Manalyze report for 8417f3956c654133e5e7084f290f5b96e5cc5d819c942c1fc77d58c38a2cdb03

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-12 06:51:21
Detected languages	English - United States Japanese - Japan Process Default Language
Debug artifacts	C:\dev\dmc4\devil4\Devil4\buildout\MasterReleaseDX10Win32\out\Devil4_MasterReleaseDX10.pdb
CompanyName	CAPCOM CO., LTD.
FileDescription	DEVIL MAY CRY 4 Special Edition
FileVersion	`1, 0, 0, 0`
InternalName	DEVIL MAY CRY 4 Special Edition
LegalCopyright	(C)CAPCOM CO., LTD. 2008,2015 ALL RIGHTS RESERVED.
OriginalFilename	DevilMayCry4SpecialEdition.exe
ProductName	DEVIL MAY CRY 4 Special Edition
ProductVersion	`1, 0, 0, 0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Accesses the WMI: root\cimv2`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to DES`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: FindWindowW` `Can access the registry: RegisterHotKey RegCloseKey RegQueryValueExA RegOpenKeyExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Leverages the raw socket API to access the Internet: WSAStartup WSACleanup`
Malicious	The PE's digital signature is invalid.	`Signer: CAPCOM CO.` `Issuer: DigiCert SHA2 Assured ID Code Signing CA` `The file was modified after it was signed.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-03-01 15:52:42)	`All the AVs think this file is safe.`

Hashes

MD5	`4f40c23edad9b11abf428fc1fa97786f`
SHA1	`dc9744d7a870d5e09f09d234cbef55a5d2e25419`
SHA256	`8417f3956c654133e5e7084f290f5b96e5cc5d819c942c1fc77d58c38a2cdb03`
SHA3	`36407cdc7b7b2c2973ab18ef3d7de0e3b69e87c694154dcda2b290ce810f0a39`
SSDeep	`98304:F7sPVcbW/nFUOHD2405mlNLbKzQjt4FXhVyNEXPpQeNrX0jCtGwv:hOVXFUeSmlNLbKz62FXh1eeNrEjCtrv`
Imports Hash	`99540676056738dc5bb5afa80bf52b21`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x150`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2019-Mar-12 06:51:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0xb24e00`
SizeOfInitializedData	`0x440c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00A84338 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb26000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xf68000`
SizeOfHeaders	`0x400`
Checksum	`0xed46f3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e28c4a2b6661001807ae04a4d4898eb5`
SHA1	`851471de110eca4c140202d7ace8c7b3cc1dae4f`
SHA256	`b915b78254e0a9d54f4cceffdaeaf739ec102cc928c41f7f2339ae5a46c88f6e`
SHA3	`fcdf018250ecb993128501fde62cc1a121037709a7d52760e0082e375f49bb34`
VirtualSize	`0xb24dcb`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb24e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.17492`

.rdata

MD5	`f19712c0ed108c7d4c396b8738831201`
SHA1	`67027d01644ded60eb44166469c63463250c29fa`
SHA256	`22001bd78fa423992479baf9cd34a3377e9625375184bee907aebc94713a193b`
SHA3	`9f50b99681865872d61b1212e87e742faae03e1a2c10d818f94548e85f601170`
VirtualSize	`0x127a2c`
VirtualAddress	`0xb26000`
SizeOfRawData	`0x127c00`
PointerToRawData	`0xb25200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.12913`

.data

MD5	`6220720431ad489f0b9d436530da9184`
SHA1	`2e871615fce7bb08ac3d1533fd896045eb35a18a`
SHA256	`55aec073fcc1994d3482ea98e7b8a796daedaed6497a7c637dcef66a2cefac16`
SHA3	`3db3d2a2c00bdbf9eb990dc907ba80cac8aa44b7f641a1056034f8a88d297c7f`
VirtualSize	`0x2ce638`
VirtualAddress	`0xc4e000`
SizeOfRawData	`0x230400`
PointerToRawData	`0xc4ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.93342`

.rsrc

MD5	`5938ebad3e150a3686487325c6e2686d`
SHA1	`522c939ef937f7bbc7b099b0a7872d3c7bfd0bdd`
SHA256	`8b6c8c5be1a9622379ff67e36188674411270d52acbfb687241095889aa93d25`
SHA3	`b5e0f9736d0f25fec40cf23ae698a9d60f0d135ee8398a2c6316ab6ebc62a1bc`
VirtualSize	`0x4a638`
VirtualAddress	`0xf1d000`
SizeOfRawData	`0x4a800`
PointerToRawData	`0xe7d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10429`

Imports

KERNEL32.dll	`SystemTimeToFileTime` `CompareFileTime` `WriteFile` `ReadFile` `CreateDirectoryA` `QueryPerformanceFrequency` `SetThreadExecutionState` `GetDateFormatA` `SetEnvironmentVariableA` `CreateFileW` `WriteConsoleW` `GetStringTypeW` `CloseHandle` `CompareStringW` `OutputDebugStringW` `GetConsoleCP` `FlushFileBuffers` `SetStdHandle` `MoveFileExW` `GetFileSize` `VirtualQuery` `LoadLibraryExW` `GetTimeZoneInformation` `GetModuleHandleW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `QueryPerformanceCounter` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `SetLastError` `GetModuleFileNameW` `HeapSize` `GetDiskFreeSpaceExA` `LCMapStringW` `GetLocalTime` `GetStartupInfoW` `InitializeCriticalSectionAndSpinCount` `CreateFileA` `lstrcpyA` `lstrlenA` `GetCurrentDirectoryA` `SetCurrentDirectoryA` `GetFileAttributesA` `ExpandEnvironmentStringsA` `DeleteCriticalSection` `InitializeCriticalSection` `GetFileType` `GetUserDefaultLangID` `ReadConsoleW` `GetConsoleMode` `SetFilePointerEx` `HeapReAlloc` `RtlUnwind` `AreFileApisANSI` `GetModuleHandleExW` `GetSystemTimeAsFileTime` `DecodePointer` `EncodePointer` `IsProcessorFeaturePresent` `GetProcessHeap` `HeapAlloc` `HeapFree` `GlobalFree` `GetModuleHandleA` `InterlockedDecrement` `InterlockedIncrement` `EnterCriticalSection` `DeleteFileW` `LeaveCriticalSection` `VirtualAlloc` `VirtualFree` `Sleep` `DeleteFileA` `FileTimeToLocalFileTime` `FindClose` `FindFirstFileA` `FindNextFileA` `GetDiskFreeSpaceA` `ReadFileEx` `RemoveDirectoryA` `SetEndOfFile` `SetFilePointer` `GetLastError` `SleepEx` `GetModuleFileNameA` `CopyFileA` `MoveFileA` `FileTimeToSystemTime` `InterlockedExchangeAdd` `InterlockedCompareExchange` `GetCurrentThreadId` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `TryEnterCriticalSection` `SetEvent` `ResetEvent` `WaitForSingleObject` `CreateEventA` `CreateThread` `ResumeThread` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `WideCharToMultiByte` `DebugBreak` `ReleaseSemaphore` `GetCurrentProcessId` `GetExitCodeThread` `SetThreadIdealProcessor` `WaitForMultipleObjects` `CreateSemaphoreA` `GetCommandLineA` `IsDebuggerPresent` `ReleaseMutex` `CreateMutexA` `RaiseException` `ExitProcess` `SetThreadPriority` `GetSystemInfo` `VerSetConditionMask` `VerifyVersionInfoA` `InterlockedExchange` `LoadLibraryW` `MultiByteToWideChar` `GetStdHandle` `GetCurrentProcess` `TerminateProcess` `CreateProcessA`
USER32.dll	`MessageBoxW` `GetSystemMetrics` `GetPropA` `DefWindowProcA` `ScreenToClient` `ClientToScreen` `GetCursorPos` `GetAsyncKeyState` `UnregisterHotKey` `RegisterHotKey` `SendMessageA` `SystemParametersInfoA` `LoadIconW` `LoadIconA` `LoadCursorA` `FindWindowW` `ClipCursor` `SetCursor` `ShowCursor` `MessageBoxA` `RemovePropA` `SetPropA` `EndPaint` `BeginPaint` `UpdateWindow` `DeleteMenu` `EnableMenuItem` `GetSystemMenu` `LoadAcceleratorsA` `IsIconic` `GetWindowThreadProcessId` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `ShowWindow` `SetWindowPos` `SetForegroundWindow` `GetClientRect` `GetWindowRect` `AdjustWindowRect` `SetWindowLongA` `TranslateMessage` `DispatchMessageW` `PeekMessageA` `SendMessageW` `DefWindowProcW` `PostQuitMessage` `RegisterClassExA` `RegisterClassExW` `CreateWindowExA` `CreateWindowExW` `DestroyWindow`
SHELL32.dll	`SHGetFolderPathA` `ShellExecuteA` `DragAcceptFiles`
PSAPI.DLL	`GetModuleFileNameExA`
IMM32.dll	`ImmGetCompositionStringA` `ImmReleaseContext` `ImmGetDefaultIMEWnd` `ImmGetContext`
d3d10.dll	`D3D10CreateDeviceAndSwapChain` `D3D10DisassembleShader` `D3D10ReflectShader`
DINPUT8.dll	`DirectInput8Create`
XINPUT1_3.dll	`#2` `#5` `#3` `#4`
steam_api.dll	`SteamAPI_IsSteamRunning` `SteamAPI_RegisterCallback` `SteamAPI_GetHSteamPipe` `SteamAPI_GetHSteamUser` `SteamInternal_CreateInterface` `SteamInternal_ContextInit` `SteamAPI_RegisterCallResult` `SteamAPI_UnregisterCallback` `SteamAPI_UnregisterCallResult` `SteamAPI_Init` `SteamAPI_Shutdown` `SteamAPI_RestartAppIfNecessary` `SteamAPI_RunCallbacks`
WS2_32.dll	`WSAStartup` `WSACleanup`
IPHLPAPI.DLL	`GetIfEntry` `GetAdaptersAddresses`
MSVFW32.dll	`ICCompressorFree` `ICCompressorChoose`
AVIFIL32.dll	`AVIStreamRelease` `AVIStreamSetFormat` `AVIFileOpenA` `AVIFileRelease` `AVIFileExit` `AVIFileInit` `AVIStreamWrite` `AVIMakeCompressedStream` `AVIFileCreateStreamA`
WINMM.dll	`timeGetTime` `timeEndPeriod` `timeBeginPeriod`
WMVCore.DLL	`WMCreateSyncReader` `WMCreateWriter` `WMCreateProfileManager`
gdiplus.dll	`GdipCloneImage` `GdipLoadImageFromFile` `GdipDisposeImage` `GdiplusStartup` `GdipFree` `GdipSaveImageToFile` `GdipGetImageEncodersSize` `GdipGetImageEncoders` `GdiplusShutdown` `GdipAlloc`
GDI32.dll	`GetStockObject`
ADVAPI32.dll	`RegCloseKey` `RegQueryValueExA` `RegOpenKeyExA`
ole32.dll	`CoSetProxyBlanket` `CoTaskMemAlloc` `CoTaskMemFree` `CoCreateInstance` `CoInitialize` `CoUninitialize`
OLEAUT32.dll	`SysAllocString` `SysFreeString`

Delayed Imports

1

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06893`
MD5	`bae6e2e2b6329a702229cd5eb36098ca`
SHA1	`5922c7ab6a88bfeb0c83688d86e634b011726f0d`
SHA256	`d45ae34e5d3ee81d94f7c387be7aa0153386c75aae0a9a1d4372e85f1d91487c`
SHA3	`e0b80db354ba9f92bf41e85621a05d600e7d486e93fa0647806c8cf25a7f417d`

2

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35958`
MD5	`0f6155a0e823e209359ae58477b0fb62`
SHA1	`2f78282c583575da52e6b4ee32ab15ec39069e84`
SHA256	`d836d2379d957f8d88fd17eac6d050c849ff451b3db41c3de9505feb8dad0d0c`
SHA3	`79d39d710b5dbedec54262f7957139e0fc92e49de61c15308d97c96cbdaac611`

3

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03751`
MD5	`6c65a777bf1ef28041d330e43bdc8d80`
SHA1	`53c44ee9aa6d70992a7ffab66346b40aadad1ed6`
SHA256	`92fe5236642f33f1af76df677d249881ea8b0e1f44fb494c57d4bdb4b1f20119`
SHA3	`d9ac82022e620fdb182eea6a87016aa14fb4a9534fedd2578946cb49d056c207`

4

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.5355`
MD5	`36f27eb815e822f5d6880a7965718e1c`
SHA1	`cc9b55e08f11d03d8e9928f241ca089c3864a0d5`
SHA256	`20c64f061cc086c90351350559697a339e55e0287ed0312a29b4a1f0750a5bf0`
SHA3	`3dea57be50fdb5317597368886c8942c6675c6afcebf1d4250ffb60415ece33a`

5

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41995`
MD5	`94dc1a995756125db47a0b45df2d8a0e`
SHA1	`a663d1b5bc0176790aa606fd1b05f88738dee0fb`
SHA256	`7994a8378ec898e2285f622bc1d52d81d8149dbf7e751e8dcf6bd6ea5e8f9bfa`
SHA3	`fe53524b80b41f629c00bf46582e1bf95aedbb61ee52767db68d3e62fee16f18`

DEVIL_MAY_CRY_4_SPECIAL_EDITION

Type	`RT_GROUP_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61584`
Detected Filetype	Icon file
MD5	`aa063b6fc0b88856ce2248d16e9b2be2`
SHA1	`d8de7498eff126554f57b7cd6c5a80236583d7f1`
SHA256	`650c7fe8b3b3def63197a34584f631a2f2649b8061d2b68786eece54b2ef53f1`
SHA3	`dbb38f2fe9b88f46c99ecd0a567d6551b352c72a1d31b07ab8d59b0ec62ecf34`

1 (#2)

Type	`RT_VERSION`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x3b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45179`
MD5	`57511b4fd2914845b9a6e5bdc2139411`
SHA1	`9250ee239d11fa53608a47f3c5ceec22b8f9ecae`
SHA256	`5b26d3d93932513469f76931f4160b2a2a2de7f8d6cd7e832462ad992d5183d2`
SHA3	`75b13ee134590089c7c725d8f96212594a10578efaf206bdc8ee8d4faa581055`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2fd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17341`
MD5	`b2bfd8d466d953c5de7012df1e4c9623`
SHA1	`cb96ca695d331667aea7df1e8b28b1b46a6d14ec`
SHA256	`9e4af56a46e92af801f8f6cdf28bb6f9e68ea8304775714d48807df203124a48`
SHA3	`67543a7d2fa1e37f9d57fa953070f1453987e41f0296dbf738c1c21ee0cacded`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Process Default Language
CompanyName	CAPCOM CO., LTD.
FileDescription	DEVIL MAY CRY 4 Special Edition
FileVersion (#2)	1, 0, 0, 0
InternalName	DEVIL MAY CRY 4 Special Edition
LegalCopyright	(C)CAPCOM CO., LTD. 2008,2015 ALL RIGHTS RESERVED.
OriginalFilename	DevilMayCry4SpecialEdition.exe
ProductName	DEVIL MAY CRY 4 Special Edition
ProductVersion (#2)	1, 0, 0, 0

Resource LangID	Japanese - Japan

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Mar-12 06:51:21
Version	`0.0`
SizeofData	`115`
AddressOfRawData	`0xc4b660`
PointerToRawData	`0xc4a860`
Referenced File	C:\dev\dmc4\devil4\Devil4\buildout\MasterReleaseDX10Win32\out\Devil4_MasterReleaseDX10.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Mar-12 06:51:21
Version	`0.0`
SizeofData	`16`
AddressOfRawData	`0xc4b6d4`
PointerToRawData	`0xc4a8d4`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1065ef8`
SEHandlerTable	`0x104b9e0`
SEHandlerCount	`4`

RICH Header

XOR Key	`0x50aa62c2`
Unmarked objects	`0`
199 (41118)	`3`
ASM objects (50929)	`55`
C objects (50929)	`196`
191 (30716)	`1`
221 (VS2013 UPD5 build 40629)	`2`
C objects (VS2008 build 21022)	`21`
Imports (VS2010 build 30319)	`2`
C++ objects (VS2010 build 30319)	`3`
Imports (VS2008 SP1 build 30729)	`2`
C objects (VS2008 SP1 build 30729)	`3`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C++ objects (50929)	`61`
C objects (61219)	`6`
C++ objects (61219)	`385`
188 (30716)	`3`
190 (30716)	`2`
Total imports	`347`
185 (30716)	`37`
211 (61219)	`999`
Resource objects (VS2012 UPD4 build 61030)	`1`
151	`1`
Linker (VS2012 UPD4 build 61030)	`1`

Errors

Leave a comment

No comments yet.