Manalyze report for ccaf2af1e72e4467f4665116fab807e1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Oct-01 12:35:23
Detected languages	Danish - Denmark English - United Kingdom English - United States French - France German - Germany Italian - Italy Process Default Language Spanish - Spain (Traditional sort)
Debug artifacts	d:\Projects\LEGOSagaPC\saga\PC_Release\LEGOStarWarsSaga.pdb
CompanyName	Traveller's Tales (UK) Ltd
FileDescription	LEGO® Star Wars™ Saga Main Executable
FileVersion	`1.0.0.0`
InternalName	LEGO® Star Wars™ Saga
LegalCopyright	Copyright (C) 2007
OriginalFilename	LEGOStarWarsSaga.exe
ProductName	LEGO® Star Wars™ Saga
ProductVersion	`1.0.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8` `Microsoft Visual C++ 8.0` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Accesses the WMI: root\cimv2` Contains domain names: -averageLightDir.xyz -vin.tangent.xyz -vin.tangent2.xyz 2004-aia.verisign.com 2004-crl.verisign.com CSC3-2004-aia.verisign.com CSC3-2004-crl.verisign.com aia.verisign.com averageLightDir.xyz bitangent.xyz blendOffsets0.xyz crl.verisign.com eyePositionH.xyz http://CSC3-2004-aia.verisign.com http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0 http://CSC3-2004-crl.verisign.com http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D http://crl.verisign.com http://crl.verisign.com/ThawteTimestampingCA.crl0 http://crl.verisign.com/pca3.crl0 http://crl.verisign.com/tss-ca.crl0 http://ocsp.verisign.com0 http://ocsp.verisign.com0? http://www.lucasarts.com http://www.lucasarts.com/ http://www.ttgames.com https://www.verisign.com https://www.verisign.com/rpa https://www.verisign.com/rpa0 https://www.verisign.com/rpa01 lightDir0.xyz lightDir1.xyz lightDir2.xyz lightDirSet.xyz lightPosition0.xyz lightPosition1.xyz lightPosition2.xyz lucasarts.com modelPosition.xyz motionVector.xyz nativeNormal.xyz normal.xyz objectNormal.xyz position.xyz position2.xyz skinPosition.xyz specularDirection.xyz surfaceNormal.xyz surfaceNormal2.xyz tangent.xyz tangent2.xyz ttgames.com vLightDirSet.xyz vNormal.xyz vOffset.xyz vTangent.xyz vTangent2.xyz verisign.com vin.bitangent.xyz vin.blendOffsets0.xyz vin.lightDirSet.xyz vin.normal.xyz vin.position.xyz vin.tangent.xyz vin.tangent2.xyz vtfNormal.xyz www.lucasarts.com www.ttgames.com www.verisign.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE is possibly packed.	`Unusual section name found: .extra`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: ShellExecuteA` `Enumerates local disk drives: GetLogicalDriveStringsA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`ccaf2af1e72e4467f4665116fab807e1`
SHA1	`5ea9cfc13b3c9c598cf2fbeb12be4f1d0eb9a513`
SHA256	`defb916caf5f034ecfb0498af44fcc392345df56d37f63ab38ad77e4d62cb0df`
SHA3	`5c3b70e2300907706cf3981b753a115a6ba6970f6b068173575339089353890a`
SSDeep	`98304:a1xK9AEOUJ9azYjvFWsF4JpBTjcP5etg0AtNu2vHSr:ME9AEONAQsCJple5V0AS`
Imports Hash	`51538e402bd9b828c82d39c5e8a232e6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2009-Oct-01 12:35:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x350000`
SizeOfInitializedData	`0x18f000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002E74A2 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x351000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2638000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7fb955da43fab1f15fabe8cf957e4146`
SHA1	`35664a023596a57b590710dbc5562ad4dd38fb3d`
SHA256	`a06ffdb4925833da53b3188c1e0934838b92ee35b770eed3c56b7f45ecf9eae2`
SHA3	`f3ab20c70f4bfa787477da8a4da55cf1595d2703eb6e7b62187d1ec53c226bcc`
VirtualSize	`0x350000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x350000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.68895`

.rdata

MD5	`bc6cf6bd63a0d518472a3f5490098096`
SHA1	`7ece6a5990961225f243f3c4926fdd3c5dacc024`
SHA256	`0f1f0a1d3bbe83dddbb48899dbb7863d08e6e2a02e9855cbbc89a6a27af67b1d`
SHA3	`e1d3be3188ce8d562d6ef6c7824174cb6ba91852317eb51cb29cb33829feda99`
VirtualSize	`0x9e000`
VirtualAddress	`0x351000`
SizeOfRawData	`0x9e000`
PointerToRawData	`0x351000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0559`

.data

MD5	`36a8901370c7a2acc83b85586a30da93`
SHA1	`503accf06476914860ee6a7576d4e2a1d9c0cffd`
SHA256	`80351cb2966b72496f05be7b2bc7b4141cef2204e2d1c85d06fc030d343f385e`
SHA3	`3bdf560253718611ef6caa033a1acd875668f490e626d333b647f07461fe02e9`
VirtualSize	`0x21bc000`
VirtualAddress	`0x3ef000`
SizeOfRawData	`0x66000`
PointerToRawData	`0x3ef000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.55989`

.rsrc

MD5	`1decbb49458e370e2dccef989273a257`
SHA1	`133fc08fe017fb707b835c43a1a37b596f28415e`
SHA256	`c3cf18ca5ecfba0a484055fefac1e3afef58741d35d12a2352d081f02a8cf333`
SHA3	`e628991c0b6635e19ef007490a7ad67ae1518bb5c6813c6d9f77450b251611d4`
VirtualSize	`0x8b000`
VirtualAddress	`0x25ab000`
SizeOfRawData	`0x8b000`
PointerToRawData	`0x455000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.84413`

.extra

MD5	`8c9000fba8c7f2415af3bcfef8c70a0f`
SHA1	`6d5f29d38542f2761dafa99d0b50b24e5c0482cf`
SHA256	`113cedbd33d47fdefb32dc64f24d1ef5323e344cb7be4d19ce84dc9022dd7f3b`
SHA3	`b72dfe796fb2bfec759cb24b34470e16cb7ef4726a77cf22ab5d9d3548715376`
VirtualSize	`0x2000`
VirtualAddress	`0x2636000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x4e0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`5.64482`

