Manalyze report for 6d0371491cdf96b10159b33696a9fba8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Oct-01 16:55:24
Detected languages	English - United States
Debug artifacts	G:\shaiya-sources\shaiya_eg_vc2010\_temp\client\Win32\EG_ReleaseGM_2010\GameGM.pdb
CompanyName	UZC
FileDescription	Shaiya
FileVersion	`1.0.0.0`
InternalName	Shaiya
LegalCopyright	All Rights Reserved
OriginalFilename	Shaiya
ProductName	Shaiya
ProductVersion	`1.0.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: ba 58 56 00 00 ed 81 fb 68 58 4d 56` `Contains domain names: eterniagames.com http://shaiya.eterniagames.com http://shaiya.eterniagames.com/shop https://discord.gg https://shaiya.eterniagames.com shaiya.eterniagames.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses constants related to AES`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CheckRemoteDebuggerPresent` `Can access the registry: RegCreateKeyExW RegSetValueExW RegOpenKeyA RegQueryValueExA RegOpenKeyExA RegCloseKey` `Possibly launches other programs: ShellExecuteA` `Can create temporary files: GetTempPathW CreateFileA CreateFileW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Leverages the raw socket API to access the Internet: WSAAsyncSelect connect setsockopt inet_addr htons WSAStartup closesocket gethostbyname send inet_ntoa recv socket WSAGetLastError` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationA` `Manipulates other processes: ReadProcessMemory` `Can take screenshots: GetDC BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`6d0371491cdf96b10159b33696a9fba8`
SHA1	`2b6c61b17bb709cd4e295fed551b6cb1a84064f9`
SHA256	`c4686dbb4b9be7dd7ea4fd006c35ba66bff00a1ef4f81375f826f0da112ba482`
SHA3	`900418d376bdfa5145750cfda488383dd0277d646d9fdbb1c7cb8c1dda2d9b34`
SSDeep	`98304:/Qw49/6y+NioDS1XYCsi9v+o6HL8jMAnrICljAl:kSNioDEICpeL8jBn8l`
Imports Hash	`3d85394c738a44a1178728237f6e41b8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x160`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2024-Oct-01 16:55:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x438c00`
SizeOfInitializedData	`0x1caaa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x003E3072 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x43a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x20e7000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1be3af33ba9e15fb192fde312f2c0231`
SHA1	`e971c71f7e681ae1015b21d8af26ce5484de4e9c`
SHA256	`57d7c267ce18c1dcdd6e6a5368b3607e5224ef28b095a995b032cfec471faec1`
SHA3	`8275a8492473f00b736b1252932e0abe4f0510038808c9d0038b56dbbb2bb490`
VirtualSize	`0x438ae0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x438c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61766`

.rdata

MD5	`1b8ad424ea6835243ec65993072eab78`
SHA1	`b088fb5cf4c4acae0eabeea6780f94871f23fa28`
SHA256	`15f20ff4d33852ab6f0c738233ca3f345c1d81f0615af65e4f2b2d98b15627da`
SHA3	`2fa1cf26fab014f2f826b2de7d98d9dbc2c2437c0e50facfd09f7aecce972085`
VirtualSize	`0x78184`
VirtualAddress	`0x43a000`
SizeOfRawData	`0x78200`
PointerToRawData	`0x439000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.53482`

.data

MD5	`a5891d0f34ab604556e702713e326b45`
SHA1	`7570d1ecc39358cbd88cec9d58cdaa6ebad16f35`
SHA256	`185cccf3b43a4f156c31d7bd1ef0e5052ca9756594398142609e676131892dc2`
SHA3	`403ae4b5c8f57d8be196404e9d671fe7a6e8d600a2ed76d6a5ad54855d46f732`
VirtualSize	`0x1b9c258`
VirtualAddress	`0x4b3000`
SizeOfRawData	`0x14200`
PointerToRawData	`0x4b1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.9042`

