Manalyze report for 47f0bdc00d524935134d5c7b375088c17a5c712cd886cf83a89af0e14dec0630

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1998-Oct-17 06:11:47
Detected languages	English - United States
CompanyName	Blizzard Entertainment
FileDescription	Starcraft
FileVersion	`Version 1.12`
InternalName	Starcraft
LegalCopyright	Copyright © 1998
OriginalFilename	Starcraft.exe
ProductName	Starcraft
ProductVersion	`Version 1.04`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C 5.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++`
Info	Interesting strings found in the binary:	`Contains domain names: Battle.net battle.net boundRect.top dstrect.top searchLimit.top`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1`
Malicious	The file headers were tampered with.	`The RICH header checksum is invalid.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegDeleteValueA RegOpenKeyA` `Possibly launches other programs: ShellExecuteA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Enumerates local disk drives: GetLogicalDriveStringsA GetDriveTypeA` `Can take screenshots: FindWindowA GetDC CreateCompatibleDC`
Info	The PE's resources present abnormal characteristics.	`Resource 202 is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7b0721a69ab3a19bc055c807b34ff3fc`
SHA1	`0d16a9b36c56827e8c552a710e29f8c0a9e547d2`
SHA256	`47f0bdc00d524935134d5c7b375088c17a5c712cd886cf83a89af0e14dec0630`
SHA3	`5880240a0b05e263b37be9e719c8efe2433b754eab88f7d72c2754815659be81`
SSDeep	`24576:8YjTiefr3TMhdo3JO9q9rMxitNs4KHWCgaKbnjMdJ/O:zOezD17nTyKrkM`
Imports Hash	`78e199bdada8e79340976073ed0caddd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	1998-Oct-17 06:11:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x102600`
SizeOfInitializedData	`0x1fa400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000E5B30 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x104000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x300000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`de370c31aa9a9dab3050a8a1b52afba0`
SHA1	`b197fedbaa08e4b743c549f46a38bd8db290ddf9`
SHA256	`23c9a54964e5323c020a759a269f60c57465a1f617e3c02275b09d3c969bd03a`
SHA3	`d18c809e3ce9f4069a1864266c081b76c687c444beb66735e0fee23818408720`
VirtualSize	`0x102590`
VirtualAddress	`0x1000`
SizeOfRawData	`0x102600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67806`

.rdata

MD5	`155ea40bbaafbe36f6db7ce049169776`
SHA1	`513f986248cfdf79be423c69631f426639b2ac7f`
SHA256	`755457a75c4c42cc56c16ab9abadba3259b833f9f36ea7f95496efef7d9a97e2`
SHA3	`fbdf3c85931fdb6ac86e69399c488096c5ac725d426c9f9eda944acc32a40cea`
VirtualSize	`0x35f1`
VirtualAddress	`0x104000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x102a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.4402`

.data

MD5	`cc2470a6409592e4fa2ea4cb9acb0007`
SHA1	`7dbecc9f359282bde9019a29f34b3480ed05b3ff`
SHA256	`19637d07dfbea415924ef7d46fa4a06b05b9d5e57749d23d979bbfb36a0b6ccd`
SHA3	`ad7f0e859e6f5982cd962c9911af2eb499071bec6c64273705e245699337fae1`
VirtualSize	`0x1f58fc`
VirtualAddress	`0x108000`
SizeOfRawData	`0x24600`
PointerToRawData	`0x106000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.23646`

.rsrc

MD5	`47ebf7697438eb91967ea928cfdb4ead`
SHA1	`c6706107d54e09fd751b183c50485ab5d1cf1b8a`
SHA256	`0cb64f740adf36cd80aacf0c673962e03526bee75fcf6b2d70a1bc6d0ef97a94`
SHA3	`6e4d274a914eeb40ef4f842c03a1a9bc61bb493b7c833cf68271033eef13f938`
VirtualSize	`0x1378`
VirtualAddress	`0x2fe000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x12a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.45587`

Imports

storm.dll	`#140` `#106` `#119` `#109` `#130` `#115` `#138` `#137` `#139` `#123` `#102` `#122` `#121` `#128` `#127` `#462` `#134` `#117` `#120` `#105` `#261` `#257` `#264` `#275` `#468` `#437` `#440` `#436` `#443` `#438` `#432` `#354` `#351` `#523` `#524` `#529` `#525` `#452` `#334` `#331` `#332` `#255` `#258` `#272` `#266` `#502` `#133` `#118` `#103` `#116` `#424` `#421` `#252` `#321` `#451` `#112` `#107` `#457` `#454` `#458` `#386` `#389` `#393` `#390` `#385` `#383` `#314` `#216` `#422` `#425` `#206` `#211` `#431` `#221` `#434` `#445` `#125` `#113` `#222` `#357` `#346` `#506` `#208` `#114` `#505` `#323` `#325` `#269` `#265` `#253` `#267` `#268` `#463` `#276` `#274` `#342` `#423` `#426` `#482` `#442` `#465` `#503` `#350` `#356` `#401` `#501` `#256` `#453` `#260` `#313` `#403`
SHELL32.dll	`FindExecutableA` `ShellExecuteA` `SHGetSpecialFolderLocation` `SHGetPathFromIDListA`
KERNEL32.dll	`HeapDestroy` `GetFileType` `GetStdHandle` `HeapCreate` `SetHandleCount` `GetOEMCP` `GetACP` `GetCPInfo` `GetEnvironmentStringsW` `GetEnvironmentStrings` `RtlUnwind` `UnhandledExceptionFilter` `WriteFile` `HeapFree` `HeapSize` `HeapAlloc` `HeapReAlloc` `GetCurrentProcess` `TerminateProcess` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `TlsGetValue` `GetLocaleInfoA` `LCMapStringW` `LCMapStringA` `WideCharToMultiByte` `MultiByteToWideChar` `ExitProcess` `GetVersion` `GetStartupInfoA` `SetConsoleCtrlHandler` `ExitThread` `TlsSetValue` `CreateThread` `InterlockedIncrement` `InterlockedDecrement` `GetLocalTime` `GetSystemTime` `GetTimeZoneInformation` `FreeLibrary` `GetFileSize` `RaiseException` `SetLastError` `EnterCriticalSection` `SetFileAttributesA` `CompareStringW` `GetStringTypeA` `GetStringTypeW` `SetStdHandle` `FlushFileBuffers` `CreateFileA` `SetFilePointer` `SetEndOfFile` `ReadFile` `GetLocaleInfoW` `CompareStringA` `TlsAlloc` `SetEnvironmentVariableA` `LoadLibraryA` `GetProcAddress` `GetCurrentThreadId` `SetEvent` `GetDateFormatA` `GetTimeFormatA` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSection` `GetModuleFileNameA` `FindClose` `FindNextFileA` `FindFirstFileA` `DeleteFileA` `GetTickCount` `IsBadWritePtr` `Sleep` `IsBadReadPtr` `GetModuleHandleA` `VirtualQuery` `lstrcpynA` `FormatMessageA` `SetUnhandledExceptionFilter` `GetLastError` `CloseHandle` `WaitForMultipleObjects` `MulDiv` `CreateDirectoryA` `GetLogicalDriveStringsA` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `GetFileAttributesA` `WaitForSingleObject` `VirtualProtect` `VirtualAlloc` `CreateEventA` `VirtualFree` `GetDriveTypeA` `LockResource` `GetCommandLineA` `GlobalMemoryStatus` `GetDiskFreeSpaceA` `GetSystemInfo` `LoadResource` `SizeofResource` `FindResourceA` `CompareFileTime`
USER32.dll	`DefWindowProcA` `SendMessageA` `ClipCursor` `LoadStringA` `LoadAcceleratorsA` `PtInRect` `DestroyAcceleratorTable` `ReleaseCapture` `SetCapture` `PostMessageA` `GetKeyState` `SetFocus` `FindWindowA` `ShowCursor` `SetCursorPos` `GetCursorPos` `SetCursor` `LoadCursorA` `EndPaint` `BeginPaint` `IsIconic` `DispatchMessageA` `TranslateMessage` `PeekMessageA` `GetMessageA` `TranslateAcceleratorA` `GetWindow` `GetClassNameA` `GetForegroundWindow` `GetDesktopWindow` `SetRect` `GetActiveWindow` `ReleaseDC` `GetDC` `GetDlgItem` `GetWindowLongA` `InvalidateRect` `OffsetRect` `GetWindowRect` `GetParent` `SendDlgItemMessageA` `ShowWindow` `EnableWindow` `UpdateWindow` `DrawTextA` `GetSysColor` `GetFocus` `ScreenToClient` `GetClientRect` `SetWindowLongA` `MessageBoxA` `SetWindowTextA` `SetActiveWindow` `SetForegroundWindow` `EnumWindows` `GetWindowThreadProcessId` `KillTimer` `SetTimer` `DialogBoxParamA` `SetDlgItemTextA` `SetWindowPos` `EndDialog` `CreateWindowExA` `GetSystemMetrics` `RegisterClassA` `LoadIconA` `GetTopWindow` `GetLastActivePopup`
GDI32.dll	`GetDeviceCaps` `MoveToEx` `TextOutA` `GetPaletteEntries` `GetStockObject` `DeleteDC` `GetTextExtentPoint32A` `SelectObject` `CreateCompatibleDC` `CreateFontIndirectA` `GetObjectA` `DeleteObject` `GetTextMetricsA` `ExtTextOutA` `GetTextExtentExPointA` `SetTextColor` `SetBkColor` `SetTextAlign` `CreateFontA`
VERSION.dll	`GetFileVersionInfoA` `VerQueryValueA` `GetFileVersionInfoSizeA`
ADVAPI32.dll	`GetUserNameA` `RegDeleteValueA` `RegOpenKeyA`

Delayed Imports

202

Type	`VCOD`
Language	English - United States
Codepage	UNKNOWN
Size	`0x410`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84989`
MD5	`ff623e8d6ee191b4c3c2417307211dc4`
SHA1	`7be8c264e97b070a1f64a4af79e647c2593351af`
SHA256	`c13ca25290b5d075eae9705d68a7b8c30af498c36c10e138627f8b49b795392f`
SHA3	`85a4bf7ebc9c6856d5ba72644460bbfaa9ba4b92da3ea0920650fc7157b25e45`

3

Type	`RT_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.42894`
MD5	`7af369189ad6aef33807467e9cee257e`
SHA1	`a520c12a8deee3e181608e917befb0d850edcba3`
SHA256	`8cfd5166103ef9f240fe95a23b43bba777f8eb96f2fd9f286004e2a893e9bb56`
SHA3	`1b28d032f8edc381a02d00e6ef3dabafeaa27448b1e54687abadc52571173098`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51038`
MD5	`11ff615f10374e328dff1f63de28ed4a`
SHA1	`44a75b5da176e5a2e455429659e80884e428bab8`
SHA256	`c4ba8d44c2d8e33a5a82787abf68fd46a4564e455eb56a86bf8fe25bd0d741ca`
SHA3	`c37377c234bb6948052b69af817a3fd96e6a151826bf870752205c42986e9197`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60525`
MD5	`5a280d72d21a16b7f5eb4721f9b483bc`
SHA1	`2fb704125cb010cd7d4f4573ae6d25ac2acb2777`
SHA256	`7d00a4815e44f14cc0d4c08f682546b8896f8fa1ee58af80b6a94b9342dd2205`
SHA3	`056ed5a8b92a51092fb42135913bf62c35fa1efab46ad7624f4f8270edda029e`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38681`
MD5	`05672f130b1d98a1f63e94feb718f890`
SHA1	`7fe2e54b12ac8f7a42e54e28c5520d45dd58ac91`
SHA256	`10fc8351e8d8d10eb4fcfa2eba1b28f710f02a80a98df53abe4447dc4a1b5824`
SHA3	`3845ead25a661e11f376d7df9a609fa38f3c7a04a6d9380a27da77875616f7f7`

CURSOR_LINK

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21924`
Detected Filetype	Cursor file
MD5	`5dc7e209423286f781406bf66a6df6c2`
SHA1	`4bc112ddca20993a9a73d3806aa49e268574a83f`
SHA256	`712173255e8074f1aa356ded677a990da27a4e9c4f3c42262f8c756262ef20b4`
SHA3	`bf2b23c0b10f5896dfd2900937a638275455fba96bfa46e254416a303b594da0`
Preview

102

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`c1c122f0803bda39a0a478b7f6f75954`
SHA1	`69dc2bcb5214afae0d924867d59ece9c0c0f1f64`
SHA256	`62b460dcfdda934b386205e7f4a16da00a73c2ca7f4ea9a396fb25537fb33b76`
SHA3	`ffeff2838ef20f5e9b000b10f6538617dbf201bb6d23fa2831e24c8652fc93c5`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3129`
MD5	`db87f91906950d2d3c6a0ac7f1b05c6a`
SHA1	`176d59a207de50108a7bc19fb3be1a6b53bf33bb`
SHA256	`e3cd021828798c8f84a1ee2214cfe41193b94b9f15c9ed6207b7dccd1c8f164b`
SHA3	`bce7fce5ff70862e2783d82bf67e4e0b08b5d3cee86af248dda6a95bfe077bf0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.12.0.0
ProductVersion	1.0.4.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Blizzard Entertainment
FileDescription	Starcraft
FileVersion (#2)	Version 1.12
InternalName	Starcraft
LegalCopyright	Copyright © 1998
OriginalFilename	Starcraft.exe
ProductName	Starcraft
ProductVersion (#2)	Version 1.04

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xc87c0da9`
Unmarked objects	`0`
Resource objects (VS97 SP3 cvtres 5.00.1668)	`1`
Unmarked objects (#2)	`684`
Imports (VS97 SP3 link 5.10.7303)	`116`

Errors

Leave a comment

No comments yet.