f0ad90098ca0ef4de1e0c914a40b1726

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Mar-07 10:30:28
Detected languages English - United States
Debug artifacts c:\builds\pc_1.3_1_1\pc\cod2\pc\CoD2SP_s.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 7.1
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ v7.0
Microsoft Visual C++ v7.1 EXE
Microsoft Visual C++ 7.0 MFC
MASM/TASM - sig1(h)
Suspicious PEiD Signature: SafeDisc v4
SafeDisc 4
Suspicious The PE is possibly packed. Section .text is both writable and executable.
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
 Possibly launches other programs:
  • CreateProcessA
  • ShellExecuteA
 Uses functions commonly found in keyloggers:
  • MapVirtualKeyA
  • GetForegroundWindow
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Leverages the raw socket API to access the Internet:
  • WSAGetLastError
  • inet_addr
  • gethostbyname
 Enumerates local disk drives:
  • GetDriveTypeA
 Manipulates other processes:
  • OpenProcess
 Reads the contents of the clipboard:
  • GetClipboardData
Suspicious VirusTotal score: 2/67 (Scanned on 2026-02-11 03:26:40) APEX: Malicious
CAT-QuickHeal: Trojan.Ghanarava.16412917750b1726

Hashes

MD5 f0ad90098ca0ef4de1e0c914a40b1726
SHA1 bf1acf92ada269eeb43e784c4ff09131a226c92f
SHA256 27a98b234b7c52581a0c3a9c32a8f9dd42c57e509947f5ad44a02ae2e8320f41
SHA3 29cc38c60dac55053806f8dc106f03a5f04a7114cd936ddd624cde220300d846
SSDeep 49152:Khcaffw2LkX2w2Ef2zBlBn9GMnkLJNeSvniEBlDQC38zivs/:Mcaffw2Lq52EfYBlBn9GMwHvn
Imports Hash e9493e33956bddbaf6ebc61f6dd7b201

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x120

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Mar-07 10:30:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x16f000
SizeOfInitializedData 0x175b000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00155B43 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x16a000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x18c4a46
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x10000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ea937f3719f85995774f7e531d9595dc
SHA1 025d537b58e88978b9a444e82df75db4e6058bd4
SHA256 b5fecb47dedf725e2399f1615cabd0473f81d3fc4b63d444321f2d9986116c89
SHA3 5a56b41fcf9cde2c8000676f620497ef188d59674002545f18fedf0b5c5f9aa2
VirtualSize 0x168172
VirtualAddress 0x1000
SizeOfRawData 0x169000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.67899

.rdata

MD5 f38faacfa6664b058c03bbde27efcd69
SHA1 11798109c2841a903cc236b90d27b0304b76da4f
SHA256 7d76dc9bb862641b154f09096da4a4f41da584c76fe30b44904807d943b78835
SHA3 c9bbd3615ca6488d2f538f426d5ce486dc2c7db89484816823ce48ce43596486
VirtualSize 0x2e779
VirtualAddress 0x16a000
SizeOfRawData 0x2f000
PointerToRawData 0x16a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.62171

.data

MD5 51214f6dae24bc4b7369366228139e5e
SHA1 fa425adccec83ee58ec16f42d771600f9e53d78e
SHA256 8b6aa65e48b70631be60e568bc89e0b4c54f67b62aa8a35aa67ef8dfdf27a455
SHA3 c51667200a160545a2c2ba5221527363aef0bdab82ac60caee0c043b14222de8
VirtualSize 0x17272e0
VirtualAddress 0x199000
SizeOfRawData 0x11000
PointerToRawData 0x199000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.10498

.rsrc

MD5 16d481e812304f7aba8de42d97e7c350
SHA1 92203f8c3153f3b7234aaf53c9fcf75c508613b0
SHA256 52f2babc43a7fe7af3c39a9432c8136aeb96db94aa6d52f9987da5a43e886da1
SHA3 0a0cbe7defee3683d5aa069c6f059438e2d8749bf1e92dd065076833521925c3
VirtualSize 0x3a46
VirtualAddress 0x18c1000
SizeOfRawData 0x4000
PointerToRawData 0x1aa000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.37163

Imports

advapi32.dll GetUserNameA
gdi32.dll CreateFontA
GetDeviceCaps
SetDeviceGammaRamp
CreateSolidBrush
kernel32.dll SetEndOfFile
GetTickCount
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualProtect
RaiseException
GetOEMCP
GetACP
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
GetTimeZoneInformation
GetFileType
GetStdHandle
LockResource
GetLocaleInfoW
IsBadWritePtr
FatalAppExitA
DeleteCriticalSection
HeapCreate
HeapDestroy
SetFilePointer
SetConsoleCtrlHandler
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
TlsFree
SetLastError
GetCommandLineA
GetStartupInfoA
HeapReAlloc
TerminateProcess
ExitProcess
GetFullPathNameA
RemoveDirectoryA
CreateDirectoryA
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
MoveFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetUnhandledExceptionFilter
IsBadReadPtr
FlushFileBuffers
Module32Next
SetPriorityClass
MulDiv
DeleteFileA
GetCurrentProcessId
CloseHandle
GetVersionExA
IsBadCodePtr
CreateToolhelp32Snapshot
GetCurrentDirectoryA
GetModuleFileNameA
LoadLibraryA
GetCurrentThreadId
Sleep
GetFileAttributesA
SetFileAttributesA
VirtualFree
VirtualAlloc
GetCurrentProcess
GetProcessAffinityMask
TlsGetValue
WaitForSingleObject
SetEvent
GetCurrentThread
TlsSetValue
CreateEventA
InterlockedExchange
ResetEvent
WaitForMultipleObjects
DuplicateHandle
TlsAlloc
SuspendThread
ResumeThread
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalMemoryStatus
QueryPerformanceCounter
GetProcAddress
GetModuleHandleA
QueryPerformanceFrequency
CreateFileA
SetErrorMode
FreeLibrary
GlobalSize
GlobalLock
SetThreadExecutionState
FormatMessageA
WriteFile
GetDriveTypeA
OpenProcess
GlobalAlloc
CreateProcessA
ReadFile
GlobalUnlock
Module32First
GetLastError
shell32.dll ShellExecuteA
user32.dll MapVirtualKeyA
MonitorFromWindow
RegisterClipboardFormatA
PostQuitMessage
SetWindowTextA
CloseWindow
MoveWindow
GetMonitorInfoA
SetClipboardData
CallWindowProcA
EnumThreadWindows
ChangeDisplaySettingsA
GetDesktopWindow
ReleaseDC
GetWindowLongA
SetWindowLongA
GetWindowTextA
GetDC
MessageBoxA
ReleaseCapture
PostMessageA
GetCursorPos
SetCursorPos
GetForegroundWindow
ShowCursor
SetFocus
SetForegroundWindow
SetCapture
GetWindowRect
LoadCursorA
OpenClipboard
DispatchMessageA
ShowWindow
EmptyClipboard
PeekMessageA
GetClipboardData
TranslateMessage
LoadIconA
RegisterClassExA
CloseClipboard
GetMessageA
RegisterClassA
AdjustWindowRect
UpdateWindow
LoadImageA
GetSystemMetrics
SetWindowPos
DefWindowProcA
CreateWindowExA
SendMessageA
DestroyWindow
winmm.dll timeBeginPeriod
timeGetTime
timeEndPeriod
ws2_32.dll WSAGetLastError
inet_addr
gethostbyname
d3d9.dll Direct3DCreate9
mss32.dll _AIL_set_digital_master_reverb_levels@12
_AIL_sample_status@4
_AIL_3D_provider_attribute@12
_AIL_set_stream_playback_rate@8
_AIL_set_3D_sample_loop_count@8
_AIL_close_stream@4
_AIL_size_processed_digital_audio@16
_AIL_set_stream_reverb_levels@12
_AIL_set_3D_sample_distances@12
_AIL_3D_sample_offset@4
_AIL_set_sample_reverb_levels@12
_AIL_resume_sample@4
_AIL_3D_sample_status@4
_AIL_allocate_sample_handle@4
_AIL_sample_volume_levels@12
_AIL_stream_info@20
_AIL_init_sample@4
_AIL_stop_sample@4
_AIL_stream_ms_position@12
_AIL_set_3D_room_type@8
_AIL_set_sample_loop_count@8
_AIL_set_sample_playback_rate@8
_AIL_set_stream_loop_count@8
_AIL_set_preference@8
_AIL_stream_volume_levels@12
_AIL_set_sample_ms_position@8
_AIL_end_sample@4
_AIL_enumerate_3D_providers@12
_AIL_set_sample_adpcm_block_size@8
_AIL_set_3D_position@16
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_offset@8
_AIL_open_stream@12
_AIL_set_3D_sample_playback_rate@8
_AIL_end_3D_sample@4
_AIL_set_3D_sample_volume@8
_AIL_stop_3D_sample@4
_AIL_set_stream_ms_position@8
_AIL_open_3D_provider@4
_AIL_resume_3D_sample@4
_AIL_3D_position@16
_AIL_stream_status@4
_AIL_sample_playback_rate@4
_AIL_load_sample_buffer@16
_AIL_set_sample_volume_levels@12
_AIL_sample_volume_pan@12
_AIL_minimum_sample_buffer_size@12
_AIL_sample_ms_position@12
_AIL_release_sample_handle@4
_AIL_set_DirectSound_HWND@8
_AIL_3D_sample_length@4
_AIL_set_redist_directory@4
_AIL_sample_buffer_ready@4
_AIL_3D_sample_playback_rate@4
_AIL_close_3D_provider@4
_AIL_stream_playback_rate@4
_AIL_set_stream_volume_levels@12
_AIL_set_3D_rolloff_factor@8
_AIL_set_file_callbacks@16
_AIL_stream_volume_pan@12
_AIL_set_sample_type@12
_AIL_last_error@0
_AIL_set_3D_distance_factor@8
_AIL_3D_sample_volume@4
_AIL_pause_stream@8
_AIL_set_sample_address@12
_AIL_set_3D_sample_info@8
_AIL_process_digital_audio@24
_AIL_WAV_info@8
_AIL_open_digital_driver@16
_AIL_startup@0
_AIL_digital_CPU_percent@4
_AIL_set_3D_sample_effects_level@8
_AIL_set_digital_master_room_type@8
_AIL_sample_position@4
_AIL_shutdown@0

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.50003
MD5 854d9c3e1fb9bf9d14e93b14e363035a
SHA1 eb25ca336e9d75fef69f6ca1e62bed683877ba4a
SHA256 107d9e3aee215060b0dff55aae3fa55a15b5f1a06cc9716ea0ed372ac3880849
SHA3 953084f982da1471720a3770c9ffa4a1db95be29f302ea3d702b5dc7e616fd28

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.87685
MD5 5405cb25f82453a45405a9c57ff7a996
SHA1 40bc534f0e662480629ee5df0ee3f8e04ea8fd3d
SHA256 d5c76a18d44f489735a41448811d11cc3512b92ef4393945be5eb086b1726578
SHA3 c33c72b738c49a64d38f7a0e6dcd31a8d6ee0ce318e8e57e5b2bbeb41da9b6e8

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.9411
MD5 c9a55475482eec9711a00c35a4b2a0b6
SHA1 01f1f4d0432e6316fb61ba7b64b00e3f465b8e17
SHA256 7e067e5fafde16f53accd2d2cc3a0fdb785c51fdcce3e504e95ee9ab3b3fb587
SHA3 08804f0fc1770a0ecaf1f41f67d0f4dc064008b2726490d2ee5db2575d8bb9a8

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.90501
MD5 120a59d8b4d6b0ee5d80e80bdfe127c2
SHA1 ec0ad796ef52225622d2325e302244d13b0b96e5
SHA256 76017b93188d7aee2e7f02a76a2310e984fdabe8ebba903e1024e24275911474
SHA3 e8d958015006f9ffab937653c899fa7ac491f5ab49ba909b1a1da7b6b382c422

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.07381
MD5 5560db9713fa69e0df5d9059e5064a3f
SHA1 374ca212753bf4afdaa12bd8d8d583b62d617906
SHA256 f5f052842c7418602871908f1b5ab5706e1407c40dba44090cf0bb0e27dd7e54
SHA3 65802729797386e5a70a4a5a1742e859d63d3c683a9f76fe0d736c9393580b5d

1 (#2)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x38
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.56933
MD5 b07f37475067dfa9293afb0f5bca8949
SHA1 5158e15f7ac725b6bcabf38db2119c5c4c2ec077
SHA256 da83f001e83e3ce624066bd8e1f062632463c71ac1cde633700faee4792f40c8
SHA3 d77d2a5d8bec88a88f139262cb1aed0b9d94b57bbf2774b7ffce3be048d17f8f

1 (#3)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.77248
Detected Filetype Icon file
MD5 286ddb4865b072867e14cf533bd950ca
SHA1 96c441c1c3cf799b8f8fcce0df76656e448a0477
SHA256 fbbd7b3cf3e8bdde2cb9e1132a9ead03571d65b50faf1b5678960a971a9624eb
SHA3 0b640697021364342a61ae8021f2e699ed7bff5bf6064c9d04ac8c9f07222117

String Table contents

Call of Duty

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2006-Mar-31 03:37:27
Version 0.0
SizeofData 69
AddressOfRawData 0x1966b0
PointerToRawData 0x1966b0
Referenced File c:\builds\pc_1.3_1_1\pc\cod2\pc\CoD2SP_s.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x1988d4c3
Unmarked objects 0
C++ objects (VS2003 (.NET) build 3077) 13
105 (2067) 8
ASM objects (VS2003 (.NET) build 3077) 50
C objects (VS2003 (.NET) build 3077) 161
Imports (9210) 2
Imports (2067) 2
Imports (VS2003 (.NET) build 4035) 2
C objects (VS2002 (.NET) build 9466) 1
Imports (VS2002 (.NET) build 9466) 2
Imports (2179) 11
Total imports 265
100 (VS2003 (.NET) build 3077) 260
94 (VS2003 (.NET) build 3052) 1
Linker (VS2003 (.NET) build 3077) 1

Errors