Manalyze report for c510051f24e1a02f054dde0c810a99ae

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-May-31 14:47:24
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	D:\a\boiii-free\boiii-free\build\bin\x64\Release\boiii.pdb
CompanyName	momo5502
FileDescription	BOIII
FileVersion	`1.0.5.1465`
InternalName	something
LegalCopyright	Copyright (C) 2022 momo5502. All rights reserved.
OriginalFilename	boiii.exe
ProductName	BOIII
ProductVersion	`1.0.5`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` Contains domain names: a.akamaihd.net akamaihd.net au.demonware.net auth3.prod.demonware.net demonware.net eu.demonware.net example.com http://prod.umbrella.demonware.net http://prod.uno.demonware.net http://prod.uno.demonware.net/v1.0 http://www.winimage.com http://www.winimage.com/zLibDll https://bo3.ezz.lol https://bo3.ezz.lol/boiii.json https://bo3.ezz.lol/boiii/ https://curl.se https://steamcdn-a.akamaihd.net https://steamcdn-a.akamaihd.net/client/installer/steamcmd.zip https://store.steampowered.com https://store.steampowered.com/about/ jp.demonware.net lobby.prod.demonware.net ops3-pc-auth3.prod.demonware.net ops3-pc-lobby.prod.demonware.net pc-auth3.prod.demonware.net pc-lobby.prod.demonware.net prod.demonware.net prod.umbrella.demonware.net prod.uno.demonware.net steamcdn-a.akamaihd.net steampowered.com store.steampowered.com stun.au.demonware.net stun.eu.demonware.net stun.jp.demonware.net stun.us.demonware.net umbrella.demonware.net uno.demonware.net us.demonware.net winimage.com www.winimage.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegCreateKeyExA RegCreateKeyExW RegCloseKey RegQueryValueExW RegSetValueExW RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Uses Windows's Native API: NtQueryObject ntohs ntohl` `Uses Microsoft's cryptographic API: CryptDecodeObjectEx CryptStringToBinaryA CryptQueryObject CryptProtectData CryptAcquireContextW CryptGenRandom CryptAcquireContextA CryptCreateHash CryptHashData CryptDestroyHash CryptGetHashParam CryptReleaseContext` `Can create temporary files: CreateFileA CreateFileW GetTempPathA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: WSAEventSelect WSAResetEvent WSAWaitForMultipleEvents accept getsockopt listen WSAIoctl WSAGetLastError WSACloseEvent recv WSAEnumNetworkEvents getaddrinfo freeaddrinfo getpeername getsockname gethostbyname connect closesocket send WSASetLastError WSACreateEvent sendto recvfrom __WSAFDIsSet select ioctlsocket socket setsockopt htonl htons bind ntohs ntohl WSAStartup WSACleanup` `Enumerates local disk drives: GetVolumeInformationA GetDriveTypeW` `Manipulates other processes: OpenProcess` `Interacts with the certificate store: CertOpenStore CertAddCertificateContextToStore`
Malicious	The PE is possibly a dropper.	`Resource 305 is possibly compressed or encrypted.` `Resource 308 detected as a PE Executable.`
Suspicious	VirusTotal score: 1/72 (Scanned on 2025-01-26 21:45:46)	`DrWeb: Trojan.MulDrop27.37231`

Hashes

MD5	`c510051f24e1a02f054dde0c810a99ae`
SHA1	`6e95b2ab081b597e8d1ea2a56a4f79fd91aa2782`
SHA256	`c2bd2d739f684f985614322adb4e60dbb12a7bf4e4f80e66a3c720772e3db8b4`
SHA3	`a3ff2d5af6a7cee9cc53e3e7cd5bb54c89e5a4339d60a7bc77cb442f3afe8d33`
SSDeep	`49152:zYOe3BUq0QFE4T+627zjhbkdHFqimF8R0WEkmrH:zg3Ba7oqimPWEnj`
Imports Hash	`3f0e1ea5b7189bd48839f20b4c7c9b0d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-May-31 14:47:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x14c400`
SizeOfInitializedData	`0x190400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000010D384 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x170000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2e3000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e76edf35c5b9b8ebb769eaec73856c63`
SHA1	`8fa3a9b23171ea08797a16fe47d584d2e285076b`
SHA256	`fa7a45fe3eddf4cbdf8d54b4241f3bb2a131a05c766387977b27975dc340f7e3`
SHA3	`8458077e56f3efcad41e864ad340911442d367e63fc8264f8e2e0ac8dbbee1d9`
VirtualSize	`0x14c2ec`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14c400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51294`

.rdata

MD5	`b16e7a23128ca186543aa2df5e6f17f2`
SHA1	`5716eb149b158df4c6443c4262936e51a59dd0d7`
SHA256	`2fd9aca15e975360fe3120b02b75a3a6f987c62a985cc7f654be0219f381c313`
SHA3	`ff241eac1b63542796a37f41489d3c64392bc638f4053cedc41c1b1dd45475a9`
VirtualSize	`0x71092`
VirtualAddress	`0x14e000`
SizeOfRawData	`0x71200`
PointerToRawData	`0x14c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.47897`

.data

MD5	`c0fb24269e92dc858e919cbcdb28c346`
SHA1	`90ec478ff0b85cf99ba793f8a5176b7d3f39ffc9`
SHA256	`9e7c290e75ca0df76abcb37118f073b4e746d63bec2d3b43539ecd4931a84265`
SHA3	`5048d47110e5de7e9fa6f0bfc2cf299a2e7fed462f0aee42b546a057719f48cc`
VirtualSize	`0x64098`
VirtualAddress	`0x1c0000`
SizeOfRawData	`0x25a00`
PointerToRawData	`0x1bda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.57968`

.pdata

MD5	`4cff0488947a9f41df76ac77d34dc8a3`
SHA1	`3cf1a88a5cb10f902417bd85b652132b45ecba34`
SHA256	`9ac9c95476506d6a3559e920320c524c1d7711b300a471657ea1dd933c6373a0`
SHA3	`baca5130e8baf57a3152695b0dff47194aba05ceb92ca9b32eebaf1526d13ad4`
VirtualSize	`0xc600`
VirtualAddress	`0x225000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x1e3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.07301`

_RDATA

MD5	`118f38b4f6a90ef81b9d223c9074a1c3`
SHA1	`70f759f992adee09ec2e8e601d7e56d1638448f4`
SHA256	`2b13c636c6c4745c448cf7bb04ff6c4c0e39d8cbe6ee1c587608c405c5a20696`
SHA3	`4f6cff815ac1326fe4d1b988aa2d2f26062de0d8a4ae406d2a8cf9f5a2343f3c`
VirtualSize	`0x1f4`
VirtualAddress	`0x232000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1efa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.19972`

.rsrc

MD5	`6f9dc0db14d5b5e5e631f6d3d42a19c3`
SHA1	`91b875ccf4bec951a938a9ee63ce26ce44a19707`
SHA256	`bf494c4765aa2f47daa35c866192d66d894783a972d7015665fc90720fa601f4`
SHA3	`15794a9e71de0d94983134939ed890ba875b6ee3f2d0959b4ba6c8b45d9495cf`
VirtualSize	`0xab218`
VirtualAddress	`0x233000`
SizeOfRawData	`0xab400`
PointerToRawData	`0x1efc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.19562`

.reloc

MD5	`29e8c28a9e8b0754d4f5aad089a7d467`
SHA1	`24fcddfabf3c0f1f006b57056be3cbb71a0b1c66`
SHA256	`86702cfaae5267c2ddaeac40e728be3ca707e2feb5193b4d648f57b79a67871d`
SHA3	`aaa0d2979d229e886f18926ab8dcbac72f6ab69a8693db243bb17c6859345739`
VirtualSize	`0x3264`
VirtualAddress	`0x2df000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x29b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41922`

Imports

CRYPT32.dll	`CertFreeCertificateChainEngine` `CertGetCertificateChain` `CryptDecodeObjectEx` `CertOpenStore` `CertFindCertificateInStore` `CertCloseStore` `CertEnumCertificatesInStore` `CryptStringToBinaryA` `CertFreeCertificateContext` `PFXImportCertStore` `CryptQueryObject` `CertFreeCertificateChain` `CertGetNameStringA` `CertFindExtension` `CertCreateCertificateChainEngine` `CryptProtectData` `CertAddCertificateContextToStore`
KERNEL32.dll	`GetThreadContext` `HeapDestroy` `HeapCreate` `MapViewOfFile` `CreateFileMappingW` `UnmapViewOfFile` `GetLargePageMinimum` `InitializeCriticalSection` `CreateThread` `GetCurrentProcessId` `TerminateProcess` `GetCurrentProcess` `OutputDebugStringA` `CreateMutexExA` `OpenProcess` `AddVectoredExceptionHandler` `GetProcAddress` `SetThreadContext` `RtlUnwind` `WriteConsoleW` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `GetACP` `IsValidCodePage` `HeapSize` `SetEndOfFile` `SetStdHandle` `HeapReAlloc` `SetFilePointerEx` `GetTimeZoneInformation` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetTickCount64` `GetEnvironmentVariableA` `DeleteCriticalSection` `DecodePointer` `InitializeCriticalSectionEx` `GetTickCount` `GetVolumeInformationA` `ExitProcess` `VirtualProtect` `GetModuleHandleA` `MultiByteToWideChar` `GetCommandLineA` `Sleep` `GetExitCodeProcess` `WaitForSingleObject` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `HeapFree` `HeapAlloc` `GetConsoleOutputCP` `ReadConsoleW` `GetConsoleMode` `GetStdHandle` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `GetDriveTypeW` `GetFileType` `FreeLibraryAndExitThread` `ExitThread` `LoadLibraryExW` `CreateProcessA` `GetCurrentDirectoryA` `SetUnhandledExceptionFilter` `GetVersionExA` `GetCurrentThreadId` `SetEnvironmentVariableA` `GetConsoleWindow` `AllocConsole` `AttachConsole` `SetConsoleTitleA` `MulDiv` `GetProcessAffinityMask` `SetProcessAffinityMask` `CloseHandle` `GetLastError` `CreateMutexA` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `InterlockedPushEntrySList` `RtlUnwindEx` `GetStartupInfoW` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `InitializeSListHead` `GetStringTypeW` `GetCPInfo` `CompareStringEx` `LCMapStringEx` `EncodePointer` `GetSystemTimeAsFileTime` `GetModuleHandleExW` `IsProcessorFeaturePresent` `SleepConditionVariableSRW` `WakeAllConditionVariable` `CreateSymbolicLinkW` `GetFileInformationByHandleEx` `CreateHardLinkW` `MoveFileExW` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `SetLastError` `FormatMessageW` `GetSystemDirectoryA` `LoadLibraryA` `QueryPerformanceFrequency` `FreeLibrary` `EnterCriticalSection` `LeaveCriticalSection` `LocalFree` `WideCharToMultiByte` `VerifyVersionInfoW` `SleepEx` `MoveFileExA` `WaitForSingleObjectEx` `ReadFile` `GetFileSizeEx` `CreateFileA` `WriteFile` `PeekNamedPipe` `CreateFileW` `WaitNamedPipeW` `lstrlenW` `GetModuleFileNameW` `SizeofResource` `FindResourceA` `GetModuleHandleExA` `LockResource` `LoadResource` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `FlushInstructionCache` `GetSystemFirmwareTable` `DeleteFileW` `MoveFileW` `VirtualQuery` `GetCommandLineW` `Thread32Next` `Thread32First` `SuspendThread` `ResumeThread` `CreateToolhelp32Snapshot` `GetThreadId` `OpenThread` `SetFilePointer` `GetTempPathA` `GetTempFileNameA` `FlushFileBuffers` `ReleaseMutex` `IsDebuggerPresent` `OutputDebugStringW` `RaiseException` `TryAcquireSRWLockExclusive` `GetExitCodeThread` `GetNativeSystemInfo` `FormatMessageA` `GetLocaleInfoEx` `GetCurrentDirectoryW` `CreateDirectoryW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `GetFileInformationByHandle` `GetFinalPathNameByHandleW` `GetFullPathNameW` `SetFileInformationByHandle` `AreFileApisANSI` `DeviceIoControl` `GetModuleHandleW` `CopyFileW` `QueryPerformanceCounter`
USER32.dll	`ShowWindow` `PeekMessageW` `TranslateMessage` `DispatchMessageW` `ShowCursor` `IsWindow` `DestroyWindow` `DefWindowProcA` `GetWindowRect` `SetWindowPos` `SetWindowRgn` `SetFocus` `PostQuitMessage` `UnregisterClassA` `MessageBoxA` `GetClientRect` `RegisterClassExA` `SetForegroundWindow` `GetMessageA` `DispatchMessageA` `MoveWindow` `GetWindowLongPtrA` `SetProcessDPIAware` `GetWindowTextW` `GetSystemMetrics` `GetWindowTextA` `LoadIconA` `SetWindowLongPtrA` `SendMessageA` `CreateWindowExA` `SetWindowTextA` `UpdateWindow` `ReleaseDC` `GetDesktopWindow` `GetDC` `AdjustWindowRect` `LoadCursorA` `RegisterClassA`
GDI32.dll	`GetDeviceCaps` `SetTextColor` `SetBkColor` `CreateSolidBrush` `DeleteObject` `CreateFontA` `CreateRoundRectRgn` `CreateBitmap`
ADVAPI32.dll	`CryptAcquireContextW` `CryptGenRandom` `RegCreateKeyExA` `GetUserNameA` `RegCreateKeyExW` `CryptAcquireContextA` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `CryptGetHashParam` `CryptReleaseContext` `RegCloseKey` `RegQueryValueExW` `RegSetValueExW` `RegOpenKeyExA` `RegQueryValueExA` `GetCurrentHwProfileA`
SHELL32.dll	`SHGetKnownFolderPath` `ShellExecuteA` `CommandLineToArgvW`
ole32.dll	`CoTaskMemFree` `OleUninitialize` `CoCreateInstance` `CoUninitialize` `CoInitialize` `CoGetClassObject` `OleSetContainedObject` `OleInitialize`
OLEAUT32.dll	`VariantCopy` `VariantClear` `VariantInit` `SysAllocString`
ntdll.dll	`NtQueryObject` `VerSetConditionMask` `RtlPcToFileHeader`
WS2_32.dll	`WSAEventSelect` `WSAResetEvent` `WSAWaitForMultipleEvents` `accept` `getsockopt` `listen` `WSAIoctl` `WSAGetLastError` `WSACloseEvent` `recv` `WSAEnumNetworkEvents` `getaddrinfo` `freeaddrinfo` `getpeername` `getsockname` `gethostbyname` `connect` `closesocket` `send` `WSASetLastError` `WSACreateEvent` `sendto` `recvfrom` `__WSAFDIsSet` `select` `ioctlsocket` `socket` `setsockopt` `htonl` `htons` `bind` `ntohs` `ntohl` `WSAStartup` `WSACleanup`
dwmapi.dll	`DwmSetWindowAttribute`
bcrypt.dll	`BCryptGenRandom`
dbghelp.dll	`MiniDumpWriteDump`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x1c0f44`

NvOptimusEnablement

Ordinal	`2`
Address	`0x1c0f40`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a74`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94232`
Detected Filetype	PNG graphic file
MD5	`e3d61493d54f1c426e5efe11959246f0`
SHA1	`c2d8285e2141294cc6c2806f1b57ee151f77e153`
SHA256	`54f7c3c3dae3c98e53de66a08b901ec232de678b2704b07054064f89462d4c35`
SHA3	`f07ee686aeb1e30a073c1b4f32d11a51850e078b864a3d9481acd0b235a3f5fa`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48836`
MD5	`37a3bf5f40fbbfd34b2ac4a87d0d5a7a`
SHA1	`abb81c904a6a8ff687f7fbd973b8424b41330879`
SHA256	`591f24000f4bb2a8e5aec74784e90452c9cdd29671fc9254452594041c71bc2c`
SHA3	`9ad718dd47132f1fbb372eb3356a679236f67cfbf0c874faa1939f7426f85f43`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62997`
MD5	`5b7a3bc0a32489e32334eb668ed0dd63`
SHA1	`81205ea23ff3262645930f20c3a91c64d64a38ce`
SHA256	`51454bb43e175ed41a1dc6725046b11da829c6e7ad042dc99c43632d087fdae6`
SHA3	`6f34767dff1fc4ca48320d8b9c85d32755f0c2e6545748d55eeae6b9b6b9bbc8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71916`
MD5	`44aff26fa04f0c540a4ecea2f628306d`
SHA1	`b54ec9aa922618c4b793bd21cdfad53e177c24c3`
SHA256	`b5a91c3ba177342196006f44d57d9bb1772383aaf8761e81661a9fd6a17ba375`
SHA3	`b80eda972e840334bda83bb08b39c7e38a95ed27350e6ef292285f0d448e15da`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82493`
MD5	`086f9a4982f6d7bd3203400e754a2a17`
SHA1	`ee286f8ef8f02069d19ae326fea527e7f8440536`
SHA256	`66d2ca8c28043fb002decbd8f6df277051ee1afa932b580cef405982c85fc7ed`
SHA3	`7cd2895f8a938c9f6cf279b0752f5863d96d51cca933a4883754672340021291`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14458`
MD5	`94d694ab3ae4ba5a399e2afe7fc5aa51`
SHA1	`882684d2fecc0736d4e5245178ad78a8d4eca449`
SHA256	`fbd7b109d6a92da8c0bfc3981fb3ce1ef23e2e0b9953752cf31d029c0a09e040`
SHA3	`5618e9543286e7dc8ebbcacdfe4ecc67d180b7a0888e71320595008bb77e3870`

300

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1bbaf`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95446`
Detected Filetype	JPEG graphic file
MD5	`fc65885e5413adaa08b7093577ed20bc`
SHA1	`7d5147937ae6d69db5bf438d4480bd5eb64a7c08`
SHA256	`cd5c933d1bcbbe088009d901f1386f99eddf49e8f2519352d86e8c2b0d0f1058`
SHA3	`c953f438ac2995420c380e36f8f213be4945a7b9ba25f41239cc2e8ed4a441cb`

301

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3169`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92963`
Detected Filetype	JPEG graphic file
MD5	`219d19bf9c4a44502fd59730b16a9d4d`
SHA1	`05ccbcb5897d70b6c177eeaad050502a0fcd25bd`
SHA256	`8922e5dbb6e927b93c6448e434758da3d2c5b4ea7092c581c13558138a189705`
SHA3	`2dfe752ba1c38ef85e527395b8bf6f0a337d46434f2e047440873707ef30f4eb`

302

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x236b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09296`
MD5	`688c4d17b27c8a2a6fa85cd51ba947fa`
SHA1	`b488212956331c81126c7a1d6d269cfc6c48512d`
SHA256	`4c584480420b887b731a712f772cede52e3b79c7d8d57522b95d798c94c576cb`
SHA3	`8fc988a39753c1317729c98aa2bd6124cef8860609e34f08583c9235c5543f68`

303

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.97976`
MD5	`9dc55f7237746c6a721552d1930050c1`
SHA1	`375967f25afe850d29c43ea934718f732100935c`
SHA256	`0711a69d3a7d6fcd112a84f3c5147e9b9b73d93745c5805498a932c69b8a929a`
SHA3	`d3754f9b7597bcb12644fdbbb5b092f0c4659bb3336a9022daf24abfd6a4e3a2`

304

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3886b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.81653`
MD5	`516f979d669e6b50e6ae27a8e5cb2119`
SHA1	`cba9a8e748104886f84feb2c1a900f2cd28bdc45`
SHA256	`6ff6414044792d4e28f534ee62a7f973510d493924b8c1b7d1e60085f964ef79`
SHA3	`13103247714019bf525519d397c3552c70346ee15be8998bea1445d6da99f161`

305

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99853`
MD5	`c10ccdbeae883346e67aa446bc6bb959`
SHA1	`40bf93cd4b96ee06a4be43a2b88e3ed783827a50`
SHA256	`beba007a3474abc3d59bc9048da222bdd9757401f59657683e5f99cf05b6befb`
SHA3	`e772d087ba3a891ad7212888f3d31af82c74aa3426c369fd0f5cc714b8a4f423`

306

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x46b7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87838`
MD5	`83252defde723829247a47fa90dbeb2f`
SHA1	`ef2a85c56fff62ce0974ad91ec73a8b65056c5c8`
SHA256	`096f4b188f92e73e89f4eddd1ea766bb8c512d4069a0e2cbbf1d2f3c28f42f3d`
SHA3	`9d91eed3937881c941cc0213f0cc9d3b5de8047bcd763a7f0dc380ebd42a3653`

