cd506a19aa589b06d634ea7d913d28cddcb428a72c59ca34b711b760d07f0e70

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-Apr-22 21:01:52
Detected languages English - United States
TLS Callbacks 4 callback(s) detected.
CompanyName Rascal
FileDescription Rascal Anti-Cheat for Metin2
FileVersion 2.4.0.7
OriginalFilename rascal.dll
ProductName Rascal Anti-Cheat
ProductVersion 2.4.0.7
LegalCopyright Copyright (C) 2025 Rascal Anti-Cheat by tokuc.

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found:
Unusual section name found:
Unusual section name found:
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • NtQueryInformationProcess
  • NtQuerySystemInformation
 Can access the registry:
  • RegOpenKeyW
  • RegGetValueW
  • RegOpenKeyExW
  • RegEnumKeyExW
  • RegCloseKey
  • RegQueryValueExA
  • RegOpenKeyExA
 Possibly launches other programs:
  • CreateProcessW
  • CreateProcessA
 Uses Windows's Native API:
  • NtOpenProcessToken
  • NtAdjustPrivilegesToken
  • NtProtectVirtualMemory
  • NtQueryInformationProcess
  • NtDuplicateObject
  • NtOpenProcess
  • NtQuerySystemInformation
  • ntohs
 Uses Microsoft's cryptographic API:
  • CryptReleaseContext
  • CryptGetHashParam
  • CryptDestroyHash
  • CryptHashData
  • CryptCreateHash
  • CryptAcquireContextA
  • CryptDecodeObjectEx
  • CryptStringToBinaryA
  • CryptMsgGetParam
  • CryptQueryObject
  • CryptMsgClose
 Can create temporary files:
  • GetTempPathW
  • CreateFileA
  • CreateFileW
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Leverages the raw socket API to access the Internet:
  • inet_ntop
  • inet_addr
  • ntohs
  • getsockopt
  • send
  • WSACloseEvent
  • WSACreateEvent
  • WSAEnumNetworkEvents
  • WSAWaitForMultipleEvents
  • WSAGetLastError
  • gethostname
  • WSAEventSelect
  • ioctlsocket
  • WSAStartup
  • WSACleanup
  • accept
  • bind
  • closesocket
  • connect
  • getpeername
  • getsockname
  • sendto
  • htons
  • recv
  • WSAResetEvent
  • recvfrom
  • htonl
  • listen
  • freeaddrinfo
  • getaddrinfo
  • select
  • __WSAFDIsSet
  • WSAIoctl
  • WSASetLastError
  • socket
  • setsockopt
 Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
 Interacts with services:
  • QueryServiceStatusEx
  • OpenServiceW
  • ControlService
  • OpenSCManagerA
 Enumerates local disk drives:
  • GetLogicalDriveStringsA
  • GetDriveTypeW
  • GetVolumeInformationW
 Manipulates other processes:
  • Process32FirstW
  • Process32NextW
  • Process32Next
  • OpenProcess
  • Process32First
  • NtOpenProcess
 Changes object ACLs:
  • SetKernelObjectSecurity
  • SetSecurityInfo
 Interacts with the certificate store:
  • CertOpenStore
  • CertAddCertificateContextToStore
Info The PE is digitally signed. Signer: Rascal-AntiCheat
Issuer: Rascal-AntiCheat
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b2fc67963d5f47a54a2882367a3b7d60
SHA1 15618a754774480d7d239f7d6c85b9162f2e3036
SHA256 cd506a19aa589b06d634ea7d913d28cddcb428a72c59ca34b711b760d07f0e70
SHA3 982a90c308960d34d633671e4736292a9c301c32af1c271612395f6752db60b8
SSDeep 393216:TdCgA49waAt+Lw19Lsur8Pr06v3fFzkSVkuZTGbA:J9rAWMoW8Prj3dgqku4bA
Imports Hash c549a60f2ebfd414ffebbb79e7276967

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2026-Apr-22 21:01:52
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x193a00
SizeOfInitializedData 0xb5000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x01DA3FDA (Section: )
BaseOfCode 0x10000
BaseOfData 0x1b0000
ImageBase 0x10000000
SectionAlignment 0x10000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x24c0000
SizeOfHeaders 0x400
Checksum 0x150ca2b
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x19393a
VirtualAddress 0x10000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x4af84
VirtualAddress 0x1b0000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x56fe4
VirtualAddress 0x200000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Section_4

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xd141b5
VirtualAddress 0x260000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Section_5

MD5 38f54f2a3dd9fd2e9af4acd999dff494
SHA1 7f7712e1562bf8c1be4b34a4f783ec07d1cf0add
SHA256 9ddf256a7dd090007b3bd4b4b330672390e68689a8c7f139ae82f5358caaef9d
SHA3 8e90038035bd257ab28d8ffe2f2c45679f2144bb7a29834425a477faa2c932f9
VirtualSize 0x6dc
VirtualAddress 0xf80000
SizeOfRawData 0x800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.30796

