7fdbb1dffc49b8579cf4ef6d416aad5c37212bd5f687dc4efc1621fc8966c1b3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Jun-18 11:25:05
Detected languages English - United States
Process Default Language
Debug artifacts D:\buildarea\frla\Xjc2branchpcsource\build\Win32\bins\JustCause2\Final\JustCause2_F.pdb
CompanyName Avalanche Studios
FileDescription Just Cause 2
FileVersion 1, 0, 0, 2
InternalName JustCause2
LegalCopyright Copyright (C) 2010
OriginalFilename JustCause2.exe
ProductName Just Cause 2
ProductVersion 1, 0, 0, 2

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig2(h)
MASM/TASM - sig1(h)
MSVC++ v.8 (procedure 1 recognized - h)
Suspicious Strings found in the binary may indicate undesirable behavior: Tries to detect virtualized environments:
  • Hardware\Description\System
 May have dropper capabilities:
  • CurrentControlSet\Services
 Accesses the WMI:
  • root\cimv2
 Contains domain names:
  • Havok.com
  • avalanchestudios.se
  • challenge.info
  • eidos.co.uk
  • eidos.com
  • game-metrics.eidos.co.uk
  • game.infocast.eidos.co.uk
  • gui.challenge.info
  • http://jc2-pc-game.infocast.eidos.co.uk
  • http://www.avalanchestudios.se
  • http://www.eidos.com
  • https://jc2-pc-game-metrics.eidos.co.uk
  • infocast.eidos.co.uk
  • jc2-pc-game-metrics.eidos.co.uk
  • jc2-pc-game.infocast.eidos.co.uk
  • metrics.eidos.co.uk
  • pc-game-metrics.eidos.co.uk
  • pc-game.infocast.eidos.co.uk
  • www.avalanchestudios.se
  • www.eidos.com
  • www.lua.org
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to AES
Uses known Mersenne Twister constants
Suspicious The PE is possibly packed. Unusual section name found: .version
Unusual section name found: .nvFatBi
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryA
 Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
 Can access the registry:
  • RegQueryValueExA
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegCreateKeyExA
  • RegSetValueExA
  • RegOpenKeyExA
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessW
  • system
 Uses Windows's Native API:
  • ntohs
  • ntohl
 Leverages the raw socket API to access the Internet:
  • htonl
  • ntohs
  • gethostbyname
  • ntohl
  • select
  • __WSAFDIsSet
  • accept
  • recv
  • shutdown
  • closesocket
  • socket
  • ioctlsocket
  • inet_addr
  • htons
  • connect
  • WSAGetLastError
  • bind
  • listen
  • WSAStartup
  • WSACleanup
  • setsockopt
  • WSAAsyncSelect
  • send
  • gethostname
  • inet_ntoa
Info The PE's resources present abnormal characteristics. Resource 6 is possibly compressed or encrypted.
Resource 8 is possibly compressed or encrypted.
Info The PE is digitally signed. Signer: Valve Corp.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 514167cb2eeec42efe9abfa0fddccfcc
SHA1 8fa85aad9df8fe398ea15b8e1576a7f35ca58663
SHA256 7fdbb1dffc49b8579cf4ef6d416aad5c37212bd5f687dc4efc1621fc8966c1b3
SHA3 02932a7d4262f81eafeeb8c0b0da29f5c97f9954e9e82beb282726e2b47348a9
SSDeep 196608:+lXL3RPeUUKdntLPNTJdLBjwOUo9vpV3k9WEOdB67/YAy6:+lXLhPeUfPhJdL+ApVU9AfP6
Imports Hash ccddc5f0fda854d108cd64d091350735

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x128

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2010-Jun-18 11:25:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x991200
SizeOfInitializedData 0x44c000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00005290 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x993000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x10d2000
SizeOfHeaders 0x400
Checksum 0xdedaea
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a25c50430163cc37d04b412019390dfd
SHA1 84411e80a0c7c63716088eb37d4b8c10eda59c7b
SHA256 3b97a18ca6334589590ba6ce5948fb94bafb808fb1bf27e4bc5d4e6a50365933
SHA3 7120f11507b7e8f9cf6eb7b3e5633a42cc92c609ddf6de9966056f153c948bc1
VirtualSize 0x991120
VirtualAddress 0x1000
SizeOfRawData 0x991200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.7204

.rdata

MD5 3b4a60601ebfe8ba89ec68f17d50b468
SHA1 196198c1dc172a21739a6c840310b6d6edb0860f
SHA256 aee96a813038b9e0b57b4ca4492b2bf7e35ce067411164312c105fec7e9b38be
SHA3 fce015a62ce07836bc7f0ed1b5864034ca79bbc4aab201608e56e8e5fc35ca28
VirtualSize 0x2cb651
VirtualAddress 0x993000
SizeOfRawData 0x2cb800
PointerToRawData 0x991600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.43128

.data

MD5 4360a0cfba4f7948e2218d3390f917ec
SHA1 30cc9d4eab46a8dd7595c29bf9d0b70cf38cb0ba
SHA256 8e4f9a12a92db58476f05a3bf5902787b7b39d6bcc020f38240675f787deb6d7
SHA3 e709f29728d1b0829a4acd9a1591756a73442044e209a1d181ad3bd17daf7a1a
VirtualSize 0x41f3c0
VirtualAddress 0xc5f000
SizeOfRawData 0x130c00
PointerToRawData 0xc5ce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.12329

.version

MD5 e0c4d73de06653b9a9a91649f26a0bb0
SHA1 589422ce3251f26410fa2e8db48a23251ebcac9b
SHA256 5b34596362f15cc94fa8afdedb18620b7b31ab86a28572af422bc6e92da738f1
SHA3 53bbb539b4c1927edff06b3e7ebc65e884ca5f1ddd7a42855cf8e9f74408e06d
VirtualSize 0x4
VirtualAddress 0x107f000
SizeOfRawData 0x200
PointerToRawData 0xd8da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0815394

.tls

MD5 432a8cb2b51fc7355eddad5cc2c561ed
SHA1 5de441352b72b898471b591a62ea5eeefa1ecc71
SHA256 0d84920e8997317d9da9becdbde61b19d967bc30dcfd55930ff3ff815e67b2e4
SHA3 a55867f48aaaa23c6114e40320369c8bc2c6de9140e93ada2446017aab7ba1b8
VirtualSize 0x19
VirtualAddress 0x1080000
SizeOfRawData 0x200
PointerToRawData 0xd8dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0919834

.nvFatBi

MD5 b6d63a83064e237c61f1e35548c0a563
SHA1 ff943cc79d8ded4a652c5b7f45d2c48560000d39
SHA256 e29556ea5a92dfde61d49ad8196087cc6974a7d3a13aae8d20806701ef55277f
SHA3 51168056802074438f43e6fdef68959aa468062b6030f55f2125785ab697e518
VirtualSize 0x78
VirtualAddress 0x1081000
SizeOfRawData 0x200
PointerToRawData 0xd8de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.24417

.rsrc

MD5 297c94603656a0e18ac891233bdc0388
SHA1 aede4cea1e2f2b8df581bef6e4e91acbcae905c8
SHA256 14db11aca19a83580eed97d0ab59aa08f099e9b34d4a19226444e9a9c62be2c4
SHA3 5a2113f19a7be1e14a037d2b0ca9f074b3a897ef81573812a93f82537499df74
VirtualSize 0x4f5c8
VirtualAddress 0x1082000
SizeOfRawData 0x4f600
PointerToRawData 0xd8e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.30209

Imports

steam_api.dll SteamAPI_WriteMiniDump
SteamAPI_SetMiniDumpComment
SteamAPI_Shutdown
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamApps
SteamUtils
SteamClient
SteamAPI_Init
SteamFriends
SteamUserStats
SteamUser
SteamRemoteStorage
SteamAPI_RestartAppIfNecessary
SteamAPI_UnregisterCallback
KERNEL32.dll Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
ReleaseMutex
WaitForSingleObject
GetLastError
CreateMutexA
CreateProcessW
LocalFree
FormatMessageW
OutputDebugStringA
SetThreadExecutionState
GlobalMemoryStatusEx
lstrcmpiA
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
VerifyVersionInfoA
VerSetConditionMask
SleepEx
GetCurrentDirectoryA
GetCommandLineA
FreeConsole
WriteConsoleA
GetStdHandle
AttachConsole
GetModuleFileNameW
GetCurrentDirectoryW
LoadLibraryA
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEvent
InterlockedExchange
InterlockedCompareExchange
ExitProcess
HeapAlloc
HeapFree
GetProcessHeap
UnmapViewOfFile
CreateEventA
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceW
GetConsoleWindow
GetEnvironmentStringsW
GetCommandLineW
GetStartupInfoW
GetModuleHandleA
SetLastError
ReleaseSemaphore
CreateFileA
InterlockedIncrement
GetModuleFileNameA
GetModuleHandleExA
MapViewOfFile
CreateFileMappingA
CreateSemaphoreA
CloseHandle
GetComputerNameA
GetSystemTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetFileInformationByHandle
lstrcmpiW
CreateFileW
lstrlenW
GetFullPathNameW
HeapSize
GetProcessTimes
GetCurrentProcess
GetFileTime
OpenFileMappingA
OpenEventA
GetSystemDirectoryW
GetWindowsDirectoryW
RaiseException
LeaveCriticalSection
GetFileSize
ReadFileEx
GetProcessAffinityMask
Sleep
SetThreadPriorityBoost
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetFileAttributesA
ReadFile
FormatMessageA
InterlockedExchangeAdd
SetThreadAffinityMask
SetThreadIdealProcessor
TlsSetValue
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
TlsAlloc
WaitForMultipleObjects
TlsFree
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetThreadPriority
CreateThread
ResumeThread
ResetEvent
TlsGetValue
QueryPerformanceCounter
QueryPerformanceFrequency
FindClose
FindNextFileA
FindFirstFileA
OpenThread
SuspendThread
Thread32Next
GetCurrentThreadId
GetTimeZoneInformation
InterlockedDecrement
GetFullPathNameA
LocalAlloc
USER32.dll PostMessageA
GetSystemMetrics
LoadIconA
RegisterClassExA
LoadCursorA
GetWindowLongA
SetWindowPos
SendMessageA
GetDC
ReleaseDC
ClientToScreen
ClipCursor
SetCursor
CreateWindowExA
AdjustWindowRect
DefWindowProcA
ValidateRect
PostQuitMessage
GetKeyState
ShowWindow
GetClientRect
GetCursorPos
SetCursorPos
SystemParametersInfoA
OpenDesktopA
EnumDesktopWindows
CloseDesktop
GetForegroundWindow
IsWindowVisible
EnableMenuItem
MessageBoxW
GetSystemMenu
DrawMenuBar
DispatchMessageA
PeekMessageA
TranslateMessage
ShowWindowAsync
MessageBoxA
ADVAPI32.dll RegQueryValueExA
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
SHELL32.dll SHGetFolderPathA
SHGetFolderPathW
ole32.dll CoUninitialize
CoCreateInstance
CoInitialize
StringFromGUID2
OLEAUT32.dll SysFreeString
SysAllocString
VariantClear
MSVCP80.dll ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?construct@?$allocator@D@std@@QAEXPADABD@Z
?destroy@?$allocator@D@std@@QAEXPAD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?_Xran@_String_base@std@@SAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?_Xlen@_String_base@std@@SAXXZ
??0?$allocator@D@std@@QAE@XZ
?max_size@?$allocator@D@std@@QBEIXZ
?assign@?$char_traits@D@std@@SAXAADABD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?_Throw@std@@YAXABVexception@stdext@@@Z
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
MSVCR80.dll _exit
fprintf
__iob_func
free
strcpy_s
malloc
memcpy
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memmove_s
exit
wcsncpy
strncpy
__CxxFrameHandler3
fwrite
_wmkdir
fclose
fread
_wfopen
fflush
sscanf
atof
atoi
strchr
printf
strncmp
_vsnprintf
rand
__libm_sse2_atan2
_isnan
_localtime64
_time64
strftime
fopen
_CIpow
_CIacos
_CIasin
__libm_sse2_acos
__libm_sse2_asin
__libm_sse2_pow
__libm_sse2_exp
__libm_sse2_cos
__libm_sse2_sin
__libm_sse2_atan
ispunct
isspace
tolower
strpbrk
sprintf_s
memset
floor
memmove
_aligned_malloc
_aligned_free
ftell
fseek
isdigit
qsort
strtok
strrchr
_stat64i32
strncat
vfprintf
toupper
remove
_finite
_findfirst64i32
_findnext64i32
_findclose
_fileno
_mkdir
__libm_sse2_log10
vsprintf
_CIfmod
srand
feof
fscanf
modf
memcpy_s
_isatty
_wassert
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
isalnum
_strnicmp
_stricmp
_snprintf
sprintf
_invalid_parameter_noinfo
_purecall
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
strstr
memchr
strtod
atol
fputs
isalpha
realloc
_CIsqrt
_CIatan2
vsprintf_s
_CIcos
_CIsin
strerror
_errno
ferror
isprint
ungetc
getc
fgets
_difftime64
_gmtime64
_mktime64
system
rename
tmpnam
getenv
clock
setlocale
_CItan
_CIatan
ceil
_CIlog
_CIlog10
_CIexp
frexp
ldexp
isxdigit
isupper
iscntrl
islower
strtoul
longjmp
_setjmp3
strcoll
strcspn
_ftime64
abort
calloc
?_open@@YAHPBDHH@Z
_ctime64
vprintf
putc
__libm_sse2_log
fmodex.dll ?setOutput@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?getCPUUsage@System@FMOD@@QAG?AW4FMOD_RESULT@@PAM000@Z
?getSoftwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getSoundRAM@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH00@Z
?getMemoryInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@IIPAI0@Z
?release@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setScale@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@@Z
?setRotation@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@0@Z
?setPolygonAttributes@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@HMM_N@Z
?getNumPolygons@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setActive@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getBypass@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setMix@DSPConnection@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setParameter@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HM@Z
?addDSP@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAVDSP@2@PAPAVDSPConnection@2@@Z
?disconnectAll@DSP@FMOD@@QAG?AW4FMOD_RESULT@@_N0@Z
?setBypass@DSP@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setPosition@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@@Z
?createDSPByType@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_DSP_TYPE@@PAPAVDSP@2@@Z
?release@DSP@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?addPolygon@Geometry@FMOD@@QAG?AW4FMOD_RESULT@@MM_NHPBUFMOD_VECTOR@@PAH@Z
?createGeometry@System@FMOD@@QAG?AW4FMOD_RESULT@@HHPAPAVGeometry@2@@Z
FMOD_Memory_Initialize
FMOD_Memory_GetStats
FMOD_Debug_SetLevel
FMOD_File_SetDiskBusy
FMOD_File_GetDiskBusy
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getInfo@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PADPAIPAH22@Z
?getOpenState@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_OPENSTATE@@PAIPA_N@Z
?getChannelsPlaying@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SOUND_FORMAT@@HHW4FMOD_DSP_RESAMPLER@@@Z
?getDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@@Z
?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z
?setSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_SPEAKERMODE@@@Z
?getDriverCaps@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAIPAH1PAW4FMOD_SPEAKERMODE@@@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?setCallback@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_SYSTEM@@W4FMOD_SYSTEM_CALLBACKTYPE@@PAX2@Z@Z
?setAdvancedSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_ADVANCEDSETTINGS@@@Z
?setSoftwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setHardwareChannels@System@FMOD@@QAG?AW4FMOD_RESULT@@HHHH@Z
?setStreamBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?setGeometrySettings@System@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getSpeakerMode@System@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_SPEAKERMODE@@@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@ZH@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?getNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?overridePan@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?attachFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDHPAIPAPAX2@ZP6G?AW43@PAX4@ZP6G?AW43@44I14@ZP6G?AW43@4I4@Z@Z
?getSubSound@Sound@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAV12@@Z
fmod_event.dll ?setCallback@Event@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_EVENT@@W4FMOD_EVENT_CALLBACKTYPE@@PAX22@Z2@Z
?getChannelGroup@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?setPropertyByIndex@Event@FMOD@@QAG?AW4FMOD_RESULT@@HPAX_N@Z
?getState@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?setValue@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?keyOff@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getInfo@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@PAHPAPAD@Z
?getParameter@Event@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVEventParameter@2@@Z
?getParameterByIndex@Event@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVEventParameter@2@@Z
?getValue@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?getNumParameters@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getRange@EventParameter@FMOD@@QAG?AW4FMOD_RESULT@@PAM0@Z
?setPaused@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setVolume@Event@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?start@Event@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?set3DAttributes@Event@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@00@Z
?getInfo@Event@FMOD@@QAG?AW4FMOD_RESULT@@PAHPAPADPAUFMOD_EVENT_INFO@@@Z
?stop@Event@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
_FMOD_EventSystem_Create@4
?getPropertyByIndex@Event@FMOD@@QAG?AW4FMOD_RESULT@@HPAX_N@Z
cudart.dll cudaLaunch
cudaUnbindTexture
cudaBindTexture2D
__cudaUnregisterFatBinary
cudaCreateChannelDesc
cudaD3D10SetDirect3DDevice
cudaD3D10UnmapResources
cudaSetupArgument
cudaD3D10ResourceGetMappedPointer
cudaD3D10ResourceGetMappedPitch
cudaD3D10UnregisterResource
cudaD3D10ResourceSetMapFlags
cudaD3D10RegisterResource
cudaD3D10GetDevice
cudaGetLastError
cudaGetDeviceProperties
cudaD3D9MapResources
cudaD3D9ResourceGetMappedPointer
cudaD3D9UnmapResources
cudaMemcpyAsync
cudaEventRecord
cudaFreeHost
__cudaRegisterVar
__cudaRegisterTexture
__cudaRegisterFunction
__cudaRegisterFatBinary
cudaEventDestroy
cudaConfigureCall
cudaEventQuery
cudaEventSynchronize
cudaMemcpy
cudaFree
cudaMemset
cudaEventCreate
cudaMallocHost
cudaMalloc
cudaD3D9RegisterResource
cudaD3D9UnregisterResource
cudaD3D10MapResources
d3d9.dll D3DPERF_SetOptions
DINPUT8.dll DirectInput8Create
XINPUT1_3.dll #2
#3
WINMM.dll timeEndPeriod
timeBeginPeriod
timeGetTime
GDI32.dll CreateDCA
DeleteDC
SetDeviceGammaRamp
DeleteObject
ExtEscape
WS2_32.dll htonl
ntohs
gethostbyname
ntohl
select
__WSAFDIsSet
accept
recv
shutdown
closesocket
socket
ioctlsocket
inet_addr
htons
connect
WSAGetLastError
bind
listen
WSAStartup
WSACleanup
setsockopt
WSAAsyncSelect
send
gethostname
inet_ntoa
cufft.dll cufftDestroy
cufftPlan2d
cufftExecC2R
d3d10.dll (delay-loaded) D3D10CompileShader

Delayed Imports

Attributes 0x1
Name d3d10.dll
ModuleHandle 0x107e140
DelayImportAddressTable 0xd8fac0
DelayImportNameTable 0xc58ffc
BoundDelayImportTable 0xc59168
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Ordinal 1
Address 0x69d4a4

_MD2_Final@8

Ordinal 2
Address 0x8373a0

_MD2_Init@4

Ordinal 3
Address 0x837240

_MD2_Update@12

Ordinal 4
Address 0x837330

_MD5_Final@8

Ordinal 5
Address 0x835120

_MD5_Init@4

Ordinal 6
Address 0x834970

_MD5_Update@12

Ordinal 7
Address 0x835070

_RNG_initialize@8

Ordinal 8
Address 0x835730

_RNG_terminate@0

Ordinal 9
Address 0x835790

_ax_calloc@8

Ordinal 10
Address 0x832f70

_ax_malloc@4

Ordinal 11
Address 0x832f10

_ax_open@8

Ordinal 12
Address 0x832fa0

_ax_realloc@8

Ordinal 13
Address 0x832f40

_base64_decode@16

Ordinal 14
Address 0x835a00

_get_random@8

Ordinal 15
Address 0x8357a0

_getdomainname@8

Ordinal 16
Address 0x832e70

_gettimeofday@8

Ordinal 17
Address 0x832dd0

print_blob

Ordinal 18
Address 0x835950

_ssl_client_new@16

Ordinal 19
Address 0x831820

_ssl_ctx_free@4

Ordinal 20
Address 0x831250

_ssl_ctx_new@8

Ordinal 21
Address 0x82f000

_ssl_display_error@4

Ordinal 22
Address 0x830120

_ssl_find@8

Ordinal 23
Address 0x82f230

_ssl_free@4

Ordinal 24
Address 0x830e60

_ssl_get_cert_dn@8

Ordinal 25
Address 0x82f1d0

_ssl_get_cipher_id@4

Ordinal 26
Address 0x82fd90

_ssl_get_config@4

Ordinal 27
Address 0x82fdb0

_ssl_get_session_id@4

Ordinal 28
Address 0x82fd70

_ssl_get_session_id_size@4

Ordinal 29
Address 0x82fd80

_ssl_handshake_status@4

Ordinal 30
Address 0x82fda0

_ssl_obj_load@16

Ordinal 31
Address 0x832010

_ssl_obj_memory_load@20

Ordinal 32
Address 0x8320b0

_ssl_read@8

Ordinal 33
Address 0x831310

_ssl_renegotiate@4

Ordinal 34
Address 0x830f90

_ssl_server_new@8

Ordinal 35
Address 0x835b30

_ssl_verify_cert@4

Ordinal 36
Address 0x82fe00

_ssl_version@0

Ordinal 37
Address 0x830440

_ssl_write@12

Ordinal 38
Address 0x830f40

_strcasecmp@8

Ordinal 39
Address 0x832e00

__GDF_XML

Type DATA
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x1810
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.55322
MD5 331da2930a4fd01abefe253bc2db6645
SHA1 61f1075d3423214e71da7f65fba518045a96ca02
SHA256 c9250d5dbe531a078a7e835ab10b27f24ecf3d28f6c014f19695c70e694ff85d
SHA3 248c089d739a7acdaa506afc6114fa2710e193dbea88ebe727a9f105ff56d888

9

Type RT_CURSOR
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x10ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.6761
MD5 1c4af38140d447e3ae467de8a97e5611
SHA1 906f3cc41d287228a3d11726399bd7716029b663
SHA256 cd870aff9c7630e6394822735ed68437c3449d3b640ac7fbb04130e2b8de1e93
SHA3 10b6b061dbf372a65ddef34a8d2e83e582bf330692789ac658af23fc134bf972

10

Type RT_CURSOR
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x10ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.99867
MD5 b586da260f03ca4e4fcc2de9b9710524
SHA1 2830984c00b400f8bd7090358dc5b35afe9bb5c4
SHA256 e718246e077e233a590fa556dcc4ca3911bbb8575b9b8ef33505f7a78505dce8
SHA3 0bd61a4fce422ee7f4e5c0f2c8bb6e94492bad6c025a72192dd551378a33129e

11

Type RT_CURSOR
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x10ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.86538
MD5 890a9ea7ea66dc48057443ffa291e7d5
SHA1 df8b2685cb581d1576be79b5b8cd7eb7a2d7b4bc
SHA256 4404fd13aa68f7cb2881f1b62809d6b0be22749f5dc6c2c25d5b050c8728dbca
SHA3 5372db10680cf89e7e3d0ee34fe88bb6067f2fc68fdf3a1ab26eb0af75df5c5e

12

Type RT_CURSOR
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x10ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.92301
MD5 d66655b8c99f4093276a7143c97364e6
SHA1 c344242644ce0a2cc3d3e285733e470ef2f74eb6
SHA256 3cd94c193ccde382bce7ede9877107369c541005346b26bb57074349e034f74a
SHA3 8bc9efcf337fc444cfe28266c56fa7d3f6687e4e55a15c942c3b1833c7a9090d

1

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.19106
MD5 5f749b5e0fd0364d777f8e9be30257df
SHA1 a8f2169130bb491ed117ce17dac4c91a1ed7cc7f
SHA256 6aaa857f1fbafb0902e5cd71561bb976457009bb4459932beb2c7387bdabbcb1
SHA3 31522cfb76456d7403a8b4f657446937536c97b7eb5ec4d6a76ce91bc2cc553e

2

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x368
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.05065
MD5 f1a376ca752f5d99529ae9b12e09c10a
SHA1 280ef2f36d347ea0b0de6f29e6b25648fec99cd8
SHA256 f1b2553e1488857e60ee2546dc2a0628c240605011512da75a4d4ac737bfddf5
SHA3 64e3f3741ca1fa677b89d08d91ff9152e29e36bd5389cca22ae66c2af573e446

3

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.31436
MD5 5b22779fc440ca6ab5bc1b7c490031a3
SHA1 cd6b13416fa582b07ba865dc3a5d5f8730aa442c
SHA256 654085802e5372f3e57cac1c8f14839153be21f8fd41dadecfacb4d8b923abc7
SHA3 2127a20d5f0bad4b3906dbb25dc3f7233b864263d0ad4bba0e30c6c353cdac19

4

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0xca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.51129
MD5 24a4b2fb58702c3361ed088d46dfeb58
SHA1 79523446250ba9d38d8eda09e7e7ac365dcadef8
SHA256 f8b0ef09a0f1bf8019ec7d849f86c321325a75a2de25d5807c7565a9f6bc4124
SHA3 701d9b02ef30705f8c22ac277a111114d68438e69a1791be5664819bc43a0e17

5

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.94365
MD5 8e57171c5013616ae3db2ae57ae7e8f1
SHA1 07a7e30f8da748719c71399696066cb44e2e61d4
SHA256 556b19254870cf171b9c29eb7b0e10150b389df5286f65d2f4dcaea2b36ed034
SHA3 254d32350ef7dcf5df0f7a3cf60c57f2e082985191e7d7a280c16f00918387ed

6

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x1ca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.64448
MD5 c5073be7844d3dcc34708f3866137fca
SHA1 a9c98118ce536cdce7949be67696892fa38a0e58
SHA256 45eec44ed025b4bfbce7c3a2fa4c7f7e29abb96b80a485e4eab0c2210996ef07
SHA3 55e266800ec8607cc4f2d3d7c2ed73b2d745fcac2110341bfd90cebb2caadbc5

7

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x12428
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.81549
MD5 7966fbd39b46164534156f10c1bd59ff
SHA1 153242a0876ee2b1055d0bc7b0ce5f2a0cd7e415
SHA256 ed4220f152993c25293b142dd983f27e18164abc2fdd6755d1d692260199556c
SHA3 79f6b44d62a79aa7f8dbfe8b690b5317968a7fabb7c812c26d5fa4e9fdc54858

8

Type RT_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x32028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.61676
MD5 fc17587c3a232ba6f591a33daf104c85
SHA1 f18d03c24f46f9575adbe6ed57fe1572e0bf9395
SHA256 403446ce464e01e43691e70fa9974b3aeafe44922dc5e2a48b89847b30090600
SHA3 55a98e0305895daa15ff07f7630ed5b3826e84757501afffe7b721c8b1cf748a

STEAM_GUIDD

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4
MD5 69f2fe4c1da863a7133ae15aa1288453
SHA1 b5bd5a8bf8b932d7ea3f1233eb1f5c1f00d708bc
SHA256 b6343789eea7586c5cf17aed3c8880c47ee6d065d1ea01d1fa5faff1521e2d0b
SHA3 17b82c95f5b53ae4e3c8e4a020dddc0f207c76d1c993cae4813a57383ef90f76

STEAM_MINSTANCE

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4
MD5 aa3cb978aef6c5a52be173de2046be9f
SHA1 de6bbfaf7dcc6f2c798f729b7e2f99d062ec3aa8
SHA256 d31f87660de40dbb7312b3aedf6bff0f1b55ce2531504b78ae0264407950f146
SHA3 05fb33e58b459683795b5ec6622ecdbcf91ecd4a4e4b0c84ea5653b65fcc5199

STEAM_SPLIT_GUID

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4
MD5 e37572c761ade092b83ea97fec0accfe
SHA1 4575c69d0c95d38b74d490ec0434777a593a52c1
SHA256 9b9854643c250924b6a7e9293274fa9be050032b96bb1f1b548c787c0cea8448
SHA3 27f78b160e13f03d6860dbce23f25c1b9046b01fc357d24c95401b582a131ebb

103

Type RT_GROUP_CURSOR
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 9edadd9eb5da2bb6aad56c666862c9c5
SHA1 3901ac1f5112ebee7a931141c73e76b60c984cf8
SHA256 7662c77c89bc776c64acfbc6ac7f22f56a631304205ac1a00d1d6c876ff1574d
SHA3 24753677cf5443d63f8406407477e81b9c98c7d2ee1ef92dca85d23fdd6e3e43
Preview

104

Type RT_GROUP_CURSOR
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 cc34525879592b62945fa5102955e7af
SHA1 1c1f341f0ff952d168ec070d95809224631c5f59
SHA256 c7f15e3e69f8bad21f5f9c9546b129828d66e90b38a8fe9cf33cf23846e62700
SHA3 1af1bcbf18cfdeb5e3d81c46ab15ef59bc0b1de5f5ff9dc32f491120f405f5c6
Preview

105

Type RT_GROUP_CURSOR
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 cb8d29dff5278e39030b2ad47022cf49
SHA1 a48b5853b494a9095f0899e23414db872433d366
SHA256 fd27224dee56e50f926e0c003d1bdb8c31db4d1f0a089280d0f55b79ff45c1e7
SHA3 3eca032eb883d63cd63778223e4ed5d3982bcbc58eed6534f0a70d84a7a624e5
Preview

106

Type RT_GROUP_CURSOR
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 874e41c97e9c38232490d3bea15ae8b3
SHA1 ae70b2c25c1566c2e13ac44e0057ef4f6daf8d91
SHA256 2c57fbd554735f2b8ff46f26b3d2d58a5a5e4152a02043e7fd6c552a43a3ceee
SHA3 b13a2c1efb8dad10ad85e8b4ce0067cbbea82053146cd5a81b0fecef2a15bf15
Preview

101

Type RT_GROUP_ICON
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.80442
Detected Filetype Icon file
MD5 dc9f8d12fc7ec160a832e7193692fdeb
SHA1 415c926e360335348075f8dddf8652d0da466d62
SHA256 643c031b6cc5b2fdbdba82a82e64ded30dc5b9b0c470b2b4a68ab599d192aa6c
SHA3 f28474fd073e2417a8c7e6fb2468f8b369344b5f65305eab5a29fc3e59b2ba06

1 (#2)

Type RT_VERSION
Language Process Default Language
Codepage Latin 1 / Western European
Size 0x2e0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31232
MD5 36ec32f8e7b98ef61fa38dc5d74f9063
SHA1 c9b8f793f07e3fbfd1726a8fd2efd7531f460449
SHA256 23fa023bdf29efd3f4819c9bdcfb9c801a807598b50a0825219a27b4b9a7abdd
SHA3 168a12ba2309d9b8314cbb5214b52ffcea0905685a5a14661d79fc8e98317997

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x3d6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.11278
MD5 13905eacf8c7347963f60f6dd6590e1a
SHA1 abc0e9f43d26b78f88d6a0dd405d20569e688658
SHA256 f6aeee71f89fe7a0394129a08ef16448c4de996b4ee3cb431540ea532200169e
SHA3 e30e75c633ee17c6fb5608131d01d036e1cefbab452d97dcb3f33301d0fa0f48

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.2
ProductVersion 1.0.0.2
FileFlags VS_FF_DEBUG
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_UNKNOWN
Language UNKNOWN
CompanyName Avalanche Studios
FileDescription Just Cause 2
FileVersion (#2) 1, 0, 0, 2
InternalName JustCause2
LegalCopyright Copyright (C) 2010
OriginalFilename JustCause2.exe
ProductName Just Cause 2
ProductVersion (#2) 1, 0, 0, 2
Resource LangID Process Default Language

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2010-Jun-18 11:25:05
Version 0.0
SizeofData 112
AddressOfRawData 0xbef838
PointerToRawData 0xbede38
Referenced File D:\buildarea\frla\Xjc2branchpcsource\build\Win32\bins\JustCause2\Final\JustCause2_F.pdb

TLS Callbacks

StartAddressOfRawData 0x1480000
EndAddressOfRawData 0x1480018
AddressOfIndex 0x13f3df0
AddressOfCallbacks 0xe15f1c
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x10955ec
SEHandlerTable 0x103d100
SEHandlerCount 1181

RICH Header

XOR Key 0xffd88806
Unmarked objects 0
126 (50327) 4
ASM objects (VS2012 build 50727 / VS2005 build 50727) 14
Unmarked objects (#2) 1
C++ objects (VS2003 (.NET) build 3077) 1
Imports (VS2003 (.NET) build 4035) 26
C objects (VS2003 (.NET) build 4035) 3
Imports (VS2012 build 50727 / VS2005 build 50727) 11
Imports (VS2008 build 21022) 4
Linker (VC++ 6.0 SP5 imp/exp build 8447) 4
Total imports 646
C objects (VS2012 build 50727 / VS2005 build 50727) 65
C++ objects (VS2012 build 50727 / VS2005 build 50727) 1026
Exports (VS2012 build 50727 / VS2005 build 50727) 1
Resource objects (VS2012 build 50727 / VS2005 build 50727) 2
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors

Leave a comment

No comments yet.