
FileFlags	`VS_FF_PRERELEASE`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	ClassicConquer
FileDescription	ClassicConquer Launcher
FileVersion (#2)	2.0.2-imgui.10
InternalName	ImLauncher.exe
LegalCopyright	Copyright (C) 2022
OriginalFilename	ImLauncher.exe
ProductName	ClassicConquer Launcher
ProductVersion (#2)	2.0.2.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Oct-04 02:32:56
Version	`0.0`
SizeofData	`1024`
AddressOfRawData	`0x38697c`
PointerToRawData	`0x38517c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-Oct-04 02:32:56
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140386da0`
EndAddressOfRawData	`0x140386dbc`
AddressOfIndex	`0x1403be010`
AddressOfCallbacks	`0x1402d7978`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1403b65e8`

RICH Header

XOR Key	`0xa6ccd787`
Unmarked objects	`0`
ASM objects (28900)	`19`
C++ objects (28900)	`198`
C objects (28900)	`25`
253 (VS 2015-2022 runtime 30818)	`1`
C objects (VS 2015-2022 runtime 30818)	`20`
ASM objects (VS 2015-2022 runtime 30818)	`12`
C++ objects (VS 2015-2022 runtime 30818)	`96`
253 (28518)	`2`
Imports (21202)	`2`
Imports (28900)	`23`
Total imports	`308`
Unmarked objects (#2)	`28`
C objects (VS2022 Update 1 (17.1.2-3) compiler 31105)	`581`
C++ objects (LTCG) (VS2022 Update 1 (17.1.2-3) compiler 31105)	`13`
Resource objects (VS2022 Update 1 (17.1.2-3) compiler 31105)	`1`
151	`1`
Linker (VS2022 Update 1 (17.1.2-3) compiler 31105)	`1`

5c9349952c34ebf972694877d470b5d3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors