UAP2[.]0[.]2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UAP2.0.2.exe
Size

484.7MB
MD5

5174fcb0950214cd75f6edf733f6c828
SHA1

19a2897acae9b2ea21c1f80ba59d45bc78421d4f
SHA256

8cc3e89859a0d669910483622741180c1f60a605bbb924f65c60df18ddd8dc1c
SHA512

2b2075d33aa6c0e115480bc85e5df39d3dbc914ce10f8abb88a5a7193f363a21f91ba99da923b5f87f5f1f42e70586a4283663159ec0ce7367eac46825148aeb
SSDEEP

12582912:KpTF7ihIlRZM4wJCcxLeeyZ/3UwUzArOWTePegx3A:KpTF7YIRtwJCcxLeeQ/RgGgxw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/EnginePatcher/weidu.exe	upx
static1/unpack001/HighRes/weidu.exe	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
UAP2.0.2.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Arcanum.exe
unpack001/EnginePatcher/weidu.exe
unpack002/out.upx
unpack001/HighRes/Files/ddraw.dll
unpack001/HighRes/weidu.exe
unpack003/out.upx
unpack001/RemoveProtos.exe
unpack001/ScrMaker.exe
unpack001/WorldEd.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

UAP2.0.2.exe
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arcanum.exe
.exe windows:4 windows x86 arch:x86

2f30c260b7aee5d7f7fbccb371a5e5c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateClipper
DirectDrawCreateEx

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

binkw32

_BinkOpen@8
_BinkClose@4
_BinkOpenMiles@4
_BinkSetSoundSystem@8
_BinkDDSurfaceType@4
_BinkSetSoundTrack@4
_BinkNextFrame@4
_BinkDoFrame@4
_BinkCopyToBuffer@28
_BinkWait@4

dinput

DirectInputCreateA

kernel32

HeapDestroy
GetOEMCP
GetStringTypeA
UnhandledExceptionFilter
FindNextFileA
GetLocaleInfoA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalMemoryStatus
GetCommandLineA
SetConsoleTitleA
AllocConsole
WriteConsoleA
GetStdHandle
OutputDebugStringA
CopyFileA
GetModuleFileNameA
SetFilePointer
CloseHandle
CreateFileA
ReadFile
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
HeapReAlloc
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
DeleteFileA
MoveFileA
WriteFile
GetFileType
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFullPathNameA
CreateDirectoryA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetEnvironmentVariableA
GetVersionExA
FlushFileBuffers
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
IsBadWritePtr
GetCPInfo
HeapSize
RemoveDirectoryA
SetStdHandle
GetStringTypeW
SetEndOfFile
GetFileAttributesA
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringA
GetCurrentDirectoryA
GetDriveTypeA
CompareStringW

user32

GetClientRect
MessageBoxA
GetSystemMetrics
GetForegroundWindow
ShowCursor
ReleaseDC
GetDC
CreateWindowExA
AdjustWindowRectEx
LoadMenuA
RegisterClassA
LoadCursorA
LoadIconA
PostMessageA
GetKeyState
DispatchMessageA
TranslateMessage
PeekMessageA
DefWindowProcA
GetUpdateRect
ClientToScreen

gdi32

BitBlt
TextOutA
GetStockObject
GetPixel
SetPixel

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoCreateGuid

mss32

_AIL_quick_startup@20
_AIL_quick_shutdown@0
_AIL_quick_handles@12
_AIL_set_redist_directory@4
_AIL_start_stream@4
_AIL_quick_set_volume@12
_AIL_set_stream_volume@8
_AIL_quick_unload@4
_AIL_close_stream@4
_AIL_quick_play@8
_AIL_quick_load_mem@8
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_stream_status@4
_AIL_digital_handle_release@4
_AIL_digital_handle_reacquire@4
_AIL_quick_status@4

shell32

ShellExecuteA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arcanum4.dat
Arcanum5.dat
ArcanumXAmbient.dat
ArcanumXAnims1Base.dat
ArcanumXAnims2Dupes.dat
ArcanumXAnims3UAP.dat
Documents/Arcanum Key Mappings.txt
Documents/Cheat Mode.txt
Documents/Command Line.txt
Documents/UAP Credits.txt
Documents/UAP Readme.txt
Documents/portrait.txt
EULA PATCH.txt
EnginePatcher/LevelCap100.bat
EnginePatcher/LevelCap100.tp2
EnginePatcher/MasterEducator.bat
EnginePatcher/MasterEducator.tp2
EnginePatcher/NoCombatMusic.bat
EnginePatcher/NoCombatMusic.tp2
EnginePatcher/NoXPPerHit.bat
EnginePatcher/NoXPPerHit.tp2
EnginePatcher/weidu.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 960KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1010KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exptbl
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HighRes/Files/ArcanumZHighRes.dat
HighRes/Files/ArcanumZHighResBorders.dat
HighRes/Files/HighRes.tp2
HighRes/Files/Scripts/Base.tph
HighRes/Files/Scripts/CharEdit.tph
HighRes/Files/Scripts/CompactUI.tph
HighRes/Files/Scripts/Dialog.tph
HighRes/Files/Scripts/FollowerUI.tph
HighRes/Files/Scripts/IntBottom.tph
HighRes/Files/Scripts/IntTop.tph
HighRes/Files/Scripts/Inventory.tph
HighRes/Files/Scripts/MainMenu.tph
HighRes/Files/Scripts/MainMenuFS.tph
HighRes/Files/Scripts/Map.tph
HighRes/Files/Scripts/MapBig.tph
HighRes/Files/Scripts/Misc.tph
HighRes/Files/Scripts/Multiplayer.tph
HighRes/Files/Scripts/Q_EnginePatcher.tph
HighRes/Files/Scripts/Slides.tph
HighRes/Files/Scripts/Splash.tph
HighRes/Files/Scripts/VicinityChecks.tph
HighRes/Files/Scripts/Written.tph
HighRes/Files/Scripts/config_default.ini
HighRes/Files/ddraw.dll
.dll windows:6 windows x86 arch:x86

d608f9c4363faac96ef3743aa3eb4c33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Development\DDrawCompat\Release\ddraw.pdb

Imports

msimg32

TransparentBlt
GradientFill
AlphaBlend

psapi

EnumProcessModules

uxtheme

SetThemeAppProperties

dwmapi

DwmSetWindowAttribute

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

kernel32

WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
SetEndOfFile
SetFilePointerEx
GetModuleHandleW
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
ReadConsoleW
HeapReAlloc
VirtualQuery
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
GetLastError
SignalObjectAndWait
WaitForMultipleObjectsEx
WaitForSingleObjectEx
GetTickCount
SwitchToThread
lstrcmpiW
OpenEventW
SetEvent
GetCurrentThread
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
SetLastError
GetCurrentProcessId
SetProcessAffinityMask
GetSystemDirectoryA
SetProcessPriorityBoost
GetEnvironmentVariableA
TerminateThread
Sleep
GetProcessHeap
HeapFree
HeapAlloc
SetThreadPriority
CreateThread
WaitForSingleObject
QueryPerformanceCounter
CloseHandle
LoadLibraryW
GetCurrentProcess
QueryPerformanceFrequency
LoadLibraryA
GetProcAddress
GetModuleHandleExA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
VirtualProtect
GetLocalTime
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
HeapSize
WriteConsoleW

user32

ChangeDisplaySettingsExA
ChangeDisplaySettingsA
SetWindowLongA
RemovePropA
SetPropA
PostMessageA
GetWindow
SetWindowRgn
SetWindowPos
SetLayeredWindowAttributes
UpdateLayeredWindowIndirect
UpdateLayeredWindow
ShowWindow
IsWindow
RegisterClassA
PostQuitMessage
SendNotifyMessageA
DispatchMessageA
TranslateMessage
GetMessageA
GetActiveWindow
IsZoomed
ScrollWindowEx
ScrollWindow
GetScrollBarInfo
PtInRect
GetCursorPos
GetSystemMetrics
GetCapture
GetAsyncKeyState
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
ChangeDisplaySettingsExW
EnumDisplaySettingsExA
SetWindowsHookExA
GetClassNameA
SetWindowLongW
GetWindowLongW
SetCursor
GetClientRect
EndPaint
BeginPaint
SetMenuItemInfoW
IsWindowUnicode
DefDlgProcW
DefDlgProcA
CreateWindowExW
CallWindowProcA
DefWindowProcW
DefWindowProcA
GetWindowInfo
EnumDisplaySettingsExW
GetClassLongA
InvertRect
FrameRect
FillRect
DrawFocusRect
GetWindowRect
ScrollDC
GetWindowRgn
PaintDesktop
TabbedTextOutW
TabbedTextOutA
DrawStateW
DrawStateA
GrayStringW
GrayStringA
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawIcon
SendMessageA
DrawCaption
DrawFrameControl
DrawEdge
GetAncestor
GetDesktopWindow
GetGUIThreadInfo
UnhookWinEvent
SetWinEventHook
GetCaretBlinkTime
GetWindowThreadProcessId
EnumWindows
SetClassLongA
GetWindowLongA
ClientToScreen
RedrawWindow
WindowFromDC
IsIconic
IsWindowVisible
DestroyWindow
CreateWindowExA
SystemParametersInfoW
SystemParametersInfoA
SetProcessDPIAware
GetWindowDC
ReleaseDC
GetDC
EqualRect
OffsetRect
IntersectRect
EnumDisplayMonitors
GetMonitorInfoA
MonitorFromPoint
IsRectEmpty
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
DrawIconEx

gdi32

PolyPolygon
PaintRgn
Pie
PlgBlt
MaskBlt
LineTo
InvertRgn
GetPixel
GetDIBits
FrameRgn
FillRgn
ExtFloodFill
Ellipse
DrawEscape
CreateRectRgnIndirect
CreateDIBitmap
CreateDiscardableBitmap
CreateCompatibleBitmap
CombineRgn
Chord
Arc
GetDCOrgEx
SetBrushOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
GetArcDirection
SetArcDirection
SetWorldTransform
GetWorldTransform
SetTextAlign
SetTextColor
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetBkMode
SetDCPenColor
SetDCBrushColor
SetBkColor
SelectPalette
SetMetaRgn
ExtSelectClipRgn
SaveDC
RestoreDC
GetWindowOrgEx
GetWindowExtEx
GetViewportOrgEx
GetViewportExtEx
GetTextColor
GetTextAlign
GetTextCharacterExtra
GetStretchBltMode
GetPolyFillMode
GetMapMode
GetGraphicsMode
GetCurrentPositionEx
GetClipRgn
GetBrushOrgEx
Rectangle
GetDCPenColor
GetDCBrushColor
GetBkColor
GetROP2
PatBlt
GetObjectType
GetDeviceCaps
GetObjectA
SelectObject
GetCurrentObject
DeleteObject
CreateFontIndirectA
SelectClipRgn
BitBlt
GetRegionData
GetRandomRgn
ExtCreateRegion
D3DKMTCreateDCFromMemory
D3DKMTGetDeviceState
D3DKMTSetGammaRamp
D3DKMTWaitForVerticalBlankEvent
D3DKMTCloseAdapter
D3DKMTOpenAdapterFromHdc
D3DKMTQueryAdapterInfo
D3DKMTPresent
D3DKMTDestroyContext
D3DKMTCreateContext
DeleteDC
CreateDCA
D3DKMTReleaseProcessVidPnSourceOwners
SetPixel
SetPixelV
StretchBlt
StretchDIBits
GdiAlphaBlend
GdiTransparentBlt
GdiGradientFill
AngleArc
PolyPolyline
ArcTo
PolyDraw
TextOutA
TextOutW
ExtTextOutA
ExtTextOutW
PolyTextOutA
PolyTextOutW
LPtoDP
Polygon
Polyline
PolyBezier
PolyBezierTo
PolylineTo
CreateCompatibleDC
GetPaletteEntries
GetStockObject
GetSystemPaletteEntries
GetSystemPaletteUse
RealizePalette
SetSystemPaletteUse
CreateRectRgn
ExcludeClipRect
GetRgnBox
CreateDIBSection
SetDIBColorTable
RoundRect
SetDIBits
GetBkMode
OffsetRgn
SetDIBitsToDevice

advapi32

RegQueryValueExA
RegGetValueA
RegGetValueW

Exports

Exports

AcquireDDThreadLock
CompleteCreateSysmemSurface
D3DParseUnknownCommand
DCIBeginAccess
DCICloseProvider
DCICreateOffscreen
DCICreateOverlay
DCICreatePrimary
DCIDestroy
DCIDraw
DCIEndAccess
DCIEnum
DCIOpenProvider
DCISetClipList
DCISetDestination
DCISetSrcDestClip
DDGetAttachedSurfaceLcl
DDInternalLock
DDInternalUnlock
DSoundHelp
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW
DllCanUnloadNow
DllGetClassObject
GetDCRegionData
GetDDSurfaceLocal
GetOLEThunkData
GetSurfaceFromDC
GetWindowRegionData
RegisterSpecialCase
ReleaseDDThreadLock
SetAppCompatData
WinWatchClose
WinWatchDidStatusChange
WinWatchGetClipList
WinWatchNotify
WinWatchOpen

Sections

.text
Size: 795KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HighRes/Files/maps/0_dirt.sec
HighRes/Files/maps/Arcanum1-024-fixed/G_8E1D1951_11EC_4313_A552_B61A8B5B4C4C.mob
HighRes/Files/maps/ShopMap/0.sec
HighRes/Files/maps/ShopMap/G_6DAE2D90_6C4D_11D4_8F1D_00A0CC6511C6.mob
HighRes/Files/maps/ShopMap/G_8E5D58D4_AFA1_475B_A49E_7A1FB9D66126.mob
HighRes/Files/soundparams.mes
HighRes/_install.bat
HighRes/_uninstall.bat
HighRes/config.ini
HighRes/weidu.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 960KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1010KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exptbl
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Modules/Arcanum.PATCH0
PatchReadme.txt
RemoveProtos.exe
.exe windows:4 windows x86 arch:x86

29b5b25a5c782618eb4d24985b73fbd7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
DeleteFileA
FindNextFileA
FindClose
FindFirstFileA
UnhandledExceptionFilter
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
GetCPInfo
CloseHandle
WriteFile
ReadFile
SetUnhandledExceptionFilter
HeapSize
GetProcAddress
RemoveDirectoryA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
FlushFileBuffers
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileA
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile
GetLocaleInfoW

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ScrMaker.exe
.exe windows:4 windows x86 arch:x86

22d07a4a59285f6089dd502a28cd4a61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CheckDlgButton
GetDlgItemTextA
IsDlgButtonChecked
TranslateAcceleratorA
DialogBoxParamA
GetDlgItemInt
DispatchMessageA
TranslateMessage
MapDialogRect
ScreenToClient
SetFocus
CreateWindowExA
MoveWindow
GetDlgItem
SetDlgItemTextA
DestroyWindow
SendMessageA
LoadAcceleratorsA
DefWindowProcA
PostQuitMessage
EndDialog
SetWindowTextA
SetWindowLongA
ShowWindow
CallWindowProcA
SendDlgItemMessageA
GetParent
GetWindowLongA
MessageBoxA
GetSystemMetrics
GetWindowRect
GetClientRect
ReleaseDC
GetDC
PostMessageA
ShowCursor
PeekMessageA
GetUpdateRect
ClientToScreen
LoadMenuA
GetForegroundWindow
LoadIconA
AdjustWindowRectEx
LoadCursorA
RegisterClassA
GetKeyState

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

ShellExecuteA

ddraw

DirectDrawCreateEx
DirectDrawCreateClipper

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

binkw32

_BinkDDSurfaceType@4
_BinkOpenMiles@4
_BinkClose@4
_BinkOpen@8
_BinkSetSoundTrack@4
_BinkSetSoundSystem@8
_BinkNextFrame@4
_BinkCopyToBuffer@28
_BinkDoFrame@4
_BinkWait@4

dinput

DirectInputCreateA

kernel32

FreeEnvironmentStringsW
RtlUnwind
VirtualAlloc
WideCharToMultiByte
CloseHandle
CreateFileA
GetStringTypeW
RemoveDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetStdHandle
HeapSize
FlushFileBuffers
GetStringTypeA
MultiByteToWideChar
LCMapStringW
LCMapStringA
GetLocaleInfoA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
LocalFree
FormatMessageA
GetCommandLineA
SetConsoleTitleA
AllocConsole
WriteConsoleA
GetStdHandle
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalMemoryStatus
GetModuleFileNameA
VirtualFree
SetFilePointer
GetCPInfo
GetACP
ReadFile
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
DeleteFileA
MoveFileA
WriteFile
GetFileType
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateDirectoryA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetOEMCP
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

gdi32

GetStockObject
GetCharWidthA
GetTextMetricsA
SetPixel
TextOutA
GetPixel

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoCreateGuid

comctl32

ord16

mss32

_AIL_quick_play@8
_AIL_quick_startup@20
_AIL_set_redist_directory@4
_AIL_quick_shutdown@0
_AIL_quick_status@4
_AIL_start_stream@4
_AIL_quick_set_volume@12
_AIL_set_stream_volume@8
_AIL_quick_unload@4
_AIL_close_stream@4
_AIL_stream_status@4
_AIL_quick_load_mem@8
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_quick_handles@12
_AIL_digital_handle_release@4
_AIL_digital_handle_reacquire@4

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Sierra.inf
SierraUp.cfg
Version.txt
WorldEd.exe
.exe windows:4 windows x86 arch:x86

b102dc411289d7f26e7a1f7810097bdf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetLocalTime
GlobalLock
GlobalAlloc
GetCurrentDirectoryA
GlobalUnlock
CreateMutexA
SetFilePointer
GetFullPathNameA
CreateDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RaiseException
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetEnvironmentStringsW
FindNextFileA
GetFileType
WriteFile
MoveFileA
DeleteFileA
GetSystemTime
GetTimeZoneInformation
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetStartupInfoA
RemoveDirectoryA
SetEnvironmentVariableA
FindFirstFileA
GetModuleHandleA
HeapReAlloc
HeapFree
FormatMessageA
LocalFree
ReadFile
CreateFileA
CloseHandle
CompareStringW
CompareStringA
GetDriveTypeA
HeapSize
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetCurrentProcessId
GetFileAttributesA
LCMapStringW
LCMapStringA
RtlUnwind
SetHandleCount
SetConsoleTitleA
GetCommandLineA
HeapAlloc
GetLastError
AllocConsole
GetLocaleInfoA
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
EnterCriticalSection
GlobalMemoryStatus
WriteConsoleA
GetStdHandle
OutputDebugStringA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection

user32

GetWindowRect
PtInRect
ClientToScreen
GetAsyncKeyState
SetWindowPlacement
GetWindowPlacement
GetDlgItemInt
LoadImageA
EnableWindow
ShowWindow
GetWindowTextA
FrameRect
FillRect
InvalidateRect
GetSysColor
UpdateWindow
SetDlgItemTextA
GetDlgItemTextA
EnableMenuItem
SetTimer
DefDlgProcA
GetDC
ReleaseDC
GetMenu
OffsetRect
LoadMenuA
GetSubMenu
ModifyMenuA
AppendMenuA
TrackPopupMenu
DestroyMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadCursorA
SetCursor
GetMenuItemInfoA
SetMenuItemInfoA
DefWindowProcA
TranslateAcceleratorA
CreateWindowExA
SystemParametersInfoA
PostQuitMessage
LoadAcceleratorsA
SetRectEmpty
IsDialogMessageA
PostMessageA
SetScrollPos
GetSysColorBrush
GetDlgItem
GetWindowLongA
EndDialog
MessageBoxA
SetWindowTextA
SetCapture
ReleaseCapture
SendMessageA
SetWindowPos
GetClientRect
SetFocus
CreateDialogParamA
DestroyWindow
DialogBoxParamA
GetForegroundWindow
ShowCursor
AdjustWindowRectEx
GetSystemMetrics
RegisterClassA
LoadIconA
DispatchMessageA
TranslateMessage
PeekMessageA
GetUpdateRect
GetKeyState
IsDlgButtonChecked
SendDlgItemMessageA
IntersectRect
MapDialogRect
CheckRadioButton
SetWindowLongA
CallWindowProcA
CheckDlgButton
SetDlgItemInt
GetParent
ScreenToClient
EnableScrollBar
EndPaint
SetScrollRange
GetScrollPos
BeginPaint

gdi32

DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetPixel
GetPixel
DeleteObject
TextOutA
GetCharWidthA
SetBkColor
GetTextMetricsA
BitBlt
CreateSolidBrush
LineTo
GetStockObject
SelectObject
ExtCreatePen
MoveToEx

comdlg32

ChooseColorA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

comctl32

ord16
PropertySheetA

ddraw

DirectDrawCreateEx
DirectDrawCreateClipper

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

binkw32

_BinkSetSoundSystem@8
_BinkOpen@8
_BinkOpenMiles@4
_BinkClose@4
_BinkNextFrame@4
_BinkSetSoundTrack@4
_BinkDDSurfaceType@4
_BinkWait@4
_BinkCopyToBuffer@28
_BinkDoFrame@4

dinput

DirectInputCreateA

ole32

CoCreateGuid

mss32

_AIL_close_stream@4
_AIL_quick_startup@20
_AIL_set_redist_directory@4
_AIL_quick_shutdown@0
_AIL_quick_status@4
_AIL_start_stream@4
_AIL_quick_set_volume@12
_AIL_set_stream_volume@8
_AIL_quick_unload@4
_AIL_quick_handles@12
_AIL_quick_play@8
_AIL_quick_load_mem@8
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_stream_status@4
_AIL_digital_handle_release@4
_AIL_digital_handle_reacquire@4

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/sound/music/Arcanum.mp3
data/sound/music/Caladon.mp3
data/sound/music/Caladon_Catacombs.mp3
data/sound/music/Cities.mp3
data/sound/music/Combat 1.mp3
data/sound/music/Combat 2.mp3
data/sound/music/Combat 3.mp3
data/sound/music/Combat 4.mp3
data/sound/music/Combat 5.mp3
data/sound/music/Combat 6.mp3
data/sound/music/CombatMusic.mp3
data/sound/music/Dungeons.mp3
data/sound/music/DwarvenMusic.mp3
data/sound/music/Interlude.mp3
data/sound/music/Isle_of_Despair.mp3
data/sound/music/Kerghan.mp3
data/sound/music/Mines.mp3
data/sound/music/Qintara.mp3
data/sound/music/Tarant.mp3
data/sound/music/Tarant_Sewers.mp3
data/sound/music/Towns.mp3
data/sound/music/Tulla.mp3
data/sound/music/Vendegoth.mp3
data/sound/music/Villages.mp3
data/sound/music/Void.mp3
data/sound/music/Wilderness.mp3
modules/Arcanum.PATCH1
modules/Arcanum.PATCH9
modules/BuriedSecrets.PATCH9
modules/BuriedSecrets.dat
modules/Deathmatch.PATCH9
modules/Deathmatch.dat
modules/Dusty Dunes.PATCH9
modules/Dusty Dunes.dat
modules/Hellgate.PATCH9
modules/Hellgate.dat
modules/LostDungeonofSouls.DAT
modules/Time.PATCH9
modules/Time.dat
modules/Vormantown.PATCH9
modules/Woodmir Race.PATCH9
modules/Woodmir Race.dat

Sharing

General

Malware Config

Signatures

Files

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 84KB

.rsrc Size: 55KB - Virtual size: 54KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 628B

2f30c260b7aee5d7f7fbccb371a5e5c5

Headers

File Characteristics

Imports

ddraw

winmm

binkw32

dinput

kernel32

user32

gdi32

advapi32

ole32

mss32

shell32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 216KB - Virtual size: 1.6MB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 84KB - Virtual size: 82KB

Headers

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 84KB

.rsrc
Size: 55KB - Virtual size: 54KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 628B

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 216KB - Virtual size: 1.6MB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 84KB - Virtual size: 82KB

UPX0
Size: - Virtual size: 5.3MB

UPX1
Size: 960KB - Virtual size: 964KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 1010KB - Virtual size: 1010KB

.data
Size: 4.6MB - Virtual size: 4.6MB

.exptbl
Size: 495KB - Virtual size: 494KB

.rdata
Size: 25KB - Virtual size: 25KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.text
Size: 795KB - Virtual size: 794KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 7KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 61KB - Virtual size: 61KB

UPX0
Size: - Virtual size: 5.3MB

UPX1
Size: 960KB - Virtual size: 964KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 1010KB - Virtual size: 1010KB

.data
Size: 4.6MB - Virtual size: 4.6MB

.exptbl
Size: 495KB - Virtual size: 494KB

.rdata
Size: 25KB - Virtual size: 25KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 22KB