Manalyze report for adb748032c7f17671cc2ac363ee088fb

Summary

Architecture	`UNKNOWN`
Subsystem	`IMAGE_SUBSYSTEM_XBOX`
Compilation Date	2007-Aug-24 10:38:17
Debug artifacts	k:\USA360\Objects\SVR08Xenon_DVD_MASTER\main.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: au.demonware.net demonware.net eu.demonware.net http://www.webtech.co.jp http://www.webtech.co.jp/ jp.demonware.net stun.au.demonware.net stun.eu.demonware.net stun.jp.demonware.net stun.us.demonware.net us.demonware.net webtech.co.jp www.webtech.co.jp`
Suspicious	The PE is possibly packed.	`Unusual section name found: BINKBSS` `Unusual section name found: .embsec_` `Unusual section name found: .embsec_` `Unusual section name found: .embsec_` `Unusual section name found: .embsec_` `Unusual section name found: .embsec_` `Unusual section name found: .embsec_` `Unusual section name found: .embsec_` `Unusual section name found: .embsec_` `Unusual section name found: BINK` `Unusual section name found: .XBMOVIE` `Unusual section name found: BINKDATA` `Unusual section name found: .XBLD` `The PE only has 0 import(s).`
Suspicious	The file contains overlay data.	`6178304 bytes of data starting at offset 0x94ba00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`adb748032c7f17671cc2ac363ee088fb`
SHA1	`e0d48c36e90f7f7ad5d091f41fce37ae0b0e8e13`
SHA256	`00a5d67a6ebed9c3f806f8854b0ab37700b7baa9f5ec8cb29764c81fca0657a8`
SHA3	`d3c937167c1c12d8967c4e7901cdc79fc91aee682626aabfded82a3284bf50dc`
SSDeep	`196608:uipg18HaEH7u6Zu1+XYlLJfic94zoNUBp4SdQypA/lyL:uh1Uu6Zu1cYlLgc94zoNUj4SBL`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`UNKNOWN`
NumberofSections	`19`
TimeDateStamp	2007-Aug-24 10:38:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x79b000`
SizeOfInitializedData	`0x7ba000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00230048 (Section: .text)`
BaseOfCode	`0x600`
BaseOfData	`0x600`
ImageBase	`0x82000000`
SectionAlignment	`0x10000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`1.0`
Win32VersionValue	`0`
SizeOfImage	`0x105a600`
SizeOfHeaders	`0x600`
Checksum	`0x9518b8`
Subsystem	`IMAGE_SUBSYSTEM_XBOX`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x180000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.rdata

MD5	`10111bc874d5b046f5abf901fd335032`
SHA1	`60a8828236a2031c784972883b9d21e678fa4dda`
SHA256	`b73213d4a5dc14f75c12523124ad873efe6c69f76f613dc95f3e086210242d66`
SHA3	`ae68d0f188201d59f5c8cf6031712f85071990804835e0e3f72088d7c18de6cf`
VirtualSize	`0xd52a4`
VirtualAddress	`0x600`
SizeOfRawData	`0xd5400`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.04299`

.pdata

MD5	`879120f5be79acbb49ce35d81a636158`
SHA1	`002881bcf974daedfd7aed8bbf0555cb2dbecf56`
SHA256	`f6eae2b6826aac983b9a79d1194bdedf7be756e33254b5b888b5a95c9e27c8d5`
SHA3	`ed54facb1fd3f4b3468454c241df0c76996c13982041283de936cf51b88904a0`
VirtualSize	`0x29090`
VirtualAddress	`0xd5a00`
SizeOfRawData	`0x29200`
PointerToRawData	`0xd5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.9337`

BINKBSS

MD5	`f5ac4b4789eb3addf337302f098e7b50`
SHA1	`99067fac7a0718ce17a70847f89becda48912c79`
SHA256	`96d81c1ac88688743f406c7897e64eeb4bd11ae487585a9b52db775dc6102e38`
SHA3	`f192d0db4ef0e1ab03839040811a9be6a540d7c485a9b7fee67cadd78edcb3ca`
VirtualSize	`0x28f8`
VirtualAddress	`0xfec00`
SizeOfRawData	`0x2a00`
PointerToRawData	`0xfec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.35744`

.text

MD5	`5febcf37316d0bd94a4b678802188d8c`
SHA1	`8ec55762fc1b25808bc6eb844d78174d9ad1316d`
SHA256	`5d2717f9254f29bd615f92b00585588b71d78f26af574fc9afeb2e6f9e2829d6`
SHA3	`242e7cafde69db956ba1b7becc60c2c18e06dd97dc348b88f08f1651a4c7d711`
VirtualSize	`0x737604`
VirtualAddress	`0x110000`
SizeOfRawData	`0x737800`
PointerToRawData	`0x101600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49332`

.embsec_

MD5	`c504e706775db640a31f6d14051bb285`
SHA1	`06353c8a49e1bfc7cf70e422d220ccccfa750382`
SHA256	`709487d6560f4c57546a0589ddaada0f25484dbff2e06b82518a98fa6659ba60`
SHA3	`7c0c0f5db6bd8276cd000a1b555b21a6d8db50303e81ad7b8cccae04d3f49e66`
VirtualSize	`0x16990`
VirtualAddress	`0x847800`
SizeOfRawData	`0x16a00`
PointerToRawData	`0x838e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61819`

.embsec_ (#2)

MD5	`997740707754ecf9a079d5b1c25a120b`
SHA1	`1fe6c6fb0ec517a27e73b495b5723b0cb07aa797`
SHA256	`4fb1e1c5206fb7ef54262417b236b7d251502f8cfe1a61272e906bde23756c11`
SHA3	`ca274adc97e9f058cc3a17f894deaea0b203f5551f1139de59cd50e0a8f1ba0a`
VirtualSize	`0x17f54`
VirtualAddress	`0x85e200`
SizeOfRawData	`0x18000`
PointerToRawData	`0x84f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61365`

.embsec_ (#3)

MD5	`52f6a60cc8187d989dba896d9ceafd4c`
SHA1	`57d2526dad2a1b817155c197fd203dd2800a7fd9`
SHA256	`39bbe118211eb2069f475e4ea195a1dba1b715a0baab5b5ef454089c58986dc5`
SHA3	`fa1963e193b8ae7b4c4f94226ba5ab0879a803d36ca9a7f295a8f5e7296a3327`
VirtualSize	`0x6ecc`
VirtualAddress	`0x876200`
SizeOfRawData	`0x7000`
PointerToRawData	`0x867800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47675`

.embsec_ (#4)

MD5	`9340f273fe866c5342d2c11075ee768b`
SHA1	`72a2debe488fa3b4025e6d78083d63eca34e9a06`
SHA256	`03e9dfd55aedc0021806bc1d2ed1caefcc1c645ffc64cd61b93a010132deb64d`
SHA3	`030483e781e04baec23789c0fe832f165777e4a2905dd0cd294aad5c61aa76e1`
VirtualSize	`0x1ed8`
VirtualAddress	`0x87d200`
SizeOfRawData	`0x2000`
PointerToRawData	`0x86e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.19411`

.embsec_ (#5)

MD5	`e6d7c4236ef5ab6cd91e30b552cddb6a`
SHA1	`acbf320ef4af4a9c18b20ce89d3c2d2d10fb582a`
SHA256	`57ab20d84f44595eb52d175b1bf606aaa829a29a8755d4aa912c1082ed8abd28`
SHA3	`6e2abfd03e2840dbdc0ac2f9f7a22f3caf077dd805b394c2d0c707af8ab75551`
VirtualSize	`0x16e60`
VirtualAddress	`0x87f200`
SizeOfRawData	`0x17000`
PointerToRawData	`0x870800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.68991`

.embsec_ (#6)

MD5	`cb6ea397ee7b3f6a42e1331111231656`
SHA1	`d325d31e5b9876f44856c1dfb618298b841c60a1`
SHA256	`48cc0448be611bac24b7e87ab99791d31b39792bb503a884f916c2ab2f6794f4`
SHA3	`59c0632c003c7055171564809e3d19d9b7970c89e7473facff5f026f2066aae6`
VirtualSize	`0x1300`
VirtualAddress	`0x896200`
SizeOfRawData	`0x1400`
PointerToRawData	`0x887800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.34827`

.embsec_ (#7)

MD5	`187c457edee4c196c59b6482f0b543fc`
SHA1	`800d13aea339346a315549a3a602bea08de9772b`
SHA256	`ff086709a7e1f5959cb656726072293c8f29d5af68401b1ac1e6504cdaad7099`
SHA3	`5793a454445d0a6b066a792081615cc8edd25e789448d444f993cca4a8660d3c`
VirtualSize	`0x2d4`
VirtualAddress	`0x897600`
SizeOfRawData	`0x400`
PointerToRawData	`0x888c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20806`

.embsec_ (#8)

MD5	`e12c981379037732daeff4a74c6a0d8a`
SHA1	`c180b617330a954c926c6c837fb8f20b6125ab1e`
SHA256	`17541b2a8dd1cebdc2690722bb808c52142d2c5e01d3549cd917af2124947c72`
SHA3	`7a5aff50660bdb7060b45f75d71a4d0bc7120550b84e59602986656661ef6a93`
VirtualSize	`0x2d50`
VirtualAddress	`0x897a00`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x889000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42379`

BINK

MD5	`0d6b3fdd667aa54dbb6c7621d5448510`
SHA1	`e672d8e9a1c54de8c8b3e2cb9af43a2da3d093ef`
SHA256	`c05e4e100251f018ac13398430694c98b6bbd67936247a90a0446c3bebac8375`
SHA3	`a7d0b74e1bf98b6a6a95a0a2609288c78ff926b87ae439f601641edc36003374`
VirtualSize	`0x1060c`
VirtualAddress	`0x89a800`
SizeOfRawData	`0x10800`
PointerToRawData	`0x88be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63218`

.data

MD5	`8d2571a1a7518b6db0c786184347ad05`
SHA1	`16545ac989990f1b8869f6bbc3a06c13aba41d25`
SHA256	`fa6f95fed9e30cebd072782c7aff8efcff84cb3c574e32d02c59f6c362cfbc24`
SHA3	`53918541533ec0cfb263927808c7dfbf13d0fc2db88282b6eaa2b659d50afdcc`
VirtualSize	`0x641798`
VirtualAddress	`0x8b0000`
SizeOfRawData	`0x37c00`
PointerToRawData	`0x89c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.76541`

.XBMOVIE

MD5	`1cbe774b8afb03ded3633d5c87fc760c`
SHA1	`92f3207ddadfc847744e13589f84e9e01ee1fd3d`
SHA256	`2175b9cc45491a31715098191ddce50c7b5e3455d5dc2dc15c9319b33264bbbf`
SHA3	`6c0ac2577317e7edd66a848a234653fa8f2a560ed1729bf3e60d848a8669b043`
VirtualSize	`0xc`
VirtualAddress	`0xef1800`
SizeOfRawData	`0x200`
PointerToRawData	`0x8d4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.24247`

BINKDATA

MD5	`ac0777e09ff83dd3540c7bfee1137135`
SHA1	`d7e959587786770966a550094854554c4b8b97ed`
SHA256	`28f8471d7939462291e0c55c507a9fc4e16a9745d41ecf7aea555dd60ce58ec9`
SHA3	`268bf1094e6c97cd199bff83cb1c3e57e78f123dd04ed5d70db74e29c3539cd5`
VirtualSize	`0x3d88`
VirtualAddress	`0xef1a00`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x8d4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.502`

.idata

MD5	`624928b95742c3f308f8472660f51f8f`
SHA1	`be011d7c177bba5634478b16036e091dfc4a2272`
SHA256	`719c617a81d94c2ee95a224d7ee924ed3affb64b88ef991a3eaf4109fee5a5e6`
SHA3	`42082c9bd60d6e58f89f47a7faf3946cc6badb7e77dcf95e8132d1cf7d5c649b`
VirtualSize	`0x476`
VirtualAddress	`0xf00000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8d8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.43094`

.XBLD

MD5	`af4da2d555964e5d9ee621e968b8e940`
SHA1	`86bf47a937927e4980b7c37e5b2b20ccf2458df0`
SHA256	`02a43879ec465f536a61a413a685b6462832c34316abfb464358bcfb0853c233`
SHA3	`86151f6b74bc910a457be788420200aeb7bf250d2eb471a6f1f3c10af528ecd4`
VirtualSize	`0xc0`
VirtualAddress	`0xf10000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8d8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.60171`

.reloc

MD5	`910024e012104df60babf62ee8e99ff8`
SHA1	`8cf5deb49cbbef0805fe8529ce91b4a320213da8`
SHA256	`105550efbb0919f295b252e04d88ab9acc4bcb0e5b63736ddb62b74d2ab7ae62`
SHA3	`74ef2d78c6f83a94f3e612ec57d7634d69f44c7498d011c8fd1860daa3d7f7f1`
VirtualSize	`0x72fc8`
VirtualAddress	`0xf10200`
SizeOfRawData	`0x73000`
PointerToRawData	`0x8d8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.926918`

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2007-Aug-24 10:38:17
Version	`0.0`
SizeofData	`73`
AddressOfRawData	`0xd5168`
PointerToRawData	`0xd5168`
Referenced File	k:\USA360\Objects\SVR08Xenon_DVD_MASTER\main.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8650cfac`
Unmarked objects	`0`
C objects (4609)	`30`
C++ objects (4609)	`126`
Imports (2909)	`2`
C objects (2909)	`1`
ASM objects (5603)	`26`
Total imports	`355`
Imports (5603)	`3`
C objects (5603)	`500`
C++ objects (5603)	`1754`
Linker (5603)	`1`

Errors

[!] Error: Could not read an import's name.
[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Yara callback received an unhandled message (6).