.rsrc

MD5	`2d296e76daac5da4e6d5049242218e7c`
SHA1	`4af8db2250c2d3c36e367a5b90fd93e1970d09f4`
SHA256	`4778f1e283138277950cdc8428ccda42c1933223a2106f371ea36fb2b18d33c1`
SHA3	`4f58c529469902cb20af723236763543b48bc64581c56f61807c2d51e22f4599`
VirtualSize	`0x60a78`
VirtualAddress	`0x2050000`
SizeOfRawData	`0x60c00`
PointerToRawData	`0x4c5400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.18003`

.reloc

MD5	`df1916a99335d5796ae05afec0b45256`
SHA1	`5a1ed563ea8adcac3f9530f50a1c04ab6f563859`
SHA256	`1b6cb7514af9c2f214e3d2fc61b84ea393d053dc6ed2fe9f968ae3ee2de86b35`
SHA3	`b66deaf94aeb1d11a95e368cec83b0ba9877e103813adaab9ad1086dc358252e`
VirtualSize	`0x356f8`
VirtualAddress	`0x20b1000`
SizeOfRawData	`0x35800`
PointerToRawData	`0x526000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.77222`

Imports

VERSION.dll	`VerQueryValueA` `GetFileVersionInfoA` `GetFileVersionInfoSizeA`
WINMM.dll	`timeGetTime`
WS2_32.dll	`WSAAsyncSelect` `connect` `setsockopt` `inet_addr` `htons` `WSAStartup` `closesocket` `gethostbyname` `send` `inet_ntoa` `recv` `socket` `WSAGetLastError`
DDRAW.dll	`DirectDrawCreate`
KERNEL32.dll	`GetExitCodeThread` `GetSystemInfo` `IsDBCSLeadByte` `ReadProcessMemory` `GlobalMemoryStatusEx` `GetModuleHandleW` `GetSystemTime` `InitializeCriticalSection` `GetCurrentDirectoryA` `SetCurrentDirectoryA` `GlobalAlloc` `GlobalFree` `GlobalLock` `CreateDirectoryA` `GlobalUnlock` `GetFileSize` `EnterCriticalSection` `LeaveCriticalSection` `WaitForSingleObject` `SetEvent` `CreateEventA` `GetLocaleInfoA` `CompareStringA` `FreeLibrary` `GetSystemDirectoryA` `WaitForSingleObjectEx` `FormatMessageA` `LocalFree` `FileTimeToLocalFileTime` `CreateDirectoryW` `FlushFileBuffers` `GetOEMCP` `GetACP` `IsValidCodePage` `GetFileSizeEx` `SetEndOfFile` `SetStdHandle` `DeleteFileW` `GetTimeZoneInformation` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `GetTempPathW` `DecodePointer` `FindNextFileW` `FindFirstFileExW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `SetEnvironmentVariableW` `GetFullPathNameW` `SystemTimeToTzSpecificLocalTime` `GetFileInformationByHandle` `GetDriveTypeW` `GetConsoleOutputCP` `ReadConsoleW` `GetConsoleMode` `SetFilePointerEx` `GetFileType` `GetModuleHandleExW` `ExitThread` `LoadLibraryExW` `GetCurrentThreadId` `TlsSetValue` `TlsGetValue` `TlsAlloc` `SetLastError` `RtlUnwind` `VirtualAlloc` `VirtualFree` `InterlockedCompareExchange` `InterlockedExchange` `UnmapViewOfFile` `CreateFileMappingA` `MapViewOfFile` `OutputDebugStringW` `GetCPInfo` `CompareStringEx` `LCMapStringEx` `EncodePointer` `HeapAlloc` `CreateThread` `RaiseException` `HeapReAlloc` `LoadLibraryA` `GetCurrentThread` `HeapSize` `InitializeCriticalSectionEx` `OutputDebugStringA` `HeapFree` `VirtualProtect` `GetVersionExA` `DeviceIoControl` `CreateIoCompletionPort` `CancelIo` `FreeEnvironmentStringsW` `GetModuleHandleA` `FindClose` `GetModuleFileNameA` `GetLocalTime` `FileTimeToSystemTime` `QueryPerformanceCounter` `WideCharToMultiByte` `lstrcpyA` `QueryPerformanceFrequency` `CreateFileA` `lstrlenA` `GetFullPathNameA` `FreeLibraryAndExitThread` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `GetTickCount` `Sleep` `MultiByteToWideChar` `GetModuleFileNameW` `lstrlenW` `WaitNamedPipeW` `GetCurrentProcessId` `SetThreadPriority` `FindNextFileA` `TerminateProcess` `GetCurrentProcess` `FindFirstFileA` `GetVolumeInformationA` `CheckRemoteDebuggerPresent` `IsDebuggerPresent` `GetProcessHeap` `ExitProcess` `DeleteCriticalSection` `GetProcAddress` `GetThreadContext` `TlsFree` `CloseHandle` `GetLastError` `CreateFileW` `PeekNamedPipe` `WriteFile` `WriteConsoleW` `ReadFile` `GetCommandLineW` `GetEnvironmentStringsW` `GetStdHandle` `GetPrivateProfileIntA` `lstrcmpiA` `GetComputerNameA` `GetCommandLineA` `IsBadReadPtr` `SetUnhandledExceptionFilter` `CopyFileA` `InitializeCriticalSectionAndSpinCount` `ResetEvent` `CreateEventW` `UnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetStartupInfoW` `GetSystemTimeAsFileTime` `InitializeSListHead` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryEnterCriticalSection` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `SleepConditionVariableCS` `SleepConditionVariableSRW` `GetStringTypeW`
USER32.dll	`LoadStringA` `SetRect` `GetDC` `SetWindowTextA` `GetDesktopWindow` `wvsprintfW` `GetKeyboardLayout` `ClientToScreen` `ShowCursor` `SetCursorPos` `OffsetRect` `CopyRect` `GetWindowRect` `SetWindowPos` `ScreenToClient` `SetWindowLongA` `MoveWindow` `GetCursorPos` `PtInRect` `GetAsyncKeyState` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `FlashWindowEx` `ReleaseDC` `wsprintfA` `PostMessageA` `DefWindowProcW` `GetMessageA` `DispatchMessageA` `GetFocus` `LoadCursorA` `DestroyWindow` `FillRect` `GetSystemMetrics` `ShowWindow` `MessageBoxA` `AdjustWindowRect` `DefWindowProcA` `CreateWindowExA` `SetFocus` `TranslateMessage` `SendMessageA` `SetCursor` `LoadIconA` `SystemParametersInfoA` `GetClientRect` `PeekMessageA` `PostQuitMessage` `RegisterClassExA` `UpdateWindow` `GetClassNameA` `GetWindowTextA` `EnumWindows` `UnregisterClassA` `GetWindowTextLengthA`
GDI32.dll	`CreateFontIndirectW` `SetTextAlign` `ExtTextOutA` `MoveToEx` `ExtTextOutW` `CreateFontIndirectA` `GetFontLanguageInfo` `GetTextMetricsW` `SetBkMode` `GetCharacterPlacementA` `GetGlyphOutlineA` `GetTextMetricsA` `GetObjectW` `GetObjectA` `GetCharacterPlacementW` `SetTextColor` `SetBkColor` `SetMapMode` `CreateFontA` `SetDeviceGammaRamp` `GetTextExtentPoint32A` `GetDeviceGammaRamp` `GetTextExtentPoint32W` `CreateDCA` `BitBlt` `CreateCompatibleBitmap` `SelectObject` `CreateCompatibleDC` `DeleteDC` `DeleteObject` `CreateSolidBrush` `CreateDIBSection`
ADVAPI32.dll	`RegCreateKeyExW` `RegSetValueExW` `RegOpenKeyA` `GetUserNameA` `RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
SHELL32.dll	`SHBrowseForFolderA` `SHGetPathFromIDListA` `ShellExecuteA` `SHGetMalloc`
ole32.dll	`CoCreateInstance` `CoUninitialize` `CoInitialize`
OLEAUT32.dll	`SystemTimeToVariantTime` `VariantInit` `SysStringLen` `VariantClear`
IPHLPAPI.DLL	`GetAdaptersInfo`
gdiplus.dll	`GdipFree` `GdipCloneImage` `GdiplusShutdown` `GdipDisposeImage` `GdipAlloc` `GdipSaveImageToFile` `GdipCreateBitmapFromHBITMAP` `GdiplusStartup`
IMM32.dll	`ImmGetContext` `ImmReleaseContext` `ImmGetConversionStatus` `ImmGetProperty` `ImmGetCompositionStringW` `ImmGetIMEFileNameA` `ImmAssociateContext` `ImmGetOpenStatus` `ImmSetConversionStatus` `ImmNotifyIME` `ImmGetCandidateListW` `ImmIsIME`
d3d9.dll	`Direct3DCreate9`
DINPUT8.dll	`DirectInput8Create`
DSOUND.dll	`#11`

