Manalyze report for 3259cac6f9ad1f17d0691fc8d8c5fe55b96dd4d9cec6e0160eb4360d36bec97d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Dec-13 08:38:47
Detected languages	English - United Kingdom English - United States
Debug artifacts	D:\a\GameMaker\GameMaker\GameMaker\Runner\VC_Runner\x64\Release-Zeus\Runner.pdb
CompanyName	YoYo Games Ltd
FileDescription	Can you survive Five Nights at Frickbear's 3?
FileVersion	`1.0.0.0`
LegalCopyright
PrivateBuild	01.00.00.00
ProductName	Created with GameMaker Studio 2
ProductVersion	`1.0.0.0`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Info	Interesting strings found in the binary:	`Contains domain names: https://yoyogames.zendesk.com https://yoyogames.zendesk.com/hc/en-us/articles/360002243797 memtest86.com sourceware.org www.memtest86.com yoyogames.zendesk.com zendesk.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: minATL` `Unusual section name found: .mydata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowA` `Can access the registry: RegOpenKeyExW RegCloseKey RegQueryValueExW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptGenRandom CryptReleaseContext CryptAcquireContextA` `Can create temporary files: GetTempPathW CreateFileW GetTempPathA` `Uses functions commonly found in keyloggers: GetAsyncKeyState CallNextHookEx` `Has Internet access capabilities: InternetWriteFile InternetCloseHandle InternetCrackUrlA InternetCanonicalizeUrlA InternetOpenA InternetConnectA InternetReadFile InternetGetConnectedState` `Leverages the raw socket API to access the Internet: WSAStartup WSAAddressToStringA inet_pton socket connect gethostname recvfrom recv getsockopt freeaddrinfo sendto ioctlsocket setsockopt WSAGetLastError getpeername inet_ntop getnameinfo __WSAFDIsSet select ntohl ntohs htonl htons getaddrinfo listen closesocket bind accept WSACleanup getsockname send` `Enumerates local disk drives: GetDriveTypeW` `Can take screenshots: GetDC FindWindowA` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`191200 bytes of data starting at offset 0xbc1f20.`
Safe	VirusTotal score: 0/71 (Scanned on 2026-03-28 07:27:28)	`All the AVs think this file is safe.`

Hashes

MD5	`42dcfd26d2588f87fddbd548969f4c80`
SHA1	`20e3ddd6df37fd8cc8fe051a40665fc97f4fec17`
SHA256	`3259cac6f9ad1f17d0691fc8d8c5fe55b96dd4d9cec6e0160eb4360d36bec97d`
SHA3	`bf8e3f7fa44f559bee457883e2d44745d6f5b2e63bc2e1499a5b1a51b5627f21`
SSDeep	`196608:GqmiBBeUgOrUzo4Q1s8kaPCdOjHyA3kfz2Sa4ggTkJ3gSyYxkNUyWqM5z486EHip:GqxTOMGRAql`
Imports Hash	`bebd143050ccf80dc3870f2e269ae454`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2023-Dec-13 08:38:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8d3c00`
SizeOfInitializedData	`0x31ca00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000082D540 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xe5a000`
SizeOfHeaders	`0x400`
Checksum	`0xbc2417`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bf21084efaa7e39b8f8227951ec08d7b`
SHA1	`f6abfb94d2936b175b2713753d8eb5b7f2a7cb1b`
SHA256	`d5924946490c74cbfb56461b6c892c27495c1387527224568c3e0d120dcaba13`
SHA3	`e76526b337b7a9306d8e66a23804a237100c38c0757489de8dd9acff0968aa36`
VirtualSize	`0x8d3a88`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8d3c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53691`

.rdata

MD5	`02d02c0f61418c859cf50518c1f5be39`
SHA1	`ddd71c4d8ae14f60a9008b8329d02e3d2e472cf2`
SHA256	`eb48079280b13a457579e2bd40e1b14ea7318d23ad0390658d6075b8f25cca58`
SHA3	`c73716e7284850c97440aea7ca3e6f7222ff0179265460bedbb1e03b74a66db0`
VirtualSize	`0x20d384`
VirtualAddress	`0x8d5000`
SizeOfRawData	`0x20d400`
PointerToRawData	`0x8d4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.98363`

