Manalyze report for e7c836c479a64351da740d3a578edaec22d14c0b3aa4231539fe4e94ef9d7dec

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Oct-02 05:04:04
Detected languages	English - United States
Comments	This installation was built with Inno Setup.
CompanyName	dixen18
FileDescription	Subnautica Setup
FileVersion
LegalCopyright
ProductName	Subnautica
ProductVersion

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .itext`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`2785034 bytes of data starting at offset 0x45c00.` `The overlay data has an entropy of 7.99992 and is possibly compressed or encrypted.` `Overlay data amounts for 90.6962% of the executable.`
Malicious	VirusTotal score: 3/72 (Scanned on 2025-05-21 16:50:03)	`CAT-QuickHeal: Trojan.cloudsig.9530147` `McAfee: Artemis!4A0DEAA3D832` `Webroot: W32.Malware.gen`

Hashes

MD5	`4a0deaa3d832a07fd9b3357449c48697`
SHA1	`46849276921eabfcdf7396e6c788c836d333ecc2`
SHA256	`e7c836c479a64351da740d3a578edaec22d14c0b3aa4231539fe4e94ef9d7dec`
SHA3	`6e750f9ae964dbfbd588fb5a7dbb9fc004f27e83750fd2cbd547e8f93fcad7bb`
SSDeep	`49152:Rrk8a0USDAHVUIpz1lUfDV6fo6/zXyzrBOHAiYkNzz6EN6TohNw:1k3U8VU6qDVgo67XCrEHADklz6e60hNw`
Imports Hash	`9d8fb47598991ad8c0094898c32a6c3b`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2012-Oct-02 05:04:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x15000`
SizeOfInitializedData	`0x30800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00016478 (Section: .itext)`
BaseOfCode	`0x1000`
BaseOfData	`0x17000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`6.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x50000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`345db2b6911addc85b53f32245f969a0`
SHA1	`0816ead74f84da89b3a6af4ee4e67e409c055459`
SHA256	`51b3d2adbf99a2341e26557e8de8b91e6a0874da2a4f9ff94d47d46a2dc87453`
SHA3	`15b306a304d51bb25bb361a63918eb1ddd66eb6fac5207baa12914dbb8fdcc93`
VirtualSize	`0x143f8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4822`

.itext

MD5	`2e74d968caedeb2d71b9505530d43907`
SHA1	`5fcb2b9b02cf13f4fbf445a1b98ef88f074dbf68`
SHA256	`3b8304273c6c60258c0893d9d2731268486afbf0faacbf65be18aa327ae2428b`
SHA3	`fa13c6a3e4a68b0cb3ca0cd034f920d30dc2c8a35e9e2d088612f122c9dd4562`
VirtualSize	`0xbe8`
VirtualAddress	`0x16000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x14800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.01516`

.data

MD5	`d5b22eff9e08edaa95f493c1a71158c0`
SHA1	`6f2aff1b87c311ecfcd609b3b4588e75af4484d2`
SHA256	`d5723b90d6c0cb4ff31cebb81d0ee0b6da28fe0a923ceb54ad107bad22c84ab6`
SHA3	`bb0853ebda8aabaf2fcd4cb93236a57f56435a19f1b111ec42eacc9fb7e98420`
VirtualSize	`0xd9c`
VirtualAddress	`0x17000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x15400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.66929`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5750`
VirtualAddress	`0x18000`
SizeOfRawData	`0`
PointerToRawData	`0x16200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`b47eaca4c149ee829de76a342b5560d5`
SHA1	`56a0ec8ac42ef35b0ee132508701868d83befc42`
SHA256	`1ea5a02fe0fde79fdd2d25e4a9b685d18118b74dcc53bbba9d54df63a6fd53c0`
SHA3	`a6c4a3115f9b16fd917a83f2157a158c28362886cd7414b31f05d345ab308a17`
VirtualSize	`0xf9e`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x16200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.96778`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0x1f000`
SizeOfRawData	`0`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`3746f5876803f8f30db5bb2deb8772ae`
SHA1	`65e8dad930c8c32d40ca9aff4890630f20d87074`
SHA256	`9c8a4b346c5df43a9f90f5d15227c2dea3e7dfabfbe8402bcba85c3b2e9c84ae`
SHA3	`956c3695e53f796282349fc0b391c557d3f9bef6abb0d58045dacccc70b3a4cf`
VirtualSize	`0x18`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.190489`

.rsrc

MD5	`98a378c5f2f9dc065b55c8dc130c5324`
SHA1	`ea614d4d27bd8fd760f82ccbdfb54be4c73b96bf`
SHA256	`9889b5fafa8f3d78bbf47d3a6a9f3a1072d3714e61ad726dff07829b9a954fb6`
SHA3	`8a7e8d987dfe4bc3dcec2ef28fe149846f9ad40795b8d65635c0b63493d5b0ce`
VirtualSize	`0x2e790`
VirtualAddress	`0x21000`
SizeOfRawData	`0x2e800`
PointerToRawData	`0x17400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.08409`

Imports

oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
advapi32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
user32.dll	`GetKeyboardType` `LoadStringW` `MessageBoxA` `CharNextW`
kernel32.dll	`GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetLocaleInfoW` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle` `CloseHandle`
kernel32.dll (#2)	`GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetLocaleInfoW` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle` `CloseHandle`
user32.dll (#2)	`GetKeyboardType` `LoadStringW` `MessageBoxA` `CharNextW`
kernel32.dll (#3)	`GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetLocaleInfoW` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle` `CloseHandle`
advapi32.dll (#2)	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
comctl32.dll	`InitCommonControls`
kernel32.dll (#4)	`GetACP` `Sleep` `VirtualFree` `VirtualAlloc` `GetSystemInfo` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenW` `lstrcpynW` `LoadLibraryExW` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `GetLocaleInfoW` `GetCommandLineW` `FreeLibrary` `FindFirstFileW` `FindClose` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle` `CloseHandle`
advapi32.dll (#3)	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.06531`
MD5	`c81b0a7a6451e37c087fc5ea7744f943`
SHA1	`102d6ff9b8936337ef96b310022e53cde57fa536`
SHA256	`80f97694810ec32b40f1b94ab1f0997cfe14192df4f2fbc9e2e054146bd11fac`
SHA3	`a1eb6b885474e156df46ef490b83f96f863cdb5aae452e8f105b979427c597c9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50028`
MD5	`5ea21fe8cf083fb35d538cf775d9837f`
SHA1	`fe56f2d4d8819e32a7abf232eb470900265775af`
SHA256	`12a0df3e09e599d40909eae777e71461399a6813595260774f51b0fbe2d71f22`
SHA3	`01d1c56ae8ae188e0ba7e722a5c559b1490313ac0aa0d7fcca808e8b595de7a4`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93433`
MD5	`e913cec5862bfb37e53d91941ff7cf2d`
SHA1	`cabb234d94e8321e694d7aa1defa0cd29c6f567a`
SHA256	`faeb0d7627cece0578eff51bf865151fa9b185826c711db0165d9765e6c87766`
SHA3	`1d87d55427109ff7e7e2d364d7c9cb99499a7a35c4b4d71ee85f26572c1292ba`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.20478`
MD5	`318d50aac4f54111c63458bc930a977b`
SHA1	`90490d00bf7aff9298285655962e5a34dc534623`
SHA256	`a238c96b7f719968ae932e5a4f66ce6451cc870fae6a4d995800a7022e82df37`
SHA3	`85a76054a10dba82adce33234b9ee5dc14a48e52f07fcebd0fe584591b768f9d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.72772`
MD5	`97f2b36d147714eb3eb64a863e559385`
SHA1	`6a8bcb62151542f355b624ccae66b9b1bdb3668b`
SHA256	`3f4e96371d13bc74f8c95268fb81b3546c8609b13a2b87f9c67d378ff77ded3c`
SHA3	`566f3ff28fb5099b16d84fd257b57f540dad93fb603253d1b4f52884b624b08c`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x17d49`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98789`
Detected Filetype	PNG graphic file
MD5	`1e21d2b299e684f9cc99117505893668`
SHA1	`c89483a5c37cbb422c0ea6abbcd9ec11b38a231d`
SHA256	`6164d879e936aac2e84fcc5507ed31013bf6e5eea9286c3d7166cba492ac9d09`
SHA3	`dc0d5ca5147e1da38aaa4ce15d4f0dd588e09c7cb43451a190d2ea04d68d1fef`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.72933`
MD5	`2ccd30379627cd2f81b55a292101e2ed`
SHA1	`a78955b6811de5ffebecd8ccc90bd48e99d20495`
SHA256	`ed9e8ac372a683554a3bdd65c471a24b27f2c6aa35170e781672b6c9e1eb2b1a`
SHA3	`66ac16dfb3d0114c09d209602a9bfc100a64aa85a69e3a3079476bb783f3e544`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76197`
MD5	`741b9cd1ac7da72f26df650add5be5d8`
SHA1	`2e47d6ce51da76f4e4e189921d8c0ec04038ca52`
SHA256	`81dad68b3088f19b7ed34388b6a1336ca410302aa21e74a7f998000b5b2ce73f`
SHA3	`3f17a681b448c2d8c8fb19bcb12d1ea4bc522cf6d1da46a3a424d7b27b22ca27`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82998`
MD5	`8fa0c3047944c0de8e302c48bb0e0836`
SHA1	`5a8f945e7d02ecb7f2799374df4fdbef1b81f2a7`
SHA256	`0f0f362a23ad72b3355da0bf3260b1b5bd4f488d1e77de4399a64b65019de012`
SHA3	`08c7fb4089301217bc315c7783334e0788c5eaa5e0ead8b0ad3d18040bddf516`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93979`
MD5	`44b6dfe9072c82e1c71803b40ca29875`
SHA1	`c41c7bc7af080f23ec40087f50e98d9bfc63c092`
SHA256	`1d44917d076d7ee0eb3e33dcbf79fd4bbc3e590298410d7775d6559fb9701d04`
SHA3	`4404517fee6e31c8b3f9c702702a9b25f1f89f890e2da447fd0f1f1bfcf07448`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.19224`
MD5	`5619b1690697d7ed291dc448e91ea5b6`
SHA1	`4dad8143beb74e5bb7b2f889575020238fdabbab`
SHA256	`913a75b8495154b1f08b2f577934711163371f20be2dffecee57107012f370fb`
SHA3	`88865740e3cb1430d4347e2fb1d300f2c8d50a92edd307245ce26696ffb22513`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.23559`
MD5	`afbfaf2c131d1dbd073a2d444e8bb4fe`
SHA1	`aa6122bd50d6ccedfad7b25f1e3035a2551a8b21`
SHA256	`e8a65a63f9fa501ad3b07c7ce116982c10642265d233870a401a2e91285ce5fb`
SHA3	`e10a0ac749b657cefa41e166d09f4bb0cf5ff1371312fbd2b0d2a141e4809e35`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.25898`
MD5	`85adf34fdded94e805ce9466e8b90961`
SHA1	`49d2738f6c16fc3b181d82fc83693c9d6fba4827`
SHA256	`2fb4c1c865d17fe4509b33b51e0c6efffad988473be68f268e00c1aaa019a2c2`
SHA3	`2d63138bb869201713bb8c2c32043948e8f5b6f55420074e51b5ef6c9087b908`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13038`
MD5	`d2772bcc007d8465cf41352da64ed008`
SHA1	`3cb80c1ec7e649f89f425b6d7fdd11dd5333e052`
SHA256	`57fbdcb9b1d61d1269f5e9bc3e4f325029bd89778123d7703251761eebe26dea`
SHA3	`28c495a2cc8d92c07ea21db55f8e6ea142d60465f042d175b590db37884f5eb4`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36196`
MD5	`1bb1699f3e79a261a1cb71a60a1ace7c`
SHA1	`268f9a2602e1187b881d96db521e82c8d051d656`
SHA256	`a073bc06540956a93a3ef6eaa7d558de6f92de721edd29d6a93551a0fab23c08`
SHA3	`a0d833ced8297a2d82be5b80dd79fa9f61b84033377016f4c588ff2cfc168cf9`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x174`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34841`
MD5	`b6bedb71d6a6fa5215e4afdd1e983bdc`
SHA1	`7541a76c3ab32506ab00c3ab56076bf01532b267`
SHA256	`203e2c213958348f4911dd2e3188ea694f7d1d97f9ea9a82f89f5ee7af8c9607`
SHA3	`3ad5273f1d88b58db23b17b0ecd52f1280b9c279f64aad4404f5487b5d8f264e`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x39c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29351`
MD5	`0b1533b447231c6319c4a10d84508e60`
SHA1	`f5477d91942bfe92a5dc3c46897a66fb663a124f`
SHA256	`6fa3bbc46b4cc3a979f4ebfc293c50453912eb51ef76d2ea3c7d3d86d7223e86`
SHA3	`aed1581927a66228d158a903e015bdfa9a12e44865ff24c991ba8e2c1a9de8c1`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x34c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34579`
MD5	`2596d19a6b88cbba9c9c9cb003affbc6`
SHA1	`37091a716fd1eed000e0c3bb195fbd589a750608`
SHA256	`7f63f3f944a0b62f8f3b35a60141081599f7f175605ced7e1b4dcb80fda58c8a`
SHA3	`0b2581dd0c1b08d882b1f4c4014652d2e7d046d95aa3df236690e9d22572b27c`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x294`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28057`
MD5	`1f9009e4d5b61392e05aa8ac6eceb6aa`
SHA1	`4af6f3144fff0951da37370a3d200e8d74fc4862`
SHA256	`cb21f2b28bfc6b8046348c7a96bf97149dc5f91e1cc1a4f2904a1044a008425a`
SHA3	`c1aebde06ed543947facd67a9541283cbec74e559e267c1b84c168a2bf839812`

CHARTABLE

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x82e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5072`
MD5	`6e9c1c8c0a0ec8d73165779560cd7ba4`
SHA1	`d044c45e2ffd24e1abef00079577df385e325ab4`
SHA256	`677245e2a6b2eb5495b4965b8c26025a4b26e8b8c21a825f658cb390b493b9a0`
SHA3	`3ec7819e8561ecad66b1ef2652d4f3b275030f7cf402f276daa38f28d288e4e7`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33025`
MD5	`b63242cacf6f441ebb5ab74da1376aa8`
SHA1	`cc018125166de149a2f781136d768cde547bf6ae`
SHA256	`c23c1472182122868d06e9efec4ce4ae9a1c2cf2e72aa2b8a5a7b0c6f221f86f`
SHA3	`bc3ee2273ea111b4af0521bb72c8a7869c2210806d3e7464168672f9c9803bcd`

11111

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.50366`
MD5	`e0be942356d65678302ab4d625546d4d`
SHA1	`f5d1caf41a8545996754f5ebf2f2a644417b8bfe`
SHA256	`451a9dbabc1c1e27e36a705c1a9216dcff94278ca3088d84efe55352dc3d5990`
SHA3	`dcf04a6bb78e6aa56169012c13062febb0ef58b9dea54f13f752a846d7dffee0`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13004`
Detected Filetype	Icon file
MD5	`0d5eb31bf846e8aba70bab311e57ff72`
SHA1	`3df7367d4284e0c6d05041b3815ec5af26e2fd69`
SHA256	`7e1e41961a061d886ba5667986378fd4934ae1c6aca4171849c7772722af57e1`
SHA3	`8b781f07709e52026c4a803d71a11a92c9bc9d0ac8aed735319c281c95fc9608`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56301`
MD5	`6e66439ece788bdbe9c95bdda7f374be`
SHA1	`8fd37e78c582df55f11115923655eb8eb1b3ec76`
SHA256	`2cf02eff9d7147eef1e7a5d2257639f901e15481e093af9244286b27d2fe7866`
SHA3	`f3153575406a5bc7cccc93b1a162e2064b0e68acbc136889ff1ea6cc57a797cd`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x560`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06505`
MD5	`a55a7d7c9ff1dedb9adde63011baa3dd`
SHA1	`292e1726ad2fb93963565934fd3778a46f91ecf9`
SHA256	`2cf04736815666b1c1b91422e56e0a431c9e03075b7f543325fd16b88cff1b9e`
SHA3	`9e3955461fcb3b2d303ad2a473b4f1c4012a882a3e303ba6e7b0170fbb09819e`

String Table contents

Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Invalid file name - %s
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Monitor support function not initialized
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation
Invalid variant operation (%s%.8x)
%s
Could not convert variant of type (%s) into type (%s)
Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
Object lock not owned
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s

Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
Error creating variant or safe array
Variant or safe array index out of bounds
Out of memory
I/O error %d
File not found
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	This installation was built with Inno Setup.
CompanyName	dixen18
FileDescription	Subnautica Setup
FileVersion (#2)
LegalCopyright
ProductName	Subnautica
ProductVersion (#2)

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x41f000`
EndAddressOfRawData	`0x41f008`
AddressOfIndex	`0x4177b4`
AddressOfCallbacks	`0x420010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .tls has a size of 0!

Leave a comment

No comments yet.