Manalyze report for b4e2605bda1dc6a510b81e2161033ccfd0b70cfc1b23c9a0918dbb69bbb7b671

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1997-Sep-17 08:26:05
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Age of Empires
FileVersion	`00.08.68.0917`
InternalName	EMPIRES
LegalCopyright	Copyright Â© Microsoft Corp. 1997
OriginalFilename	EMPIRES.EXE
ProductName	Age of Empires
ProductVersion	`1.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: THIS_COD` `Unusual section name found: THIS_DAT` `Unusual section name found: Inf32Dat`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): FindWindowA GetWindowLongA` `Can access the registry: RegCreateKeyExA RegCloseKey RegSetValueExA RegQueryValueExA` `Possibly launches other programs: WinExec` `Can create temporary files: GetTempPathA CreateFileA` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState` `Enumerates local disk drives: GetDriveTypeA GetVolumeInformationA` `Manipulates other processes: OpenProcess` `Can take screenshots: FindWindowA GetDC` `Reads the contents of the clipboard: GetClipboardData`
Safe	VirusTotal score: 0/71 (Scanned on 2026-01-14 09:25:32)	`All the AVs think this file is safe.`

Hashes

MD5	`2cc6f63633e1cbd754723c0716808465`
SHA1	`50f402e73fab1c6c26d15cfcf47522a4e726c308`
SHA256	`b4e2605bda1dc6a510b81e2161033ccfd0b70cfc1b23c9a0918dbb69bbb7b671`
SHA3	`e8a3f418629b6da26337b2fe92e079796232ebc0741e730153f48376ece6bcda`
SSDeep	`24576:hm/oAUyeHqRjQ1Z9Da6x+Gnmr3F44IPYEygxrQonRy5L97mBpnLnbrX9DxhnT0n:tMK1ZxDxIjIgtguHz7i`
Imports Hash	`f060043a29910d8b427ee409310ded76`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	1997-Sep-17 08:26:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`4.0`
SizeOfCode	`0x148800`
SizeOfInitializedData	`0x1d6a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00135670 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x14a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x324000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f50f08d7e8a523c9e3a1178acb718cc7`
SHA1	`9b912c7eccae1f387b7bcfd95cd92a6453886887`
SHA256	`38accc61673a1993b46ddb6920bdbb0faad46eaaa7249bea8bedf94d2dd203f0`
SHA3	`289e74b64f3a43a120b4bd2f966fcc8c5b563a36e0e3f30b51e222ddd107d9ba`
VirtualSize	`0x13db8b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13dc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44658`

THIS_COD

MD5	`d14644246356d19b9706cea402f3992d`
SHA1	`cdeec81f1ff0e53950962d3bcaf3005538795abc`
SHA256	`2d31581988b18fa8a99ebb134363af09d31a2a58664ed420a68c7736ba81119e`
SHA3	`509a0568e536f8245ac59ecc78282ee8d0a54f71fe4e48171e35a668084e31fb`
VirtualSize	`0xabe1`
VirtualAddress	`0x13f000`
SizeOfRawData	`0xac00`
PointerToRawData	`0x13e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.98265`

.rdata

MD5	`9e9f4adf9dcaa1e6265d742e9ae2ce41`
SHA1	`2db7ed43e455cae5cd50fc4010c660e668d27078`
SHA256	`420b1bcf7cb450fa73e6a828565cf30a8006f13a3679755c843587ba89465b01`
SHA3	`ac642f7e67b5ad414e0bc22f2c46f5a05d79cae50d359623801e384cbf8e3c24`
VirtualSize	`0x11040`
VirtualAddress	`0x14a000`
SizeOfRawData	`0x11200`
PointerToRawData	`0x148c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62811`

.data

MD5	`29f65813b181f3b796a21bf9f74d8f31`
SHA1	`d18c3e268fc4fa9072f3530748dd8052c579e66b`
SHA256	`647bcb84a9507f7fa4e992af6c8eb376eabe7188f67df47fd9b7764a7f0bbf7a`
SHA3	`a638b7f807bd6c57758f75701b596aafbc54eb605de4d2b1afa409dc8b2d1ce2`
VirtualSize	`0x1a5270`
VirtualAddress	`0x15c000`
SizeOfRawData	`0xde00`
PointerToRawData	`0x159e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.86988`

.idata

MD5	`de419f29065a05b36c8af14805d03d98`
SHA1	`3300bb96177cad8c165f663709c553244dd2f639`
SHA256	`65a06139d12c164d584e6bf5479f51b1d6d470d61d261ec4ba9a8370ae06d897`
SHA3	`809143d29a886fb396bc5ba5234b3d5b2f43e3cb477260498a35d3b2e0e88fb4`
VirtualSize	`0x1a2e`
VirtualAddress	`0x302000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x167c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.28148`

THIS_DAT

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x90`
VirtualAddress	`0x304000`
SizeOfRawData	`0x200`
PointerToRawData	`0x169800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

Inf32Dat

MD5	`78f9a804146e0122f871bc8fda17b5d3`
SHA1	`e17cc71850c38881840d41a23eafe43d208d27e8`
SHA256	`6c78cd987afa58377801fbe4750f19410991d150ed7b75b0686dfe3d87d97a8d`
SHA3	`c51355470c46298c5d79004b232b757ff45fb8cfe2e221936a9f986fb5f3d309`
VirtualSize	`0xad90`
VirtualAddress	`0x305000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x169a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`b33596e18014856c7745de6abfd58b75`
SHA1	`0cd2f8a1037761eadf9f0ecfd5addccd66d52e40`
SHA256	`76de674401d4e5af24e827e5f5c60bcb7e35a75447da75943be5f72c5e40592c`
SHA3	`32a613ee6ba1fe965cdcd2744376cab56e1a289526b8e7084571a7e77f807b64`
VirtualSize	`0xb14`
VirtualAddress	`0x310000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x174800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.40243`

.reloc

MD5	`bd9cc5d30bee36935b88a81f475e7ac1`
SHA1	`b4ad573c62e25ec15e311b810e54aec71a6dfb71`
SHA256	`1d6fae864c375d0cc0a273ff6bd2fe891395565417de46c0ed3d895e337732d6`
SHA3	`a4138364a20d62a10738a851130eb01fff4bbea6ee05e83ccbe8095ef59d18d5`
VirtualSize	`0x12b60`
VirtualAddress	`0x311000`
SizeOfRawData	`0x12c00`
PointerToRawData	`0x175400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.8815`

Imports

KERNEL32.dll	`VirtualAlloc` `HeapAlloc` `GetProcessHeap` `VirtualLock` `HeapFree` `IsBadCodePtr` `MapViewOfFileEx` `OpenFileMappingA` `EnterCriticalSection` `VirtualQuery` `VirtualQueryEx` `OpenMutexA` `UnmapViewOfFile` `VirtualFree` `ReleaseMutex` `CreateEventA` `SetEvent` `GetVersion` `LeaveCriticalSection` `CompareStringA` `WaitForSingleObject` `GetSystemInfo` `GetTempFileNameA` `GetDriveTypeA` `GetVolumeInformationA` `MulDiv` `CloseHandle` `FreeLibrary` `LoadLibraryA` `GlobalMemoryStatus` `GetCurrentDirectoryA` `OpenFile` `GetTempPathA` `WinExec` `FindFirstFileA` `FileTimeToSystemTime` `MapViewOfFile` `CreateFileA` `CreateFileMappingA` `OutputDebugStringA` `GetVersionExA` `GetProcAddress` `_llseek` `GlobalAlloc` `_lread` `FindResourceA` `GetModuleHandleA` `GlobalReAlloc` `LoadResource` `LockResource` `GlobalHandle` `GlobalLock` `GlobalUnlock` `_lclose` `GlobalFree` `_hread` `GetLastError` `IsDBCSLeadByte` `CreateMutexA` `GetCurrentThreadId` `InitializeCriticalSection` `DeleteCriticalSection` `ReadFile` `OpenProcess` `GetCurrentProcess` `SetFilePointer` `FindNextFileA` `GetFileType` `FileTimeToLocalFileTime` `ExitProcess` `RtlUnwind` `TerminateProcess` `GetSystemTime` `GetTimeZoneInformation` `GetLocalTime` `WriteFile` `DeleteFileA` `GetFullPathNameA` `GetStartupInfoA` `FindClose` `SetEnvironmentVariableA` `GetCommandLineA` `SetEndOfFile` `SetHandleCount` `GetStringTypeW` `GetStdHandle` `SetStdHandle` `GetCPInfo` `GetACP` `GetOEMCP` `MultiByteToWideChar` `LCMapStringA` `WideCharToMultiByte` `LCMapStringW` `RaiseException` `FlushFileBuffers` `GetStringTypeA` `CompareStringW` `UnhandledExceptionFilter` `GetModuleFileNameA` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `HeapDestroy` `HeapCreate` `SetUnhandledExceptionFilter` `IsBadReadPtr` `IsBadWritePtr`
USER32.dll	`GetWindowRect` `ScreenToClient` `SetRect` `DrawTextA` `FindWindowA` `SetSysColors` `GetForegroundWindow` `GetKeyState` `LoadCursorA` `CallWindowProcA` `GetSysColor` `IsClipboardFormatAvailable` `GetWindowLongA` `SetWindowLongA` `GetClientRect` `MoveWindow` `InvalidateRect` `ReleaseDC` `GetDC` `ClientToScreen` `GetAsyncKeyState` `GetKeyboardState` `PostMessageA` `SetCursorPos` `GetCursorPos` `ShowWindow` `SystemParametersInfoA` `LoadStringA` `GetMessageA` `DispatchMessageA` `TranslateMessage` `PeekMessageA` `RegisterClassA` `LoadIconA` `UpdateWindow` `SetWindowPos` `GetSystemMetrics` `BringWindowToTop` `GetLastActivePopup` `SetForegroundWindow` `GetUpdateRect` `FillRect` `GetWindowTextA` `SetCursor` `SetClassLongA` `MessageBoxA` `CharUpperA` `CreateWindowExA` `DestroyWindow` `SetTimer` `SetFocus` `OpenClipboard` `GetClipboardData` `CloseClipboard` `SendMessageA` `GetFocus` `GetActiveWindow` `DrawTextExA` `ReleaseCapture` `MessageBeep` `GetCapture` `KillTimer` `SetCapture` `SetWindowTextA` `GetWindowThreadProcessId` `PostQuitMessage` `DefWindowProcA` `WinHelpA` `IsIconic` `ValidateRect` `GetCaretBlinkTime`
GDI32.dll	`SelectClipRgn` `SelectObject` `GetStockObject` `MoveToEx` `SetBkMode` `TextOutA` `GetPaletteEntries` `DeleteObject` `DeleteDC` `SetTextColor` `CreateICA` `RealizePalette` `GetDeviceCaps` `GetTextExtentPoint32A` `CreatePen` `SelectPalette` `CreateFontIndirectA` `SetBkColor` `GetTextMetricsA` `CreatePalette` `GetNearestPaletteIndex` `ResizePalette` `GetObjectA` `CreateRectRgn` `GetSystemPaletteEntries` `SetPaletteEntries` `LineTo`
ADVAPI32.dll	`RegCreateKeyExA` `RegCloseKey` `RegSetValueExA` `RegQueryValueExA`
DPLAYX.dll	`#1` `#2` `#4`
DSOUND.dll	`DirectSoundCreate`
DDRAW.dll	`DirectDrawCreate`
WINMM.dll	`mmioAdvance` `mmioSetInfo` `mmioGetInfo` `mixerClose` `mixerGetControlDetailsA` `timeGetTime` `mciSendCommandA` `mciGetErrorStringA` `mixerSetControlDetails` `timeKillEvent` `timeEndPeriod` `timeBeginPeriod` `timeSetEvent` `mixerGetLineControlsA` `mmioRead` `mmioAscend` `mmioSeek` `mmioOpenA` `mmioDescend` `mixerOpen` `mmioClose` `mixerGetNumDevs` `mixerGetLineInfoA`
IMM32.dll	`ImmReleaseContext` `ImmNotifyIME` `ImmSetOpenStatus` `ImmAssociateContext` `ImmGetContext`
MSVFW32.dll	`MCIWndCreateA` `ICInfo`
ole32.dll	`CoCreateInstance` `CoInitialize` `CoUninitialize`
WSOCK32.dll	`gethostname` `WSAStartup` `WSACleanup` `gethostbyname`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x710`
TimeDateStamp	1997-Sep-17 08:25:58
Entropy	`3.06678`
MD5	`a6c4f1331821d2c15a64447d19ab8455`
SHA1	`d4e765ea17d90582ec199698f4902cd7e11246f6`
SHA256	`01dec9857113c5bb99065c03201b69f1a9836f3eae12297f9bfeb0b1e376f531`
SHA3	`d87c034b467b7c04953e1b338fcfd094da8361c31b6169542f22c63d8f3a5e64`

APPICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1997-Sep-17 08:25:58
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`811c1b936b990e5b9436926334ba228c`
SHA1	`897e75a309bc49b7d72c5e27af1796cb94951f9e`
SHA256	`a50148b80e2b2c892cb03d7d7ade8caa552e0a505a0d6ba0a6578b8014b271ec`
SHA3	`2fdaa200ae2885ae2c1d34b5e850e11dce70c41263b634bd8a7df8f86c28f18d`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2f0`
TimeDateStamp	1997-Sep-17 08:25:58
Entropy	`3.42012`
MD5	`5423d817b417ed184d92359e1e8e8ddc`
SHA1	`d1bb5455b7ff83d5648d5612fb83ae658b0aa170`
SHA256	`e9b36ed31e6b2d4e21f2aa0e6c2f6b00fd43d34cbe8e869bd6c4b6a5b7bb0d70`
SHA3	`7af8eb822b165545bdcb2210252d2d00954c746bd1687ecfc233c47d8b0b4de8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.8.68.917
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Age of Empires
FileVersion (#2)	00.08.68.0917
InternalName	EMPIRES
LegalCopyright	Copyright Â© Microsoft Corp. 1997
OriginalFilename	EMPIRES.EXE
ProductName	Age of Empires
ProductVersion (#2)	1.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.