Manalyze report for 4799270914612d9a7b102a02966216b00c74238256a6cb0a6a5150e7b3ed7a00

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Aug-10 04:03:35
Detected languages	English - United States
Debug artifacts	C:\BuildAgent\work\a062fedcb3f3a275\t17proj4\Branches\Steam\Main\Code\Tools\SteamLauncher\Development\Release\Worms W.M.D Editor.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: CreateProcessA`
Suspicious	VirusTotal score: 1/63 (Scanned on 2024-05-10 05:02:49)	`Bkav: W32.AIDetectMalware`

Hashes

MD5	`5cf0dd6cb864320552aed6b406f2a610`
SHA1	`08a9bcdc37cf8928bd6b2e45cf371c530012d458`
SHA256	`4799270914612d9a7b102a02966216b00c74238256a6cb0a6a5150e7b3ed7a00`
SHA3	`781cc95024a8f3c34c4aa891f2f1d21d40919d2d94dd781078606288101afd62`
SSDeep	`192:PQc+r9btmt7F899fuiLOi/LTBrm29IwfekYw4/TxTfwAbosV7xObmiweXuGkSfF:alMt7wfuCd/LTA2nf1F4bOZlRc8OU`
Imports Hash	`929bd438048dd1af99294189061ec973`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Aug-10 04:03:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x2600`
SizeOfInitializedData	`0x2a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002DE0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a5025fc7c544192ed9f98bb7473773cc`
SHA1	`507ddb258ef3766dc7804d72efa5e58ccf2e288a`
SHA256	`4d61402300f2dc5f51c80f278997a1af410746a91784f7e04e40248beff08ed4`
SHA3	`28b48c8ef8440769979d77d48262849bc33b806b737e047faa95c3332778ad60`
VirtualSize	`0x24eb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18548`

.rdata

MD5	`675c41d133e58870df8880c72efc2229`
SHA1	`2be380b5bc48e1a9d1f5a1b70d9d10d81e3b4730`
SHA256	`ea7de770af7a4f51ae940a1d692c90f58e8f25cc6829a93397a3995bad02cccd`
SHA3	`bf88a9e54f11b9faca6a70d976066b655b9b061de7457d390b20ff28c0b1b14a`
VirtualSize	`0x1750`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.89739`

.data

MD5	`e2d2e8f224a726c4c0c82c36480d8a0e`
SHA1	`1e49e26b3a4d23314ddc601d8d7fc21d5a8844d9`
SHA256	`27c7b7dd44c0498047db2512d280b56d2b6ebfe77dc0d08312dd85d077c858b2`
SHA3	`ed8d075388fe7aca765f8a15506dbc47fcf029b0429d8e0ca9567cf2832917ec`
VirtualSize	`0x650`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.75031`

.rsrc

MD5	`0b35de07beeb30d1d6013cbca2846303`
SHA1	`c98626ce4d587471d115df6f42cb0f5221f13689`
SHA256	`c9ed38ed40cfe8c1718cbf78be16bb4aa76b76097a449f9ea315aee9fd20df0d`
SHA3	`76678b071daa4ec33980be3b819260aea5ade31193b0580e19b41e16156137cf`
VirtualSize	`0x1e0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7015`

.reloc

MD5	`d2ea5a394ea1d651d08989e6e22a1880`
SHA1	`cbe9b5d89f87a55d49109326ce78baff0e58dbdf`
SHA256	`8721034753a77a02a2a92a8374477a9a225bfa558ee8365a851809793a862569`
SHA3	`517e497b0bd1497661fdd6ec033f28060db26abee46838f1e66a30431c01426f`
VirtualSize	`0x7f4`
VirtualAddress	`0x8000`
SizeOfRawData	`0x800`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.21528`

Imports

KERNEL32.dll	`CreateProcessA` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `DecodePointer` `IsDebuggerPresent` `EncodePointer`
steam_api.dll	`SteamAPI_GetSteamInstallPath` `SteamAPI_Init` `SteamApps` `SteamAPI_Shutdown`
MSVCP110.dll	`?_BADOFF@std@@3_JB` `?_Xbad_alloc@std@@YAXXZ` `?_Xout_of_range@std@@YAXPBD@Z` `?_Xlength_error@std@@YAXPBD@Z` `?uncaught_exception@std@@YA_NXZ` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `?_Syserror_map@std@@YAPBDH@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ` `?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z` `?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ` `?_Winerror_map@std@@YAPBDH@Z`
MSVCR110.dll	`??2@YAPAXI@Z` `_lock` `_unlock` `_calloc_crt` `__dllonexit` `_onexit` `??1type_info@@UAE@XZ` `_XcptFilter` `__crtGetShowWindowMode` `_amsg_exit` `__wgetmainargs` `__set_app_type` `exit` `_exit` `_cexit` `_configthreadlocale` `__setusermatherr` `_initterm_e` `_initterm` `_wcmdln` `_fmode` `_commode` `_crt_debugger_hook` `__crtUnhandledException` `__crtTerminateProcess` `_except_handler4_common` `?terminate@@YAXXZ` `__crtSetUnhandledExceptionFilter` `_invoke_watson` `_controlfp_s` `??3@YAXPAX@Z` `_purecall` `memmove` `memcpy` `__CxxFrameHandler3` `_CxxThrowException` `memset`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-Aug-10 04:03:35
Version	`0.0`
SizeofData	`157`
AddressOfRawData	`0x4398`
PointerToRawData	`0x2d98`
Referenced File	C:\BuildAgent\work\a062fedcb3f3a275\t17proj4\Branches\Steam\Main\Code\Tools\SteamLauncher\Development\Release\Worms W.M.D Editor.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2016-Aug-10 04:03:35
Version	`0.0`
SizeofData	`16`
AddressOfRawData	`0x4438`
PointerToRawData	`0x2e38`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x406018`
SEHandlerTable	`0x4048c0`
SEHandlerCount	`5`

RICH Header

XOR Key	`0xec3f7149`
Unmarked objects	`0`
ASM objects (50929)	`1`
C objects (50929)	`19`
C++ objects (50929)	`4`
Imports (50929)	`4`
Imports (VS2010 SP1 build 40219)	`2`
Total imports	`106`
185 (30716)	`3`
211 (VS2012 UPD4 build 61030)	`1`
Resource objects (VS2012 UPD4 build 61030)	`1`
Linker (VS2012 UPD4 build 61030)	`1`

Errors

Leave a comment

No comments yet.