Manalyze report for f2dc6fbb679bbae594e8d89d1cce8b28da81f0f3ebd634a34d54368e5cf5c07c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-29 15:13:18
Detected languages	English - United States
CompanyName	GSE
FileDescription	GSE
FileVersion	`1, 0, 0, 2`
InternalName	GSE
LegalCopyright	Copyright (C) 2021 GSE
OriginalFilename	steam.exe
ProductName	GSE
ProductVersion	`1, 0, 0, 2`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW` `Code injection capabilities: VirtualAllocEx WriteProcessMemory CreateRemoteThread` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegDeleteKeyW RegCreateKeyExW RegCloseKey RegSetValueExW` `Possibly launches other programs: CreateProcessW` `Memory manipulation functions often used by packers: VirtualAllocEx VirtualProtect` `Manipulates other processes: WriteProcessMemory`
Suspicious	The file contains overlay data.	`563200 bytes of data starting at offset 0x55ba8.`
Malicious	VirusTotal score: 37/70 (Scanned on 2026-02-16 04:07:04)	`ALYac: Trojan.GenericKDZ.115081` `AVG: Win64:Evo-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.R739970` `Antiy-AVL: Trojan/Win32.Agent` `Arcabit: Trojan.Generic.D1C189` `Avast: Win64:Evo-gen [Trj]` `BitDefender: Trojan.GenericKDZ.115081` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.1768490523a54002` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GameHack.MH potentially unsafe application` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKDZ.115081 (B)` `Fortinet: Adware/GameHack` `GData: Trojan.GenericKDZ.115081` `Google: Detected` `Gridinsoft: Trojan.Win64.Agent.oa!s1` `K7AntiVirus: Unwanted-Program ( 005d20111 )` `K7GW: Unwanted-Program ( 005d20111 )` `Lionic: Trojan.Win32.GameHack.4!c` `Malwarebytes: RiskWare.GameHack` `MaxSecure: Trojan.Malware.542405702.susgen` `McAfeeD: ti!F2DC6FBB679B` `MicroWorld-eScan: Trojan.GenericKDZ.115081` `Microsoft: Trojan:Win32/Kepavll!rfn` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `TrellixENS: Artemis!5AD5FBBD94BA` `TrendMicro-HouseCall: TROJ_GEN.R002H09AF26` `VIPRE: Trojan.GenericKDZ.115081` `Varist: W64/ABTrojan.ICUE-7101` `ViRobot: Trojan.Win.Z.Agent.914344.J` `Webroot: W32.Malware.Gen` `Zillya: Trojan.GameHack.Win64.3806`

Hashes

MD5	`5ad5fbbd94bac73e9885eecb7da54002`
SHA1	`7d4341bbe8b16a5fc20d3371420ceb341db7584d`
SHA256	`f2dc6fbb679bbae594e8d89d1cce8b28da81f0f3ebd634a34d54368e5cf5c07c`
SHA3	`c7bfd6e12241681928975fdc5d97c791045943f514411159d1d56cafe3c628cd`
SSDeep	`12288:tMTKG03U5kRWnxT52treTbeo5YsJ8Qp7Zk/uP2lIy:WTKG0ykKxT5aeTbeo5XPptk/uelIy`
Imports Hash	`365e642f3e1cc345bc7f6d7709fe1049`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Oct-29 15:13:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x37e00`
SizeOfInitializedData	`0xd0400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001D580 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x10d000`
SizeOfHeaders	`0x400`
Checksum	`0xeb9d5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`76fc596c695a1f37345d04d562aaf519`
SHA1	`963b91d80ce54b1fdd4a0cad6afb56723e066671`
SHA256	`63384b7634458424cca65fd81c42e67731dc34e9ab86de37b78651c095f776ef`
SHA3	`1811b1c582657a33e1e5ce0765244a001042527c4dddb18ae58c0e3a884d126e`
VirtualSize	`0x37ccc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x37e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41881`

.rdata

MD5	`835f984c3a5eb8ed32c538b331efd545`
SHA1	`a2d38a3177380fde3b869ac781efbab75713f864`
SHA256	`8f0970ffe689c1fcede4817359f0503c50c98204c5dd99f28045f2421f314a54`
SHA3	`1469f8dfc40da74c13baf6adefba1ea58f330c23b3cd7d2d8281ce025b6092cb`
VirtualSize	`0x1697a`
VirtualAddress	`0x39000`
SizeOfRawData	`0x16a00`
PointerToRawData	`0x38200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.08022`

.data

MD5	`c40f7d0e39b1f7c5a8b052942872d38b`
SHA1	`b12951162b992f102f4df17a83fe91a55836e5f2`
SHA256	`ed83b376e7eda39bc87aa2e1757456e5b56031b34bfc95e293631fd0ea2e19a4`
SHA3	`1a341b61c9b3d589fe50a91284068b029dd7687c0f61d21809175c8fff62bf4a`
VirtualSize	`0x2b4fc`
VirtualAddress	`0x50000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x4ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.06773`

.pdata

MD5	`13f5673801c2d35e9fa63bd26fccc1c3`
SHA1	`e95bc059e90b8f30deb0d8b0e76b48a4b93a1fa6`
SHA256	`0acd1a06baa0480cf184e0c5190ae64eceec394556e109d15dec8c6c7a8478d6`
SHA3	`a8070cbe7d5e36b49184eff7da847a50cbb688895c91527973c32045141c7a83`
VirtualSize	`0x3294`
VirtualAddress	`0x7c000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x50600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.48268`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x80000`
SizeOfRawData	`0x200`
PointerToRawData	`0x53a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`0227dc156e2181e4897050504b650c47`
SHA1	`e346b21bf34f4cbb333e6ddbd1304419b42cbbe4`
SHA256	`194d52ad820128c39af826bd06e3c6b2b4a5d9a09fd4724fc3b4c3c9fc3d730b`
SHA3	`a393867da0582a1eba2c79489ee7decb62a040c5d833c7e989543f330273985f`
VirtualSize	`0x8a03d`
VirtualAddress	`0x81000`
SizeOfRawData	`0x8a200`
PointerToRawData	`0x53c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36503`

.reloc

MD5	`526faabe8738b9f964f6ca51229f4293`
SHA1	`1c369ae86fdbf7813aa8f51663f6519807bc5522`
SHA256	`e5f47358f5918a19709693ae277787c05160326321759a5aa78e787531439296`
SHA3	`319a976d8c604595db6eb64d998d196c9ebfb41d4f1d6ad77f213d58d3d7df5c`
VirtualSize	`0xa8c`
VirtualAddress	`0x10c000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xdde00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.14933`

Imports

USER32.dll	`MessageBoxA`
KERNEL32.dll	`VirtualAllocEx` `WriteProcessMemory` `VirtualFreeEx` `GetModuleFileNameW` `GetModuleHandleW` `CreateRemoteThread` `FormatMessageA` `SetEnvironmentVariableA` `SetEnvironmentVariableW` `GetCurrentProcessId` `TerminateProcess` `ResumeThread` `CreateProcessW` `WriteConsoleW` `WaitForSingleObject` `SetLastError` `GetLastError` `CloseHandle` `SetEndOfFile` `LoadLibraryW` `LocalFree` `GetLocaleInfoEx` `QueryPerformanceCounter` `QueryPerformanceFrequency` `Sleep` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `GetCurrentDirectoryW` `CreateFileW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `GetFullPathNameW` `AreFileApisANSI` `GetProcAddress` `GetFileInformationByHandleEx` `MultiByteToWideChar` `WideCharToMultiByte` `GetStringTypeW` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `RtlUnwind` `GetSystemTimeAsFileTime` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `RtlPcToFileHeader` `RaiseException` `RtlUnwindEx` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetModuleHandleExW` `ExitProcess` `GetStdHandle` `WriteFile` `HeapFree` `HeapAlloc` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `VirtualProtect` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `ReadFile` `GetFileSizeEx` `SetFilePointerEx` `ReadConsoleW` `HeapReAlloc` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `SetStdHandle` `HeapSize`
ADVAPI32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegDeleteKeyW` `RegCreateKeyExW` `RegCloseKey` `RegSetValueExW`

Delayed Imports

SOURCE_CONTROL_ID

Type	`SCID`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.95021`
MD5	`b4f6bc541faccef222d975874c899b50`
SHA1	`58e0e5df12c1279c1a2f6a610f3de274d3ae8cb5`
SHA256	`07b46b5ce9d2dc257fcbd24a26c8d1146d73e1f4f1e0439076d11183ab931a98`
SHA3	`ec80b28420a1acca1406fdcde0e8176fc28a7006244e02d5d0cf5a37a1d61c94`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36694`
MD5	`998fd37f34212dd3a160fc6ccb407d6a`
SHA1	`3378d0f4025eba8a5f06f3dddd7d4e32041ece6e`
SHA256	`1fc43e507bb89b5653d75701cea09256053f478785673e1eb508da281d439db8`
SHA3	`38bd56adafe433bcf8492adf478f7b6407c22027d14ba1c67638a67e5a1fb89f`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28163`
MD5	`6efda986a44e63b487110965dc6302b0`
SHA1	`19776fb11d45479a297b6313b510393790d66f2b`
SHA256	`e8f37b39ca74791e6b07d2a4f1ce68211c1f134ae5a4e5ed28a78a442105470e`
SHA3	`ab37eba1472ca48214a561e557dd1a6761e632acadc1fa423adcf0e7e80e8b34`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.34067`
MD5	`b23a5aa1236bba48e092974746e33778`
SHA1	`87ae33a716c8795310c3c301ceb9dfb01a0bf6b6`
SHA256	`37eb75d40357310c359bf91ae0f4830b511d14b37f0b365651344a02bdcbede8`
SHA3	`e49936412cbbbd762f4324f361df697209935215edd3c1a7fdffd454209e5c47`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.39461`
MD5	`d90fb455170ff71abd0f70ef3f1ca593`
SHA1	`370e4b0d707684544e3ecc12510a29f51bae0b5b`
SHA256	`8f4c92b729845e6328b8a0b18e120b8f63ca22e6c3128ea6327824663c1921b2`
SHA3	`b6b32845d94d86c1f2e909e3ea3151fc10bfe31ef27140af358be3aca78fb9cc`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.5251`
MD5	`3dc71c3feaf4e4638684c23da2b771df`
SHA1	`d47c670e84f7b27a3ba42cb3d72a889b61a53210`
SHA256	`3608ed81160bcb9e110f47cc4c44c77cf0c3cbe23b2b4a90961dff4c46b8af06`
SHA3	`c390ceaf021f49225956b29d4448fae9641af45f781ab403955cfb0e3922c728`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6057`
MD5	`620e51077835a734d2dffac31bceaa76`
SHA1	`bdefde8e6f8e1cbcf0a39c83d2b639bdf90de9d7`
SHA256	`c9953a87eda7090bfb160acb7f223c88bdf815bec280f464af33dafab8af8cb8`
SHA3	`ac28b1c49ab2489411b83d7a6c7f05afe92a762a6466089339c33afc5a6290ae`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.81327`
MD5	`acaf926604ac815f325c2172c8092f91`
SHA1	`b4bb20dab1c2145a17eee090113a1d7c779da0fe`
SHA256	`ae0ce024a285c3233064a8ea569a485526c57cf657bf811e6b0aa5dade548477`
SHA3	`d4b600178207876b065070377c0abaf221bc1ae3a95880d8007e352427ff545d`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95549`
MD5	`51dde2e6bba5a2be2fb195c6e066805a`
SHA1	`4c0e8d4b5d38144ccb4ebab20361c51764f5ef12`
SHA256	`1b0d4bf7a5f96f90618ea0c866fa5d93a1a8faae7ffa883a416c3906663c46d6`
SHA3	`3aa2404c94b1dbcdcddc56ff08a6aad701eb0fb4759e8fc0adb68bb6b2809477`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17584`
MD5	`53eb0005a4b033c4317fcfb79f36830a`
SHA1	`28b981df9798817d0256b0ce23a95b3e21b7e09f`
SHA256	`a6208ce41df096a3869ee4a6c4026ec33267760ce01d910e7690e265122416a8`
SHA3	`594dc8d7f1e289684ea88355680ed6d0acd6f38c426dfbeb32969a242c0fd366`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42788`
MD5	`0f33b0c4be60d21fddb3b77f517dddfe`
SHA1	`4cd3f1296b1405ce95b9703235ea2caaf7d70405`
SHA256	`5231504016fae38511a580b925ffc2100fdbc5b412377b65d682e9bd12889690`
SHA3	`dcf88802e5f832fd96116f5e95f7349d4fe6bd95e8d17cbda5228fb67c2c49e1`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32137`
MD5	`7f5710f272d616aa9a40b65cecd5c1cc`
SHA1	`9c4d1459be754f3c18a9d1f931e32c996b23d9e5`
SHA256	`917aec2cabe0f29377d328d7e7e956c0ab2065565c1ddfa46b24ebf682856103`
SHA3	`fa28470225ae684dad80adbba635b23a697638d67d1a34c048526d26b31b10f6`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Oct-29 15:13:18
Version	`0.0`
SizeofData	`1036`
AddressOfRawData	`0x49b7c`
PointerToRawData	`0x48d7c`

TLS Callbacks

StartAddressOfRawData	`0x140049fd0`
EndAddressOfRawData	`0x140049fd1`
AddressOfIndex	`0x14007a290`
AddressOfCallbacks	`0x140039508`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140050300`

RICH Header

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.
[*] Warning: Multiple nodes using the name Version Info in a dictionary.

Leave a comment

No comments yet.