Manalyze report for d88289b0fc4ffc7214bb5521c923bda6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2004-Apr-06 20:17:29
Detected languages	English - United Kingdom

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: command.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5`
Suspicious	The PE is possibly packed.	`Unusual section name found: _rwcseg` `Unusual section name found: .exc` `Unusual section name found: .asrc` `Unusual section name found: _TEXT_HA` `Unusual section name found: _rwdseg` `Unusual section name found: .xxxxx`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegOpenKeyExA RegCreateKeyExA RegCloseKey RegSetValueExA RegQueryValueExA`
Suspicious	VirusTotal score: 1/44 (Scanned on 2026-02-05 03:21:56)	`Trapmine: suspicious.low.ml.score`

Hashes

MD5	`d88289b0fc4ffc7214bb5521c923bda6`
SHA1	`b5925ea81c623ef3db110cb17d3c28f71ff675e3`
SHA256	`8df02ca323afcef329107e21337d7c7b79647ba217713fa2cafc3703e40bd97c`
SHA3	`32a2665bd3e501623ec31430a164a165a2b987c1084d39d129ba531acb855849`
SSDeep	`98304:ha2JDpAC5zbcyJDsCNBMlhc8lRyJ/1OUu:h/JDpACZbcyJylhcERyJ/1C`
Imports Hash	`d9744ea7532748bc3acf866bd4b16610`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`12`
TimeDateStamp	2004-Apr-06 20:17:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0x26d800`
SizeOfInitializedData	`0x1ce600`
SizeOfUninitializedData	`0xb800`
AddressOfEntryPoint	`0x0024A380 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x270000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x450000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`08a8c03c8e3ba762cddcdfcd00d2fa08`
SHA1	`7893712fdde95233f4134a01517868d4e5cd813e`
SHA256	`22717d30927052894d490f531f9b59398e604dbdc82cbbe06300ea34da7d99ad`
SHA3	`8a4ef3ab7347d29fed94dc8996782edf9492a879c2c6ed0ea11f068ea2556ee4`
VirtualSize	`0x26d090`
VirtualAddress	`0x1000`
SizeOfRawData	`0x26d200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41922`

_rwcseg

MD5	`0c76278db5699e53c2f2dcc6b6f1eed8`
SHA1	`03810e4d8434d3b7065334a3fc091871e45559c7`
SHA256	`d36bea32cff47c59f0bf28f3116a157783b9f5e46a811fabf1088d5ae3d74f76`
SHA3	`445cccd4361f2ff96df51e225f7659549d7cc42acd383d742ed847d9c6b51ab1`
VirtualSize	`0x451`
VirtualAddress	`0x26f000`
SizeOfRawData	`0x600`
PointerToRawData	`0x26d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.35169`

.rdata

MD5	`8d50ddac6c18b48dda29d29f43f7f4cc`
SHA1	`c73e5dfef2b08a58e0edd455ef2dd5bf57e41f04`
SHA256	`80792c6136c5391c3dfbbb7364d4db98087e8fdb060635c64ab741c898b5c15a`
SHA3	`41bf8a0ae4cba48faba240a41bf885ea6157cb9d1a78706f2ab7ea1e15e1adfb`
VirtualSize	`0xbb73`
VirtualAddress	`0x270000`
SizeOfRawData	`0xbc00`
PointerToRawData	`0x26dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.21832`

.exc

MD5	`0d98d6fa74e2e24b817045b1efd966eb`
SHA1	`fa94031dea3e8c3f30e809605c9d82c969942fec`
SHA256	`dd7e553deb7c345f173d01db4b4e14adbef22401cc3721f15cf0bcc83bf36acd`
SHA3	`11d846f4a1c98829245152214fba3bef5a0a6e257e47bfcdc5ca1f5bc934aee1`
VirtualSize	`0x58c`
VirtualAddress	`0x27c000`
SizeOfRawData	`0x600`
PointerToRawData	`0x279800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.03119`

.data

MD5	`029dd8fdb28313e48ff7509b8294e817`
SHA1	`0126cb2aebb5ba0601bbec2c53fc398c143334f7`
SHA256	`2c6759aa160c6059b1850f3b2bc36347dfa2b286bcda912369bb7741111f07a8`
SHA3	`308a9581a0c88ea05aab04f836a5b60d58823f49f3b40689053799a9822f3684`
VirtualSize	`0x1704a0`
VirtualAddress	`0x27d000`
SizeOfRawData	`0x170600`
PointerToRawData	`0x279e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.75286`

.CRT

MD5	`55a3826dbe3c62afb758c0c977eb81a6`
SHA1	`30dc4f80c44bb1eaf0d90d4da95f40af032745b7`
SHA256	`b69598082c6bd01a4f36f265878ad065896286923bb2768e41f04d4a5b2456c4`
SHA3	`d8ae5f9e490ad8d696922fab67a0edda26f742e2d8000a3c7a2c384bac7363a0`
VirtualSize	`0x190`
VirtualAddress	`0x3ee000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3ea400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.51265`

.asrc

MD5	`32954fdc39c7616bb19a0cb5d647e069`
SHA1	`d7c7be773569ffd914322794c58507251235f924`
SHA256	`6b2262cdbb115d3a4d44fb83348d5c9097f9915fa5db9ced6cf969e49abe6532`
SHA3	`556f3f99d5d25f11113acf61ab015fc4e141868b6f905bd0f1e901f364723214`
VirtualSize	`0x1a010`
VirtualAddress	`0x3ef000`
SizeOfRawData	`0x1a200`
PointerToRawData	`0x3ea600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.74128`

_TEXT_HA

MD5	`8c95ba4cba74f059ac3c8486446dbe38`
SHA1	`19733e6a83295ddc2cb976d52103eeac35fbfd13`
SHA256	`a0f7837a63c2eca015b811ad7f48ac9a2f18a73e03cbfe2e2d9ee7606f6d4396`
SHA3	`963022d4bc919df0a5b7449e67493e7da5b57f78ef6021b880bc12ad61e2f291`
VirtualSize	`0x10a82`
VirtualAddress	`0x40a000`
SizeOfRawData	`0x10c00`
PointerToRawData	`0x404800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.60972`

.idata

MD5	`7bf192d6895ef1f1bee265143bbac70b`
SHA1	`4639b34d5dd2f1e70d86dd71b7658c53679efda0`
SHA256	`6cc60f512f8fe7dd4e3f1bdc32a44f7ee69f6f17c631aa7c83c4a1df8db09ca6`
SHA3	`49ba161faa6a2b2f944f2c39f1fe241680fa1fa4b97399200f93e45d96910df2`
VirtualSize	`0x12a0`
VirtualAddress	`0x41b000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x415400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.2239`

_rwdseg

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x41d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x416800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb6d3`
VirtualAddress	`0x41e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.xxxxx

MD5	`d80f82a4efbfc587deaf6025c4bee5b8`
SHA1	`432561595fe2b1a99e5d16839dcc517685061505`
SHA256	`03c698217d83093ec0fb6c2684a4c659094a886f3eb5158f75e6e432a7f54298`
SHA3	`107a46c13c01c69cc399b4f6f94a00eb15ccf55994fd822aec618f5fd6c5685d`
VirtualSize	`0x257e4`
VirtualAddress	`0x42a000`
SizeOfRawData	`0x25800`
PointerToRawData	`0x416a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.79583`

Imports

ADVAPI32.dll	`RegOpenKeyExA` `RegCreateKeyExA` `RegCloseKey` `RegSetValueExA` `RegQueryValueExA`
DINPUT8.dll	`DirectInput8Create`
KERNEL32.dll	`GetLastError` `IsBadReadPtr` `CreateEventA` `CloseHandle` `ReadFile` `GetOverlappedResult` `CreateFileA` `GetVersion` `IsBadCodePtr` `IsBadWritePtr` `GetFileAttributesA` `CreateDirectoryA` `OutputDebugStringA` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `GetCommandLineA` `SetErrorMode` `GetModuleHandleA` `GetModuleFileNameA` `GetCurrentThread` `GetTickCount` `GetUserDefaultLangID` `SetFileAttributesA` `DeleteFileA` `GetDiskFreeSpaceExA` `GetDiskFreeSpaceA` `SetFilePointer` `WriteFile` `GetFileInformationByHandle` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `EnterCriticalSection` `LeaveCriticalSection` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `InitializeCriticalSection` `DeleteCriticalSection` `ExitProcess` `GetStartupInfoA` `GlobalAlloc` `GlobalFree` `GetCurrentDirectoryA` `FindFirstFileA` `FindClose` `GetCurrentProcess` `DuplicateHandle` `GetStdHandle` `SetCurrentDirectoryA` `SetEnvironmentVariableA` `GetLocalTime` `GetTimeZoneInformation` `RtlUnwind` `FindNextFileA` `GetEnvironmentStrings` `FreeEnvironmentStringsA`
USER32.dll	`SetWindowTextA` `MessageBoxA` `ShowCursor` `ClientToScreen` `SetCursorPos` `LoadCursorA` `RegisterClassA` `FindWindowA` `SetForegroundWindow` `AdjustWindowRect` `CreateWindowExA` `GetWindowRect` `SetWindowPos` `SendMessageA` `ShowWindow` `GetDlgItem` `SetFocus` `EndDialog` `SetCursor` `ReleaseCapture` `GetWindowPlacement` `SetCapture` `DefWindowProcA` `KillTimer` `ClipCursor` `PostQuitMessage` `GetSystemMetrics` `DialogBoxParamA` `GetClientRect` `UpdateWindow` `SystemParametersInfoA` `DestroyWindow` `SetWindowLongA` `PeekMessageA` `TranslateMessage` `DispatchMessageA` `WaitMessage` `MapVirtualKeyA` `AdjustWindowRectEx` `GetMenu` `GetWindowLongA` `IsIconic`
WINMM.dll	`timeGetTime`
binkw32.dll	`_BinkCopyToBufferRect@44` `_BinkWait@4` `_BinkDoFrame@4` `_BinkNextFrame@4` `_BinkOpen@8` `_BinkBufferOpen@16` `_BinkSetVolume@12` `_BinkOpenMiles@4` `_BinkSetSoundSystem@8`
d3d8.dll	`Direct3DCreate8`
mss32.dll	`_AIL_enumerate_3D_providers@12` `_AIL_release_3D_sample_handle@4` `_AIL_close_3D_provider@4` `_AIL_set_3D_provider_preference@12` `_AIL_open_3D_provider@4` `_AIL_3D_room_type@4` `_AIL_set_3D_room_type@8` `_AIL_3D_provider_attribute@12` `_AIL_allocate_3D_sample_handle@4` `_AIL_set_3D_sample_effects_level@8` `_AIL_set_redist_directory@4` `_AIL_startup@0` `_AIL_set_preference@8` `_AIL_open_digital_driver@16` `_AIL_set_3D_sample_info@8` `_AIL_set_3D_sample_loop_count@8` `_AIL_close_digital_driver@4` `_AIL_shutdown@0` `_AIL_set_3D_sample_volume@8` `_AIL_set_3D_position@16` `_AIL_set_3D_sample_distances@12` `_AIL_set_3D_sample_playback_rate@8` `_AIL_set_3D_sample_loop_block@12` `_AIL_3D_sample_status@4` `_AIL_start_3D_sample@4` `_AIL_end_3D_sample@4` `_AIL_stop_3D_sample@4` `_AIL_3D_sample_offset@4` `_AIL_3D_sample_length@4` `_AIL_resume_3D_sample@4` `_AIL_set_3D_sample_occlusion@8` `_AIL_process_digital_audio@24` `_AIL_ms_count@0`
ole32.dll	`(EMPTY)`

Delayed Imports

MB_PICTURE

Type	`RT_BITMAP`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x18028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57253`
MD5	`ec349092ce37f7e6b0c972015c33c196`
SHA1	`9d32cc7ca50b4c400c371503cba51aa9d15d1523`
SHA256	`7cd1e956a5dd45629e111ed612bb5dc13042438325af9540b5bb1d0768e7ac11`
SHA3	`780f541cd39258d86bd8c0693dd3bb7bc2fd6834fb9c6b28b5b256f9761e08aa`
Preview

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99013`
MD5	`32e3606aba801f26533a8c80c52ac757`
SHA1	`a1663e251f636dd715b9d8ffa4c894db551b3350`
SHA256	`daff970750901cda8a471158c5de67157613344d7821fc2ae950dbf1e5581ace`
SHA3	`6fa7903c7024486783327502af9da215b1171472661dc4dd1caa18633e8733e8`

104

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25147`
MD5	`3738e4d1c6a5029320356db672876d10`
SHA1	`415365b56fc90bc1f52b5e29069232b395330b4d`
SHA256	`eb52443ea74b379cba0d01ab3de9d182e1589b9cae9b8c08e06072c8139a9331`
SHA3	`e29f428cddb4bc38b3326918b8eabf9c14954f292c3af72b98ea5b0897fa5d35`

111

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`ecb3fea9b8fba3816da208767162ebaf`
SHA1	`ddefd39f5270bb56f9de023bf02862982d3069ae`
SHA256	`1f08569caa4db78cd12752e0343cd4bfd02c5990676e45b472c5e0572a841b7c`
SHA3	`13025b2d842232c33f3c6cb9e7df07905c5c0c080f9706c2d98d97b4d86e085d`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
[*] Warning: Yara callback received an unhandled message (6).