Manalyze report for 75efec828405517c8dcb8cea40f9ea58

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Apr-20 03:57:03
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	D:\a\boiii\boiii\build\bin\x64\Release\boiii.pdb
CompanyName	momo5502
FileDescription	BOIII
FileVersion	`0.0.1.1036`
InternalName	something
LegalCopyright	Copyright (C) 2022 momo5502. All rights reserved.
OriginalFilename	boiii.exe
ProductName	BOIII
ProductVersion	`0.0.1`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: au.demonware.net auth3.prod.demonware.net demonware.net eu.demonware.net example.com http://prod.umbrella.demonware.net http://prod.uno.demonware.net http://prod.uno.demonware.net/v1.0 http://www.winimage.com http://www.winimage.com/zLibDll https://curl.se https://store.steampowered.com https://store.steampowered.com/about/ https://updater.xlabs.dev https://updater.xlabs.dev/boiii.json https://updater.xlabs.dev/boiii/ jp.demonware.net lobby.prod.demonware.net ops3-pc-auth3.prod.demonware.net ops3-pc-lobby.prod.demonware.net pc-auth3.prod.demonware.net pc-lobby.prod.demonware.net prod.demonware.net prod.umbrella.demonware.net prod.uno.demonware.net steampowered.com store.steampowered.com stun.au.demonware.net stun.eu.demonware.net stun.jp.demonware.net stun.us.demonware.net umbrella.demonware.net uno.demonware.net us.demonware.net winimage.com www.winimage.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegCloseKey RegQueryValueExW RegSetValueExW RegOpenKeyExA RegQueryValueExA RegCreateKeyExW RegCreateKeyExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Uses Windows's Native API: NtQueryObject ntohl ntohs` `Uses Microsoft's cryptographic API: CryptStringToBinaryA CryptDecodeObjectEx CryptProtectData CryptQueryObject CryptAcquireContextW CryptGenRandom CryptAcquireContextA CryptCreateHash CryptHashData CryptDestroyHash CryptGetHashParam CryptReleaseContext` `Can create temporary files: CreateFileW GetTempPathA CreateFileA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: getpeername getsockname freeaddrinfo ntohl gethostbyname connect closesocket send WSASetLastError recv sendto recvfrom __WSAFDIsSet select ioctlsocket socket setsockopt htonl htons bind WSAStartup WSACleanup WSAEnumNetworkEvents getsockopt WSAWaitForMultipleEvents WSAResetEvent WSAEventSelect WSACreateEvent WSACloseEvent WSAGetLastError WSAIoctl listen accept ntohs getaddrinfo` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationA` `Manipulates other processes: OpenProcess` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Malicious	The PE is possibly a dropper.	`Resource 1 is possibly compressed or encrypted.` `Resource 305 is possibly compressed or encrypted.` `Resource 308 detected as a PE Executable.`
Suspicious	VirusTotal score: 1/71 (Scanned on 2023-05-28 23:24:51)	`Cynet: Malicious (score: 100)`

Hashes

MD5	`75efec828405517c8dcb8cea40f9ea58`
SHA1	`7e958ab0c29448e60961537644b8a91a3dc5ac45`
SHA256	`5eb0648368bf2bc1f066d9eb903c8c9c38be799d491a6df4d0f1d63bc131b90f`
SHA3	`f34fb1053c584afd2276823e9bb51a812fcb433fc3a96d7f14bb3739fdf9ec26`
SSDeep	`49152:Xo53jAYh0uex0oAnCm6Ux9g2sDWEkmrH:XoRNmnUx8DWEnj`
Imports Hash	`ec1b501f1be07c17cfbe9249111c7e82`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Apr-20 03:57:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x130000`
SizeOfInitializedData	`0x171a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000F0AE4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2a6000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4c519ba261fef17b626c428b6eeb85cb`
SHA1	`0ceb49843f2858d7783e481bf95edae15172e9cc`
SHA256	`119fc724f74ee65ba50cbab33f9d9890780655a53424aa6c794bbe621ba0cfb6`
SHA3	`3ed9e96d6c20b99fd107cdd7a4e83e5a3d3989d038e23d8a68206fa0e64e41b3`
VirtualSize	`0x12ff90`
VirtualAddress	`0x1000`
SizeOfRawData	`0x130000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51446`

.rdata

MD5	`2b38b6a32acf3708d0ee9022d682d5ce`
SHA1	`d1ae76ec71b46ae59a8028071065009485a33544`
SHA256	`1aebad96fc1074773cb60b067b3bbab3f990e631c2b1587b4482b603632ed90e`
SHA3	`2172fbca881809ee7f22dc4cfb5300e9f32309e655cff449bb12facd642ac0b2`
VirtualSize	`0x6f58e`
VirtualAddress	`0x131000`
SizeOfRawData	`0x6f600`
PointerToRawData	`0x130400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.49861`

.data

MD5	`b45247b184247eac62ba701af1941fdc`
SHA1	`64e47e9982472d5d9119b943adabe70ebec541bf`
SHA256	`db17c0cbad7d91a1e00873c5830f75aa113fca3e0bb8ced28498baaf58419563`
SHA3	`7cc2a45008409b7555fd0913e84e48be9a6e7ccd9c11386c22fdd3616abe5084`
VirtualSize	`0x61c88`
VirtualAddress	`0x1a1000`
SizeOfRawData	`0x24e00`
PointerToRawData	`0x19fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.5169`

.pdata

MD5	`d35fb4ab6c96003c15f91909957b9e6f`
SHA1	`541b235f7c6ebbd48206ff250ba55d813d8df832`
SHA256	`931140e0fca2072b22ae206173b15a9b1e958a02aaf46da69e6b238ff98b5de1`
SHA3	`634b61215ef7a43db155f9a86ffb49aaa035ba9d8c10c3df9f8d51f6cd2ca5a9`
VirtualSize	`0xb898`
VirtualAddress	`0x203000`
SizeOfRawData	`0xba00`
PointerToRawData	`0x1c4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0164`

_RDATA

MD5	`eba586d5098b348d07e880f2acd9753c`
SHA1	`5dac18acf73456072481c79de4106e643323a7b5`
SHA256	`2796329774d8e2c1ef3a93c7cd1298104cca536c3060d304a9142695f0cfb442`
SHA3	`0e151e937d54982f0c456301b145201ace8f70b833c6b214518b523571c4afcb`
VirtualSize	`0x15c`
VirtualAddress	`0x20f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1d0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.33567`

.rsrc

MD5	`bc45f3eb9f32e2c7f0364cdb59fb50d1`
SHA1	`e6fb71beec94679ad2908a747c4d518f217a70cd`
SHA256	`58827919187209c171da283e69eb9a89b78ae054f43a1ee774e9d4b445f6bc47`
SHA3	`be4ad64dd54aea8baef99e4d45da4b7a44d85265f6f3291534cc9c3a6c495ab7`
VirtualSize	`0x91788`
VirtualAddress	`0x210000`
SizeOfRawData	`0x91800`
PointerToRawData	`0x1d0400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.48211`

.reloc

MD5	`fdf7915cd201eaab6828f3ca57bd62ad`
SHA1	`96202dee4386b1efed49c1fbd46f4babcff99eb4`
SHA256	`8bcde04bd62a9e3587388926f8f0bdeaf8491d91162e172f928e10ed43a4d4b4`
SHA3	`5aecce9fb898fb5a8cad569cdbb05e3c3e216237c95922071e2fba69d1061913`
VirtualSize	`0x317c`
VirtualAddress	`0x2a2000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x261c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44303`