Section_6

MD5 9f7548aab35a1824020581fdc1c4a9f8
SHA1 e3f1279898f30f52e0e25702d6d091805cf19445
SHA256 3be7ae9858276ccdde333629cc4b28988e00cc02671133fabc950120e125349d
SHA3 d0e2d9f33258ea97b7e36187802989b31be0f02d0477b49756b0f7a0d4699ea7
VirtualSize 0x1505690
VirtualAddress 0xf90000
SizeOfRawData 0x1505800
PointerToRawData 0xc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.93286

.rsrc

MD5 b01c81fadc43a4a3f961f4d2ff1f4864
SHA1 195169c05f4f62e4b40944d45291fabffbccc25f
SHA256 f15c00b9a0c1266875feda08c03d30afcd4197d0319709455cdc2d47c8e199bf
SHA3 009f26e2f8cae94f5bb98111318aa4a80837b44a02ad6058b02970472e3e13ef
VirtualSize 0x4f9
VirtualAddress 0x24a0000
SizeOfRawData 0x600
PointerToRawData 0x1506400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.69064

.reloc

MD5 9781a9fdd8fad350db4066600ab3dfe3
SHA1 d0fe19ca798bc2c46aa6e0f9c4468d0ce7e6d826
SHA256 bb0871a68bb3e1c7e5aba3c55e758c6d78a591b91f1d5acb7ecab9ae02fc749e
SHA3 d8343ca16c02af51779bdd4faf7408364d0830b7e07b1e01fa62bc481e99ec11
VirtualSize 0x80c
VirtualAddress 0x24b0000
SizeOfRawData 0xa00
PointerToRawData 0x1506a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.9281

