Manalyze report for 66daad1dbf7e09f6a5dd065b7e96642b804e0dbe9c1c87f4b1fb8c6a87dcb4b3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-27 17:36:03
Detected languages	English - United States
CompanyName	Capcom Co., Ltd.
FileDescription	Resident Evil: Requiem - Community Trainer
FileVersion	`1.0.4.2026`
InternalName	RERequiemTrainer
LegalCopyright	ÐÂ© 2026 Capcom Co., Ltd. All rights reserved.
OriginalFilename	RERequiemTrainer.exe
ProductName	Resident Evil: Requiem
ProductVersion	`1.0.4`
Comments	Community trainer for Resident Evil: Requiem. Provides enhanced gameplay features and cheats.

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: cacerts.digicert.com crl3.digicert.com crl4.digicert.com digicert.com http://cacerts.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_ http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C http://crl3.digicert.com http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0 http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 http://crl4.digicert.com http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 http://ocsp.digicert.com0 http://ocsp.digicert.com0A http://ocsp.digicert.com0C http://ocsp.digicert.com0\ http://www.digicert.com http://www.digicert.com/CPS0 www.digicert.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileW GetTempPathA CreateFileA` `Has Internet access capabilities: WinHttpSetTimeouts WinHttpSendRequest WinHttpCloseHandle WinHttpSetOption WinHttpOpenRequest WinHttpAddRequestHeaders WinHttpOpen WinHttpConnect WinHttpReceiveResponse WinHttpQueryHeaders WinHttpReadData WinHttpQueryDataAvailable` `Leverages the raw socket API to access the Internet: inet_ntoa gethostbyname gethostname` `Functions related to the privilege level: CheckTokenMembership`
Malicious	The PE is possibly a dropper.	`Resource 101 detected as a PE Executable.`
Info	The PE is digitally signed.	`Signer: Capcom Co. Ltd.` `Issuer: Capcom Co. Ltd.`
Malicious	VirusTotal score: 5/72 (Scanned on 2026-02-27 18:33:56)	`Elastic: malicious (moderate confidence)` `Kaspersky: UDS:Trojan.Win32.Agent` `Microsoft: Trojan:Win32/Bearfoos.B!ml` `Trapmine: malicious.moderate.ml.score` `VBA32: suspected of Trojan.Notifier.gen`

Hashes

MD5	`ae2bfef3364b5eb284181195711c99f1`
SHA1	`9577220784fd1d647e0cc57823064cea0d3f4df1`
SHA256	`66daad1dbf7e09f6a5dd065b7e96642b804e0dbe9c1c87f4b1fb8c6a87dcb4b3`
SHA3	`66abdc3211e930886225d7e56427da21f2ba62162922571c9faea0c57b12cb1d`
SSDeep	`12288:N+xWwwR6w92DKHv1DXPGp1j/k0SrICIio/KNzAiREOzb4RLc9i:N+4uDKHv1DXPGfjuIb1iN1Eob4RLcY`
Imports Hash	`2795e9c648aa44f5e446600614afc970`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2026-Feb-27 17:36:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x2b800`
SizeOfInitializedData	`0xa4c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000ED9A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2d000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xd4000`
SizeOfHeaders	`0x400`
Checksum	`0xdce67`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`11e1bd51dbde4939da037bedae7b74aa`
SHA1	`012bea761bea0e4c05622d4d5b8480d7dfe04b6d`
SHA256	`18163c7e210b44987b58bc1dc32e0f66913327bd71c4c952000de523a8ba24f7`
SHA3	`cc7ade6ceb49143598ee65cf35551913df8e1fedafee698f8339708ae015d11d`
VirtualSize	`0x2b65b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2b800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58979`

.rdata

MD5	`2f13e9028d038a2a68f72356a30f2ebc`
SHA1	`f63eef317a1b876e5d4847087bd831bd99f1b6ea`
SHA256	`14cd8febc06717a886d9363c8a45b4726a038ca70c4dd6b864ebc0f2b145d394`
SHA3	`1dd0995a890d7c742b0d024a5974e5bd5f7fc8281d327ac59687c0a77e9d81f2`
VirtualSize	`0xd9d2`
VirtualAddress	`0x2d000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x2bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.33098`

.data

MD5	`b51e8cd31f6ffc93469480b9709ee80c`
SHA1	`c0a52b38cc735caf0449f189995afa663be0cfe7`
SHA256	`479ac1ff89d8d3bdd04890ab80e147f39b27fec13755649f5044ea0742502e48`
SHA3	`73e5bd69d6d088ba93847959004e80be31403d4bbe92e5571f633008598ab2be`
VirtualSize	`0x19c8`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x39600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.07352`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x80`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`fad4aa9a7e5b683d667bdd661d02f6c5`
SHA1	`30121be3faabca7435e1fee58289f8af55b8dc0e`
SHA256	`10dc21c9c18b07e815e831d5a52b55be8c68f9142237b5e1c7c86b6fced41f81`
SHA3	`f8d776e07af94a8d9858b776dd81507bec01697e5d322c95bc3e4f9975fb853d`
VirtualSize	`0x93cc0`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x93e00`
PointerToRawData	`0x3aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.2288`

.reloc

MD5	`87de652378cb78439c63726b1449452e`
SHA1	`a2f3ddb24f887be1bdf9828b4cb0f2a7eeb59616`
SHA256	`1158ea81dce313bd0c48e8fe8c38b36ff71c85a1595910f9d9d20f1c9b158f58`
SHA3	`9805f5635b422b8d1f85573c3d22151ff8cd3db87ee1bc3d8e053891dbf8d554`
VirtualSize	`0x1f18`
VirtualAddress	`0xd2000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xce800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50938`

Imports

WINHTTP.dll	`WinHttpSetTimeouts` `WinHttpSendRequest` `WinHttpCloseHandle` `WinHttpSetOption` `WinHttpOpenRequest` `WinHttpAddRequestHeaders` `WinHttpOpen` `WinHttpConnect` `WinHttpReceiveResponse` `WinHttpQueryHeaders` `WinHttpReadData` `WinHttpQueryDataAvailable`
WS2_32.dll	`inet_ntoa` `gethostbyname` `gethostname`
SHELL32.dll	`ShellExecuteExA`
ADVAPI32.dll	`RegQueryValueExA` `AllocateAndInitializeSid` `GetUserNameA` `FreeSid` `CheckTokenMembership` `RegOpenKeyExA` `RegCloseKey`
ole32.dll	`CoInitializeEx` `CoCreateGuid` `CoUninitialize`
KERNEL32.dll	`GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FreeEnvironmentStringsW` `HeapReAlloc` `ReadConsoleW` `ReadFile` `EnumSystemLocalesW` `GetUserDefaultLCID` `SetStdHandle` `GetProcessHeap` `CreateFileW` `HeapSize` `WriteConsoleW` `FindFirstFileExW` `MultiByteToWideChar` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `SizeofResource` `FindFirstFileA` `WriteFile` `WaitForMultipleObjects` `GetUserDefaultLocaleName` `FindResourceA` `FindClose` `CreateMutexA` `WaitForSingleObject` `Sleep` `GetTempPathA` `GetTimeZoneInformation` `GetTickCount64` `GetLastError` `GetFileAttributesA` `CreateFileA` `LockResource` `DeleteFileA` `CloseHandle` `CreateThread` `LoadResource` `GlobalMemoryStatusEx` `WideCharToMultiByte` `CreateProcessA` `CreateDirectoryA` `GetTickCount` `GetComputerNameA` `GetExitCodeProcess` `FindNextFileA` `SetFileAttributesA` `RemoveDirectoryA` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `SetEndOfFile` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwind` `RaiseException` `SetLastError` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `GetStdHandle` `GetModuleFileNameW` `GetCurrentProcess` `ExitProcess` `TerminateProcess` `FreeLibrary` `GetModuleHandleExW` `GetProcAddress` `IsDebuggerPresent` `UnhandledExceptionFilter` `GetFileSizeEx` `SetFilePointerEx` `GetFileType` `HeapAlloc` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `HeapFree` `VirtualProtect` `LoadLibraryExW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa068`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.11034`
MD5	`498aec5756cccfd53cdab8cb0b2550b1`
SHA1	`9e6bfff163dbbc1ac0bfb78ccf55806683edd57f`
SHA256	`57c6519912653ad9aec4d92bc67c921660f63cce709feffec548d30b2fa2135c`
SHA3	`265b22131f5359414f747ac6b46bcff2632442f9a48b85fdaa0eb8eca4982e71`

