a79445103abf7d91bafb2dca89d07926
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2014-Nov-26 10:19:52 |
| Detected languages |
English - United States
|
| CompanyName | Clickteam |
| FileDescription | Clickteam Fusion Stand Alone Application |
| FileVersion | 3.0.283.5 |
| InternalName | StdRt.exe |
| LegalCopyright | Copyright © 1996-2014 Clickteam |
| OriginalFilename | StdRt.exe |
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The file contains overlay data. |
8312918 bytes of data starting at offset 0xf8600.
The overlay data has an entropy of 7.98455 and is possibly compressed or encrypted. Overlay data amounts for 89.0963% of the executable. |
| Malicious | VirusTotal score: 9/70 (Scanned on 2019-02-20 02:57:13) |
Cylance:
Unsafe
Rising: Malware.Obscure/Heur!1.A89E (CLASSIC) McAfee-GW-Edition: BehavesLike.Win32.Dropper.rc Trapmine: malicious.moderate.ml.score Jiangmin: Trojan.Generic.bvzww Microsoft: PUA:Win32/Presenoker McAfee: Artemis!A79445103ABF VBA32: BScope.Trojan.Downloader Paloalto: generic.ml |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2014-Nov-26 10:19:52 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 11.0 |
| SizeOfCode | 0x7f600 |
| SizeOfInitializedData | 0x7b000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0006E1B5 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x81000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.1 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.1 |
| Win32VersionValue | 0 |
| SizeOfImage | 0xfd000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
.reloc
Imports
| COMCTL32.dll |
#17
|
|---|---|
| WINMM.dll |
joyGetDevCapsW
timeEndPeriod timeBeginPeriod timeGetTime joyGetPosEx |
| KERNEL32.dll |
GetVersionExW
GlobalDeleteAtom GlobalAddAtomW GetModuleHandleW lstrlenW GetLocaleInfoA LockResource VirtualProtect VirtualQuery SetLastError LoadResource SizeofResource FindResourceA FindResourceW IsBadReadPtr IsBadWritePtr SetFilePointerEx OutputDebugStringW LoadLibraryExW GetConsoleMode GetConsoleCP LeaveCriticalSection EnterCriticalSection FreeEnvironmentStringsW GetEnvironmentStringsW GetSystemTimeAsFileTime GetCurrentProcessId QueryPerformanceCounter GetModuleFileNameA DeleteCriticalSection GetTempFileNameW GetStringTypeW GetCPInfo GetOEMCP GetACP IsValidCodePage InterlockedIncrement GetStartupInfoW TlsFree TlsSetValue TlsGetValue TlsAlloc TerminateProcess GetCurrentProcess InitializeCriticalSectionAndSpinCount SetUnhandledExceptionFilter UnhandledExceptionFilter GetStdHandle GetModuleHandleExW ExitProcess InterlockedDecrement GetProcessHeap GetCommandLineA HeapCompact HeapSize SetEnvironmentVariableW RtlUnwind DeleteFileW HeapReAlloc IsProcessorFeaturePresent IsDebuggerPresent DecodePointer EncodePointer HeapAlloc HeapFree LoadLibraryExA InterlockedExchange RaiseException GetVersion GlobalFree FindNextFileW FindFirstFileW GetCurrentDirectoryW GetTempPathW FileTimeToSystemTime FileTimeToLocalFileTime GetSystemTime FindClose SetErrorMode WideCharToMultiByte GetCommandLineW GetExitCodeProcess GlobalUnlock GlobalLock GlobalAlloc CreateFileW CreateDirectoryW SetCurrentDirectoryW CloseHandle SetFilePointer ReadFile WriteFile Sleep GetLastError MultiByteToWideChar RemoveDirectoryW GetModuleFileNameW LoadLibraryW GetCurrentThreadId GetProcAddress FreeLibrary LCMapStringW SetStdHandle WriteConsoleW FlushFileBuffers GetFileType |
| USER32.dll |
ModifyMenuW
DrawTextW GetTabbedTextExtentW BeginPaint EndPaint GetUpdateRect FillRect PtInRect DefMDIChildProcW SystemParametersInfoW IntersectRect DrawFocusRect InvertRect SetRect CreateDialogParamA CreateDialogParamW CreateDialogIndirectParamA CreateDialogIndirectParamW DialogBoxParamA DialogBoxIndirectParamA DialogBoxIndirectParamW LoadMenuA LoadMenuW LoadStringA SetLastErrorEx GetMenuStringW LoadMenuIndirectW GetInputState MapVirtualKeyW SendDlgItemMessageW GetDlgItemTextW SetDlgItemTextW GetMenuItemCount EndDialog GetWindowPlacement PostQuitMessage DrawEdge GetKeyboardLayout RemovePropW SetPropW GetFocus IsIconic CallWindowProcW UnionRect GetPropW SetScrollRange SetScrollPos DestroyWindow CreateWindowExW GetParent GetMonitorInfoW MonitorFromWindow LoadStringW LoadImageW LoadIconW GetWindow GetTopWindow GetClassNameW GetDesktopWindow SetWindowLongW GetSysColor MessageBoxW RedrawWindow UpdateWindow GetSystemMetrics GetMenuItemID DestroyMenu DrawMenuBar GetDlgItem SetFocus DialogBoxParamW EndDeferWindowPos DeferWindowPos BeginDeferWindowPos RegisterClassExW RegisterClassW OemToCharA GetAsyncKeyState GetActiveWindow ShowCursor GetWindowRect ReleaseCapture SetCapture GetKeyState GetWindowLongW MapWindowPoints AdjustWindowRectEx GetClientRect SetWindowTextW LockWindowUpdate IsZoomed IsWindowVisible SetWindowPos SendMessageW IsDialogMessageW SetTimer InvalidateRect EnableMenuItem CheckMenuItem GetMenu IsClipboardFormatAvailable EmptyClipboard GetClipboardData SetClipboardData CloseClipboard OpenClipboard ShowWindow PostMessageW wsprintfW ScreenToClient ClientToScreen GetCursorPos SetCursorPos GetKeyboardState CopyRect TranslateMDISysAccel CreateIconIndirect DestroyIcon CallNextHookEx UnhookWindowsHookEx SetWindowsHookExW ReleaseDC GetDC DeleteMenu GetSubMenu GetMenuState KillTimer MsgWaitForMultipleObjects PeekMessageW DispatchMessageW TranslateMessage GetMessageW SetWindowPlacement |
| GDI32.dll |
SetDIBits
GetDeviceCaps RealizePalette SelectPalette CreateFontIndirectW GetObjectW CreatePen CreateRectRgn CreateSolidBrush ExcludeClipRect GetClipRgn GetStockObject LineTo Rectangle SelectClipRgn DeleteObject SetBkMode SetTextColor MoveToEx GetTextExtentPointW CreateHatchBrush GetCharWidthW GetNearestPaletteIndex SetBkColor SetPolyFillMode SetROP2 SetTextAlign GetTextMetricsW TextOutW DPtoLP LPtoDP Polygon CreatePalette CreateCompatibleBitmap SelectObject CreateBitmap |
| COMDLG32.dll |
GetSaveFileNameW
GetOpenFileNameW |
| SHELL32.dll |
DragQueryFileW
DragAcceptFiles ShellExecuteExW |
| MMFS2.dll (delay-loaded) |
#43
#74 #81 #187 #83 #82 #78 #76 #79 #80 #979 #97 #65 #64 #66 #255 #281 #570 #333 #688 #3 #19 #31 #121 #120 #192 #831 #425 #423 #430 #431 #419 #1033 #172 #286 #249 #276 #366 #253 #279 #370 #764 #765 #176 #1068 #1072 #168 #153 #50 #34 #411 #766 #47 #786 #77 #95 #94 #98 #91 #70 #101 #102 #103 #105 #106 #107 #169 #170 #264 #494 #554 #876 #1048 #1036 #981 #564 #517 #536 #433 #422 #1031 #1049 #686 #280 #478 #468 #11 #67 #62 #51 #63 #17 #16 #124 #125 #832 #959 #945 #32 #173 #174 #372 #610 #493 #355 #585 #520 #487 #341 #417 #342 #344 #343 #849 #448 #756 #445 #443 #703 #701 #742 #361 #753 #571 #587 #1000 #982 #568 #123 #59 #60 #61 #1077 #195 #196 #198 #199 #191 #201 #184 #204 #205 #203 #811 #810 #803 #802 #809 #807 #814 #812 #800 #798 #806 #804 #797 #799 #808 #801 #805 #813 #1071 #826 #827 #828 #829 #830 #755 #795 #1054 #389 #69 #6 #7 #175 #177 #162 #158 #163 #825 #185 #186 #183 #189 #1069 #1073 #254 #785 #722 #228 #328 #467 #9 #42 #155 #171 #75 #84 #90 #92 #73 #71 #104 #789 #790 #111 #114 #113 #108 #110 #109 #115 #117 #116 #46 #245 #274 #363 #713 #241 #272 #645 #356 #584 #519 #234 #268 #232 #267 #236 #269 #573 #620 #762 #476 #972 #412 #414 #677 #611 #413 #416 #415 #678 #681 #680 #612 #691 #739 #137 #834 #837 #1010 #1008 #997 #996 #998 #1011 #859 #976 #878 #882 #985 #893 #894 #895 #986 #896 #974 #991 #913 #994 #929 #1006 #948 #953 #954 #1007 #975 #1080 #14 #18 #35 #794 #1053 #984 #1037 #819 #820 #68 #28 #30 #118 #122 #484 #682 #2 #5 #4 #1070 #23 #57 #58 #373 #740 #546 #418 #750 #695 #1055 #27 #29 #39 #1081 #1029 #72 |
Delayed Imports
| Attributes | 0x1 |
|---|---|
| Name | MMFS2.dll |
| ModuleHandle | 0xa7e68 |
| DelayImportAddressTable | 0xa74d0 |
| DelayImportNameTable | 0x9f2dc |
| BoundDelayImportTable | 0x9f7d0 |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
1
2
3
4
5
6
7
8
9
10
700
701
702
703
704
705
1 (#2)
2 (#2)
7 (#2)
8 (#2)
9 (#2)
100
1 (#3)
1 (#4)
String Table contents
| Window initialization error. |
| Application initialization error. |
| Error while opening file. |
| Not enough memory! |
| File error! |
| Cannot find %s! |
| There is not enough available space in the temporary drive. Free some disk space and try again. |
| This application has been built with an incompatible version of Multimedia Fusion or The Games Factory. |
| This is not an application file! |
| Cannot load %s. This object might need an external program or library not yet installed. |
| Joystick not connected or driver not installed. |
| Cannot initialize Application. |
| Frame %d |
| Don't play samples. |
| Play samples. |
| Don't play music. |
| Play music. |
| %d (Num. keypad) |
| Backspace |
| Tab |
| Clear |
| Enter |
| Shift |
| Control |
| Space bar |
| Page Up |
| Page Down |
| End |
| Home |
| Left Arrow |
| Up Arrow |
| Right Arrow |
| Down Arrow |
| Select |
| Execute |
| Ins |
| Del |
| Escape |
| Heap |
| Video |
| Sound |
| Mb |
| An error has occured while reading the file. |
| This file is not a MMF application position file. |
| This file was not saved by this application. |
| This file was saved with an incompatible version of MMF runtime. |
| This file was saved by a incompatible version of the application. |
| The current frame is not the same as the saved one. |
| An error has occured while writing the file. |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 3.0.283.5 |
| ProductVersion | 3.0.283.5 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS
VOS_DOS_WINDOWS16
VOS_DOS_WINDOWS32
VOS_OS232
VOS_OS232_PM32
VOS_WINCE
VOS__PM32
VOS__WINDOWS16
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | Clickteam |
| FileDescription | Clickteam Fusion Stand Alone Application |
| FileVersion (#2) | 3.0.283.5 |
| InternalName | StdRt.exe |
| LegalCopyright | Copyright © 1996-2014 Clickteam |
| OriginalFilename | StdRt.exe |
| Resource LangID | English - United States |
|---|
TLS Callbacks
Load Configuration
| Size | 0x48 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x4a6110 |
| SEHandlerTable | 0x49e600 |
| SEHandlerCount | 36 |
RICH Header
| XOR Key | 0x169bc9b0 |
|---|---|
| Unmarked objects | 0 |
| 199 (41118) | 2 |
| ASM objects (50929) | 63 |
| C objects (50929) | 166 |
| C++ objects (50929) | 61 |
| C objects (VS2012 UPD3 build 60610) | 5 |
| Imports (VS2008 SP1 build 30729) | 15 |
| Total imports | 616 |
| C++ objects (VS2012 UPD3 build 60610) | 8 |
| C++ objects (VS2012 UPD4 build 61030) | 36 |
| Resource objects (VS2012 UPD4 build 61030) | 1 |
| Linker (VS2012 UPD4 build 61030) | 1 |