Manalyze report for 7767e66fb5b166995e300252aa61f22b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Feb-29 21:56:49
Detected languages	English - United Kingdom English - United States
Debug artifacts	D:\a\GameMaker\GameMaker\GameMaker\Runner\VC_Runner\x64\Release-Zeus\Runner.pdb
CompanyName	YoYo Games Ltd
FileDescription	A GameMaker Game
FileVersion	`1.0.0.0`
LegalCopyright
PrivateBuild	01.00.00.00
ProductName	Created with GameMaker
ProductVersion	`1.0.0.0`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Info	Interesting strings found in the binary:	`Contains domain names: https://yoyogames.zendesk.com https://yoyogames.zendesk.com/hc/en-us/articles/360002243797 memtest86.com sourceware.org www.memtest86.com yoyogames.zendesk.com zendesk.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: minATL` `Unusual section name found: .mydata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowA` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptGenRandom CryptReleaseContext CryptAcquireContextA` `Can create temporary files: GetTempPathW CreateFileW GetTempPathA` `Uses functions commonly found in keyloggers: GetAsyncKeyState CallNextHookEx` `Has Internet access capabilities: InternetWriteFile InternetCloseHandle InternetConnectA InternetCrackUrlA InternetCanonicalizeUrlA InternetOpenA InternetReadFile InternetGetConnectedState` `Leverages the raw socket API to access the Internet: getaddrinfo WSAStartup listen send socket connect gethostname recvfrom recv getsockopt freeaddrinfo sendto ioctlsocket setsockopt WSAGetLastError getpeername inet_ntop getnameinfo __WSAFDIsSet select ntohl ntohs htonl htons inet_pton closesocket bind accept WSACleanup getsockname WSAAddressToStringA` `Enumerates local disk drives: GetDriveTypeW` `Can take screenshots: GetDC FindWindowA` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	VirusTotal score: 1/72 (Scanned on 2024-05-30 14:35:12)	`Sangfor: Worm.Win32.Save.a`

Hashes

MD5	`7767e66fb5b166995e300252aa61f22b`
SHA1	`259a8d5f5a22069835e7463b9bfa01e92f7c9db4`
SHA256	`7f31a749ec2bed49c4c408ede74597cc4a55b3f127288f70937081f52575a057`
SHA3	`58bc29681d4f724c4d3f1abd8fa133c740e4dcb6b390b11f784e1b937bee976e`
SSDeep	`196608:2XDu1wa1XYwsUkxCWU8lAuIUTcEM2QDoQaMRq+AraAuLOUUjrsQUSKNjeI2CmzlA:2IHrmaNO0/8o`
Imports Hash	`a66fe83a09391aaa5e5e274956e89072`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2024-Feb-29 21:56:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8e1000`
SizeOfInitializedData	`0x2f6600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000083A298 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xe41000`
SizeOfHeaders	`0x400`
Checksum	`0xbe2b60`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b94ba6ebacf90aca174cfeda9b04bcc2`
SHA1	`1ab59aea17bdcc1816b0bfc1220aabd4adb409f3`
SHA256	`00e04cc0bb226d7b64eda0864a38ae20ad7c87b2f7ac690eaf7bd6a2e3e3ae06`
SHA3	`b9c33fb658e35e82eff44b29deb3c73bc063f59e6bcc5058e4694cf02467db84`
VirtualSize	`0x8e0e88`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8e1000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53454`

.rdata

MD5	`6b34f6935f2705866e8fed2c2aca69a1`
SHA1	`100bb3daeae3240cdaeed3f78ca52d43039b614e`
SHA256	`137313825e25275afab506241c43141ef0b8883fb9129f242c7731b58497b753`
SHA3	`63c9a73e0be78cd04ae763e4c9303471d2b0965ca09b6d775518db4acd017fe3`
VirtualSize	`0x20ee5a`
VirtualAddress	`0x8e2000`
SizeOfRawData	`0x20f000`
PointerToRawData	`0x8e1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.99462`

