Manalyze report for aa1a2c6d62eb8f881ca24a076a7e12b4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	Dutch - Netherlands English - United States
Comments	This installation was built with Inno Setup: http://www.innosetup.com
CompanyName	1C
FileDescription	"Fallout 2" патч v1.02d_r03 Setup
FileVersion	`0.0.0.0`
InternalName
OriginalFilename
ProductName
ProductVersion

Plugin Output

Info	Matching compiler(s):	`Inno Setup Module`
Info	Interesting strings found in the binary:	`Contains domain names: http://www.innosetup.com innosetup.com www.innosetup.com`
Malicious	The PE contains functions mostly used by malware.	`Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2004-Jan-10 21:02:08`
Suspicious	The file contains overlay data.	`782171 bytes of data starting at offset 0x10e00.` `The overlay data has an entropy of 7.9995 and is possibly compressed or encrypted.` `Overlay data amounts for 91.8806% of the executable.`
Safe	VirusTotal score: 0/70 (Scanned on 2022-09-16 17:33:02)	`All the AVs think this file is safe.`

Hashes

MD5	`aa1a2c6d62eb8f881ca24a076a7e12b4`
SHA1	`1629bac9ff353a5a29c5903be0389ee0cd219032`
SHA256	`9e39f826380764b665896ab2f69275b375bff19a98ec611630c1c56cc20bfd28`
SHA3	`30732e9bd5568cf959e87761079b6310c982b1682945a65eaad544b02ca75605`
SSDeep	`24576:EUvDzhZZDGcpn88UgxkWBp9PFakYuaOAfxu7VD:EUvJDxp86xtBft4CVD`
Imports Hash	`4fb639b17a439bf0efa713bd4c6e715b`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xbe00`
SizeOfInitializedData	`0x5600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000C650 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x18000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`36a372ab428c85c61be72b16c58d9780`
SHA1	`033a69145203b2e100f88e6678dc79ae898d9b87`
SHA256	`688989c7fd61ce9a376d3e5b7304131e6080a6e60d91dfc4f561619bc18ec41c`
SHA3	`4f72d7bbd6c39515eda774fa6289c2f6d1fd46301db1f332237e1f667081370b`
VirtualSize	`0xbdf8`
VirtualAddress	`0x1000`
SizeOfRawData	`0xbe00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50978`

DATA

MD5	`a210a17273094b230ac6a936a2941992`
SHA1	`447e2d511a3b68bef9c7b5d383303c452ad0c012`
SHA256	`a4146185abbb49641ff0f345b001bf7b9f95043c95adfbbbda0fc1804d4dd4a4`
SHA3	`57d2a60cd77b7fb192934936ddda81a34a4bd648b6d15f86ab0142f0b28e673f`
VirtualSize	`0x1800`
VirtualAddress	`0xd000`
SizeOfRawData	`0x1800`
PointerToRawData	`0xc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.31479`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10bc`
VirtualAddress	`0xf000`
SizeOfRawData	`0`
PointerToRawData	`0xda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`f5a0b241c721acdfe6e7a89f09d56172`
SHA1	`85d015617b1b8ec9f2ed516ef6078d861f217271`
SHA256	`8b9ad679f8379c1c1a50cd4f962135500f24c86397f1d44b05750b59d07abfc5`
SHA3	`e67c7dcae793ef85006e9f057896de37c74492c15c858401d24078d18e38afa7`
VirtualSize	`0x850`
VirtualAddress	`0x11000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.26869`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0x12000`
SizeOfRawData	`0`
PointerToRawData	`0xe400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`c233c0ea7d984808a57c6681c85abaad`
SHA1	`30b67fe7349ab6c44324e74736dc2603d146ca62`
SHA256	`d6c72d41ae5241f5eb15c562b4832c65ff7f7cf3506f2da2f0defcd887f5cb54`
SHA3	`f22fe5a446b1fadaf88964d677e5e73f7929a5c6cd9fd1b136e427d006d0f6b6`
VirtualSize	`0x18`
VirtualAddress	`0x13000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.210826`

.reloc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8e0`
VirtualAddress	`0x14000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`

.rsrc

MD5	`89f71130acef7af4ce76bec3d076c9cf`
SHA1	`f4fcfa4be1d77e0577552d36391f31a9d279dc80`
SHA256	`c73e4b45c0cbf14f49c1390b791d6f49cc2b9f2ebf251a5d274585961e71b99f`
SHA3	`65eb7ea8b22e03c29fb51af93bb4976cb1460eb81e79123e5d9f947e94ee69cd`
VirtualSize	`0x2800`
VirtualAddress	`0x15000`
SizeOfRawData	`0x2800`
PointerToRawData	`0xe600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`4.29079`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `WideCharToMultiByte` `TlsSetValue` `TlsGetValue` `MultiByteToWideChar` `GetModuleHandleA` `GetLastError` `GetCommandLineA` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetSystemTime` `GetFileType` `ExitProcess` `CreateFileA` `CloseHandle`
user32.dll	`MessageBoxA`
oleaut32.dll	`VariantChangeTypeEx` `VariantCopyInd` `VariantClear` `SysStringLen` `SysAllocStringLen`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey` `OpenProcessToken` `LookupPrivilegeValueA`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `WideCharToMultiByte` `TlsSetValue` `TlsGetValue` `MultiByteToWideChar` `GetModuleHandleA` `GetLastError` `GetCommandLineA` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetSystemTime` `GetFileType` `ExitProcess` `CreateFileA` `CloseHandle`
user32.dll (#2)	`MessageBoxA`
comctl32.dll	`InitCommonControls`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey` `OpenProcessToken` `LookupPrivilegeValueA`

Delayed Imports

1

Type	`RT_ICON`
Language	Dutch - Netherlands
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.25755`
MD5	`c5af786bfd9fd1c53c8fe9f0bd9ce38b`
SHA1	`4f6f7d9973b47063aa5353225a2bc5a76aa2a96a`
SHA256	`f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b`
SHA3	`e178a71f02edb18e31bf550d484b2cba8d865e1e9796065addb07855ce5627f9`

2

Type	`RT_ICON`
Language	Dutch - Netherlands
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.47151`
MD5	`0a451222f7037983439a58e3b44db529`
SHA1	`6881cba71174502883d53a8885fb90dad81fd0c0`
SHA256	`dc785b2a3e4ea82bd34121cc04e80758e221f11ee686fcfd87ce49f8e6730b22`
SHA3	`d5599c242df5383add3fb330d42b31f1751594b36bbf52195e7d1dd564e7f0e3`

3

Type	`RT_ICON`
Language	Dutch - Netherlands
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.91708`
MD5	`90ed3aac2a942e3067e6471b32860e77`
SHA1	`b849a2b9901473810b5d74e6703be78c3a7e64e3`
SHA256	`ca8fc96218d0a7e691dd7b95da05a27246439822d09b829af240523b28fd5bb3`
SHA3	`3f02085a0d69091556ede0b585f45145adce9849e175d8177c2f0fe0891a1bd8`

4

Type	`RT_ICON`
Language	Dutch - Netherlands
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.91366`
MD5	`af05dd5bd4c3b1fc94922c75ed4f9519`
SHA1	`f54685a8a314e6f911c75cf7554796212fb17c3e`
SHA256	`3bbacbad1458254c59ad7d0fd9bea998d46b70b8f8dcfc56aad561a293ffdae3`
SHA3	`150dba8cc825d5c0e9ff3c59015533288d19931847210338a3ef7cdc390c0e78`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2f2`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.21823`
MD5	`bbf4b644f9dd284b35eb31573d0df2f7`
SHA1	`4f9885ae629e83464e313af5254ef86f01accd0b`
SHA256	`2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f`
SHA3	`ebed2e4a929600c1460761d462143feb092840986b31c9748d3aeb8174d4205e`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.31515`
MD5	`ac2a0551cb90f91d779ee8622682dfb1`
SHA1	`ff0db7d2f48d85ceb3539b21ebe9d0ca3443f1da`
SHA256	`840989e0a92f2746ae60b8e3efc1a39bcca17e82df3634c1643d76141fc75bb3`
SHA3	`58a85f5c53df73aa79e5f5a36aa151ca0d9da4d450ebc2975a3ee827b46342a5`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ce`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.25024`
MD5	`c99b474c52df3049dfb38b5308f2827d`
SHA1	`7375e693629ce6bbd1a0419621d094bcd2c67bb7`
SHA256	`26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78`
SHA3	`c6013febd14dd876e3b81111ec17dd2724dbf4147b0ad7be9d03259bcb59fef3`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`2.86149`
MD5	`aec4e28ea9db1361160cde225d158108`
SHA1	`249013a10cde021c713ba2dc8912f9e05be35735`
SHA256	`d786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c`
SHA3	`a067c4d88d719ed8d568951acb776bd798b691a8b153f8d94ba0574ede1fbf4c`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.20731`
MD5	`c76a8843204c0572bca24ada35abe8c7`
SHA1	`066052030d0a32310da8cb5a51d0590960a65f32`
SHA256	`00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd`
SHA3	`07523cf88b3803ea41acfeb3c9c0c4b5b4b9fb6f9a3232802491d8de1b6c9166`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.04592`
MD5	`4bd4f3f6d918ba49d8800ad83d277a86`
SHA1	`1f5e4c73965fea1d1f729efbe7568dcd081a2168`
SHA256	`34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3`
SHA3	`2d01c56a5bf0b390addf4fb5b6ae02f9a64bd03ffd300d3763615bbb8ec911fe`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`2.64576`
Detected Filetype	Icon file
MD5	`f6262f462f61a1af1cac10cf4b790e5a`
SHA1	`4aa3239c2c59fa5f246b0dd68da564e529b98ff4`
SHA256	`44b095a62d7e401671f57271e6cada367bb55cf7b300ef768b3487b841facd3c`
SHA3	`f2a1d165133c29eba349014fa5f8059ddebe1aba5b220fb89f1a474e95c482ca`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`3.13757`
MD5	`70d33c31c523a13cf944c3ac5746d3c3`
SHA1	`6d7c7d633f05e124ee46f8b4415f8377c87afe60`
SHA256	`f019d0109cb85d10a54f31376c6a20c3466c9b63d37c5dd1e65b1868723cba93`
SHA3	`8a6bddc2ef434805cd55a374f618f8dbfaec96325dabf07be948f08b43b3bced`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x289`
TimeDateStamp	2004-Jan-10 21:02:08
Entropy	`4.86458`
MD5	`c047a23817cac3cf4b6ade2cce0f2452`
SHA1	`901d01bf4040d01986ed704587cb1c989d7f3b93`
SHA256	`6cc41297efef410e2c23b74b2333cafa10b1e93e7dbcf4c683f37ad49ac1e92a`
SHA3	`cb2d67d5ef885493afacc32414adf6365f77c70c9f6d130722f91ce208142528`

String Table contents

'%s' is not a valid integer value
'%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time
'%s' is not a valid date and time
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant type conversion
Invalid variant operation
Variant method calls not supported
Read
Write
Format result longer than 4096 characters
Format string too long
Error creating variant array
Variant is not an array
Variant array index out of bounds
External exception %x
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	This installation was built with Inno Setup: http://www.innosetup.com
CompanyName	1C
FileDescription	"Fallout 2" патч v1.02d_r03 Setup
FileVersion (#2)	0.0.0.0
InternalName
OriginalFilename
ProductName
ProductVersion (#2)

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x412000`
EndAddressOfRawData	`0x412008`
AddressOfIndex	`0x40f3d0`
AddressOfCallbacks	`0x413010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .reloc has a size of 0!
[*] Warning: Raw bytes from section CODE could not be obtained.