45c2eb9c86de361e1d7801698878a89a

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Oct-12 23:41:16
Detected languages English - United States
Comments
CompanyName Christian Sdunek (Systemcluster)
FileDescription The Witcher 3 Mod Manager
FileVersion 0.9.1
InternalName TheWitcher3ModManager.exe
LegalCopyright
LegalTrademarks
OriginalFilename TheWitcher3ModManager.exe
ProductName The Witcher 3 Mod Manager
ProductVersion 0.9.1

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Safe VirusTotal score: 0/71 (Scanned on 2024-03-27 15:26:34) All the AVs think this file is safe.

Hashes

MD5 45c2eb9c86de361e1d7801698878a89a
SHA1 e0f607690ec365278b2554b0204cfb4b824894d3
SHA256 3a1e5d68976a3607d337f9baba8bdd8999956fb7f2bab118cd71be304e09fb80
SHA3 3ab794272b17eb40d0d31e66241ec09a75cb7e7d6065a05f39f06d791fc31ba0
SSDeep 384:Q1H45V5eE/VmtkKAHN8EN3cvHO5F0X8mEarVZF1m5Ydu20RBAZQO:H5De6mWpmvO48mEaBZaqd90RBAa
Imports Hash 35c0e0d942b9e24559dfabc97aba9f9e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2022-Oct-12 23:41:16
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x1800
SizeOfInitializedData 0x6c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001C58 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xd000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 beaa15f058e9a9dd50ed7b2ed07d0c67
SHA1 b9decae28e42929c0a1bd3891d1e60ebb52f9033
SHA256 4f9d77d7ad01ce8bf47578edc0f80c627f3910d80f35af90933aba01fb6d32db
SHA3 e53d4e4355dbd0cf2977973977fe45636d457e822254d7d1640a91825f9491ca
VirtualSize 0x16ec
VirtualAddress 0x1000
SizeOfRawData 0x1800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.82948

.rdata

MD5 1c0a0ae2e951418b0ff11d717c066e3f
SHA1 7ef317e6c91631fc52bcfd6b122dfcc9ece7aa08
SHA256 a50dca0aa1d973f3f31dd686c1844ccf650b2393bff4ff37ecacd72398199e53
SHA3 df61b179acf75a13f172de5ec1ae47948509f37b9a6e92510613eb492f790642
VirtualSize 0x18aa
VirtualAddress 0x3000
SizeOfRawData 0x1a00
PointerToRawData 0x1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.387

.data

MD5 1c3b8ea3c34144e7a14bd945b131a256
SHA1 9c6184ad1e5a05dd0d71ac0061ba4c9171668682
SHA256 0b1ce44239213efc024791c78cbc9b904bca20c693718d0ae0b07aa143ffbdee
SHA3 2647c605c3cdb46f147dff56d6779cf56cad337864dd0b1f06d4add46eb27517
VirtualSize 0xc60
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x3600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.444405

.pdata

MD5 0b1856cdc7b89d86c834e8ccb7483f02
SHA1 dd8af62dfd119703de662a9b25a2a0874fe4c37d
SHA256 13b2f7a52fdb6bfa293307afd083ca982a73540f62dac1e65df7516561f08bb3
SHA3 5260154f07cb0205acb9eb848e46cfd46fb585d5b4f43da36bb1d2d684540f13
VirtualSize 0x21c
VirtualAddress 0x6000
SizeOfRawData 0x400
PointerToRawData 0x3800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.35088

.rsrc

MD5 28ac9653b45f7665227eeba452791f50
SHA1 9a2e1e0be5cb2e068e9aa801f658902a41ecc3ef
SHA256 45ac38f2f685a079f5311f098289ed3fce8207befd55a98c241b5fcca4f56381
SHA3 746f04ac1f4feb9a94a9b7af458905c5d984ff426e2122f4284048088ac3f9dd
VirtualSize 0x4858
VirtualAddress 0x7000
SizeOfRawData 0x4a00
PointerToRawData 0x3c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.27474

.reloc

MD5 ce4e3337148164d3fb0757417d9d4fb0
SHA1 c234c85d8741ccdc4307433a2289948867ff5e9c
SHA256 741b3121614b9151e713c82252c3e49637e478d04c78817d27a24fc90eb6cac4
SHA3 0e3d08dd1bc42aa5fd2e4c0b4da6457080bacdd4eb52ddef6c3a1cf2dea4f042
VirtualSize 0x30
VirtualAddress 0xc000
SizeOfRawData 0x200
PointerToRawData 0x8600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.712784

Imports

USER32.dll MessageBoxW
MessageBoxA
python310.dll PyObject_CallObject
PyObject_Str
PyMem_RawFree
Py_Exit
Py_SetPath
PyImport_ImportModule
PyErr_NormalizeException
PySys_GetObject
Py_NoSiteFlag
PyMem_Free
PyMem_RawMalloc
PyUnicode_FromString
PyTuple_New
PyExc_SystemExit
Py_Finalize
PySys_SetArgvEx
Py_SetProgramName
PyUnicode_Join
_Py_Dealloc
Py_Initialize
PyErr_ExceptionMatches
PyErr_Fetch
PyLong_AsLong
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
PyErr_Clear
_Py_NoneStruct
PyUnicode_Format
PyObject_GetAttrString
PyUnicode_AsWideCharString
KERNEL32.dll GetSystemTimeAsFileTime
SetDllDirectoryW
RtlCaptureContext
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
RtlLookupFunctionEntry
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetModuleFileNameW
VCRUNTIME140.dll __current_exception_context
__current_exception
__C_specific_handler
wcsrchr
memcpy
memset
api-ms-win-crt-runtime-l1-1-0.dll _register_onexit_function
_initialize_onexit_table
terminate
_register_thread_local_exe_atexit_callback
_cexit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_crt_atexit
_set_app_type
_seh_filter_exe
__p___argc
__p___wargv
_c_exit
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_set_fmode
__stdio_common_vswprintf
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.12082
MD5 08becadf07d218028992a3a8db9c5021
SHA1 aa1c122ba3a73c6016100cd71df87a66023da78e
SHA256 085fb7d1d7ee6bd5ec8474d025d6231e74d5e34eb0d0e71cb83c661467bf9fbb
SHA3 5e614f3266adad160dcc5a73c1549523afe0bc8ee08e484421f4f71f63c68bd7

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 3e1d980f0dc747eec9d946c155cb1498
SHA1 15414ced0202f709d400c957d441a8856dde8479
SHA256 027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd
SHA3 11e83c27ff3b8cca2c537273338202138c94fb4b10a6b2daf0f7d23d177cc049

1 (#3)

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x36c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35554
MD5 9ff34a3792a56930a24d98e354e47616
SHA1 32dd43fd2f73dcec2784500b267b93568c9cbcbd
SHA256 b34d5c1bfcc1eb8d5342678acbdc47b7130bf668c26a7be5090ff5aecd773005
SHA3 2fa655fc082754c3263cd006790903a5f3eff3458cbbfd7d9739f4e3b8cd0f51

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.9.1.0
ProductVersion 0.9.1.0
FileFlags VS_FF_DEBUG
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments
CompanyName Christian Sdunek (Systemcluster)
FileDescription The Witcher 3 Mod Manager
FileVersion (#2) 0.9.1
InternalName TheWitcher3ModManager.exe
LegalCopyright
LegalTrademarks
OriginalFilename TheWitcher3ModManager.exe
ProductName The Witcher 3 Mod Manager
ProductVersion (#2) 0.9.1
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-Oct-12 23:41:16
Version 0.0
SizeofData 644
AddressOfRawData 0x39dc
PointerToRawData 0x25dc

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140005008

RICH Header

XOR Key 0xc890364
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (VS2022 Update 3 (17.3.0) compiler 31616) 2
C++ objects (VS2022 Update 3 (17.3.0) compiler 31616) 18
C objects (VS2022 Update 3 (17.3.0) compiler 31616) 10
ASM objects (VS2022 Update 3 (17.3.0) compiler 31616) 3
Imports (VS2022 Update 3 (17.3.0-3) compiler 31629) 2
Imports (30795) 5
Total imports 86
C objects (LTCG) (VS2022 Update 3 (17.3.4-6) compiler 31630) 1
Resource objects (VS2022 Update 3 (17.3.4-6) compiler 31630) 1
Linker (VS2022 Update 3 (17.3.4-6) compiler 31630) 1

Errors

<-- -->