Delayed Imports

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95233`
MD5	`79cef65446f5610ea8b95c35060e677d`
SHA1	`ee3199d4275e7cd413665eebb659702b825b4ba8`
SHA256	`f8d2f263ce2640aad446a2b2ea55b60d1555a9044827427ab4bc9bcaf2ea8d74`
SHA3	`6d04f5e728fb7864854b8e1958057c97305a637ecef930009a39d19c7864aad2`

2

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90753`
MD5	`0c48fd2db0a1fc0783e7874b77c9f449`
SHA1	`c2585e439b05220503281c948dd95c526ce62e42`
SHA256	`47e3ef66c03927ce70832eb3176e556c364dfd94d0f3323013f1fe1e0d6bcf17`
SHA3	`ddf591a0c73a02bc339aded228636447951eda75b131485b4a78255313451fca`

3

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14305`
MD5	`8665ecdbe7ad86b60abf833cb3c82564`
SHA1	`e3aca8e940367ea3db0ca953ecf9335a1906f4b6`
SHA256	`c353357cd509337228aae9a9bf2eda9c46304faa34f174a73a4a15dbb3981b47`
SHA3	`00f5389656c13e47118b726679443d82d854cd095b7fdd609d00c8168d006a12`

4

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.00299`
MD5	`b4f8db820fcecf8b5526e1baf165457b`
SHA1	`66d2ff3dd0d265aebec9058ad3a3dda6e201729d`
SHA256	`bdbf503cc3af1197a7eab8a3f065526f4ceb9c8ec347880112d523b2bd681e83`
SHA3	`894f80037ce25f77f70fcae7e3ea236d3ee7a4d4e1290c0384b2c78bc37829ec`

5

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54091`
MD5	`0c238f25ae717cac9f96c587741705ac`
SHA1	`ec873a6371680a407622f48dfbd47858482fe48a`
SHA256	`3f6a4e8a1da66dea5317903a474611ad86cbfe9903a15a5b14b59c811ccb52a4`
SHA3	`b3a54cded12e92e5befbb0268713e64777dcc0604d0dd0b98e87bf60288d3ed2`

6

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21938`
MD5	`ca3772e5f17cf1a4ede36ee7b6fac06f`
SHA1	`9401a88638996aca7c63cb4c7c8c2c57c51569aa`
SHA256	`1d78e6a3f7fe2db0543282e442f78dd634a0589af319639906936e1eb67ebc09`
SHA3	`a21c6a2d2c722e663cc3a31f3b11203f276f63c9907f6c85b393b3679a27ea8c`

7

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70484`
MD5	`5e15ec28f7d474ce9a0c8837486b49c8`
SHA1	`f4dec0d599e0057f4a7dd4ae0da7e7190aa062ea`
SHA256	`f4ff5cdc13df2d77e849f0be7ed89177fe8e1636a276c86f82eb342252ab63cd`
SHA3	`34427ec6a7b13ba4cb4d3df80ac1de2e6f3e153eb5d4d944f10a9426ec83681f`

