Manalyze report for 00da93c5de0fef645b52abe35b471c2ee462e66f47f4004d37be4614ab11790a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2004-Dec-17 08:58:40
Detected languages	English - United States
FileVersion	`2, 0, 0, 24`
ProductName	CoD RconTool Install Program
ProductVersion	`2, 0, 0, 24`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` `Contains domain names: clickteam.com http://www.clickteam.com http://www.clickteam.com/pub www.clickteam.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegDeleteKeyA RegCreateKeyA RegEnumKeyExA RegCloseKey RegDeleteValueA RegSetValueExA RegOpenKeyExA RegQueryValueA RegOpenKeyA RegQueryValueExA` `Possibly launches other programs: CreateProcessA WinExec ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Enumerates local disk drives: GetDriveTypeA` `Can take screenshots: FindWindowA BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`15289224 bytes of data starting at offset 0x2d000.` `The overlay data has an entropy of 7.99862 and is possibly compressed or encrypted.` `Overlay data amounts for 98.8088% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2026-01-08 01:54:27)	`All the AVs think this file is safe.`

Hashes

MD5	`948aff5920fff0e86ebbd8996d44a76b`
SHA1	`0b38bd42e43e30accbde84b5b0d7a9f069942f7c`
SHA256	`00da93c5de0fef645b52abe35b471c2ee462e66f47f4004d37be4614ab11790a`
SHA3	`87df7a0d5a679efe25d51d5c6776c7ccbf847c4cc65f64939bd610bcf644b5ae`
SSDeep	`393216:Ct3EvxmhTVTZtADz1YMIyBNK6ZJkY7t37:CokhT7tAPbBNK6ZJJ`
Imports Hash	`bacdd0bbe05997fdc5a5ac718f9749b4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2004-Dec-17 08:58:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x20000`
SizeOfInitializedData	`0xc000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001A05E (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x21000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2d000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a2c08e2131297a3695b6cf356db5682c`
SHA1	`80f3e6a828263728621335076977f499a351bb8a`
SHA256	`2abc4acfe6faf981f71df7ef2553ed99a25a85a14bee9ec0353d7b4798524e7c`
SHA3	`9b72ba897384583b0f8e60a9fcd264bf71d0de045977e67af65fd38372c2f75c`
VirtualSize	`0x1f92a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x20000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62076`

.rdata

MD5	`2e56d2aaae6bb4c51e796d7bc63698d3`
SHA1	`0e3dc7ca86d8bcbfeda797b2c14c08f497af635e`
SHA256	`e54330298e0f22a00a163ac1c8f015bc153f0bbdcf883c478563c4378a5c8a77`
SHA3	`4788ee942ed9c37dfde7953df18ff556f066758a8651fdf93420513ad49473ad`
VirtualSize	`0x2048`
VirtualAddress	`0x21000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x21000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.16617`

.data

MD5	`14bed6629a02131f0ac2c2fbdf4b366d`
SHA1	`707c2f075870668e5001fa2b86c6d0615a72cbd2`
SHA256	`2b7a7af65e13e3677b71320f93d9c4905d4e4ec58274119fc6f970ec143978a9`
SHA3	`92b7281af28b25cb1e00603957513c17800a00b0baf9880e874c5b7c600ed047`
VirtualSize	`0x5e00`
VirtualAddress	`0x24000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x24000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.72691`

.rsrc

MD5	`8d4933463ab0da1ccc9031626bdafd83`
SHA1	`afd8eef719ccf22cb25ab009483675e6f2944ebb`
SHA256	`3362d52eb1d18ed70ae1f5da79ee2a210d564d76f32fcdbc710f820da4c39a36`
SHA3	`dbe777694acf022d9589d2929d9ad5a9ba854a493c7cfbd331306b3c883b7f14`
VirtualSize	`0x2a38`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x2a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.41348`

Imports

KERNEL32.dll	`GetDriveTypeA` `GetModuleFileNameA` `GetVersionExA` `GetVersion` `CompareStringA` `GetTimeZoneInformation` `IsBadCodePtr` `IsBadReadPtr` `SetUnhandledExceptionFilter` `GetStringTypeW` `GetStringTypeA` `GetFileType` `GetStdHandle` `SetHandleCount` `GetEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `FreeEnvironmentStringsA` `UnhandledExceptionFilter` `GetOEMCP` `GetACP` `GetCPInfo` `LCMapStringW` `LCMapStringA` `GetCurrentProcess` `HeapReAlloc` `VirtualAlloc` `VirtualFree` `HeapCreate` `HeapDestroy` `GetEnvironmentVariableA` `GetCommandLineA` `GetStartupInfoA` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `FindNextFileA` `RemoveDirectoryA` `MoveFileA` `RtlUnwind` `DeleteFileA` `SetEnvironmentVariableA` `CreateDirectoryA` `HeapFree` `HeapAlloc` `HeapCompact` `TerminateProcess` `ExitProcess` `GetFileAttributesA` `SetFileAttributesA` `MoveFileExA` `GetModuleHandleA` `FormatMessageA` `CopyFileA` `SetFileTime` `OpenFile` `SetErrorMode` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `GetTickCount` `GetFullPathNameA` `FindFirstFileA` `FindClose` `MultiByteToWideChar` `WideCharToMultiByte` `GetLocalTime` `GetTempPathA` `GetShortPathNameA` `CompareStringW` `Sleep` `GetExitCodeProcess` `GetCurrentDirectoryA` `SetCurrentDirectoryA` `CreateProcessA` `lstrcatA` `lstrlenA` `WinExec` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `GetDiskFreeSpaceA` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GlobalFree` `CloseHandle` `SetFilePointer` `WriteFile` `ReadFile` `CreateFileA` `GetLastError` `GetWindowsDirectoryA` `IsBadWritePtr` `GetSystemDirectoryA`
USER32.dll	`ExitWindowsEx` `IsIconic` `RedrawWindow` `PostQuitMessage` `DialogBoxParamA` `AdjustWindowRectEx` `PostMessageA` `EndDialog` `CheckDlgButton` `BringWindowToTop` `GetLastActivePopup` `FindWindowA` `RegisterClassA` `SendMessageA` `GetWindow` `LoadCursorA` `DefWindowProcA` `LoadIconA` `GetSysColor` `ScreenToClient` `GetWindowRect` `GetDlgItem` `EndPaint` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `GetSystemMetrics` `SetTimer` `KillTimer` `SendDlgItemMessageA` `GetFocus` `GetDlgItemTextA` `IsClipboardFormatAvailable` `OpenClipboard` `GetClipboardData` `CloseClipboard` `IsDlgButtonChecked` `CheckRadioButton` `SetFocus` `GetParent` `UpdateWindow` `IsWindowVisible` `InvalidateRect` `CreateDialogParamA` `GetMessageA` `IsDialogMessageA` `TranslateMessage` `DispatchMessageA` `SetDlgItemTextA` `SetWindowTextA` `SetWindowPos` `ShowWindow` `DestroyWindow` `CreateWindowExA` `GetWindowLongA` `IsWindowEnabled` `EnableWindow` `CallWindowProcA` `ValidateRect` `SetWindowLongA` `GetClassNameA` `MessageBoxA` `PeekMessageA` `wsprintfA`
GDI32.dll	`DeleteDC` `GetDeviceCaps` `GetSystemPaletteEntries` `CreatePalette` `DeleteObject` `ExtTextOutA` `CreateFontIndirectA` `GetStockObject` `BitBlt` `SelectObject` `CreateCompatibleBitmap` `CreateCompatibleDC` `RealizePalette` `SelectPalette` `CreateHalftonePalette` `CreateDIBPatternBrush` `CreateSolidBrush` `SetBrushOrgEx` `SetStretchBltMode` `StretchDIBits` `SetTextColor` `SetBkMode` `SetBkColor` `RemoveFontResourceA` `AddFontResourceA`
comdlg32.dll	`GetOpenFileNameA`
ADVAPI32.dll	`RegDeleteKeyA` `OpenProcessToken` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `RegCreateKeyA` `RegEnumKeyExA` `RegCloseKey` `RegDeleteValueA` `RegSetValueExA` `RegOpenKeyExA` `RegQueryValueA` `RegOpenKeyA` `RegQueryValueExA`
SHELL32.dll	`DragQueryFileA` `DragFinish` `ShellExecuteA` `SHBrowseForFolderA` `SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHGetMalloc` `DragAcceptFiles`
ole32.dll	`CoGetMalloc` `CoCreateInstance` `OleInitialize` `OleUninitialize`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA` `VerFindFileA`
COMCTL32.dll	`#17`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68877`
MD5	`3a67d7b1cf2fb4857b2e4adde7bcc081`
SHA1	`625ab6035debfd3c1bfcfb22065d4ba7d0eef226`
SHA256	`7a0d16daca88d928bef6530facb8eda686c9dac341f66acc0b879ab3f3045773`
SHA3	`f5015a76216fa7ee1923a9c162dfee9336dad990065bcb0c1dd5cd9121841974`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42299`
MD5	`2d8d39ab84081e3f9f3143efd30fd612`
SHA1	`dc6dba20d81ffcd64d3906c94eb209f818804859`
SHA256	`5b96ca53699ffbd275e2b9f13e7c0f063eae8c0e859dc7369b4cd1b93116cad6`
SHA3	`9519b8d23b0991f0a6a99a45b44ef52b9f005e0b80adafc39527de32ee5b4c5d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8437`
MD5	`290131e333126a7a36c37254d84dcb40`
SHA1	`86f283c128eebedc3f424d89720ffb5218b2a928`
SHA256	`9173e97d740208be27a5973063bb133867f45d90c011e74231ee03fdc64a42e9`
SHA3	`186c622dbaea7b5c335bf2c5de082484ac31265b6be9fe0bae6694ce7352c10f`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.61539`
MD5	`54bbbea381a39c63c70713519c95c250`
SHA1	`f6fea55f8f19da6e34e66c06a7853e050972fe74`
SHA256	`87c9806f8b9178a7005a33a8009bdf09fccdaf5acf66926ff3f9db3138d49a96`
SHA3	`2200933650d3b7f64896a6888299dc65dfd6ba5d5f17c94dbea9c0887fdafcb1`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05813`
MD5	`fcb4cafdeff6f0bf1e0cd5a3f9d612af`
SHA1	`2bec59ac97b3b9fc270a6dc8ba117159eed55c95`
SHA256	`670009c24b6db17f1824617c430f575bcff882a535eae54ce5e19dec35c8189a`
SHA3	`47d5da7e443d9282b0bce4dfd96e773f7ef28fe8415b896f25c0f9e3fff1d2c4`

112

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.86945`
MD5	`fc131a28274f92bb72744a1f5dabed1f`
SHA1	`bc691d6989c70106bf70c8cffc27523bc119d44c`
SHA256	`ca5d05d931937eb904234603889b45d9a4ba6f3ea8f159e3fec4d7f8044eb27c`
SHA3	`5153fb415ea669e13d8834a1f6610395309cd863ce4e27c591ce29d2562cc10b`

113

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.86945`
MD5	`c08a8c6881b25b62c3ba22c79132a730`
SHA1	`a683a209d9a506072fcdb02c69f23232effdd6bc`
SHA256	`4cad9cd5b271996e83e5aa051c2b7416283d285ed7659be1d74ad5c25e804d8a`
SHA3	`aee3214141c18469df7f786f341ee60c8002a9622b02e3a3e512b7642f400d2a`

131

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6218`
MD5	`de7e1b34659a4886c68617fe770ecd45`
SHA1	`b225dbfb0e92dce5173a484ec2ac7734ce7ae124`
SHA256	`f0405d353583a0087b3018f1e12a661e6f109cb2a37da19e42e90526ea733d06`
SHA3	`80918880e307fb8a93504c555880dbb45cf448d8461e38f9953ba98e83ac1aeb`

132

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.81682`
MD5	`dc88d3fb1aa7ea2a0e1e789fd39e9797`
SHA1	`f7212839ab66c8551dcd8936df7bec0f76145e53`
SHA256	`96da82ab825dbc11f2af393f9fff9f7229894c126731336338b24433e878f2f8`
SHA3	`8adfd94e4496f2f5f18067c668219374d61f66bfd004bd99b9d2f166d4d11fa4`

800

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77728`
Detected Filetype	Icon file
MD5	`0411d0f39efb7f4a7c78b9dfd1be152f`
SHA1	`b5e828d05fd0afa031e30ebb68120d62d60d61f6`
SHA256	`3b271af8146dc5add8e0dc2692e4fab867c5258179804ac92d54c2c5e2174ac0`
SHA3	`6cccfcba1f66386600268d4d7bdf70afe3fe4186c328a3891c0a86aca38b1e57`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x320`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07791`
MD5	`8d9e04adf0a0ad85ea601fee79b4a866`
SHA1	`9e38b52f3ae0d9c62b024d26871c08ae015c9bbb`
SHA256	`d094ec88c219d5fe846464fd4277951ddff1c4b60df342d2e196c0e8ad338e88`
SHA3	`2cd21f6d045837539374559f4a87680662176b8365427345ee5073ad0c3a3f6c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x237`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13049`
MD5	`d69641d7355c8ec70b83af7df8869822`
SHA1	`ba50f7dd9f49b491eb609b70cc6dc59d17b12ca9`
SHA256	`35a26cd3193bafdf25ffa93c1ce43a29ea4eee93a4309bff54ceab26302ffd5c`
SHA3	`0032467ae055e1aef284edb08897fbce256a9f206c2b323d861effad86bb9d30`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.0.24
ProductVersion	2.0.0.24
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	2, 0, 0, 24
ProductName	CoD RconTool Install Program
ProductVersion (#2)	2, 0, 0, 24

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbdd646f1`
Unmarked objects	`0`
12 (7291)	`2`
C++ objects (8047)	`8`
14 (7299)	`20`
C objects (8047)	`72`
C objects (VC++ 6.0 SP5 build 8804)	`15`
C objects (2190)	`2`
Imports (2179)	`19`
Total imports	`217`
49 (9044)	`2`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

Leave a comment

No comments yet.