Imports

USER32.dll	`GetSystemMetrics` `DispatchMessageA` `TranslateMessage` `PeekMessageA` `SetCursorPos` `DestroyWindow` `DefWindowProcA` `PostQuitMessage` `ShowWindow` `GetWindowLongA` `CreateWindowExA` `RegisterClassExA` `LoadCursorA` `LoadIconA` `MoveWindow` `MessageBoxW` `GetForegroundWindow` `UpdateWindow` `MessageBoxA` `LoadKeyboardLayoutA` `SystemParametersInfoA` `MapVirtualKeyExA` `SetCursor` `AdjustWindowRect` `SendMessageA`
d3dx9_35.dll	`D3DXCreateEffect` `D3DXCreateCubeTextureFromFileInMemory` `D3DXCreateTextureFromFileInMemoryEx` `D3DXCreateEffectFromFileA` `D3DXCreateFontA` `D3DXCreateRenderToSurface` `D3DXCreateTextureFromFileInMemory` `D3DXSaveSurfaceToFileInMemory` `D3DXCreateEffectCompiler` `D3DXCreateBuffer` `D3DXCompileShader` `D3DXMatrixMultiply` `D3DXMatrixLookAtLH` `D3DXMatrixOrthoLH`
d3d9.dll	`Direct3DCreate9` `D3DPERF_EndEvent` `D3DPERF_BeginEvent`
WINMM.dll	`timeKillEvent` `timeSetEvent` `timeGetTime`
DSOUND.dll	`#11`
DINPUT8.dll	`DirectInput8Create`
binkw32.dll	`_BinkSetSoundTrack@8` `_BinkOpen@8` `_BinkNextFrame@4` `_BinkSetVolume@12` `_BinkOpenDirectSound@4` `_BinkSetSoundSystem@8` `_BinkDoFrame@4` `_BinkCopyToBufferRect@44` `_BinkGetRealtime@12` `_BinkWait@4` `_BinkGoto@12` `_BinkClose@4`
XINPUT1_3.dll	`#4` `#2` `#3`
KERNEL32.dll	`EnumSystemLocalesA` `IsValidLocale` `SetEndOfFile` `GetTimeZoneInformation` `CompareStringA` `GetUserDefaultLCID` `GetStringTypeW` `GetStringTypeA` `WriteConsoleW` `GetConsoleOutputCP` `WriteConsoleA` `GetLocaleInfoW` `CompareStringW` `SetEnvironmentVariableA` `OutputDebugStringW` `IsDebuggerPresent` `GetLocaleInfoA` `LoadLibraryA` `InterlockedExchange` `FreeLibrary` `SetStdHandle` `LCMapStringW` `LCMapStringA` `IsValidCodePage` `GetOEMCP` `GetACP` `GetCPInfo` `FlushFileBuffers` `GetConsoleMode` `GetConsoleCP` `SetFilePointer` `VirtualAlloc` `FatalAppExitA` `Sleep` `SetEvent` `LeaveCriticalSection` `EnterCriticalSection` `WaitForSingleObject` `ResumeThread` `SetThreadPriority` `CreateThread` `CreateEventA` `InitializeCriticalSection` `ResetEvent` `GetCurrentThreadId` `CreateFileA` `CloseHandle` `ReadFile` `WriteFile` `SetFilePointerEx` `MoveFileA` `DeleteFileA` `FindFirstFileA` `FindClose` `FindNextFileA` `FileTimeToSystemTime` `CreateDirectoryA` `GetFileAttributesExA` `QueryPerformanceCounter` `QueryPerformanceFrequency` `SetProcessAffinityMask` `GetProcessAffinityMask` `GetCurrentProcess` `MultiByteToWideChar` `GetTimeFormatA` `GetDateFormatA` `GetTickCount` `DebugBreak` `GetLogicalDriveStringsA` `DeleteCriticalSection` `WaitForMultipleObjects` `GetFileSize` `GetUserGeoID` `GetUserDefaultLangID` `GetModuleFileNameA` `GetModuleHandleA` `VerifyVersionInfoA` `VerSetConditionMask` `GetFileAttributesA` `ExpandEnvironmentStringsA` `SetThreadExecutionState` `SetThreadAffinityMask` `GetCurrentThread` `OutputDebugStringA` `GetCommandLineA` `HeapFree` `GetVersionExA` `HeapAlloc` `GetProcessHeap` `GetStartupInfoA` `GetLastError` `HeapReAlloc` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetSystemTimeAsFileTime` `RaiseException` `RtlUnwind` `GetProcAddress` `ExitProcess` `SetConsoleCtrlHandler` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `InterlockedIncrement` `SetLastError` `InterlockedDecrement` `HeapSize` `GetStdHandle` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `HeapDestroy` `HeapCreate` `VirtualFree` `GetCurrentProcessId`
GDI32.dll	`DeleteObject`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegQueryValueExA`
SHELL32.dll	`SHGetFolderPathA` `ShellExecuteA` `SHCreateDirectoryExA`
ole32.dll	`CoInitializeEx` `CoInitialize` `CoCreateInstance` `CoUninitialize` `CoSetProxyBlanket`
OLEAUT32.dll	`SysAllocString` `SysFreeString`

Delayed Imports

__GDF_THUMBNAIL

Type	`DATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x12256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99155`
Detected Filetype	PNG graphic file
MD5	`cf4d13dd47529c11005e271d3770789e`
SHA1	`ce9d2e2439e04bd1e3215558c5a6d581c1257fb9`
SHA256	`17b429ae2f95f7eaca82f6965c7064e9a95a0734831ae056de1adeb3d63ea810`
SHA3	`eb88b12f889512b8ce114e9e1df19eca158a6c1147be9b67b916e83670c90592`

__GDF_THUMBNAIL (#2)

Type	`DATA`
Language	Danish - Denmark
Codepage	Latin 1 / Western European
Size	`0x12256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99155`
Detected Filetype	PNG graphic file
MD5	`cf4d13dd47529c11005e271d3770789e`
SHA1	`ce9d2e2439e04bd1e3215558c5a6d581c1257fb9`
SHA256	`17b429ae2f95f7eaca82f6965c7064e9a95a0734831ae056de1adeb3d63ea810`
SHA3	`eb88b12f889512b8ce114e9e1df19eca158a6c1147be9b67b916e83670c90592`

