7c048b1708fb2a2f90c78bfb8282c14e
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2020-Oct-18 10:15:07 |
| Detected languages |
English - United States
|
| CompanyName | |
| FileDescription | SHARP Launcher |
| FileVersion | 1.46 |
| LegalCopyright |
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The file contains overlay data. |
3077778 bytes of data starting at offset 0xb6000.
The overlay data has an entropy of 7.93049 and is possibly compressed or encrypted. Overlay data amounts for 80.5016% of the executable. |
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2020-Oct-18 10:15:07 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x8f000 |
| SizeOfInitializedData | 0x27c00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0006DE97 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x90000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0xba000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x3ad87e |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
.reloc
Imports
| COMCTL32.dll |
#17
|
|---|---|
| WINMM.dll |
timeBeginPeriod
joyGetDevCapsW joyGetPosEx timeEndPeriod |
| KERNEL32.dll |
GetTempFileNameW
GlobalAddAtomW GlobalDeleteAtom lstrlenW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineA FindNextFileA FindFirstFileExA GetProcessHeap DecodePointer GetFileType LCMapStringW EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetOEMCP IsValidCodePage GetStringTypeW GetCPInfo HeapFree HeapReAlloc HeapAlloc GetStdHandle GetModuleFileNameA GetModuleHandleExW ExitProcess HeapSize HeapCompact GlobalFree SetEnvironmentVariableW DeleteFileW GetACP LoadLibraryExW DeleteCriticalSection LeaveCriticalSection EnterCriticalSection EncodePointer RtlUnwind InitializeSListHead GetCurrentProcessId GetStartupInfoW IsDebuggerPresent IsProcessorFeaturePresent TerminateProcess GetCurrentProcess SetUnhandledExceptionFilter UnhandledExceptionFilter GetSystemTimeAsFileTime TlsFree TlsSetValue TlsGetValue TlsAlloc InitializeCriticalSectionAndSpinCount SetLastError QueryPerformanceFrequency QueryPerformanceCounter LoadLibraryExA GetModuleHandleW VirtualQuery VirtualProtect GetSystemInfo RaiseException FileTimeToSystemTime FileTimeToLocalFileTime GetSystemTime GetVersion GetTempPathW FindClose FindNextFileW FindFirstFileW GetCurrentDirectoryW SetErrorMode GlobalUnlock GlobalLock GlobalAlloc GetExitCodeProcess GetCommandLineW WideCharToMultiByte Sleep SetCurrentDirectoryW CreateDirectoryW CloseHandle SetFilePointerEx SetFilePointer WriteFile GetLastError ReadFile CreateFileW GetCurrentThreadId RemoveDirectoryW WriteConsoleW GetVersionExW GetModuleFileNameW GetLocaleInfoW MultiByteToWideChar FreeLibrary GetProcAddress LoadLibraryW SetStdHandle GetConsoleCP GetConsoleMode FlushFileBuffers |
| USER32.dll |
PostQuitMessage
IntersectRect SetRect DrawFocusRect InvertRect DrawTextW GetMenuStringW GetMenuItemID FillRect GetUpdateRect IsIconic DefMDIChildProcW SetDlgItemTextW EndPaint BeginPaint PtInRect GetDlgItem MapVirtualKeyW GetInputState SendDlgItemMessageW EndDialog DrawMenuBar DrawEdge LoadMenuIndirectW GetMenuItemCount SetWindowPlacement GetWindowPlacement GetFocus CallWindowProcW RemovePropW SetPropW GetPropW UnionRect DestroyWindow SetScrollPos SetScrollRange CreateWindowExW GetParent EndDeferWindowPos DeferWindowPos BeginDeferWindowPos SetFocus GetSysColor GetDesktopWindow RedrawWindow GetSystemMenu UpdateWindow SystemParametersInfoW GetTabbedTextExtentW DestroyMenu ModifyMenuW SetWindowLongW MessageBoxW LoadStringW DialogBoxParamW RegisterClassW RegisterClassExW LoadImageW LoadIconW GetWindow GetClassNameW GetTopWindow GetMonitorInfoW MonitorFromWindow GetSystemMetrics OemToCharA GetAsyncKeyState GetActiveWindow ShowCursor SetCapture ReleaseCapture GetKeyState GetWindowRect MapWindowPoints SetWindowPos IsZoomed GetWindowLongW AdjustWindowRectEx SendMessageW LockWindowUpdate IsWindowVisible GetClientRect SetWindowTextW IsDialogMessageW SetTimer GetWindowDC GetClipboardData CloseClipboard SetClipboardData EmptyClipboard OpenClipboard IsClipboardFormatAvailable wsprintfW ShowWindow PostMessageW CheckMenuItem EnableMenuItem GetMenu InvalidateRect SetCursorPos ClientToScreen ScreenToClient GetCursorPos GetKeyboardState CopyRect UnhookWindowsHookEx KillTimer SetWindowsHookExW CallNextHookEx DestroyIcon GetSubMenu DeleteMenu GetMenuState LoadCursorW SetCursor ReleaseDC CreateIconIndirect GetDC MsgWaitForMultipleObjects DispatchMessageW TranslateMessage TranslateMDISysAccel GetMessageW PeekMessageW GetDlgItemTextW |
| GDI32.dll |
CreatePalette
EnumFontFamiliesExW GetDeviceCaps SelectPalette RealizePalette GetObjectW CreateFontIndirectW CreatePen Rectangle SelectObject MoveToEx LineTo CreateSolidBrush GetStockObject SetTextColor DeleteObject CreateRectRgn GetClipRgn ExcludeClipRect SelectClipRgn GetTextExtentPointW GetCharWidthW DPtoLP SetTextAlign SetROP2 LPtoDP SetBkColor Polygon TextOutW SetPolyFillMode GetTextMetricsW GetNearestPaletteIndex CreateHatchBrush SetDIBits CreateCompatibleBitmap SetBkMode CreateBitmap |
| COMDLG32.dll |
GetSaveFileNameW
GetOpenFileNameW |
| SHELL32.dll |
ShellExecuteExW
DragAcceptFiles DragQueryFileW |
| MMFS2.dll (delay-loaded) |
#64
#72 #43 #65 #66 #74 #83 #97 #81 #979 #79 #80 #187 #82 #76 #78 #3 #172 #831 #19 #1033 #430 #425 #419 #1145 #1144 #423 #1146 #121 #31 #1105 #255 #281 #174 #688 #192 #120 #333 #765 #249 #276 #366 #153 #34 #411 #176 #168 #50 #1072 #1068 #766 #1071 #422 #1069 #189 #70 #494 #103 #102 #101 #1000 #173 #372 #982 #1106 #1017 #876 #361 #32 #445 #47 #106 #107 #105 #786 #264 #286 #169 #554 #587 #585 #520 #619 #462 #761 #170 #1134 #95 #1123 #1126 #94 #1124 #1125 #98 #91 #1049 #1036 #1031 #433 #536 #1104 #468 #280 #67 #125 #959 #945 #123 #124 #11 #343 #341 #417 #344 #51 #487 #610 #342 #753 #448 #568 #849 #571 #756 #443 #701 #703 #493 #355 #62 #63 #832 #742 #17 #16 #686 #265 #24 #59 #61 #60 #389 #191 #755 #795 #1054 #1077 #201 #195 #196 #198 #199 #184 #204 #205 #203 #813 #808 #805 #799 #801 #797 #811 #814 #809 #803 #806 #800 #810 #812 #807 #802 #804 #798 #826 #828 #827 #830 #829 #69 #175 #162 #379 #661 #185 #825 #158 #177 #186 #163 #1073 #183 #10 #9 #6 #8 #7 #834 #1101 #1007 #837 #896 #975 #953 #893 #986 #954 #895 #1048 #929 #611 #677 #412 #234 #612 #678 #413 #679 #1118 #680 #573 #414 #415 #416 #232 #972 #681 #476 #620 #762 #236 #75 #114 #104 #171 #789 #790 #46 #111 #42 #113 #691 #241 #272 #245 #274 #363 #645 #584 #519 #356 #739 #713 #137 #155 #115 #254 #785 #722 #328 #116 #90 #84 #1010 #92 #1008 #1011 #117 #997 #996 #998 #108 #109 #73 #110 #71 #913 #859 #878 #994 #894 #974 #882 #948 #991 #269 #267 #268 #976 #1006 #985 #1037 #794 #1053 #1128 #35 #1080 #18 #340 #14 #984 #68 #819 #820 #77 #484 #28 #682 #30 #118 #122 #5 #418 #750 #695 #23 #58 #57 #1070 #373 #740 #546 #4 #1055 #2 #1130 #1029 #1081 #27 #39 #29 #1120 |
Delayed Imports
| Attributes | 0x1 |
|---|---|
| Name | MMFS2.dll |
| ModuleHandle | 0xaa660 |
| DelayImportAddressTable | 0xaa120 |
| DelayImportNameTable | 0xa4db4 |
| BoundDelayImportTable | 0xa52e8 |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
NoAmdPwrXpressRequestHighPerformance
| Ordinal | 1 |
|---|---|
| Address | 0xa9ddc |
NoNvOptimEnablement
| Ordinal | 2 |
|---|---|
| Address | 0xa9de0 |
zi32Support
| Ordinal | 3 |
|---|---|
| Address | 0xa9dd8 |
1
2
3
700
701
702
703
704
705
1 (#2)
2 (#2)
7
8
9
100
1 (#3)
1 (#4)
String Table contents
| Window initialization error. |
| Application initialization error. |
| Error while opening file. |
| Not enough memory! |
| File error! |
| Cannot find %s! |
| There is not enough available space in the temporary drive. Free some disk space and try again. |
| This application has been built with an incompatible version of Clickteam Fusion. |
| This is not an application file! |
| Cannot load %s. This object might need an external program or library not yet installed. |
| Joystick not connected or driver not installed. |
| Cannot initialize Application. |
| Frame %d |
| Don't play samples. |
| Play samples. |
| Don't play music. |
| Play music. |
| %d (Num. keypad) |
| Backspace |
| Tab |
| Clear |
| Enter |
| Shift |
| Control |
| Space bar |
| Page Up |
| Page Down |
| End |
| Home |
| Left Arrow |
| Up Arrow |
| Right Arrow |
| Down Arrow |
| Select |
| Execute |
| Ins |
| Del |
| Escape |
| Heap |
| Video |
| Sound |
| Mb |
| An error has occured while reading the file. |
| This file is not a MMF application position file. |
| This file was not saved by this application. |
| This file was saved with an incompatible version of MMF runtime. |
| This file was saved by a incompatible version of the application. |
| The current frame is not the same as the saved one. |
| An error has occured while writing the file. |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.46.0.0 |
| ProductVersion | 1.46.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS
VOS_DOS_WINDOWS16
VOS_DOS_WINDOWS32
VOS_OS232
VOS_OS232_PM32
VOS_WINCE
VOS__PM32
VOS__WINDOWS16
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | |
| FileDescription | SHARP Launcher |
| FileVersion (#2) | 1.46 |
| LegalCopyright |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Oct-18 10:15:07 |
| Version | 0.0 |
| SizeofData | 884 |
| AddressOfRawData | 0xa3ba0 |
| PointerToRawData | 0xa2fa0 |
TLS Callbacks
Load Configuration
| Size | 0xa0 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x4a8014 |
| SEHandlerTable | 0x4a3b00 |
| SEHandlerCount | 40 |
RICH Header
| XOR Key | 0xcbaadb6 |
|---|---|
| Unmarked objects | 0 |
| 241 (40116) | 47 |
| 243 (40116) | 141 |
| 242 (40116) | 35 |
| ASM objects (VS 2015/2017 runtime 26706) | 20 |
| C objects (VS 2015/2017 runtime 26706) | 20 |
| C++ objects (VS 2015/2017 runtime 26706) | 43 |
| Imports (VS2008 SP1 build 30729) | 15 |
| Total imports | 648 |
| 265 (27043) | 38 |
| Exports (27043) | 1 |
| Resource objects (27043) | 1 |
| Linker (27043) | 1 |