8

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.00447`
MD5	`df5dd9f0adf872d6629715cca7b11225`
SHA1	`d7db12267fe6a02b9ae78902cbca95ee84a86396`
SHA256	`89e7de1564d1e39c6750d009c3cc79d8d739806907061272fa625d759e232555`
SHA3	`d77f5e402b694b2db9d9dce65664cb07aa07f3df54c4bad23be0fe892c499836`

9

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.00784`
MD5	`787814ae2c357a2af83f9a0491d4c60b`
SHA1	`7fc71b2d8bc4c95b20b7aca2502d40962b92c9b3`
SHA256	`544acf10a7dacb52bc4fa0e0c215fdbd9ce47f9bf896b7e4aa3f275e54d2ca04`
SHA3	`a71243add261a5e05baa829e8079b3a11f26a18ff127640726ba454b616e491e`

10

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.55223`
MD5	`54c23b601c1d618a200e38c7a07cdc1d`
SHA1	`f26e6a39f2db51bfc59f81f4c33d156c925f9673`
SHA256	`c672438c0df6ed65dc51c95d805add157336e328abd1a8ce2c5ab7b760a4bb03`
SHA3	`a8df9fac0ee1e8581b3ba11a972d65d2e619e5ac0a1c0a8855dd96417b31bd6c`

11

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6727`
MD5	`e5e9105f16591a3acdf1b67a123e5a9a`
SHA1	`b03600cb412d15d90f340aeb9faeb55b4281869f`
SHA256	`71b65a134e443dee68df5ddb0ca17227996518d289d58c7771a27ac59e5b55be`
SHA3	`af2c4d0a6c145500e56b5d98366d1d30f566cb414ea7502ec498ca325fa481f5`

12

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.846`
MD5	`6c6fc680905f5a574401588044862758`
SHA1	`f17e58def411fd7fd1774f87d0a7c3806521c8f5`
SHA256	`71a926f15121adda695ff06bd73701de15c06b759d5d95cc691bf4c82a35e908`
SHA3	`20028c338f86d6032d36e2a0a5ff9c4b46f730358ac6b2a37abd175e86cdaace`

13

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xcac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.389`
MD5	`d7b0b5702320f4f94743edeeb7ce3c21`
SHA1	`dbd35da2176e49ff622f52f1c02655fd380f08c6`
SHA256	`9f0f43d5b30b8ec6d0ca5f04d15489d58981c8f1b228254c0a5920bf9a9731c1`
SHA3	`f48604244ae0e10fb6583191bb2d7f35077614cc9b8c84208e228d6447b9d4f9`

14

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32205`
MD5	`f0d8033461891c0191f0384fa3897b52`
SHA1	`4f8c4e809dc29211fb84a51ab7eb64add6c29fc8`
SHA256	`1c09ed1396fbff803533730876e898e64ebe186feb5038c46d5ea5ab814d20fa`
SHA3	`7eebbca4edcb24f29460b0b3ad0e45d87933a7c5fb9f19ff2a55774550689d36`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.59105`
MD5	`992db40db8d71afb362c10517a6de8ad`
SHA1	`f40d99a57eaa30928105f7f862f8de70acd8d1bd`
SHA256	`5161cf38015fee2bfb90af1436d7ceb77b3add9d3246470250f032113674c113`
SHA3	`b26b8e276c689f4698516799ceb9ad421e98133c70ce7efb4aba61f711e41aee`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31952`
MD5	`48e5ceeb7550b4ccbe4eba4eaf2df3fa`
SHA1	`e6095ac465a68d85e1d2fdbab1d743e787244159`
SHA256	`add1957731a19dd7475329871d7085b015a284ce6158641b4b17cfe9a1ab2a94`
SHA3	`05046f1e309c2082a6c59a2899bab42f23e55657c2786a1e8873feb1bb9d378f`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05873`
MD5	`b21c0c71673172fc8a322fc48a9df7a2`
SHA1	`ec185d4393a369d3d435b00ad0e90efd888f865e`
SHA256	`5283aba933e23fe9ae704457395e6816e4a68d5284516a9a9d6a9db87af74b20`
SHA3	`57e6635b7028c23300b37bcd9e25e492f3e39f802a8aa775073f13fd6960548a`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.66958`
MD5	`8ed684d0cf15d8ea673f373a72dc2523`
SHA1	`f7a1537a8a9a26df7b025a4d2a6f5c0de29c59f1`
SHA256	`d25095c7d38c2bafc9d8ceaae18f81cd06d4b3c5b512dc4e3767d772b402132e`
SHA3	`0cc594059aad5e228f0aaa6d74aaa5f8fc22d329eda10a01b5591c0e3e0c5d15`

19

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52325`
MD5	`196aac925e0b116363316b4a5af805ac`
SHA1	`ee94079146df4e25ef85bbb84f3650b207131848`
SHA256	`0e73083ef44d3edeccb9138866c8616d2143c0e43d53efffc2386e95cc5d0a55`
SHA3	`ebdccd2605969843267dd6e56a716316742fb235df4571937cb062c0225c46c7`

20

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40549`
MD5	`e94815c9961e707531ea6e5057a69332`
SHA1	`6eae5377d732a67b7f6f2b6f04cab882bcbe645c`
SHA256	`82b665d4e9edb4ad5535391d7000818d3e5e8adeafc3a1623776aaa8bc1460db`
SHA3	`9ff0c9f3999a57657717b82004d59b9fec5d8243fe81945bf3fc059d70778b53`

21

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.44683`
MD5	`840988bdfa77690cf5aed0c98b1b2fdb`
SHA1	`208285217ea83645c18b68f90abb6046e19e2204`
SHA256	`a827832bb406ba144e865da922a183a317c418e63be832a8f0f087bce9b7b7ab`
SHA3	`13408aeb9a146ed2eed9a1dbafb2ae2e2d3c4ae435d7581a0ec8610bce3a69a6`

22

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.38693`
MD5	`abfe4dbdc6e2710dd9302c781e418ffe`
SHA1	`b96bb79ff1944afb02fc1cbcd8f73caa11f8f9a6`
SHA256	`e719e0f3dd5cf5e10f3c4d172dde40abdba42669903a7363967704fe307ab910`
SHA3	`49411b00a02d70e89d560b0613196b8e9d47022f70ff5a2bb1387d45d56fb946`

23

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc6e9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99023`
Detected Filetype	PNG graphic file
MD5	`1fdcae7b444b868de852d82f59137122`
SHA1	`a89248705199fb7cddf773d13a771beb60f5dc89`
SHA256	`778c1ecc20d5efb8b99f535d2b6bda7ed7b43c3e5e6153f54ee441d711742b6e`
SHA3	`903b205c0c5724107aec8e3ff003654a6aeeaa542a1f2acd8b1982e0a3920a99`

174

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Cursor file
MD5	`ea85ef03bf202985c4fb9fe7780b51d4`
SHA1	`03bb2ce594521c0f8f39989508bda00533bdfd01`
SHA256	`f451c1dc0342b32a48d6026b049c186cc315d2665614449d6939c4b570eb1b38`
SHA3	`696c7d44d35f690effe72356f8c6770cd0dbd86b3568bb9f4c682f37705a087f`
Preview

175

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11924`
Detected Filetype	Cursor file
MD5	`507e5ef6ed67fb2256c6e6805f189dfa`
SHA1	`f839486b04e0ee1378cdbb3536ddc1991ab1229f`
SHA256	`264fbfa9c393686bc0b9dbc3e7bc2d903a13cd5fb294fd6d26061b6520d8761c`
SHA3	`962b5d916aa17c44d0b9f815c8b0c97789ac573994a0830854e34d6f74b945a5`
Preview

176

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`2aa3e191487c52ed2804b3ca834054be`
SHA1	`3ec8a934990b05f2931889b65e0c7705d1702307`
SHA256	`acf8ca6eb49ab6ef7f15ca05159938f5439baaceb4f62b28a59bbdb2d0035e25`
SHA3	`665698dc80ac4265bbef08da7dfa3823f95d2c35fe6fefb722b6c0cfe05242df`
Preview

177

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`f0e586a433641a102bb9cc63b453fcb9`
SHA1	`05d62db24de9dee8c4b5a6c0bc5a5e19104348b4`
SHA256	`a7207b14e868ce5fe75588f78bd79767d437a0acec53d953acac57b5a6848a09`
SHA3	`2a835277360d309c074b859c4558a0d137b067858c0458d87c8ba893d1a43527`
Preview

178

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`32ecc604e9d0904d52b1e3ba35c5426b`
SHA1	`af6128f206eb23587b1baaaee3de23e526ee7ce9`
SHA256	`66505eb44699246a25c6f8a10422041db62335a438679d80e55090733e11616f`
SHA3	`531aaa07d82ffe245e8171df171423510b265c89df881eddd7c3067f74c0bf62`
Preview

179

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`d2b11b1eed9f121883841cf72ece2c41`
SHA1	`077cbd11dab5b3d49c61ced6f249c0401bdd5c37`
SHA256	`735c1308669c10f83cfe17939ac8b38990a18f93c4fe4c5e3d984b15ad349621`
SHA3	`0379b906bc2073327c67bb327823b80bb69f394e561fd7adfed7d2f078b9bfcc`
Preview

180

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`817fe43522d50eb16beaabfa5831ba2a`
SHA1	`b8ceaa4c95ac5e62d1c3949403d8475853ab4375`
SHA256	`0e6aee6e6c9f0b8c5b7c9f6a0a1db5beed6bac2fcb0226fac7a5e1b1d2175189`
SHA3	`922af4db0527dc1749e60b2dae2fa41cb7600dccf1f38ea2193383cfe3a715cd`
Preview

187

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`45161e1940dba2c27e73bc3be818cb70`
SHA1	`19b057dd6e3039b8311b19ac53617b62059aea80`
SHA256	`473ab89b3563d1532907083089fcd19a9f6a003bacdda5a1cbbbb3713e51b770`
SHA3	`e806841e749b0bf9ac43c729efe02db486b011987081b4ca40a26fdd0a116d0f`
Preview

188

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`6e9b8fe541c216a17277cf7f33d8295f`
SHA1	`6d7d9908448089af33f3753df9c6d532ab610df3`
SHA256	`a43410f6e73877619746d9384f5a7c520c2f2571ac083216ceb46f64dec5afea`
SHA3	`d16ac25e350b75a6bde87e156cf4a10f59ec5ea9fa4ee5d640c45f3968199730`
Preview

189

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`a719234938666c43a2c1fd836f3027d2`
SHA1	`bbefdcbde1037484c5ddf25cbf98e871042e8540`
SHA256	`3ef415759c938b35d09f50495e84426d8282f4f9fc174cfe9aafcd157e7580f6`
SHA3	`677938e8ddc614f447fa682cc1924aa6ec219100a3c51fad73304604329a6e52`
Preview

190

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`176eef70905805e53fd8aec1683b9260`
SHA1	`bdca564e4311b88f8e78b78145c04d51ec8eee19`
SHA256	`6defc603e6f95d187c6d2b4e3768cce2dfebcba99b63df5bcaeca9071ef9f2da`
SHA3	`29d1b850bbb62154fb39ab4c7d333978c61e98c887947f6ce5000b08f7be847c`
Preview

191

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`f00e802c6e0eb7c0c8dc07d78ad6a13f`
SHA1	`3d9dce5917d9f6aff65ddd73bc46ea4dd6e3cb1c`
SHA256	`edb1271bc926bb2bcffa1b4f69b19f6309bccf3bfb802415420d3a7cc7c005bd`
SHA3	`304b0490698328014fb88da6431bf18ae222eca5ee2339f02e4fac24c51a6d43`
Preview