Imports

KERNEL32.dll VirtualAlloc
OpenEventA
FindFirstFileA
FindFirstFileExW
GetFullPathNameW
FindNextFileA
SetThreadPriority
ResumeThread
OpenMutexA
QueryFullProcessImageNameA
CreateFileMappingA
GetThreadId
OpenFileMappingA
SetProcessWorkingSetSize
MapViewOfFile
SetThreadContext
K32EnumProcesses
LocalFree
GetSystemFirmwareTable
K32GetDeviceDriverBaseNameA
EnumSystemFirmwareTables
TerminateThread
GetFileSizeEx
GetModuleHandleExW
K32GetProcessImageFileNameA
QueryDosDeviceA
GetFileAttributesW
SuspendThread
GetExitCodeThread
GetFinalPathNameByHandleA
K32GetModuleFileNameExA
GetFileAttributesA
DeleteFileW
GetLogicalDriveStringsA
WTSGetActiveConsoleSessionId
CreateEventA
CreateProcessW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetEndOfFile
SetStdHandle
GetCurrentDirectoryW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlushFileBuffers
SetFilePointerEx
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetThreadContext
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
AddVectoredExceptionHandler
CreateThread
Process32FirstW
LoadLibraryA
GetCurrentThread
DisableThreadLibraryCalls
SetEvent
Process32NextW
GetModuleHandleExA
QueueUserWorkItem
DuplicateHandle
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
GetUserDefaultLocaleName
EnterCriticalSection
GetModuleFileNameA
GetModuleFileNameW
FindNextFileW
CreateDirectoryW
QueryFullProcessImageNameW
OpenThread
IsWow64Process
CreateProcessA
GetThreadTimes
Process32Next
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
Thread32First
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
SleepConditionVariableCS
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
MoveFileExA
InitializeConditionVariable
SleepEx
SetLastError
VirtualFree
FlushInstructionCache
HeapCreate
RaiseException
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
Thread32Next
K32GetModuleFileNameExW
GetCurrentProcess
HeapFree
Process32First
VirtualQuery
WideCharToMultiByte
VirtualProtect
LCMapStringEx
GetLocaleInfoEx
EncodePointer
GetNativeSystemInfo
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
GetTickCount64
GetCurrentThreadId
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
FormatMessageA
MultiByteToWideChar
lstrlenW
GetModuleHandleW
GetProcAddress
CreateFileA
Sleep
DeviceIoControl
GetVolumeInformationW
GetCurrentProcessId
GetProcessId
CloseHandle
CreateFileW
FindClose
FindFirstFileW
K32GetDeviceDriverFileNameW
K32EnumDeviceDrivers
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
GetModuleHandleA
InitializeCriticalSectionEx
SetConsoleCtrlHandler
USER32.dll RegisterClassA
GetMonitorInfoA
ValidateRect
GetWindowLongA
DefWindowProcA
CreateWindowExA
SetWindowLongA
SetTimer
MonitorFromPoint
LoadCursorA
DestroyWindow
CreateWindowExW
PeekMessageA
TranslateMessage
EnumWindows
UnhookWindowsHookEx
GetWindowTextA
SetWindowsHookExA
PostThreadMessageA
MsgWaitForMultipleObjects
GetClassNameA
CallNextHookEx
EnumChildWindows
IsWindowVisible
DispatchMessageA
GetMessageA
GetWindowThreadProcessId
LoadIconA
SystemParametersInfoA
GetClientRect
KillTimer
GetCursorPos
ShowWindow
SendMessageA
IsWindow
ADVAPI32.dll GetTokenInformation
SetKernelObjectSecurity
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyW
RegGetValueW
RegOpenKeyExW
RegEnumKeyExW
CryptReleaseContext
QueryServiceStatusEx
CryptGetHashParam
OpenServiceW
CryptDestroyHash
CryptHashData
CryptCreateHash
ControlService
OpenSCManagerA
CloseServiceHandle
CryptAcquireContextA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
GetUserNameA
RegOpenKeyExA
AdjustTokenPrivileges
SHELL32.dll SHFileOperationW
ole32.dll CreateStreamOnHGlobal
dbghelp.dll StackWalk64
SymInitialize
SymFunctionTableAccess64
SymGetModuleBase64
bcrypt.dll BCryptGenRandom
ntdll.dll RtlAdjustPrivilege
NtOpenProcessToken
NtAdjustPrivilegesToken
NtProtectVirtualMemory
RtlCreateUserThread
NtQueryInformationProcess
NtDuplicateObject
NtOpenProcess
NtQuerySystemInformation
WTSAPI32.dll WTSSendMessageA
VERSION.dll GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueA
WINTRUST.dll WinVerifyTrust
IPHLPAPI.DLL GetExtendedTcpTable
GetTcpTable2
SendARP
GetAdaptersAddresses
GetAdaptersInfo
if_nametoindex
WS2_32.dll inet_ntop
inet_addr
ntohs
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAGetLastError
gethostname
WSAEventSelect
ioctlsocket
WSAStartup
WSACleanup
accept
bind
closesocket
connect
getpeername
getsockname
sendto
htons
recv
WSAResetEvent
recvfrom
htonl
listen
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
WSAIoctl
WSASetLastError
socket
setsockopt
SETUPAPI.dll SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiOpenDevRegKey
MPR.dll WNetEnumResourceA
WNetOpenEnumA
d3d9.dll Direct3DCreate9
dxgi.dll CreateDXGIFactory
discord_game_sdk.dll DiscordCreate
CRYPT32.dll CertCreateCertificateChainEngine
CertFindExtension
CertFreeCTLContext
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCRLContext
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertGetNameStringA
CertOpenStore
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CryptMsgClose
CertFreeCertificateChain
gdiplus.dll GdipDisposeImage
GdipGetImageWidth
GdipDeleteFont
GdipDeleteGraphics
GdipCloneBrush
GdipFree
GdipGetGenericFontFamilySansSerif
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateSolidFill
GdipCreateFont
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageHeight
GdipDeleteFontFamily
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDrawString
Secur32.dll InitSecurityInterfaceA

Delayed Imports

FunctionProtect

Ordinal 1
Address 0x7a100

GetClientCount

Ordinal 2
Address 0x7cd90

GetDiscordName

Ordinal 3
Address 0x7ce80

GetRascalThreadID

Ordinal 4
Address 0x7a240

InitializeRascal

Ordinal 5
Address 0x7f200

RascalCallback

Ordinal 6
Address 0x7a3f0

RascalProtectRTypes

Ordinal 7
Address 0x7a490

WLog

Ordinal 8
Address 0x7a340

getunknown

Ordinal 9
Address 0x7a370

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2dc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.40293
MD5 871d3d2e404657480a41c25c0177e4b1
SHA1 ee17b8bfb5070454d1fd3a870ce5a46a5099383d
SHA256 bda6c634dea424255438db97bf51fe4c06419f56f940d86475b6adb3a949fc37
SHA3 5c8fd5e37dc94a48471b1655c17215db3b27f07802acf1e70dd662616848fd83

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.4.0.7
ProductVersion 2.4.0.7
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Rascal
FileDescription Rascal Anti-Cheat for Metin2
FileVersion (#2) 2.4.0.7
OriginalFilename rascal.dll
ProductName Rascal Anti-Cheat
ProductVersion (#2) 2.4.0.7
LegalCopyright Copyright (C) 2025 Rascal Anti-Cheat by tokuc.
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x10f8061c
EndAddressOfRawData 0x10f806c4
AddressOfIndex 0x10252eb4
AddressOfCallbacks 0x11040f38
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x11E4C1F9
0x10079920
0x1015F516
0x1015F59A

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x10200640
SEHandlerTable 0x12494e50
SEHandlerCount 525

RICH Header

Errors

[*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section has a size of 0!
Leave a comment

No comments yet.