Manalyze report for 116f71020a979837271376fb23613b04

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Nov-07 11:09:18
Detected languages	English - United States
FileVersion	`2, 0, 0, 44`
ProductName	SERB-CRAFT AntiCheat Installer
ProductVersion	`2, 0, 0, 44`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	Interesting strings found in the binary:	`Contains domain names: clickteam.com http://www.clickteam.com http://www.clickteam.com/pub www.clickteam.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegCreateKeyExA RegCreateKeyA RegEnumKeyExA RegDeleteKeyA RegCloseKey RegDeleteValueA RegOpenKeyA RegSetValueExA RegQueryValueA RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessA WinExec ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeA` `Can take screenshots: FindWindowA BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`1061090 bytes of data starting at offset 0x2f000.` `The overlay data has an entropy of 7.99804 and is possibly compressed or encrypted.` `Overlay data amounts for 84.6433% of the executable.`
Suspicious	VirusTotal score: 2/69 (Scanned on 2022-03-01 20:45:33)	`Bkav: W32.AIDetect.malware2` `APEX: Malicious`

Hashes

MD5	`116f71020a979837271376fb23613b04`
SHA1	`6bf22d9019f92cadcbc7a7992a50af8b6f8b20b2`
SHA256	`7978f88aa22871a100f84d02406f0da023d10b3226fc6c3f635e25841e299758`
SHA3	`1d5e5f493222525da3648485db2386f1cbedb46db1cbc59635c1c3ac72792e17`
SSDeep	`24576:3gm9RswjFpt9ASqzwyBiYe0ImIix9k3mYM4OLCPjz5axbFsgnLgD7:PKwjt9WACx9XYMOAxbJgD7`
Imports Hash	`90bc04cd771dd9666e2f7a223698dc3b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2013-Nov-07 11:09:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x22000`
SizeOfInitializedData	`0xc000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001C312 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x23000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x30000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7d428061a1e87aedeb07a31c0864a2df`
SHA1	`01559d9c5f556d0ec6cb0140382fedf141f7bd8f`
SHA256	`fffd68eeac94cf7de9b0823a4f063daffa1c0de7708f1e051fd1c5e182779ae2`
SHA3	`f4a4e6114c13684c92e9203f8d7cd1a88b423bd0a6e106fd67f57e156b7df8ac`
VirtualSize	`0x2189a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61963`

.rdata

MD5	`bf6993bef9c1e3bc5620078729c7a209`
SHA1	`e468dc12605636563dd808b344b6ebdb3c3bd7ab`
SHA256	`68c362867a344cd687aa84e4feff8443974a5f7c19e6e46402df1d8cf1f52fbf`
SHA3	`a8a7c6cef87290d00ad3db03d34b7b4929497f0afc2d7e10c3590369218807e4`
VirtualSize	`0x206a`
VirtualAddress	`0x23000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x23000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.12607`

.data

MD5	`5c2289dfb7982b121f5a521dbb9461b8`
SHA1	`5af11f82bd65965897c9bf6611f572c6fc6e59c0`
SHA256	`861aa381f2e6c900d56c63be7af488413e44ac13a62464b48905abbab7a0f207`
SHA3	`524470728bcda41de2db0b77f41ef3328600f9b93768e82c118e478be2039a07`
VirtualSize	`0x62a0`
VirtualAddress	`0x26000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x26000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.08473`

.rsrc

MD5	`f8695f18ef548f7b0a0f0320dcc5c9d8`
SHA1	`5d0402205415a05c4c8e362d457e0ce5b0522851`
SHA256	`237a9969426a63fb51d23148c2937422bf8cd7f48a10b5d8063ff7532c9d42fe`
SHA3	`4bdc4a8a6fed8212c7b6aa01d5f63177d02c36eb31babd1cff6ab87ed1d7be15`
VirtualSize	`0x2bbc`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x2c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.33931`

Imports

KERNEL32.dll	`GetModuleHandleA` `MoveFileExA` `GetCurrentProcess` `GetDriveTypeA` `GetModuleFileNameA` `GetVersionExA` `GetVersion` `CompareStringA` `GetTimeZoneInformation` `IsBadCodePtr` `IsBadReadPtr` `SetUnhandledExceptionFilter` `GetStringTypeW` `GetStringTypeA` `GetFileType` `GetStdHandle` `SetHandleCount` `GetEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `FreeEnvironmentStringsA` `UnhandledExceptionFilter` `GetOEMCP` `GetACP` `FormatMessageA` `LCMapStringW` `LCMapStringA` `IsBadWritePtr` `HeapReAlloc` `VirtualAlloc` `VirtualFree` `HeapCreate` `HeapDestroy` `GetEnvironmentVariableA` `GetCommandLineA` `GetStartupInfoA` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `FindNextFileA` `RemoveDirectoryA` `MoveFileA` `RtlUnwind` `DeleteFileA` `SetEnvironmentVariableA` `CreateDirectoryA` `HeapFree` `HeapAlloc` `HeapCompact` `TerminateProcess` `ExitProcess` `CopyFileA` `SetFileTime` `OpenFile` `GetFileAttributesA` `SetFileAttributesA` `SetErrorMode` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `LoadLibraryExA` `FindResourceA` `GetTickCount` `GetFullPathNameA` `MultiByteToWideChar` `WideCharToMultiByte` `GetLocalTime` `GetTempPathA` `GetShortPathNameA` `GetExitCodeProcess` `CompareStringW` `GetCurrentDirectoryA` `SetCurrentDirectoryA` `CreateProcessA` `Sleep` `lstrcatA` `lstrlenA` `WinExec` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `GetDiskFreeSpaceA` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GlobalFree` `CloseHandle` `SetFilePointer` `WriteFile` `ReadFile` `CreateFileA` `GetLastError` `FindFirstFileA` `FindClose` `GetWindowsDirectoryA` `GetCPInfo` `GetSystemDirectoryA`
USER32.dll	`ExitWindowsEx` `IsIconic` `PostQuitMessage` `DefWindowProcA` `AdjustWindowRectEx` `DialogBoxParamA` `EndDialog` `CheckDlgButton` `SetTimer` `KillTimer` `SendDlgItemMessageA` `GetFocus` `BringWindowToTop` `GetLastActivePopup` `SendMessageA` `GetWindow` `FindWindowA` `LoadCursorA` `LoadIconA` `PostMessageA` `GetSysColor` `ScreenToClient` `GetWindowRect` `GetDlgItem` `EndPaint` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `GetSystemMetrics` `GetDlgItemTextA` `IsClipboardFormatAvailable` `OpenClipboard` `GetClipboardData` `CloseClipboard` `IsDlgButtonChecked` `CheckRadioButton` `SetFocus` `GetParent` `UpdateWindow` `IsWindowVisible` `InvalidateRect` `CreateDialogParamA` `RedrawWindow` `PeekMessageA` `GetMessageA` `IsDialogMessageA` `TranslateMessage` `DispatchMessageA` `SetDlgItemTextA` `SetWindowTextA` `SetWindowPos` `ShowWindow` `DestroyWindow` `CreateWindowExA` `GetWindowLongA` `IsWindowEnabled` `CallWindowProcA` `ValidateRect` `SetWindowLongA` `GetClassNameA` `MessageBoxA` `EnableWindow` `SendMessageTimeoutA` `wsprintfA` `RegisterClassA`
GDI32.dll	`CreatePalette` `SetBkColor` `ExtTextOutA` `GetSystemPaletteEntries` `AddFontResourceA` `RemoveFontResourceA` `GetStockObject` `GetDeviceCaps` `DeleteDC` `DeleteObject` `BitBlt` `SelectObject` `CreateCompatibleBitmap` `CreateCompatibleDC` `RealizePalette` `SelectPalette` `CreateHalftonePalette` `CreateDIBPatternBrush` `CreateSolidBrush` `SetBrushOrgEx` `SetStretchBltMode` `StretchDIBits` `CreateFontIndirectA` `SetBkMode` `SetTextColor`
comdlg32.dll	`GetOpenFileNameA`
ADVAPI32.dll	`RegCreateKeyExA` `OpenProcessToken` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `RegCreateKeyA` `RegEnumKeyExA` `RegDeleteKeyA` `RegCloseKey` `RegDeleteValueA` `RegOpenKeyA` `RegSetValueExA` `RegQueryValueA` `RegOpenKeyExA` `RegQueryValueExA`
SHELL32.dll	`DragQueryFileA` `DragFinish` `ShellExecuteA` `SHBrowseForFolderA` `SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHGetMalloc` `DragAcceptFiles`
ole32.dll	`CoGetMalloc` `CoCreateInstance` `OleInitialize` `OleUninitialize`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA` `VerFindFileA`
COMCTL32.dll	`#17`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45234`
MD5	`a21ca5daa039dc7ac90e31545dccc211`
SHA1	`91fe008da13ec382e87f75770751a535febe042b`
SHA256	`ee7ffc40025503c88c93c51f579e8571a879b95aa97e406965f2b6c9839b922a`
SHA3	`bf2f1557b29f2dc7f077cae361ba0a57fb524d16f0301a9da696c8599a928eb2`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08886`
MD5	`1e55e203201f29a447ae786a4bd10af3`
SHA1	`84d6ad6df82d1a2e95850e4bef18de5e9b131620`
SHA256	`731204620448dc3582b26baa016a9c9f869adc0ed462b69650066362f5000ad1`
SHA3	`3c1c4c2744711c2314f5daf783c7cb0ddc5c43ff2da94f2e398c097613cc21c9`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.9296`
MD5	`8e9fe07a8ab508bd4063972270eda849`
SHA1	`153ba07e94f4d9450be96e1aee50560114690a02`
SHA256	`dbfe69c12b158be4f44fc259e0fc13c34547705f2bc2bfd40512d89d9c0aeffc`
SHA3	`f32c37cbf9de9d450e26f4049d781b62cb43ce298b82ebb04737745dffe61b52`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.63035`
MD5	`4420623d195de21f42e14717253773e4`
SHA1	`027486aaa229df5ded84143421b1de3254e0349c`
SHA256	`8088bb7c39780f13e85ca2926f9c8182bfbdb1cdb9fce75bf1cb13c64d751ce0`
SHA3	`89e1193b23db7035bfe654518e80278b437f5800ec3894a47f89193d83901c4b`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.08336`
MD5	`506e9f593eb01c05801ad1e237d31fb4`
SHA1	`08b038bdf68eb26a057506b92037467ad0a42f37`
SHA256	`89da0b18b18c474546448336a698e66bc528e76e84ba6f165eb68194d9806044`
SHA3	`bdb296b672f0500addb93fff66b886679bf81b50dffce0055f4363623d5c5d28`