192

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31924`
Detected Filetype	Cursor file
MD5	`a9c02c6b32a6da0f1a359027b26f0e78`
SHA1	`f0f0b713f49e4d9025b8a0e77fc19960d8a1a063`
SHA256	`cc1ae55319611b7a2ddba3fedaf956620f28367b72bc736068a8a4c591e6fdb8`
SHA3	`41978f73c3e19f360380b8cfd9fe09b2a428ffddf826bd49926fd9aeef904f8e`
Preview

194

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`63e88d11b8e4a0868f5c2dcb5c944b1e`
SHA1	`19e86d2e68c188e8f8101e3c053bfa02ca714b97`
SHA256	`5907a1ab79be2dae328a84248db9750607aeb7b802af582f974a5ae59fb3c37c`
SHA3	`fe8a1640613ab39314806298ace08aae1c0f1d9f89c9aa23e7a270562db0dd0e`
Preview

109

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26415`
Detected Filetype	Icon file
MD5	`933d7b190ba09c9ad64a483814c3669d`
SHA1	`075f4786eb1843becde24c470dcc33c419698997`
SHA256	`6750e6cb74fc810706b455e3dcca1c87e736f08b0cb5a31838d3716e75f141f2`
SHA3	`361831e4d65957f454ea8bbcb7385c77f05aff75d3aee9f59c561e4e8fc45a6b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x284`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24728`
MD5	`97eedf1b3ef081ac58e9095e49ef5af6`
SHA1	`eaf2b94eb3cfab8e48189e21e7f47261ae679f56`
SHA256	`95fa1718a43f81d53ffb9baa94563c3fa4d330dd756e1bb08e97a52f6bc4cc6b`
SHA3	`924f207722434b7ee743192babb4d46ca2e77cc4f175373e5a34361b51fa01cc`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`VS_FF_PRIVATEBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_STATIC_LIB`
Language	UNKNOWN
CompanyName	UZC
FileDescription	Shaiya
FileVersion (#2)	1.0.0.0
InternalName	Shaiya
LegalCopyright	All Rights Reserved
OriginalFilename	Shaiya
ProductName	Shaiya
ProductVersion (#2)	1.0.0.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Oct-01 16:55:24
Version	`0.0`
SizeofData	`107`
AddressOfRawData	`0x49f7a4`
PointerToRawData	`0x49e7a4`
Referenced File	G:\shaiya-sources\shaiya_eg_vc2010\_temp\client\Win32\EG_ReleaseGM_2010\GameGM.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Oct-01 16:55:24
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x49f810`
PointerToRawData	`0x49e810`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Oct-01 16:55:24
Version	`0.0`
SizeofData	`956`
AddressOfRawData	`0x49f824`
PointerToRawData	`0x49e824`

TLS Callbacks

StartAddressOfRawData	`0x89fbf0`
EndAddressOfRawData	`0x89fbf8`
AddressOfIndex	`0x8c745c`
AddressOfCallbacks	`0x83ad5c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x8b3348`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xfe4e5d79`
Unmarked objects	`0`
ASM objects (27412)	`46`
C++ objects (27412)	`227`
Imports (VS2003 (.NET) build 4035)	`2`
C objects (VS2003 (.NET) build 4035)	`1`
C objects (2067)	`12`
18 (8444)	`6`
253 (28518)	`3`
C++ objects (30034)	`94`
C objects (30034)	`22`
ASM objects (30034)	`29`
C objects (30154)	`10`
C objects (27412)	`35`
C objects (CVTCIL) (27412)	`1`
Imports (9210)	`6`
C objects (9178)	`2`
C++ objects (VS2003 (.NET) build 4035)	`127`
Imports (27412)	`29`
Total imports	`426`
C objects (VC++ 6.0 SP5 build 8804)	`78`
C++ objects (LTCG) (30154)	`472`
Resource objects (30154)	`1`
151	`1`
Linker (30154)	`1`

6d0371491cdf96b10159b33696a9fba8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

174

175

176

177

178

179

180

187

188

189

190

191

192

194

109

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors