Manalyze report for 04398916398ea46584bccd94a5edc0c4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Apr-30 00:22:32
Detected languages	Chinese - PRC English - United States
CompanyName	3DMGAME
FileDescription	Romancing SaGa 2 Revenge of the Seven v1.0-v20250416 Plus 20 Trainer
FileVersion	`1.0.0.0`
InternalName	Romancing SaGa 2 Revenge of the Seven v1.0-v20250416 Plus 20 Trainer
LegalCopyright	FLiNG Copyright (C) 2025
OriginalFilename	Romancing SaGa 2 Revenge of the Seven v1.0-v20250416 Plus 20 Trainer.exe
ProductName	Romancing SaGa 2 Revenge of the Seven v1.0-v20250416 Plus 20 Trainer
ProductVersion	`1.0.0.1`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: virus` `Contains domain names: FLiNGTrainer.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Can create temporary files: GetTempPathW CreateFileW` `Changes object ACLs: SetNamedSecurityInfoW`
Malicious	The PE is possibly a dropper.	`Resource 117 is possibly compressed or encrypted.` `Resource 250 detected as a PE Executable.` `Resource 101 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 22/72 (Scanned on 2025-12-24 09:56:24)	`APEX: Malicious` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.1760860594edc0c4` `CTX: exe.hacktool.generic` `ClamAV: Win.Dropper.GameHack-9917263-0` `CrowdStrike: win/grayware_confidence_90% (W)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GameHack.BT potentially unsafe application` `Elastic: malicious (high confidence)` `Fortinet: Riskware/GameHack` `GData: Win64.Application.Agent.T1D7XI` `Ikarus: PUA.HackTool` `K7GW: Trojan ( baba064c1 )` `Lionic: Trojan.Win32.GameHack.4!c` `Malwarebytes: GameHack.Riskware.Agent.DDS` `MaxSecure: Trojan.Malware.325188728.susgen` `McAfeeD: ti!B81D405C9EB8` `Paloalto: generic.ml` `Rising: Malware.Undefined!8.C (TFE:5:WdurPrxgR4T)` `Sangfor: Trojan.Win64.Gamehack.Vmh0` `Skyhigh: BehavesLike.Win64.Generic.th` `TrellixENS: Artemis!04398916398E`

Hashes

MD5	`04398916398ea46584bccd94a5edc0c4`
SHA1	`292655eff3626169de7f8f80c192bec0b094e6ce`
SHA256	`b81d405c9eb8181de2fb350b7e53311241e5bd56e256ae80d457b4497664f864`
SHA3	`569fbd740cfaff2c1e7790663c7d1769bd2311c7dd5f6a0e22646051fbece879`
SSDeep	`24576:QKEQ7XPtBlV4UgXkhsqIMQgR9DKWsEfN2yXrZcxPnf4JEEQs:QKEQ7ftBlV4PXkKqIW97fN2yXN+ngKR`
Imports Hash	`ce1eb6d19f14dba18eff3448e7f040a6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Apr-30 00:22:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa8c00`
SizeOfInitializedData	`0xd5600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000007C938 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x182000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a0fc80b1a2c38e27fb092f3d5bd04b53`
SHA1	`d6114eea5b0240d3650a5657e4b42a801dcc3690`
SHA256	`ffd0ccf4d604e1bc20a17d458166578cbac7d11b5f283374a806f7c847e453b2`
SHA3	`bb85e16d0bd0f37d2dbd7cb458803670de33a548bcd30dd33016b01eaef5c6ec`
VirtualSize	`0xa8bc4`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa8c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47109`

.rdata

MD5	`a47277e91b37bbb3489019f955552e16`
SHA1	`7f69c40c93f15409335045ad33f95e1597d8b44a`
SHA256	`f9790c332bc2047f9213879b90ee8ce5fe55cbbcb6738f41669ce007323f81a8`
SHA3	`f796dad5402a383fb7a686995e4441db2788203403266ddc6ecc1aec5ce69bdf`
VirtualSize	`0x3a2a6`
VirtualAddress	`0xaa000`
SizeOfRawData	`0x3a400`
PointerToRawData	`0xa9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.50465`