.data

MD5	`d554d0d30891a2faaa07dd93f9808a80`
SHA1	`c8d6ff070634ceee55a54db791038e28a104b02e`
SHA256	`e713d534622a0a94bd7baf84f50610c5c5a77332de80a19834d4afe3cd7bbc34`
SHA3	`8e10ef58138da73dbd9f8be081d0a8101213882e05f11f497a7057532f3c2d42`
VirtualSize	`0x2d90c0`
VirtualAddress	`0xaf1000`
SizeOfRawData	`0x74e00`
PointerToRawData	`0xaf0400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.32607`

.pdata

MD5	`6058edbda3c0103ab373e13cee8928ad`
SHA1	`532d778041be7f3c01cb9781aecf32b4f44267bf`
SHA256	`eabef2a5109c55e5800039e9f1303c1631d4e4ec96faa5dab0fa27036c6715aa`
SHA3	`2f5d4ade00b7cf85c5e156035c9048b4a3c235e8950be6298ec58f59211e5315`
VirtualSize	`0x674c4`
VirtualAddress	`0xdcb000`
SizeOfRawData	`0x67600`
PointerToRawData	`0xb65200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.58822`

minATL

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x18`
VirtualAddress	`0xe33000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbcc800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

_RDATA

MD5	`e3c8904458cce5c1131c82b75ad49882`
SHA1	`ea5de631d3c1cded201fe81eaf80b4876e416358`
SHA256	`17ce985abe6b7b1f14ed3b501f6ec74d9f857d426eb5685d1ebfa1d1f7239040`
SHA3	`467b800ce068fcf0686d147bd9736c305e7dd5a0688ae4595bef0d3dd048797e`
VirtualSize	`0xf4`
VirtualAddress	`0xe34000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbcca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.43932`

.mydata

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x18`
VirtualAddress	`0xe35000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbccc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`3d35ef08830fc8be5970271e9a6a092d`
SHA1	`807d44c6b5350c717b1c0d039cf96911c917d577`
SHA256	`dbcef55b940b84d24b73859f9d95f3e7f3265492b18ef8d32122d7d74bfd4813`
SHA3	`7bfb30de47ec5ab6ed00a4e3782772abd15212ae6310a81a0308d325caf9a2a6`
VirtualSize	`0xab20`
VirtualAddress	`0xe36000`
SizeOfRawData	`0xac00`
PointerToRawData	`0xbcce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94125`

