Manalyze report for 7ed640dcfa195a78efe6a16cf7d3b549

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States Russian - Russia
CompanyName	ABel [TeamX]
FileDescription	Interplay ACM to WAV Converter
FileVersion	`1.32`
InternalName	ACM to WAV Converter
LegalCopyright	Copyright © ABel [TeamX] 1998-2003
OriginalFilename	acm2wav.exe

Plugin Output

Info	Matching compiler(s):	`Borland Delphi 3 -> Portions Copyright (c) 1983,97 Borland (h)`
Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2003-Oct-30 11:45:22`
Safe	VirusTotal score: 0/56 (Scanned on 2015-01-09 01:01:32)	`All the AVs think this file is safe.`

Hashes

MD5	`7ed640dcfa195a78efe6a16cf7d3b549`
SHA1	`bcb4b8116379ec57a14421d228b36343893d9119`
SHA256	`44f5b8084cd99859f77d09a217cbd5555d07d9898306c99e646307d39ebf1b12`
SHA3	`bbcd96f3457cee8432a94709ee6eecdb82fcc7fba6cc5d578369989946d96e67`
SSDeep	`768:C0FuwqvKF8TphBh4Pd2w5CIW0PbyoPs/GuMN2zGX1m0hOoJCqKTI4Es1K1m2s:C4dqvKAqFfKetNJXUos1Kg2s`
Imports Hash	`96ab27cdd2351ad67c904ae269696b29`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x9000`
SizeOfInitializedData	`0x2800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00009A40 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0xa000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x11000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`250ea097d1740c3ab454440d2126bf3b`
SHA1	`67ad8d60dee68ea9379d17f9a3f1bd6dc8d7794a`
SHA256	`383c11717b86089511fe9ad731d6068bd731c04efb65922e73b032d1fd812508`
SHA3	`156b449f4f2859afefa577842cc46ab3240f513120c68f3486f432404fbcc600`
VirtualSize	`0x8fc4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58005`

DATA

MD5	`8b6052e7f1fd0be2d5cd1ab225c1854f`
SHA1	`c777f98cf092aa53af9c6f0cafb1aefb82792c0b`
SHA256	`442a7c1c114f0f768a4a3fbbfee0473a72be997a43cdde859d1c5b31a6d7c123`
SHA3	`959d98adcc93c139c2811f3869aca190f105d42c4236ff1164c1609841851e42`
VirtualSize	`0x3fc`
VirtualAddress	`0xa000`
SizeOfRawData	`0x400`
PointerToRawData	`0x9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.11668`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x77d`
VirtualAddress	`0xb000`
SizeOfRawData	`0`
PointerToRawData	`0x9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`a8d52afb32e7280d8c973714886ecd1a`
SHA1	`972afeb5a516e9a7fe6b607f64e04526fb441c45`
SHA256	`4bfb931a690bd872f7d5bcf537ecf86ebbfa3717b08d592b274090cf35171459`
SHA3	`68fc44f5cb4068e8124a1c51429cf806de8f620c3d8e52bb1cd5ba94c1de6fa0`
VirtualSize	`0x5e8`
VirtualAddress	`0xc000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.43478`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0xd000`
SizeOfRawData	`0`
PointerToRawData	`0x9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`74e2583199c0d0c79d7de1fe37d40d42`
SHA1	`ef62bb1408e192bc1b38ee5992918101a8a95606`
SHA256	`6c9fb2f0db35c3fb5802a5b252b98358784903d0433ffc5aaf75340d072dfd73`
SHA3	`541632f50a034153e47f5e768e8063f8c2e7a8e5537230216884b2f63cb04101`
VirtualSize	`0x18`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.reloc

MD5	`225a3ba612bc64a50fe34f7a2129cd4a`
SHA1	`0da2d22a5ef04503fadddba75ef64e8ec0ff0b13`
SHA256	`dd8fe708e547c4b274c93e1b28bbb8073e37b42c66b289c6616f6068dbf47bf6`
SHA3	`e39a1456445da4d82200b6be22fcc758c21ed512a4edd62995613bb1a11cb03c`
VirtualSize	`0xad8`
VirtualAddress	`0xf000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.32659`

.rsrc

MD5	`73158edbefb7b0001b2c5ff506562f4b`
SHA1	`7ac1b78465b1e1f1f0efb94b7dffb49ed9647208`
SHA256	`405de7fb3e3cc96104980660d241fd969af4c8c508aa7eeb2fb08448ac5f006e`
SHA3	`4549c56476848783b84befc8145f3046d7412a8f1e19f76091a85d64689b29a2`
VirtualSize	`0x1000`
VirtualAddress	`0x10000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`3.50027`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpyA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
user32.dll	`GetKeyboardType` `LoadStringA` `MessageBoxA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`VariantChangeTypeEx` `VariantCopyInd` `VariantClear` `SysStringLen` `SysFreeString` `SysAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpyA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpyA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetModuleFileNameA` `GetLocaleInfoA` `GetLastError` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `CreateFileA` `CloseHandle`
user32.dll (#2)	`GetKeyboardType` `LoadStringA` `MessageBoxA`

Delayed Imports

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xdc`
TimeDateStamp	2003-Oct-30 11:45:22
Entropy	`2.84211`
MD5	`ae6c784d34189011f2737e646b166c85`
SHA1	`d628696b545826a98d189e5bd8f569407d941a7a`
SHA256	`7a4ca7e141cfb149b85b75cf3d7bd3d678be6f6e6823f6123a0a569f78b5fc07`
SHA3	`f73d26ae7bb36425dbe8365bbac6eba1263accbe1db8324f46a2ef219d22711f`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe4`
TimeDateStamp	2003-Oct-30 11:45:22
Entropy	`2.99785`
MD5	`65b3a9f9ed7e68e403d141705bdd55e0`
SHA1	`502261a54bdcbc522e55d57040fdc35884861db1`
SHA256	`d1e4f67dfdac88a2667aef19c9e56fc6d0deaca637f10b941f1724a4466f9225`
SHA3	`eb75571e9fcd0bca2e4b6e55ec828d3db73d3da5d8118420670601e1acde9ba5`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x244`
TimeDateStamp	2003-Oct-30 11:45:22
Entropy	`3.17199`
MD5	`a00f0ba6f9ccd728132895307ccd0b10`
SHA1	`012321b3ecbfe691eee8814e2b1a2ce9c55d55e5`
SHA256	`a0d168f8e4ddad31a160c917d6eeb04ccf12a11de3cf1b5c745215ebd3c4d505`
SHA3	`f27f1495381e8003b0829286fb50a31b7f6d4ea69e0659c11210a8c4d3d090d5`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x37c`
TimeDateStamp	2003-Oct-30 11:45:22
Entropy	`3.26166`
MD5	`2d772f9b2ca0deac63fe6d56e19e9645`
SHA1	`886db3a39afecdcb8340bb8115c360bec48ed41f`
SHA256	`9d552807f1327da31cefbf87c82ad9014dfb0cbc18d494efa3ea13f09eb3c60c`
SHA3	`5c032877370e55b34cf4ad42a57b521b836967057365be4e61b24d0069a50924`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a0`
TimeDateStamp	2003-Oct-30 11:45:22
Entropy	`3.18442`
MD5	`a19b1759bcc86855f5be32ce48767672`
SHA1	`4e75052a5967d31e7bfc1c5d6570fe70fdd1b44e`
SHA256	`49273389801a1f2231e5dd94be7ba0b019b4939ff4689134e11dd0e0d9f98a04`
SHA3	`017b27c7b2821a17d9615322d36ea0e8083958ed828dd3f060d48e56e1186c67`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2003-Oct-30 11:45:22
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x90`
TimeDateStamp	2003-Oct-30 11:45:22
Entropy	`4.83258`
MD5	`bffcce6a2556b62cee7b105e1e510160`
SHA1	`f72005246ce2edfac9697056e4f86b749068a27e`
SHA256	`6aff5f919f28b0bb33b06ae14aa8a91fbf007bd87ecdde0b33d8dcf0bea76fd5`
SHA3	`e5a2beaf6c24543c74c2b549bea1bbe1e99cd69b6d3d0cfb0f2a22e2adba86c7`

1

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2a4`
TimeDateStamp	2003-Oct-30 11:45:22
Entropy	`3.39122`
MD5	`830d332ef21c4c4ac550476131440f05`
SHA1	`5d56919bca20b0d50aee2d3814c5e907258056bb`
SHA256	`4c586620ae86c1510ebc37b2cd2530b083f6c1d4652a275252b968f90222507e`
SHA3	`175b1a3699375fe372bb5e6ca6515d63c118cd3da6456007abaa917bf98c82bf`

String Table contents

December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
Error creating variant array
Variant is not an array
Variant array index out of bounds
External exception %x
Assertion failed
Interface not supported
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
Jan
Feb
Mar
Apr
May
Jun
Jul
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant type conversion
Invalid variant operation
Variant method calls not supported
Read
Write
Format result longer than 4096 characters
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.2.0
ProductVersion	1.3.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	ABel [TeamX]
FileDescription	Interplay ACM to WAV Converter
FileVersion (#2)	1.32
InternalName	ACM to WAV Converter
LegalCopyright	Copyright © ABel [TeamX] 1998-2003
OriginalFilename	acm2wav.exe

Resource LangID	Russian - Russia

TLS Callbacks

StartAddressOfRawData	`0x40d000`
EndAddressOfRawData	`0x40d008`
AddressOfIndex	`0x40b4ac`
AddressOfCallbacks	`0x40e010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!