Manalyze report for f31a221779fadca4dae8fe758546ecde8b88a88fa6e80fad7dee115d2ef620e8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2002-Sep-26 14:02:35

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ v7.1 EXE` `Microsoft Visual Basic v5.0 - v6.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .data1`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegQueryValueExA RegOpenKeyA RegCloseKey` `Enumerates local disk drives: GetDriveTypeA`
Safe	VirusTotal score: 0/70 (Scanned on 2026-05-04 02:13:50)	`All the AVs think this file is safe.`

Hashes

MD5	`37caa31bdb473d9019be2491bd8dc914`
SHA1	`3201a5e1029f3ae3b77770255dcbe10360b3cd09`
SHA256	`f31a221779fadca4dae8fe758546ecde8b88a88fa6e80fad7dee115d2ef620e8`
SHA3	`d6c9d51188a561fb2e7f5090205daa0ec3ee50b82f0bb857e487b65a9cb30587`
SSDeep	`98304:4bkgp6kFlO7QHvJ2lt19FNVdlmuWeGOiYDjvg1WuR:4blp6ke7LX6`
Imports Hash	`89a0f9cd6a7fa123bba8cfb11027694a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2002-Sep-26 14:02:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x228000`
SizeOfInitializedData	`0x1eb7000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0016FDD6 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x229000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x20e0000`
SizeOfHeaders	`0x1000`
Checksum	`0x576c08`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f01c047e9a6e907dba8dc4b7834b4666`
SHA1	`e3e6740ea44df67886f871dcfe00f20ee4da5d24`
SHA256	`0ecc15d821c7c1d206ce7ce8c97a6b15038800bc4a4b2e34db122d5a8c05b562`
SHA3	`0de68640c1909b8fe44d5a0541dbe6bb146c5fe16bd176a4a08c450a52f117c9`
VirtualSize	`0x228000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x228000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.07725`

.rdata

MD5	`30fc2a8c935198e91d29512867c52e7c`
SHA1	`8ba83d427a9fe62a8a50ade7d44cf9514b41fa2a`
SHA256	`a889e9f59665a0b13efd201965022cadd21ea77a982328423bb1b8b36470b285`
SHA3	`b78eb6f66db969267e605d916de1db16d5f628bbefb970e4993166a91e5cefca`
VirtualSize	`0x16f494`
VirtualAddress	`0x229000`
SizeOfRawData	`0x170000`
PointerToRawData	`0x229000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.00666`

.data

MD5	`d085301d0599d1b3bcc1badc3c44d61b`
SHA1	`efcb028e5cd3a79a9fea18b882dc51109a552131`
SHA256	`73e26364ab3bd2164c28477f5cb8644cc705bf5988f85476582a8875c24b8ebd`
SHA3	`6f7729789d7d5288c4bce76650c22f67ef7bbf4dfdc124bf168f49d856fda003`
VirtualSize	`0x1d0c554`
VirtualAddress	`0x399000`
SizeOfRawData	`0x199000`
PointerToRawData	`0x399000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.12949`

.idata

MD5	`d97d5f4bc698000f86f812bb84650651`
SHA1	`cf9fddf352c805bfcccdfb314740f6e80cc4e0a1`
SHA256	`c1282412f7af918f054972bf23abb650e21f854e0a24ce48df297b8d8f724d3c`
SHA3	`1db2ea1e37d6e34223ba1e3cd0a4d5c227ff86c2d411852da4c9484a0d39ccd2`
VirtualSize	`0x1c73`
VirtualAddress	`0x20a6000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x532000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.36162`

.data1

MD5	`bd4929bb4ee6547e6217d41c6806e321`
SHA1	`7dc23ad02faef105965092c0320e34c2f701d2ff`
SHA256	`7bc5026ff577ff22cc1e5e0ba6e628f41cc2532d06802d3d973fc632d214a69d`
SHA3	`a31edcb66d2961b880e205aee11c04737611af4fd213109b0c694885b79092c5`
VirtualSize	`0xba6`
VirtualAddress	`0x20a8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x534000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.51846`

.rsrc

MD5	`5cc93942b518e16d0a05aeaa276444d3`
SHA1	`d5d1ce570bcf7d38d2de38395b18c2ff627326e6`
SHA256	`f193a80683d56bc98b36f33f8833997b3198794a9461b5ff596e61ae3bf60625`
SHA3	`99ab5336488683322c8373bb65c65fed4d31fcb477fc913bafff41e86da7ccc4`
VirtualSize	`0x36d5c`
VirtualAddress	`0x20a9000`
SizeOfRawData	`0x37000`
PointerToRawData	`0x535000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.81866`

Imports

WINMM.dll	`timeBeginPeriod` `timeEndPeriod` `timeKillEvent` `timeSetEvent` `timeGetTime`
DINPUT8.dll	`DirectInput8Create`
KERNEL32.dll	`LoadLibraryA` `GetProcAddress` `GetModuleHandleA` `WriteFile` `GetLastError` `GetFileSize` `MapViewOfFile` `CreateFileMappingA` `CreateFileA` `CreateFileW` `WideCharToMultiByte` `GetVersionExA` `UnmapViewOfFile` `LockResource` `LoadResource` `SizeofResource` `GetDriveTypeA` `FindResourceW` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetCurrentThreadId` `GetTickCount` `GetStartupInfoA` `ExitProcess` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `InitializeCriticalSection` `lstrcmpiA` `HeapFree` `HeapDestroy` `HeapCreate` `HeapAlloc` `CloseHandle` `CreateMutexA` `GlobalMemoryStatus` `Sleep` `ExitThread` `GetSystemTimeAsFileTime` `SetFilePointer` `GetFullPathNameA` `FindResourceA` `RemoveDirectoryA` `lstrlenA` `GetExitCodeThread` `SetEvent` `CreateThread` `SetThreadPriorityBoost` `PulseEvent` `SuspendThread` `GetCurrentThread` `GetThreadPriority` `SetThreadPriority` `ResumeThread` `QueryPerformanceFrequency` `MultiByteToWideChar` `ReadFile` `lstrcpyA` `lstrcatA` `SystemTimeToFileTime` `CopyFileA` `WaitForSingleObject` `ReleaseMutex` `FindFirstFileA` `FindNextFileA` `FindClose` `GetOverlappedResult` `SetFileAttributesA` `GetDiskFreeSpaceExA` `GetLocalTime` `DeleteFileA` `OutputDebugStringA` `GetThreadLocale` `GetLocaleInfoA` `CreateDirectoryA` `GetACP` `InterlockedExchange` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `CreateEventA` `QueryPerformanceCounter`
USER32.dll	`LoadCursorA` `PeekMessageA` `TranslateMessage` `wsprintfA` `MessageBoxA` `DispatchMessageA` `UpdateWindow` `ShowWindow` `CreateWindowExA` `DefWindowProcA` `SendMessageA` `PostQuitMessage` `EndPaint` `BeginPaint` `RegisterClassExA`
GDI32.dll	`DeleteObject`
ADVAPI32.dll	`RegQueryValueExA` `RegOpenKeyA` `RegCloseKey`
d3d8.dll	`Direct3DCreate8`
DSOUND.dll	`#11`
binkw32.dll	`_BinkSetSoundOnOff@8` `_BinkOpen@8` `_BinkSetSoundTrack@8` `_BinkSetSoundSystem@8` `_BinkOpenDirectSound@4` `_BinkClose@4` `_BinkCopyToBuffer@28` `_BinkNextFrame@4` `_BinkDoFrame@4` `_BinkWait@4` `_BinkPause@8`
MSVCR70.dll	`wcslen` `??_V@YAXPAX@Z` `_stricmp` `strncpy` `strncmp` `??1exception@@UAE@XZ` `??0exception@@QAE@XZ` `_strnicmp` `??0exception@@QAE@ABV0@@Z` `_CIasin` `_aligned_malloc` `_aligned_free` `fputs` `fprintf` `strtoul` `strtok` `fgets` `??_U@YAPAXI@Z` `ceil` `puts` `iswascii` `__security_error_handler` `_c_exit` `_exit` `_XcptFilter` `_cexit` `_acmdln` `_amsg_exit` `__getmainargs` `_initterm` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `?terminate@@YAXXZ` `__dllonexit` `_onexit` `??1type_info@@UAE@XZ` `_except_handler3` `_controlfp` `strstr` `_beginthread` `qsort` `strncat` `fseek` `ftell` `srand` `vsprintf` `fread` `fwrite` `fclose` `_finite` `_ftol` `isspace` `isdigit` `_setjmp3` `longjmp` `??2@YAPAXI@Z` `??3@YAXPAX@Z` `__CxxFrameHandler` `fopen` `exit` `malloc` `free` `sprintf` `printf` `_CIpow` `_CIfmod` `floor` `_CIacos` `calloc` `_CxxThrowException`
MSVCP70.dll	`??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z` `??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z` `??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z`
ole32.dll	`CoInitialize`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.11784`
MD5	`1eb85325a1e79b0f9540e61b977b6314`
SHA1	`5bcb36d003306e6c501a404e44c665fe2fd7683c`
SHA256	`f8fe684511641edc44eab99d2f026e21ee4e54475ea8ca92194a045cc3e8cca1`
SHA3	`c344e2b1b3fe90b4f8751b100416b7e308c12e7d9c9dcb609c6d1dff1fadefbe`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.66598`
MD5	`1fed957c3469031d052bbe3b3e4faa16`
SHA1	`1f689c0c6b4d08d06cb8d462b0b4905c30fd8682`
SHA256	`3c1c390e6337f78b18cad1f457bdfe380f71d9463bbc5d16cadd75420deffb2d`
SHA3	`310bc6e776849843ceab59fd5073a636591c5aea4d17a5b52ee7e068f0dfbde9`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.76202`
MD5	`164c1ceb6a7768e0dbad694bf4a3e834`
SHA1	`23f77c8c4ae7b815a89fbe4139b76d6c5931ff49`
SHA256	`201521cae9af10a1a315a95f2d584975e6356b01009685b97b65cb12d6bcd37c`
SHA3	`7c529231845dfe02501eb5eb182008a08915825aa7ead7f34f6fa06614009d52`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.80701`
MD5	`77957036d4b379388c28faa12ae8e483`
SHA1	`47e856f8234ff12137d4fec1bf5719584bb950a6`
SHA256	`7a65908c6ac3f18485cbaf62a0e1d1f19b92f93b3a9e05de093231d484514e97`
SHA3	`e66e047d6b5f8395f03f0a0c190b9a7ecb36c5da0f92a3b04fe8b37d797ca00c`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x32028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.82971`
MD5	`b47e1d37416f34c58265f2ee773548d8`
SHA1	`f3e4ed1e9664cbbab81c7c207e7980a418af485b`
SHA256	`ae68c448f383ed52e7cfeb6eee14d08544937cab6acb2e4a42fd1439dbb158a2`
SHA3	`0a3badda6caf128dd0fcd22f57b25ecc10aeea6ee0ab6e470ef99a2397c867fe`

SH2

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75387`
Detected Filetype	Icon file
MD5	`01d791c0b2c74633e06a60bdf8fd6e97`
SHA1	`8d4464f8bdc6282a0314fc33331cc71abd29839c`
SHA256	`d45acb91045d259aae2223c433e6d151a56fa4822b29298f74e85c0ae8fd8d49`
SHA3	`d44005ed759eea00c77fc6423f7755cc6e3babd75f6e46fb2abf8e2054106a09`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x58983dec`
Unmarked objects	`0`
39 (9162)	`1`
ASM objects (VS2002 (.NET) build 9466)	`9`
Imports (VS2002 (.NET) build 9466)	`6`
49 (9044)	`1`
48 (9044)	`56`
C objects (9178)	`4`
C++ objects (9178)	`68`
18 (8444)	`1`
Unmarked objects (#2)	`8`
Imports (9210)	`19`
Total imports	`197`
C++ objects (VS2002 (.NET) build 9466)	`155`
C objects (VS2002 (.NET) build 9466)	`291`
Linker (VS2002 (.NET) build 9466)	`1`

Errors

Leave a comment

No comments yet.