112

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.86945`
MD5	`fc131a28274f92bb72744a1f5dabed1f`
SHA1	`bc691d6989c70106bf70c8cffc27523bc119d44c`
SHA256	`ca5d05d931937eb904234603889b45d9a4ba6f3ea8f159e3fec4d7f8044eb27c`
SHA3	`5153fb415ea669e13d8834a1f6610395309cd863ce4e27c591ce29d2562cc10b`

113

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.86945`
MD5	`c08a8c6881b25b62c3ba22c79132a730`
SHA1	`a683a209d9a506072fcdb02c69f23232effdd6bc`
SHA256	`4cad9cd5b271996e83e5aa051c2b7416283d285ed7659be1d74ad5c25e804d8a`
SHA3	`aee3214141c18469df7f786f341ee60c8002a9622b02e3a3e512b7642f400d2a`

131

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6218`
MD5	`de7e1b34659a4886c68617fe770ecd45`
SHA1	`b225dbfb0e92dce5173a484ec2ac7734ce7ae124`
SHA256	`f0405d353583a0087b3018f1e12a661e6f109cb2a37da19e42e90526ea733d06`
SHA3	`80918880e307fb8a93504c555880dbb45cf448d8461e38f9953ba98e83ac1aeb`

132

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.81682`
MD5	`dc88d3fb1aa7ea2a0e1e789fd39e9797`
SHA1	`f7212839ab66c8551dcd8936df7bec0f76145e53`
SHA256	`96da82ab825dbc11f2af393f9fff9f7229894c126731336338b24433e878f2f8`
SHA3	`8adfd94e4496f2f5f18067c668219374d61f66bfd004bd99b9d2f166d4d11fa4`

800

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77728`
Detected Filetype	Icon file
MD5	`cf40c0bf311f8dfc6d961c77f7ffe24b`
SHA1	`4c39482485f49f36a4d8d01fb4f5d783d5187c57`
SHA256	`9452608ab517180cee2f155b5ea46a2cb885a638521462bb737ca6d76814b632`
SHA3	`a0ded362ba54fb0012a30b36bd8307f5aab6d12ea498257b2c7abb8c0665d063`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x320`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10923`
MD5	`f3471d749819f1a13984cc12932c6243`
SHA1	`587e1df1e23f78c79a12783ebff749da01c2fc6b`
SHA256	`7b88b86b57d57a703b51f554f0331ac1fc2b4922af3acb78f511512e937ba3d6`
SHA3	`12a77d48497add500ef24cfa1a93408378c674107b9925b5738fc530fc78b202`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3cb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24462`
MD5	`d8bdd2cf8c894f10d11f790aa08dd317`
SHA1	`6de6737c7f12dcda74a14e056ae22949463c71e9`
SHA256	`7487f0c258df21c54fe252e9710e60814b27ad3a9adec6b11c006afab0f5fdf8`
SHA3	`233b1319ec86ac53d43e2aae467d031866ef83d26eb0b13dfc774414f0a11e47`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.0.44
ProductVersion	2.0.0.44
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	2, 0, 0, 44
ProductName	SERB-CRAFT AntiCheat Installer
ProductVersion (#2)	2, 0, 0, 44

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xc7f5d3f1`
Unmarked objects	`0`
12 (7291)	`2`
C++ objects (8047)	`8`
14 (7299)	`20`
C objects (8047)	`73`
C objects (VC++ 6.0 SP5 build 8804)	`15`
C objects (2190)	`2`
Imports (2179)	`19`
Total imports	`221`
49 (9044)	`2`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

116f71020a979837271376fb23613b04

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

3

4

5

112

113

131

132

800

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors