Manalyze report for 76dd689766787c50f45109ec60364483aec3869fff49bf2efc7b2a365d9b90f4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Apr-11 17:22:42
Detected languages	English - United States Malay - Malaysia
Debug artifacts	D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegQueryValueExA RegCloseKey RegSetValueExW RegQueryValueExW RegCreateKeyExA RegOpenKeyExA RegSetValueExA` `Possibly launches other programs: CreateProcessW` `Manipulates other processes: OpenProcess`
Suspicious	The PE is possibly a dropper.	`Resources amount for 75.3569% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`2aa20f20a7805d0c95f92520577eda17`
SHA1	`b599d2066cc89c559baf156f318d55c709e4cd0e`
SHA256	`76dd689766787c50f45109ec60364483aec3869fff49bf2efc7b2a365d9b90f4`
SHA3	`7e13e552153e944b07aa3daf0bebeb5a5c3a1679e25c1a58f91a7da87603475e`
SSDeep	`12288:CLRFveiwDaQ4ss2YWO2mNLQsIHKhZS0T:CLRFvevaQzDsIHKhZS0T`
Imports Hash	`903779526007e11b7ce5986ad4a6fbad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2017-Apr-11 17:22:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0xa9600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008D38 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xba000`
SizeOfHeaders	`0x400`
Checksum	`0x4a47c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9de63d6156e0bf5ea0aac1b5a9b50ce5`
SHA1	`3721aa3c5c39beb0bbe9c6650105a1ab165f424e`
SHA256	`509173070343b477b9d338de7607598656604061a86a9c014b8473a50503e02e`
SHA3	`e549787e4abbcf9a382e5675e6be80fc88628ec3937bad04de57535c44c1b9b6`
VirtualSize	`0xcdfb`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.05976`

.rdata

MD5	`61b5cdf26febdd0e33fab68291f9851a`
SHA1	`ebc74b3d5ad405824d70a3f44548167d78e28c5c`
SHA256	`b9c5704ea29e592711f37dd38d30656a7f3cf3389bdaaafd976aaee0067b0535`
SHA3	`969d1c49af6f1f95e989385e8ef0295542c886f893dd35cead94772153d09707`
VirtualSize	`0x8722`
VirtualAddress	`0xe000`
SizeOfRawData	`0x8800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66515`

.data

MD5	`05b377beee33887316576d0c02976743`
SHA1	`ed8d9fcb352a2b24cb898b42d6476a288380e964`
SHA256	`8499556bb7be4dc1b3a52541f01b984ffcc61dcd83c7060a8e7038561fc70a78`
SHA3	`eee653e5ca3f9c47b5210ece72d26db96d6eb6e967e43ababd117d5353d2f062`
VirtualSize	`0x15050`
VirtualAddress	`0x17000`
SizeOfRawData	`0x14a00`
PointerToRawData	`0x15a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.50562`

.pdata

MD5	`955f357c8402e2e44ba06778176f274d`
SHA1	`004e0416a6848776df4a981b48c5a0e9b642f9bc`
SHA256	`5e99ce7caf8d97cc40f6b0c91731d129af8781d007a18ca7d00a39db505bb858`
SHA3	`4ccc4e4b8da516a1b5eb6f08cf7e9966f3f9d227fba8be28b9930f19bad06886`
VirtualSize	`0xaa4`
VirtualAddress	`0x2d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x2a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47501`

.rsrc

MD5	`8a94227d76a206db8fcb305de78041c0`
SHA1	`8b897f0b2128e91c2744578cd933a2b9eb538578`
SHA256	`be1e2be28aac907d04bc1f1df75a828a1f47483819d3900d2a1dbad965f47b31`
SHA3	`85931466993f254e9fe65b099aa42ccf430bb176ad1ff8a7627ff15e82bbcca6`
VirtualSize	`0x89b20`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x89c00`
PointerToRawData	`0x2b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.83418`

.reloc

MD5	`b10e6241494265c6c56ad938d32e41ef`
SHA1	`dc924da81877fd5174eff08b4ded190dc043d4f1`
SHA256	`bc5676ee6548a77f89d787c5d8284e81d5234626c4dc212cc365728d2cfde6fe`
SHA3	`7a930ab5a6a2da376d7fed6a23c3289896616dde9b51fde7a7817d0ddfdc5866`
VirtualSize	`0x1ab0`
VirtualAddress	`0xb8000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xb4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.20199`

Imports

KERNEL32.dll	`GetPrivateProfileIntW` `GetPrivateProfileStringW` `FindFirstFileW` `FindClose` `GetCommandLineW` `GetModuleFileNameW` `GetCurrentDirectoryW` `GetPrivateProfileSectionNamesW` `GetCurrentProcessId` `OpenProcess` `CreateThread` `CreateProcessW` `ResumeThread` `WaitForSingleObject` `GetExitCodeThread` `Sleep` `MultiByteToWideChar` `GetLastError` `DecodePointer` `EncodePointer` `GetStartupInfoW` `TerminateProcess` `UnhandledExceptionFilter` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `WideCharToMultiByte` `OpenFileMappingA` `CreateSemaphoreW` `SetEvent` `CreateEventA` `MapViewOfFile` `CreateFileMappingA` `CloseHandle` `GetCurrentProcess` `UnmapViewOfFile`
USER32.dll	`TranslateMessage` `SendMessageW` `PostQuitMessage` `DestroyWindow` `DispatchMessageW` `CreateDialogParamW` `IsDialogMessageW` `GetMessageW` `ShowWindow` `MoveWindow` `GetDesktopWindow` `GetWindowRect` `MessageBoxW`
ADVAPI32.dll	`RegQueryValueExA` `RegCloseKey` `RegSetValueExW` `RegQueryValueExW` `RegCreateKeyExA` `RegOpenKeyExA` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `RegSetValueExA`
SHELL32.dll	`CommandLineToArgvW`
MSVCP100.dll	`?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z`
PSAPI.DLL	`GetModuleFileNameExW`
WINTRUST.dll	`WinVerifyTrust`
MSVCR100.dll	`_wcsicmp` `memset` `memcmp` `_CxxThrowException` `memcpy` `__CxxFrameHandler3` `??3@YAXPEAX@Z` `memmove` `??0exception@std@@QEAA@AEBV01@@Z` `?what@exception@std@@UEBAPEBDXZ` `??1exception@std@@UEAA@XZ` `??0exception@std@@QEAA@AEBQEBD@Z` `??2@YAPEAX_K@Z` `_wputenv` `_vswprintf_c_l` `tolower` `_wtoi` `fopen_s` `fread` `fclose` `atoi` `sprintf_s` `memchr` `??_V@YAXPEAX@Z` `__C_specific_handler` `_unlock` `__dllonexit` `_lock` `_onexit` `_amsg_exit` `__getmainargs` `_XcptFilter` `_exit` `_ismbblead` `_cexit` `exit` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `__crt_debugger_hook` `?terminate@@YAXXZ` `?_type_info_dtor_internal_method@type_info@@QEAAXXZ`

Delayed Imports

8192

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95676`
MD5	`12792302643b14122331fe0ae555995b`
SHA1	`65564985decd1453d74c963d9769e80b6bd7b8e6`
SHA256	`90707aff31774b0d9fc59c8228f12740c5bced4005616f73f9e324ebeeb358e5`
SHA3	`919e3686a9ed752a109441948397907dc6fca8112089b7e97d660184c9b88a48`

8193

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36231`
MD5	`ff7dd1c4b9d7b2dd42d72ee1fe19a7c7`
SHA1	`f72a793a656c8abe0677b8ed72ef540de35621cd`
SHA256	`d475d1157ab942f60744c2ccebabe4bdf41d528d10f9e0b5cd21e4c895e37e09`
SHA3	`1e242749a8d1fa88d93aafbb6246cf046da7a62d169fee2e043ef1780ea88b79`

8194

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53824`
MD5	`78b7e90b02eb464827a708b994429aa5`
SHA1	`14658b0f53da96062ad228765b32fac8e13f6696`
SHA256	`312a9f1a70f04cde255a010e2b4661eea19cab3ddbe63512f17e036307d39cd9`
SHA3	`e09032e7b133e847b7c7a001e8e578551ac1a8934c27cd134cd1a41db8f2d4b7`

