Manalyze report for 1068dcb6ea9b83a10f67667d33ef49befcd09d07e610582da52db63078eeca83

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-24 12:04:05
Detected languages	English - United States
Debug artifacts	C:\CSU\ASM\battle city\tanks_VS2022\Release\asm_picture.pdb

Plugin Output

Suspicious	The PE is packed or was manually edited.	`The number of imports reported in the RICH header is inconsistent.`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can take screenshots: BitBlt CreateCompatibleDC`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`3b1d3033299783076168506f11d28f0a`
SHA1	`8a2ebed4e6bb5fca36bc8536aa217a855bd4f40d`
SHA256	`1068dcb6ea9b83a10f67667d33ef49befcd09d07e610582da52db63078eeca83`
SHA3	`f65fe0b986f8ab4712386df743328416541b0dd30f3eaf51e505e1dde93c9fd5`
SSDeep	`384:jS+VD4NzRIixIvGl/qszXhnNzwF1Q8ZKk4v1MftA12OqcdKCyCrJAci9+:jS+N4NzRTl77hncZKkUgtAkCKX+`
Imports Hash	`a88d7ec71308c8e688ffbf54a7de7e36`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2025-Dec-24 12:04:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x3800`
SizeOfInitializedData	`0x3800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003A10 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a1b35563eb729e33af150beabed3f045`
SHA1	`8a0e65622da070119a15a0a760fd4d436f0e69dd`
SHA256	`c4e6c3d14663557e5a60a479564aa8a5d08b2db9a6cd83bf05ddb583909cf708`
SHA3	`86c4d8aa639798df6adfa073631bfc309ffeb0cf4026c2b1a45ea1eae17a2e5a`
VirtualSize	`0x3624`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.86455`

.rdata

MD5	`627913b4213b35c4011bf170df9ef15a`
SHA1	`51c20b67f8eb922cd7d2988d7145db555878e5e7`
SHA256	`3f42bba37af54d0188fb49ca7f3341ee2593462aa8ec22d74935193b6d03e4bb`
SHA3	`e840cd3baa0a28325e8793352f1731dd823013b632e66cb7b32a071d7eb677e5`
VirtualSize	`0x11d8`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.95713`

.data

MD5	`d9bf60f57772238c1576f5ba821ec1ba`
SHA1	`8c29f71b567ce6425b5bea71a93edefa9c0d538d`
SHA256	`f8f43eed20f1e4e7045ec5131773da77b34cd21ff969c95726b31301f7b4b3f9`
SHA3	`424645659b3c6af4dfba70763ce292df91323f89b5186e43567095616c47dbfc`
VirtualSize	`0x404`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.374318`

.rsrc

MD5	`a524a88db3d1ba313c0b6b7748f787d3`
SHA1	`d8e80be79cd7437e19f8da7f226d5c944d8a55c2`
SHA256	`6d85822976cdd9f63413e69daaf88626e6bcda120f49634d07bbb5eb5d4a9dbc`
SHA3	`0fe69e90ac22d8be7f41d819969d4a40bf06f724a7caae41ba009c0d0743d575`
VirtualSize	`0x1f28`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.59938`

Imports

KERNEL32.dll	`GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `QueryPerformanceCounter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `GetCurrentProcessId` `SetUnhandledExceptionFilter`
USER32.dll	`LoadAcceleratorsA` `LoadCursorA` `LoadIconA` `MessageBoxA` `PostQuitMessage` `RegisterClassExA` `SetTimer` `ShowWindow` `TranslateAcceleratorA` `TranslateMessage` `UpdateWindow` `LoadImageA` `BeginPaint` `GetMessageA` `EndPaint` `DispatchMessageA` `DefWindowProcA` `CreateWindowExA` `InvalidateRect`
GDI32.dll	`SelectObject` `BitBlt` `CreateCompatibleDC` `DeleteDC` `GetObjectA` `GetStockObject`
msvcrt.dll	`rand` `srand` `__setusermatherr` `malloc` `_exit` `exit` `__p__commode` `_c_exit` `_cexit` `memset` `_initterm`
winmm.dll	`PlaySoundA`
VCRUNTIME140.dll	`__current_exception` `_except_handler4_common` `__current_exception_context`
api-ms-win-crt-time-l1-1-0.dll	`_time32`
api-ms-win-crt-runtime-l1-1-0.dll	`_controlfp_s` `_crt_atexit` `terminate` `_register_onexit_function` `_initialize_onexit_table` `_initterm_e` `_register_thread_local_exe_atexit_callback` `_get_narrow_winmain_command_line` `_seh_filter_exe` `_set_app_type` `_configure_narrow_argv` `_initialize_narrow_environment`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88391`
Detected Filetype	PNG graphic file
MD5	`9b5bade1d21456b196a2541239e1b1cf`
SHA1	`451bfebc9bf6c45f4ca93fea672a3c888f39ea79`
SHA256	`6cd3222fd6a0876e934ef4cfe5d52d430b3cab370ba70c44d5012c288755fa1f`
SHA3	`b5bf86bb4310e1de3df1865a631f8e52eb70290f5a7394f6aa6bee48a068b39e`

MAINMENU

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69466`
MD5	`be7933293cde6b976df3b0f7c95c20f9`
SHA1	`473f8333e5724877c2634f8b8835526877a13edd`
SHA256	`79400f048dc34d0f79bf54c16320233a63e10b9708a1a367ddfdb997a46383b1`
SHA3	`f63b2e4554ec49718a155936c152b52ee9576c282cbc1f302131c944c3d18982`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.51664`
Detected Filetype	Icon file
MD5	`5a01818c9d78be22929138ddf6752cb0`
SHA1	`73a881febf2fb70ccd94bfb42e37c0ba17321978`
SHA256	`fe4a22b2fd02efed890548f29d3353c4cddffa9073d0503df1b6d61243133f94`
SHA3	`a0cd514d548154aff9dfbe2c17d6abeb99cd551f7b8d99fc36bb1564707177a9`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Dec-24 12:04:05
Version	`0.0`
SizeofData	`84`
AddressOfRawData	`0x56ac`
PointerToRawData	`0x42ac`
Referenced File	C:\CSU\ASM\battle city\tanks_VS2022\Release\asm_picture.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Dec-24 12:04:05
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x5700`
PointerToRawData	`0x4300`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-24 12:04:05
Version	`0.0`
SizeofData	`612`
AddressOfRawData	`0x5714`
PointerToRawData	`0x4314`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Dec-24 12:04:05
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x407040`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xb19d0d26`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (35207)	`2`
19 (8078)	`16`
Imports (33140)	`7`
Total imports	`66`
253 (35207)	`1`
ASM objects (35207)	`1`
C objects (35207)	`12`
C++ objects (35207)	`19`
ASM objects (35217)	`20`
Resource objects (35217)	`1`
151	`1`
Linker (35217)	`1`

Errors

Leave a comment

No comments yet.