Manalyze report for 7221da3c1ef5a274c348378260e66806

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Sep-17 15:20:37
Detected languages	English - United States Portuguese - Brazil
Debug artifacts	D:\Cosas Agu\Sources\Trabajos\Trabajo Naldo\eMU\JoinServer\Release\JoinServer_EX301\JoinServer.pdb
CompanyName	MuEMU
FileDescription	JoinServer
FileVersion	`1.0.0.0`
InternalName	JoinServer
LegalCopyright	Copyright © MuEMU.pl 2015
OriginalFilename	JoinServer.exe
ProductName	MuEMU JoinServer
ProductVersion	`1.0.0.0`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE contains functions most legitimate programs don't use.	`Leverages the raw socket API to access the Internet: socket WSAStartup sendto gethostbyname inet_addr WSAAccept inet_ntoa WSARecv WSASend listen bind htons htonl WSASocketA closesocket WSAGetLastError`
Suspicious	The PE is possibly a dropper.	`Resources amount for 80.0356% of the executable.`
Suspicious	VirusTotal score: 1/68 (Scanned on 2023-10-13 23:27:16)	`APEX: Malicious`

Hashes

MD5	`7221da3c1ef5a274c348378260e66806`
SHA1	`292b5dfb73d0684c0d828f4f99be956d6adb20c6`
SHA256	`170055aeb6d2480dc97d73dc373fce1256a19f812e284df9360c6bb2e86cbbef`
SHA3	`a376588326685712a8231968fac7e930595a3f6a4a48e468faddc4afa64ce542`
SSDeep	`1536:LMYffkiuE3widcAMTCNRdvYsIG2IoV/OUPe5a1Ref333o333333mUM5a1Ref333:LMYfeE3Jm9tv/OUPMgRagRAn`
Imports Hash	`f3325cd569ac1ce30d1d0a6039e4414b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2017-Sep-17 15:20:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x9400`
SizeOfInitializedData	`0x51200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000094DA (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x136000`
SizeOfHeaders	`0x400`
Checksum	`0x66771`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a406a4b15c7153d6349d69fd20855453`
SHA1	`73f06effb18b303f40b3bc32ea397d7d372b0170`
SHA256	`e28072c0c33bd8ea7dbec01ec9fd5323d0f636995c2e11498bbd93d17f263e15`
SHA3	`3796932b253ea82337d32af9a8f9c968a0ec60fb103fea85995e4af1f8762ae8`
VirtualSize	`0x925e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53928`

.rdata

MD5	`b090ebe2ecfcfb9410e8a42603224230`
SHA1	`af3b5f509f1668f9aebde9823ac6553990bb9671`
SHA256	`ed8f5b56fda24ade049bff95f6879f84a20daa4c3c7bd30fe71fb2876c17a086`
SHA3	`97fe402cc6cc0180f264c48d5cec15ad1427ca0bcbba0749edaeb2d6525f818e`
VirtualSize	`0x3c50`
VirtualAddress	`0xb000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.20175`

.data

MD5	`da521f0a83780375e2dbc9c5458ae4e8`
SHA1	`ed45d85cfa764d00dc76e035cbfda045a857b725`
SHA256	`27d9bede1a695f9fcb17bb9b897a7bd1041d47ed67ae81edcd0abcc7e18c0148`
SHA3	`6c75c2d1a1db0fa58fd874e32f62b34e7bd07b40f6c5453a0557d1123cc748a1`
VirtualSize	`0xdb71c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0xd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.807316`

.rsrc

MD5	`e30d67809230ddb658b08dadac9a6b72`
SHA1	`5ac14ae0efa58e765af554e34f8d9ad2126bd88c`
SHA256	`55099c4f0b922822b1d3ed50dc53f5a28a747d8ba788b1bbdaa75e7e2a692c1c`
SHA3	`500c95c66230cdedb248d4bb9edde91b6745df2f8111dcbc4ea5d2f3981518e8`
VirtualSize	`0x48de0`
VirtualAddress	`0xeb000`
SizeOfRawData	`0x48e00`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.11258`

.reloc

MD5	`454e8512c7a8d04fdaa1c31defbddf60`
SHA1	`8483e820dbc6615ff4b40dfde9857d6c86d73ce2`
SHA256	`e2b1b18209a4a1a6a08c6777f9e362d7ec201cd7052eab0854e25763b13bdc62`
SHA3	`bfa1ce2b74755c11c558065539e1b2c109b9ebc87fc34baa0b28948506c2efca`
VirtualSize	`0x1bb4`
VirtualAddress	`0x134000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x58e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.80886`

Imports

KERNEL32.dll	`GetLocalTime` `CreateFileA` `SetFilePointer` `WriteFile` `GetFileSize` `ReadFile` `GetCurrentThreadId` `GetCurrentProcessId` `GetCurrentProcess` `SetErrorMode` `SetUnhandledExceptionFilter` `TerminateThread` `CreateIoCompletionPort` `GetLastError` `CreateThread` `SetThreadPriority` `GetSystemInfo` `CreateDirectoryA` `ReleaseSemaphore` `GetQueuedCompletionStatus` `WaitForSingleObject` `ExitProcess` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `IsDebuggerPresent` `UnhandledExceptionFilter` `TerminateProcess` `GetStartupInfoW` `HeapSetInformation` `InterlockedCompareExchange` `Sleep` `InterlockedExchange` `DecodePointer` `EncodePointer` `IsProcessorFeaturePresent` `CloseHandle` `GetPrivateProfileIntA` `GetPrivateProfileStringA` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `InitializeCriticalSection` `CreateSemaphoreA` `GetTickCount`
USER32.dll	`wsprintfA` `LoadStringA` `SetWindowTextA` `LoadAcceleratorsA` `GetMessageA` `GetDC` `TranslateAcceleratorA` `TranslateMessage` `DispatchMessageA` `LoadIconA` `LoadCursorA` `RegisterClassExA` `CreateWindowExA` `ShowWindow` `UpdateWindow` `DialogBoxParamA` `MessageBoxA` `DestroyWindow` `DefWindowProcA` `PostQuitMessage` `EndDialog` `GetClientRect` `ReleaseDC` `FillRect` `SetTimer`
GDI32.dll	`CreateFontA` `DeleteObject` `SetBkMode` `SelectObject` `SetTextColor` `TextOutA` `GetStockObject` `CreateSolidBrush`
ODBC32.dll	`#18` `#75` `#7` `#31` `#36` `#11` `#20` `#8` `#4` `#26` `#16` `#13` `#24`
MSVCP100.dll	`?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z` `??1_Container_base12@std@@QAE@XZ` `?_Xout_of_range@std@@YAXPBD@Z` `?_Xlength_error@std@@YAXPBD@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z` `?uncaught_exception@std@@YA_NXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A`
WS2_32.dll	`socket` `WSAStartup` `sendto` `gethostbyname` `inet_addr` `WSAAccept` `inet_ntoa` `WSARecv` `WSASend` `listen` `bind` `htons` `htonl` `WSASocketA` `closesocket` `WSAGetLastError`
dbghelp.dll	`MiniDumpWriteDump`
MSVCR100.dll	`_time64` `_localtime64_s` `asctime_s` `tolower` `_unlock` `__dllonexit` `_lock` `_onexit` `?terminate@@YAXXZ` `_amsg_exit` `__getmainargs` `_cexit` `_exit` `_XcptFilter` `_ismbblead` `exit` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `_crt_debugger_hook` `strncpy_s` `__CxxFrameHandler3` `_CxxThrowException` `memcpy` `memset` `atoi` `_stricmp` `isalnum` `_except_handler4_common` `isalpha` `atof` `isdigit` `isspace` `??_V@YAXPAX@Z` `vsprintf_s` `memmove` `??2@YAPAXI@Z` `_controlfp_s` `??0exception@std@@QAE@ABQBD@Z` `_invoke_watson` `?_type_info_dtor_internal_method@type_info@@QAEXXZ` `strcpy_s` `??3@YAXPAX@Z` `??0exception@std@@QAE@ABV01@@Z` `?what@exception@std@@UBEPBDXZ` `??1exception@std@@UAE@XZ`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1dad`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83219`
Detected Filetype	PNG graphic file
MD5	`0ef7aaa6731f63029217b5310f6fbfce`
SHA1	`1966c91893c1c6ff5129d5c5386eb15027d49bad`
SHA256	`0d7ded83303662940e29d18541d8f33b2e3e1f5ddc8aa708c312d81e09996d97`
SHA3	`fd2b24b249cc84101898cb2527c00ae15b7ac8d2120836366e5134863f39d341`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53238`
MD5	`b6b244157fa6370670c0c9b507feaad3`
SHA1	`ad6e5bafda4e027963142bff96de7d0150ff6b32`
SHA256	`f7077052adc4efb8308734edfbfc52c17ceda132f88a67a61c5c844375faa07d`
SHA3	`b6efc305e454cc42852d7da20aa35717c987677c9c8d5657af711a8590e10c2c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.59303`
MD5	`fe764f00533b2f6927ab1a1a4586480e`
SHA1	`de02bcdfd4c3810ab0f7e867387944c83c84b3fa`
SHA256	`cfb649067353125aeab6ede6aac4f2959d591777a5e18ffdf16ad99b2cbdb2e4`
SHA3	`42fcd85d8ca8e0ee28a6463ecce3c2c71602b537d2f7c7cdaa3395789c9822e2`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74159`
MD5	`d724c9dfc541193bdfb975b796acb325`
SHA1	`dd7ecbbaeff0849650aa1fac5292b0f432ef415c`
SHA256	`86ce1a5708b0745850a6f002c4618eaf3f24e0df3c79e4e5daffc9c7dd75887d`
SHA3	`9da0fcb2d4fe70becbb36cf12355b10e80efb94e74600d5cd3997f1ddd21ea34`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89733`
MD5	`98e33b17627dd1560be62b3b0ef5c5a1`
SHA1	`07a69c8d914978b60b6769e01667e98c1e423e25`
SHA256	`ae9b46f0b25b11ede59f53890cdb1adab5b1d581f022a4e751adc71f455463d9`
SHA3	`28ebe140b9bc64753ee970a535033d50a0895e9f2f200be1f6f812e3df275c7f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.06593`
MD5	`fadae548dfd3952d38665d07bb550ed8`
SHA1	`c9649d02345bb10a9fc5b306095bfa9e97f992d2`
SHA256	`4098543cffb704549de348edfed7c3aa6d24d6ac689133f71b87ed8477bd7dc5`
SHA3	`0e848c42b33fae62500e1b16e6fcfd7512c146a8536244f00f671733e9bf4054`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.29621`
MD5	`44dfdf56f8437370c92acf8eb93306b3`
SHA1	`3f6aef99cce198e00fbf7f56cf00c14a17be5286`
SHA256	`c16e6fbf47fef861575d08636ec9af9c3f15b0844cd2825f270c468bc6e7b97e`
SHA3	`bb8a074a776ffd23ace3678433668175f310ce7e5c449395172b5181feebc124`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.47684`
MD5	`9b7b13067a1c1eb08f01f5ed24c3b471`
SHA1	`f7882f9952df36b45d8d10d83625a8e59dc573ca`
SHA256	`194baa6b1f16e11de35f544ec76afa8e6fea1264d4472baa8192b055161a515b`
SHA3	`e16f0097f26f9b529b959f1c0021b0b85108818eee6dc03f511a4a4eb7ae6ddf`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1dad`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83219`
Detected Filetype	PNG graphic file
MD5	`0ef7aaa6731f63029217b5310f6fbfce`
SHA1	`1966c91893c1c6ff5129d5c5386eb15027d49bad`
SHA256	`0d7ded83303662940e29d18541d8f33b2e3e1f5ddc8aa708c312d81e09996d97`
SHA3	`fd2b24b249cc84101898cb2527c00ae15b7ac8d2120836366e5134863f39d341`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53238`
MD5	`b6b244157fa6370670c0c9b507feaad3`
SHA1	`ad6e5bafda4e027963142bff96de7d0150ff6b32`
SHA256	`f7077052adc4efb8308734edfbfc52c17ceda132f88a67a61c5c844375faa07d`
SHA3	`b6efc305e454cc42852d7da20aa35717c987677c9c8d5657af711a8590e10c2c`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.59303`
MD5	`fe764f00533b2f6927ab1a1a4586480e`
SHA1	`de02bcdfd4c3810ab0f7e867387944c83c84b3fa`
SHA256	`cfb649067353125aeab6ede6aac4f2959d591777a5e18ffdf16ad99b2cbdb2e4`
SHA3	`42fcd85d8ca8e0ee28a6463ecce3c2c71602b537d2f7c7cdaa3395789c9822e2`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74159`
MD5	`d724c9dfc541193bdfb975b796acb325`
SHA1	`dd7ecbbaeff0849650aa1fac5292b0f432ef415c`
SHA256	`86ce1a5708b0745850a6f002c4618eaf3f24e0df3c79e4e5daffc9c7dd75887d`
SHA3	`9da0fcb2d4fe70becbb36cf12355b10e80efb94e74600d5cd3997f1ddd21ea34`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89733`
MD5	`98e33b17627dd1560be62b3b0ef5c5a1`
SHA1	`07a69c8d914978b60b6769e01667e98c1e423e25`
SHA256	`ae9b46f0b25b11ede59f53890cdb1adab5b1d581f022a4e751adc71f455463d9`
SHA3	`28ebe140b9bc64753ee970a535033d50a0895e9f2f200be1f6f812e3df275c7f`

14

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.06593`
MD5	`fadae548dfd3952d38665d07bb550ed8`
SHA1	`c9649d02345bb10a9fc5b306095bfa9e97f992d2`
SHA256	`4098543cffb704549de348edfed7c3aa6d24d6ac689133f71b87ed8477bd7dc5`
SHA3	`0e848c42b33fae62500e1b16e6fcfd7512c146a8536244f00f671733e9bf4054`

15

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.29621`
MD5	`44dfdf56f8437370c92acf8eb93306b3`
SHA1	`3f6aef99cce198e00fbf7f56cf00c14a17be5286`
SHA256	`c16e6fbf47fef861575d08636ec9af9c3f15b0844cd2825f270c468bc6e7b97e`
SHA3	`bb8a074a776ffd23ace3678433668175f310ce7e5c449395172b5181feebc124`

16

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.47684`
MD5	`9b7b13067a1c1eb08f01f5ed24c3b471`
SHA1	`f7882f9952df36b45d8d10d83625a8e59dc573ca`
SHA256	`194baa6b1f16e11de35f544ec76afa8e6fea1264d4472baa8192b055161a515b`
SHA3	`e16f0097f26f9b529b959f1c0021b0b85108818eee6dc03f511a4a4eb7ae6ddf`

109

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71518`
MD5	`b05859200ccdb775e68c1e922f7c725c`
SHA1	`7eabc5514d45b59a84662fb7ad3ddb075c7db089`
SHA256	`15eaa83e7baa04cdf6a12ca2db8c7ab0fe20a52da78013f8a8dd1f2b327f3199`
SHA3	`90cff3763b6aebf092253a6dcc8ad286116d0c40a728f1af197c777ca5ddb961`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11277`
MD5	`c0248760736f7a06b51de8597286edf0`
SHA1	`ef940f027524395da265c22ad3908dc3e09d6339`
SHA256	`0305861e9d75d60f8863298180836e5fe3a347203077fa0e361d7889d3d0c10e`
SHA3	`a7d81aea44417cbb12153ee1d1330d399b819543ca278b5b2a16d519f786f241`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05614`
MD5	`fa151546b542da3dac9f34be24f99365`
SHA1	`e867c33318191e5d7508fd4512bc920f47895998`
SHA256	`3f324f83900e8c9bdc7e5a9ea107519f2fd09f4318aeb78cc573aa0f194fbf13`
SHA3	`fb44da053fc5949acd46e693d50f919b8d1f4915e57519a9abbfa5a4576077ec`

109 (#2)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97321`
Detected Filetype	Icon file
MD5	`f366c0b93cbde77616a400765b00ce12`
SHA1	`02d2fcb637427299326217cd8f47ba76639627a3`
SHA256	`be9078f9c9b8fc3b479071e4019d2691240ccebfc18bd285dfef2bcaa2aa7737`
SHA3	`55956445340b9bf6d580425173a609922903b714062c6e217b42c28bb360efba`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01003`
Detected Filetype	Icon file
MD5	`93b434ad37bf8ef860981680190abb8f`
SHA1	`2d2e6308c2b9058de2b75c5a1dc84ce92537c2fc`
SHA256	`daec8653a618808dca41efa7c54c1a4603c911de6cc68b1c47bb8c49be1b825b`
SHA3	`6231f24494c10ff5f4d1d707221c3b6de46380a263b41b5b5f6dab7fe65e4f65`

1 (#2)

Type	`RT_VERSION`
Language	Portuguese - Brazil
Codepage	Latin 1 / Western European
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34229`
MD5	`a144000cf0b4a882107172fa7b87908b`
SHA1	`ed9419a8a255357e24a2f4c39782e772bfe4a7f7`
SHA256	`4d4540415142b60f6e5d758db4395a3933455377e948eb772e99ab25f0d64b88`
SHA3	`c4b1148f049a217bf6187da1beee62484558da4a539cd61599fc801d052d3924`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

String Table contents

JoinServer
JOINSERVER

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	MuEMU
FileDescription	JoinServer
FileVersion (#2)	1.0.0.0
InternalName	JoinServer
LegalCopyright	Copyright © MuEMU.pl 2015
OriginalFilename	JoinServer.exe
ProductName	MuEMU JoinServer
ProductVersion (#2)	1.0.0.0

Resource LangID	Portuguese - Brazil

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Sep-17 15:20:37
Version	`0.0`
SizeofData	`123`
AddressOfRawData	`0xd0f0`
PointerToRawData	`0xb8f0`
Referenced File	D:\Cosas Agu\Sources\Trabajos\Trabajo Naldo\eMU\JoinServer\Release\JoinServer_EX301\JoinServer.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40f018`
SEHandlerTable	`0x40d5a0`
SEHandlerCount	`23`

RICH Header

XOR Key	`0x7a295219`
Unmarked objects	`0`
152 (20115)	`1`
ASM objects (VS2010 build 30319)	`4`
C objects (VS2010 build 30319)	`20`
Imports (VS2010 build 30319)	`4`
C++ objects (VS2010 build 30319)	`6`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`188`
175 (VS2010 build 30319)	`18`
Resource objects (VS2010 build 30319)	`1`
Linker (VS2010 build 30319)	`1`

7221da3c1ef5a274c348378260e66806

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

109

103

7 (#2)

109 (#2)

107

108

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors