c2a726bbf24f5840596468775ecc806e

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2023-Oct-18 17:05:02
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.
Debug artifacts D:\3.7 Work\Eternity-main\src-tauri\target\release\deps\cultivation.pdb
FileDescription Eternity
FileVersion 1.1.1
ProductVersion 1.1.1
ProductName Eternity

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to security software:
  • rshell.exe
 Accesses the WMI:
  • root\WMI
 Miscellaneous malware strings:
  • cmd.exe
 Contains domain names:
  • 0www.entrust.net
  • 7www.entrust.net
  • Entrust.net
  • GoDaddy.com
  • api.github.com
  • api.grasscutters.xyz
  • awesomeserver.com
  • birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com
  • catcert.net
  • combh3.comhonkaiimpact3.comzenlesszonezero.com
  • combhsr.combh3.comhonkaiimpact3.comzenlesszonezero.com
  • comhonkaiimpact3.comzenlesszonezero.com
  • commihoyo.comyuanshen.com
  • comyuanshen.com
  • comzenlesszonezero.com
  • entrust.net
  • gamebanana.com
  • genretrucklooksValueFrame.net
  • github.com
  • grasscutters.xyz
  • hoyoverse.commihoyo.comyuanshen.com
  • http://www.C
  • http://www.a
  • http://www.css
  • http://www.hortcut
  • http://www.icon
  • http://www.interpretation
  • http://www.language
  • http://www.style
  • http://www.text-decoration
  • http://www.w3.org
  • http://www.w3.org/shortcut
  • http://www.wencodeURIComponent
  • http://www.years
  • https://api.github.com
  • https://api.github.com/repos/Grasscutters/Cultivation/releases/latestUser-Agentsrc\release.rs
  • https://api.grasscutter.io
  • https://api.grasscutter.io/cultivation/updater?version
  • https://api.grasscutters.xyz
  • https://api.grasscutters.xyz/cultivation/updater?version
  • https://asset.localhost
  • https://gamebanana.com
  • https://github.com
  • https://tauri.app
  • https://tauri.localhost
  • https://www.World
  • https://www.catcert.net
  • https://www.catcert.net/verarrel
  • https://www.recent
  • my.awesomeserver.com
  • openssl.org
  • starrails.combhsr.combh3.comhonkaiimpact3.comzenlesszonezero.com
  • thing.org
  • www.catcert.net
  • www.entrust.net
  • www.w3.org
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to RC5 or RC6
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
  • LoadLibraryW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
  • NtQueryInformationProcess
  • NtQuerySystemInformation
 Can access the registry:
  • RegisterHotKey
  • RegGetValueW
  • RegOpenKeyExW
  • RegSetValueExW
  • RegCloseKey
  • RegQueryValueExW
 Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
 Uses Windows's Native API:
  • NtQueryInformationProcess
  • NtQuerySystemInformation
  • NtCreateFile
  • NtCancelIoFileEx
  • NtDeviceIoControlFile
  • NtWriteFile
  • NtReadFile
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Uses functions commonly found in keyloggers:
  • GetAsyncKeyState
  • MapVirtualKeyW
  • GetForegroundWindow
 Leverages the raw socket API to access the Internet:
  • closesocket
  • select
  • WSAStartup
  • WSAIoctl
  • getaddrinfo
  • ioctlsocket
  • freeaddrinfo
  • WSACleanup
  • getsockname
  • accept
  • getpeername
  • WSASocketW
  • bind
  • connect
  • listen
  • getsockopt
  • WSADuplicateSocketW
  • shutdown
  • recv
  • socket
  • send
  • WSASend
  • WSAGetLastError
  • setsockopt
 Functions related to the privilege level:
  • CheckTokenMembership
  • AdjustTokenPrivileges
  • OpenProcessToken
  • LsaEnumerateLogonSessions
 Interacts with services:
  • OpenServiceW
  • OpenSCManagerW
  • ControlService
  • QueryServiceStatusEx
 Enumerates local disk drives:
  • GetVolumeInformationW
  • GetDriveTypeW
 Manipulates other processes:
  • OpenProcess
  • ReadProcessMemory
 Changes object ACLs:
  • SetFileSecurityW
 Reads the contents of the clipboard:
  • GetClipboardData
 Interacts with the certificate store:
  • CertAddCertificateContextToStore
  • CertOpenStore
Suspicious VirusTotal score: 2/71 (Scanned on 2024-02-12 11:12:20) Google: Detected
Ikarus: Trojan.Win64.CoinMiner

Hashes

MD5 c2a726bbf24f5840596468775ecc806e
SHA1 fe59f3130c66845933b6f353e058c5ee2b802129
SHA256 88148d5daeb31c7a0aa853d056d98ba7c2fcfb074553ddb016a66065eb16cfc5
SHA3 8add56c389d47acbcb2472add5eaeffcd9a1f7bc3a566c166c10ae6a059fbb20
SSDeep 196608:ssfmC/yqwYPFR5EkMior8dv1nkE2GkpLl:s+bxwYPFRukMiom932tL
Imports Hash d895e4c89ba82b8ec9dfadceb88eabd5

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2023-Oct-18 17:05:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa98c00
SizeOfInitializedData 0x5e1600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000A60210 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x107e000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1ae1b7e0e299520745809258ba17c0d7
SHA1 6c58c8dc697a7b63bb15326ae8daf60443208166
SHA256 34a25e081d7e193bc4551a96f30c3d5c506af83211146a5cb63690ab33adfdfa
SHA3 77ca236a64efb05bedfdf7aa5794d1f5234f58f8ca162e040f28899e0ecd268b
VirtualSize 0xa98aa2
VirtualAddress 0x1000
SizeOfRawData 0xa98c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.24605

.rdata

MD5 2c32f20c1a9c3a97c31a2bbc8eec928c
SHA1 d012bbe8046a9526f04a09e60388d52e998962d1
SHA256 72ed1fde5cdf05917c22746c7a8ad447c0148d4a620f12b39433cfa0769c2ccc
SHA3 9160b04be7b1a4749f92667b759957b632378872437d5cbb21c1a4f25b9d95cd
VirtualSize 0x4f0b08
VirtualAddress 0xa9a000
SizeOfRawData 0x4f0c00
PointerToRawData 0xa99000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.4306

.data

MD5 6a2557ed4d42c0d8f41ed49ecc2a7901
SHA1 d7b301871478e6e918ce280fd999e6add15fad6c
SHA256 e9ae0dd75668d728695f63b567ba136bccdbcb133525ad9cae8ed7b9ae105dc4
SHA3 cae03a21cbc76494fd71b35dbd7c3924efbf8d1895e35f284c6a12750ffad828
VirtualSize 0xce30
VirtualAddress 0xf8b000
SizeOfRawData 0x5600
PointerToRawData 0xf89c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.21113

.pdata

MD5 b08ab874ed6f7d92ef32a1b065d5965d
SHA1 c7040189f966586137b724c01e81e65441c8d5df
SHA256 f7c2895eb2b14edf7d3b8a5a8de47157a886db8efd3e04b780dff61f34bc1d5d
SHA3 b4ad4dcb812ef3ed4629360aaef4aff2884be2c53ebefe8866baa013880a359a
VirtualSize 0x931a4
VirtualAddress 0xf98000
SizeOfRawData 0x93200
PointerToRawData 0xf8f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.58968

_RDATA

MD5 7afa785e0df477262eb2063d56416ad5
SHA1 321776d9f94eb1282f15b63c4cfdc02b0cff783d
SHA256 9f850dc79dafd0efcf0f0affd2838f308393887e351cb477dd73fea43fdd4acc
SHA3 52b158a331f3491337e2449dc39a097a1651be68e9ced4c3f6e1393f6232345b
VirtualSize 0x15c
VirtualAddress 0x102c000
SizeOfRawData 0x200
PointerToRawData 0x1022400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.30684

.rsrc

MD5 227ff9676c6d119d152624264970e7f7
SHA1 78cc070580668d8b201deac4ba989cf236bfff71
SHA256 aed77d206e61eba419d8e9f7a1dc7b623bfeeed844dc37d7dd3155da47b24bdf
SHA3 89e2a6ef1efd41c5c9d077b5aa06b6065e5c6aa7323a08f502971f0869419b64
VirtualSize 0x43c08
VirtualAddress 0x102d000
SizeOfRawData 0x43e00
PointerToRawData 0x1022600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.730154

