Manalyze report for ac0dfc24b0e8103e83cf603fdbe56124

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-May-16 13:46:37
Detected languages	English - United States
Debug artifacts	C:\Users\tgroben\Downloads\Castle-master\Castle\Release\Castle.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: FindWindowA`
Suspicious	VirusTotal score: 1/65 (Scanned on 2018-05-16 13:48:31)	`ESET-NOD32: a variant of Win32/GameHack.CAA potentially unsafe`

Hashes

MD5	`ac0dfc24b0e8103e83cf603fdbe56124`
SHA1	`e6ec278b40c8667fbb86497f6877fceb77912cba`
SHA256	`1d711b50af5be617cd0a4850432078df88a6db3deb42119a86ea11c67ace5b82`
SHA3	`5a41e6a64bbe5be70ef10553482b2d2fa5951e915196acc59cc2c96e8a5c4e9b`
SSDeep	`49152:7LY+HTdSJDiOvH8HG/AfYivGehI2RQeqHqrqPLmI9di6pVI3GIc4cH6W:7LY+HBMDLPgGYfNfpQXqK`
Imports Hash	`465fb40b046f3b3c37ebe9ba0a19dfb2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2018-May-16 13:46:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x37a800`
SizeOfInitializedData	`0x1bf600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000036D9 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x37c000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x53f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7e6b6233932af82204a9c7894ea2ed28`
SHA1	`bea701f1f523dd8d91d38bd2006bc811055b1080`
SHA256	`09e3b17b494e4f432d6c92ce3ad4fec4e1a04006cc18c6b8493c1eb5655679da`
SHA3	`6ce77c2009eff7dd3b32a99062d8a748ee917616914a3c92239af0aae2e4af21`
VirtualSize	`0x37a624`
VirtualAddress	`0x1000`
SizeOfRawData	`0x37a800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.3796`

.rdata

MD5	`17f71dd868cff264ee3b30ee4542df19`
SHA1	`80874d32142d62660abc19425709421e708da4c4`
SHA256	`632c69289543f1be28b5d5d1d8cfd0fbd38bd8807298d0fc7fa5538cc52a59fc`
SHA3	`eca515280f7eda6c91b124563b7665fe05ca7c9add0023dcb517cb9318910645`
VirtualSize	`0x1794bd`
VirtualAddress	`0x37c000`
SizeOfRawData	`0x179600`
PointerToRawData	`0x37ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.52859`

.data

MD5	`ee7865b34dc3fb3e847cdfce1c93c189`
SHA1	`1b37124e2a08da5712c054c7492b81e96f0fb591`
SHA256	`865c8e1295764d80334b473015983a5388959eeaeda8130f4eaf7b46bcbea8c3`
SHA3	`d71c8b205e8dbfbee5a63c54e00719e10ffe37768e726f65bc96c257a93dcc53`
VirtualSize	`0xded0`
VirtualAddress	`0x4f6000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x4f4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.6258`

.idata

MD5	`7a27ac619c86d5f93b74393fdc9d3275`
SHA1	`c011b8485e6722a4184386cd0fe767575d6ebf8a`
SHA256	`8d74a14f85a2976687213929fc42749983a032f22df11993f2df68536054da67`
SHA3	`d1e25685d0e8dcc24d81c20d745bab01c72ed6638326cd678ad934e5c7c9191e`
VirtualSize	`0x42c5`
VirtualAddress	`0x504000`
SizeOfRawData	`0x4400`
PointerToRawData	`0x4f5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.88162`

.tls

MD5	`c573bd7cea296a9c5d230ca6b5aee1a6`
SHA1	`04a0b9fde89c71864acaf5e74689fe4c269bd7a8`
SHA256	`13bde09a110c13b533dc985f3e2c475b6f6bcf514d1a23fce5b784a653548e91`
SHA3	`3679da6860e8ab20485113de9ac22dfe22ddc29d53f14ddc33a648aa98196361`
VirtualSize	`0x309`
VirtualAddress	`0x509000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4fa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0111738`

.00cfg

MD5	`8371af92bc06aec3568e9e97de060029`
SHA1	`2a26aa6963010df1da33216d2a4550ed4c96a139`
SHA256	`6ba4b063ac159e701a9a8d76f6a07c0d015aa9a64ad3a66c16807bad22d6afd7`
SHA3	`26e9e1714d7690f6df3a0dbd77eb2d74aacabfae987a5f51598e22e747212d54`
VirtualSize	`0x104`
VirtualAddress	`0x50a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4fa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`a38be7c38612fcd24d43e1ee569f6a91`
SHA1	`302a5a98d09ba1bf16419be9aef0e2a22727bc8a`
SHA256	`5934d6b35e50a1b18ffe5bf238199098b91bfd87b0375b623c88999b9f97d8f9`
SHA3	`ff2316f0a98bf4125db5ac631d073897c7f05fd61d1e44db2f09d82004ea5840`
VirtualSize	`0x43c`
VirtualAddress	`0x50b000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4fa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.14353`

.reloc

MD5	`bfccbc1c1477a6b36011da8844f63cb1`
SHA1	`90361dd434ba2a5555c2d9ba7afc3d659bcd466e`
SHA256	`fa2c42aee4c182b3d64425106c8ac7280dca39fbaf1017cb2fd214e09b51833b`
SHA3	`6a6782c4c2d0e7fe5ad0bcbb3c8dc2abf85f5306de809abd58b40e56e71de906`
VirtualSize	`0x32fd9`
VirtualAddress	`0x50c000`
SizeOfRawData	`0x33000`
PointerToRawData	`0x4fac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22585`

Imports

KERNEL32.dll	`FreeConsole` `SetConsoleTitleA` `AllocConsole` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleA` `GetProcAddress` `GetCurrentProcess` `K32GetModuleInformation` `QueryPerformanceCounter` `QueryPerformanceFrequency` `VirtualProtect` `CreateDirectoryA` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetModuleHandleW` `CreateEventW` `WaitForSingleObjectEx` `ResetEvent` `SetEvent` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `CloseHandle` `InitializeSListHead`
USER32.dll	`GetAsyncKeyState` `SetWindowLongA` `CallWindowProcA` `SetCursor` `GetClientRect` `GetKeyState` `FlashWindowEx` `FindWindowA`
SHELL32.dll	`SHGetFolderPathA`
MSVCP140.dll	`?_W_Getmonths@_Locinfo@std@@QBEPBGXZ` `??0_Lockit@std@@QAE@H@Z` `??1_Lockit@std@@QAE@XZ` `??Bid@locale@std@@QAEIXZ` `?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ` `?is@?$ctype@_W@std@@QBE_NF_W@Z` `?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z` `??Bios_base@std@@QBE_NXZ` `?width@ios_base@std@@QBE_JXZ` `?width@ios_base@std@@QAE_J_J@Z` `?getloc@ios_base@std@@QBE?AVlocale@2@XZ` `??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ` `??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ` `?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ` `?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ` `?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ` `?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ` `?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ` `?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ` `?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ` `?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z` `?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z` `?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ` `?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z` `?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z` `?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z` `?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z` `?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ` `??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ` `??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z` `??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ` `?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z` `?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ` `?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ` `?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z` `?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ` `?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ` `?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ` `?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z` `?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z` `?_BADOFF@std@@3_JB` `?id@?$ctype@_W@std@@2V0locale@2@A` `_Xtime_get_ticks` `_Thrd_sleep` `?uncaught_exceptions@std@@YAHXZ` `?good@ios_base@std@@QBE_NXZ` `?flags@ios_base@std@@QBEHXZ` `?setf@ios_base@std@@QAEHH@Z` `?setf@ios_base@std@@QAEHHH@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z` `?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ` `?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z` `??7ios_base@std@@QBE_NXZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z` `??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?always_noconv@codecvt_base@std@@QBE_NXZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `?_Getmonths@_Locinfo@std@@QBEPBDXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z` `?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Xinvalid_argument@std@@YAXPBD@Z` `??4?$_Yarn@D@std@@QAEAAV01@PBD@Z` `?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z` `?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z` `?_Init@locale@std@@CAPAV_Locimp@12@_N@Z` `?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z` `?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z` `??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z` `??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ` `?widen@?$ctype@_W@std@@QBE_WD@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z` `?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ` `?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z` `??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z` `??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ` `?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ` `?_Incref@facet@locale@std@@UAEXXZ` `?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z` `?_W_Getdays@_Locinfo@std@@QBEPBGXZ` `?_Xbad_alloc@std@@YAXXZ` `?_Xlength_error@std@@YAXPBD@Z` `?_Xout_of_range@std@@YAXPBD@Z` `_Mbrtowc` `?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ` `?_Getdays@_Locinfo@std@@QBEPBDXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ`
VCRUNTIME140.dll	`__std_type_info_destroy_list` `_except_handler4_common` `__vcrt_InitializeCriticalSectionEx` `strchr` `__std_exception_copy` `memcmp` `memchr` `__std_exception_destroy` `_purecall` `memmove` `_CxxThrowException` `__CxxFrameHandler3` `memcpy` `memset` `strstr`
api-ms-win-crt-runtime-l1-1-0.dll	`_invalid_parameter_noinfo_noreturn` `abort` `_initterm_e` `_initterm` `_wassert` `terminate` `_cexit` `_crt_at_quick_exit` `_errno` `_invalid_parameter_noinfo` `_execute_onexit_table` `_register_onexit_function` `_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `_crt_atexit`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `calloc` `free` `malloc`
api-ms-win-crt-utility-l1-1-0.dll	`qsort` `rand`
api-ms-win-crt-math-l1-1-0.dll	`_libm_sse2_sqrt_precise` `_dtest` `modf` `_libm_sse2_pow_precise` `_except1` `_CIfmod` `_CIatan2` `fmaxf` `_libm_sse2_atan_precise` `_libm_sse2_sin_precise` `_libm_sse2_cos_precise` `ceil` `_libm_sse2_tan_precise` `floor` `_libm_sse2_exp_precise`
api-ms-win-crt-stdio-l1-1-0.dll	`_get_stream_buffer_pointers` `_getcwd` `__stdio_common_vsnprintf_s` `fputc` `setvbuf` `fwrite` `fgetc` `fsetpos` `_fseeki64` `__stdio_common_vsscanf` `fgetpos` `__stdio_common_vfprintf` `ftell` `__acrt_iob_func` `fseek` `fread` `fflush` `fclose` `_wfopen` `ungetc` `freopen_s` `__stdio_common_vsprintf_s` `__stdio_common_vsprintf`
api-ms-win-crt-time-l1-1-0.dll	`clock`
api-ms-win-crt-string-l1-1-0.dll	`toupper` `isprint` `tolower` `strpbrk` `_strdup` `strncpy`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `atoi`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `remove` `_lock_file` `_stat64i32`

Delayed Imports

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-May-16 13:46:37
Version	`0.0`
SizeofData	`91`
AddressOfRawData	`0x4e65ec`
PointerToRawData	`0x4e51ec`
Referenced File	C:\Users\tgroben\Downloads\Castle-master\Castle\Release\Castle.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-May-16 13:46:37
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x4e6648`
PointerToRawData	`0x4e5248`

TLS Callbacks

StartAddressOfRawData	`0x10509000`
EndAddressOfRawData	`0x10509208`
AddressOfIndex	`0x10503ae0`
AddressOfCallbacks	`0x1037cda0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x104f6aa0`
SEHandlerTable	`0x104e5630`
SEHandlerCount	`786`

RICH Header

XOR Key	`0x7a5e8a7f`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
199 (41118)	`1`
ASM objects (VS2017 v15.?.? build 25930)	`10`
C objects (VS2017 v15.?.? build 25930)	`11`
C++ objects (VS2017 v15.?.? build 25930)	`23`
Imports (VS2017 v15.?.? build 25930)	`4`
Imports (24610)	`7`
Total imports	`278`
C++ objects (VS2017 v15.6.6 compiler 26131)	`72`
Resource objects (VS2017 v15.6.6 compiler 26131)	`1`
Linker (VS2017 v15.6.6 compiler 26131)	`1`

ac0dfc24b0e8103e83cf603fdbe56124

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.tls

.00cfg

.rsrc

.reloc

Imports

Delayed Imports

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors