Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2024-Apr-12 08:01:40 |
Detected languages |
English - United States
|
Debug artifacts |
C:\vsts-new\Installers\MetaInstaller\BGAUpdatePack\Release\BGAUpdate.pdb
|
CompanyName | © 2024 Microsoft Corporation |
FileDescription | BGA Update Pack |
FileVersion | 2.0.0.34 |
InternalName | BGAUpdatePack.exe |
LegalCopyright | © 2024 Microsoft Corporation. All rights reserved. |
OriginalFilename | BGAUpdatePack.exe |
ProductName | BGA Update Pack |
ProductVersion | 2.0.0.34 |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0 Microsoft Visual C# v7.0 / Basic .NET .NET DLL -> Microsoft |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to SHA256 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. |
Resource 129 detected as a PE Executable.
Resource 131 detected as a PE Executable. Resources amount for 99.1551% of the executable. |
Info | The PE is digitally signed. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA 2011 |
Safe | VirusTotal score: 0/70 (Scanned on 2024-04-25 07:24:44) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x110 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2024-Apr-12 08:01:40 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x17800 |
SizeOfInitializedData | 0x111be00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000079F0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x19000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1137000 |
SizeOfHeaders | 0x400 |
Checksum | 0x1138c9f |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
FindResourceW
FindResourceExW GetModuleHandleW DecodePointer CloseHandle CreateFileW DeleteFileW GetModuleFileNameW HeapDestroy HeapAlloc HeapFree SizeofResource HeapSize GetProcessHeap CreateFileMappingW MapViewOfFile UnmapViewOfFile GetSystemTime GetConsoleMode LockResource LoadResource DeleteCriticalSection InitializeCriticalSectionEx GetLastError RaiseException HeapReAlloc MultiByteToWideChar GetConsoleOutputCP FlushFileBuffers SetFilePointerEx GetStringTypeW SetStdHandle LCMapStringW IsDebuggerPresent OutputDebugStringW EnterCriticalSection LeaveCriticalSection UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent InitializeCriticalSectionAndSpinCount SetEvent ResetEvent WaitForSingleObjectEx CreateEventW GetProcAddress GetStartupInfoW QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead RtlUnwind SetLastError EncodePointer TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary LoadLibraryExW ExitProcess GetModuleHandleExW GetStdHandle WriteFile GetFileType FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetCommandLineA GetCommandLineW WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW WriteConsoleW |
---|---|
ADVAPI32.dll |
RegSetValueExW
RegQueryValueExW RegCloseKey RegDeleteValueW RegCreateKeyExW RegOpenKeyExW RegDeleteKeyExW |
SHELL32.dll |
SHGetFolderPathAndSubDirW
|
SHLWAPI.dll |
PathFileExistsW
|
RPCRT4.dll |
UuidCreate
UuidToStringA RpcStringFreeA |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.0.0.34 |
ProductVersion | 2.0.0.34 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | © 2024 Microsoft Corporation |
FileDescription | BGA Update Pack |
FileVersion (#2) | 2.0.0.34 |
InternalName | BGAUpdatePack.exe |
LegalCopyright | © 2024 Microsoft Corporation. All rights reserved. |
OriginalFilename | BGAUpdatePack.exe |
ProductName | BGA Update Pack |
ProductVersion (#2) | 2.0.0.34 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-12 08:01:40 |
Version | 0.0 |
SizeofData | 97 |
AddressOfRawData | 0x201dc |
PointerToRawData | 0x1eddc |
Referenced File | C:\vsts-new\Installers\MetaInstaller\BGAUpdatePack\Release\BGAUpdate.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-12 08:01:40 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x20240 |
PointerToRawData | 0x1ee40 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-12 08:01:40 |
Version | 0.0 |
SizeofData | 944 |
AddressOfRawData | 0x20254 |
PointerToRawData | 0x1ee54 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-12 08:01:40 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x420614 |
---|---|
EndAddressOfRawData | 0x42061c |
AddressOfIndex | 0x422ddc |
AddressOfCallbacks | 0x4191cc |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xbc |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x42200c |
SEHandlerTable | 0x42017c |
SEHandlerCount | 18 |
XOR Key | 0x9ac38463 |
---|---|
Unmarked objects | 0 |
ASM objects (27412) | 10 |
C++ objects (27412) | 144 |
C objects (27412) | 18 |
C objects (30034) | 19 |
ASM objects (30034) | 18 |
C++ objects (30034) | 45 |
Imports (27412) | 15 |
Total imports | 115 |
C++ objects (LTCG) (30154) | 2 |
Resource objects (30154) | 1 |
151 | 1 |
Linker (30154) | 1 |