Imports

RPCRT4.dll	`UuidToStringW` `UuidCreate`
WININET.dll	`HttpEndRequestW` `InternetWriteFile` `InternetCloseHandle` `HttpSendRequestA` `InternetConnectA` `InternetCrackUrlA` `InternetCanonicalizeUrlA` `HttpOpenRequestA` `HttpQueryInfoA` `InternetOpenA` `InternetReadFile` `InternetGetConnectedState`
d3d11.dll	`D3D11CreateDevice`
dbghelp.dll	`MiniDumpWriteDump` `SymInitialize` `SymFromAddr`
WINMM.dll	`joyGetPosEx` `mciSendStringA` `timeGetTime` `timeGetDevCaps` `timeEndPeriod` `timeBeginPeriod` `joyGetPos`
WS2_32.dll	`getaddrinfo` `WSAStartup` `listen` `send` `socket` `connect` `gethostname` `recvfrom` `recv` `getsockopt` `freeaddrinfo` `sendto` `ioctlsocket` `setsockopt` `WSAGetLastError` `getpeername` `inet_ntop` `getnameinfo` `__WSAFDIsSet` `select` `ntohl` `ntohs` `htonl` `htons` `inet_pton` `closesocket` `bind` `accept` `WSACleanup` `getsockname` `WSAAddressToStringA`
gdiplus.dll	`GdiplusShutdown` `GdiplusStartup`
COMCTL32.dll	`InitCommonControlsEx`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
MFPlat.DLL	`MFStartup` `MFCreateSourceResolver` `MFCreateMediaType` `MFShutdown`
MF.dll	`MFCreateAudioRendererActivate` `MFCreateTopologyNode` `MFCreateMediaSession` `MFCreateSampleGrabberSinkActivate` `MFGetService` `MFCreateTopology`
IPHLPAPI.DLL	`GetAdaptersAddresses` `NotifyIpInterfaceChange` `CancelMibChangeNotify2`
KERNEL32.dll	`SetConsoleCtrlHandler` `GetCurrentThread` `WriteFile` `GetStdHandle` `FreeLibraryAndExitThread` `ExitThread` `PeekNamedPipe` `GetFileType` `GetFileInformationByHandle` `GetDriveTypeW` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `FindFirstFileExW` `MoveFileExW` `SetFileAttributesW` `GetFileAttributesExW` `GetModuleHandleExW` `HeapWalk` `HeapValidate` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `RtlUnwind` `LoadLibraryExW` `GetTempPathW` `InterlockedPushEntrySList` `RtlPcToFileHeader` `RtlUnwindEx` `VirtualQuery` `GetProcessHeap` `HeapFree` `HeapAlloc` `InitializeSListHead` `GetConsoleMode` `GetFileSizeEx` `RaiseException` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `SetFilePointerEx` `ReadConsoleW` `SetStdHandle` `GetTimeZoneInformation` `HeapReAlloc` `IsValidLocale` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `InterlockedFlushSList` `Sleep` `LoadLibraryW` `GetProcAddress` `MultiByteToWideChar` `WideCharToMultiByte` `GetLastError` `LoadLibraryA` `OutputDebugStringA` `SetWaitableTimer` `CreateWaitableTimerW` `CloseHandle` `GetConsoleWindow` `SetLastError` `GetFullPathNameW` `GetExitCodeThread` `FormatMessageW` `DeleteFileW` `CreateThread` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `LocalFree` `GetModuleHandleW` `ReadFile` `SetFilePointer` `CreateFileW` `GetFileAttributesW` `GetCurrentDirectoryA` `SetCurrentDirectoryA` `SetEnvironmentVariableW` `FreeLibrary` `FormatMessageA` `CreateDirectoryW` `FindFirstFileW` `FindNextFileW` `RemoveDirectoryW` `GetModuleFileNameW` `GetUserDefaultLCID` `ResumeThread` `GetTempPathA` `CreateProcessW` `CreateDirectoryA` `WaitForSingleObject` `GetTickCount64` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetCurrentProcess` `K32GetProcessMemoryInfo` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GetLocaleInfoW` `GetVersionExW` `GetSystemInfo` `GlobalMemoryStatusEx` `VerSetConditionMask` `VerifyVersionInfoW` `GlobalFree` `GetCurrentProcessId` `DebugBreak` `GetEnvironmentVariableA` `ExitProcess` `lstrlenA` `GetVersion` `SetEnvironmentVariableA` `CreateFileMappingW` `MapViewOfFile` `MoveFileA` `GetCommandLineW` `ExpandEnvironmentStringsW` `GetFinalPathNameByHandleW` `SetErrorMode` `GetCurrentThreadId` `SetUnhandledExceptionFilter` `WaitForSingleObjectEx` `CreateEventExA` `OutputDebugStringW` `TerminateProcess` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `CreateEventW` `ResetEvent` `SetEvent` `GetStringTypeW` `GetLocaleInfoEx` `GetCPInfo` `CompareStringEx` `LCMapStringEx` `DecodePointer` `EncodePointer` `CreateSymbolicLinkW` `GetFileInformationByHandleEx` `CloseThreadpoolWait` `SetThreadpoolWait` `CreateThreadpoolWait` `CloseThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `SetThreadpoolTimer` `CreateThreadpoolTimer` `CloseThreadpoolWork` `SubmitThreadpoolWork` `CreateThreadpoolWork` `FreeLibraryWhenCallbackReturns` `GetSystemTimeAsFileTime` `GetCurrentProcessorNumber` `FlushProcessWriteBuffers` `CreateSemaphoreExW` `CreateEventExW` `InitOnceExecuteOnce` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `SetFileInformationByHandle` `GetNativeSystemInfo` `SwitchToThread` `SetEndOfFile` `SleepConditionVariableSRW` `SleepConditionVariableCS` `WakeAllConditionVariable` `WakeConditionVariable` `InitializeConditionVariable` `TryEnterCriticalSection` `InitializeCriticalSectionEx` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `InitializeSRWLock` `SetThreadPriority` `DeleteCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `EnterCriticalSection` `RtlCaptureStackBackTrace` `LCMapStringW` `EnumSystemLocalesW` `FlushFileBuffers` `FindClose` `GetConsoleOutputCP` `HeapSize` `GetFileSize` `WriteConsoleW`
USER32.dll	`MsgWaitForMultipleObjectsEx` `EnumDisplaySettingsA` `TranslateMessage` `SetProcessDPIAware` `SetDlgItemTextA` `MessageBoxA` `GetFocus` `PeekMessageW` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `IsClipboardFormatAvailable` `keybd_event` `GetAsyncKeyState` `IsWindowVisible` `IsDialogMessageW` `OpenClipboard` `DispatchMessageW` `GetCursorPos` `SetCursorPos` `UpdateWindow` `EnumDisplaySettingsW` `GetMonitorInfoW` `ShowWindow` `GetSystemMetrics` `SendMessageW` `SetWindowLongPtrW` `MonitorFromWindow` `GetWindowLongPtrW` `GetLayeredWindowAttributes` `IntersectRect` `GetWindowLongW` `GetWindowPlacement` `SetWindowPos` `GetWindowRect` `wsprintfW` `GetActiveWindow` `ClientToScreen` `MoveWindow` `CreateDialogParamW` `GetDC` `EndDialog` `SetWindowTextW` `SetDlgItemTextW` `GetDlgItemTextW` `GetDlgItem` `DrawTextW` `DialogBoxParamW` `ReleaseDC` `DefWindowProcW` `GetKeyState` `DestroyWindow` `CreateWindowExW` `ScreenToClient` `CallNextHookEx` `RegisterClassExW` `FindWindowExA` `MapWindowPoints` `SetWindowPlacement` `UnhookWindowsHookEx` `EnumWindows` `SetFocus` `BringWindowToTop` `EnumDisplayDevicesW` `LoadCursorW` `SendMessageA` `SetParent` `SetCapture` `SetWindowsHookExW` `SetCursor` `GetClientRect` `PostThreadMessageW` `FindWindowA` `ReleaseCapture` `SetForegroundWindow` `LoadImageW` `MessageBoxW` `GetRawInputDeviceInfoA` `GetRawInputDeviceList` `AdjustWindowRectEx` `PostMessageW`
GDI32.dll	`SelectObject` `DeleteObject` `CombineRgn` `GetRgnBox` `CreateRectRgnIndirect` `GetDeviceCaps` `GetStockObject`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `CryptGenRandom` `CryptReleaseContext` `RegQueryValueExW` `CryptAcquireContextA`
SHELL32.dll	`ShellExecuteW` `SHGetFolderPathW`
ole32.dll	`CoCreateInstance` `CoCreateFreeThreadedMarshaler` `CoTaskMemFree` `CoInitialize` `PropVariantClear`
dwmapi.dll	`DwmGetWindowAttribute` `DwmSetWindowAttribute` `DwmGetCompositionTimingInfo`
IMM32.dll	`ImmGetContext` `ImmSetCompositionWindow` `ImmReleaseContext` `ImmSetCandidateWindow`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07704`
MD5	`892f0f6732ef0f73cf6db51e62017a74`
SHA1	`7d4428613b8ec9c1380ed96e18d4f2d0c380c94a`
SHA256	`96c7b054d2e1d983e964da4f6749b7a8e4fe6296cb4803b5668bf61a1d5deda4`
SHA3	`aaff03cd3c772f9407539198680994d4b6303f226f27df7ddba46096d6373f36`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xb94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77657`
Detected Filetype	PNG graphic file
MD5	`3081d85d3206bed95e153b77123cd0de`
SHA1	`b28f47d0042a62841aa69694176081ca1f3269d4`
SHA256	`4ff9fb0d9f2aeba8895ebf42fe0768c829ff1ae472c61ca484c895afd5b829fd`
SHA3	`a19984d4615a0e42e354bafde40ec9864cb799ccc1a5f2a6b090ccd0f34f8984`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89367`
MD5	`713948be21003dfb618ecdb185e50a59`
SHA1	`e1b814c0073be99d0f28e2ddb7d13b073f3dc67c`
SHA256	`f07f55d8a2d3e560f02673c49c8469b51a8d3548d7a1f0ee47355d6f080c9de8`
SHA3	`c1a3d3c7b76024fac53f24210b659a9bb52b0c6230589d095090e6b7e467fd2a`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36684`
MD5	`4b54f097cdb6fa39423033d47fa200db`
SHA1	`bde6c7a67f2b92f27aa875d4955999a9772ff2bf`
SHA256	`6a73143cfacd86719eecf2cc45bb66c23391ac62d0ffa167a1acda97b218a1a1`
SHA3	`2d1407d8b37f12533b8c67a507e830cf7c707f921c4f1dc2bb2f685733046eda`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4c28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.04121`
MD5	`5862fb822647bb0222206552d93026f2`
SHA1	`c8df9419ceba783553fc9f5da52146a52d950867`
SHA256	`91b02dbfc7de3d446cfa0c582ffcd94754e063ab54450b8545e926755c301d9f`
SHA3	`00567047bfdf427cf64883cba41b3bee99520b33a6ad22c0d5d8f2108cee0d5e`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1ae3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86085`
Detected Filetype	PNG graphic file
MD5	`e602c6a4d4ddd15813cc8ab00888f496`
SHA1	`60bf529178e5f05463719555bd52551798e6ac88`
SHA256	`22813a19603dfdabbc152571db92cadd0f0a4192d8cff8942baae650c820c808`
SHA3	`58da0492c870c76a71c95de41ddb4735f69f314788516ad71b50c190c14b3cb7`

IDD_ERROR_CODE

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11903`
MD5	`ac3f07c5aa93e413823a32f659240ad1`
SHA1	`d78e110cb30ccff6366e410f6a16009383f8f2e9`
SHA256	`b45c6a3366adc913f8d1f3cd2289aeddc2b4dae28c0e39daa911009f50234c43`
SHA3	`89f27075d14968fef9bdad5097adf1e3f751b7238149ba82eec741da3e19086a`

IDD_INPUTQUERY

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06903`
MD5	`c2624d0a67009076569b24ceaf5c25f0`
SHA1	`9430e62b31117c2a62b30d5067a9a485b2b92262`
SHA256	`6bd1990b830571c05426131c936352f081dbf227a5f1f8708be380bb68c0ef1e`
SHA3	`87c0e1470f39b15c7cde38546d123ea57c64a448bb9ec5e30e1582325f7d6497`

IDD_LOGIN_ASYNC

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x13c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07583`
MD5	`6b0f04cd06a91ff5ee96decd8eb6dbc6`
SHA1	`240236f7e7f1c2cea21c1d5eac0bef98094eb18a`
SHA256	`28ae1807e280b537ef8a9b5df66942cd52adf418cd5a2e0b07ef48b25bd08955`
SHA3	`f3d6f5a0f7c6fb4bd8a283c4f8bfc9337364cb28e696784dcb8f543d9d79e89b`

IDD_MESSAGE_ASYNC

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00453`
MD5	`ed9d6ad0e3e5f287913a8c39386eb08e`
SHA1	`3856ad95adbb8ffdb971bd44a43e32ff7da10c9e`
SHA256	`09ae8082cc363799b57616423e47409390c11fc632c0958826d98420683aa83a`
SHA3	`19d277b2aea915c99d664198e3339347acae3070829ba1269eda8de02a6b820e`

IDD_QUESTION

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11344`
MD5	`c73c99bc6638f100b097bf7fcca8f264`
SHA1	`1713cd590521632bcfb0be68c27b18a740edec1c`
SHA256	`a0c9982c1806c9802b63ba6a73a9deedd2825fe0b7a6b86ec16c098d8422587d`
SHA3	`ac3b5ddd8e27e4d89cce23d9fd85784ffc8e1a7b827a762e384f4a9bb45b3f08`

152

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.6789`
Detected Filetype	Icon file
MD5	`52132647d1908c944ed02cf48bae2575`
SHA1	`b0de7e97c65c4bd58991a7e6b5389aa1250447e2`
SHA256	`f30bd63178064c66ba896cfd7688f5c82b66f67135bffbcf557ec5ba6eca7e5d`
SHA3	`86c9abdffeeb7e62df00d254852204d8a816d0f3d83d70dcc4f337bb94dec0c5`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x27c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30206`
MD5	`9cc64979ebebfc03be1b9f735093504b`
SHA1	`cf0dd8cb0c4b762e3f423b14c8c464d0bf976941`
SHA256	`40e6d50ea195255f7218df9f0a7576da2bd1d5cd313b85c05ddd6a9694699501`
SHA3	`9e10a25f26ea5cebdc632cc6f212d12663d1ca9b3634ad683e8d3228df50c0d1`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x340`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11335`
MD5	`291ed637ff774c565467127b4dc6f604`
SHA1	`b3712edf7e24864402805cf9fe5b1de2c6224489`
SHA256	`bbb722efa85a50eef34ff211a8f26cc6ec7c6d7e2db0a6958c7d2fbc693fe8d3`
SHA3	`1d912a13d46db4232b411c8ea0c84f02fac3cbce88ed013f399fdc999bd30983`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United Kingdom
CompanyName	YoYo Games Ltd
FileDescription	A GameMaker Game
FileVersion (#2)	1.0.0.0
LegalCopyright
PrivateBuild	01.00.00.00
ProductName	Created with GameMaker
ProductVersion (#2)	1.0.0.0

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Feb-29 21:56:49
Version	`0.0`
SizeofData	`104`
AddressOfRawData	`0xa357a0`
PointerToRawData	`0xa34ba0`
Referenced File	D:\a\GameMaker\GameMaker\GameMaker\Runner\VC_Runner\x64\Release-Zeus\Runner.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Feb-29 21:56:49
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xa35808`
PointerToRawData	`0xa34c08`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Feb-29 21:56:49
Version	`0.0`
SizeofData	`1156`
AddressOfRawData	`0xa3581c`
PointerToRawData	`0xa34c1c`

TLS Callbacks

StartAddressOfRawData	`0x140a35cd0`
EndAddressOfRawData	`0x140a35cd8`
AddressOfIndex	`0x140b67a74`
AddressOfCallbacks	`0x1408e3180`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140af98e8`

RICH Header

XOR Key	`0x10d94a5e`
Unmarked objects	`0`
ASM objects (30795)	`35`
253 (28518)	`8`
C objects (30034)	`20`
ASM objects (30034)	`12`
C++ objects (30034)	`93`
C++ objects (30154)	`40`
C++ objects (30795)	`223`
C objects (30795)	`61`
C objects (30154)	`40`
Imports (30795)	`43`
Total imports	`384`
C++ objects (LTCG) (30154)	`463`
Resource objects (30154)	`1`
151	`1`
Linker (30154)	`1`

Errors

[*] Warning: Could not read a WIN_CERTIFICATE's header.