.data

MD5	`20f071eae52a5fa8b9ae6b8ad5f60fad`
SHA1	`f3a16b871ce41c7cd3a5c4500aab942c405100f3`
SHA256	`8a6e07daa4aaf8f6277df7fd28ca1c8e34b6232112a24d6934a9f006107e3c88`
SHA3	`7ce3c30781b3a42830493643bf19f1e418107417c4cadccf1d8af0d4220e50ed`
VirtualSize	`0x5484`
VirtualAddress	`0xe5000`
SizeOfRawData	`0x2600`
PointerToRawData	`0xe3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.32949`

.pdata

MD5	`8d493292a877619d9b320c7354c0cc2f`
SHA1	`d66314e1e90749ea2b37cb2e9080f2881b69a0b4`
SHA256	`c35f98e84ff9003d40f9474a37e5a8f2b49293dd33c70a676947b0fc554684ff`
SHA3	`d9c29e1315701f136641efcf8608b42603129a4f9072927a5acb060a1c9ec2af`
VirtualSize	`0x5f40`
VirtualAddress	`0xeb000`
SizeOfRawData	`0x6000`
PointerToRawData	`0xe5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.91097`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0xf1000`
SizeOfRawData	`0x200`
PointerToRawData	`0xeba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`9e0f72b5150d66eeabae6d4cb72cf611`
SHA1	`7c91f1b610875f6944d61e946ed8784756c27e4c`
SHA256	`c71b2f2c99d2c284d2b19f4d31b6ce1b144d79a38d78bf9176295f3ca2aeadff`
SHA3	`43f26b8bbcf7ed341fdd76bbf2ad95b719ec89605148cf521604ab9cca6d0c2b`
VirtualSize	`0x8ebd0`
VirtualAddress	`0xf2000`
SizeOfRawData	`0x8ec00`
PointerToRawData	`0xebc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.6195`

.reloc

MD5	`72f10385843f1a3bcd34e7a0bba25b54`
SHA1	`234e53ddf2563cce8c713be12a5a528cf919578a`
SHA256	`b2afabde5d62d8872d9a251d5c00b391eded177d0e8befc6cf13429474170703`
SHA3	`7cecef4b494380e85b9f22b2c74aa6472a0b95e9050f52a0678c86da7cf1a5ba`
VirtualSize	`0xd7c`
VirtualAddress	`0x181000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x17a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.38078`

Imports

KERNEL32.dll	`UnmapViewOfFile` `CreateFileMappingW` `MapViewOfFile` `Sleep` `GetCurrentProcessId` `LoadLibraryW` `GetProcAddress` `GetModuleHandleA` `LoadLibraryA` `InitializeCriticalSectionEx` `DeleteCriticalSection` `GetModuleHandleW` `DecodePointer` `GetModuleFileNameW` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `GetProcessHeap` `GetTickCount` `GetTempPathW` `WaitNamedPipeW` `ReadFile` `GetPrivateProfileStringW` `WritePrivateProfileStringW` `FindResourceW` `LoadResource` `SizeofResource` `LockResource` `LoadLibraryExW` `GetFileAttributesW` `FreeLibrary` `MultiByteToWideChar` `GetProcessTimes` `GetSystemTimeAsFileTime` `IsWow64Process` `SetLastError` `ResumeThread` `WaitForSingleObject` `GetFileSizeEx` `LocalFree` `CreateDirectoryW` `SetEndOfFile` `WriteConsoleW` `SetStdHandle` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `WriteFile` `CreateFileW` `GetLastError` `GetCurrentProcess` `CloseHandle` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `VirtualProtect` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `ReadConsoleW` `FormatMessageA` `GetLocaleInfoEx` `WideCharToMultiByte` `GetStringTypeW` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `GetCurrentThreadId` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `AreFileApisANSI` `GetFileInformationByHandleEx` `WaitForSingleObjectEx` `GetExitCodeThread` `EnterCriticalSection` `LeaveCriticalSection` `EncodePointer` `CompareStringEx` `GetCPInfo` `LCMapStringEx` `QueryPerformanceCounter` `WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `OutputDebugStringW` `RaiseException` `RtlUnwindEx` `RtlPcToFileHeader` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetStdHandle` `GetFileType` `SetFilePointerEx` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `RtlUnwind`
USER32.dll	`MessageBoxA` `SetProcessDPIAware` `MessageBoxW`
ADVAPI32.dll	`SetEntriesInAclW` `ConvertStringSidToSidW` `GetNamedSecurityInfoW` `SetNamedSecurityInfoW`
SHELL32.dll	`SHGetFolderPathW`
ole32.dll	`CoInitializeEx` `CoUninitialize`
OLEAUT32.dll	`SysFreeString` `SysAllocString` `VariantInit` `SafeArrayUnaccessData` `SafeArrayAccessData` `SafeArrayCreate`
mscoree.dll	`CorBindToRuntime` `CLRCreateInstance`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
WINMM.dll	`PlaySoundW`

Delayed Imports

117

Type	`COVER`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1e5c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99468`
MD5	`c82c39d286beec17050a3517cdfbdbd3`
SHA1	`b9e6ede2463bf985a9a8700dfd7b5dbdb2a34499`
SHA256	`c1ff226064db793e108ce9cd8fa79fe89f5bb4fae9c154b351d75e94e9fb26d3`
SHA3	`cdfa9ad06150996ca973f35123eed17b7432ff824a005d438e04ecfe7e898759`

246

Type	`REMOTE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a54f0041a9e15b050f25c463f1db7449`
SHA1	`d9be6524a5f5047db5866813acf3277892a7a30a`
SHA256	`ad95131bc0b799c0b1af477fb14fcf26a6a9f76079e48bf090acb7e8367bfd0e`
SHA3	`904200c7d454fe3e8e1dfaa21b4e667f250cabd8f5730bd361feacf77fab1686`

250

Type	`REMOTE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22e00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.04239`
Detected Filetype	PE Executable
MD5	`5ccc3e65b4fd118552ed2213bbf607cb`
SHA1	`7174575c2d96efcd0ed0f515a60521009b4cb078`
SHA256	`be24440e4bd3c07729e931533b9b097df945f57b876c28c0d8e0bbb743645324`
SHA3	`1cf44b784f41f54892b82299ade09851fec86fe3ea71d277f5b404e68793de9d`

101

Type	`UI`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2fc00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86448`
MD5	`56dda379b4cc922e4eb78caab493c7b4`
SHA1	`f35063ee42f9b0679670d1f9ffb633505011af9f`
SHA256	`dfb23f90f5fca8d2a77d52eef27fc070ec5209587599a32ea3e23c9eefedd373`
SHA3	`4bea5d261c486fdca3be0f722f4e0bb107e0fef5d0dd6c374b68202a534da4ce`

103

Type	`WAVE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2a02`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75428`
Detected Filetype	WAV Resource Interchange File Format
Detected Filetype (#2)	Windows animated cursor
MD5	`66ef17cf7672a90b1e3e788965266560`
SHA1	`d14ec49c74a164cf823dd660bd626ac7b581bb57`
SHA256	`99886fcb79df75f95c19c3a9504bf8bdea593d3447c8c1b4eaf4f044e1138a05`
SHA3	`868c104cd77862f976e3d918120ab980049e2759eaa2f2564687deb0300d6ad3`

104

Type	`WAVE`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2ccc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.031`
Detected Filetype	WAV Resource Interchange File Format
Detected Filetype (#2)	Windows animated cursor
MD5	`358876c4000c1f391207c56c11ae9ed4`
SHA1	`1b7ce8967ba7f53d5e2a3d2a0c585753666272c4`
SHA256	`7a6a21f87454c38fb8a7ffd227680a74d9e0d7667fb08807200503e4f4866de9`
SHA3	`1fd6863bea4078d422e07dae0c31ae74b9ddc82e4006a1e301bc855ebabc5bcf`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24932`
MD5	`6570c8f740d19175845cf7d36d23fb80`
SHA1	`ab7f36e990b6f42f99d737a8fade7e1edc278630`
SHA256	`d28fa0b9f1644cc0ebc8c541af166efdf68285572069841e331e810080fea429`
SHA3	`f5ab3032e04fd697fa5483547ab6f54e81220010b4065cac95bda2ad4cb80ff5`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.09318`
MD5	`e3a2d0b4f870159131d2b50c037615a0`
SHA1	`807f229178f68edf3a4cee57ef5d97141a2aa2c4`
SHA256	`af474603853c0345d0524286ceec2a783c5d6822085dee93a75b16e9c1246e14`
SHA3	`5d3c7aba88a070b9385da8d32e2816f8b94cbc67cc8fbac5d484db04eb75c2ba`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85839`
MD5	`362f508df3407155dd843bd8d24eb47a`
SHA1	`bb07d8b9ca6b1dd9bc23eca9d36d5793f565e2fe`
SHA256	`b5588260c13dad8676c532f32aeaf239a43a8b7cde370393612bfc3533738620`
SHA3	`a8bfedca207ec3b2b7afd83fe515ede7e270f2a008bd71e0479a15e78767bc9b`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x13f9b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94792`
Detected Filetype	PNG graphic file
MD5	`44a61ab7d712b6647788fb32f9925cd9`
SHA1	`e3211cb1ea0203f3a152ed6634f9188cc693fd3f`
SHA256	`f94a661f9f4fcb3dd67c4dfe20c7afcf9b7180556e738447954b4207ede407ca`
SHA3	`e9b5cbde142965d2cb3d89a22e71aa6ea6cb0c9da73b3cd8a67cce9a9b6801b1`

108

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48426`
Detected Filetype	Icon file
MD5	`f9519f8e22b934bc1e30363b4f7aeb17`
SHA1	`683dc07a8a0265381784bc431030623e19468b8f`
SHA256	`a0976f10340ad5f1821c8dd33f5a4daf430a7fdb189574d365a9a24e4b114587`
SHA3	`57583755d298a33daf34c957492c205ac58a5e0e2303e73d6238b99c277807a2`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41121`
MD5	`6bb50ff1cad88317b5543d6588445172`
SHA1	`fb8bed2fcfd87285289439366d019d4150e58801`
SHA256	`636b793cca604124e78e472344bd8bafcfbd36f96c61b9bd8b6f6dcf84d1bb0c`
SHA3	`f0ad22fc0fb9e1699222814ce2b5cbd26a7c75a18308f02e34815fea87eace30`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05755`
MD5	`93d5224d5a82a661e8067030cadda827`
SHA1	`80ae07b1d4ae5129d749dee8815fc3608dd307f6`
SHA256	`8ccd16f837dc37da3052b31c1b21490a6b16409797d50b1298e9980999a6fc42`
SHA3	`358623f5ee1d9680dfdec18d01c1365b5ad31f48af6346283ca93d2e3cded683`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	3DMGAME
FileDescription	Romancing SaGa 2 Revenge of the Seven v1.0-v20250416 Plus 20 Trainer
FileVersion (#2)	1.0.0.0
InternalName	Romancing SaGa 2 Revenge of the Seven v1.0-v20250416 Plus 20 Trainer
LegalCopyright	FLiNG Copyright (C) 2025
OriginalFilename	Romancing SaGa 2 Revenge of the Seven v1.0-v20250416 Plus 20 Trainer.exe
ProductName	Romancing SaGa 2 Revenge of the Seven v1.0-v20250416 Plus 20 Trainer
ProductVersion (#2)	1.0.0.1

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Apr-30 00:22:32
Version	`0.0`
SizeofData	`1052`
AddressOfRawData	`0xd860c`
PointerToRawData	`0xd760c`

TLS Callbacks

StartAddressOfRawData	`0x1400d8a70`
EndAddressOfRawData	`0x1400d8a78`
AddressOfIndex	`0x1400e820c`
AddressOfCallbacks	`0x1400aa7a8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400e5100`

RICH Header

XOR Key	`0x80cbe270`
Unmarked objects	`0`
C++ objects (33140)	`181`
C objects (33140)	`18`
ASM objects (33140)	`6`
ASM objects (34321)	`10`
C objects (34321)	`16`
C++ objects (34321)	`98`
Imports (VS2008 build 21022)	`2`
Imports (33140)	`17`
Total imports	`199`
C++ objects (33523)	`30`
C++ objects (LTCG) (34809)	`18`
Resource objects (34809)	`1`
151	`1`
Linker (34809)	`1`

04398916398ea46584bccd94a5edc0c4

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.fptable

.rsrc

.reloc

Imports

Delayed Imports

117

246

250

101

103

104

1

2

3

4

108

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors