624cc588661ff2d08552e13f73f3ed1d
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2024-May-17 06:58:08 |
| Debug artifacts |
D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
|
| Comments | www.vintagestory.at |
| CompanyName | Tyron Madlener (Anego Studios) |
| FileDescription | Vintage Story Client |
| FileVersion | 1.20.0 |
| InternalName | Vintagestory.dll |
| LegalCopyright | Copyright © 2016-2024 Anego Studios |
| OriginalFilename | Vintagestory.dll |
| ProductName | Vintage Story |
| ProductVersion | 1.20.0 |
| Assembly Version | 1.0.0.0 |
Plugin Output
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Tyron Madlener
Issuer: SSL.com Code Signing Intermediate CA ECC R2 |
| Safe | VirusTotal score: 0/72 (Scanned on 2024-11-10 07:31:27) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xf0 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2024-May-17 06:58:08 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x19a00 |
| SizeOfInitializedData | 0x23400 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00000000000140E0 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x42000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x49bd6 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x180000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.pdata
_RDATA
.reloc
.rsrc
Imports
| KERNEL32.dll |
FindNextFileW
GetCurrentProcess GetModuleHandleExW GetModuleFileNameW LeaveCriticalSection InitializeCriticalSection GetEnvironmentVariableW FindClose MultiByteToWideChar GetLastError GetFileAttributesExW GetFullPathNameW GetProcAddress DeleteCriticalSection WideCharToMultiByte IsWow64Process LoadLibraryExW FreeLibrary TlsFree TlsSetValue TlsGetValue TlsAlloc EnterCriticalSection FindFirstFileExW OutputDebugStringW LoadLibraryA GetModuleHandleW InitializeCriticalSectionAndSpinCount SetLastError RaiseException RtlPcToFileHeader RtlUnwindEx InitializeSListHead GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter IsDebuggerPresent IsProcessorFeaturePresent TerminateProcess SetUnhandledExceptionFilter UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext LCMapStringEx DecodePointer EncodePointer InitializeCriticalSectionEx GetStringTypeW |
|---|---|
| USER32.dll |
MessageBoxW
|
| SHELL32.dll |
ShellExecuteW
|
| ADVAPI32.dll |
RegOpenKeyExW
RegGetValueW DeregisterEventSource RegisterEventSourceW ReportEventW RegCloseKey |
| api-ms-win-crt-runtime-l1-1-0.dll |
_register_onexit_function
_invalid_parameter_noinfo_noreturn __p___argc __p___wargv exit _initterm_e _initterm _get_initial_wide_environment _initialize_wide_environment _configure_wide_argv _c_exit terminate _set_app_type _seh_filter_exe _cexit _register_thread_local_exe_atexit_callback _errno _exit abort _crt_atexit _initialize_onexit_table |
| api-ms-win-crt-stdio-l1-1-0.dll |
__stdio_common_vfwprintf
__stdio_common_vsprintf_s setvbuf __stdio_common_vswprintf _set_fmode __acrt_iob_func fputwc fputws __stdio_common_vsnwprintf_s _wfsopen fflush __p__commode |
| api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
_callnewh free malloc calloc |
| api-ms-win-crt-string-l1-1-0.dll |
wcsnlen
strcpy_s _wcsdup strcspn wcsncmp toupper |
| api-ms-win-crt-convert-l1-1-0.dll |
wcstoul
_wtoi |
| api-ms-win-crt-locale-l1-1-0.dll |
__pctype_func
_unlock_locales _lock_locales ___lc_locale_name_func ___lc_codepage_func ___mb_cur_max_func _configthreadlocale setlocale localeconv |
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
frexp |
| api-ms-win-crt-time-l1-1-0.dll |
_gmtime64_s
wcsftime _time64 |
Delayed Imports
1
2
3
32512
1 (#2)
1 (#3)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.20.0.0 |
| ProductVersion | 1.20.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| Comments | www.vintagestory.at |
| CompanyName | Tyron Madlener (Anego Studios) |
| FileDescription | Vintage Story Client |
| FileVersion (#2) | 1.20.0 |
| InternalName | Vintagestory.dll |
| LegalCopyright | Copyright © 2016-2024 Anego Studios |
| OriginalFilename | Vintagestory.dll |
| ProductName | Vintage Story |
| ProductVersion (#2) | 1.20.0 |
| Assembly Version | 1.0.0.0 |
| Resource LangID | UNKNOWN |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-May-17 18:05:40 |
| Version | 0.0 |
| SizeofData | 109 |
| AddressOfRawData | 0x21460 |
| PointerToRawData | 0x20260 |
| Referenced File | D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-May-17 18:05:40 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x214d0 |
| PointerToRawData | 0x202d0 |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-May-17 18:05:40 |
| Version | 0.0 |
| SizeofData | 984 |
| AddressOfRawData | 0x214e4 |
| PointerToRawData | 0x202e4 |
TLS Callbacks
| StartAddressOfRawData | 0x140021908 |
|---|---|
| EndAddressOfRawData | 0x140021918 |
| AddressOfIndex | 0x1400265b0 |
| AddressOfCallbacks | 0x14001b4e8 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x140025040 |
| GuardCFCheckFunctionPointer | 5368820752 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
RICH Header
| XOR Key | 0xfc4fc1c3 |
|---|---|
| Unmarked objects | 0 |
| Unmarked objects (#2) | 1 |
| C objects (33218) | 12 |
| ASM objects (33218) | 18 |
| C++ objects (33218) | 80 |
| Imports (VS2008 SP1 build 30729) | 16 |
| Imports (30795) | 9 |
| Total imports | 164 |
| C++ objects (LTCG) (33523) | 10 |
| Linker (33523) | 1 |