__GDF_THUMBNAIL (#3)

Type	`DATA`
Language	German - Germany
Codepage	Latin 1 / Western European
Size	`0x12256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99155`
Detected Filetype	PNG graphic file
MD5	`cf4d13dd47529c11005e271d3770789e`
SHA1	`ce9d2e2439e04bd1e3215558c5a6d581c1257fb9`
SHA256	`17b429ae2f95f7eaca82f6965c7064e9a95a0734831ae056de1adeb3d63ea810`
SHA3	`eb88b12f889512b8ce114e9e1df19eca158a6c1147be9b67b916e83670c90592`

__GDF_THUMBNAIL (#4)

Type	`DATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99155`
Detected Filetype	PNG graphic file
MD5	`cf4d13dd47529c11005e271d3770789e`
SHA1	`ce9d2e2439e04bd1e3215558c5a6d581c1257fb9`
SHA256	`17b429ae2f95f7eaca82f6965c7064e9a95a0734831ae056de1adeb3d63ea810`
SHA3	`eb88b12f889512b8ce114e9e1df19eca158a6c1147be9b67b916e83670c90592`

__GDF_THUMBNAIL (#5)

Type	`DATA`
Language	Spanish - Spain (Traditional sort)
Codepage	Latin 1 / Western European
Size	`0x12256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99155`
Detected Filetype	PNG graphic file
MD5	`cf4d13dd47529c11005e271d3770789e`
SHA1	`ce9d2e2439e04bd1e3215558c5a6d581c1257fb9`
SHA256	`17b429ae2f95f7eaca82f6965c7064e9a95a0734831ae056de1adeb3d63ea810`
SHA3	`eb88b12f889512b8ce114e9e1df19eca158a6c1147be9b67b916e83670c90592`

__GDF_THUMBNAIL (#6)

Type	`DATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x12256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99155`
Detected Filetype	PNG graphic file
MD5	`cf4d13dd47529c11005e271d3770789e`
SHA1	`ce9d2e2439e04bd1e3215558c5a6d581c1257fb9`
SHA256	`17b429ae2f95f7eaca82f6965c7064e9a95a0734831ae056de1adeb3d63ea810`
SHA3	`eb88b12f889512b8ce114e9e1df19eca158a6c1147be9b67b916e83670c90592`

__GDF_THUMBNAIL (#7)

Type	`DATA`
Language	Italian - Italy
Codepage	Latin 1 / Western European
Size	`0x12256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99155`
Detected Filetype	PNG graphic file
MD5	`cf4d13dd47529c11005e271d3770789e`
SHA1	`ce9d2e2439e04bd1e3215558c5a6d581c1257fb9`
SHA256	`17b429ae2f95f7eaca82f6965c7064e9a95a0734831ae056de1adeb3d63ea810`
SHA3	`eb88b12f889512b8ce114e9e1df19eca158a6c1147be9b67b916e83670c90592`

__GDF_XML

Type	`DATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xd4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74423`
MD5	`24fd7016ab498b11ab4527d4269eef61`
SHA1	`b86a641cb11354b66a5bf79024cf19886cfe606c`
SHA256	`3efc78fc03d6586a2fa5f39498a82ac6d6a1e220246f1f90e2266cb86cee18b5`
SHA3	`00f87fc711b02d6a025c1d4e2fc070d932407a84224ca0b295e94b4abbaa892b`

__GDF_XML (#2)

Type	`DATA`
Language	Danish - Denmark
Codepage	Latin 1 / Western European
Size	`0xd34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74502`
MD5	`162e5497e09bd8f1d106a9d6997e0e96`
SHA1	`0ebdd7bfe5c351a83b785d13036d0cc1fdbcfd4f`
SHA256	`a799a7cba8782cb0cb62b52e9556914fad68ff90c27de1d95f34c24bced6d1b6`
SHA3	`1c892232dc48f65405ebc5f0adf65dee5868e3bfa9b99fd7e7398b6f4bd2b80b`

__GDF_XML (#3)

Type	`DATA`
Language	German - Germany
Codepage	Latin 1 / Western European
Size	`0xd50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74337`
MD5	`2b6c07a07320f67630788d1a25c72c57`
SHA1	`c1f796435745ca3d16d9cbbfb4a4d67f2778b5ef`
SHA256	`bff15f7fbefe54f8212510832470bd714c7f15e6453bf06b038d3f0749c446cc`
SHA3	`913fa1bbe053e802a857d9f633362ccf17272b543b4230cbe320a02833bc353a`

__GDF_XML (#4)

Type	`DATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74423`
MD5	`24fd7016ab498b11ab4527d4269eef61`
SHA1	`b86a641cb11354b66a5bf79024cf19886cfe606c`
SHA256	`3efc78fc03d6586a2fa5f39498a82ac6d6a1e220246f1f90e2266cb86cee18b5`
SHA3	`00f87fc711b02d6a025c1d4e2fc070d932407a84224ca0b295e94b4abbaa892b`

__GDF_XML (#5)

Type	`DATA`
Language	Spanish - Spain (Traditional sort)
Codepage	Latin 1 / Western European
Size	`0xd4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74423`
MD5	`24fd7016ab498b11ab4527d4269eef61`
SHA1	`b86a641cb11354b66a5bf79024cf19886cfe606c`
SHA256	`3efc78fc03d6586a2fa5f39498a82ac6d6a1e220246f1f90e2266cb86cee18b5`
SHA3	`00f87fc711b02d6a025c1d4e2fc070d932407a84224ca0b295e94b4abbaa892b`

__GDF_XML (#6)

Type	`DATA`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0xd48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74756`
MD5	`691d874f3304c9239d4fbc7f33a04cf3`
SHA1	`f48708dba7795e3aac16ed018d9d5115924420a6`
SHA256	`2022a5095edf5ca1cf5cc8bade2eba141ad8384b2b4cfe304d820ea7deac817e`
SHA3	`7c378c94a88373dd3db57db217852df44c018455807a33a24739c2aed62b575b`

__GDF_XML (#7)

Type	`DATA`
Language	Italian - Italy
Codepage	Latin 1 / Western European
Size	`0xd48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74371`
MD5	`322e3f2b2f143a05983e5b08a83d8db3`
SHA1	`9c9c89f900d3f7288f0e39064bf62ee999d66727`
SHA256	`5581d204d8ea751b2d270b5a6ab10134cb24fa02537ac0788ac32e1c788e3e13`
SHA3	`fa1802b6db2df14026650e9325f247ebac9222f3a01b389fe735adb85b021bba`

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91414`
MD5	`e70ae79146a8762f90041c37c415e91f`
SHA1	`b9d25c6a08109fb2d344336d9250a5ce917882f7`
SHA256	`d35ca2897becede1d68ef0c8d26d6656837c6285146ac52b9c9f87a4ba16eba8`
SHA3	`700d1c48c0aecaa82207b0964816e9acb0bbee0128bc4247001e3a32e68da339`

1 (#2)

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91414`
MD5	`e70ae79146a8762f90041c37c415e91f`
SHA1	`b9d25c6a08109fb2d344336d9250a5ce917882f7`
SHA256	`d35ca2897becede1d68ef0c8d26d6656837c6285146ac52b9c9f87a4ba16eba8`
SHA3	`700d1c48c0aecaa82207b0964816e9acb0bbee0128bc4247001e3a32e68da339`

2

Type	`RT_ICON`
Language	Italian - Italy
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91414`
MD5	`e70ae79146a8762f90041c37c415e91f`
SHA1	`b9d25c6a08109fb2d344336d9250a5ce917882f7`
SHA256	`d35ca2897becede1d68ef0c8d26d6656837c6285146ac52b9c9f87a4ba16eba8`
SHA3	`700d1c48c0aecaa82207b0964816e9acb0bbee0128bc4247001e3a32e68da339`

3

Type	`RT_ICON`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91414`
MD5	`e70ae79146a8762f90041c37c415e91f`
SHA1	`b9d25c6a08109fb2d344336d9250a5ce917882f7`
SHA256	`d35ca2897becede1d68ef0c8d26d6656837c6285146ac52b9c9f87a4ba16eba8`
SHA3	`700d1c48c0aecaa82207b0964816e9acb0bbee0128bc4247001e3a32e68da339`

4

Type	`RT_ICON`
Language	German - Germany
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91414`
MD5	`e70ae79146a8762f90041c37c415e91f`
SHA1	`b9d25c6a08109fb2d344336d9250a5ce917882f7`
SHA256	`d35ca2897becede1d68ef0c8d26d6656837c6285146ac52b9c9f87a4ba16eba8`
SHA3	`700d1c48c0aecaa82207b0964816e9acb0bbee0128bc4247001e3a32e68da339`

5

Type	`RT_ICON`
Language	Spanish - Spain (Traditional sort)
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91414`
MD5	`e70ae79146a8762f90041c37c415e91f`
SHA1	`b9d25c6a08109fb2d344336d9250a5ce917882f7`
SHA256	`d35ca2897becede1d68ef0c8d26d6656837c6285146ac52b9c9f87a4ba16eba8`
SHA3	`700d1c48c0aecaa82207b0964816e9acb0bbee0128bc4247001e3a32e68da339`

6

Type	`RT_ICON`
Language	Danish - Denmark
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91414`
MD5	`e70ae79146a8762f90041c37c415e91f`
SHA1	`b9d25c6a08109fb2d344336d9250a5ce917882f7`
SHA256	`d35ca2897becede1d68ef0c8d26d6656837c6285146ac52b9c9f87a4ba16eba8`
SHA3	`700d1c48c0aecaa82207b0964816e9acb0bbee0128bc4247001e3a32e68da339`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91414`
MD5	`e70ae79146a8762f90041c37c415e91f`
SHA1	`b9d25c6a08109fb2d344336d9250a5ce917882f7`
SHA256	`d35ca2897becede1d68ef0c8d26d6656837c6285146ac52b9c9f87a4ba16eba8`
SHA3	`700d1c48c0aecaa82207b0964816e9acb0bbee0128bc4247001e3a32e68da339`

101

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`8a5f81dafbcc213a88b7f1ef9d444a6f`
SHA1	`5ea2feedca3947b9b945571bc00f21beaa37563e`
SHA256	`7f4257be796d03c38dc485642f7387c757b33a59cfb6cbed41fe06b89d3a8453`
SHA3	`8ed46ba36471e3a7c3ec051d8da92895267cb77393496b8acbe277c35bdd9f12`

101 (#2)

Type	`RT_GROUP_ICON`
Language	Danish - Denmark
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`b213612bdf7120a4bc0dc20153491589`
SHA1	`5f6056971c37083332e9588e0e3986fa6f9bf6c3`
SHA256	`540c6666617ecf1ba6f752c323624f3e2eed695bd18fdbcc4bba7e6bc28e27e4`
SHA3	`b26d012d5b1ff9b70b0652f283add630476e055ee5e6293b3e109b719f886ef9`

101 (#3)

Type	`RT_GROUP_ICON`
Language	German - Germany
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.22322`
Detected Filetype	Icon file
MD5	`b3c6d9844414466c33b0040bff3070a9`
SHA1	`8f4f44019062f9cd514517432c216e72cf7afc5a`
SHA256	`ac7b8f11c39e69478728312d82595ca1b73b523d118bb8712ec501a7dea58119`
SHA3	`017274cab9e8203132ec518bb99e842976ec48433e77f2cd52b4f57355f6f2ed`

101 (#4)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`efd5e89138c61591ebfe23bec661bf8f`
SHA1	`2cf544f79f7901d306a093d441894f1b813b964d`
SHA256	`73e17480638416ca5817363c0be8992c244214a1d66e698bf8bc6f4ca22571ed`
SHA3	`129361ab9f5f3c69a1a9c8c44e0e7f165379f1f28f48290e23c45f37d3e7763c`

101 (#5)

Type	`RT_GROUP_ICON`
Language	Spanish - Spain (Traditional sort)
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`961fe11de416054aab1e07f5834f0bfd`
SHA1	`622ccb0a79378a365598ed6618c4036cdd82e11d`
SHA256	`37c71182d7edab08b4ac44faf16d8744c79e62961d808852fdea36fe2d796bfd`
SHA3	`3b778842e8ebc24c2de816f4dd447c91837f17cd74ed2936af66d47f9779144f`

101 (#6)

Type	`RT_GROUP_ICON`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`8aacd689340a27fff790b669ba86be58`
SHA1	`9f9efe6eceb08bfdb6d2bcee0a83e7c59e0a084d`
SHA256	`4dd3c871ea690a3af67965571c0256f33049098eb3ddfcb4615cb5fe246529dc`
SHA3	`123ddcc26fbe80d0f54cb4cf33b18a6acbb1e79296058a9a9195f603cb709f4d`

101 (#7)

Type	`RT_GROUP_ICON`
Language	Italian - Italy
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`de806326fe10f1cb9e1f702bb05201c6`
SHA1	`f956922c6f741de2ebc6b00385cbf47c6137faf7`
SHA256	`9ec732785ac04c9368d0cb9e4453202a349cbf37008d3d7cc1599ba5c6aed69d`
SHA3	`0fd4be0dd5fe339329e5596daa14f945e2348a556c47c837618706f707b23d22`

101 (#8)

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`8a5f81dafbcc213a88b7f1ef9d444a6f`
SHA1	`5ea2feedca3947b9b945571bc00f21beaa37563e`
SHA256	`7f4257be796d03c38dc485642f7387c757b33a59cfb6cbed41fe06b89d3a8453`
SHA3	`8ed46ba36471e3a7c3ec051d8da92895267cb77393496b8acbe277c35bdd9f12`

1 (#3)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45111`
MD5	`a29509af6fc0b8af9508ca3d849b0300`
SHA1	`93145e95e9bef9b654b15cc73375e1fabfd14578`
SHA256	`108c02c2d98ccbd4f718eac9b009a50e66326e9b36f92515383b5f36472411c9`
SHA3	`e7fae7be1b8055a9e5cbeef524895d9c7b05b0e656358c9674524b3e0abaea75`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x218`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00905`
MD5	`1f65491ae8499fcbbf4aa98d3427251a`
SHA1	`c0c260b9975fc6a1d8868d599e3dd62aa868b96a`
SHA256	`e6fcfdd4dbfc685eea0feb7400bd351dc6a75f8fb55152caa77b21bdc7855e70`
SHA3	`6380f2d96f4a2d7856c8c079b1a58479aaca709fea2fbdbd5776456b6bf027c1`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United Kingdom
CompanyName	Traveller's Tales (UK) Ltd
FileDescription	LEGO® Star Wars™ Saga Main Executable
FileVersion (#2)	1.0.0.0
InternalName	LEGO® Star Wars™ Saga
LegalCopyright	Copyright (C) 2007
OriginalFilename	LEGOStarWarsSaga.exe
ProductName	LEGO® Star Wars™ Saga
ProductVersion (#2)	1.0.0.0

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2009-Oct-01 12:35:23
Version	`0.0`
SizeofData	`84`
AddressOfRawData	`0x3ea470`
PointerToRawData	`0x3ea470`
Referenced File	d:\Projects\LEGOSagaPC\saga\PC_Release\LEGOStarWarsSaga.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x829570`
SEHandlerTable	`0x7ec9f0`
SEHandlerCount	`17`

RICH Header

ccaf2af1e72e4467f4665116fab807e1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.extra

Imports

Delayed Imports

__GDF_THUMBNAIL

__GDF_THUMBNAIL (#2)

__GDF_THUMBNAIL (#3)

__GDF_THUMBNAIL (#4)

__GDF_THUMBNAIL (#5)

__GDF_THUMBNAIL (#6)

__GDF_THUMBNAIL (#7)

__GDF_XML

__GDF_XML (#2)

__GDF_XML (#3)

__GDF_XML (#4)

__GDF_XML (#5)

__GDF_XML (#6)

__GDF_XML (#7)

1

1 (#2)

2

3

4

5

6

7

101

101 (#2)

101 (#3)

101 (#4)

101 (#5)

101 (#6)

101 (#7)

101 (#8)

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors