Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Apr-24 06:08:45 |
Detected languages |
English - United States
Swedish - Sweden |
Debug artifacts |
D:\Amnesia\Amnesia\redist\Amnesia.pdb
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Tries to detect virtualized environments:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to Twofish |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Apr-24 06:08:45 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x5db400 |
SizeOfInitializedData | 0x181a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00500D79 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5dd000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x782000 |
SizeOfHeaders | 0x400 |
Checksum | 0x76d188 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SDL2.dll |
SDL_DisableScreenSaver
SDL_GetError SDL_Init SDL_SetHint SDL_NumJoysticks SDL_InitSubSystem SDL_PollEvent SDL_DestroyWindow SDL_ShowCursor SDL_SetWindowGrab SDL_SetRelativeMouseMode SDL_GetWindowFlags SDL_GL_SetSwapInterval SDL_SetWindowBrightness SDL_GL_SwapWindow SDL_GL_CreateContext SDL_GetWindowSize SDL_CreateWindow SDL_GL_SetAttribute SDL_SetWindowTitle SDL_GetRelativeMouseState SDL_PumpEvents SDL_GetModState SDL_GetTicks SDL_HapticRumbleStop SDL_HapticRumblePlay SDL_GameControllerClose SDL_HapticClose SDL_HapticRumbleInit SDL_HapticOpenFromJoystick SDL_GameControllerName SDL_JoystickInstanceID SDL_GameControllerGetJoystick SDL_GameControllerOpen SDL_WaitThread SDL_DestroyMutex SDL_CreateThread SDL_CreateMutex SDL_UnlockMutex SDL_EnableScreenSaver SDL_Quit SDL_Delay SDL_LockMutex |
---|---|
USER32.dll |
GetWindowRect
GetDesktopWindow CloseClipboard SetClipboardData OpenClipboard MessageBoxW GetClipboardData ShowWindow EnumDisplaySettingsW EmptyClipboard SetWindowRgn SetRect SetForegroundWindow WindowFromPoint MessageBoxA FillRect IsIconic OpenIcon BringWindowToTop LoadIconA RegisterClassExW RegisterWindowMessageW CreateWindowExW GetUpdateRgn ValidateRgn SetFocus DefWindowProcW GetAsyncKeyState GetKeyState InvalidateRect ClientToScreen ReleaseCapture SetCapture GetWindow GetClipboardOwner PostMessageA GetForegroundWindow GetParent LoadCursorA SetCursor DestroyIcon GetDC ReleaseDC CreateIconIndirect RegisterClassExA SetTimer DefWindowProcA SetWindowLongA SetWindowPos GetWindowLongA AdjustWindowRectEx GetSystemMetrics KillTimer GetKeyboardLayout IsWindow ChangeClipboardChain CreateWindowExA SendMessageA DestroyWindow SetClipboardViewer GetCursorPos SystemParametersInfoA PeekMessageW |
SHELL32.dll |
SHGetFolderPathW
ShellExecuteW DragQueryFileW |
zlibwapi.dll |
#19
#22 #6 #4 #8 #20 |
glew32.dll |
__glewEndQueryARB
__glewGetQueryObjectivARB __glewIsQuery __glewGenQueriesARB __glewBeginQueryARB __glewDeleteQueriesARB __glewCheckFramebufferStatusEXT __glewGenFramebuffersEXT __glewDeleteFramebuffersEXT __glewFramebufferTexture3DEXT __glewFramebufferRenderbufferEXT __glewGenRenderbuffersEXT __glewBindRenderbufferEXT __glewRenderbufferStorageEXT __glewFramebufferTexture2DEXT __glewDeleteRenderbuffersEXT __glewGenBuffersARB __glewBufferDataARB __glewDeleteBuffersARB __glewSecondaryColorPointerEXT __glewBindBufferARB __glewGenerateMipmapEXT __glewTexSubImage3D __glewCompressedTexImage1DARB __glewCompressedTexImage3DARB __glewCompressedTexImage2DARB __glewTexImage3D __glewDeleteShader __glewCreateShader __glewShaderSource __glewCompileShader __glewGetShaderiv __glewGetShaderInfoLog __glewDetachShader __glewDeleteProgram __glewCreateProgram __glewAttachShader __glewLinkProgram __glewGetUniformLocation __glewUniformMatrix4fv __glewUniform4f __glewUniform3f __glewUniform2f __glewUniform1f __glewUniform1i __glewGetProgramiv __glewGetProgramInfoLog __glewUseProgram __GLEW_ATI_fragment_shader __glewDrawBuffers _glewInit@0 __glewMultiTexCoord3fARB __GLEW_ARB_multitexture __GLEW_EXT_blend_func_separate __glewBlendFuncSeparateEXT __glewStencilOpSeparateATI __glewStencilFuncSeparateATI __glewActiveStencilFaceEXT __glewBindFramebufferEXT __glewClientActiveTextureARB __glewMultiTexCoord2fARB __glewActiveTextureARB __GLEW_ARB_vertex_buffer_object __GLEW_EXT_stencil_two_side __GLEW_ATI_separate_stencil __GLEW_EXT_texture_filter_anisotropic __GLEW_ARB_multisample __GLEW_ARB_texture_compression __GLEW_EXT_texture_compression_s3tc __GLEW_SGIS_generate_mipmap __GLEW_EXT_framebuffer_object __GLEW_EXT_packed_depth_stencil __GLEW_ARB_texture_float __GLEW_ARB_fragment_program __GLEW_ARB_fragment_shader __GLEW_NV_vertex_program3 __GLEW_ATI_shader_texture_lod __GLEW_EXT_gpu_shader4 |
DevIL.dll |
ilSaveF
ilActiveMipmap ilGetDXTCData ilGenImages ilBindImage ilDeleteImages ilGetInteger ilActiveImage ilGetData ilLoadF ilTexImage ilSetInteger ilInit ilGetString ilSetWrite ilSetRead ilEnable |
WININET.dll |
InternetOpenA
HttpQueryInfoA InternetCloseHandle InternetOpenUrlA InternetReadFile |
COMCTL32.dll |
_TrackMouseEvent
|
KERNEL32.dll |
DeleteCriticalSection
LeaveCriticalSection MultiByteToWideChar WideCharToMultiByte GetSystemTime GetComputerNameA InitializeCriticalSection FindFirstFileA RemoveDirectoryA FindNextFileA SetCurrentDirectoryA GetCurrentDirectoryA EnterCriticalSection TlsSetValue ReleaseMutex CloseHandle FindClose EncodePointer DecodePointer InterlockedExchange InterlockedCompareExchange HeapSetInformation GetStartupInfoW TerminateProcess UnhandledExceptionFilter GetModuleHandleA GetLocaleInfoA CreateProcessA CreatePipe GetStdHandle ReadFile CreateFileW GetFileInformationByHandle CreateSemaphoreA ReleaseSemaphore LocalFree SetCurrentDirectoryW GlobalMemoryStatusEx GetModuleFileNameA GetLocalTime GetTempPathA SetFileAttributesW DeleteFileW FindNextFileW FindFirstFileW GetProcAddress LoadLibraryW GetSystemTimeAsFileTime GetProcessAffinityMask GetPriorityClass SetPriorityClass SetErrorMode TlsGetValue TerminateThread WaitForSingleObjectEx ResumeThread SuspendThread SetUnhandledExceptionFilter IsDebuggerPresent IsProcessorFeaturePresent GetTickCount GetCurrentProcessId InterlockedIncrement InterlockedDecrement GetTempFileNameA GetExitCodeThread Sleep SetThreadAffinityMask SetThreadIdealProcessor GetThreadPriority GetCurrentThreadId GetCurrentProcess GetCurrentThread TlsAlloc CreateMutexA FreeLibrary LoadLibraryA CopyFileW GlobalUnlock GlobalLock GlobalAlloc CreateDirectoryW GetFileAttributesW GetFullPathNameW CreateProcessW FormatMessageW GetLastError RemoveDirectoryW QueryPerformanceCounter QueryPerformanceFrequency CreateThread WaitForSingleObject SetThreadPriority DuplicateHandle |
GDI32.dll |
LineTo
MoveToEx SetPixel Polygon SelectClipRgn RectInRegion DPtoLP CreateDIBSection CreateBitmap GdiFlush DeleteObject CreateCompatibleDC SelectObject BitBlt CreateDCA UpdateColors CreateCompatibleBitmap SetDIBitsToDevice DeleteDC ExtCreateRegion StretchDIBits CreatePalette SelectPalette RealizePalette CreateSolidBrush GetStockObject CreatePen SetTextColor TextOutW GetGlyphOutlineW GetCharacterPlacementW GetTextExtentPoint32W CreateFontA GetTextMetricsA Pie Arc PolyPolygon Polyline ExtCreatePen GetDeviceCaps SetBkMode CombineRgn CreateRectRgn LPtoDP CreatePolygonRgn RestoreDC SaveDC EqualRgn GetRgnBox SetTextAlign |
ADVAPI32.dll |
RegConnectRegistryA
RegCloseKey RegCreateKeyExA RegQueryInfoKeyA RegQueryValueExA RegSetValueExA RegOpenKeyExA RegEnumValueA LookupAccountSidA GetNamedSecurityInfoA |
ole32.dll |
RegisterDragDrop
ReleaseStgMedium OleUninitialize OleInitialize |
MSVCP100.dll |
?_Xlength_error@std@@YAXPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ ?uncaught_exception@std@@YA_NXZ ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z ?_Orphan_all@_Container_base0@std@@QAEXXZ ?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ ?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ ??1_Lockit@std@@QAE@XZ ??0_Lockit@std@@QAE@H@Z ??1_Container_base12@std@@QAE@XZ ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z ?_Xout_of_range@std@@YAXPBD@Z |
MSVCR100.dll |
_snprintf
__iob_func strrchr wcsrchr _utime64 _tempnam _stat64i32 rename remove _fullpath _chdir _mkdir _chdrive _getcwd _access _makepath _splitpath _unlock_file _ungetc_nolock _filbuf _lock_file wcstok wcsncpy wcsncmp _finite _isnan strpbrk setlocale strftime strtod getenv isupper vfprintf _errno _read _write _close _fpclass _CIlog10 fscanf _ftelli64 clearerr _vsnprintf strncpy strtok bsearch modf _CIfmod strcspn strtol strtoul sscanf _msize calloc isdigit ceil qsort _stricmp _HUGE fgetc fopen _endthreadex _beginthreadex _fseeki64 feof printf scanf strncmp isalnum isalpha isspace _CIexp sscanf_s _vsnprintf_s fputc ferror fopen_s memchr strstr ??_V@YAXPAX@Z setvbuf _CIsin _CIlog _CIatan2 _CIatan _CIasin _CIcos _CIacos fwrite realloc free malloc _wfindfirst64i32 _wfindnext64i32 _findclose _wgetcwd _wstat64i32 _wremove fread fseek ftell rewind _getdrives _time64 _localtime64 __CxxFrameHandler _CItan _CIsqrt fputs _chsize _fileno _wrename _strtoi64 _strtoui64 _logb atol _getpid _strnicmp fgets iswalnum iswascii iswalpha strcoll wcscoll abort _wmkdir tmpnam strerror iswupper islower iswlower iswdigit isxdigit iswxdigit iswspace iscntrl iswcntrl towupper towlower ispunct iswpunct isprint iswprint isgraph iswgraph _vsnwprintf wctomb mbtowc ___mb_cur_max_func wcstombs _fstat64i32 _commit ungetc _fmode _wunlink _wrmdir _open_osfhandle _get_osfhandle _strdup _putenv _unlock __dllonexit _lock _onexit ?terminate@@YAXXZ _amsg_exit __getmainargs _CIpow tolower mbstowcs atof atoi wcschr strchr _cexit _exit _XcptFilter _ismbblead _acmdln _initterm _initterm_e _configthreadlocale __setusermatherr _commode __set_app_type _except_handler4_common ?_type_info_dtor_internal_method@type_info@@QAEXXZ _crt_debugger_hook _invoke_watson _controlfp_s _unlink _open _fdopen _gmtime64 ??0exception@std@@QAE@ABQBD@Z ?what@exception@std@@UBEPBDXZ ??1exception@std@@UAE@XZ ??3@YAXPAX@Z memcpy memmove wcslen strlen ??2@YAPAXI@Z _CxxThrowException ??0exception@std@@QAE@ABV01@@Z __CxxFrameHandler3 memcmp memset fclose _purecall fabs sqrt toupper rand srand sin cos sprintf _vswprintf_c_l floor __RTDynamicCast fprintf _wfopen fflush acos asin atan atan2 pow tan exit vsprintf _vswprintf |
libvorbisfile.dll |
ov_open_callbacks
ov_read ov_clear ov_pcm_total ov_time_tell ov_pcm_seek_page_lap ov_time_total ov_info |
alut.dll |
alutGetError
alutUnloadWAV alutLoadWAVFile |
OpenAL32.dll |
alGetString
alcGetIntegerv alcIsExtensionPresent alcGetString alcCreateContext alcOpenDevice alDeleteSources alGenSources alIsSource alGetSourcei alSourcefv alSourceQueueBuffers alSourceUnqueueBuffers alSourcePlay alSourceStop alSourcePause alSourcef alGetSourcef alSourcei alSource3i alGetProcAddress alDistanceModel alListenerfv alListenerf alcProcessContext alcMakeContextCurrent alcDestroyContext alGetBufferi alGetError alcGetError alcGetContextsDevice alcGetCurrentContext alIsBuffer alGenBuffers alDeleteBuffers alBufferData alIsExtensionPresent alcCloseDevice |
Newton.dll |
NewtonBodySetTransformCallback
NewtonSetSolverModel NewtonSetFrictionModel NewtonDestroy NewtonGetThreadsCount NewtonBodyGetUserData NewtonSetWorldSize NewtonWorldRayCast NewtonCollisionCollide NewtonCollisionForEachPolygonDo NewtonUpdate NewtonWorldForEachBodyInAABBDo NewtonCreate NewtonCollisionSerialize NewtonCreateCollisionFromSerialization NewtonTreeCollisionEndBuild NewtonTreeCollisionAddFace NewtonTreeCollisionBeginBuild NewtonCreateTreeCollision NewtonSceneCollisionOptimize NewtonSceneCollisionCreateProxy NewtonCreateSceneCollision NewtonCreateCompoundCollision NewtonCreateCapsule NewtonCreateCylinder NewtonCreateSphere NewtonCreateBox NewtonCreateNull NewtonReleaseCollision NewtonDestroyBody NewtonBodySetMaterialGroupID NewtonBodySetVelocity NewtonBodySetOmega NewtonBodySetLinearDamping NewtonBodyGetLinearDamping NewtonBodySetAngularDamping NewtonBodyGetAngularDamping NewtonBodySetCentreOfMass NewtonBodyAddImpulse NewtonBodySetFreezeState NewtonBodyGetSleepState NewtonBodySetAutoSleep NewtonBodyGetAutoSleep NewtonBodySetContinuousCollisionMode NewtonBodyGetContinuousCollisionMode NewtonBodySetMatrix NewtonBodyGetVelocity NewtonBodyGetOmega NewtonBodyGetMassMatrix NewtonBodySetMassMatrix NewtonConvexCollisionCalculateInertialMatrix NewtonBodyGetCentreOfMass NewtonBodyAddTorque NewtonBodyAddBuoyancyForce NewtonBodyAddForce NewtonBodySetUserData NewtonSetThreadsCount NewtonBodySetForceAndTorqueCallback NewtonCreateBody NewtonBallSetConeLimits NewtonDestroyJoint NewtonJointSetCollisionState NewtonJointGetCollisionState NewtonJointSetStiffness NewtonJointGetStiffness NewtonConstraintCreateBall NewtonBallGetJointAngle NewtonBallGetJointOmega NewtonBallGetJointForce NewtonMaterialSetDefaultElasticity NewtonMaterialSetDefaultFriction NewtonMaterialSetContinuousCollisionMode NewtonMaterialSetCollisionCallback NewtonJointGetBody0 NewtonJointGetBody1 NewtonContactJointGetFirstContact NewtonContactGetMaterial NewtonMaterialGetContactNormalSpeed NewtonMaterialGetContactTangentSpeed NewtonUserJointGetRowForce NewtonJointGetUserData NewtonJointSetUserData NewtonConstraintCreateUserJoint NewtonUserJointSetRowMinimumFriction NewtonUserJointSetRowMaximumFriction NewtonMaterialGetContactForce NewtonMaterialGetContactPositionAndNormal NewtonContactJointGetNextContact NewtonMaterialCreateGroupID NewtonWorldCriticalSectionUnlock NewtonBodyGetWorld NewtonWorldCriticalSectionLock NewtonConstraintCreateCorkscrew NewtonCorkscrewSetUserCallback NewtonCorkscrewCalculateStopAccel NewtonCorkscrewGetJointForce NewtonCorkscrewGetJointVeloc NewtonCorkscrewGetJointAngle NewtonCorkscrewGetJointPosit NewtonConstraintCreateSlider NewtonSliderSetUserCallback NewtonSliderCalculateStopAccel NewtonSliderGetJointForce NewtonSliderGetJointVeloc NewtonSliderGetJointPosit NewtonUserJointAddLinearRow NewtonUserJointAddAngularRow NewtonUserJointSetRowStiffness |
OPENGL32.dll |
glStencilOp
glDrawBuffer glReadBuffer glGenTextures glDeleteTextures glTexSubImage1D glGetFloatv glGetIntegerv glDisable glEnable glClear glClearColor glClearDepth glClearStencil glFinish glFlush glColorMask glDepthMask glStencilMask glCullFace glFrontFace glClipPlane glPolygonOffset glOrtho glLoadIdentity glTexSubImage2D glTexParameteri glTexParameterf glGetError glTexImage1D glTexImage2D glLoadMatrixf glDrawElements glTexCoord3f glTexEnvi glBindTexture glPopMatrix glPushMatrix glMatrixMode glTexEnvfv glColor4f glBlendFunc glEnd glStencilFunc glViewport glReadPixels glCopyTexSubImage2D glShadeModel glVertex3f glTexCoord2f glBegin glTexCoordPointer glNormalPointer glColorPointer glVertexPointer glEnableClientState glDisableClientState glGetString glHint glScissor glDepthFunc glAlphaFunc |
GLU32.dll |
gluScaleImage
gluBuild1DMipmaps gluBuild2DMipmaps |
libogg.dll |
ogg_stream_packetout
ogg_sync_reset ogg_sync_init ogg_sync_wrote ogg_sync_buffer ogg_sync_pageout ogg_stream_pagein ogg_stream_clear ogg_stream_init ogg_page_serialno ogg_page_bos ogg_sync_clear |
libtheora.dll |
theora_comment_init
theora_decode_packetin theora_decode_YUVout theora_comment_clear theora_info_clear theora_decode_init theora_decode_header theora_clear theora_info_init theora_granule_time |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Apr-24 06:08:45 |
Version | 0.0 |
SizeofData | 62 |
AddressOfRawData | 0x664e68 |
PointerToRawData | 0x663668 |
Referenced File | D:\Amnesia\Amnesia\redist\Amnesia.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0xaf9020 |
SEHandlerTable | 0xa737a0 |
SEHandlerCount | 5114 |
XOR Key | 0xb8e11100 |
---|---|
Unmarked objects | 0 |
Imports (VS2003 (.NET) SP1 build 6030) | 2 |
Imports (VS2003 (.NET) build 3077) | 6 |
C++ objects (VS2003 (.NET) build 3077) | 30 |
152 (20115) | 14 |
ASM objects (VS2010 SP1 build 40219) | 13 |
C objects (VS2008 SP1 build 30729) | 3 |
C objects (VS2010 SP1 build 40219) | 28 |
Linker (VC++ 6.0 SP5 imp/exp build 8447) | 6 |
Imports (VS2010 SP1 build 40219) | 6 |
Imports (VS2010 build 30319) | 2 |
Total imports | 899 |
Imports (VS2008 SP1 build 30729) | 23 |
C++ objects (VS2010 SP1 build 40219) | 868 |
Resource objects (VS2010 SP1 build 40219) | 1 |
Linker (VS2010 SP1 build 40219) | 1 |