Manalyze report for 799cd21d8fb8de2bd5ef94a2a2661cba19548020e35245aa763f0efe3c63ff88

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Apr-11 17:22:42
Detected languages	English - United States Malay - Malaysia
Debug artifacts	D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegQueryValueExA RegCloseKey RegSetValueExW RegQueryValueExW RegCreateKeyExA RegOpenKeyExA RegSetValueExA` `Possibly launches other programs: CreateProcessW` `Manipulates other processes: OpenProcess`
Suspicious	The PE is possibly a dropper.	`Resources amount for 75.3569% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-03-14 08:00:50)	`All the AVs think this file is safe.`

Hashes

MD5	`1f51ce2352f69d79fac78222c945c38e`
SHA1	`4ec8a859fd383f6aed4e4dbff6b536dd200c39df`
SHA256	`799cd21d8fb8de2bd5ef94a2a2661cba19548020e35245aa763f0efe3c63ff88`
SHA3	`c405a081c59ec3fa5cab31a6a4447d5eb51df180dd19dec8170c2d92c1e0c5af`
SSDeep	`6144:CLRjBveiFY/DslHKH0Osps2+1MPY3SWgmwiQRGwcbpYklTc/0wdv/:CLRFveiwDaQ4sf1GIpOGwcK//0wdv/`
Imports Hash	`903779526007e11b7ce5986ad4a6fbad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2017-Apr-11 17:22:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0xce00`
SizeOfInitializedData	`0xa9600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008D38 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xba000`
SizeOfHeaders	`0x400`
Checksum	`0x4a47c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9de63d6156e0bf5ea0aac1b5a9b50ce5`
SHA1	`3721aa3c5c39beb0bbe9c6650105a1ab165f424e`
SHA256	`509173070343b477b9d338de7607598656604061a86a9c014b8473a50503e02e`
SHA3	`e549787e4abbcf9a382e5675e6be80fc88628ec3937bad04de57535c44c1b9b6`
VirtualSize	`0xcdfb`
VirtualAddress	`0x1000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.05976`

.rdata

MD5	`61b5cdf26febdd0e33fab68291f9851a`
SHA1	`ebc74b3d5ad405824d70a3f44548167d78e28c5c`
SHA256	`b9c5704ea29e592711f37dd38d30656a7f3cf3389bdaaafd976aaee0067b0535`
SHA3	`969d1c49af6f1f95e989385e8ef0295542c886f893dd35cead94772153d09707`
VirtualSize	`0x8722`
VirtualAddress	`0xe000`
SizeOfRawData	`0x8800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66515`

.data

MD5	`05b377beee33887316576d0c02976743`
SHA1	`ed8d9fcb352a2b24cb898b42d6476a288380e964`
SHA256	`8499556bb7be4dc1b3a52541f01b984ffcc61dcd83c7060a8e7038561fc70a78`
SHA3	`eee653e5ca3f9c47b5210ece72d26db96d6eb6e967e43ababd117d5353d2f062`
VirtualSize	`0x15050`
VirtualAddress	`0x17000`
SizeOfRawData	`0x14a00`
PointerToRawData	`0x15a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.50562`

.pdata

MD5	`955f357c8402e2e44ba06778176f274d`
SHA1	`004e0416a6848776df4a981b48c5a0e9b642f9bc`
SHA256	`5e99ce7caf8d97cc40f6b0c91731d129af8781d007a18ca7d00a39db505bb858`
SHA3	`4ccc4e4b8da516a1b5eb6f08cf7e9966f3f9d227fba8be28b9930f19bad06886`
VirtualSize	`0xaa4`
VirtualAddress	`0x2d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x2a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47501`

.rsrc

MD5	`b89c9e3d68af451a2cfa4854e27d1fc7`
SHA1	`ba95c8d713be4fe80cb8dcef605dd8cc065b102d`
SHA256	`5918982a1fb883e15c43ff2ccebe47203b0e4d4f1d48ec4c80000fe8b4f4d3ba`
SHA3	`0f697bc8b3c2a7a6d161a9992b368a6d05d502eab585d49c8805faf1e0f2c2fc`
VirtualSize	`0x89b20`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x89c00`
PointerToRawData	`0x2b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12338`

.reloc

MD5	`b10e6241494265c6c56ad938d32e41ef`
SHA1	`dc924da81877fd5174eff08b4ded190dc043d4f1`
SHA256	`bc5676ee6548a77f89d787c5d8284e81d5234626c4dc212cc365728d2cfde6fe`
SHA3	`7a930ab5a6a2da376d7fed6a23c3289896616dde9b51fde7a7817d0ddfdc5866`
VirtualSize	`0x1ab0`
VirtualAddress	`0xb8000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0xb4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.20199`

Imports

KERNEL32.dll	`GetPrivateProfileIntW` `GetPrivateProfileStringW` `FindFirstFileW` `FindClose` `GetCommandLineW` `GetModuleFileNameW` `GetCurrentDirectoryW` `GetPrivateProfileSectionNamesW` `GetCurrentProcessId` `OpenProcess` `CreateThread` `CreateProcessW` `ResumeThread` `WaitForSingleObject` `GetExitCodeThread` `Sleep` `MultiByteToWideChar` `GetLastError` `DecodePointer` `EncodePointer` `GetStartupInfoW` `TerminateProcess` `UnhandledExceptionFilter` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `WideCharToMultiByte` `OpenFileMappingA` `CreateSemaphoreW` `SetEvent` `CreateEventA` `MapViewOfFile` `CreateFileMappingA` `CloseHandle` `GetCurrentProcess` `UnmapViewOfFile`
USER32.dll	`TranslateMessage` `SendMessageW` `PostQuitMessage` `DestroyWindow` `DispatchMessageW` `CreateDialogParamW` `IsDialogMessageW` `GetMessageW` `ShowWindow` `MoveWindow` `GetDesktopWindow` `GetWindowRect` `MessageBoxW`
ADVAPI32.dll	`RegQueryValueExA` `RegCloseKey` `RegSetValueExW` `RegQueryValueExW` `RegCreateKeyExA` `RegOpenKeyExA` `SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `RegSetValueExA`
SHELL32.dll	`CommandLineToArgvW`
MSVCP100.dll	`?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z`
PSAPI.DLL	`GetModuleFileNameExW`
WINTRUST.dll	`WinVerifyTrust`
MSVCR100.dll	`_wcsicmp` `memset` `memcmp` `_CxxThrowException` `memcpy` `__CxxFrameHandler3` `??3@YAXPEAX@Z` `memmove` `??0exception@std@@QEAA@AEBV01@@Z` `?what@exception@std@@UEBAPEBDXZ` `??1exception@std@@UEAA@XZ` `??0exception@std@@QEAA@AEBQEBD@Z` `??2@YAPEAX_K@Z` `_wputenv` `_vswprintf_c_l` `tolower` `_wtoi` `fopen_s` `fread` `fclose` `atoi` `sprintf_s` `memchr` `??_V@YAXPEAX@Z` `__C_specific_handler` `_unlock` `__dllonexit` `_lock` `_onexit` `_amsg_exit` `__getmainargs` `_XcptFilter` `_exit` `_ismbblead` `_cexit` `exit` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `__crt_debugger_hook` `?terminate@@YAXXZ` `?_type_info_dtor_internal_method@type_info@@QEAAXXZ`

Delayed Imports

8192

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.83275`
MD5	`b03918cbe7e4a29745787e92fc572ac4`
SHA1	`dddc50d1089ad089563b050eb641813959d506a0`
SHA256	`8ea2ea4b85f5dbf2c4ac432aeb8c99962109b03aa2a32470f19712da3da9d844`
SHA3	`e39338127891b5de006b67536caf7d57a5766a6e677fde51dd4fda4754dbf892`

8193

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.89592`
MD5	`554addacf0f0bf5a8cf27cac1ae941a9`
SHA1	`0f0d097abd575228a0e6c375c365006d2eab5a8c`
SHA256	`d8c39470215af6b08bc0c7a261b0469d0786768003f9c0049e85e6a0673320ad`
SHA3	`46386310529e32a378838c56f9e23ff86bf1928b4030066250a6e572928e84bf`

8194

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85019`
MD5	`b2c9cc6d1a1889aa40228c4b6a192a6b`
SHA1	`3db4533cb7d10d1cb79e042b8a44e50825c1c0a0`
SHA256	`3c7c67e647a79e475202c8e0209634364dfd36176c6d169bbee39fb956fd3623`
SHA3	`b3391fc20def7f42a0d26a2de7db0ef9eb8aad3e209af23f6051a50958c5fa48`

8195

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.64113`
MD5	`34e4d227143c870c8d51502ba81dc6b9`
SHA1	`303092627009c4c2b4ef9beffe799b5558181807`
SHA256	`68c56efbb05d61b96a832d65165e768f66ed471b250057eb8f2869004e91dadb`
SHA3	`278a9f0d1f07f0c06cf46c0c41aecd64f3a1d98a6704f31606c04bdaee54cbdb`

8196

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53917`
MD5	`88bb6631fc2ea36425d5a1f961bb6cfc`
SHA1	`15517920b7cd9abeace6d8b3d4dee0d54e9360a5`
SHA256	`10c0cdaa6cabc745eaaa1f8ba3de21d1cf1fd27116f67d2a22b404c4fac0fd2b`
SHA3	`ca64506c2f6add2736c5578f2a3ab4e9e13199a89372e69602bf632ac4dbb5b6`

8197

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35`
MD5	`0f85ca2012bde29fcf53289e1fce6429`
SHA1	`5b33525a098d37a53b62b25dbfffb494768583c9`
SHA256	`6e0386f22c6767ee8209cbb0fc1f38ad69b3209a9a6d8e7bd95d22097918134e`
SHA3	`6830b77d8f34a8993e406e0dd09091dda1a91e1c469fd681b91feaabcc80f311`

8198

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22166`
MD5	`3e54bc1f92161e78b863030bcfc851e1`
SHA1	`762e7abafbe023457fad8341174a65edc382adbb`
SHA256	`af1ace8afc2fff3a51aa55a3b09c9a13864e660df1b5ca08ad017af056c1c028`
SHA3	`7f4be715bb31985d5393eefe0f16cc790c7ae0758f66c32d5e96e7dfde694c96`

8199

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07145`
MD5	`17fd96e703a90c4c99466a08ae56c14a`
SHA1	`138c636f64298ade03022c3d826b193557c7b699`
SHA256	`548919e7c8eb4c1e8d80f01c8c7f1499c1464c4466788dbbc40b6fd57120f6b4`
SHA3	`afd889b997727c7571f2c97c7b3e31f5e1787d80a9e53392640af1c2478f6924`

8200

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97971`
MD5	`cb67b6fb3d317bbbb2c3ce282bfd282a`
SHA1	`a38d41c06ac466431256091d1d631953c9d4e259`
SHA256	`383229ba7121293efb49bdcdf7c55f793bf0dead8fb40b860ad4cd3e76c1e2b9`
SHA3	`af77a146175e5499db55d81a6755d964b2c2d7843350aa26394589143a7fc9f8`

129

Type	`RT_DIALOG`
Language	Malay - Malaysia
Codepage	Latin 1 / Western European
Size	`0x106`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17698`
MD5	`d264619bd6677aad38030c167fa9b8b6`
SHA1	`e4ba7ece527e2d38d08db87fc3ad0e7004a05115`
SHA256	`4d5e1892d08e3ca58b98fceb3f391f7baf3347fcce98605da5fbd3a9c4753639`
SHA3	`b80ead30649d508a6dd04b57fe7040b367d10fa271eccc693e80fc7d4637b120`

1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14071`
Detected Filetype	Icon file
MD5	`2567992cdb744df50867230f70cd285d`
SHA1	`5e14a73d8dbf3d05422a94d2703e528c640aeb3c`
SHA256	`9c79637cc6922bfbaa6877d83db38337df37a8add6b95ed790c08f1cb90567bd`
SHA3	`ab3e77e57cb9c70d9fd35ff18eaba4bd9e7347376fde35a194c62caed23c97ad`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Apr-11 17:22:42
Version	`0.0`
SizeofData	`97`
AddressOfRawData	`0x13958`
PointerToRawData	`0x12b58`
Referenced File	D:\Developments\Games\SmartSteamEmu\x64\Release\SmartSteamLoader_x64.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x1ed76732`
Unmarked objects	`0`
152 (20115)	`2`
ASM objects (VS2010 SP1 build 40219)	`3`
C objects (VS2010 SP1 build 40219)	`18`
Imports (VS2010 SP1 build 40219)	`4`
C++ objects (VS2010 SP1 build 40219)	`13`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`118`
175 (VS2010 SP1 build 40219)	`6`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.