307

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.8363`
MD5	`c45b5f59918c872d44b0afa768240541`
SHA1	`b88292b3b7fdca2490b9f177d2ab1d2aec82a8a9`
SHA256	`99a71965bc9240c255e55e737dd9094fe39d1ae0dc76d83e814ab60d4f6d49d8`
SHA3	`ac4508c08405cb955a98cf36c8a9c0150465453a02402d1915363637866c3511`

308

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3600`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.11059`
Detected Filetype	PE Executable
MD5	`8bfcaeb3dcb5ed0320b4edadd12d5a5b`
SHA1	`0b26b5c59d9198fde3728a8d9c2871cc0474629f`
SHA256	`aa6b2eab5e94fb8e0a5e935b422aa68f1d0bf0983e764141b6a7a4f394951395`
SHA3	`4149b8f86db7c7c0e099eb10dc3108c3faf282a4cc518a1a94e324973396790a`

102

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`b7fd9f6a03c882de8e662749c76d188a`
SHA1	`51f0a08a25221e2c04a8a4e36e80ab6e5212bb1a`
SHA256	`3ceb5fd9d184b9d9995aff49266d2db56b2f953f0a42c8ef5af8077fee41d6fe`
SHA3	`ee3cce35b9ffa1169ff48323fe05c867c778704397c06b899d98877e29d2925c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41044`
MD5	`c110781aa6fba5a3bcc07df1d8082c98`
SHA1	`fa711bd889afb2d57359eca32472fc63854afb34`
SHA256	`602a91f3a2142ad6bad53a8b2353ca554e85889f62dd75ddbe83412f22dafa7d`
SHA3	`b76f68e3cab3722a7462d7c2a064cc766de041201de6f6d576cc150f7c877e99`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x281`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05831`
MD5	`6b057cddf98eb53cc7964cb60958b702`
SHA1	`2142046f6131e940c1e9e0c64186eb9edd5a8ce6`
SHA256	`105b1bf965395ae9f508b621a31d04e02043d4e34d3ac4a4c96e230e3a29f2fb`
SHA3	`b319ab20f779dd55165b4ea650ff97b0a66c7993b46793d55f89bd76c2aaf0ca`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.5.1465
ProductVersion	1.0.5.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	momo5502
FileDescription	BOIII
FileVersion (#2)	1.0.5.1465
InternalName	something
LegalCopyright	Copyright (C) 2022 momo5502. All rights reserved.
OriginalFilename	boiii.exe
ProductName	BOIII
ProductVersion (#2)	1.0.5

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-May-31 14:47:24
Version	`0.0`
SizeofData	`83`
AddressOfRawData	`0x1aa9f8`
PointerToRawData	`0x1a91f8`
Referenced File	D:\a\boiii-free\boiii-free\build\bin\x64\Release\boiii.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-May-31 14:47:24
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1aaa4c`
PointerToRawData	`0x1a924c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-May-31 14:47:24
Version	`0.0`
SizeofData	`1164`
AddressOfRawData	`0x1aaa60`
PointerToRawData	`0x1a9260`

TLS Callbacks

StartAddressOfRawData	`0x1701aaf40`
EndAddressOfRawData	`0x1701ab31c`
AddressOfIndex	`0x1701e6664`
AddressOfCallbacks	`0x17014f068`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x000000017010CA00` `0x000000017010CAB8`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1701c0280`

RICH Header

XOR Key	`0x7ba0f070`
Unmarked objects	`0`
ASM objects (30795)	`7`
C++ objects (30795)	`205`
Unmarked objects (#2)	`1`
253 (33218)	`7`
C objects (33218)	`19`
ASM objects (33218)	`21`
C++ objects (33218)	`106`
C objects (30795)	`27`
C objects (CVTCIL) (30795)	`1`
Imports (30795)	`29`
Total imports	`378`
C++ objects (LTCG) (33523)	`554`
Exports (33523)	`1`
Resource objects (33523)	`1`
151	`1`
Linker (33523)	`1`

c510051f24e1a02f054dde0c810a99ae

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

AmdPowerXpressRequestHighPerformance

NvOptimusEnablement

1

2

3

4

5

6

300

301

302

303

304

305

306

307

308

102

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors