Manalyze report for a3b3a175d5f15c7794cf51412dd54073efaa0b98376ba0b906245128f72015b3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-18 20:43:19
Detected languages	English - United States
Debug artifacts	D:\a\Korone-Bootstrapper\Korone-Bootstrapper\BootstrapperClient\bin\Release\x64\PekoraPlayerLauncher.pdb
CompanyName	Korone Corporation
FileDescription	Korone
FileVersion	`1, 7, 0, 0`
LegalCopyright	(C) 2025 Korone Corporation. All rights reserved.
OriginalFilename	Pekora.exe
ProductName	Pekora Bootstrapper
ProductVersion	`1, 7, 0, 0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: .robloxlabs.com http://www.winimage.com http://www.winimage.com/zLibDll https://pekora.zip robloxlabs.com winimage.com www.winimage.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW` `Can access the registry: RegDeleteKeyW RegEnumKeyExW RegDeleteValueW RegFlushKey RegSetValueExW RegCreateKeyExW RegQueryValueExW RegOpenKeyExW RegCloseKey SHDeleteKeyW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptCreateHash CryptReleaseContext CryptDestroyHash CryptHashData CryptGetHashParam` `Can create temporary files: GetTempPathW CreateFileW` `Has Internet access capabilities: InternetReadFile InternetWriteFile InternetCloseHandle InternetOpenW InternetConnectW InternetQueryDataAvailable` `Leverages the raw socket API to access the Internet: WSAStartup getaddrinfo closesocket freeaddrinfo WSACleanup connect socket recv send` `Functions related to the privilege level: CheckTokenMembership DuplicateToken OpenProcessToken` `Manipulates other processes: OpenProcess EnumProcesses`
Info	The PE's resources present abnormal characteristics.	`Resource 162 is possibly compressed or encrypted.`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-05-20 12:04:41)	`Trapmine: suspicious.low.ml.score`

Hashes

MD5	`f745edf5a96ba145ca392df6aa67fe6e`
SHA1	`a6c3eddf363ad26c17121d4ed4d41fc7fe6153e9`
SHA256	`a3b3a175d5f15c7794cf51412dd54073efaa0b98376ba0b906245128f72015b3`
SHA3	`bbef00f6805834ccd4f95ff973df3a54f49b9628abaa18ef84a817f8a56a453d`
SSDeep	`24576:6r1tT1Gq71jvmhom9yjYpADVoEUmCHQCt:6rb1Xdjm9yjYpADqmCwCt`
Imports Hash	`f7da111a7b9bde2407170366bc293c90`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Feb-18 20:43:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x7a000`
SizeOfInitializedData	`0xe5800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000004670C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x163000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8a1fabca03190d02d8fc5fb87bf01fad`
SHA1	`167b83c2c938abb11a98c6e31d890f4607e5dae0`
SHA256	`7ee629f579a336638caed363322cea9d81c974c2fe80eccaf7a41c51a0742d96`
SHA3	`f743acc17eeda20246b5b32a18945d4302bc1ae18b173f22f3ca77e0d10c983e`
VirtualSize	`0x79e1c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7a000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42933`

.rdata

MD5	`080e7c26622993e95779e72925f2cd06`
SHA1	`a310d746a9820395ee97b745c4531f8c300750db`
SHA256	`0c4da8790ba0fc184d8aaf69407191daadeefbc61f4f4b54b2757ccde3cc49c2`
SHA3	`e625af95bada260bbd2c1ee268dbb2d88fb04d7e53713dee87405ecabac129e8`
VirtualSize	`0x29870`
VirtualAddress	`0x7b000`
SizeOfRawData	`0x29a00`
PointerToRawData	`0x7a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.65853`

.data

MD5	`e8dcadaa58fdb937aa740119f9e1675c`
SHA1	`45a494d8f4bbfb5d6611e65b208c99a5807d8a77`
SHA256	`6a2bc39dfbc9ec8ebebc64aa6c6b12eeb4b1a0ab91d790f45a4de76d78b51d2f`
SHA3	`38e6862cd36f70a1bba0574091f9c9b1e09e3d310a63db263fe8962735e523ff`
VirtualSize	`0x40c4`
VirtualAddress	`0xa5000`
SizeOfRawData	`0x2600`
PointerToRawData	`0xa3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.75068`

.pdata

MD5	`474db4f9741fbe55145ef8b65750246d`
SHA1	`784c53fae3ba7d088e6f8a350dc9f729c6d06d08`
SHA256	`a35f4ecbd8b54528129c5ba3aa2dbb157c6a68d98e6ecd0b78f1292e2a6af983`
SHA3	`f550ab758a2a063f41d7a7d23457487b633b80afa0e33a4f374a96803e4694a4`
VirtualSize	`0x4df4`
VirtualAddress	`0xaa000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0xa6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.84658`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0xaf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xab200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`5f4470b0ae6b55737944869c931496f3`
SHA1	`a3cd8beabf30da23d027acd8e195189154ed91b6`
SHA256	`4bb00e7b17720ed57597501db553bbab4f4dd95e92dfaad8a0ff825968e3ca51`
SHA3	`cad0db8da003cf8ca816083cc2b76bb6a095ce04d8cce9500fb61886fd765656`
VirtualSize	`0xb1b90`
VirtualAddress	`0xb0000`
SizeOfRawData	`0xb1c00`
PointerToRawData	`0xab400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.38183`

.reloc

MD5	`a44f86559dbf151808da1baab3bc263a`
SHA1	`c6c7eb7fbe53a4e1527c712a2864e372317d035e`
SHA256	`6c2978a33af4225e4ade01fdcf386749c7dbdf419d3d208c9b1dfd813f879744`
SHA3	`22efee3b5440cfd828aa51e51fd960f68f0c2d719c0d6d5d9d02e825d3bedfc7`
VirtualSize	`0xe08`
VirtualAddress	`0x162000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x15d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.16776`

Imports

KERNEL32.dll	`GetTempPathW` `DeleteFileW` `GetSystemTime` `lstrcmpW` `VerifyVersionInfoW` `VerSetConditionMask` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `MultiByteToWideChar` `WideCharToMultiByte` `WaitForSingleObject` `ReleaseMutex` `CreateMutexW` `SetEvent` `ResetEvent` `OpenEventW` `CreateEventW` `CloseHandle` `GetProcessHeap` `DeleteCriticalSection` `HeapDestroy` `DecodePointer` `HeapAlloc` `SetEndOfFile` `WriteConsoleW` `SetStdHandle` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `GetACP` `IsValidCodePage` `FindFirstFileExW` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `VirtualProtect` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `ReadConsoleW` `ReadFile` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `SetFilePointerEx` `GetFileType` `GetStdHandle` `ExitProcess` `GetModuleHandleExW` `FreeLibraryAndExitThread` `HeapReAlloc` `GetLastError` `HeapSize` `ExitThread` `CreateThread` `InitializeCriticalSectionAndSpinCount` `HeapFree` `Sleep` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `FindResourceExW` `LocalFree` `GetCurrentThreadId` `GetCurrentProcess` `GetCurrentThread` `CreateProcessW` `RaiseException` `GetTickCount` `CompareFileTime` `FindFirstFileW` `FindNextFileW` `FindClose` `lstrlenW` `GetLocalTime` `CreateDirectoryW` `GetDiskFreeSpaceExW` `SetFileAttributesW` `RemoveDirectoryW` `CreateFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `GetShortPathNameW` `FormatMessageW` `LoadLibraryW` `FreeLibrary` `CreateFileW` `GetFileAttributesW` `GetFileAttributesExW` `GetFileSizeEx` `MulDiv` `OpenProcess` `InitializeCriticalSectionEx` `WaitForSingleObjectEx` `GetExitCodeProcess` `TerminateProcess` `lstrcpyW` `lstrcatW` `WriteFile` `GetFileTime` `DosDateTimeToFileTime` `LocalFileTimeToFileTime` `SetFileTime` `IsDebuggerPresent` `OutputDebugStringW` `EnterCriticalSection` `LeaveCriticalSection` `QueryPerformanceCounter` `QueryPerformanceFrequency` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `GetTickCount64` `EncodePointer` `LCMapStringEx` `CompareStringEx` `GetCPInfo` `GetSystemTimeAsFileTime` `GetStringTypeW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetStartupInfoW` `GetCurrentProcessId` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `SetLastError` `RtlUnwind` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `GetCommandLineA` `GetCommandLineW`
USER32.dll	`LoadBitmapW` `CallWindowProcW` `GetParent` `GetWindowRect` `SendMessageW` `GetWindowLongPtrW` `AllowSetForegroundWindow` `SetWindowTextW` `LoadAcceleratorsW` `GetMessageW` `TranslateAcceleratorW` `TranslateMessage` `DispatchMessageW` `SetFocus` `CharNextW` `MessageBoxW` `PostThreadMessageW` `GetWindowThreadProcessId` `EnumWindows` `GetDlgItem` `PostQuitMessage` `BeginPaint` `FillRect` `EndPaint` `CreateWindowExW` `RegisterClassW` `GetSystemMetrics` `GetDC` `ReleaseDC` `SetTimer` `KillTimer` `DestroyWindow` `EnableWindow` `LoadIconW` `SetForegroundWindow` `PostMessageW` `GetWindowTextW` `CharUpperW` `MessageBoxA` `DefWindowProcW` `SetWindowLongPtrW` `ShowWindow` `InvalidateRect` `SetWindowPos` `IsWindowVisible`
GDI32.dll	`CreateFontW` `GetDeviceCaps` `DeleteObject` `Rectangle` `SelectObject` `CreatePen` `SetBkMode` `SetTextColor` `GetStockObject` `CreateSolidBrush`
ADVAPI32.dll	`OpenThreadToken` `InitializeSid` `GetSidSubAuthority` `CheckTokenMembership` `DuplicateToken` `RegDeleteKeyW` `RegEnumKeyExW` `RegDeleteValueW` `RegFlushKey` `CryptAcquireContextW` `CryptCreateHash` `IsValidSid` `GetLengthSid` `CopySid` `OpenProcessToken` `CryptReleaseContext` `CryptDestroyHash` `RegSetValueExW` `RegCreateKeyExW` `RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `GetUserNameW` `CryptHashData` `CryptGetHashParam` `GetTokenInformation` `GetSidLengthRequired`
SHELL32.dll	`SHGetFolderPathAndSubDirW` `ShellExecuteExW` `ShellExecuteW`
ole32.dll	`CoUninitialize` `CoInitialize` `CoCreateInstance` `CoCreateGuid`
OLEAUT32.dll	`VariantClear` `VariantInit` `RegisterTypeLib` `SysFreeString` `SysAllocString`
SHLWAPI.dll	`PathFileExistsW` `StrCmpNW` `SHDeleteKeyW` `StrStrW` `StrCpyW` `StrCmpW` `PathAddBackslashW` `StrDupW` `StrRChrW`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
WININET.dll	`HttpAddRequestHeadersW` `InternetReadFile` `HttpSendRequestW` `HttpEndRequestW` `HttpQueryInfoW` `HttpSendRequestExW` `InternetWriteFile` `InternetCloseHandle` `InternetOpenW` `InternetConnectW` `HttpOpenRequestW` `InternetQueryDataAvailable`
WS2_32.dll	`WSAStartup` `getaddrinfo` `closesocket` `freeaddrinfo` `WSACleanup` `connect` `socket` `recv` `send`
SensApi.dll	`IsNetworkAlive`
USERENV.dll	`UnloadUserProfile`
COMCTL32.dll	`InitCommonControlsEx` `_TrackMouseEvent`
PSAPI.DLL	`GetProcessImageFileNameW` `EnumProcesses`
IPHLPAPI.DLL	`GetAdaptersInfo`

Delayed Imports

157

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x438a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.27496`
MD5	`50f419fa8323accca851c249fe04788a`
SHA1	`ffbba8b937e0fb97153f66f01cdd3439495a5b33`
SHA256	`bbc6bfdae1f1a5d4b765c0e20eb6463a6106e35a7a3f8522fdc68a21ec6dc271`
SHA3	`60f9970f56d6e52acd29e6653a939f74acf98af585feaf61f03bc9d48d6faaaa`
Preview

158

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x438a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78496`
MD5	`d18d1e1314cc58cfdb48147634ee309e`
SHA1	`ee12b276c247e2be0eecd1f0600fa6ed83f20b21`
SHA256	`78099c05fccafb48ad1fde08d54182cc143668cf44a0f2d93ea097545de80a9d`
SHA3	`17008859f69ef5e52c04bbaf578fa5c419590b4f52e6a91668535e7e8bbf20e0`
Preview

159

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x438a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.867448`
MD5	`c663d7f01b04827cda0c796cdb22dfd3`
SHA1	`ee9c8e529b3d6f53b7672e9cde61fcc871dd0a5b`
SHA256	`cf0b02dfe14f00de4e340dd21c9799a6e76f7e3baddeb7a8d0aa8fb969599dec`
SHA3	`2427b7f05683771840a69d7443ca8e7b27bcb2b003485cc631d10f794f733ef3`
Preview

160

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x438a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.56718`
MD5	`d0a3a39400f4e573afae3367589cb636`
SHA1	`9a636b1445f1fdc779aab63b995080243420df47`
SHA256	`5ec17836f2ce6bc6927f6737bc300c31091e940910899756867722da524b6113`
SHA3	`f303c5642225db3c2bd6a61527e6ba9aeb9aaede558791a77a5a42e30900a6d9`
Preview

162

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5fc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.19556`
MD5	`748248273a64adb3cfc5ca1becbf43b5`
SHA1	`32f5d437440450654d30dace78c7eb5493a599e2`
SHA256	`e620a96cebc8679210362a9a9f029576b6caf2018b4c07a32d354ef3b2d343a5`
SHA3	`83296f9ff86da64d148875235cf061cee220e312305acc81ac1c6f70ea9686a4`
Preview

165

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5fca`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17392`
MD5	`30bc2cbd4a7af37708f14ae78746ffb4`
SHA1	`b8a105ad029aefd8d15b25e835b8588461bc46d3`
SHA256	`84ff266efd43022c45b2157e9de8439d12b93043a082f072df69d77cab3abf43`
SHA3	`036cac2e214704311f8eba3ae141fe6f57330cfa2d7ec0d84e7dd388c7b2926c`
Preview

166

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x438a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67552`
MD5	`2894f8b95f11d2502894bad979ac8352`
SHA1	`029f8d78f2a404226c691457a64b40c5f0fc0bdb`
SHA256	`11a039ebeccb17f56a7568694ce0ab658e508024275759e0eb0a48f9a756f7e9`
SHA3	`46f11540a1b5638cbc552333d2b360e4c4b89a2d7ac96ead0366d1a13aea954e`
Preview

167

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x438a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1925`
MD5	`6e7eeb19775cb8ea364ba7ca7bf8ffdd`
SHA1	`b47d6afc08453838ca3401587cdc5a855bda2de3`
SHA256	`d05df6c71f28f0b2742f8576f9c9aeb71e396882acdf3bbaa1c546c0ff8217c8`
SHA3	`11961c4b227623d05e3e306cfd0a6522be9245e8b42fb103992f866d35baf20e`
Preview

168

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1252`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91524`
MD5	`980abd340f79502e7935a58c8d9a3a93`
SHA1	`a4f38a63a1cb6611a94af8f88ed8472bd2e6b38f`
SHA256	`68b708de1a0665bdac7630c1694eeffff6887ffa6cb5e492897b33ab14d4d1e0`
SHA3	`7644042c73a9940dda641bc10c28355af1c701f39e6c556b7c3e56d3d609ccd6`
Preview

169

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1252`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.49345`
MD5	`b7484049c59944af301e3ae9f7d3285e`
SHA1	`97e8591563fecd6bf67eb8f83ab6957714efdf66`
SHA256	`195717ef2d7923589fd697185ff71b91e91694709a8262e9ead33e49def8ce2a`
SHA3	`180a0b54fa60b8d2aaee53f812324da6aa1303303a1e77e8d819561a68b54579`
Preview

170

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfdaa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.31953`
MD5	`a7ec85061680339d6d775241ec9afa78`
SHA1	`1094d6eb80ba9ee11cec494a08151fe69746482d`
SHA256	`0785bc60abeec4f946722ed6f0ffef8139c89820e98a334c4480f40797d27d8f`
SHA3	`0f237a56bc85b65a2fd5ab39158a28db9ee2c2328bf8b89addae752f82ba149e`
Preview

171

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfdaa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.23967`
MD5	`2779c030eed4af8e3d9a1139600ca624`
SHA1	`7ebbcb19eae9e1ea17a36375ef231e7da5eb06e2`
SHA256	`713c4132fa8845efe2c417c00c5a4b98f8e8a1571138f35dca2b75bec8c2aa38`
SHA3	`1064841e3b08373968841133339b3fa9ea23a138f6c1b7fa06e6e655f57c8d37`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.92814`
MD5	`42b45c13f32501f194717a9372bd63a6`
SHA1	`d128b2c33cf36689d4adfc6f3cc24aa024865e06`
SHA256	`c324c85f84c417b153f1285c21c4ec941ecd22aa31b84146f135563ee7837e1b`
SHA3	`ee439769238002b6745b9518a519548425cb1657313bd0af06fd8e6bcbe8644a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.0588`
MD5	`2a9fbcd5f9ee4e0c07a25f871357a824`
SHA1	`9073c08198603e62f98f28f7ed5b640ead0d12fb`
SHA256	`716b2500e9d01128a45edd7f9a041a660c7302c044de499d7c95d15ef4c64699`
SHA3	`1d737ee0a5f3a509a3043ac70e1b647515cb2e0358171a77c8d68753ee8212f7`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12039`
MD5	`5f638e56e78def8f455dc64b236301cf`
SHA1	`77951938f2402e005a4ae7899e272df894ee35c0`
SHA256	`9b4056d56c5ada85a9998a863df0791743875d9b072f16030f8810f9afc48aaa`
SHA3	`4adf3052370e700b0965db45c58e0eefb9261d8729328a0d301cf16d7d6e489a`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.10719`
MD5	`94b71effe818dd857c93422d51f840c5`
SHA1	`dd55139d4d9a14231a050d159441da1590bcbae6`
SHA256	`1ad07b34c476cff3cb54d446dba75e880cbe46c7f2bf84d4ffc7446902b8b423`
SHA3	`6c0742f86a7238918c7bfdda0a84dda25de2e055cf7fdb18d5a2c012b80e768e`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14206`
MD5	`8328a1df1305cc7a20cbe2952caeb35d`
SHA1	`fb2878881b423b57042d99ee61429740954d74cb`
SHA256	`908e5bd0fbebc42800c230efa0e5d1e9582305b015bd59b506ae28be59c11ec4`
SHA3	`b209eb639f46494629d5c8818aafebd2789e405f773ad3a27658c83ef0307cc9`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12394`
MD5	`c076e4c4f28abf885f06b1d5ece0fad1`
SHA1	`f7197f5c203ed43d493d2e62a2d9844f1be7818b`
SHA256	`384219a06554182b457acf20b55e5c54878553d8a8b0a16d2947714a83ced3d4`
SHA3	`dfc2641fa429185ccff17a75f6a38a3057e91ef224f93edfc4f5ed98f8eeea1c`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13351`
MD5	`c2b731db9a490de12e9110b5bc208f4a`
SHA1	`615fb51dd99c3a77d74ed6c986156e56bd4f7013`
SHA256	`a1a63135af89c029627532fb18f971b42de4f7434572015cd41c85ae259f730a`
SHA3	`5d543db4015adecd7cd07c83fda4c45ed3da79be173c7ddbf97ca86616772f0e`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.10549`
MD5	`566b21dee571cf2d7159945638d0df04`
SHA1	`23b7b70819a4e09f021d557072356a44af1427b2`
SHA256	`1233fa3eee11ab3cd93c7227a56faf97ad6d4a9ac8cd80a20c22c7ca14a75ca1`
SHA3	`f8a923d0aefd7b57a3e59f9a62c9c8d86f06b3b6e2fcb88312a307b9c6eba2d5`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.18115`
MD5	`80966153fc421451ef4ae6ce2e555639`
SHA1	`cd2c33b63c14b434a5d0ff3b30d5bcfbc33aa6fd`
SHA256	`b4507a1a35fd3fc5859c1345842c217ef28bf81ecf0ec333f3b94ff36f3c0f0d`
SHA3	`da0a1fe2c92fdedf19cb1ae2fda3574b8035c95cdcc848e1afbb9bab91988c1f`

130

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10699`
MD5	`68cb5cc7afee12ec7f880651ca2f0798`
SHA1	`02044f417697e1cec06adb21d96e0393bafad2d3`
SHA256	`61c5af9950d024b21a4fc8582542d92bae08c2d30f4426c43c45e54c721ad9b0`
SHA3	`2c36a632fd30687bd8c5a80c5ceb34f540edc7920683e9af0017a5ae0f729622`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1be`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40583`
MD5	`39e71be677c28e37fd60639c2d013e05`
SHA1	`0f4a177ccbe65ee1e16a5ad2b430fdb95c09934c`
SHA256	`170921ad66ca9f2fb617d921ef7794c87cca508031c89bbd82ad2dcadad61f2d`
SHA3	`a706791024c8d636002dac869b491191478780b05bd73f951e187a34b030cb7b`

131

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2`
MD5	`89f0636f6e66627ef5529a478982c33e`
SHA1	`af1c3b7b4ba6e1718d2b6f2bef1f4740bca81393`
SHA256	`0e690e70c2c1e194b5534bbcfada8039486f6e4baebf26a3e7e29d43737012a9`
SHA3	`8f6d3dae032358c523cd9963714b6e5bc9d98d88c4e0913df15eabfccb47eb30`

2 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01226`
Detected Filetype	Icon file
MD5	`8bd3cd6b83e995093febc060ec76aeb3`
SHA1	`b0338c581ad2beceda2bccbaa46d96383d3dc4a1`
SHA256	`4f16960f06a3608a7d49573795526ff6790c65d8015f0419d72a373e55ed8ac7`
SHA3	`dab5ecc0662f74eef0913882133480a1e4285be23cab87b03392d82bdce0c981`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34405`
MD5	`852ec95b412c4c49367512dc71cea822`
SHA1	`2e57fc3fe8c78de026aa0572e0e49c315de93b38`
SHA256	`ea23d12493e9f44f096c4a88e3c7cfb1e0673241af0564212530d31e93a5ea50`
SHA3	`676ed2a289e041c8f4695a29d5b9ba7abbb09d05086bae5df93fb2783fae7534`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x282`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0672`
MD5	`b2ced3969f764cf58d1e3f898073333a`
SHA1	`d4e26a5bc1ae0f1b8c21554308ee5a20614e6a56`
SHA256	`1d8a782b70eaa4d474727b0c68e8dfb3105966bac2fd3ed0c23df96388957674`
SHA3	`ce1e576a590d4453de91b4877643a36e09055955d3cca3f8571b549853470182`

String Table contents

setup.pekora.zip
www.pekora.zip
Korone IS SUCCESSFULLY INSTALLED!
Just click the "Play" button on any game to join the action!
Korone STUDIO IS SUCCESSFULLY INSTALLED!
Click "Launch Studio" to make your new game!

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.7.0.0
ProductVersion	1.7.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Korone Corporation
FileDescription	Korone
FileVersion (#2)	1, 7, 0, 0
LegalCopyright	(C) 2025 Korone Corporation. All rights reserved.
OriginalFilename	Pekora.exe
ProductName	Pekora Bootstrapper
ProductVersion (#2)	1, 7, 0, 0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-18 20:43:19
Version	`0.0`
SizeofData	`129`
AddressOfRawData	`0x9944c`
PointerToRawData	`0x9884c`
Referenced File	D:\a\Korone-Bootstrapper\Korone-Bootstrapper\BootstrapperClient\bin\Release\x64\PekoraPlayerLauncher.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Feb-18 20:43:19
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x994d0`
PointerToRawData	`0x988d0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-18 20:43:19
Version	`0.0`
SizeofData	`1052`
AddressOfRawData	`0x994e4`
PointerToRawData	`0x988e4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Feb-18 20:43:19
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140099948`
EndAddressOfRawData	`0x140099950`
AddressOfIndex	`0x1400a81f8`
AddressOfCallbacks	`0x14007ba38`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400a5100`

RICH Header

XOR Key	`0x63b67c5e`
Unmarked objects	`0`
C++ objects (33145)	`180`
ASM objects (33145)	`8`
253 (35207)	`1`
ASM objects (35207)	`12`
C objects (35207)	`18`
C++ objects (35207)	`99`
C objects (35222)	`8`
C objects (33145)	`20`
C++ objects (CVTCIL) (33145)	`1`
C objects (CVTCIL) (33145)	`2`
Imports (33145)	`33`
Total imports	`329`
C++ objects (LTCG) (35222)	`25`
Resource objects (35222)	`1`
151	`1`
Linker (35222)	`1`

Errors

Leave a comment

No comments yet.