PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 3,33 MBSHA-256 Hash: 35FB3B8F87674C0BC0A235774BA7916715ED2EFFF2B114CF8F0C35EBAA277B18 SHA-1 Hash: 691E4C1E95A52273105678A98BDFFAD303E2402C MD5 Hash: 403A207D573E30DDCBE665BD8240F8DC Imphash: 9E644CAF903BE94B1E69B7604209EDC2 MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 0035BB1B EntryPoint (rva): 17901D SizeOfHeaders: 1000 SizeOfImage: 1A62000 ImageBase: 400000 Architecture: x86 ImportTable: 184FE8 Characteristics: 10F TimeDateStamp: 3D6B922B Date: 27/08/2002 14:52:27 File Type: EXE Number Of Sections: 4 ASLR: Disabled Section Names: .text, .rdata, .data, .rsrc Number Of Executable Sections: 2 Subsystem: Windows GUI [Incomplete Binary or Compressor Packer - 23,05 MB Missing] |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
1000 | 183000 | 1000 | 182A04 |
|
|
| .rdata | 0xC0000040 Initialized Data Readable Writeable |
184000 | 3000 | 184000 | 20E1 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
187000 | 10A000 | 187000 | 1814C3C |
|
|
| .rsrc | 0xE0000000 Executable Readable Writeable |
291000 | C23F7 | 199C000 | C53F7 |
|
|
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 17901D Code -> 558BEC6AFF6800475800682CEC570064A100000000506489250000000083EC585356578965E8FF15B440580033D28AD48915 Assembler |PUSH EBP |MOV EBP, ESP |PUSH -1 |PUSH 0X584700 |PUSH 0X57EC2C |MOV EAX, DWORD PTR FS:[0] |PUSH EAX |MOV DWORD PTR FS:[0], ESP |SUB ESP, 0X58 |PUSH EBX |PUSH ESI |PUSH EDI |MOV DWORD PTR [EBP - 0X18], ESP |CALL DWORD PTR [0X5840B4] |XOR EDX, EDX |MOV DL, AH |
| Signatures |
| Rich Signature Analyzer: Code -> 77167DF2337713A1337713A1337713A1DB6818A1347713A1486B1FA13A7713A16E5518A13A7713A1B06B1DA12A7713A16E5519A1B77713A1C9540AA1377713A1675423A1327713A1CC5717A1037713A1337713A1377713A1516800A1207713A1337712A1B17713A16C5518A12D7713A1F47115A1327713A152696368337713A1 Footprint md5 Hash -> 15C6AE2EFEFCD05AFBD960D56FDCD0AD • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual C ++ Detect It Easy (die) • PE: compiler: EP:Microsoft Visual C/C++(6.0 (1720-9782))[EXE32] • PE: compiler: Microsoft Visual C/C++(6.0)[libc] • PE: linker: Microsoft Linker(6.0*)[-] • Entropy: 4.47552 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| USER32.DLL | GetAsyncKeyState | Retrieves the status of a virtual key asynchronously. |
| SHELL32.DLL | ShellExecuteA | Performs a run operation on a specific file. |
| Windows REG |
| Software\GameSpy\GameSpy Arcade |
| File Access |
| aphex.exe .exe cmd.exe DDRAW.DLL WINMM.dll DPLAYX.dll binkw32.dll mss32.dll WSOCK32.dll ole32.dll SHELL32.dll ADVAPI32.dll comdlg32.dll GDI32.dll USER32.dll KERNEL32.dll .bat skmasters.dat .dat pc.txt fx\volume.txt |
| Interest's Words |
| exec attrib start pause comspec shutdown systeminfo ping route |
| Interest's Words (UNICODE) |
| <head <body <link <header |
| URLs |
| http://stronghold.godgames.com/buyit.php http://stronghold.godgames.com/crusader/ http://www.stronghold.de http://www.stronghold-game.com/ http://stronghold.godgames.com/crusader/buyit.php http://www.gatheringofdevelopers.com http://www.fireflyworlds.com |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindFirstFileA) |
| Text | Ascii | Reconnaissance (FindNextFileA) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (IsBadReadPtr) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Execution (CreateProcessA) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Antivirus Software (rising) |
| Text | Ascii | Malware that monitors and collects user data (Spy) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 5.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v6.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v6.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \CURSOR\1\1033 | 199C300 | 134 | 291300 | 010001002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\2\2057 | 199C450 | 134 | 291450 | 040004002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\3\2057 | 199C5A0 | 134 | 2915A0 | 010001002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \ICON\4\2057 | 199C6F0 | 128 | 2916F0 | 2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000000080000080 | (....... ......................................... |
| \ICON\5\2057 | 199C818 | 2E8 | 291818 | 2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \ICON\6\2057 | 199CB00 | 8A8 | 291B00 | 2800000020000000400000000100080000000000800400000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \DIALOG\108\2057 | 199D490 | 118 | 292490 | C008C09000000000030000000000B10047000000000043006F006E006E0065006300740020006F0072002000430072006500 | ................G.....C.o.n.n.e.c.t. .o.r. .C.r.e. |
| \DIALOG\129\2057 | 199D5A8 | BA | 2925A8 | C008C09000000000030000000000CF0097000000000043006F006E006E0065006300740069006F006E0020006D0065007400 | ......................C.o.n.n.e.c.t.i.o.n. .m.e.t. |
| \DIALOG\130\2057 | 199D3D8 | B6 | 2923D8 | C008C89000000000030000000000B900AA0000000000530065006C006500630074002000530065007300730069006F006E00 | ......................S.e.l.e.c.t. .S.e.s.s.i.o.n. |
| \GROUP_CURSOR\104\1033 | 199C438 | 14 | 291438 | 0000020001002000400001000100340100000100 | ...... .@.....4..... |
| \GROUP_CURSOR\105\2057 | 199C588 | 14 | 291588 | 0000020001002000400001000100340100000200 | ...... .@.....4..... |
| \GROUP_CURSOR\114\2057 | 199C6D8 | 14 | 2916D8 | 0000020001002000400001000100340100000300 | ...... .@.....4..... |
| \GROUP_ICON\101\2057 | 199D3A8 | 30 | 2923A8 | 00000100030010101000010004002801000004002020100001000400E802000005002020000001000800A80800000600 | ..............(..... ............ ............ |
| Intelligent String |
| • Null.wav • cmd.execommand.com/c • COMSPECWW • .com • .exe • .bat • .cmd • KERNEL32.dll • comdlg32.dll • General_Warning19.wav • Peasant_Male1.wav • Peasant_Male2.wav • Peasant_Male3.wav • Peasant_Male4.wav • Peasant_Male5.wav • Peasant_Male6.wav • Peasant_Male7.wav • Peasant_Male8.wav • Peasant_Male9.wav • Peasant_Male10.wav • Peasant_Male11.wav • Peasant_Male12.wav • Peasant_Male13.wav • Peasant_Male14.wav • Peasant_Male15.wav • Peasant_Male16.wav • Peasant_Male17.wav • Peasant_Male18.wav • Peasant_Male19.wav • Peasant_Male20.wav • Peasant_Male21.wav • Peasant_Male22.wav • Peasant_Male23.wav • Peasant_Male24.wav • Peasant_Male25.wav • Peasant_Male26.wav • Peasant_Male27.wav • Peasant_Male28.wav • Peasant_Male29.wav • Peasant_Male30.wav • Peasant_Male31.wav • Peasant_Male32.wav • Peasant_Male33.wav • Peasant_Male34.wav • Peasant_Male35.wav • Peasant_Male36.wav • Peasant_Male37.wav • Peasant_Male38.wav • Peasant_Male39.wav • Peasant_Male40.wav • Peasant_Male41.wav • Peasant_Male42.wav • Peasant_Male43.wav • Peasant_Male44.wav • Peasant_Male45.wav • Peasant_Male46.wav • Peasant_Male47.wav • Peasant_Male48.wav • Peasant_Male49.wav • Peasant_Male50.wav • Peasant_Male51.wav • Peasant_Male52.wav • Peasant_Male53.wav • Peasant_Male54.wav • Peasant_Male55.wav • Peasant_Male56.wav • Peasant_Male57.wav • Peasant_Male58.wav • Peasant_Male59.wav • Peasant_Male60.wav • Peasant_Male61.wav • Peasant_Male62.wav • Peasant_Male63.wav • Peasant_Male64.wav • Peasant_Male65.wav • Peasant_Male66.wav • Peasant_Male67.wav • Peasant_Male68.wav • Peasant_Male69.wav • Peasant_Male70.wav • Peasant_Male71.wav • Peasant_Male72.wav • Peasant_Male73.wav • Peasant_Male74.wav • Peasant_Male75.wav • Peasant_Male76.wav • Peasant_Male77.wav • Peasant_Male78.wav • Peasant_Male79.wav • Peasant_Male80.wav • Peasant_Male81.wav • Peasant_Male82.wav • Peasant_Male83.wav • Peasant_Male84.wav • Peasant_Male85.wav • Peasant_Male86.wav • Peasant_Male87.wav • Peasant_Male88.wav • Peasant_Male89.wav • Peasant_Male90.wav • Peasant_Male91.wav • Peasant_Male92.wav • Peasant_Male93.wav • Peasant_Male94.wav • Peasant_Male95.wav • Peasant_Male96.wav • Peasant_Male97.wav • Peasant_Male98.wav • Peasant_Male99.wav • Peasant_Male100.wav • Peasant_Male101.wav • Peasant_Male102.wav • Peasant_Male103.wav • Peasant_Male104.wav • Peasant_Male105.wav • Peasant_Male106.wav • Peasant_Male107.wav • Peasant_Male108.wav • Peasant_Male109.wav • Peasant_Male110.wav • Peasant_Male111.wav • Peasant_Male112.wav • Peasant_Male113.wav • Peasant_Male114.wav • Peasant_Male115.wav • Peasant_Male116.wav • Peasant_Male117.wav • Peasant_Male118.wav • Peasant_Male119.wav • Peasant_Male120.wav • Peasant_Female1.wav • Peasant_Female2.wav • Peasant_Female3.wav • Peasant_Female4.wav • Peasant_Female5.wav • Peasant_Female6.wav • Peasant_Female7.wav • Peasant_Female8.wav • Peasant_Female9.wav • Peasant_Female10.wav • Peasant_Female11.wav • Peasant_Female12.wav • Peasant_Female13.wav • Peasant_Female14.wav • Peasant_Female15.wav • Peasant_Female16.wav • Peasant_Female17.wav • Peasant_Female18.wav • Peasant_Female19.wav • Peasant_Female20.wav • Peasant_Female21.wav • Peasant_Female22.wav • Peasant_Female23.wav • Peasant_Female24.wav • Peasant_Female25.wav • Peasant_Female26.wav • Peasant_Female27.wav • Peasant_Female28.wav • Peasant_Female29.wav • Peasant_Female30.wav • Peasant_Female31.wav • Peasant_Female32.wav • Peasant_Female33.wav • Peasant_Female34.wav • Peasant_Female35.wav • Peasant_Female36.wav • Peasant_Female37.wav • Peasant_Female38.wav • Peasant_Female39.wav • Peasant_Female40.wav • Peasant_Female41.wav • Peasant_Female42.wav • Peasant_Female43.wav • Peasant_Female44.wav • Peasant_Female45.wav • Peasant_Female46.wav • Peasant_Female47.wav • Peasant_Female48.wav • Peasant_Female49.wav • Peasant_Female50.wav • Peasant_Female51.wav • Peasant_Female52.wav • Peasant_Female53.wav • Peasant_Female54.wav • Peasant_Female55.wav • Peasant_Female56.wav • Peasant_Female57.wav • Peasant_Female58.wav • Peasant_Female59.wav • Peasant_Female60.wav • Peasant_Female61.wav • Peasant_Female62.wav • Peasant_Female63.wav • Peasant_Female64.wav • Peasant_Female65.wav • Peasant_Female66.wav • Peasant_Female67.wav • Peasant_Female68.wav • Peasant_Female69.wav • Peasant_Female70.wav • Peasant_Female71.wav • Peasant_Female72.wav • Peasant_Female73.wav • Peasant_Female74.wav • Peasant_Female75.wav • Peasant_Female76.wav • Peasant_Female77.wav • Peasant_Female78.wav • Peasant_Female79.wav • Peasant_Female80.wav • Peasant_Female81.wav • Peasant_Female82.wav • Peasant_Female83.wav • Peasant_Female84.wav • Peasant_Female85.wav • Peasant_Female86.wav • Peasant_Female87.wav • Peasant_Female88.wav • Peasant_Female89.wav • Peasant_Female90.wav • Peasant_Female91.wav • Peasant_Female92.wav • Peasant_Female93.wav • Peasant_Female94.wav • Peasant_Female95.wav • Peasant_Female96.wav • Peasant_Female97.wav • Peasant_Female98.wav • Peasant_Female99.wav • Peasant_Female100.wav • Peasant_Female101.wav • Peasant_Female102.wav • Peasant_Female103.wav • Peasant_Female104.wav • Peasant_Female105.wav • Peasant_Female106.wav • Peasant_Female107.wav • Peasant_Female108.wav • Peasant_Female109.wav • Peasant_Female110.wav • Peasant_Female111.wav • Peasant_Female112.wav • Peasant_Female113.wav • Peasant_Female114.wav • Peasant_Female115.wav • Peasant_Female116.wav • Peasant_Female117.wav • Peasant_Female118.wav • Peasant_Female119.wav • Peasant_Female120.wav • ponds_sketch.tgx • dancing_bear_sketch.tgxstatue_sketch.tgx • dog_cage_sketch.tgxducking_stool_sketch.tgx • chopping_block_sketch.tgx • stretching_rack_sketch.tgx • dungeon_sketch.tgx • gibbet_sketch.tgx • stake_sketch.tgx • cess_pit_sketch.tgxwaterpot_sketch.tgxkilling_pits_sketch.tgxgardens_sketch.tgx • maypole_sketch.tgx • stocks_sketch.tgx • gallows_sketch.tgx • tower_sketch.tgx • campfire_sketch.tgxkeep_sketch.tgxchurch_sketch.tgx • stables_sketch.tgx • mill_sketch.tgxdairy_sketch.tgx • fruit_sketch.tgx • hop_sketch.tgx • wheat_sketch.tgx • oil_smelter_sketch.tgx • well_sketch.tgxtunnelors_guild_sketch.tgx • healers_sketch.tgx • inn_sketch.tgx • quarry_sketch.tgx • bakery_sketch.tgx • tanner_building_sketch.tgx • pole_sketch.tgxbsmith_sketch.tgx • fletcher_building_sketch.tgx • hunter_hut_sketch.tgx • pitch_sketch.tgx • iron_sketch.tgxwoodcutter_hut_sketch.tgx • house_sketch.tgx • st105_bear_cave.bikst104_pond.bik • st103_dancing_bear.bik • st102_bee_hive.bik • st101_shrine.bik • st100_statue.bik • st99_dog_cage.bik • st98_dunking_stool.bik • st97_chopping_block.bikst96_rack_flogging.bik • st95_rack_stretching.bik • st94_dungeon.bik • st93_gibbet.bikst92_burning_stake.bik • st91_cess_pit.bik • st85_tunnel_construction.bik • st84_portable_shield.bik • st83_battering_ram.bik • st82_siege_tower.bik • st81_trebuchet.bik • st80_catapult.bik • st78_tower5.bikst77_tower4.bikst76_tower3.bikst75_tower2.bikst74_tower1.bikst73_keepdoor.bik • st72_keepdoor_right.bikst71_keepdoor_left.bik • st68_pitch_ditch.bik • st67_killing_pit.bik • st66_garden.bikst65_maypole.bik • st63_stocks.bikst62_gallows.bik • st61_tower.bik • st60_gatehouse.bik • st59_paradeground_tun.bik • st58_paradeground_hvy.bik • st57_paradeground_lgt.bik • st56_paradeground_miss.bik • st55_campground.bikst53_paradeground_eng.bik • st52_signpost.bik • st51_paradeground_oil.bik • st50_tunnel_entrance.bik • st49_drawbridge.bikst48_gate_postern.bik • st47_gate_wood.bik • st46_gate_inner.bikst45_gate_main.bik • st44_keep5.bik • st43_keep4.bik • st42_keep3.bik • st41_keep2.bik • st40_keep1.bik • st36_church1.bik • st35_stables.bik • st34_mill.bik • st33_cattlefarm.bikst32_applefarm.bik • st31_hopsfarm.bik • st30_wheatfarm.bik • st28_oil_smelter.bik • st26_tradepost.bik • st25_tunnellers_guild.bik • st24_engineers_guild.bik • st23_healer.bikst22_inn.bik • st21_quarrypile.bikst20_quarry.bikst19_granary.bik • st18_brewers_workshop.bik • st17_bakers_workshop.bik • st16_tanners_workshop.bik • st15_armourers_workshop.bikst14_poleturners_workshop.bik • st13_blacksmiths_workshop.bik • st12_fletchers_workshop.bikst11_armoury.bik • st10_goods_yard.bikst08_barracks.bik • st07_hunters_hut.bik • st06_pitch_digger.bik • st05_iron_mine.bik • st04_oxen_base.bik • st03_woodcutters_hut.bik • st02_house.bik • st105_bear_cave.hlpst99_dog_cage.hlp • st85_tunnel_construction.hlp • st84_portable_shield.hlp • st83_battering_ram.hlp • st82_siege_tower.hlp • st81_trebuchet.hlp • st80_catapult.hlp • st78_tower5.hlpst77_tower4.hlpst76_tower3.hlpst75_tower2.hlpst74_tower1.hlpst73_keepdoor.hlp • st72_keepdoor_right.hlpst71_keepdoor_left.hlp • st70_water_pot.hlp • st68_pitch_ditch.hlp • st67_killing_pit.hlp • st65_good_things.hlp • st62_bad_things.hlpst61_tower.hlp • st55_campground.hlpst52_signpost.hlp • st50_tunnel_entrance.hlp • st49_drawbridge.hlpst60_gatehouse.hlp • st40_keep.hlp • st36_church.hlpst35_stables.hlp • st34_mill.hlp • st33_cattlefarm.hlpst32_applefarm.hlp • st31_hopsfarm.hlp • st30_wheatfarm.hlp • st28_oil_smelter.hlp • st27_well.hlp • st26_tradepost.hlp • st25_tunnellers_guild.hlp • st24_engineers_guild.hlp • st23_healer.hlpst22_inn.hlp • st21_quarrypile.hlpst20_quarry.hlpst19_granary.hlp • st18_brewers_workshop.hlp • st17_bakers_workshop.hlp • st16_tanners_workshop.hlp • st15_armourers_workshop.hlpst14_poleturners_workshop.hlp • st13_blacksmiths_workshop.hlp • st12_fletchers_workshop.hlpst11_armoury.hlp • st10_goods_yard.hlpst09_barracks.hlp • st08_mercenary_post.hlpst07_hunters_hut.hlp • st06_pitch_digger.hlp • st05_iron_mine.hlp • st04_oxen_base.hlp • st03_woodcutters_hut.hlp • st02_house.hlp • chimp66_fireeater.bik • chimp65_juggler.bikchimp64_child.bik • chimp63_mother.bik • chimp62_chicken.bikchimp61_ballista.bik • chimp60_portable_shield.bikchimp59_battering_ram.bik • chimp58_siege_tower.bikchimp57_jester.bik • chimp56_lady.bik • chimp55_lord.bik • chimp52_dog.bikchimp51_cow.bikchimp50_siege_tent.bik • chimp49_seagull.bikchimp48_crow.bik • chimp47_bear.bik • chimp46_rabbit.bik • chimp45_wolf.bik • chimp44_deer.bik • chimp43_trader_horse.bik • chimp42_trader.bik • chimp41_mangonel.bik • chimp40_trebuchet.bik • chimp39_catapult.bik • chimp37_monk.bik • chimp36_innkeeper.bik • chimp35_drunkard.bik • chimp34_healer.bik • chimp33_preist.bik • chimp32_miner2.bik • chimp31_miner1.bik • chimp30_engineer.bik • chimp29_ladderman.bik • chimp28_knight.bik • chimp27_swordsman.bik • chimp26_maceman.bikchimp25_pikeman.bikchimp24_spearman.bik • chimp23_xbowman.bikchimp22_archer.bik • chimp21_tanner.bik • chimp20_armourer.bik • chimp19_blacksmith.bik • chimp18_poleturner.bik • chimp17_brewer.bik • chimp16_baker.bik • chimp15_miller.bik • chimp14_farmer_cattle.bik • chimp13_farmer_apples.bik • chimp12_farmer_hops.bikchimp11_farmer_wheat.bik • chimp10_pitchman.bik • chimp09_quarry_ox.bik • chimp08_quarry_grunt.bik • chimp07_quarry_mason.bik • chimp06_hunter.bik • chimp05_tunneler.bik • chimp04_fletcher.bik • chimp03_woodcutter.bik • chimp02_burning_man.bikchimp01_peasant.bikchimp66_fireeater.hlp • chimp65_juggler.hlpchimp64_child.hlp • chimp63_mother.hlp • chimp62_chicken.hlpchimp61_ballista.hlp • chimp60_portable_shield.hlpchimp59_battering_ram.hlp • chimp58_siege_tower.hlpchimp57_jester.hlp • chimp56_lady.hlp • chimp55_lord.hlp • chimp52_dog.hlpchimp51_cow.hlpchimp50_siege_tent.hlp • chimp49_seagull.hlpchimp48_crow.hlp • chimp47_bear.hlp • chimp46_rabbit.hlp • chimp45_wolf.hlp • chimp44_deer.hlp • chimp43_trader_horse.hlp • chimp42_trader.hlp • chimp41_mangonel.hlp • chimp40_trebuchet.hlp • chimp39_catapult.hlp • chimp37_monk.hlp • chimp36_innkeeper.hlp • chimp35_drunkard.hlp • chimp34_healer.hlp • chimp33_preist.hlp • chimp32_miner2.hlp • chimp31_miner1.hlp • chimp30_engineer.hlp • chimp29_ladderman.hlp • chimp28_knight.hlp • chimp27_swordsman.hlp • chimp26_maceman.hlpchimp25_pikeman.hlpchimp24_spearman.hlp • chimp23_xbowman.hlpchimp22_archer.hlp • chimp21_tanner.hlp • chimp20_armourer.hlp • chimp19_blacksmith.hlp • chimp18_poleturner.hlp • chimp17_brewer.hlp • chimp16_baker.hlp • chimp15_miller.hlp • chimp14_farmer_cattle.hlp • chimp13_farmer_apples.hlp • chimp12_farmer_hops.hlpchimp11_farmer_wheat.hlp • chimp10_pitchman.hlp • chimp09_quarry_ox.hlp • chimp08_quarry_grunt.hlp • chimp07_quarry_mason.hlp • chimp06_hunter.hlp • chimp05_tunneler.hlp • chimp04_fletcher.hlp • chimp03_woodcutter.hlp • chimp02_burning_man.hlpchimp01_peasant.hlpmother_sketch.tgx • chicken_sketch.tgx • jester_sketch.tgx • ghost_sketch.tgx • firewatch_sketch.tgx • innkeeper_sketch.tgx • drunk_sketch.tgx • healer_sketch.tgx • priest_sketch.tgx • iron_miner_sketch.tgx • tanner_sketch.tgx • armourer_sketch.tgxblacksmith_sketch.tgx • poleturner_sketch.tgx • brewer_sketch.tgx • baker_sketch.tgx • child_sketch.tgx • farmer_sketch.tgx • pitchworker_sketch.tgx • ox_tether_sketch.tgx • stonemason_sketch.tgx • hunter_sketch.tgx • tunnelor_sketch.tgxfletcher_sketch.tgxwoodcutter_sketch.tgx • null_chimp_sketch.tgx • chimp00_null.tgxchimp00_null.tgxchimp00_null.tgxchimp00_null.tgxchimp00_null.tgxchimp00_null.tgxchimp00_null.tgxchimp00_null.tgxchimp00_null.tgxchimp00_null.tgxchimp00_null.tgx • chimp66_fireeater.tgx • chimp65_juggler.tgxchimp64_child.tgx • chimp63_mother.tgx • chimp62_chicken.tgxchimp61_ballista.tgx • chimp60_portable_shield.tgxchimp59_battering_ram.tgx • chimp58_siege_tower.tgxchimp57_jester.tgx • chimp56_lady.tgx • chimp55_lord.tgx • chimp54_ghost.tgx • chimp52_dog.tgxchimp51_cow.tgxchimp50_siege_tent.tgx • chimp49_seagull.tgxchimp48_crow.tgx • chimp47_bear.tgx • chimp46_rabbit.tgx • chimp45_wolf.tgx • chimp44_deer.tgx • chimp43_trader_horse.tgx • chimp42_trader.tgx • chimp41_mangonel.tgx • chimp40_trebuchet.tgx • chimp39_catapult.tgx • chimp37_monk.tgx • chimp36_innkeeper.tgx • chimp35_drunkard.tgx • chimp34_healer.tgx • chimp33_preist.tgx • chimp32_miner2.tgx • chimp31_miner1.tgx • chimp30_engineer.tgx • chimp29_ladderman.tgx • chimp28_knight.tgx • chimp27_swordsman.tgx • chimp26_maceman.tgxchimp25_pikeman.tgxchimp24_spearman.tgx • chimp23_xbowman.tgxchimp22_archer.tgx • chimp21_tanner.tgx • chimp20_armourer.tgx • chimp19_blacksmith.tgx • chimp18_poleturner.tgx • chimp17_brewer.tgx • chimp16_baker.tgx • chimp15_miller.tgx • chimp14_farmer_cattle.tgx • chimp13_farmer_apples.tgx • chimp12_farmer_hops.tgxchimp11_farmer_wheat.tgx • chimp10_pitchman.tgx • chimp09_quarry_ox.tgx • chimp08_quarry_grunt.tgx • chimp07_quarry_mason.tgx • chimp06_hunter.tgx • chimp05_tunneler.tgx • chimp04_fletcher.tgx • chimp03_woodcutter.tgx • chimp02_burning_man.tgxchimp01_peasant.tgxchimp00_null.tgx • startup screen.tgx • startup screen640.tgx • intro.bik • frontend_combat3.tgx • frontend_main2.tgx • frontend_main.tgx • richard_swordswing.bik • richard_ambient.bikCrusader_tutorial.map • frontend_combat2.tgx • frontend_combat.tgxfrontend_economics2.tgxfrontend_economics.tgx • frontend_builder2.tgx • frontend_builder.tgx • credits.hlpend_credit.tgx • credits_4.tgx • credits_3.tgx • credits_2.tgx • credits_1.tgx • demo buy it screen.tgx • www.alienware.com • www.bradygames.com • http://stronghold.godgames.com/buyit.php • www.fireflyworlds.com • gm_fly.tgx • multi_background.tgx • pick_opponent_large.tgxpick_opponent_normal.tgx • tslice8b.tgx • tslice7b.tgx • tslice6b.tgx • tslice5b.tgx • tslice4b.tgx • tslice3b.tgx • tslice2b.tgx • tslice1b.tgx • tslice8.tgxtslice7.tgxtslice6.tgxtslice5.tgxtslice4.tgxtslice3.tgxtslice2.tgxtslice1.tgxtable.tgx • firefly-small.tgx • .map • Genie_01.wav • Genie_03.wav • - auto_backup_map.mapmission22.map • edge1280l.tgx • edge1024l.tgx • edge1280r.tgx • edge1024r.tgx • ConnectGenie_11.wav • placement_warning16.wavplacement_warning20.wavplacement_warning18.wavplacement_warning19.wavplacement_warning21.wavplacement_warning6.wav • placement_warning5.wav • placement_warning4.wav • placement_warning3.wav • placement_warning2.wav • religion_sketch.tgxchurchs.tgxarmys26.tgxarmys25.tgxarmys24.tgxarmys23.tgxarmys22.tgxarmys21.tgxarmys20.tgxarmys19.tgxarmys18.tgxarmys17.tgxarmys16.tgxarmys15.tgxarmys14.tgxarmys13.tgxarmys12.tgxarmys11.tgxarmys10.tgxarmys9.tgx • armys8.tgx • armys7.tgx • armys6.tgx • armys5.tgx • armys4.tgx • armys3.tgx • armys2.tgx • armys1.tgx • armyrbd.tgxarmylbd.tgxarmybar.tgxarmysbar.tgx • food_sketch.tgxpopulation_sketch.tgx • popgraph.tgx • general_fear10.wav • general_fear8.wav • general_fear9.wav • general_fear7.wav • general_fear6.wav • general_fear5.wav • general_fear4.wav • general_fear3.wav • general_fear2.wav • general_fear1.wav • fearfneg.tgx • fearfpos.tgx • popularity_sketch.tgx • shield2.tgxshield1.tgxwedding_sketch.tgx • food_warning5.wav • other_warning9.wav • other_warning11.wavother_warning10.wavother_warning8.wav • other_warning12.wavunits_warning2.wav • units_warning1.wav • fx\button4 22k.wav • fx\chop1 22k.wav • fx\chop2 22k.wav • fx\chop3 22k.wav • fx\chop4 22k.wav • fx\sawpull1 22k.wav • fx\sawpush1 22k.wav • fx\sawpull2 22k.wav • fx\sawpush2 22k.wav • fx\sawpull3 22k.wav • fx\sawpush3 22k.wav • fx\stocks1.wav • fx\stocks2.wav • fx\stocks5.wav • fx\stocks7.wav • fx\bowtwang 22k.wav • fx\arrowswish1 22k.wav • fx\arrowswish2 22k.wav • fx\arrowshoot1 22k.wav • fx\arrowhit4 22k.wav • fx\tableclick.wav • fx\dragndrop.wav • fx\ilplop_01.wav • fx\lilplop_02.wav • fx\lilplop_03.wav • fx\lilplop_04.wav • fx\medplop_01.wav • fx\medplop_02.wav • fx\medplop_03.wav • fx\medplop_04.wav • fx\drop_plank1.wav • fx\mill.wav • fx\inn_01.wav • fx\inn_02.wav • fx\mason_chip1.wav • fx\mason_chip2.wav • fx\mason_chip3.wav • fx\mason_crumble1.wav • fx\mason_crumble2.wav • fx\puller_lower.wav • fx\puller_strain.wav • fx\puller_rock.wav • fx\puller_impact.wav • fx\puller_return.wav • fx\armycharge1.wav • fx\armycharge2.wav • fx\armycharge3.wav • fx\pryer_lever1.wav • fx\pryer_lever2.wav • fx\pryer_lever3.wav • fx\drawbridge_lowering.wav • fx\drawbridge_lowered.wav • fx\drawbridge_raising.wav • fx\drawbridge_raised.wav • fx\drawbridge_control.wav • fx\iron_dump1.wav • fx\iron_dump2.wav • fx\iron_lildump1.wav • fx\iron_lildump2.wav • fx\iron_boil1.wav • fx\iron_pour1.wav • fx\iron_pour2.wav • fx\iron_pull1.wav • fx\iron_pull2.wav • fx\iron_pull7.wav • fx\iron_pull4.wav • fx\iron_pull5.wav • fx\iron_pull6.wav • fx\iron_pull3.wav • fx\iron_straining1.wav • fx\iron_straining2.wav • fx\iron_straining3.wav • fx\stckfood1.wav • fx\stckale1.wav • fx\stckhops1.wav • fx\stckiron2.wav • fx\stckpitch2.wav • fx\stckstone1.wav • fx\stckweap2.wav • fx\stckwheat1.wav • fx\plank1.wav • fx\plank2.wav • fx\plank3.wav • fx\bigtreefall1.wav • fx\bigtreefall2.wav • fx\liltreefall.wav • fx\bs_anvil4.wav • fx\bs_anvil2.wav • fx\bs_anvil3.wav • fx\bs_anvil1.wav • fx\bs_anvil5.wav • fx\bs_bellow1.wav • fx\bs_bellow3.wav • fx\bs_bellow4.wav • fx\bs_cooling2.wav • fx\bs_cooling3.wav |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 1003 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 1967 | 584008 | .text | CALL [static] | Indirect call to absolute memory address |
| 2EC7 | 58422C | .text | CALL [static] | Indirect call to absolute memory address |
| 3E27 | 5841C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 6507 | 5842D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 6709 | A0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 71B9 | A0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 9365 | 58421C | .text | CALL [static] | Indirect call to absolute memory address |
| 9397 | 584018 | .text | CALL [static] | Indirect call to absolute memory address |
| 93F3 | 584214 | .text | CALL [static] | Indirect call to absolute memory address |
| 940F | 584214 | .text | CALL [static] | Indirect call to absolute memory address |
| 94CA | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 9502 | 58422C | .text | CALL [static] | Indirect call to absolute memory address |
| 9510 | 584230 | .text | CALL [static] | Indirect call to absolute memory address |
| 9556 | 584208 | .text | CALL [static] | Indirect call to absolute memory address |
| 9626 | 584224 | .text | CALL [static] | Indirect call to absolute memory address |
| 969E | 584224 | .text | CALL [static] | Indirect call to absolute memory address |
| 96F5 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 971B | 58422C | .text | CALL [static] | Indirect call to absolute memory address |
| 9729 | 584230 | .text | CALL [static] | Indirect call to absolute memory address |
| 9768 | 584208 | .text | CALL [static] | Indirect call to absolute memory address |
| 97A1 | 584210 | .text | CALL [static] | Indirect call to absolute memory address |
| 97F2 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 9813 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| A507 | 584238 | .text | CALL [static] | Indirect call to absolute memory address |
| C297 | 5841E0 | .text | CALL [static] | Indirect call to absolute memory address |
| CBC7 | 584008 | .text | CALL [static] | Indirect call to absolute memory address |
| 10807 | 58422C | .text | CALL [static] | Indirect call to absolute memory address |
| 108A7 | 5841BC | .text | CALL [static] | Indirect call to absolute memory address |
| 10F87 | 5842D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 11297 | 584018 | .text | CALL [static] | Indirect call to absolute memory address |
| 133D7 | 584238 | .text | CALL [static] | Indirect call to absolute memory address |
| 13C17 | 5842C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 14CE7 | 584068 | .text | CALL [static] | Indirect call to absolute memory address |
| 15D37 | 584154 | .text | CALL [static] | Indirect call to absolute memory address |
| 173A7 | 584010 | .text | CALL [static] | Indirect call to absolute memory address |
| 1AE27 | 584020 | .text | CALL [static] | Indirect call to absolute memory address |
| 1BFA7 | 5841F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1DFF7 | 584238 | .text | CALL [static] | Indirect call to absolute memory address |
| 1FF87 | 584284 | .text | CALL [static] | Indirect call to absolute memory address |
| 22317 | 584090 | .text | CALL [static] | Indirect call to absolute memory address |
| 227F7 | 584154 | .text | CALL [static] | Indirect call to absolute memory address |
| 234F7 | 584010 | .text | CALL [static] | Indirect call to absolute memory address |
| 264FF | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 26510 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 265FC | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 266B7 | 584020 | .text | CALL [static] | Indirect call to absolute memory address |
| 26768 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 26CC7 | 5841F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 26FE8 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 27097 | 5841E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 27398 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 27488 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 27747 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 279B7 | 584000 | .text | CALL [static] | Indirect call to absolute memory address |
| 27D62 | 5841D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 27EFC | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 28021 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 28051 | 584154 | .text | CALL [static] | Indirect call to absolute memory address |
| 2807E | 584154 | .text | CALL [static] | Indirect call to absolute memory address |
| 280A3 | 584154 | .text | CALL [static] | Indirect call to absolute memory address |
| 280C8 | 584154 | .text | CALL [static] | Indirect call to absolute memory address |
| 280E7 | 58422C | .text | CALL [static] | Indirect call to absolute memory address |
| 286F2 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 28996 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 28F98 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 2905D | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 29157 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 29916 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 2E357 | 5841C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 2FA07 | 5842D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 2FAC1 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 2FE14 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 2FE97 | 584018 | .text | CALL [static] | Indirect call to absolute memory address |
| 2FEEF | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 2FF27 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 3018D | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 30ECA | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 31444 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 31684 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 31B17 | 584238 | .text | CALL [static] | Indirect call to absolute memory address |
| 33FF8 | 584218 | .text | CALL [static] | Indirect call to absolute memory address |
| 35867 | 5841E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 35987 | 584000 | .text | CALL [static] | Indirect call to absolute memory address |
| 36B68 | 584154 | .text | CALL [static] | Indirect call to absolute memory address |
| 37227 | 584210 | .text | CALL [static] | Indirect call to absolute memory address |
| 3736F | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 3757C | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 375B0 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 37757 | 584194 | .text | CALL [static] | Indirect call to absolute memory address |
| 3928D | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 3929F | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 395D1 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 3B205 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 3BCA9 | 5841EC | .text | CALL [static] | Indirect call to absolute memory address |
| 3EDC8 | 584010 | .text | CALL [static] | Indirect call to absolute memory address |
| 41EA8 | 584020 | .text | CALL [static] | Indirect call to absolute memory address |
| 42348 | 5841F8 | .text | CALL [static] | Indirect call to absolute memory address |
| 42CD7 | 5842D4 | .text | CALL [static] | Indirect call to absolute memory address |
| 43917 | 584018 | .text | CALL [static] | Indirect call to absolute memory address |
| 291000-3533F6 | 199C000 | .rsrc | Executable section anomaly, first bytes: 0000000000000000 |
| 3533F7 | N/A | *Overlay* | 0000000000000000000000000000000000000000 | .................... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 1085932 | 31,1174% |
| Null Byte Code | 1776624 | 50,9092% |
| NOP Cave Found | 0x9090909090 | Block Count: 2858 | Total: 0,2047% |
© 2026 All rights reserved.