.reloc

MD5 310a1fa2858124d42983a3e0e1bd14de
SHA1 9b84f7844f8295c48ff23c6e1e19862807d80bcd
SHA256 74a8c19823b745eb0b4239684961db35f43c4b214abfd39868706e69af9f5bfe
SHA3 403e274816040441c7812d7fe3ff41fd7bebcd17ab7005f2336862f9703b604d
VirtualSize 0xc6bc
VirtualAddress 0x1071000
SizeOfRawData 0xc800
PointerToRawData 0x1066400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.45384

Imports

kernel32.dll GetProcAddress
FreeLibrary
GetCurrentProcessId
Sleep
TryAcquireSRWLockExclusive
SetLastError
PostQueuedCompletionStatus
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitOnceExecuteOnce
GetTickCount64
SetFileCompletionNotificationModes
GetLastError
IsDBCSLeadByte
GetCPInfo
RtlVirtualUnwind
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
AreFileApisANSI
GetCurrentProcess
TzSpecificLocalTimeToSystemTime
GetSystemInfo
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
QueryPerformanceFrequency
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetExitCodeProcess
QueryPerformanceCounter
LocalFree
VirtualQueryEx
ReadProcessMemory
GetSystemTimeAsFileTime
SetFileTime
ReleaseSemaphore
GlobalMemoryStatusEx
GetModuleFileNameW
FoldStringW
CreateHardLinkW
GetModuleHandleW
GetLogicalDrives
LocalFileTimeToFileTime
GetSystemTime
GetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
UnhandledExceptionFilter
ReadFile
IsProcessorFeaturePresent
InitializeSListHead
GetFileType
WaitForSingleObject
SetConsoleCtrlHandler
CreateSemaphoreA
GetVolumeInformationW
FileTimeToSystemTime
IsDebuggerPresent
FlushFileBuffers
GetStdHandle
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SleepConditionVariableSRW
GetModuleHandleA
CreateEventW
SetFilePointer
GetFullPathNameW
LoadLibraryA
RemoveDirectoryW
GetShortPathNameW
GetCurrentThread
GetLongPathNameW
GetTempPathW
lstrlenW
ReadConsoleW
WriteConsoleW
CreateProcessW
GetWindowsDirectoryW
WaitForMultipleObjects
CreateNamedPipeW
ExitProcess
SetCurrentDirectoryW
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
MoveFileExW
GetConsoleMode
WriteFile
GetFileInformationByHandleEx
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
WakeConditionVariable
WakeAllConditionVariable
GetProcessId
TerminateProcess
TlsFree
ReadFileEx
SleepEx
WriteFileEx
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
RtlLookupFunctionEntry
RtlCaptureContext
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
ReleaseMutex
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
GetFileInformationByHandle
EncodePointer
SetThreadPriority
FindNextFileW
GlobalLock
GlobalUnlock
FindFirstFileW
FindClose
GlobalAlloc
InitializeCriticalSectionAndSpinCount
MoveFileW
DeviceIoControl
SetFileAttributesW
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
OutputDebugStringA
OutputDebugStringW
TlsAlloc
TlsGetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LoadLibraryExW
TlsSetValue
GetEnvironmentVariableW
DeleteFileW
CreateFileW
CreateDirectoryW
GetProcessAffinityMask
FormatMessageW
CreateThread
CreateSemaphoreW
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVersionExW
GetSystemDirectoryW
LoadLibraryW
SetHandleInformation
SetThreadExecutionState
DuplicateHandle
CreatePipe
CloseHandle
GetOverlappedResult
ws2_32.dll closesocket
select
WSAStartup
WSAIoctl
getaddrinfo
ioctlsocket
freeaddrinfo
WSACleanup
getsockname
accept
getpeername
WSASocketW
bind
connect
listen
getsockopt
WSADuplicateSocketW
shutdown
recv
socket
send
WSASend
WSAGetLastError
setsockopt
user32.dll SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
ClientToScreen
SystemParametersInfoA
GetTouchInputInfo
GetWindowLongPtrW
IsWindowVisible
ClipCursor
GetClipCursor
GetAncestor
AdjustWindowRectEx
GetMenu
GetWindowRect
SetCapture
GetMessageW
ScreenToClient
CloseTouchInputHandle
SetWindowLongPtrW
SendInput
GetAsyncKeyState
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
GetKeyState
RegisterClassExW
RegisterWindowMessageA
MessageBoxW
MapVirtualKeyExW
SetMenu
VkKeyScanW
TrackMouseEvent
GetClientRect
SendMessageW
GetCursorPos
SetForegroundWindow
EnumChildWindows
GetUpdateRect
CreateIcon
MapVirtualKeyW
PostThreadMessageW
AppendMenuW
ValidateRect
RegisterHotKey
DestroyIcon
UnregisterHotKey
SetMenuItemInfoW
CreateMenu
PostQuitMessage
CreateAcceleratorTableW
DestroyWindow
TranslateAcceleratorW
GetDC
IsProcessDPIAware
GetKeyboardLayout
ToUnicodeEx
GetRawInputData
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
GetWindowLongW
RegisterClipboardFormatA
SetClipboardData
DefWindowProcW
DestroyAcceleratorTable
GetMessageA
DispatchMessageA
PostMessageW
EnableMenuItem
DispatchMessageW
TranslateMessage
MonitorFromRect
SetWindowPos
SetCursor
CheckMenuItem
CharToOemBuffW
ShowWindow
SetWindowLongW
MonitorFromWindow
CharLowerW
CharUpperW
OemToCharBuffA
OemToCharA
CharToOemA
GetKeyboardState
GetForegroundWindow
PeekMessageW
RedrawWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
FlashWindowEx
GetActiveWindow
SetCursorPos
ShowCursor
LoadCursorW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
ReleaseCapture
GetMonitorInfoW
advapi32.dll RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
OpenServiceW
OpenSCManagerW
StartServiceW
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityW
CloseServiceHandle
RegOpenKeyExW
RegSetValueExW
ControlService
QueryServiceStatusEx
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
SystemFunction036
RegCloseKey
RegQueryValueExW
GetTokenInformation
OpenProcessToken
FreeSid
shell32.dll SHGetKnownFolderPath
ShellExecuteW
SHCreateItemFromParsingName
CommandLineToArgvW
DragFinish
DragQueryFileW
secur32.dll LsaFreeReturnBuffer
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
LsaEnumerateLogonSessions
LsaGetLogonSessionData
QueryContextAttributesW
FreeCredentialsHandle
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
ApplyControlToken
crypt32.dll CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertCloseStore
CertDuplicateStore
CertFreeCertificateContext
comctl32.dll RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc
ole32.dll CoInitializeEx
CoSetProxyBlanket
OleInitialize
CreateStreamOnHGlobal
RegisterDragDrop
CoUninitialize
CoInitializeSecurity
CoCreateInstance
RevokeDragDrop
CoTaskMemFree
CoTaskMemAlloc
gdi32.dll CreateRectRgn
GetDeviceCaps
DeleteObject
dwmapi.dll DwmEnableBlurBehindWindow
powrprof.dll CallNtPowerInformation
oleaut32.dll SysFreeString
SysAllocString
SetErrorInfo
SysStringLen
GetErrorInfo
VariantClear
ntdll.dll RtlGetVersion
NtQueryInformationProcess
NtQuerySystemInformation
NtCreateFile
RtlGetNtVersionNumbers
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
NtWriteFile
NtReadFile
psapi.dll GetPerformanceInfo
GetModuleFileNameExW
pdh.dll PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData
PdhRemoveCounter
PdhCloseQuery
iphlpapi.dll GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses
netapi32.dll NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum
NetApiBufferFree
uxtheme.dll SetWindowTheme
bcrypt.dll BCryptGenRandom
api-ms-win-crt-math-l1-1-0.dll trunc
round
floor
__setusermatherr
api-ms-win-crt-heap-l1-1-0.dll malloc
realloc
_set_new_mode
calloc
_callnewh
free
api-ms-win-crt-string-l1-1-0.dll strcpy_s
_wcsicmp
wcsncpy
wcslen
strlen
wcspbrk
wcsncmp
api-ms-win-crt-runtime-l1-1-0.dll _wassert
_errno
abort
terminate
_crt_atexit
_configure_narrow_argv
_cexit
_initialize_narrow_environment
_register_onexit_function
exit
_initialize_onexit_table
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_initterm_e
_exit
_c_exit
__p___argc
__p___argv
_initterm
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
__stdio_common_vswprintf
api-ms-win-crt-convert-l1-1-0.dll _ultow_s
wcstol
api-ms-win-crt-time-l1-1-0.dll clock
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2428
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.12732
MD5 001bc9f88cf60d81a0d49c6a26443df0
SHA1 f9753a780bc0238b3a1a78c5ee10f0418255a56d
SHA256 1dcac908d2feaf31c1512ed2c15b4ff02a8e6965bae73e88c43697b15172648c
SHA3 866a24ed46027f83828d2e1ffaafa0d97ae743e02625e7477ff6677fe4633718

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.29028
MD5 833143f4a8f9c287ea9a35040753df8a
SHA1 cc4b7508ca5556ed86ad18c813ec59f2eb962e04
SHA256 16d7acf329ecc12abab6a27d4c22b417a59929d8718b188ea91d15e5e59712e8
SHA3 962db7493bcc2a4be814eb092f209ea4a34029ff806dd846838eb9cbaf9e97f2

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x428
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.48673
MD5 d4f8aebb2cd6b0629e55e9936eca4a0d
SHA1 551634032fe5b08432d01907e0d63ff5c53048ca
SHA256 e3852b0693c993815b954c1382ef1b7716e523b68e49dec03f2d1ef76354d1df
SHA3 2b39e7beba8db5283dba2877414ea1ff243b76b16fdd72e0d4041840b8aa4e50

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x40028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0.684947
MD5 3e4b4dce3ecac9c872911c8789d6a64f
SHA1 0360432a184361f1ab86ec57cb002c012f4bbb0e
SHA256 83d2ddaac4594db84b1b67ee8e5e1d57dcb9162d355c51e9e4788fa3706d69e7
SHA3 ab4888cec52b9ce5e95f1c39550baff53335dc5e3fbc58a0656dd5f3ca41f23a

32512

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.29697
Detected Filetype Icon file
MD5 059d7d34967577dd8bb5661dc22fd35b
SHA1 3f87cb072bbc7c11fa9b0be7bcce4cb918bd39a2
SHA256 be95a466bad9f4667b832497e248e24a388b2789f78728b1976ff8778107b3be
SHA3 090f42692c2227cc9fba26253de0f84c6f8a56a0dbf11df81cfd4071fdf79d57

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x1a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.10218
MD5 30ed20378592d72aef465db18b3921d9
SHA1 7167b21697f7272c871e1795b7e9d46be5a247b3
SHA256 3baaac06c03efecb976857b0fa0192ce86b76e3114084604f4fee48a8729e739
SHA3 59d38abe8cf9ff34656f2a6992312b3d305fe459ad32ac993f80d4bdd3f29539

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.1.1.0
ProductVersion 1.1.1.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
FileDescription Eternity
FileVersion (#2) 1.1.1
ProductVersion (#2) 1.1.1
ProductName Eternity
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2023-Oct-18 17:05:02
Version 0.0
SizeofData 96
AddressOfRawData 0xd6a52c
PointerToRawData 0xd6952c
Referenced File D:\3.7 Work\Eternity-main\src-tauri\target\release\deps\cultivation.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2023-Oct-18 17:05:02
Version 0.0
SizeofData 20
AddressOfRawData 0xd6a58c
PointerToRawData 0xd6958c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2023-Oct-18 17:05:02
Version 0.0
SizeofData 1084
AddressOfRawData 0xd6a5a0
PointerToRawData 0xd695a0

TLS Callbacks

StartAddressOfRawData 0x140d6aa00
EndAddressOfRawData 0x140d6ad5c
AddressOfIndex 0x140f97c20
AddressOfCallbacks 0x140a9afd0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x00000001409C2000

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140f903c8

RICH Header

XOR Key 0xab269c6c
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 20
C++ objects (VS 2015-2022 runtime 32533) 49
C objects (VS 2015-2022 runtime 32533) 16
ASM objects (VS 2015-2022 runtime 32533) 9
Total imports 575
Imports (30148) 47
C++ objects (VS2022 Update 7 (17.7.4) compiler 32825) 44
C objects (VS2022 Update 7 (17.7.4) compiler 32825) 53
Unmarked objects (#2) 1132
Resource objects (VS2022 Update 7 (17.7.4) compiler 32825) 1
Linker (VS2022 Update 7 (17.7.4) compiler 32825) 1

Errors

<-- -->