47f0bdc00d524935134d5c7b375088c17a5c712cd886cf83a89af0e14dec0630

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1998-Oct-17 06:11:47
Detected languages English - United States
CompanyName Blizzard Entertainment
FileDescription Starcraft
FileVersion Version 1.12
InternalName Starcraft
LegalCopyright Copyright © 1998
OriginalFilename Starcraft.exe
ProductName Starcraft
ProductVersion Version 1.04

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C 5.0
MASM/TASM - sig1(h)
Microsoft Visual C++
Info Interesting strings found in the binary: Contains domain names:
  • Battle.net
  • battle.net
  • boundRect.top
  • dstrect.top
  • searchLimit.top
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA1
Malicious The file headers were tampered with. The RICH header checksum is invalid.
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • FindWindowA
Code injection capabilities (PowerLoader):
  • FindWindowA
  • GetWindowLongA
Can access the registry:
  • RegDeleteValueA
  • RegOpenKeyA
Possibly launches other programs:
  • ShellExecuteA
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Enumerates local disk drives:
  • GetLogicalDriveStringsA
  • GetDriveTypeA
Can take screenshots:
  • FindWindowA
  • GetDC
  • CreateCompatibleDC
Info The PE's resources present abnormal characteristics. Resource 202 is possibly compressed or encrypted.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 7b0721a69ab3a19bc055c807b34ff3fc
SHA1 0d16a9b36c56827e8c552a710e29f8c0a9e547d2
SHA256 47f0bdc00d524935134d5c7b375088c17a5c712cd886cf83a89af0e14dec0630
SHA3 5880240a0b05e263b37be9e719c8efe2433b754eab88f7d72c2754815659be81
SSDeep 24576:8YjTiefr3TMhdo3JO9q9rMxitNs4KHWCgaKbnjMdJ/O:zOezD17nTyKrkM
Imports Hash 78e199bdada8e79340976073ed0caddd

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1998-Oct-17 06:11:47
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x102600
SizeOfInitializedData 0x1fa400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000E5B30 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x104000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x300000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 de370c31aa9a9dab3050a8a1b52afba0
SHA1 b197fedbaa08e4b743c549f46a38bd8db290ddf9
SHA256 23c9a54964e5323c020a759a269f60c57465a1f617e3c02275b09d3c969bd03a
SHA3 d18c809e3ce9f4069a1864266c081b76c687c444beb66735e0fee23818408720
VirtualSize 0x102590
VirtualAddress 0x1000
SizeOfRawData 0x102600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.67806

.rdata

MD5 155ea40bbaafbe36f6db7ce049169776
SHA1 513f986248cfdf79be423c69631f426639b2ac7f
SHA256 755457a75c4c42cc56c16ab9abadba3259b833f9f36ea7f95496efef7d9a97e2
SHA3 fbdf3c85931fdb6ac86e69399c488096c5ac725d426c9f9eda944acc32a40cea
VirtualSize 0x35f1
VirtualAddress 0x104000
SizeOfRawData 0x3600
PointerToRawData 0x102a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.4402

.data

MD5 cc2470a6409592e4fa2ea4cb9acb0007
SHA1 7dbecc9f359282bde9019a29f34b3480ed05b3ff
SHA256 19637d07dfbea415924ef7d46fa4a06b05b9d5e57749d23d979bbfb36a0b6ccd
SHA3 ad7f0e859e6f5982cd962c9911af2eb499071bec6c64273705e245699337fae1
VirtualSize 0x1f58fc
VirtualAddress 0x108000
SizeOfRawData 0x24600
PointerToRawData 0x106000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.23646

.rsrc

MD5 47ebf7697438eb91967ea928cfdb4ead
SHA1 c6706107d54e09fd751b183c50485ab5d1cf1b8a
SHA256 0cb64f740adf36cd80aacf0c673962e03526bee75fcf6b2d70a1bc6d0ef97a94
SHA3 6e4d274a914eeb40ef4f842c03a1a9bc61bb493b7c833cf68271033eef13f938
VirtualSize 0x1378
VirtualAddress 0x2fe000
SizeOfRawData 0x1400
PointerToRawData 0x12a600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.45587

Imports

storm.dll #140
#106
#119
#109
#130
#115
#138
#137
#139
#123
#102
#122
#121
#128
#127
#462
#134
#117
#120
#105
#261
#257
#264
#275
#468
#437
#440
#436
#443
#438
#432
#354
#351
#523
#524
#529
#525
#452
#334
#331
#332
#255
#258
#272
#266
#502
#133
#118
#103
#116
#424
#421
#252
#321
#451
#112
#107
#457
#454
#458
#386
#389
#393
#390
#385
#383
#314
#216
#422
#425
#206
#211
#431
#221
#434
#445
#125
#113
#222
#357
#346
#506
#208
#114
#505
#323
#325
#269
#265
#253
#267
#268
#463
#276
#274
#342
#423
#426
#482
#442
#465
#503
#350
#356
#401
#501
#256
#453
#260
#313
#403
SHELL32.dll FindExecutableA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
KERNEL32.dll HeapDestroy
GetFileType
GetStdHandle
HeapCreate
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
UnhandledExceptionFilter
WriteFile
HeapFree
HeapSize
HeapAlloc
HeapReAlloc
GetCurrentProcess
TerminateProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
TlsGetValue
GetLocaleInfoA
LCMapStringW
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
GetVersion
GetStartupInfoA
SetConsoleCtrlHandler
ExitThread
TlsSetValue
CreateThread
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetSystemTime
GetTimeZoneInformation
FreeLibrary
GetFileSize
RaiseException
SetLastError
EnterCriticalSection
SetFileAttributesA
CompareStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
SetFilePointer
SetEndOfFile
ReadFile
GetLocaleInfoW
CompareStringA
TlsAlloc
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
SetEvent
GetDateFormatA
GetTimeFormatA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTickCount
IsBadWritePtr
Sleep
IsBadReadPtr
GetModuleHandleA
VirtualQuery
lstrcpynA
FormatMessageA
SetUnhandledExceptionFilter
GetLastError
CloseHandle
WaitForMultipleObjects
MulDiv
CreateDirectoryA
GetLogicalDriveStringsA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
WaitForSingleObject
VirtualProtect
VirtualAlloc
CreateEventA
VirtualFree
GetDriveTypeA
LockResource
GetCommandLineA
GlobalMemoryStatus
GetDiskFreeSpaceA
GetSystemInfo
LoadResource
SizeofResource
FindResourceA
CompareFileTime
USER32.dll DefWindowProcA
SendMessageA
ClipCursor
LoadStringA
LoadAcceleratorsA
PtInRect
DestroyAcceleratorTable
ReleaseCapture
SetCapture
PostMessageA
GetKeyState
SetFocus
FindWindowA
ShowCursor
SetCursorPos
GetCursorPos
SetCursor
LoadCursorA
EndPaint
BeginPaint
IsIconic
DispatchMessageA
TranslateMessage
PeekMessageA
GetMessageA
TranslateAcceleratorA
GetWindow
GetClassNameA
GetForegroundWindow
GetDesktopWindow
SetRect
GetActiveWindow
ReleaseDC
GetDC
GetDlgItem
GetWindowLongA
InvalidateRect
OffsetRect
GetWindowRect
GetParent
SendDlgItemMessageA
ShowWindow
EnableWindow
UpdateWindow
DrawTextA
GetSysColor
GetFocus
ScreenToClient
GetClientRect
SetWindowLongA
MessageBoxA
SetWindowTextA
SetActiveWindow
SetForegroundWindow
EnumWindows
GetWindowThreadProcessId
KillTimer
SetTimer
DialogBoxParamA
SetDlgItemTextA
SetWindowPos
EndDialog
CreateWindowExA
GetSystemMetrics
RegisterClassA
LoadIconA
GetTopWindow
GetLastActivePopup
GDI32.dll GetDeviceCaps
MoveToEx
TextOutA
GetPaletteEntries
GetStockObject
DeleteDC
GetTextExtentPoint32A
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GetObjectA
DeleteObject
GetTextMetricsA
ExtTextOutA
GetTextExtentExPointA
SetTextColor
SetBkColor
SetTextAlign
CreateFontA
VERSION.dll GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
ADVAPI32.dll GetUserNameA
RegDeleteValueA
RegOpenKeyA

Delayed Imports

202

Type VCOD
Language English - United States
Codepage UNKNOWN
Size 0x410
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.84989
MD5 ff623e8d6ee191b4c3c2417307211dc4
SHA1 7be8c264e97b070a1f64a4af79e647c2593351af
SHA256 c13ca25290b5d075eae9705d68a7b8c30af498c36c10e138627f8b49b795392f
SHA3 85a4bf7ebc9c6856d5ba72644460bbfaa9ba4b92da3ea0920650fc7157b25e45

3

Type RT_CURSOR
Language English - United States
Codepage UNKNOWN
Size 0x2ec
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.42894
MD5 7af369189ad6aef33807467e9cee257e
SHA1 a520c12a8deee3e181608e917befb0d850edcba3
SHA256 8cfd5166103ef9f240fe95a23b43bba777f8eb96f2fd9f286004e2a893e9bb56
SHA3 1b28d032f8edc381a02d00e6ef3dabafeaa27448b1e54687abadc52571173098

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.51038
MD5 11ff615f10374e328dff1f63de28ed4a
SHA1 44a75b5da176e5a2e455429659e80884e428bab8
SHA256 c4ba8d44c2d8e33a5a82787abf68fd46a4564e455eb56a86bf8fe25bd0d741ca
SHA3 c37377c234bb6948052b69af817a3fd96e6a151826bf870752205c42986e9197

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.60525
MD5 5a280d72d21a16b7f5eb4721f9b483bc
SHA1 2fb704125cb010cd7d4f4573ae6d25ac2acb2777
SHA256 7d00a4815e44f14cc0d4c08f682546b8896f8fa1ee58af80b6a94b9342dd2205
SHA3 056ed5a8b92a51092fb42135913bf62c35fa1efab46ad7624f4f8270edda029e

106

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x2ec
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38681
MD5 05672f130b1d98a1f63e94feb718f890
SHA1 7fe2e54b12ac8f7a42e54e28c5520d45dd58ac91
SHA256 10fc8351e8d8d10eb4fcfa2eba1b28f710f02a80a98df53abe4447dc4a1b5824
SHA3 3845ead25a661e11f376d7df9a609fa38f3c7a04a6d9380a27da77875616f7f7

CURSOR_LINK

Type RT_GROUP_CURSOR
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21924
Detected Filetype Cursor file
MD5 5dc7e209423286f781406bf66a6df6c2
SHA1 4bc112ddca20993a9a73d3806aa49e268574a83f
SHA256 712173255e8074f1aa356ded677a990da27a4e9c4f3c42262f8c756262ef20b4
SHA3 bf2b23c0b10f5896dfd2900937a638275455fba96bfa46e254416a303b594da0
Preview

102

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37086
Detected Filetype Icon file
MD5 c1c122f0803bda39a0a478b7f6f75954
SHA1 69dc2bcb5214afae0d924867d59ece9c0c0f1f64
SHA256 62b460dcfdda934b386205e7f4a16da00a73c2ca7f4ea9a396fb25537fb33b76
SHA3 ffeff2838ef20f5e9b000b10f6538617dbf201bb6d23fa2831e24c8652fc93c5

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2d8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.3129
MD5 db87f91906950d2d3c6a0ac7f1b05c6a
SHA1 176d59a207de50108a7bc19fb3be1a6b53bf33bb
SHA256 e3cd021828798c8f84a1ee2214cfe41193b94b9f15c9ed6207b7dccd1c8f164b
SHA3 bce7fce5ff70862e2783d82bf67e4e0b08b5d3cee86af248dda6a95bfe077bf0

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.12.0.0
ProductVersion 1.0.4.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Blizzard Entertainment
FileDescription Starcraft
FileVersion (#2) Version 1.12
InternalName Starcraft
LegalCopyright Copyright © 1998
OriginalFilename Starcraft.exe
ProductName Starcraft
ProductVersion (#2) Version 1.04
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xc87c0da9
Unmarked objects 0
Resource objects (VS97 SP3 cvtres 5.00.1668) 1
Unmarked objects (#2) 684
Imports (VS97 SP3 link 5.10.7303) 116

Errors

Leave a comment

No comments yet.