101

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x88ed0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.44288`
Detected Filetype	PE Executable
MD5	`8d4630a7958517737dba1ab88045373b`
SHA1	`5816798803373fd3dd7bd1823ab8c92a824c441c`
SHA256	`e785a0c0dcf79385f0483c1eb2242e3937d0447f6b21dd158906e92757b46542`
SHA3	`1133dc3a08394079a15614152ffa8025517a3bb44b2dcca58ee0798c3b0af87f`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.77095`
Detected Filetype	Icon file
MD5	`6461e4db05ad49c10e6126bf052018bd`
SHA1	`52984f0022f5e4d77b713b57b2e5a6ce01b7d11e`
SHA256	`55f3373f4c2bc54b259628d23b3f8a718b70146fd60a3a9c9f4d44ccb3240293`
SHA3	`b32bf77d6f5c097bf99730df0d8a2643a17d53a6af9fe4f85afbe77892088318`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x444`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45051`
MD5	`a74603e0a75d3627424792ee2b4c33a1`
SHA1	`d6d7166c4df62d31d69cfa5b80c5e7556ee6833f`
SHA256	`872ecec955880bbd679293589a0c715f0e581f2a85a5c6e564036fcf907d9f60`
SHA3	`5307bf7bda4d30392a011fe82b925d5e58b8a80aee58f982b449861855dc9e5f`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7b7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52138`
MD5	`162e576892d7f56390d7a131120a78b6`
SHA1	`0eee3341ec4fa0fec0cc6ca6935fc31ae6e8db4d`
SHA256	`86f53bcf4992100a642687069250b6ff34d717d8951469adba4674ee2c6f2a86`
SHA3	`63bd569f7a947c7e53124aa3f91ebd1753662669353beab4d5fb649d24511f30`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.4.2026
ProductVersion	1.0.4.2026
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Capcom Co., Ltd.
FileDescription	Resident Evil: Requiem - Community Trainer
FileVersion (#2)	1.0.4.2026
InternalName	RERequiemTrainer
LegalCopyright	ÐÂ© 2026 Capcom Co., Ltd. All rights reserved.
OriginalFilename	RERequiemTrainer.exe
ProductName	Resident Evil: Requiem
ProductVersion (#2)	1.0.4
Comments	Community trainer for Resident Evil: Requiem. Provides enhanced gameplay features and cheats.

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-27 17:36:03
Version	`0.0`
SizeofData	`852`
AddressOfRawData	`0x3873c`
PointerToRawData	`0x3733c`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x43b080`
SEHandlerTable	`0x4385d0`
SEHandlerCount	`47`

RICH Header

XOR Key	`0x527e030c`
Unmarked objects	`0`
ASM objects (33145)	`12`
C++ objects (33145)	`173`
C objects (33145)	`22`
ASM objects (35403)	`21`
C objects (35403)	`17`
C++ objects (35403)	`76`
Imports (33145)	`15`
Total imports	`144`
C++ objects (LTCG) (35724)	`3`
Resource objects (35724)	`1`
Linker (35724)	`1`

Errors

Leave a comment

No comments yet.