Manalyze report for c394fe7a69c07be94598189742b983ec

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Oct-24 06:03:50
Detected languages	English - United States Process Default Language
Debug artifacts	Embedded COFF debugging symbols
CompanyName	Activision Blizzard, Inc.
FileDescription	Call of Duty(R): World at War Campaign/Coop
FileVersion	`1.7`
LegalCopyright	Copyright (C) 2008-2009
ProductName	Call of Duty(R): World at War Game
ProductVersion	`1.7x`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	PEiD Signature:	`Crunch 4`
Info	Interesting strings found in the binary:	Contains domain names: activision.com auth.mmp3.demonware.net cod2update.activision.com cod2update2.activision.com cod2update3.activision.com cod2update4.activision.com cod2update5.activision.com cod4master.activision.com cod5-pc.auth.mmp3.demonware.net cod5-pc.lsg.mmp3.demonware.net demonware.net eu.demonware.net http://schemas.xmlsoap.org http://schemas.xmlsoap.org/soap/encoding/ http://schemas.xmlsoap.org/soap/envelope/ http://www.activision.com http://www.treyarch.com lsg.mmp3.demonware.net mmp3.demonware.net pc.auth.mmp3.demonware.net pc.lsg.mmp3.demonware.net playlists.info schemas.xmlsoap.org stun.eu.demonware.net stun.us.demonware.net treyarch.com us.demonware.net www.activision.com www.treyarch.com xmlsoap.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: RegSetValueExA RegOpenKeyA RegCreateKeyA RegQueryValueExA RegCloseKey` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Uses Microsoft's cryptographic API: CryptGenRandom CryptReleaseContext CryptAcquireContextA` `Uses functions commonly found in keyloggers: MapVirtualKeyA GetForegroundWindow` `Leverages the raw socket API to access the Internet: htons inet_ntoa getsockname select __WSAFDIsSet` `Enumerates local disk drives: GetDriveTypeA` `Manipulates other processes: OpenProcess` `Can use the microphone to record audio: DirectSoundCaptureCreate` `Reads the contents of the clipboard: GetClipboardData`
Info	The PE's resources present abnormal characteristics.	`Resource 2 is possibly compressed or encrypted.` `Resource 3 is possibly compressed or encrypted.` `Resource 4 is possibly compressed or encrypted.` `Resource 5 is possibly compressed or encrypted.`
Safe	VirusTotal score: 0/71 (Scanned on 2026-01-18 21:04:42)	`All the AVs think this file is safe.`

Hashes

MD5	`c394fe7a69c07be94598189742b983ec`
SHA1	`229ee97a3916faaeb5e0403b066afa28facf0af3`
SHA256	`2a313f7cadae884fc6504d921fb7a9c59f0aef9ec1046e65e1bf3ab9e54bfdb7`
SHA3	`4c8b0547118d5231017c9b8ec183aa4edfa9b69acb748ec7086a13ee92a38390`
SSDeep	`98304:sFGGlNcRK4GwaloTHcwoRqOvYGWBugeEtDue:yGGlNcRCvloT8wnOQGue+Se`
Imports Hash	`46b3ad991deb69b9c6ba9008c014a922`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2015-Oct-24 06:03:50
PointerToSymbolTable	`0x4c415421`
NumberOfSymbols	`727274529`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x3f0000`
SizeOfInitializedData	`0x160000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x003AF316 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3eb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x4abac02`
SizeOfHeaders	`0x400`
Checksum	`0x705fb0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x20000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`122c61dbfd10202e7efb78d8163d074d`
SHA1	`2bc27c3b36b370488b1890a381346689b2a7717f`
SHA256	`dc4047cdcfc5a71f5e59e0d8803d8230c96d960c2571e7f8d8d11e6558980819`
SHA3	`08ec02306a094dc0f4435f38d0987d510d81b4b0ae1cf7aa3f99f6bb0c2de57c`
VirtualSize	`0x3ea000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3e9a17`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.7103`

.rdata

MD5	`7dc8355f82d7d43af0de94fc11501481`
SHA1	`1a6719464ec098ad19f97b2628c44f9b1daeb0e4`
SHA256	`f1b4dc79313d8b65b644b1dcc6381bf065e1f6ca62ea038fe292df3746333be4`
SHA3	`60f6d9f4c9f97872de1870dcabb19fdc453ebcd2b59edef2785861108744a697`
VirtualSize	`0xe0000`
VirtualAddress	`0x3eb000`
SizeOfRawData	`0xdfd15`
PointerToRawData	`0x3ea000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.76811`

.data

MD5	`1a17e2c9b999893bb73d98d6bf65f660`
SHA1	`af682f420dc5a850bdc2a6074188d5219ea0acd0`
SHA256	`da79b992a3afa06abcf1f3c3d6183376c4e0ce6b0a97698d092ed497edd388c3`
SHA3	`86a7f3a9093a67a25b33ee74d506017bb935453b62fca4a76510914a2ffb77bd`
VirtualSize	`0x458b000`
VirtualAddress	`0x4cb000`
SizeOfRawData	`0x1a6e7`
PointerToRawData	`0x4c9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.68208`

.tls

MD5	`93b65c20d33e9cce86dabfa89e02bfcf`
SHA1	`49a13f06b93b66bb5be881fda66c81ad32c080c9`
SHA256	`8bf49a7c5172aec4dfb37f26d43c5ee62a5fd6e02500f25f534711ff86eed17d`
SHA3	`9cc77f960ece888b2fe6d9b5dc5a1a1ebb7ce1dd94b800d69685a66c1cb080e5`
VirtualSize	`0x1000`
VirtualAddress	`0x4a56000`
SizeOfRawData	`0x29`
PointerToRawData	`0x4e4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.329974`

.rsrc

MD5	`820d19c46cded9fd81099c4b6678447d`
SHA1	`4df63f21f75c8730812b4337340a6c8d09e97ab3`
SHA256	`303933d53f020c74258b91e9ad82128fec611b28b93a49424a8ea834401eb621`
SHA3	`aaacb78ac319ec518a3aeb00aba6fbb646b0931ad1341fc40e14c7b53a524334`
VirtualSize	`0x63c02`
VirtualAddress	`0x4a57000`
SizeOfRawData	`0x63c02`
PointerToRawData	`0x4e4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.87059`

Imports

advapi32.dll	`RegSetValueExA` `CryptGenRandom` `CryptReleaseContext` `CryptAcquireContextA` `RegOpenKeyA` `RegCreateKeyA` `RegQueryValueExA` `RegCloseKey`
ddraw.dll	`DirectDrawEnumerateExA` `DirectDrawCreateEx`
dsound.dll	`DirectSoundCaptureCreate` `DirectSoundCreate8`
gdi32.dll	`CreateSolidBrush` `CreateFontA` `GetDeviceCaps` `SetDeviceGammaRamp`
kernel32.dll	`GetLocaleInfoA` `GetStringTypeW` `GetStringTypeA` `GetTickCount` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `SetEnvironmentVariableW` `SetEnvironmentVariableA` `FlushFileBuffers` `GetTimeZoneInformation` `SetFilePointer` `GetFileType` `LockResource` `GetConsoleMode` `GetConsoleCP` `HeapSize` `GetStdHandle` `DeleteCriticalSection` `HeapCreate` `HeapDestroy` `LCMapStringW` `WideCharToMultiByte` `LCMapStringA` `QueryPerformanceFrequency` `QueryPerformanceCounter` `CloseHandle` `SleepEx` `GetLastError` `ReadFileEx` `GetFileSize` `CreateFileA` `DebugBreak` `GetSystemTimeAsFileTime` `InterlockedExchange` `SuspendThread` `ResumeThread` `CreateThread` `ResetEvent` `Sleep` `CreateEventA` `GetCurrentProcess` `SetThreadIdealProcessor` `WaitForSingleObject` `GetProcessAffinityMask` `SetEvent` `GetCurrentThreadId` `SetThreadPriority` `SetThreadAffinityMask` `RaiseException` `GetCurrentThread` `DuplicateHandle` `SetFileAttributesA` `GetFileAttributesA` `SetStdHandle` `VirtualAlloc` `LeaveCriticalSection` `EnterCriticalSection` `GetModuleFileNameA` `GetModuleHandleA` `TryEnterCriticalSection` `InitializeCriticalSection` `GetProcAddress` `SetProcessAffinityMask` `GetThreadPriority` `GlobalMemoryStatus` `CreateProcessA` `FormatMessageA` `ReadFile` `WriteFile` `GetDriveTypeA` `SetErrorMode` `OpenProcess` `SetUnhandledExceptionFilter` `GlobalUnlock` `GetCurrentDirectoryA` `CreateToolhelp32Snapshot` `GlobalSize` `Module32First` `OutputDebugStringA` `Module32Next` `GlobalLock` `GetVersionExA` `GetCurrentProcessId` `DeleteFileA` `LoadLibraryW` `MultiByteToWideChar` `FreeLibrary` `MulDiv` `SetPriorityClass` `SetThreadExecutionState` `LoadLibraryA` `SwitchToThread` `InterlockedIncrement` `InterlockedDecrement` `CompareFileTime` `ReleaseMutex` `CreateMutexA` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `HeapFree` `HeapAlloc` `ExitProcess` `RtlUnwind` `MoveFileA` `TerminateProcess` `UnhandledExceptionFilter` `IsDebuggerPresent` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `CreateDirectoryA` `GetFullPathNameA` `HeapReAlloc` `GetCommandLineA` `GetProcessHeap` `GetStartupInfoA` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `RestoreLastError` `CompareStringA` `CompareStringW` `SetEndOfFile` `InterlockedCompareExchange` `IsProcessorFeaturePresent` `RemoveDirectoryA` `FindClose` `GetSystemTime` `SystemTimeToFileTime` `FindNextFileA` `VirtualFree` `VirtualQuery` `FindFirstFileA`
oleaut32.dll	`SysAllocString`
psapi.dll	`GetProcessMemoryInfo`
shell32.dll	`SHGetFolderPathA` `ShellExecuteA`
user32.dll	`CallWindowProcA` `LoadImageA` `UpdateWindow` `AdjustWindowRect` `DestroyWindow` `RegisterClassA` `MoveWindow` `CreateWindowExA` `DefWindowProcA` `SetWindowPos` `MapVirtualKeyA` `GetMessageA` `CloseClipboard` `GetMonitorInfoA` `RegisterClipboardFormatA` `SendMessageA` `GetClipboardData` `DispatchMessageA` `OpenClipboard` `PeekMessageA` `RegisterClassExA` `MonitorFromWindow` `PostQuitMessage` `GetSystemMetrics` `TranslateMessage` `LoadCursorA` `SetWindowTextA` `LoadIconA` `ShowWindow` `SetFocus` `ShowCursor` `GetForegroundWindow` `SetCursorPos` `ClientToScreen` `GetCursorPos` `ScreenToClient` `GetWindowRect` `PostMessageA` `GetActiveWindow` `MessageBoxA` `GetDC` `GetWindowTextA` `SetWindowLongA` `GetWindowLongA` `ReleaseDC` `GetDesktopWindow` `ChangeDisplaySettingsA` `EnumThreadWindows` `MonitorFromPoint` `EnumDisplayMonitors` `AdjustWindowRectEx` `IsWindow` `CloseWindow`
winmm.dll	`timeEndPeriod` `mixerGetNumDevs` `mixerClose` `mixerGetLineInfoA` `mixerOpen` `mixerGetLineControlsA` `waveInGetNumDevs` `mixerSetControlDetails` `mixerGetControlDetailsA` `timeGetTime` `timeBeginPeriod`
ws2_32.dll	`htons` `inet_ntoa` `getsockname` `select` `__WSAFDIsSet`
wsock32.dll	`inet_addr` `send` `WSAGetLastError` `htons` `htonl` `ioctlsocket` `connect` `closesocket` `WSAStartup` `socket` `bind` `recv` `gethostbyname` `sendto` `setsockopt` `gethostname` `recvfrom`
xinput1_3.dll	`XInputGetState` `XInputGetCapabilities` `XInputSetState`
binkw32.dll	`_BinkClose@4` `_BinkGetRects@8` `_BinkSetMemory@8` `_BinkRegisterFrameBuffers@8` `_BinkWait@4` `_BinkOpen@8` `_BinkNextFrame@4` `_BinkGetFrameBuffersInfo@8` `_BinkSetSoundTrack@8` `_BinkControlBackgroundIO@8` `_BinkGetRealtime@12` `_BinkDoFrame@4` `_BinkOpenDirectSound@4` `_BinkSetIOSize@4` `_BinkSetSoundOnOff@8` `_BinkPause@8` `_BinkSetVolume@12` `_BinkGetError@0` `_BinkSetSoundSystem@8`
d3d9.dll	`D3DPERF_BeginEvent` `Direct3DCreate9` `D3DPERF_EndEvent`
d3dx9_37.dll	`D3DXCompileShader` `D3DXGetShaderConstantTable` `D3DXCreateBuffer` `D3DXGetShaderInputSemantics` `D3DXGetShaderOutputSemantics`
faultrep.dll	`ReportFault`
ole32.dll	`CoTaskMemAlloc` `CLSIDFromString` `CoUninitialize` `CoInitialize` `CoCreateInstance` `CoInitializeEx` `CoTaskMemFree`

Delayed Imports

__GDF_THUMBNAIL

Type	`DATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x29647`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99096`
Detected Filetype	PNG graphic file
MD5	`68f7ecec1dbbe852b3885b84319a0251`
SHA1	`fb2f14de4ca4443ba967eb2a65206a58bc321abb`
SHA256	`c5888cb3969a1bee4f250bd7167e7a0ae1ece67acb8c8a439b4e9029cfa35708`
SHA3	`82bfed4d15e8b5ade9166cfa9fac3a5c106fd482d974c3ac345f5a2188a10ded`

__GDF_XML

Type	`DATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x1f1a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.59416`
MD5	`fe6de789ffedf55b92fb56db470f2a6c`
SHA1	`6df0c38aa17cc8f6910f03e5c2885e77a15303f3`
SHA256	`02546e37088473740e5b0c79aa0bd6a573f43837d84da9b4634e1e2330514486`
SHA3	`e9f4735994ca9b27ff36fd398061f4c80d01b2f9e3e6935b5098f26b694de040`

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.77023`
MD5	`f1d82b0c08a4096a0f5744d6aa79729d`
SHA1	`ee346d9f696a17ca98bff689044dad05b554f2fd`
SHA256	`6a598239c1d1d7755ad8435ad293c4d75361795ce93a0bc24b3316206f3b0535`
SHA3	`4913261c80c2eb4ffbd2234d5a268f6a569cc553516c2168aa9e9b1da6d39fcb`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.18691`
MD5	`c453975888096a7d61768aa329c13555`
SHA1	`b32ba1b3d6fb4626a9cea16a0d0b198a8d1c4d05`
SHA256	`63fef1aeec4e5f27918c75cb17acedc280355317cc02cbffdc58a0ca0bc39226`
SHA3	`2020d9e23489e43f94a30f710a34e68afe1b67dee54ed1637852c1ef37db0865`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.17109`
MD5	`ee02c30dc2f4cf80052b2a8ec9a3e8a1`
SHA1	`4520dbb91b86369f66d1ce89c35f1436030f662c`
SHA256	`11c1a043c67d976242bc186d2a7e8f53c5474a60d5028e1dd5d271651585a58c`
SHA3	`2ab682273c4ec007b29012b39f8f50c3b2b3eac16dfc560ef4e67768fa4eb31c`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.23929`
MD5	`a82f93bad50327b9f7c514a2017d27ef`
SHA1	`2b50a9050aa03fedde29e60ae981d0e5a147fc3b`
SHA256	`3f43257f9a663e98657b489a63173cd8b0b7abb49bcafb6be829dad72a66013d`
SHA3	`9e1b4d89ebc3657da31c8be59d6ad128cedb2738fef25168e9379132efa302c9`

5

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x32028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.78299`
MD5	`eb18b52c84c1beda7fb06973d6d2b6f2`
SHA1	`322459ace51f6983a8c96efdf40fc3dd46135030`
SHA256	`6a36d003f8804e41e330aecd60cb4692cbb141b3c5af1810343a17ee280dcc59`
SHA3	`ccf7cb72b9d26729fe461ed90f5b5d971919b358240b2406fa58ba7673e6584e`

ID_ICON1

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75256`
Detected Filetype	Icon file
MD5	`67e0f07c18ccceac897cb641b6a2268d`
SHA1	`67cf5c11ee4d4add5739443421859f814f08d451`
SHA256	`29e7f16635a559fa3202aeafdab441ca26dda8edf5c80142187d41fb06ac3b13`
SHA3	`14917c0396ba511a70beaa00148c99cb2a336bdea08843915f7e6d4ccb786bdd`

1 (#2)

Type	`RT_VERSION`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x2c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45209`
MD5	`729aaf2dcdc85a5a21b950393ef6a490`
SHA1	`8110618097f842e4fb197b5253c7fdcc1c6eb894`
SHA256	`a3e959ac35bafa9bbfb2fb83ec8f30b4b3ae823430db3a241c228e1e8767db9f`
SHA3	`6ae36bb90520d8491d961aea22c5f36d09fe6ddcec6699c2cf855e22ac963aa9`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x187`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.81948`
MD5	`049abf00d7a6277b2ec74b480bc3e8f2`
SHA1	`ec5376e153e484ab865ce10cbdbfcb088aa553e8`
SHA256	`879624dd5240efbeae0a675a9d2cdf54ac72f631481046aa18f10e3cf1facfee`
SHA3	`d878da4319cd91777cc6e11ee9686ce992e95a4d6e780e98eaad3379abefa434`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.7.0.0
ProductVersion	1.7.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
CompanyName	Activision Blizzard, Inc.
FileDescription	Call of Duty(R): World at War Campaign/Coop
FileVersion (#2)	1.7
LegalCopyright	Copyright (C) 2008-2009
ProductName	Call of Duty(R): World at War Game
ProductVersion (#2)	1.7x

Resource LangID	Process Default Language

TLS Callbacks

StartAddressOfRawData	`0x4e56000`
EndAddressOfRawData	`0x4e56028`
AddressOfIndex	`0x4e54760`
AddressOfCallbacks	`0x7eba3c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

XOR Key	`0x3ebf2ead`
Unmarked objects	`0`
126 (50327)	`7`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`62`
ASM objects (VS2003 (.NET) build 3077)	`1`
C objects (VS2012 build 50727 / VS2005 build 50727)	`378`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`261`
Imports (VS2008 build 21022)	`2`
Imports (VS2012 build 50727 / VS2005 build 50727)	`6`
Imports (VS2003 (.NET) build 4035)	`29`
Total imports	`306`
114 (VS2012 build 50727 / VS2005 build 50727)	`758`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

Errors

[!] Error: Could not read a COFF symbol.
[!] Error: Could not read PDB file information of invalid magic number.
[*] Warning: Could not read a WIN_CERTIFICATE's header.