Manalyze report for 4f96e1567f5f5c21a9881e25a4a462428ee8cfd9e5bdce0318169b377227825f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1998-Sep-01 23:39:46
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Age of Empires, the Rise of Rome
FileVersion	`00.04.2.0901`
InternalName	EMPIRES
LegalCopyright	Copyright Â© Microsoft Corp. 1998
OriginalFilename	EMPIRESX.EXE
ProductName	Age of Empires, the Rise of Rome
ProductVersion	`1.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C 5.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: THIS_COD` `Unusual section name found: THIS_DAT` `Unusual section name found: Inf32Dat`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegSetValueExA RegQueryValueExA RegCloseKey RegCreateKeyExA` `Possibly launches other programs: WinExec` `Can create temporary files: GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: GetAsyncKeyState GetForegroundWindow` `Enumerates local disk drives: GetVolumeInformationA GetDriveTypeA` `Can take screenshots: FindWindowA GetDC` `Reads the contents of the clipboard: GetClipboardData`
Safe	VirusTotal score: 0/71 (Scanned on 2026-01-14 09:25:37)	`All the AVs think this file is safe.`

Hashes

MD5	`ffc85adc2c4f3db806e544d23eb7927b`
SHA1	`079831d2e8877083282709558da07ef92193e35f`
SHA256	`4f96e1567f5f5c21a9881e25a4a462428ee8cfd9e5bdce0318169b377227825f`
SHA3	`3d39b0f0ec07a34467333e7eaf8a980217fc088c0e157a1a479bd1946eb842a6`
SSDeep	`24576:qlgHRvLb9qjIuyLhZG7o385f7uYnZrzkEQzMCl0cKQiXwjMnKHQoJ4C:NDhqIGX5f78QkjwI`
Imports Hash	`881b6503cc1afb4d4e4248666f6854b2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1998-Sep-01 23:39:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x144e00`
SizeOfInitializedData	`0x2a0200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0012BEC0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x147000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3e9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`43b79a1bcdf83fb81a982a1e5861604a`
SHA1	`dbfe3d4cd10185a4bf755166e025358acbb0eecd`
SHA256	`9fea10798e3cdf38d648ff48adcc0d669da76fe009350fee06d68a7d82b5c28a`
SHA3	`34c9ce853ddb1044363b61c800f6a10a5041160b05528d41bae1003bb09243f3`
VirtualSize	`0x13a175`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13a200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49068`

THIS_COD

MD5	`037a5b598e9c40a1f8b9365a15cbcad2`
SHA1	`8974a3e58504a75696c9febaa1ee24b93a418652`
SHA256	`715b83da6660f2c9256b4aec3f9e7ae1b60c7265abffc341ba0e031e8ed3512b`
SHA3	`792d76e64391bdd8f49804e1fefeb508c3d374b9d6fcd2bec1f1751cb597e5cd`
VirtualSize	`0xabe1`
VirtualAddress	`0x13c000`
SizeOfRawData	`0xac00`
PointerToRawData	`0x13a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.97885`

.rdata

MD5	`8df625c9bbf69904845965a8fa09d9c2`
SHA1	`ec2ea6d40cbb3f2d933ef9efe86065b505d5c016`
SHA256	`ab9b5f27c43f8bfaecafd21a6bfaebd0630473ae64386f701a88eb164511511e`
SHA3	`6694df8714e7c74bb8833c2555b06b3bab1f5b4c4b023c9674728278a4927a7f`
VirtualSize	`0xf6c0`
VirtualAddress	`0x147000`
SizeOfRawData	`0xf800`
PointerToRawData	`0x145200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65549`

.data

MD5	`d9c019467b3c3979b38c7ecedd9aad91`
SHA1	`181de81842af86ff3dad0bdc62971db654bb6e74`
SHA256	`fb94c9c919dfecde7dd7b68dc6a40d223c8bbaaa0046cecce96a289435c1c65a`
SHA3	`919e866900d7b9b324829f9bc90d1400f93114f0f033d208e690324581980fc6`
VirtualSize	`0x282ed4`
VirtualAddress	`0x157000`
SizeOfRawData	`0xf600`
PointerToRawData	`0x154a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.59849`

.idata

MD5	`c098dfc35a1205c8ab71211cec63043d`
SHA1	`4e78ed378374a8373f34d59c39ded6591a73e836`
SHA256	`e00bb2f3388f3a2c8c2dda0119dd6d4bee24de7dd3f6a03e89bf1dd8481c68de`
SHA3	`a76afd080859b81a44cdb835de39dbcd03721ccfe841430b4ee285962518e7d3`
VirtualSize	`0x18fe`
VirtualAddress	`0x3da000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x164000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.40097`

THIS_DAT

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x90`
VirtualAddress	`0x3dc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x165a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

Inf32Dat

MD5	`78f9a804146e0122f871bc8fda17b5d3`
SHA1	`e17cc71850c38881840d41a23eafe43d208d27e8`
SHA256	`6c78cd987afa58377801fbe4750f19410991d150ed7b75b0686dfe3d87d97a8d`
SHA3	`c51355470c46298c5d79004b232b757ff45fb8cfe2e221936a9f986fb5f3d309`
VirtualSize	`0xad90`
VirtualAddress	`0x3dd000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x165c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`b3c235458fbc71d5368916964293ec0c`
SHA1	`6232df1bedc9370ca474fd629aefb0a1fa9cd154`
SHA256	`e0d10e6bb1c393e12ef6ffa277364079a6268bde959099bb6c62d1fa467707a0`
SHA3	`edc3116f86ea7097fcd3d754c1bd36b1e7d478dd2d48b6ef9f6cfd3a8e4a9873`
VirtualSize	`0xea8`
VirtualAddress	`0x3e8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x170a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.11403`

Imports

VERSION.dll	`GetFileVersionInfoSizeA` `VerQueryValueA` `GetFileVersionInfoA`
KERNEL32.dll	`FindFirstFileA` `FindClose` `WinExec` `OutputDebugStringA` `VirtualFree` `GetTempPathA` `GetTempFileNameA` `UnmapViewOfFile` `CreateFileA` `CreateFileMappingA` `MapViewOfFile` `CompareStringA` `IsDBCSLeadByte` `GetVersionExA` `FileTimeToSystemTime` `GetProcAddress` `_llseek` `_lread` `GlobalAlloc` `GetModuleHandleA` `FindResourceA` `LoadResource` `LockResource` `GlobalHandle` `GlobalUnlock` `GlobalReAlloc` `GlobalLock` `GlobalFree` `_hread` `_lclose` `GetLastError` `GetModuleFileNameA` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `GetVolumeInformationA` `MulDiv` `SetEnvironmentVariableA` `WriteFile` `SetFilePointer` `GetFileType` `ReadFile` `FileTimeToLocalFileTime` `FindNextFileA` `GetLocalTime` `GetSystemTime` `GetTimeZoneInformation` `DeleteFileA` `HeapFree` `HeapAlloc` `RtlUnwind` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetUnhandledExceptionFilter` `IsBadReadPtr` `IsBadWritePtr` `IsBadCodePtr` `CompareStringW` `WideCharToMultiByte` `GetFullPathNameA` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `GetStartupInfoA` `GetCommandLineA` `GetVersion` `HeapDestroy` `HeapCreate` `VirtualAlloc` `FlushFileBuffers` `SetHandleCount` `GetStdHandle` `GetCPInfo` `GetACP` `GetOEMCP` `HeapSize` `ReleaseMutex` `GetStringTypeA` `GetStringTypeW` `MultiByteToWideChar` `SetStdHandle` `SetEndOfFile` `CreateMutexA` `LCMapStringA` `LCMapStringW` `RaiseException` `HeapReAlloc` `GetCurrentDirectoryA` `OpenFile` `GlobalMemoryStatus` `LoadLibraryA` `FreeLibrary` `CloseHandle` `GetDriveTypeA`
USER32.dll	`GetMessageA` `TranslateMessage` `FindWindowA` `DestroyWindow` `InvalidateRect` `PeekMessageA` `DispatchMessageA` `CharUpperA` `RegisterClassA` `LoadIconA` `UpdateWindow` `SetWindowPos` `GetClientRect` `GetWindowRect` `CreateWindowExA` `GetSystemMetrics` `GetWindowThreadProcessId` `GetKeyState` `ReleaseDC` `GetDC` `BringWindowToTop` `GetLastActivePopup` `LoadStringA` `SetForegroundWindow` `IsIconic` `GetUpdateRect` `ValidateRect` `FillRect` `ScreenToClient` `GetCursorPos` `SetClassLongA` `SetCursor` `GetWindowTextA` `GetKeyboardState` `GetAsyncKeyState` `GetForegroundWindow` `DrawTextA` `IsClipboardFormatAvailable` `SendMessageA` `SystemParametersInfoA` `ShowWindow` `SetFocus` `SetTimer` `LoadCursorA` `OpenClipboard` `GetClipboardData` `CloseClipboard` `GetCaretBlinkTime` `DrawTextExA` `CallWindowProcA` `MoveWindow` `GetFocus` `MessageBeep` `GetWindowLongA` `SetSysColors` `GetSysColor` `SetCursorPos` `MessageBoxA` `SetRect` `ClientToScreen` `WinHelpA` `GetActiveWindow` `PostMessageA` `SetWindowLongA` `GetCapture` `ReleaseCapture` `SetCapture` `SetWindowTextA` `KillTimer` `PostQuitMessage` `DefWindowProcA`
GDI32.dll	`CreatePalette` `GetPaletteEntries` `GetDeviceCaps` `GetTextMetricsA` `SelectObject` `CreateFontIndirectA` `GetStockObject` `RealizePalette` `SelectPalette` `DeleteDC` `CreateICA` `GetObjectA` `DeleteObject` `GetNearestPaletteIndex` `SetPaletteEntries` `ResizePalette` `GetSystemPaletteEntries` `CreateRectRgn` `SelectClipRgn` `TextOutA` `SetTextColor` `GetTextExtentPoint32A` `SetBkMode` `SetBkColor` `LineTo` `MoveToEx` `CreatePen`
ADVAPI32.dll	`RegSetValueExA` `RegQueryValueExA` `RegCloseKey` `RegCreateKeyExA`
DPLAYX.dll	`#1` `#4` `#2`
DSOUND.dll	`DirectSoundCreate`
DDRAW.dll	`DirectDrawCreate`
WINMM.dll	`mixerGetLineControlsA` `mixerGetControlDetailsA` `mixerClose` `mixerGetLineInfoA` `timeKillEvent` `timeEndPeriod` `timeBeginPeriod` `timeSetEvent` `mixerSetControlDetails` `mixerOpen` `mmioGetInfo` `mmioAdvance` `mmioSetInfo` `mmioOpenA` `mmioDescend` `mmioRead` `mmioAscend` `mciSendCommandA` `timeGetTime` `mixerGetNumDevs` `mciGetErrorStringA` `mmioClose` `mmioSeek`
IMM32.dll	`ImmReleaseContext` `ImmNotifyIME` `ImmGetContext` `ImmAssociateContext` `ImmSetOpenStatus`
MSVFW32.dll	`ICInfo` `MCIWndCreateA`
ole32.dll	`CoInitialize` `CoCreateInstance` `CoUninitialize`
WSOCK32.dll	`WSAStartup` `gethostbyname` `gethostname` `WSACleanup`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa58`
TimeDateStamp	1998-Sep-01 23:39:45
Entropy	`4.33398`
MD5	`1afaf1f8eb9c7bfc4f046d23bafbd80f`
SHA1	`51b75ae3cab4ff391e147920fb0de3505395dd1a`
SHA256	`ffd6e4e51faacfe815b86dd1c483c44985c86a29383a05021b5e6d1cc2262128`
SHA3	`7cc686735d953699def0b5aa63e123b3bda799188e122995eb9dcee2a10dee6b`

APPICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1998-Sep-01 23:39:45
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`dc3820c2a681ba782f3d58296507941b`
SHA1	`6b0548a6fc29a189f62092617c1036bfc7323283`
SHA256	`5d8f896814696611c73497c04d810748bdf8f8488a1ab9a93415aa276c66e592`
SHA3	`e2241edd23faf4bb28f4e3fcae12efaba35bc80440cb9ecbaa514701362f033f`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x33c`
TimeDateStamp	1998-Sep-01 23:39:45
Entropy	`3.41239`
MD5	`dd65a096390069958fa2cf2ab2296a2b`
SHA1	`5c8a6e62d240eb6687da8f436c847bfa6287fc23`
SHA256	`5e3208bb52106e8005883b543c1c14413e3885660000204b69b471d279bf35af`
SHA3	`c55b1e883e24b2c48bb18b216af5a52c88eb413f5680699c74290f2e0780ddba`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.4.2.901
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Age of Empires, the Rise of Rome
FileVersion (#2)	00.04.2.0901
InternalName	EMPIRES
LegalCopyright	Copyright Â© Microsoft Corp. 1998
OriginalFilename	EMPIRESX.EXE
ProductName	Age of Empires, the Rise of Rome
ProductVersion (#2)	1.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.