Manalyze report for 824798493cea839644606c5aa29cebef0cbb8f5446bdb5a382ba37443597ceb7

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Apr-11 17:22:42
Detected languages	English - United States Malay - Malaysia
Debug artifacts	D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegQueryValueExA RegCloseKey RegSetValueExW RegQueryValueExW RegCreateKeyExA RegOpenKeyExA RegSetValueExA` `Possibly launches other programs: CreateProcessW` `Manipulates other processes: OpenProcess`
Suspicious	The PE is possibly a dropper.	`Resources amount for 75.3569% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`41f073f00e4728809c65d8566ef1b24c`
SHA1	`0a3e5ca0a2ba464b62f44646e551eafc895b69c3`
SHA256	`824798493cea839644606c5aa29cebef0cbb8f5446bdb5a382ba37443597ceb7`
SHA3	`c1b3cc06fd36fd376c04adb3b230c657bb975e6c9121fd89d6bb66e18d5b3d7a`
SSDeep	`6144:CLRjBveiFY/DslHKH0OspsW4DLS9t6xGH2oRnNiBGhyKOj8gqp12t769As9nyMT:CLRFveiwDaQ4sWcrho5M9O`
Imports Hash	`903779526007e11b7ce5986ad4a6fbad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2017-Apr-11 17:22:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0xa9600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008D38 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xba000`
SizeOfHeaders	`0x400`
Checksum	`0x4a47c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9de63d6156e0bf5ea0aac1b5a9b50ce5`
SHA1	`3721aa3c5c39beb0bbe9c6650105a1ab165f424e`
SHA256	`509173070343b477b9d338de7607598656604061a86a9c014b8473a50503e02e`
SHA3	`e549787e4abbcf9a382e5675e6be80fc88628ec3937bad04de57535c44c1b9b6`
VirtualSize	`0xcdfb`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.05976`

.rdata

MD5	`61b5cdf26febdd0e33fab68291f9851a`
SHA1	`ebc74b3d5ad405824d70a3f44548167d78e28c5c`
SHA256	`b9c5704ea29e592711f37dd38d30656a7f3cf3389bdaaafd976aaee0067b0535`
SHA3	`969d1c49af6f1f95e989385e8ef0295542c886f893dd35cead94772153d09707`
VirtualSize	`0x8722`
VirtualAddress	`0xe000`
SizeOfRawData	`0x8800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66515`

.data

MD5	`05b377beee33887316576d0c02976743`
SHA1	`ed8d9fcb352a2b24cb898b42d6476a288380e964`
SHA256	`8499556bb7be4dc1b3a52541f01b984ffcc61dcd83c7060a8e7038561fc70a78`
SHA3	`eee653e5ca3f9c47b5210ece72d26db96d6eb6e967e43ababd117d5353d2f062`
VirtualSize	`0x15050`
VirtualAddress	`0x17000`
SizeOfRawData	`0x14a00`
PointerToRawData	`0x15a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.50562`

.pdata

MD5	`955f357c8402e2e44ba06778176f274d`
SHA1	`004e0416a6848776df4a981b48c5a0e9b642f9bc`
SHA256	`5e99ce7caf8d97cc40f6b0c91731d129af8781d007a18ca7d00a39db505bb858`
SHA3	`4ccc4e4b8da516a1b5eb6f08cf7e9966f3f9d227fba8be28b9930f19bad06886`
VirtualSize	`0xaa4`
VirtualAddress	`0x2d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x2a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47501`

.rsrc

MD5	`55e276e40045f1d1742dbca505cdc918`
SHA1	`c93b8642088dbbe69d529af0fef1448d0071bce9`
SHA256	`00eef17398b7faacb19816768e81618f290456440c349b9f98e43bc48850fbc8`
SHA3	`89c9818d535ce67fcb1fc41781711fc527e8fb66594ee0ed9c4747f916d169ae`
VirtualSize	`0x89b20`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x89c00`
PointerToRawData	`0x2b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.30446`

.reloc

MD5	`b10e6241494265c6c56ad938d32e41ef`
SHA1	`dc924da81877fd5174eff08b4ded190dc043d4f1`
SHA256	`bc5676ee6548a77f89d787c5d8284e81d5234626c4dc212cc365728d2cfde6fe`
SHA3	`7a930ab5a6a2da376d7fed6a23c3289896616dde9b51fde7a7817d0ddfdc5866`
VirtualSize	`0x1ab0`
VirtualAddress	`0xb8000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xb4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.20199`

Imports

KERNEL32.dll	`GetPrivateProfileIntW` `GetPrivateProfileStringW` `FindFirstFileW` `FindClose` `GetCommandLineW` `GetModuleFileNameW` `GetCurrentDirectoryW` `GetPrivateProfileSectionNamesW` `GetCurrentProcessId` `OpenProcess` `CreateThread` `CreateProcessW` `ResumeThread` `WaitForSingleObject` `GetExitCodeThread` `Sleep` `MultiByteToWideChar` `GetLastError` `DecodePointer` `EncodePointer` `GetStartupInfoW` `TerminateProcess` `UnhandledExceptionFilter` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `WideCharToMultiByte` `OpenFileMappingA` `CreateSemaphoreW` `SetEvent` `CreateEventA` `MapViewOfFile` `CreateFileMappingA` `CloseHandle` `GetCurrentProcess` `UnmapViewOfFile`
USER32.dll	`TranslateMessage` `SendMessageW` `PostQuitMessage` `DestroyWindow` `DispatchMessageW` `CreateDialogParamW` `IsDialogMessageW` `GetMessageW` `ShowWindow` `MoveWindow` `GetDesktopWindow` `GetWindowRect` `MessageBoxW`
ADVAPI32.dll	`RegQueryValueExA` `RegCloseKey` `RegSetValueExW` `RegQueryValueExW` `RegCreateKeyExA` `RegOpenKeyExA` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `RegSetValueExA`
SHELL32.dll	`CommandLineToArgvW`
MSVCP100.dll	`?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z`
PSAPI.DLL	`GetModuleFileNameExW`
WINTRUST.dll	`WinVerifyTrust`
MSVCR100.dll	`_wcsicmp` `memset` `memcmp` `_CxxThrowException` `memcpy` `__CxxFrameHandler3` `??3@YAXPEAX@Z` `memmove` `??0exception@std@@QEAA@AEBV01@@Z` `?what@exception@std@@UEBAPEBDXZ` `??1exception@std@@UEAA@XZ` `??0exception@std@@QEAA@AEBQEBD@Z` `??2@YAPEAX_K@Z` `_wputenv` `_vswprintf_c_l` `tolower` `_wtoi` `fopen_s` `fread` `fclose` `atoi` `sprintf_s` `memchr` `??_V@YAXPEAX@Z` `__C_specific_handler` `_unlock` `__dllonexit` `_lock` `_onexit` `_amsg_exit` `__getmainargs` `_XcptFilter` `_exit` `_ismbblead` `_cexit` `exit` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `__crt_debugger_hook` `?terminate@@YAXXZ` `?_type_info_dtor_internal_method@type_info@@QEAAXXZ`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28708`
MD5	`6386992b5339b36f5a0795234cb75c34`
SHA1	`9a5e4ce35c055d3bf7686b485410fe554c251446`
SHA256	`4d22cf19906655e9cd539d251f79344c1f2f460afb6284b85a7a81663d7a0d55`
SHA3	`22f234a5c8420f34916f1835b1dc905d9bc789370de04ca8417f4124191a7616`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28523`
MD5	`5b42a5bfa083484f938585ccb39f978e`
SHA1	`b1b8ee12baeb9aaa73bcf71866e7ff2340009cda`
SHA256	`4fbe6ff74dfc3337a5e6ceace53cb888b048456e1f0dfd635d4ed1a34f9a8306`
SHA3	`96cfa4e55541107f1e815bc7549cf88e6038eb9054069cfc4d45d5effdfec931`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30162`
MD5	`c3cca81ec5076abf7f2a874cabd3d204`
SHA1	`197b983740fa233bb7b3ec357b6f90a2e898cb1e`
SHA256	`c7f4d7c59e892d428076da3c767a015b14c7ff20974c577eade715ae5b5787ce`
SHA3	`d89efc783a50729150513587284ee5c0518ef9129849270b72e2197a361f59a8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31119`
MD5	`ccc8fa214d08d8a79122795248b7ab51`
SHA1	`e8befd49ec075412b5fdc1c2c9e97728af0cc932`
SHA256	`f961feaaed247dddb5058366958c2fe9a56ef42f0575113066552ac612da02e7`
SHA3	`f8be51b530677c68ae02dca06483fbd8a5b219610d1fcf594d108c0ff9eaa582`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31925`
MD5	`046c783430048b28b406f8fed15eacbc`
SHA1	`104ff9b850963852113046edc0723786cbe9c08c`
SHA256	`3062633940fb2f4f8b9e5b3bd0d275ac91cb7f3021e46163f1cbaa781606b779`
SHA3	`c126d21f3ec7d5e0ab306eb404c7daa96d5f0b161a506e18d55a9d4073c49ca1`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30529`
MD5	`1737e6065c48732a79331ceef6a2b200`
SHA1	`e6167fb4cee0e09152b70405beff42051b6d4fad`
SHA256	`f8379b05674fa7497689a9c98fd247fc69b7a12ef6aec8b9fda174b65429ee56`
SHA3	`c24559b2cceabf2d29c3a2b4267299babffefeb197c5a94f863be959f3e8647e`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34238`
MD5	`e69641678f2ca13832182511348bee86`
SHA1	`370f4ac2f7fb61c8619f7950dd170b1163f709a7`
SHA256	`8a63508e821948e9d2b2ea64ab1a5209718e6c08c3fec45c1fdc0c1fe3fe40b5`
SHA3	`3da89d701a53086400bc7b7b8ab41126e08f2129babc72f06ee5c03764b02117`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30875`
MD5	`3f57184d8b0b1c975818a707415be912`
SHA1	`c40b8ba4d27032baa165fe3af02927c3261bd973`
SHA256	`7f9fb216d16b5b0a7f0ee66cec59e327a61b662231d3fa6a7a630925aff14743`
SHA3	`d4902f050426a924ce812e7b5f9eadc90eb4aa5b39f4a74e4bb91ae1f73340cb`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.1096`
MD5	`041549e18e2e8b68785a2ee7917a5d07`
SHA1	`32bc32a3f9d5d277b08734e522db2888d4cf6a05`
SHA256	`8521934399a680828a64a4e0bd978aabd54f8039317ab2e3bd96243f3cef0d4d`
SHA3	`3aa38e8db886f7c3cac5eddb2f9df930358b51cb785b2db18afd174ec29407d4`

129

Type	`RT_DIALOG`
Language	Malay - Malaysia
Codepage	Latin 1 / Western European
Size	`0x106`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17698`
MD5	`d264619bd6677aad38030c167fa9b8b6`
SHA1	`e4ba7ece527e2d38d08db87fc3ad0e7004a05115`
SHA256	`4d5e1892d08e3ca58b98fceb3f391f7baf3347fcce98605da5fbd3a9c4753639`
SHA3	`b80ead30649d508a6dd04b57fe7040b367d10fa271eccc693e80fc7d4637b120`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04448`
Detected Filetype	Icon file
MD5	`f7731730720cfe035cf030b40d0e2eb6`
SHA1	`d046e23f2ee2b93ad96be8e1dc9120ecf3915091`
SHA256	`5c92a41adaf3265071482fd1a182ae8702c168636a7d9ff51798ee3a1dfc8500`
SHA3	`6f2d12e4c63c131a3f7f48293996e2be05da351536d013affe5d2265965ce657`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Apr-11 17:22:42
Version	`0.0`
SizeofData	`97`
AddressOfRawData	`0x13958`
PointerToRawData	`0x12b58`
Referenced File	D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x1ed76732`
Unmarked objects	`0`
152 (20115)	`2`
ASM objects (VS2010 SP1 build 40219)	`3`
C objects (VS2010 SP1 build 40219)	`18`
Imports (VS2010 SP1 build 40219)	`4`
C++ objects (VS2010 SP1 build 40219)	`13`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`118`
175 (VS2010 SP1 build 40219)	`6`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.