85ba11518891dd904c109880e7406222

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Jun-22 11:38:48
Detected languages Japanese - Japan
Debug artifacts d:\(◆開発用ディレクトリ)\[▼作業用]プログラム\RPGドライブプログラム+◆Editor - 20180525_ver2.22版_SteamKit版込\Rpgドライブプログラム\Release\Game2.23.pdb
Comments http://silversecond.net/
CompanyName SilverSecond
FileDescription Game
FileVersion ver2.23
InternalName Game
LegalCopyright Copyright (C) SmokingWOLF All rights reserved.
OriginalFilename Game.exe
ProductName WOLF RPG Editor
ProductVersion 1, 0, 0, 0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 7.1
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ v7.0
Microsoft Visual C++ v7.1 EXE
Microsoft Visual C++ 7.0 MFC
Microsoft Visual C++
Suspicious Strings found in the binary may indicate undesirable behavior: Looks for Qemu presence:
  • QEmu
 Contains domain names:
  • continuousphysics.com
  • http://silversecond.net
  • http://www.winimage.com
  • http://www.winimage.com/zLibDll
  • sakura.ne.jp
  • silsec.sakura.ne.jp
  • silversecond.com
  • silversecond.net
  • winimage.com
  • www.winimage.com
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses known Mersenne Twister constants
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
  • LoadLibraryA
 Functions which can be used for anti-debugging purposes:
  • FindWindowW
 Code injection capabilities (PowerLoader):
  • GetWindowLongW
  • FindWindowW
 Possibly launches other programs:
  • ShellExecuteA
 Can create temporary files:
  • CreateFileA
  • CreateFileW
  • GetTempPathW
 Uses functions commonly found in keyloggers:
  • AttachThreadInput
  • GetForegroundWindow
  • GetAsyncKeyState
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Has Internet access capabilities:
  • InternetReadFile
  • InternetOpenUrlA
  • InternetOpenA
  • InternetCloseHandle
 Can take screenshots:
  • FindWindowW
  • GetDC
  • CreateCompatibleDC
 Reads the contents of the clipboard:
  • GetClipboardData
Suspicious VirusTotal score: 1/69 (Scanned on 2022-07-26 04:58:19) Trapmine: malicious.moderate.ml.score

Hashes

MD5 85ba11518891dd904c109880e7406222
SHA1 e0c504bc68fc4d61eceadf823c224fe381a485d7
SHA256 e0716a35323007c79e6033bc19c610a38e1d4ccc0dce47c6f79cf706853e5b76
SHA3 0f91b0d29c5463c0d777984e693304ed765e29f8f7e5bc8573c8a5564b0f3792
SSDeep 196608:4hU7fckDNI54bpR20CkvegyKXkUC8tYyBY5ed:R0kveg5UU19Rd
Imports Hash 10c912430da88c9e9f5f4f379221082e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2018-Jun-22 11:38:48
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x3b3000
SizeOfInitializedData 0x798000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000FFD78 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3b4000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xb4c000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 eba4b598840ee8277bdede4554de3fd2
SHA1 e81ff0033e92cff676a3b16e7dd65cc1bc9bb7e2
SHA256 b5cd3da1c0ca76b53b18bf1c36f398fa7138bc767f35d4e2216ff02cae1141d6
SHA3 d9e3e52b8c742df5205bfe84671daa862196cfb52aca31eb16b61ae92e52068e
VirtualSize 0x3b2461
VirtualAddress 0x1000
SizeOfRawData 0x3b3000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.64515

.rdata

MD5 565fd036a489197f62c05842286d784c
SHA1 a08f0181288e5b8b3f154049dd2aef9241ef754a
SHA256 8bb4dd64315c6f77381d7df030da3fa1075f4ece0f3a4c50c77ee456350d92a3
SHA3 7456472c58bef9410c2fe86dd2e48e4c98e3be4621b9c5270ba5fb9ab4c68df4
VirtualSize 0x96b2c
VirtualAddress 0x3b4000
SizeOfRawData 0x97000
PointerToRawData 0x3b4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.38417

.data

MD5 8b145501839884b6bf291975ff456065
SHA1 18a4618b21a1691eb546b4eb757b6310373ba1a8
SHA256 afdbad1f95065669c950f4c9200b850eca160ed125f0fb264e86d45883d7bfcb
SHA3 a9c49cd5c4d81653e0fb997052faf17abadc5c6695034da5acf6b4a35942a280
VirtualSize 0x6fecc0
VirtualAddress 0x44b000
SizeOfRawData 0x1c5000
PointerToRawData 0x44b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.95701

.rsrc

MD5 eb6ec836db07c2b56d7a1d3fc09f4ea2
SHA1 54b829543a87670ccd3ab5528ade9651b46c987d
SHA256 83733256dd2f28e574cfade5f4b335a8cc226655370353e3f631f01e08c3bb1e
SHA3 c8147526e734209f0eea5e2372d766d039fc78f630328dc8ba51db59a31db71e
VirtualSize 0x1710
VirtualAddress 0xb4a000
SizeOfRawData 0x2000
PointerToRawData 0x610000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.61379

Imports

SHLWAPI.dll PathIsDirectoryA
KERNEL32.dll lstrlenA
CreateFileA
GetLastError
WriteFile
FlushFileBuffers
InitializeCriticalSection
GetDiskFreeSpaceExA
RaiseException
GetFileAttributesA
FindNextFileW
FindFirstFileW
GetExitCodeThread
Sleep
CloseHandle
RemoveDirectoryA
CopyFileA
DeleteFileA
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcpyA
GetModuleFileNameA
GetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetCurrentDirectoryA
CreateDirectoryA
GetTickCount
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenW
DeleteCriticalSection
VirtualProtect
GetFileSize
GetTempFileNameW
ReleaseSemaphore
CreateSemaphoreA
lstrcpynW
MulDiv
lstrcpyW
lstrcmpW
GetThreadPriority
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetModuleHandleA
TerminateProcess
GetCurrentProcess
MoveFileA
MultiByteToWideChar
ExitThread
GetCurrentThreadId
CreateThread
GetStartupInfoA
GetCommandLineA
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetTimeZoneInformation
UnhandledExceptionFilter
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
SetStdHandle
SetCurrentDirectoryW
GetSystemInfo
SetEndOfFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedIncrement
InterlockedDecrement
ResetEvent
WaitForSingleObject
CreateEventA
SetEvent
CreateFileW
DeleteFileW
GetTempPathW
GlobalSize
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
QueryPerformanceFrequency
OutputDebugStringW
GlobalMemoryStatus
GetLocalTime
GetProcessHeap
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentDirectoryW
WaitForMultipleObjects
USER32.dll MessageBoxA
SetFocus
ShowWindow
SetWindowPos
GetWindowRect
CreateDialogParamA
SetMenu
SetWindowTextW
SetClassLongW
LoadIconW
SystemParametersInfoW
UpdateWindow
SetWindowRgn
SendMessageW
GetMenuItemInfoW
GetMenuItemCount
PostMessageW
ShowCursor
SetCursorPos
MessageBoxW
GetClientRect
FillRect
ChangeDisplaySettingsA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetActiveWindow
AdjustWindowRectEx
SetWindowLongW
DrawMenuBar
MoveWindow
DefWindowProcW
SetCursor
PostQuitMessage
EndPaint
BeginPaint
DestroyMenu
BringWindowToTop
RegisterClassExW
LoadCursorW
GetWindowLongW
FindWindowW
UnregisterClassW
UnhookWindowsHookEx
GetDesktopWindow
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
PeekMessageW
KillTimer
GetMonitorInfoW
EnumDisplaySettingsW
GetKeyboardState
PostThreadMessageA
GetQueueStatus
RegisterWindowMessageA
MsgWaitForMultipleObjects
GetDC
ReleaseDC
GetCursorPos
MonitorFromPoint
EnumDisplayMonitors
GetMonitorInfoA
CharNextA
ClientToScreen
ClipCursor
GetSystemMetrics
SendMessageA
GetAsyncKeyState
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DestroyWindow
GetDlgItem
GetScrollPos
SendDlgItemMessageA
GDI32.dll AddFontResourceExA
RemoveFontResourceExA
DeleteObject
CombineRgn
CreateRectRgn
GetObjectA
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
GetStockObject
CreateSolidBrush
SetDIBitsToDevice
StretchDIBits
CreateDCW
Rectangle
GetGlyphOutlineW
GetTextMetricsA
GetObjectW
CreateFontW
SetBkMode
SetBkColor
SetTextColor
GetCharacterPlacementW
TextOutW
GetTextExtentPoint32W
EnumFontFamiliesExW
GetDeviceCaps
SHELL32.dll ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryFileA
WININET.dll InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
WINMM.dll timeGetTime

Delayed Imports

1

Type RT_ICON
Language Japanese - Japan
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.04199
MD5 92ae60c77dddce0eda18431ebfd47940
SHA1 b23fb845aafda15026be7b3f59572b752e34aec5
SHA256 230b5810cac3cd9110109976a660f0ec0e4794c9a106acaf1eec518cd35620cb
SHA3 232e63d6670e845d0775387781572a6c43a845259cdd4850a178b0492c5c96d3

103

Type RT_DIALOG
Language Japanese - Japan
Codepage UNKNOWN
Size 0xdc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.6925
MD5 4853490ad91fb584d56b6f09d9770832
SHA1 0de70f150c5900114f61e98c84a93ac795f87f83
SHA256 5427948d75fa473eba04c4caafab496d240ac0e8625a4205e06e4046fde01257
SHA3 bb9778b6376ed8682cba718e68546c3384dd7a1d59f9807f62f0ad61a6f4b0aa

104

Type RT_DIALOG
Language Japanese - Japan
Codepage UNKNOWN
Size 0xdc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04334
MD5 02852e4f61a1ec2c09f000bcf26432d2
SHA1 128ade7729e7fe27c1acbdaf03b1a7736b0e3c14
SHA256 23e4442569da34638e85201d04539bfbce2d0241f8b785a2698c7f80dcfded7c
SHA3 a4d81592663dad40a8da6f3ca0b7cf4a086ecbabb0e97143ec954cd7022f9e3c

101

Type RT_GROUP_ICON
Language Japanese - Japan
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.7815
Detected Filetype Icon file
MD5 3c68f77c35c26ff079a1c410ee44fa62
SHA1 0b40150c95fc2c6414c90d44ee78b8d8814b3393
SHA256 a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0
SHA3 590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396

1 (#2)

Type RT_VERSION
Language Japanese - Japan
Codepage UNKNOWN
Size 0x330
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.43917
MD5 a31bd2521f7343338b099a4cab2f87eb
SHA1 630a1c44c9521926d3bc99c3e1f592550d0b6cbb
SHA256 f6fb105edfb7cfefa0f9f17b6ec812cf0235632ca6ff3b680c955361a251e6e3
SHA3 542f41a0aac88823372d1d819211f4757fcd9bdd317d2a78415c67b9d419b6e2

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.24.2018.622
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language Japanese - Japan
Comments http://silversecond.net/
CompanyName SilverSecond
FileDescription Game
FileVersion (#2) ver2.23
InternalName Game
LegalCopyright Copyright (C) SmokingWOLF All rights reserved.
OriginalFilename Game.exe
ProductName WOLF RPG Editor
ProductVersion (#2) 1, 0, 0, 0
Resource LangID Japanese - Japan

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Jun-22 11:38:48
Version 0.0
SizeofData 226
AddressOfRawData 0x43dca4
PointerToRawData 0x43dca4
Referenced File d:\(◆開発用ディレクトリ)\[▼作業用]プログラム\RPGドライブプログラム+◆Editor - 20180525_ver2.22版_SteamKit版込\Rpgドライブプログラム\Release\Game2.23.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x2eaee973
Unmarked objects 0
C objects (VS98 SP6 build 8804) 196
C++ objects (VS98 SP6 build 8804) 64
C++ objects (VS2012 build 50727 / VS2005 build 50727) 76
105 (2067) 2
C++ objects (VS2003 (.NET) build 3077) 27
ASM objects (VS2003 (.NET) build 3077) 58
C objects (VS2003 (.NET) build 3077) 186
Imports (2067) 2
Imports (2179) 8
Imports (9210) 5
Total imports 288
97 (VS2003 (.NET) build 3077) 2
98 (VS2003 (.NET) build 3077) 3
94 (VS2003 (.NET) build 3052) 1
Linker (VS2003 (.NET) build 3077) 1

Errors

<-- -->