Manalyze report for 9a04bb4a5e4b05aab96b0106ee2b302a

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jun-20 22:30:20
Detected languages	Chinese - PRC English - United States
CompanyName	3DMGAME
FileDescription	Elden Ring v1.02-v1.12 Plus 35 Trainer
FileVersion	`1.0.0.0`
InternalName	Elden Ring v1.02-v1.12 Plus 35 Trainer
LegalCopyright	FLiNG Copyright (C) 2024
OriginalFilename	Elden Ring v1.02-v1.12 Plus 35 Trainer.exe
ProductName	Elden Ring v1.02-v1.12 Plus 35 Trainer
ProductVersion	`1.0.982.10`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe virus` `Contains domain names: 3dmgame.com FLiNGTrainer.com bbs.3dmgame.com flingtrainer.com https://bbs.3dmgame.com https://bbs.3dmgame.com/thread- https://flingtrainer.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Possibly launches other programs: CreateProcessW WinExec ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW` `Has Internet access capabilities: InternetOpenUrlA InternetOpenA InternetReadFile` `Changes object ACLs: SetNamedSecurityInfoW`
Malicious	The PE is possibly a dropper.	`Resource 117 is possibly compressed or encrypted.` `Resource 250 detected as a PE Executable.` `Resource 101 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 16/72 (Scanned on 2024-12-29 08:05:36)	`APEX: Malicious` `Antiy-AVL: RiskWare/Win64.Gamehack` `CTX: exe.hacktool.generic` `ClamAV: Win.Dropper.GameHack-9917263-0` `CrowdStrike: win/grayware_confidence_90% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win64/GameHack.BT potentially unsafe` `Elastic: malicious (high confidence)` `Fortinet: Adware/GameHack` `Google: Detected` `Gridinsoft: Hack.Win64.GameHack.cl` `Malwarebytes: GameHack.Riskware.Agent.DDS` `MaxSecure: Trojan.Malware.216064600.susgen` `Paloalto: generic.ml` `Skyhigh: BehavesLike.Win64.Generic.th`

Hashes

MD5	`9a04bb4a5e4b05aab96b0106ee2b302a`
SHA1	`c7dc30c83c2ab59cd95e21864fbca9540ac26e94`
SHA256	`b4c9df18866963b2f2b9ba17c9d8a4532da0c5b26d74069565967b6b110d7f50`
SHA3	`b2103069263ba2e70c854f45cbb4801b5e72328be4cf9c8ca1291c0e84ad3808`
SSDeep	`24576:jNTmsYhQ1/eQWRBZM3E3AMOBtmDM74j8/rXzmrWkJhJhj1HC4fWKlP85yoRP0AE:j4sKZs3E3AMocA78cXzmrWkJhJhj1HC`
Imports Hash	`ec53091235edc4a0d49d0ff647dd6228`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-Jun-20 22:30:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa4e00`
SizeOfInitializedData	`0xc8e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000078528 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x171000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4d3a73b092cb298443154128307a2ebb`
SHA1	`62b7a9f64479c836d96adaef72f4eaa59bcac430`
SHA256	`327edb65a7499487719033df53d414c4dd037569bbe641bfc91b2e2a5f7f6ed2`
SHA3	`12f5f91bb95ea52025c4439b9a85cf8c0367c9628c4f5c3028266a3880d7f9d8`
VirtualSize	`0xa4c24`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa4e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42659`

.rdata

MD5	`d0bb3a74bfadd77be76a5dd5be039531`
SHA1	`eeee34ae67495ca7fc9d9bc518d8b57b6edd2307`
SHA256	`6646f35304024b05957df07f38592764761df11f65d18333a369ef6ffefa3c5f`
SHA3	`44bddc1e9e48ee6b16e45045cf4efef5147ddf00e4585e73cb0fe51444e2f42d`
VirtualSize	`0x38ac4`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x38c00`
PointerToRawData	`0xa5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.46847`

.data

MD5	`a8d9a4debe9442da7f39f4aabf2281fe`
SHA1	`d1df1c2f1f54cc3a75b297134235da28a1a98627`
SHA256	`3e3bee63ce66bc77f15c341297fcd8e5073b04331e4d8a4636b3a5a4b105d2ed`
SHA3	`44806bbc81d465256ca0dbb8e7d35cd79080dd6485a790a7c51b168cadc64238`
VirtualSize	`0x4c3c`
VirtualAddress	`0xdf000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xdde00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.40596`

.pdata

MD5	`a7f7b69164e06382a31db75da5c37207`
SHA1	`1ff0dc3c487e38d4eee5c1ee8d0aa4f6e572a575`
SHA256	`5b0f142313da2ba153cf21e75cac96b72abe12d7408c583f528111608ba459eb`
SHA3	`fc76189fa77c97f44710dec5324f508133fc5ce50888e748ce81d0f015025f91`
VirtualSize	`0x66e4`
VirtualAddress	`0xe4000`
SizeOfRawData	`0x6800`
PointerToRawData	`0xdfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.89097`

_RDATA

MD5	`c9ce3b6153dbf8d818dff1fcbe247c8f`
SHA1	`ff70d7406219b5f8a199cd3d9a31b0ccd7ecd97d`
SHA256	`e11fb6e5fb5b36cc2ea8bca309467165d978a3a1749f7621b3fc602dcf2b4f12`
SHA3	`2270c8c6c552d7a32cfa9287916ff19dd0a61a555ffc2b2c99bb0a819782b625`
VirtualSize	`0x1f4`
VirtualAddress	`0xeb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.2133`

.rsrc

MD5	`b4fa05cd4052d9b658f4358bf7557636`
SHA1	`ce10e37a33b05ac7a430ccb6cf61bb9c74ec6d72`
SHA256	`22c48b0c5740c1a4e147347f120a029931aa7f621981b75892a259d7d2ddd088`
SHA3	`0e5c53b81e710aa4fc9c7128efe4cc5f906191e3c47db2e06ef1558ebacc3abb`
VirtualSize	`0x83a18`
VirtualAddress	`0xec000`
SizeOfRawData	`0x83c00`
PointerToRawData	`0xe6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.57755`

.reloc

MD5	`cf526435e32283011c12528ec7fbcdbf`
SHA1	`519bddab9ddf52b1e1f14c5055542e653512b64b`
SHA256	`bc70d53eec587908c428be49b4ae3f86cc76ac5eccdc2d16ef6acfca3d962e22`
SHA3	`a55a99e41e64e2443cb54619462709bf1f05a5f67a3d02543635174329835ab8`
VirtualSize	`0xcb8`
VirtualAddress	`0x170000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x16a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.24571`

Imports

KERNEL32.dll	`GetCurrentProcessId` `LoadLibraryW` `GetProcAddress` `GetLastError` `CreateFileW` `WriteFile` `InitializeCriticalSectionEx` `DeleteCriticalSection` `GetModuleHandleW` `DecodePointer` `GetModuleFileNameW` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `GetProcessHeap` `CreateProcessW` `GetTickCount` `GetTempPathW` `WaitNamedPipeW` `ReadFile` `GetModuleHandleA` `LoadLibraryA` `GetPrivateProfileStringW` `Sleep` `FindResourceW` `LoadResource` `SizeofResource` `LockResource` `GetFileAttributesW` `LoadLibraryExW` `FreeLibrary` `MultiByteToWideChar` `WinExec` `GetCurrentProcess` `IsWow64Process` `GetTickCount64` `SetLastError` `ResumeThread` `WaitForSingleObject` `GetFileSizeEx` `LocalFree` `CreateDirectoryW` `SetEndOfFile` `WriteConsoleW` `SetStdHandle` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `MapViewOfFile` `CreateFileMappingW` `UnmapViewOfFile` `WritePrivateProfileStringW` `CloseHandle` `GetCommandLineW` `GetCommandLineA` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetOEMCP` `GetACP` `IsValidCodePage` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `ReadConsoleW` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `SetFilePointerEx` `WideCharToMultiByte` `GetStringTypeW` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `GetCurrentThreadId` `WaitForSingleObjectEx` `GetExitCodeThread` `EnterCriticalSection` `LeaveCriticalSection` `EncodePointer` `CompareStringEx` `GetCPInfo` `LCMapStringEx` `QueryPerformanceCounter` `WakeAllConditionVariable` `SleepConditionVariableSRW` `GetSystemTimeAsFileTime` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `OutputDebugStringW` `RaiseException` `RtlUnwindEx` `RtlPcToFileHeader` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetStdHandle` `GetFileType` `RtlUnwind`
USER32.dll	`MessageBoxA` `SetProcessDPIAware` `MessageBoxW`
ADVAPI32.dll	`SetEntriesInAclW` `ConvertStringSidToSidW` `GetNamedSecurityInfoW` `SetNamedSecurityInfoW`
SHELL32.dll	`SHGetFolderPathW` `ShellExecuteW`
ole32.dll	`CoInitializeEx` `CoUninitialize`
OLEAUT32.dll	`SysFreeString` `SysAllocString` `VariantInit` `SafeArrayCreate` `SafeArrayAccessData` `SafeArrayUnaccessData`
mscoree.dll	`CLRCreateInstance` `CorBindToRuntime`
WININET.dll	`InternetOpenUrlA` `InternetOpenA` `InternetReadFile`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`
WINMM.dll	`PlaySoundW`

Delayed Imports

117

Type	`COVER`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x13ac0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99081`
MD5	`ceabd5b953f3f1e973b6c3270b152325`
SHA1	`aa1f868a4455bc5222ad08e129b58cbf6d9c0930`
SHA256	`81e1469f59e5917baee9cab68f3f97af8c65dcb7f9bb4883107aee4513035601`
SHA3	`55fc077fef39673da807b9ab2781f78c8b970a14d75f98665630d2095819ecb5`

246

Type	`REMOTE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a54f0041a9e15b050f25c463f1db7449`
SHA1	`d9be6524a5f5047db5866813acf3277892a7a30a`
SHA256	`ad95131bc0b799c0b1af477fb14fcf26a6a9f76079e48bf090acb7e8367bfd0e`
SHA3	`904200c7d454fe3e8e1dfaa21b4e667f250cabd8f5730bd361feacf77fab1686`

250

Type	`REMOTE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22e00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.04239`
Detected Filetype	PE Executable
MD5	`5ccc3e65b4fd118552ed2213bbf607cb`
SHA1	`7174575c2d96efcd0ed0f515a60521009b4cb078`
SHA256	`be24440e4bd3c07729e931533b9b097df945f57b876c28c0d8e0bbb743645324`
SHA3	`1cf44b784f41f54892b82299ade09851fec86fe3ea71d277f5b404e68793de9d`

256

Type	`REMOTE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x402`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89301`
MD5	`163f4afc5037bd1d3abf4f0aca4b7c7d`
SHA1	`3280db53f3f39d749766d265587a4eeeee0ed1ed`
SHA256	`a3189fa6566693ce79b03de9b4ab3f35495a012d3147fbf1df280151d45db4b7`
SHA3	`5962154739c85495a9f2df05895662085f7d4520ca0031a5fc4fd989fd79a096`

101

Type	`UI`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2f200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87929`
MD5	`bcc7ecb96b9c36632efde4b8bfea7d49`
SHA1	`70ef99f841fc2602ae4c03f94b0629c4ab7ad095`
SHA256	`30547d8d0142db94a1aafcc1b6f089a0074e1670133ba216ff8f1023f8c69a7f`
SHA3	`2ee82489434e99fbc86c16b9253f5abbd9837608de0191e0f02588229bb26a04`

103

Type	`WAVE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2a02`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75428`
Detected Filetype	WAV Resource Interchange File Format
Detected Filetype (#2)	Windows animated cursor
MD5	`66ef17cf7672a90b1e3e788965266560`
SHA1	`d14ec49c74a164cf823dd660bd626ac7b581bb57`
SHA256	`99886fcb79df75f95c19c3a9504bf8bdea593d3447c8c1b4eaf4f044e1138a05`
SHA3	`868c104cd77862f976e3d918120ab980049e2759eaa2f2564687deb0300d6ad3`

104

Type	`WAVE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2ccc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.031`
Detected Filetype	WAV Resource Interchange File Format
Detected Filetype (#2)	Windows animated cursor
MD5	`358876c4000c1f391207c56c11ae9ed4`
SHA1	`1b7ce8967ba7f53d5e2a3d2a0c585753666272c4`
SHA256	`7a6a21f87454c38fb8a7ffd227680a74d9e0d7667fb08807200503e4f4866de9`
SHA3	`1fd6863bea4078d422e07dae0c31ae74b9ddc82e4006a1e301bc855ebabc5bcf`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24932`
MD5	`6570c8f740d19175845cf7d36d23fb80`
SHA1	`ab7f36e990b6f42f99d737a8fade7e1edc278630`
SHA256	`d28fa0b9f1644cc0ebc8c541af166efdf68285572069841e331e810080fea429`
SHA3	`f5ab3032e04fd697fa5483547ab6f54e81220010b4065cac95bda2ad4cb80ff5`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.09318`
MD5	`e3a2d0b4f870159131d2b50c037615a0`
SHA1	`807f229178f68edf3a4cee57ef5d97141a2aa2c4`
SHA256	`af474603853c0345d0524286ceec2a783c5d6822085dee93a75b16e9c1246e14`
SHA3	`5d3c7aba88a070b9385da8d32e2816f8b94cbc67cc8fbac5d484db04eb75c2ba`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85839`
MD5	`362f508df3407155dd843bd8d24eb47a`
SHA1	`bb07d8b9ca6b1dd9bc23eca9d36d5793f565e2fe`
SHA256	`b5588260c13dad8676c532f32aeaf239a43a8b7cde370393612bfc3533738620`
SHA3	`a8bfedca207ec3b2b7afd83fe515ede7e270f2a008bd71e0479a15e78767bc9b`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x13f9b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94792`
Detected Filetype	PNG graphic file
MD5	`44a61ab7d712b6647788fb32f9925cd9`
SHA1	`e3211cb1ea0203f3a152ed6634f9188cc693fd3f`
SHA256	`f94a661f9f4fcb3dd67c4dfe20c7afcf9b7180556e738447954b4207ede407ca`
SHA3	`e9b5cbde142965d2cb3d89a22e71aa6ea6cb0c9da73b3cd8a67cce9a9b6801b1`

108

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48426`
Detected Filetype	Icon file
MD5	`f9519f8e22b934bc1e30363b4f7aeb17`
SHA1	`683dc07a8a0265381784bc431030623e19468b8f`
SHA256	`a0976f10340ad5f1821c8dd33f5a4daf430a7fdb189574d365a9a24e4b114587`
SHA3	`57583755d298a33daf34c957492c205ac58a5e0e2303e73d6238b99c277807a2`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41863`
MD5	`65cbdf98dd6fe84abb2e0912f379b680`
SHA1	`4cca26727683485e49f4274691764b6041667f55`
SHA256	`2616a7199509519c9e1deb48c0cdde5455e64a43b94749f3ab6494a7d0c773e1`
SHA3	`689555e6b522c669a32d0ff4726ed9b675187e5440926b3542dfd432b5d0f473`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05755`
MD5	`93d5224d5a82a661e8067030cadda827`
SHA1	`80ae07b1d4ae5129d749dee8815fc3608dd307f6`
SHA256	`8ccd16f837dc37da3052b31c1b21490a6b16409797d50b1298e9980999a6fc42`
SHA3	`358623f5ee1d9680dfdec18d01c1365b5ad31f48af6346283ca93d2e3cded683`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	3DMGAME
FileDescription	Elden Ring v1.02-v1.12 Plus 35 Trainer
FileVersion (#2)	1.0.0.0
InternalName	Elden Ring v1.02-v1.12 Plus 35 Trainer
LegalCopyright	FLiNG Copyright (C) 2024
OriginalFilename	Elden Ring v1.02-v1.12 Plus 35 Trainer.exe
ProductName	Elden Ring v1.02-v1.12 Plus 35 Trainer
ProductVersion (#2)	1.0.982.10

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Jun-20 22:30:20
Version	`0.0`
SizeofData	`1048`
AddressOfRawData	`0xd23a0`
PointerToRawData	`0xd15a0`

TLS Callbacks

StartAddressOfRawData	`0x1400d2800`
EndAddressOfRawData	`0x1400d2808`
AddressOfIndex	`0x1400e1c98`
AddressOfCallbacks	`0x1400a6708`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400df0c0`

RICH Header

XOR Key	`0x64326a1`
Unmarked objects	`0`
ASM objects (28900)	`5`
C++ objects (28900)	`179`
C objects (28900)	`16`
Unmarked objects (#2)	`1`
C objects (33218)	`16`
ASM objects (33218)	`18`
C++ objects (33218)	`97`
Imports (VS2008 build 21022)	`2`
Imports (28900)	`19`
Total imports	`186`
C++ objects (VS2022 Update 6 (17.6.4) compiler 32537)	`30`
C++ objects (LTCG) (33523)	`18`
Resource objects (33523)	`1`
151	`1`
Linker (33523)	`1`

9a04bb4a5e4b05aab96b0106ee2b302a

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

117

246

250

256

101

103

104

1

2

3

4

108

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors