Manalyze report for f2139278a370493cc99993b6bad4e033fe161dfb3a1b65e11bb87da4f188242d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Jun-01 15:33:36
Detected languages	English - United States
Debug artifacts	x:\gta\build\GTA4_Win32_Final.pdb
CompanyName	Rockstar Games
FileDescription	Grand Theft Auto IV
FileVersion	`1.2.0.43`
InternalName	Grand Theft Auto IV
LegalCopyright	Rockstar Games Inc. (C) 2005-2020 Take Two Interactive. All rights reserved.
OriginalFilename	GTAIV.exe
ProductName	Grand Theft Auto IV
ProductVersion	`1.2.0.43`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Accesses the WMI: root\cimv2` `Miscellaneous malware strings: Virus` Contains domain names: agile.lldns.net api.agile.lldns.net cacerts.digicert.com cloud.rockstargames.com crl3.digicert.com crl4.digicert.com digicert.com http://api.agile.lldns.net http://cacerts.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 http://crl3.digicert.com http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O http://crl3.digicert.com/sha2-assured-cs-g1.crl05 http://crl4.digicert.com http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl4.digicert.com/sha2-assured-cs-g1.crl0L http://mls.rockstargames.com http://ocsp.digicert.com0A http://ocsp.digicert.com0C http://ocsp.digicert.com0N http://www.digicert.com http://www.digicert.com/ssl-cps-repository.htm0 https://support.rockstargames.com https://www.digicert.com https://www.digicert.com/CPS0 lldns.net mls.rockstargames.com rockstargames.com ros.rockstargames.com support.rockstargames.com www.digicert.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .rkstr` `Section .rkstr is both writable and executable.` `Unusual section name found: .tbm`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegQueryValueExA RegCloseKey RegOpenKeyExA RegOpenKeyA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Uses Microsoft's cryptographic API: CryptUnprotectData CryptProtectData CryptQueryObject CryptMsgGetParam CryptAcquireContextA` `Leverages the raw socket API to access the Internet: WSAGetLastError htons getsockname recv bind socket shutdown select WSAStartup WSACleanup ioctlsocket closesocket gethostbyname send getpeername listen accept gethostname connect freeaddrinfo getaddrinfo __WSAFDIsSet getsockopt sendto setsockopt recvfrom inet_addr` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: EnumProcessModules OpenProcess`
Info	The PE's resources present abnormal characteristics.	`Resource SPAFILE is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`7296 bytes of data starting at offset 0x109be00.` `The overlay data has an entropy of 7.15926 and is possibly compressed or encrypted.`
Safe	VirusTotal score: 0/70 (Scanned on 2026-05-22 18:22:52)	`All the AVs think this file is safe.`

Hashes

MD5	`5fb14bb1280073cc0d82a4b63e263b84`
SHA1	`27ece294077f9836731dd35310bf2a6c51b7a51c`
SHA256	`f2139278a370493cc99993b6bad4e033fe161dfb3a1b65e11bb87da4f188242d`
SHA3	`27705747ba9fce9b7e2e333568a0f8f4b6ad8ffa61339ceb1ce2dd46f94de5e3`
SSDeep	`98304:IJVAzFwut1/acnakxYO4hMbqxU21k7W8nMkHviI/QcjRoGfStBniLOf5JW7w0oAy:IJGXnnT4hbF1k7/aq/NoGfGiLM279Xg`
Imports Hash	`1a110ed741cb11f9b80cc3f0bb46e56f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x148`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	2020-Jun-01 15:33:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0xa71c00`
SizeOfInitializedData	`0x1075e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x009F8F2B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa73000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1be6400`
SizeOfHeaders	`0x400`
Checksum	`0x10ace9e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9cad394de04567085736f81ea44ef2b7`
SHA1	`130d9b38ba2ba34fa87bd97cbec5bc3ae76317d5`
SHA256	`df05cab05a1a5371a079899a77c70017c2f2b1467ff06aa8b4e4aab2ee09bfcf`
SHA3	`5abb662d7830bc39c1afbeb84550816828dff9ac45573aa0a04f9f9eb2b76942`
VirtualSize	`0xa71baa`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa71c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4869`

.rdata

MD5	`0cf34ab1c4a46eb424a7928ecd90e8df`
SHA1	`6ca79bea5d2a85f249a6e6510609bb00532e35b3`
SHA256	`7040eb0c87340ca38ded592ece535c4c46e8f8ff42412e924da3272feb3e2a06`
SHA3	`9c54fd9f79f80804706cf9240aef51d64ec9815713c6cbf950f941b8d340de9e`
VirtualSize	`0x1bcab3`
VirtualAddress	`0xa73000`
SizeOfRawData	`0x1bcc00`
PointerToRawData	`0xa72000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.51995`

.data

MD5	`9725a7cd08d7b6c684011d74f9c7e355`
SHA1	`972103e3846d1b7725ea626ab6876753a945bd8c`
SHA256	`b69f379c2dd2bacf57c10c389f5c8b9c7dda223414cd198e1abf38161b4c2fea`
SHA3	`20e3343fe238b7392797abfca11c230fe455bb23ef324a142583fdf86a21001b`
VirtualSize	`0xc6b52c`
VirtualAddress	`0xc30000`
SizeOfRawData	`0x124200`
PointerToRawData	`0xc2ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.08276`

.tls

MD5	`67e9050e7b0a48cdecfef2a060b35359`
SHA1	`757b6893fcac7055f60b394bdf7727d0fb6f1e8b`
SHA256	`d95a29a8535f98a3732eff2a440f0e945605bbaf49e8137eb1e221df9fd042dc`
SHA3	`e56413d94faeaf941ea7ecfbe5fdc17933eea30a3c96595800c3b4199469ca2b`
VirtualSize	`0x8f1`
VirtualAddress	`0x189c000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xd52e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.00498607`

_RDATA

MD5	`1b5271fe979431400cce11596ea83303`
SHA1	`460cf8c499d71a2b66ff52f224ab87147e74a9f1`
SHA256	`5f8ef4ca835a4881e0392efec6ac7806dc5a00c9c0007730ced887ed73897e30`
SHA3	`4951378feecbeca63b743258d881ed804c91d340e0ecd497a9373aabecd0b531`
VirtualSize	`0x16e0`
VirtualAddress	`0x189d000`
SizeOfRawData	`0x1800`
PointerToRawData	`0xd53800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.01075`

.rsrc

MD5	`4270e00baec8db0261d2ed6d4668bc40`
SHA1	`b2d3628b247c06054cc40efa80a6f525687f54ad`
SHA256	`47cef39ed57d093b5429c3e7631fcf13a922bf0e2d7ea862f8c9cf469bab03aa`
SHA3	`1ceb97cd3e02518382da50059bdd62ba4d00674b954bd1ce6af5e1f21bd2eb7e`
VirtualSize	`0x115d28`
VirtualAddress	`0x189f000`
SizeOfRawData	`0x115e00`
PointerToRawData	`0xd55000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.79532`

.reloc

MD5	`5797486b1db8615433215970721eeb8f`
SHA1	`06b19eadba16ab2dda5dc33e49144de94c75ebf3`
SHA256	`ee0b1dcdb60223168ef410f1db46428026a0f2c72b7dd3804fad8b718930e01e`
SHA3	`d5bf106533b11a9a32788920f5f639436a13283b2329b58beafdf5162a9032b0`
VirtualSize	`0x135b4a`
VirtualAddress	`0x19b5000`
SizeOfRawData	`0x135c00`
PointerToRawData	`0xe6ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.12356`

.rkstr

MD5	`fd2c1a51b9f5bc294d3d3f86c0afb9d6`
SHA1	`a9426c229ec0690230b6baaa99f2b6f9c76d6111`
SHA256	`d479651fd45f491aa3cdd72fbae5f852215ba693f742591c61fcd9af38461f2e`
SHA3	`3243e6d5f0e4f9a5313c3527d17cc49576b368be09682ac1f8045c51f82a5f05`
VirtualSize	`0x305`
VirtualAddress	`0x1aeb000`
SizeOfRawData	`0x400`
PointerToRawData	`0xfa0a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.56882`

.tbm

MD5	`5c60fc02485a092224d920c16ca69091`
SHA1	`52a38fc0c765911362be8ac30873bc94902626aa`
SHA256	`178bfd0ebf72e3abd44a2e892a1543b22b74a710856c96f08510e6657c5737a0`
SHA3	`88fed7ca01221e13233c6315a9b13e632053cce3343e39800925682197a9b5b6`
VirtualSize	`0xfb000`
VirtualAddress	`0x1aec000`
SizeOfRawData	`0xfb000`
PointerToRawData	`0xfa0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`7.99974`

Imports

USER32.dll	`SetCapture` `IsWindowUnicode` `ReleaseCapture` `DefWindowProcW` `GetParent` `MessageBoxA` `wsprintfA` `IsWindow` `CharLowerBuffA` `ShowWindow` `DefWindowProcA` `MoveWindow` `RegisterClassA` `EnumDisplayDevicesA` `LoadCursorA` `AdjustWindowRect` `UpdateWindow` `SetWindowTextA` `DispatchMessageA` `GetDesktopWindow` `ReleaseDC` `PeekMessageA` `CreateWindowExA` `SetRect` `TranslateMessage` `GetDC` `SetFocus` `GetWindowInfo` `LoadIconA` `IsIconic` `GetSystemMetrics` `SetWindowPos` `UnregisterClassA` `SetWindowLongA` `ShowCursor` `GetClientRect` `DestroyWindow` `GetMessageExtraInfo` `SendInput` `LoadKeyboardLayoutA` `GetKeyboardLayoutNameA` `GetKeyboardLayout` `GetKeyboardState` `GetKeyboardType` `ToAsciiEx` `MapVirtualKeyExA` `ToUnicodeEx` `SystemParametersInfoA` `SendMessageA` `SetWindowsHookExA` `UnhookWindowsHookEx` `CallNextHookEx` `MessageBoxW`
PSAPI.DLL	`EnumProcessModules` `GetModuleInformation`
binkw32.dll	`_BinkSetMemory@8` `_BinkDoFrame@4` `_BinkGoto@12` `_BinkGetKeyFrame@12` `_BinkOpen@8` `_BinkClose@4` `_BinkSetSoundSystem@8` `_BinkGetSummary@8` `_BinkRegisterFrameBuffers@8` `_BinkNextFrame@4` `_BinkGetFrameBuffersInfo@8` `_BinkShouldSkip@4` `_BinkWait@4` `_BinkOpenDirectSound@4` `_BinkSetVolume@12` `_BinkPause@8`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`
DSOUND.dll	`#3` `#9` `#11` `#2`
WS2_32.dll	`WSAGetLastError` `htons` `getsockname` `recv` `bind` `socket` `shutdown` `select` `WSAStartup` `WSACleanup` `ioctlsocket` `closesocket` `gethostbyname` `send` `getpeername` `listen` `accept` `gethostname` `connect` `freeaddrinfo` `getaddrinfo` `__WSAFDIsSet` `getsockopt` `sendto` `setsockopt` `recvfrom` `inet_addr`
d3d9.dll	`Direct3DCreate9`
RPCRT4.dll	`UuidCreateSequential`
CRYPT32.dll	`CryptUnprotectData` `CryptProtectData` `CryptQueryObject` `CertFindCertificateInStore` `CertGetNameStringA` `CryptMsgGetParam`
SHLWAPI.dll	`PathFileExistsA` `PathAppendW` `PathRemoveFileSpecA` `PathAppendA`
WMVCore.DLL	`WMCreateSyncReader` `WMCreateReader`
WINMM.dll	`waveOutWrite` `waveOutPrepareHeader` `waveOutClose` `timeEndPeriod` `timeBeginPeriod` `waveOutOpen` `waveOutSetVolume` `timeGetTime` `waveOutReset`
POWRPROF.dll	`CallNtPowerInformation`
KERNEL32.dll	`LocalAlloc` `GetOverlappedResult` `InitializeSListHead` `InterlockedPopEntrySList` `InterlockedFlushSList` `InterlockedPushEntrySList` `GetFileAttributesExW` `FindFirstFileExW` `GetFileInformationByHandle` `PeekNamedPipe` `GetSystemDirectoryA` `GlobalAlloc` `GlobalFree` `ReadConsoleW` `WriteConsoleW` `FlushFileBuffers` `SetStdHandle` `SetEnvironmentVariableA` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `OutputDebugStringW` `GetConsoleMode` `GetConsoleCP` `RtlUnwind` `GetStringTypeW` `GetCurrentDirectoryW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetFileType` `HeapSize` `GetFullPathNameW` `EncodePointer` `LoadLibraryExW` `GetModuleFileNameW` `GetStdHandle` `GetStartupInfoW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `SetLastError` `UnhandledExceptionFilter` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindFirstFileExA` `HeapReAlloc` `GetSystemTimeAsFileTime` `GetTimeZoneInformation` `GetFullPathNameA` `GetDriveTypeW` `IsProcessorFeaturePresent` `CreateEventA` `WaitForMultipleObjects` `Sleep` `CreateFileW` `ReadFile` `SetFilePointer` `CloseHandle` `HeapAlloc` `HeapFree` `GetProcessHeap` `OpenProcess` `GlobalMemoryStatusEx` `GetCurrentProcessId` `GetLastError` `CreateMutexA` `GetUserDefaultUILanguage` `WaitForSingleObject` `SetEvent` `GetCurrentThread` `CreateSemaphoreA` `SetThreadPriority` `ReleaseSemaphore` `ResetEvent` `SetThreadPriorityBoost` `GetSystemInfo` `GetCurrentThreadId` `ReleaseMutex` `ResumeThread` `CreateThread` `SwitchToThread` `TryEnterCriticalSection` `InitializeCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `GetCurrentProcess` `QueryPerformanceCounter` `GetThreadPriority` `QueryPerformanceFrequency` `InterlockedIncrement` `InterlockedDecrement` `InterlockedCompareExchange` `InterlockedExchange` `InterlockedExchangeAdd` `GetProcessAffinityMask` `CreateFileA` `FreeLibrary` `GetTimeFormatA` `VirtualFree` `GetDateFormatA` `GetProcAddress` `VirtualAlloc` `GetLocalTime` `LoadLibraryA` `GetModuleFileNameA` `SetEndOfFile` `SetFilePointerEx` `FormatMessageA` `SetFileTime` `WriteFile` `GetFileAttributesA` `FileTimeToSystemTime` `CreateDirectoryA` `GetFileSizeEx` `FindFirstFileA` `RemoveDirectoryA` `SetFileAttributesA` `FindClose` `MoveFileA` `FindNextFileA` `FileTimeToLocalFileTime` `LocalFree` `DeleteFileA` `LoadLibraryW` `MultiByteToWideChar` `GetModuleHandleA` `GetVersionExA` `CreateProcessA` `GetSystemTime` `SetUnhandledExceptionFilter` `GetWindowsDirectoryA` `GlobalMemoryStatus` `FindFirstFileW` `FindNextFileW` `GetFileAttributesW` `FoldStringW` `WideCharToMultiByte` `CreateDirectoryW` `DeleteFileW` `GetDiskFreeSpaceExA` `CopyFileA` `HeapSetInformation` `GetCommandLineA` `InitializeCriticalSectionAndSpinCount` `GetProcessId` `MapViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `ExpandEnvironmentStringsA` `SetThreadAffinityMask` `OpenThread` `OpenFile` `TerminateProcess` `GetSystemTimes` `RaiseException` `GetModuleHandleW` `VirtualQuery` `DecodePointer` `ExitProcess` `GetModuleHandleExW` `AreFileApisANSI` `IsDebuggerPresent`
GDI32.dll	`DeleteDC` `GetDeviceCaps` `GetStockObject` `CreateDCA` `ExtEscape`
ADVAPI32.dll	`RegQueryValueExA` `CryptAcquireContextA` `RegCloseKey` `RegOpenKeyExA` `RegOpenKeyA` `RegEnumKeyA`
SHELL32.dll	`ShellExecuteA` `SHGetFolderPathW` `SHCreateDirectoryExA` `SHGetFolderPathA`
ole32.dll	`CoInitialize` `CoCreateInstance` `CLSIDFromString` `CoSetProxyBlanket` `CoInitializeEx` `CoUninitialize`
OLEAUT32.dll	`VariantClear` `VariantInit` `SysAllocString` `SysFreeString` `SysStringLen`
DINPUT8.dll	`DirectInput8Create`
WINTRUST.dll	`WTHelperProvDataFromStateData` `WinVerifyTrust` `WTHelperGetProvCertFromChain` `WTHelperGetProvSignerFromChain`

Delayed Imports

SPAFILE

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10ebb1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.79244`
MD5	`780ec1df02d5b58bcf841362a501b381`
SHA1	`2485ed2612a28e4c58892346274702302b8a9cd5`
SHA256	`70ffac45b40996baf7d5bb3f3ad6618085639b64d4067cd7d378170be1298e75`
SHA3	`9d51633872a4b7e1c47bc9c66623535ac9fe261ebd7fac8cce17f294768964f6`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x303`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.65998`
Detected Filetype	PNG graphic file
MD5	`7889b6b370b80afe00bdaabb043a791c`
SHA1	`04174b66755524ae881b60112a2949477ea4c256`
SHA256	`bb858edf4fa4d4d7debaa7d1129a9b5acb81d1c5fa072a862c2f400b3529c92d`
SHA3	`056f053eaedd9b2f46370852cb450304e377448bcc5536817e47541933c7d5bb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84656`
Detected Filetype	PNG graphic file
MD5	`ae5abf87640c8acf8abd36f1aeeaf691`
SHA1	`e7379d7b03054b775f24f47c14b86e2f6ad2e240`
SHA256	`b83797a1153752dddb33660d6e54d734468705bb6d0fbd40a28e9ae0412322fd`
SHA3	`135a872836a76380cb7e01699d34e101557acfd29c1bffd5cc0e306faae2e20c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xac4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89704`
Detected Filetype	PNG graphic file
MD5	`d1a3c0f1b16bfd9d0b692be30bf8f0fe`
SHA1	`1a9b85f01c93ef71ec36919378f25623eefa6ce5`
SHA256	`f1e7c006818b0c49743c5862032e037d060a5fc77e0e406208539d255ac0abfb`
SHA3	`c27e57bc40422a9e2b7ec0e8c9c5b676edb348fe62db245ef8513b707b6612aa`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90714`
Detected Filetype	PNG graphic file
MD5	`63b30f790bc07a5000e86f250ec7b05b`
SHA1	`b8677806424b442504eb582e681df33032ae5d6b`
SHA256	`f501d31e65800704a11df462bdf72e1baa8aab8646e8eb3a2db62c47e5859052`
SHA3	`72aec571e124012d0520535930468b5aa2de8a13ac41adcfb68a5148c000e8c2`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14a1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93293`
Detected Filetype	PNG graphic file
MD5	`4b9a13197dba97d28f0e3e2f7a39aaf6`
SHA1	`bba5e49a2aa2f31319c994124fbed96e14b3c7ef`
SHA256	`b504e75a17bfaa4dca3f3eda570256ae9c13d7722067d81a9ff0255908006b18`
SHA3	`09ad51d6bb8f327a548235c914d9d67d2e116894359eb606f894f841f733b463`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1811`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9226`
Detected Filetype	PNG graphic file
MD5	`e99f85b8e5d786ae39cbc0ff927ff5b6`
SHA1	`8ea1128805caa83c3ed2f5590cbfb119c17b4627`
SHA256	`8537b867ab27b31532873bd341dd438096f832a53f833187cab6c9e8a3413fd0`
SHA3	`47c03abbcacff3fc410e044a176a3951862d00dc3c8b37c96770e608dd3aecd3`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.8213`
Detected Filetype	PNG graphic file
MD5	`a93b3be882725525650002dd9d09bbe3`
SHA1	`53ea9c31106e073771a7da1eb41504ebd6d2ecc4`
SHA256	`1ed4b920f514bb459937e78b577a63dcc08b0fbffa52cedcfb74624b11883e98`
SHA3	`c0f1466cd15f7d6cfb99ce1d42b62c28f9b5c7b132c5d145e7a3d3f443acdfaf`

104

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91401`
Detected Filetype	Icon file
MD5	`4458e9ab5aec4595ec4268624e095a0b`
SHA1	`c16291caa3d6f4de661f95da88789e9ec8e7c96d`
SHA256	`89e6359681a5a961d0d480eeac17953c2d7b38ab30f56bcce3ee58ff06bce425`
SHA3	`c21f4f059b1299d11355d7a29af004a7357484b5ec3f4b9c0b517f951f487621`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x364`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46186`
MD5	`c38874e4273e484b38cb55b4ebcddfe5`
SHA1	`e6fd771d353b71f1eb9721bf6143e9159f59188f`
SHA256	`384b7cc32599fd9101128afaca77557b0b201a66b55c595457eb911ea0ebc9b0`
SHA3	`f4a087ebbf949c209063dd2ab37211b58a0a0cd46731bb0612caa30a4cb70530`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x323`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15909`
MD5	`ee44399ce62be55b2fa487446a410928`
SHA1	`fcab5a48eda8405273ee89b5d9881f1c7cedf097`
SHA256	`cb1c913088fe034164864d66cd0a308f5ef83b8c6fe8439c79200100768ebdee`
SHA3	`49d77bfda86ead993181d4157830bda92a29d2a3f0655c14520b73fb5156afdc`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.0.43
ProductVersion	1.2.0.43
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Rockstar Games
FileDescription	Grand Theft Auto IV
FileVersion (#2)	1.2.0.43
InternalName	Grand Theft Auto IV
LegalCopyright	Rockstar Games Inc. (C) 2005-2020 Take Two Interactive. All rights reserved.
OriginalFilename	GTAIV.exe
ProductName	Grand Theft Auto IV
ProductVersion (#2)	1.2.0.43

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Jun-01 15:33:36
Version	`0.0`
SizeofData	`58`
AddressOfRawData	`0xbe8fd0`
PointerToRawData	`0xbe7fd0`
Referenced File	x:\gta\build\GTA4_Win32_Final.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Jun-01 15:33:36
Version	`0.0`
SizeofData	`16`
AddressOfRawData	`0xbe900c`
PointerToRawData	`0xbe800c`

TLS Callbacks

StartAddressOfRawData	`0x1c9c000`
EndAddressOfRawData	`0x1c9c8f0`
AddressOfIndex	`0x17aba14`
AddressOfCallbacks	`0xe75614`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1057f54`
SEHandlerTable	`0x102d6d0`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x4879d76c`
Unmarked objects	`0`
C objects (VS2008 SP1 build 30729)	`3`
Imports (50929)	`2`
Imports (VS2008 SP1 build 30729)	`4`
Imports (2179)	`2`
C objects (VS2003 (.NET) SP1 build 6030)	`5`
ASM objects (50929)	`55`
C++ objects (50929)	`73`
Imports (VS2012 build 50727 / VS2005 build 50727)	`4`
C++ objects (VS2012 UPD4 build 61030)	`653`
188 (30716)	`3`
C++ objects (VS2003 (.NET) build 3077)	`1`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`1`
190 (30716)	`3`
C++ objects (VS2010 build 30319)	`3`
Total imports	`420`
185 (30716)	`35`
C objects (50929)	`227`
211 (VS2012 UPD4 build 61030)	`796`
Resource objects (VS2012 UPD4 build 61030)	`1`
151	`2`
Linker (VS2012 UPD4 build 61030)	`1`

Errors

Leave a comment

No comments yet.