.data

MD5	`00fdd763fd6a2fb253021beb439e2df8`
SHA1	`2d8aa357f6c53cf7c87df47023dd2a207c27adbe`
SHA256	`fa236e0a1b746646a429c4a68ec436bf299d1a97c79c10f9c594834c85c143d2`
SHA3	`f7834e2b9def6ecf0dfc563b6081c16484445a38e55353d3db9351448423ce79`
VirtualSize	`0x2d0610`
VirtualAddress	`0xae3000`
SizeOfRawData	`0x6c200`
PointerToRawData	`0xae1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.10293`

.pdata

MD5	`ed1464638733f604cf27139fd23f28a9`
SHA1	`916841565344096764da1cebdb69718992dcf81d`
SHA256	`9e9f18160dce438df59d27f5ef0dcfa6a98a6ea73c0b17445ed007ab7552dcc2`
SHA3	`6f9540820287d274921a4cbe7cf0a6af14d5ca030eeb2bc98a0cc258a80aabd0`
VirtualSize	`0x66c30`
VirtualAddress	`0xdb4000`
SizeOfRawData	`0x66e00`
PointerToRawData	`0xb4d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.58478`

minATL

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x18`
VirtualAddress	`0xe1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbb4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

_RDATA

MD5	`9585cf0b4a9e95d5a28a42c2de532524`
SHA1	`794c915f65d54aaaf5425cc4628aa2bfa869fc2c`
SHA256	`efa4fb8ba09447ba20b3032ad40959d1d402b41254c7175d2b1c627ad314a2be`
SHA3	`ce210b3bc0d30d21e0f8ea50b9c9a78cdcfebfb6954176a623890d14cd90dc34`
VirtualSize	`0xf4`
VirtualAddress	`0xe1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbb4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.45437`

.mydata

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x18`
VirtualAddress	`0xe1d000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbb4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`cbb00468d312c97353d9ef5acccc4d41`
SHA1	`c3807a59665d1ef698f447f5e66d521930521362`
SHA256	`59863dfb1dcdefccce27de3454d3cf5dcddd287c120b04689064c33288ecb9a1`
SHA3	`e849473e9a3b594f0c6f6fc482dd5020ceff231700c1dfe042d89bdbac89b52d`
VirtualSize	`0x3bffc`
VirtualAddress	`0xe1e000`
SizeOfRawData	`0x3c000`
PointerToRawData	`0xbb4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52406`

Imports

RPCRT4.dll	`UuidToStringW` `UuidCreate`
WININET.dll	`HttpEndRequestW` `InternetWriteFile` `InternetCloseHandle` `HttpSendRequestA` `InternetCrackUrlA` `InternetCanonicalizeUrlA` `HttpOpenRequestA` `HttpQueryInfoA` `InternetOpenA` `InternetConnectA` `InternetReadFile` `InternetGetConnectedState`
d3d11.dll	`D3D11CreateDevice`
dbghelp.dll	`MiniDumpWriteDump` `SymInitialize` `SymFromAddr`
WINMM.dll	`joyGetPos` `mciSendStringA` `timeGetTime` `timeGetDevCaps` `timeEndPeriod` `timeBeginPeriod` `joyGetPosEx`
WS2_32.dll	`WSAStartup` `WSAAddressToStringA` `inet_pton` `socket` `connect` `gethostname` `recvfrom` `recv` `getsockopt` `freeaddrinfo` `sendto` `ioctlsocket` `setsockopt` `WSAGetLastError` `getpeername` `inet_ntop` `getnameinfo` `__WSAFDIsSet` `select` `ntohl` `ntohs` `htonl` `htons` `getaddrinfo` `listen` `closesocket` `bind` `accept` `WSACleanup` `getsockname` `send`
gdiplus.dll	`GdiplusStartup` `GdiplusShutdown`
COMCTL32.dll	`InitCommonControlsEx`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
MFPlat.DLL	`MFStartup` `MFCreateSourceResolver` `MFCreateMediaType` `MFShutdown`
MF.dll	`MFCreateAudioRendererActivate` `MFCreateTopologyNode` `MFCreateMediaSession` `MFCreateSampleGrabberSinkActivate` `MFGetService` `MFCreateTopology`
IPHLPAPI.DLL	`GetAdaptersAddresses` `NotifyIpInterfaceChange` `CancelMibChangeNotify2`
KERNEL32.dll	`SetConsoleCtrlHandler` `GetCurrentThread` `WriteFile` `GetStdHandle` `FreeLibraryAndExitThread` `ExitThread` `PeekNamedPipe` `GetFileType` `GetFileInformationByHandle` `GetDriveTypeW` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `FindFirstFileExW` `MoveFileExW` `SetFileAttributesW` `GetFileAttributesExW` `GetModuleHandleExW` `HeapWalk` `HeapValidate` `RtlUnwind` `LoadLibraryExW` `InterlockedFlushSList` `InterlockedPushEntrySList` `RtlPcToFileHeader` `RtlUnwindEx` `GetTempPathW` `GetProcessHeap` `HeapFree` `HeapAlloc` `InitializeSListHead` `RaiseException` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `GetConsoleMode` `GetFileSizeEx` `TerminateProcess` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `SetFilePointerEx` `ReadConsoleW` `SetStdHandle` `GetTimeZoneInformation` `HeapReAlloc` `IsValidLocale` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `VirtualQuery` `Sleep` `LoadLibraryW` `GetProcAddress` `MultiByteToWideChar` `WideCharToMultiByte` `GetLastError` `LoadLibraryA` `OutputDebugStringA` `SetWaitableTimer` `CreateWaitableTimerW` `CloseHandle` `GetConsoleWindow` `SetLastError` `GetFullPathNameW` `GetExitCodeThread` `FormatMessageW` `DeleteFileW` `CreateThread` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `LocalFree` `GetModuleHandleW` `ReadFile` `SetFilePointer` `CreateFileW` `GetFileAttributesW` `GetCurrentDirectoryA` `SetCurrentDirectoryA` `SetEnvironmentVariableW` `FreeLibrary` `FormatMessageA` `CreateDirectoryW` `FindFirstFileW` `FindNextFileW` `RemoveDirectoryW` `GetModuleFileNameW` `GetUserDefaultLCID` `WaitForSingleObject` `ResumeThread` `GetTempPathA` `CreateProcessW` `CreateDirectoryA` `OpenThread` `GetTickCount64` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetCurrentProcess` `K32GetProcessMemoryInfo` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GetLocaleInfoW` `GetVersionExW` `GetSystemInfo` `GlobalMemoryStatusEx` `VerSetConditionMask` `VerifyVersionInfoW` `GlobalFree` `GetCurrentProcessId` `DebugBreak` `GetEnvironmentVariableA` `ExitProcess` `lstrlenA` `GetVersion` `SetEnvironmentVariableA` `CreateFileMappingW` `MapViewOfFile` `MoveFileA` `GetCommandLineW` `ExpandEnvironmentStringsW` `GetFinalPathNameByHandleW` `SetErrorMode` `GetCurrentThreadId` `SetUnhandledExceptionFilter` `WaitForSingleObjectEx` `CreateEventExA` `OutputDebugStringW` `RtlCaptureContext` `CreateEventW` `ResetEvent` `SetEvent` `GetStringTypeW` `GetLocaleInfoEx` `GetCPInfo` `CompareStringEx` `LCMapStringEx` `DecodePointer` `EncodePointer` `CreateSymbolicLinkW` `GetFileInformationByHandleEx` `CloseThreadpoolWait` `SetThreadpoolWait` `CreateThreadpoolWait` `CloseThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `SetThreadpoolTimer` `CreateThreadpoolTimer` `CloseThreadpoolWork` `SubmitThreadpoolWork` `CreateThreadpoolWork` `FreeLibraryWhenCallbackReturns` `GetSystemTimeAsFileTime` `GetCurrentProcessorNumber` `FlushProcessWriteBuffers` `CreateSemaphoreExW` `CreateEventExW` `InitOnceExecuteOnce` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `SetFileInformationByHandle` `GetNativeSystemInfo` `SwitchToThread` `SleepConditionVariableSRW` `SleepConditionVariableCS` `SetEndOfFile` `WakeAllConditionVariable` `WakeConditionVariable` `InitializeConditionVariable` `TryEnterCriticalSection` `InitializeCriticalSectionEx` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `InitializeSRWLock` `TlsFree` `TlsGetValue` `TlsAlloc` `SetThreadPriority` `TlsSetValue` `DeleteCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `EnterCriticalSection` `RtlCaptureStackBackTrace` `LCMapStringW` `EnumSystemLocalesW` `FlushFileBuffers` `FindClose` `GetConsoleOutputCP` `HeapSize` `GetFileSize` `WriteConsoleW`
USER32.dll	`MsgWaitForMultipleObjectsEx` `EnumDisplaySettingsA` `TranslateMessage` `SetProcessDPIAware` `SetDlgItemTextA` `MessageBoxA` `PeekMessageW` `OpenClipboard` `CloseClipboard` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `IsClipboardFormatAvailable` `keybd_event` `IsDialogMessageW` `DispatchMessageW` `GetFocus` `GetRawInputDeviceList` `GetCursorPos` `SetCursorPos` `UpdateWindow` `EnumDisplaySettingsW` `GetMonitorInfoW` `ShowWindow` `GetSystemMetrics` `SendMessageW` `GetAsyncKeyState` `IsWindowVisible` `GetWindowLongPtrW` `GetLayeredWindowAttributes` `IntersectRect` `SetWindowLongPtrW` `MonitorFromWindow` `wsprintfW` `GetActiveWindow` `ClientToScreen` `MoveWindow` `CreateDialogParamW` `GetDC` `EndDialog` `SetWindowTextW` `SetDlgItemTextW` `GetDlgItemTextW` `GetDlgItem` `DrawTextW` `DialogBoxParamW` `ReleaseDC` `GetWindowLongW` `DefWindowProcW` `GetKeyState` `PostMessageW` `CreateWindowExW` `ScreenToClient` `CallNextHookEx` `RegisterClassExW` `FindWindowExA` `MapWindowPoints` `UnhookWindowsHookEx` `EnumWindows` `SetFocus` `BringWindowToTop` `EnumDisplayDevicesW` `LoadCursorW` `SendMessageA` `SetParent` `SetCapture` `SetWindowsHookExW` `SetCursor` `GetClientRect` `PostThreadMessageW` `FindWindowA` `ReleaseCapture` `SetForegroundWindow` `LoadImageW` `MessageBoxW` `GetRawInputDeviceInfoA` `DestroyWindow` `AdjustWindowRectEx` `GetWindowRect` `SetWindowPos`
GDI32.dll	`SelectObject` `DeleteObject` `CombineRgn` `GetRgnBox` `CreateRectRgnIndirect` `GetDeviceCaps` `GetStockObject`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`RegOpenKeyExW` `RegCloseKey` `CryptGenRandom` `CryptReleaseContext` `RegQueryValueExW` `CryptAcquireContextA`
SHELL32.dll	`ShellExecuteW` `SHGetFolderPathW`
ole32.dll	`CoInitialize` `CoTaskMemFree` `CoCreateInstance` `CoCreateFreeThreadedMarshaler` `PropVariantClear`
dwmapi.dll	`DwmGetWindowAttribute` `DwmGetCompositionTimingInfo`
IMM32.dll	`ImmGetContext` `ImmSetCompositionWindow` `ImmReleaseContext` `ImmSetCandidateWindow`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.07704`
MD5	`892f0f6732ef0f73cf6db51e62017a74`
SHA1	`7d4428613b8ec9c1380ed96e18d4f2d0c380c94a`
SHA256	`96c7b054d2e1d983e964da4f6749b7a8e4fe6296cb4803b5668bf61a1d5deda4`
SHA3	`aaff03cd3c772f9407539198680994d4b6303f226f27df7ddba46096d6373f36`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x32028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.58843`
MD5	`048e2fee4329ab5782ad74c56de28307`
SHA1	`188508a008e2500c133c02284fcbca794c32be5c`
SHA256	`42674813389093817a56a4567bea9192becaae77acb52bf06cea9feec88cc139`
SHA3	`5b9432b09c84c7c45ac08b9fedb2f904eaa8e20f90f1e26d2cdfbc1d62989dcc`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89367`
MD5	`713948be21003dfb618ecdb185e50a59`
SHA1	`e1b814c0073be99d0f28e2ddb7d13b073f3dc67c`
SHA256	`f07f55d8a2d3e560f02673c49c8469b51a8d3548d7a1f0ee47355d6f080c9de8`
SHA3	`c1a3d3c7b76024fac53f24210b659a9bb52b0c6230589d095090e6b7e467fd2a`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36684`
MD5	`4b54f097cdb6fa39423033d47fa200db`
SHA1	`bde6c7a67f2b92f27aa875d4955999a9772ff2bf`
SHA256	`6a73143cfacd86719eecf2cc45bb66c23391ac62d0ffa167a1acda97b218a1a1`
SHA3	`2d1407d8b37f12533b8c67a507e830cf7c707f921c4f1dc2bb2f685733046eda`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4c28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.04121`
MD5	`5862fb822647bb0222206552d93026f2`
SHA1	`c8df9419ceba783553fc9f5da52146a52d950867`
SHA256	`91b02dbfc7de3d446cfa0c582ffcd94754e063ab54450b8545e926755c301d9f`
SHA3	`00567047bfdf427cf64883cba41b3bee99520b33a6ad22c0d5d8f2108cee0d5e`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1ae3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86085`
Detected Filetype	PNG graphic file
MD5	`e602c6a4d4ddd15813cc8ab00888f496`
SHA1	`60bf529178e5f05463719555bd52551798e6ac88`
SHA256	`22813a19603dfdabbc152571db92cadd0f0a4192d8cff8942baae650c820c808`
SHA3	`58da0492c870c76a71c95de41ddb4735f69f314788516ad71b50c190c14b3cb7`

IDD_ERROR_CODE

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11903`
MD5	`ac3f07c5aa93e413823a32f659240ad1`
SHA1	`d78e110cb30ccff6366e410f6a16009383f8f2e9`
SHA256	`b45c6a3366adc913f8d1f3cd2289aeddc2b4dae28c0e39daa911009f50234c43`
SHA3	`89f27075d14968fef9bdad5097adf1e3f751b7238149ba82eec741da3e19086a`

IDD_INPUTQUERY

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06903`
MD5	`c2624d0a67009076569b24ceaf5c25f0`
SHA1	`9430e62b31117c2a62b30d5067a9a485b2b92262`
SHA256	`6bd1990b830571c05426131c936352f081dbf227a5f1f8708be380bb68c0ef1e`
SHA3	`87c0e1470f39b15c7cde38546d123ea57c64a448bb9ec5e30e1582325f7d6497`

IDD_LOGIN_ASYNC

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x13c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07583`
MD5	`6b0f04cd06a91ff5ee96decd8eb6dbc6`
SHA1	`240236f7e7f1c2cea21c1d5eac0bef98094eb18a`
SHA256	`28ae1807e280b537ef8a9b5df66942cd52adf418cd5a2e0b07ef48b25bd08955`
SHA3	`f3d6f5a0f7c6fb4bd8a283c4f8bfc9337364cb28e696784dcb8f543d9d79e89b`

IDD_MESSAGE_ASYNC

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00453`
MD5	`ed9d6ad0e3e5f287913a8c39386eb08e`
SHA1	`3856ad95adbb8ffdb971bd44a43e32ff7da10c9e`
SHA256	`09ae8082cc363799b57616423e47409390c11fc632c0958826d98420683aa83a`
SHA3	`19d277b2aea915c99d664198e3339347acae3070829ba1269eda8de02a6b820e`

IDD_QUESTION

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xcc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11344`
MD5	`c73c99bc6638f100b097bf7fcca8f264`
SHA1	`1713cd590521632bcfb0be68c27b18a740edec1c`
SHA256	`a0c9982c1806c9802b63ba6a73a9deedd2825fe0b7a6b86ec16c098d8422587d`
SHA3	`ac3b5ddd8e27e4d89cce23d9fd85784ffc8e1a7b827a762e384f4a9bb45b3f08`

152

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.93321`
Detected Filetype	Icon file
MD5	`5c524101a5529fe192febb8347eaf6d8`
SHA1	`942a89936f473e195adf482029838adf0064233c`
SHA256	`66cc06e4d655eca6fccc6834ecfb68d039c68e5210725302e74e557dcd3fe325`
SHA3	`a3853ff28400b74fd7cfd37c4260ef59fa37e91e02239cfcd3b54b1408a71ac4`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35049`
MD5	`caae510f339e213e9b7290ccb496a89f`
SHA1	`408445b052e4eca2a3c0a7916fbfbfc823e5e33b`
SHA256	`d5714b82569212a11da9890ab97f5f3cd4f69b836bbef0358f41fce9053ed575`
SHA3	`6a83a9107db5de552282cc3dc93fc62693ede18eb636e89bc730a543988723fa`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x340`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11335`
MD5	`291ed637ff774c565467127b4dc6f604`
SHA1	`b3712edf7e24864402805cf9fe5b1de2c6224489`
SHA256	`bbb722efa85a50eef34ff211a8f26cc6ec7c6d7e2db0a6958c7d2fbc693fe8d3`
SHA3	`1d912a13d46db4232b411c8ea0c84f02fac3cbce88ed013f399fdc999bd30983`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United Kingdom
CompanyName	YoYo Games Ltd
FileDescription	Can you survive Five Nights at Frickbear's 3?
FileVersion (#2)	1.0.0.0
LegalCopyright
PrivateBuild	01.00.00.00
ProductName	Created with GameMaker Studio 2
ProductVersion (#2)	1.0.0.0

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Dec-13 08:38:47
Version	`0.0`
SizeofData	`104`
AddressOfRawData	`0xa28494`
PointerToRawData	`0xa27494`
Referenced File	D:\a\GameMaker\GameMaker\GameMaker\Runner\VC_Runner\x64\Release-Zeus\Runner.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Dec-13 08:38:47
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xa284fc`
PointerToRawData	`0xa274fc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Dec-13 08:38:47
Version	`0.0`
SizeofData	`1156`
AddressOfRawData	`0xa28510`
PointerToRawData	`0xa27510`

TLS Callbacks

StartAddressOfRawData	`0x140a289c8`
EndAddressOfRawData	`0x140a289d0`
AddressOfIndex	`0x140b50e64`
AddressOfCallbacks	`0x1408d6160`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140ae33d8`

RICH Header

XOR Key	`0xff360641`
Unmarked objects	`0`
ASM objects (30795)	`35`
253 (28518)	`8`
C objects (30034)	`20`
ASM objects (30034)	`12`
C++ objects (30034)	`93`
C++ objects (30153)	`40`
C++ objects (30795)	`223`
173 (VS2010 build 30319)	`1`
C objects (30795)	`61`
Imports (21202)	`2`
C objects (30153)	`40`
Imports (30795)	`41`
Total imports	`382`
C++ objects (LTCG) (30153)	`467`
Resource objects (30153)	`1`
151	`1`
Linker (30153)	`1`

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.

Leave a comment

No comments yet.