Manalyze report for 44a72f391d48b0b004223f504d2eae04fe39f33d15e57ecf95ee9187655e1f77

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Mar-01 20:00:26
Detected languages	English - United States
Debug artifacts	D:\GitHub\TS helper tools\Release\The Sims 2 Launcher.pdb

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegGetValueA RegCreateKeyExA RegSetValueExA RegCloseKey`
Suspicious	VirusTotal score: 2/71 (Scanned on 2026-03-27 02:59:26)	`APEX: Malicious` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`71153fec894b90e7c1a2cae8f4fa9191`
SHA1	`768363aa6642a2405f78641737b7b441cafde6cf`
SHA256	`44a72f391d48b0b004223f504d2eae04fe39f33d15e57ecf95ee9187655e1f77`
SHA3	`e154b15dd6b1559751d56988d3b3f0b12ab65fa3e6fe3da424a2aa37ad7043cd`
SSDeep	`3072:CIdkK1mMFkLUW838EmKTcxm+WeFzbeiVfVuo8z:TkGXktnEUFHuoY`
Imports Hash	`ab82a3ae72ea8b16d3d8b3a9a8f04ce0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Mar-01 20:00:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x10600`
SizeOfInitializedData	`0xe400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005545 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x12000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x22000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f608e00112c81da67f3e12ed83de02dc`
SHA1	`4b3685ff3319509d33d02f945c3264904cfe4c09`
SHA256	`d6f189663895f474828a6a58eb6a09ab1580370f13ec82a5e1b27a6aee8fadd8`
SHA3	`3514c77a15b2d4893db7905ad530ab25ba6d5b3d201b97aba8c0a7a29d5e799b`
VirtualSize	`0x105f7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56875`

.rdata

MD5	`412d267779e7784e52d8f409ff93b2bd`
SHA1	`5c39a3ffe021475017d0912cf6bd49152e2998d1`
SHA256	`49a8e90f3ed96e37b207e008c8c330303e3f8aedc6a28c6f418831d959df7de8`
SHA3	`5aad3aba1c65ef2096e45fd4a5e2271864e28d5eb6d2ec5f4440eca940221384`
VirtualSize	`0x8594`
VirtualAddress	`0x12000`
SizeOfRawData	`0x8600`
PointerToRawData	`0x10a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.87996`

.data

MD5	`7270f539d465e526ebc35388ee649d71`
SHA1	`d71bad37ae463ae3c7eb298d94197dbcf658daef`
SHA256	`8d8d91b98c7a114758babd258bb6d6716a2a2b5d1580ec46e9c29c37472a9516`
SHA3	`12d8b02536aa8aad8f04012774af08a02f966036551bb53a238d013c6056e4bb`
VirtualSize	`0x18a4`
VirtualAddress	`0x1b000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.44356`

.rsrc

MD5	`01f6b3fcda00413e372b31a94c577dd7`
SHA1	`9343476ebf8d4a5b90d93cdfd5471449b1044558`
SHA256	`5e85a9987ab1ae1a65f748b190eb89821fd3f385fbe73b7907390325cde5ad26`
SHA3	`db14817ad2eb040e28dfbcc4479d4c7d4fe4b2d4366221c688385e4f23df8f0d`
VirtualSize	`0x2d60`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.3765`

.reloc

MD5	`30eba795810e0fe594f3c2af5adb9135`
SHA1	`9b7dbd9b6928aaf49b33861468f8ab703d7309d5`
SHA256	`85169b0e3ea032926a1d62db73237b6f50d1f911602b4983ab561ba15089db87`
SHA3	`182a4e471a0ee11365e64c0e01804e4e3abe773847b4f28a39f2ad22c8cf7da5`
VirtualSize	`0x14c0`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x1ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43206`

Imports

KERNEL32.dll	`WriteConsoleW` `CreateFileW` `HeapReAlloc` `HeapSize` `GetModuleHandleW` `GetConsoleOutputCP` `FlushFileBuffers` `GetStringTypeW` `SetStdHandle` `GetProcessHeap` `CloseHandle` `WaitForSingleObject` `GetModuleFileNameW` `GetConsoleMode` `GetModuleFileNameA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `WideCharToMultiByte` `MultiByteToWideChar` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `QueryPerformanceCounter` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `GetSystemTimeAsFileTime` `GetProcAddress` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `GetCurrentProcessId` `InitializeSListHead` `RtlUnwind` `RaiseException` `GetLastError` `SetLastError` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetStdHandle` `WriteFile` `HeapAlloc` `HeapFree` `LCMapStringW` `GetFileType` `SetFilePointerEx` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `DecodePointer`
USER32.dll	`EnableWindow` `GetWindowRect` `SetWindowPos` `SendMessageW` `EndDialog` `OffsetRect` `CopyRect` `LoadIconW` `SendMessageA` `GetDlgItem` `GetDesktopWindow` `DialogBoxParamW`
ADVAPI32.dll	`RegGetValueA` `RegCreateKeyExA` `RegSetValueExA` `RegCloseKey`
SHELL32.dll	`ShellExecuteExW`
ole32.dll	`CoInitializeEx`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.10098`
MD5	`6ae7b3e9fa25e775d88b92e6f1583e71`
SHA1	`1167adbaaaa644996b06956cc508db8305e85f96`
SHA256	`22093fb344b51cd826c5174247eee4c37b267cab29d607a13e1b28e2f2cc252c`
SHA3	`8f7fa00615cebd0e5e724387be1c2caf57e950c869a6a77be5e8a0c12eb55b4e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.10985`
MD5	`f6ee860de68ef102b6cdb7625e96d2a3`
SHA1	`6dfd14d5b1a60e1e90871e3952a56391786d23d0`
SHA256	`32e4aafee092b62c003bedd1f5ea42c4265892594b54bfba89b40594f0ce0e34`
SHA3	`64fdc2382c9ea65cf1a7f49805b8bfa313bc2dd391fece746cb25bba709dda9c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42423`
MD5	`430ec53a2b069e606c2caab3c4b2c817`
SHA1	`4c5e911fa74b0daa7dc495d6d9bb2b05105c49eb`
SHA256	`aa79a69ea302aa408653fcb04feae8a195961b071916582433e70a7dc90fefe3`
SHA3	`6fb06588c732c5824baee676f50b975233ebf0b1dd721a2678b23651245807f0`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38673`
MD5	`02d2fcb0d6611e213a21610eacb5782e`
SHA1	`699aae78cc0f4eae4a5e937a09756027b1e917a8`
SHA256	`101033798f393627baccb6f199b422a3a4f17897ea6a41a6aa64f34b28b4952d`
SHA3	`0912a00875903c1692d8ea504522f1aba5b384b3a041b50e2fb4757167a7f6e3`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.89316`
MD5	`9da9e6a42d195a253df86e3001804a55`
SHA1	`a102ebf74253020812e8d1d28877a3600a6cb8d7`
SHA256	`29b46b1ca7baf95857f5340eaeb7c679f951591ef4dd3678002feeeaedae2c9c`
SHA3	`467fcc8eddf3378a9538140835df73220096e7ddcb6715667901256416fd135b`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.00216`
MD5	`3263eb0b5dd8aa69d4f516a7de7c2397`
SHA1	`b069038f797362d9261373840df7b18d381a60d4`
SHA256	`5dcc0c6aab749104d1445a10f3e78f4ac160b4d9740aecf06170cde0779db4e3`
SHA3	`58ca3d8de5965fdde776fdc3e16f588f3fc80394391f136c90ce54eb36215b8c`

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13149`
MD5	`a382bed50277dd1d8b218f5b7b0823df`
SHA1	`6bc8c8f9e386f0a3d7c2cc70af59f793f156a81a`
SHA256	`d71b22407e9538fb58684c3007ef4869406c55d7f7bc5d041f2dc8e0fe1a518c`
SHA3	`928abaeee48ffe37642dca2ecff3914f7990077cba345a1d398a5ed63a7ff219`

102

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86669`
Detected Filetype	Icon file
MD5	`172fa8d15b72e28b37524dde17ca5f1a`
SHA1	`f0802242829ad5cf23a38178e7fe1ae903f489de`
SHA256	`10774da934323cf587f613f65626937843c1b879d7ce6539f113d2e8f6746fd5`
SHA3	`a3864189b88346971cc48cfc813b8e69102d1446a3f9e11f1991abf2c7867af0`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x280`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07176`
MD5	`0f3b71d0fa474d73aff7de9cdf842732`
SHA1	`7990f81c60b8ab722c5ad7367f69c85106be5ed5`
SHA256	`5055de34114f55b1bfafbbbda68ec60c4291109780b9c197557b7c222c9a4e09`
SHA3	`c819cff55bde393211a32de2e92c070f295200f1b580ba63c6d18be15e762375`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Mar-01 20:00:26
Version	`0.0`
SizeofData	`82`
AddressOfRawData	`0x18e00`
PointerToRawData	`0x17800`
Referenced File	D:\GitHub\TS helper tools\Release\The Sims 2 Launcher.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Mar-01 20:00:26
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x18e54`
PointerToRawData	`0x17854`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Mar-01 20:00:26
Version	`0.0`
SizeofData	`944`
AddressOfRawData	`0x18e68`
PointerToRawData	`0x17868`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Mar-01 20:00:26
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x419228`
EndAddressOfRawData	`0x419230`
AddressOfIndex	`0x41c05c`
AddressOfCallbacks	`0x4121c8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41b040`
SEHandlerTable	`0x418c2c`
SEHandlerCount	`19`

RICH Header

XOR Key	`0x5c072697`
Unmarked objects	`0`
ASM objects (30795)	`10`
C++ objects (30795)	`145`
C objects (30795)	`20`
C objects (33218)	`18`
ASM objects (33218)	`22`
C++ objects (33218)	`56`
Imports (30795)	`11`
Total imports	`138`
C++ objects (LTCG) (33521)	`1`
Resource objects (33521)	`1`
151	`1`
Linker (33521)	`1`

Errors

Leave a comment

No comments yet.