8195

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.27463`
MD5	`69efdec537b94eed8c406011084ec730`
SHA1	`5b421d6b88f7cda51f9bf268f91ae1c606e5b0ae`
SHA256	`bb9bae787514ca0405ee37eebf6c244b6e228256ee2aa95b5e9fbb8742569065`
SHA3	`d4a2003fc149c05b4597478759bbbad49c1b22a8405acae07cb85201702210b3`

8196

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79816`
MD5	`c0f53946385fb1054ca219bbf04aff22`
SHA1	`c20c0a3f5424353f2506afdeefaef39a00ee3fac`
SHA256	`1d9875cbc7649eec99a74dd959d62d319c254867039e6ba2ba48dd1982c73afa`
SHA3	`f3866efe14b19817dcfb964bb50ec591a25a5c34de43320c240230f4240edaff`

8197

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.10812`
MD5	`e911b9230387084c0b6b422a8f1a2015`
SHA1	`5ac86a3808c77f5adfbd2e8e31aeda9cd64f0493`
SHA256	`9d6b902f9eb8775cec8109c2ba83687d7ac16a853d5f6e679eb198a5a9289721`
SHA3	`ea061acb717bac1a297706545b436ee65f9600fff426354625eb39ddc9248007`

8198

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69121`
MD5	`1f3fc1adb9060f4c12c441102bfa1797`
SHA1	`018c493379018f65f1a605d916bbbd9c78912cb6`
SHA256	`bbe5b66abe964f558ab5e1f184bb8eb6141dea671ea0c59132673c53dc77768b`
SHA3	`35571369a75146de3639429936494b2622a6b2bb6f4114c548de520fcf9b70a1`

8199

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.9644`
MD5	`84e18fe37b672c8c716e1ff96b0f6355`
SHA1	`74370d5fb6fb53efb7aa2408ac8082a5d1f68721`
SHA256	`6efd7e67ed8aa9cc2dd166719d7ee1a54770061dd50df2097c4c61d68d2a5bf4`
SHA3	`a7baf3cc67756a4e138f4bfed0512ed9eb17aee5b618eabce22973cc108800e1`

8200

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61055`
MD5	`2f017f9f8cecda2e861f01f6587e95ca`
SHA1	`8ac497772ad59d7d293aad94b3b54720d2f456dc`
SHA256	`b0a631cb7de3f4b41d335f2b79b5069020629fff59a38022b8a2f9ac28db9376`
SHA3	`95367030d025cbc9eee010118ac14bbaf5c4d9a9f0b420656af657e9b5b0790a`

129

Type	`RT_DIALOG`
Language	Malay - Malaysia
Codepage	Latin 1 / Western European
Size	`0x106`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17698`
MD5	`d264619bd6677aad38030c167fa9b8b6`
SHA1	`e4ba7ece527e2d38d08db87fc3ad0e7004a05115`
SHA256	`4d5e1892d08e3ca58b98fceb3f391f7baf3347fcce98605da5fbd3a9c4753639`
SHA3	`b80ead30649d508a6dd04b57fe7040b367d10fa271eccc693e80fc7d4637b120`

1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14071`
Detected Filetype	Icon file
MD5	`2567992cdb744df50867230f70cd285d`
SHA1	`5e14a73d8dbf3d05422a94d2703e528c640aeb3c`
SHA256	`9c79637cc6922bfbaa6877d83db38337df37a8add6b95ed790c08f1cb90567bd`
SHA3	`ab3e77e57cb9c70d9fd35ff18eaba4bd9e7347376fde35a194c62caed23c97ad`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Apr-11 17:22:42
Version	`0.0`
SizeofData	`97`
AddressOfRawData	`0x13958`
PointerToRawData	`0x12b58`
Referenced File	D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x1ed76732`
Unmarked objects	`0`
152 (20115)	`2`
ASM objects (VS2010 SP1 build 40219)	`3`
C objects (VS2010 SP1 build 40219)	`18`
Imports (VS2010 SP1 build 40219)	`4`
C++ objects (VS2010 SP1 build 40219)	`13`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`118`
175 (VS2010 SP1 build 40219)	`6`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.