Manalyze report for 664b92a313283249604c0220e5ea7a1f1866ae4c0732b9195d8178b61545a412

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Apr-11 17:22:42
Detected languages	English - United States Malay - Malaysia
Debug artifacts	D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegQueryValueExA RegCloseKey RegSetValueExW RegQueryValueExW RegCreateKeyExA RegOpenKeyExA RegSetValueExA` `Possibly launches other programs: CreateProcessW` `Manipulates other processes: OpenProcess`
Suspicious	The PE is possibly a dropper.	`Resources amount for 75.3569% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-01-02 16:03:24)	`All the AVs think this file is safe.`

Hashes

MD5	`313c4f0ac63e6c765c5cd359d697da76`
SHA1	`8df16c3f21b3806baf8d1eef613634ee9c67a72d`
SHA256	`664b92a313283249604c0220e5ea7a1f1866ae4c0732b9195d8178b61545a412`
SHA3	`abcf9677abec71b9323544f1a13e3075af4df6497529fc9382b7e16ca73bc9d7`
SSDeep	`12288:CLRFveiwDaQ4sVCo13rhFlzo8+TVMRq6:CLRFvevaQb1flUVZo`
Imports Hash	`903779526007e11b7ce5986ad4a6fbad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2017-Apr-11 17:22:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0xa9600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008D38 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xba000`
SizeOfHeaders	`0x400`
Checksum	`0x4a47c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9de63d6156e0bf5ea0aac1b5a9b50ce5`
SHA1	`3721aa3c5c39beb0bbe9c6650105a1ab165f424e`
SHA256	`509173070343b477b9d338de7607598656604061a86a9c014b8473a50503e02e`
SHA3	`e549787e4abbcf9a382e5675e6be80fc88628ec3937bad04de57535c44c1b9b6`
VirtualSize	`0xcdfb`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.05976`

.rdata

MD5	`61b5cdf26febdd0e33fab68291f9851a`
SHA1	`ebc74b3d5ad405824d70a3f44548167d78e28c5c`
SHA256	`b9c5704ea29e592711f37dd38d30656a7f3cf3389bdaaafd976aaee0067b0535`
SHA3	`969d1c49af6f1f95e989385e8ef0295542c886f893dd35cead94772153d09707`
VirtualSize	`0x8722`
VirtualAddress	`0xe000`
SizeOfRawData	`0x8800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66515`

.data

MD5	`05b377beee33887316576d0c02976743`
SHA1	`ed8d9fcb352a2b24cb898b42d6476a288380e964`
SHA256	`8499556bb7be4dc1b3a52541f01b984ffcc61dcd83c7060a8e7038561fc70a78`
SHA3	`eee653e5ca3f9c47b5210ece72d26db96d6eb6e967e43ababd117d5353d2f062`
VirtualSize	`0x15050`
VirtualAddress	`0x17000`
SizeOfRawData	`0x14a00`
PointerToRawData	`0x15a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.50562`

.pdata

MD5	`955f357c8402e2e44ba06778176f274d`
SHA1	`004e0416a6848776df4a981b48c5a0e9b642f9bc`
SHA256	`5e99ce7caf8d97cc40f6b0c91731d129af8781d007a18ca7d00a39db505bb858`
SHA3	`4ccc4e4b8da516a1b5eb6f08cf7e9966f3f9d227fba8be28b9930f19bad06886`
VirtualSize	`0xaa4`
VirtualAddress	`0x2d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x2a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47501`

.rsrc

MD5	`3dd4099bc3d4ad8c09d42058899dc2ad`
SHA1	`9ff4452e0f3a7d92b8d53542569ab9cef8ff8c8c`
SHA256	`a51d544ebb366aaa521d93b90943b8d1c8a2a3d09e1a63e88fc8b9e348ae5062`
SHA3	`936e2231426d3c4ef79f7aeace0d1365e877b49c88771e55347528e740fa88a5`
VirtualSize	`0x89b20`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x89c00`
PointerToRawData	`0x2b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.45812`

.reloc

MD5	`b10e6241494265c6c56ad938d32e41ef`
SHA1	`dc924da81877fd5174eff08b4ded190dc043d4f1`
SHA256	`bc5676ee6548a77f89d787c5d8284e81d5234626c4dc212cc365728d2cfde6fe`
SHA3	`7a930ab5a6a2da376d7fed6a23c3289896616dde9b51fde7a7817d0ddfdc5866`
VirtualSize	`0x1ab0`
VirtualAddress	`0xb8000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xb4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.20199`

Imports

KERNEL32.dll	`GetPrivateProfileIntW` `GetPrivateProfileStringW` `FindFirstFileW` `FindClose` `GetCommandLineW` `GetModuleFileNameW` `GetCurrentDirectoryW` `GetPrivateProfileSectionNamesW` `GetCurrentProcessId` `OpenProcess` `CreateThread` `CreateProcessW` `ResumeThread` `WaitForSingleObject` `GetExitCodeThread` `Sleep` `MultiByteToWideChar` `GetLastError` `DecodePointer` `EncodePointer` `GetStartupInfoW` `TerminateProcess` `UnhandledExceptionFilter` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `WideCharToMultiByte` `OpenFileMappingA` `CreateSemaphoreW` `SetEvent` `CreateEventA` `MapViewOfFile` `CreateFileMappingA` `CloseHandle` `GetCurrentProcess` `UnmapViewOfFile`
USER32.dll	`TranslateMessage` `SendMessageW` `PostQuitMessage` `DestroyWindow` `DispatchMessageW` `CreateDialogParamW` `IsDialogMessageW` `GetMessageW` `ShowWindow` `MoveWindow` `GetDesktopWindow` `GetWindowRect` `MessageBoxW`
ADVAPI32.dll	`RegQueryValueExA` `RegCloseKey` `RegSetValueExW` `RegQueryValueExW` `RegCreateKeyExA` `RegOpenKeyExA` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `RegSetValueExA`
SHELL32.dll	`CommandLineToArgvW`
MSVCP100.dll	`?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z`
PSAPI.DLL	`GetModuleFileNameExW`
WINTRUST.dll	`WinVerifyTrust`
MSVCR100.dll	`_wcsicmp` `memset` `memcmp` `_CxxThrowException` `memcpy` `__CxxFrameHandler3` `??3@YAXPEAX@Z` `memmove` `??0exception@std@@QEAA@AEBV01@@Z` `?what@exception@std@@UEBAPEBDXZ` `??1exception@std@@UEAA@XZ` `??0exception@std@@QEAA@AEBQEBD@Z` `??2@YAPEAX_K@Z` `_wputenv` `_vswprintf_c_l` `tolower` `_wtoi` `fopen_s` `fread` `fclose` `atoi` `sprintf_s` `memchr` `??_V@YAXPEAX@Z` `__C_specific_handler` `_unlock` `__dllonexit` `_lock` `_onexit` `_amsg_exit` `__getmainargs` `_XcptFilter` `_exit` `_ismbblead` `_cexit` `exit` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `__crt_debugger_hook` `?terminate@@YAXXZ` `?_type_info_dtor_internal_method@type_info@@QEAAXXZ`

Delayed Imports

8192

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38384`
MD5	`da96bb97c118c49c84e462d4eaa7773b`
SHA1	`1685331920d1631589f9f3511964bee6b5d4226d`
SHA256	`5f581beeb617d563e10d19de180babe92d0065a8d33cf308457cd695380587ec`
SHA3	`a9e355f5faf52e4eb6575e561d246592debfe6c8e76f0cbd33678bc4bad1dd6d`

8193

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.4516`
MD5	`1e972b1f2a0ac4ff4329871c830dde85`
SHA1	`726b5f305798a4c0a2145c6ab86809233152c696`
SHA256	`9e41c141ae59ec7a7764c37b275f3ee574467fb12103ab99dc21b9c51285c56e`
SHA3	`926bafd40b26c6dabd23881edacd85fa85c2a12c3fa9ad56e9dc015a03bafffc`

8194

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.51324`
MD5	`de9e81f1fa247ab4162ff89fdb0ad548`
SHA1	`6389475e6eceb58e10347807fc8fbfcc546b9880`
SHA256	`58795ed4705e7fa1fd3930b84274bdcdb7d1cd3463e598294a8136dfd7113193`
SHA3	`58053626e65c40977cc58c4b2cc57528e96b94cba010557c87bafd536d3dabf3`

8195

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57345`
MD5	`0fb8aadf778265be3bb470340716b497`
SHA1	`bf8a18a9520bb7b5e127b46e17ae622f8a68908f`
SHA256	`8bfcdfa9db15bdaede9a8c2780c15358467931fa584c794633a9a8655166b1ff`
SHA3	`0f7a4c94fc70ed70d3d23a83cfdf523d3072f4ca3b39501fa862e130904f166f`

8196

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.63245`
MD5	`7cbbad3dda357734e692c3fc9b43d065`
SHA1	`51e07c9a7559019057797c3dfe7e7e164f6c4fcf`
SHA256	`47be4b4358a23fae8958f9404c34bdce46bff4467bc6f45cba7b4c8f571a9962`
SHA3	`2e540df537d54e6d776b9de87d88f38e7ea7322ba6c3503783072c62d97479a5`

8197

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.60178`
MD5	`f2fe3901b0927fd8c8e037e3e8307167`
SHA1	`125b930cafd230ebdaaf4b1029a6f2d681c1ee53`
SHA256	`34eb2132ef0d8f1e21d3ee09d8161c355debd4a7a8b34a239f2fe3d0d978ac2f`
SHA3	`9e7c3d85dec1b75bc4c4c10591a258410ea5723568a4cbf2f4db2677d45a64ea`

8198

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64396`
MD5	`f2277345fb86bc99799c79a068fa659d`
SHA1	`44112121e2ae4b70ce1b8b4964bffd71d9a74c2d`
SHA256	`d61014b03e6606653d18e8ee2d226cbb00518be6bc55fb37bbcc41b7181af5e5`
SHA3	`3a2630be018891d759475753b5359063c49896501d2b2a2640089aa5f4e830ac`

8199

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54408`
MD5	`e6b0c3e2a748227502c6e547d18c6fc0`
SHA1	`e626fc268036d02c271b3a39a6019631809d2181`
SHA256	`06a3eb661ebe9e8a444084d77902386bfece109cc721885c175ebeae0cf2b1a9`
SHA3	`e5f8c285f9989c2c9020fa80d02c0eeb9d42ecca1c19d53754d8ff64e61a8d65`

8200

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39`
MD5	`fd66a9ab0ac2bd44d8e34af0fdd3ab72`
SHA1	`6ac49fd6602e05e869b19f48546ed1b49bd81d54`
SHA256	`5ec015592655f8f42f7c6174b9d67862e06c3b89b1a0441ee84e8de9b05bb9ac`
SHA3	`7aec72c81cb1296679f67459bca85cd9c928aa753237b385f54e3e1656a4fe07`

129

Type	`RT_DIALOG`
Language	Malay - Malaysia
Codepage	Latin 1 / Western European
Size	`0x106`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17698`
MD5	`d264619bd6677aad38030c167fa9b8b6`
SHA1	`e4ba7ece527e2d38d08db87fc3ad0e7004a05115`
SHA256	`4d5e1892d08e3ca58b98fceb3f391f7baf3347fcce98605da5fbd3a9c4753639`
SHA3	`b80ead30649d508a6dd04b57fe7040b367d10fa271eccc693e80fc7d4637b120`

1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14071`
Detected Filetype	Icon file
MD5	`220809ad6705ee95d245b5a3a0e105d3`
SHA1	`94b4aedb952435ebe10da66f5322ac3857a25903`
SHA256	`8cef45e59e635544c7993e541b293b15917fe4e26c689f663ff2d208ad39f75d`
SHA3	`9de441d10fa04e12745972629817cdb3be9730338075477633bae691e8af1381`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Apr-11 17:22:42
Version	`0.0`
SizeofData	`97`
AddressOfRawData	`0x13958`
PointerToRawData	`0x12b58`
Referenced File	D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x1ed76732`
Unmarked objects	`0`
152 (20115)	`2`
ASM objects (VS2010 SP1 build 40219)	`3`
C objects (VS2010 SP1 build 40219)	`18`
Imports (VS2010 SP1 build 40219)	`4`
C++ objects (VS2010 SP1 build 40219)	`13`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`118`
175 (VS2010 SP1 build 40219)	`6`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.