Imports

CRYPT32.dll	`CertCloseStore` `CertEnumCertificatesInStore` `CryptStringToBinaryA` `CertFreeCertificateContext` `PFXImportCertStore` `CryptDecodeObjectEx` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertAddCertificateContextToStore` `CryptProtectData` `CertOpenStore` `CryptQueryObject` `CertFreeCertificateChain` `CertGetNameStringA` `CertFindExtension` `CertCreateCertificateChainEngine` `CertFindCertificateInStore`
KERNEL32.dll	`FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `GetDriveTypeW` `SetThreadContext` `GetThreadContext` `HeapDestroy` `HeapCreate` `MoveFileExA` `FormatMessageW` `SleepEx` `GetEnvironmentVariableA` `VerifyVersionInfoW` `GetSystemDirectoryA` `MapViewOfFile` `CreateFileMappingW` `CreateMutexExA` `InitializeCriticalSection` `OpenProcess` `AddVectoredExceptionHandler` `GetProcAddress` `GetVolumeInformationA` `LocalFree` `CreateMutexA` `GetLastError` `CloseHandle` `SetProcessAffinityMask` `GetProcessAffinityMask` `MulDiv` `SetConsoleTitleA` `AttachConsole` `AllocConsole` `GetConsoleWindow` `GetCurrentThreadId` `OutputDebugStringA` `GetCurrentProcess` `TerminateProcess` `GetCurrentProcessId` `CreateThread` `GetTickCount64` `DeleteCriticalSection` `UnmapViewOfFile` `InitializeCriticalSectionEx` `GetTickCount` `WaitForSingleObject` `GetCommandLineA` `ExitProcess` `VirtualProtect` `GetModuleHandleA` `GetVersionExA` `SetUnhandledExceptionFilter` `SetEnvironmentVariableA` `GetCurrentDirectoryA` `DecodePointer` `WriteConsoleW` `SetEndOfFile` `SetStdHandle` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `GetACP` `IsValidCodePage` `HeapSize` `ReadConsoleW` `GetConsoleMode` `GetConsoleOutputCP` `SetFilePointerEx` `GetFileSizeEx` `HeapReAlloc` `GetTimeZoneInformation` `GetFileType` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `HeapFree` `HeapAlloc` `GetStdHandle` `FreeLibraryAndExitThread` `ExitThread` `RtlUnwind` `LoadLibraryExW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `SetLastError` `InterlockedPushEntrySList` `RtlUnwindEx` `GetStartupInfoW` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `InitializeSListHead` `CreateEventW` `ReadFile` `WriteFile` `PeekNamedPipe` `CreateFileW` `WaitNamedPipeW` `lstrlenW` `GetModuleFileNameW` `SizeofResource` `FindResourceA` `GetModuleHandleExA` `LoadLibraryA` `LockResource` `LoadResource` `FreeLibrary` `CreateProcessA` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `FlushInstructionCache` `GetSystemFirmwareTable` `DeleteFileW` `MoveFileW` `VirtualQuery` `GetCommandLineW` `Thread32Next` `Thread32First` `SuspendThread` `ResumeThread` `CreateToolhelp32Snapshot` `GetThreadId` `OpenThread` `SetFilePointer` `GetTempPathA` `CreateFileA` `GetTempFileNameA` `FlushFileBuffers` `ReleaseMutex` `IsDebuggerPresent` `OutputDebugStringW` `RaiseException` `EnterCriticalSection` `LeaveCriticalSection` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `MultiByteToWideChar` `WaitForSingleObjectEx` `Sleep` `GetExitCodeThread` `GetNativeSystemInfo` `QueryPerformanceCounter` `QueryPerformanceFrequency` `FormatMessageA` `GetCurrentDirectoryW` `CreateDirectoryW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `GetFileInformationByHandle` `GetFinalPathNameByHandleW` `GetFullPathNameW` `SetFileInformationByHandle` `AreFileApisANSI` `GetModuleHandleW` `GetFileInformationByHandleEx` `WideCharToMultiByte` `GetLocaleInfoEx` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `SleepConditionVariableSRW` `IsProcessorFeaturePresent` `GetModuleHandleExW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `GetSystemTimeAsFileTime` `EncodePointer` `LCMapStringEx` `CompareStringEx` `GetCPInfo` `GetStringTypeW` `InitializeCriticalSectionAndSpinCount` `SetEvent` `ResetEvent` `TryAcquireSRWLockExclusive`
USER32.dll	`GetMessageA` `DispatchMessageA` `MoveWindow` `GetWindowLongPtrA` `SetProcessDPIAware` `SetFocus` `SetWindowLongPtrA` `SendMessageA` `CreateWindowExA` `MessageBoxA` `RegisterClassExA` `GetWindowTextA` `LoadIconA` `GetClientRect` `UnregisterClassA` `PostQuitMessage` `UpdateWindow` `SetWindowRgn` `SetWindowPos` `GetWindowRect` `DefWindowProcA` `SetWindowTextA` `DestroyWindow` `IsWindow` `ShowCursor` `DispatchMessageW` `LoadCursorA` `RegisterClassA` `AdjustWindowRect` `GetDC` `GetDesktopWindow` `ReleaseDC` `SetForegroundWindow` `TranslateMessage` `GetWindowTextW` `PeekMessageW` `GetSystemMetrics` `ShowWindow`
GDI32.dll	`CreateFontA` `CreateRoundRectRgn` `CreateBitmap` `GetDeviceCaps` `SetTextColor` `SetBkColor` `CreateSolidBrush` `DeleteObject`
ADVAPI32.dll	`CryptAcquireContextW` `CryptGenRandom` `CryptAcquireContextA` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `CryptGetHashParam` `CryptReleaseContext` `RegCloseKey` `RegQueryValueExW` `RegSetValueExW` `RegOpenKeyExA` `RegQueryValueExA` `RegCreateKeyExW` `GetUserNameA` `RegCreateKeyExA` `GetCurrentHwProfileA`
SHELL32.dll	`CommandLineToArgvW` `SHGetKnownFolderPath` `ShellExecuteA`
ole32.dll	`OleUninitialize` `CoTaskMemFree` `OleSetContainedObject` `CoInitialize` `CoCreateInstance` `OleInitialize` `CoGetClassObject` `CoUninitialize`
OLEAUT32.dll	`VariantCopy` `VariantClear` `VariantInit` `SysAllocString`
ntdll.dll	`NtQueryObject` `RtlPcToFileHeader` `VerSetConditionMask`
WS2_32.dll	`getpeername` `getsockname` `freeaddrinfo` `ntohl` `gethostbyname` `connect` `closesocket` `send` `WSASetLastError` `recv` `sendto` `recvfrom` `__WSAFDIsSet` `select` `ioctlsocket` `socket` `setsockopt` `htonl` `htons` `bind` `WSAStartup` `WSACleanup` `WSAEnumNetworkEvents` `getsockopt` `WSAWaitForMultipleEvents` `WSAResetEvent` `WSAEventSelect` `WSACreateEvent` `WSACloseEvent` `WSAGetLastError` `WSAIoctl` `listen` `accept` `ntohs` `getaddrinfo`
dwmapi.dll	`DwmSetWindowAttribute`
dbghelp.dll	`MiniDumpWriteDump`
bcrypt.dll	`BCryptGenRandom`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x1a1e94`

NvOptimusEnablement

Ordinal	`2`
Address	`0x1a1e90`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.07717`
MD5	`60c559cd2263d89b8ab96eca0dc46b72`
SHA1	`d7897d52f36ddd9395d04ed29ad3d2d74c95be18`
SHA256	`47a7feaf2f3edb172ee2b67a979f7ccf76b82c12dce03314aa4f1bb1f276d36b`
SHA3	`44cab11e6eba9073acc65400372e2b715c0373c5b1c4fc1be65651ff9260623f`

300

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1bbaf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95446`
Detected Filetype	JPEG graphic file
MD5	`fc65885e5413adaa08b7093577ed20bc`
SHA1	`7d5147937ae6d69db5bf438d4480bd5eb64a7c08`
SHA256	`cd5c933d1bcbbe088009d901f1386f99eddf49e8f2519352d86e8c2b0d0f1058`
SHA3	`c953f438ac2995420c380e36f8f213be4945a7b9ba25f41239cc2e8ed4a441cb`

301

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3169`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92963`
Detected Filetype	JPEG graphic file
MD5	`219d19bf9c4a44502fd59730b16a9d4d`
SHA1	`05ccbcb5897d70b6c177eeaad050502a0fcd25bd`
SHA256	`8922e5dbb6e927b93c6448e434758da3d2c5b4ea7092c581c13558138a189705`
SHA3	`2dfe752ba1c38ef85e527395b8bf6f0a337d46434f2e047440873707ef30f4eb`

302

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x236b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09296`
MD5	`688c4d17b27c8a2a6fa85cd51ba947fa`
SHA1	`b488212956331c81126c7a1d6d269cfc6c48512d`
SHA256	`4c584480420b887b731a712f772cede52e3b79c7d8d57522b95d798c94c576cb`
SHA3	`8fc988a39753c1317729c98aa2bd6124cef8860609e34f08583c9235c5543f68`

303

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.97976`
MD5	`9dc55f7237746c6a721552d1930050c1`
SHA1	`375967f25afe850d29c43ea934718f732100935c`
SHA256	`0711a69d3a7d6fcd112a84f3c5147e9b9b73d93745c5805498a932c69b8a929a`
SHA3	`d3754f9b7597bcb12644fdbbb5b092f0c4659bb3336a9022daf24abfd6a4e3a2`

304

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3886b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.81653`
MD5	`516f979d669e6b50e6ae27a8e5cb2119`
SHA1	`cba9a8e748104886f84feb2c1a900f2cd28bdc45`
SHA256	`6ff6414044792d4e28f534ee62a7f973510d493924b8c1b7d1e60085f964ef79`
SHA3	`13103247714019bf525519d397c3552c70346ee15be8998bea1445d6da99f161`

305

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99853`
MD5	`c10ccdbeae883346e67aa446bc6bb959`
SHA1	`40bf93cd4b96ee06a4be43a2b88e3ed783827a50`
SHA256	`beba007a3474abc3d59bc9048da222bdd9757401f59657683e5f99cf05b6befb`
SHA3	`e772d087ba3a891ad7212888f3d31af82c74aa3426c369fd0f5cc714b8a4f423`

306

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x46b7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87838`
MD5	`83252defde723829247a47fa90dbeb2f`
SHA1	`ef2a85c56fff62ce0974ad91ec73a8b65056c5c8`
SHA256	`096f4b188f92e73e89f4eddd1ea766bb8c512d4069a0e2cbbf1d2f3c28f42f3d`
SHA3	`9d91eed3937881c941cc0213f0cc9d3b5de8047bcd763a7f0dc380ebd42a3653`

307

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.8363`
MD5	`c45b5f59918c872d44b0afa768240541`
SHA1	`b88292b3b7fdca2490b9f177d2ab1d2aec82a8a9`
SHA256	`99a71965bc9240c255e55e737dd9094fe39d1ae0dc76d83e814ab60d4f6d49d8`
SHA3	`ac4508c08405cb955a98cf36c8a9c0150465453a02402d1915363637866c3511`

308

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.10777`
Detected Filetype	PE Executable
MD5	`78d03add52542f16e58ecdb709da390e`
SHA1	`576817136790a7a6c2001282558500565535e7a1`
SHA256	`6969b430e0580ebc311ebe768ea7e46cc151f8ed57e4544aa6e7783d49dc766b`
SHA3	`938d24316c07a153302e8a984254a1a8fc993346080adc62ead9746cad20549e`

102

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`3c55b244b9535cc3aae184f96a388ad2`
SHA1	`309dfbcf4c99cbf7c6a0153fddcfaf05f3541404`
SHA256	`160ced3238da5472a5eb09b338063783577b840a5c1c8cea6ed3a2d0faa13bd3`
SHA3	`6ffb53a5a5176701653c80a45d83c3b343c009bd716e22ec13de881097192215`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3809`
MD5	`de81642e20f2d1773401155850766f24`
SHA1	`b0cb8e550179903ce4ae45415f8c6434172835e2`
SHA256	`fd02837e8bcb4800508a22967b3f741ec19bbda73e48c1d33407d39b7d591446`
SHA3	`0f0696017bd78b8c0ab408f8733ec8c58244926c32b1b5becd3a1b88d172b7c5`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x281`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05831`
MD5	`6b057cddf98eb53cc7964cb60958b702`
SHA1	`2142046f6131e940c1e9e0c64186eb9edd5a8ce6`
SHA256	`105b1bf965395ae9f508b621a31d04e02043d4e34d3ac4a4c96e230e3a29f2fb`
SHA3	`b319ab20f779dd55165b4ea650ff97b0a66c7993b46793d55f89bd76c2aaf0ca`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.1.1036
ProductVersion	0.0.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	momo5502
FileDescription	BOIII
FileVersion (#2)	0.0.1.1036
InternalName	something
LegalCopyright	Copyright (C) 2022 momo5502. All rights reserved.
OriginalFilename	boiii.exe
ProductName	BOIII
ProductVersion (#2)	0.0.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Apr-20 03:57:03
Version	`0.0`
SizeofData	`73`
AddressOfRawData	`0x18d6b4`
PointerToRawData	`0x18cab4`
Referenced File	D:\a\boiii\boiii\build\bin\x64\Release\boiii.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Apr-20 03:57:03
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x18d700`
PointerToRawData	`0x18cb00`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Apr-20 03:57:03
Version	`0.0`
SizeofData	`1124`
AddressOfRawData	`0x18d714`
PointerToRawData	`0x18cb14`

TLS Callbacks

StartAddressOfRawData	`0x14018dba0`
EndAddressOfRawData	`0x14018df7c`
AddressOfIndex	`0x1401c6c14`
AddressOfCallbacks	`0x140132000`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001400EFFE4` `0x00000001400F0098`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1401a1220`

RICH Header

XOR Key	`0x7b2eb96b`
Unmarked objects	`0`
ASM objects (30795)	`12`
C++ objects (30795)	`204`
253 (31823)	`6`
C objects (31823)	`18`
ASM objects (31823)	`12`
C++ objects (31823)	`106`
C objects (30795)	`29`
C objects (CVTCIL) (30795)	`1`
Imports (30795)	`29`
Total imports	`381`
C++ objects (LTCG) (31943)	`538`
Exports (31943)	`1`
Resource objects (31943)	`1`
151	`1`
Linker (31943)	`1`

75efec828405517c8dcb8cea40f9ea58

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

300

301

302

303

304

305

306

307

308

102

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors