Manalyze report for edd2264d569679a7597ec6eb9f6c4fba

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Apr-10 12:19:31
Detected languages	English - United States
CompanyName	Disc Soft Ltd
FileDescription	DAEMON Tools Pro Setup
FileVersion	`6.1.0.0485.0`
InternalName	DAEMON Tools Pro6.1.0.0485.exe
LegalCopyright	Copyright (C) 2004-2014
OriginalFilename	DAEMON Tools Pro6.1.0.0485.exe
ProductName	DAEMON Tools Pro
ProductVersion	`6.1.0.0485.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Can access the registry: RegEnumKeyW RegOpenKeyExW RegCloseKey RegDeleteKeyW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegQueryValueExW RegEnumValueW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW` `Manipulates other processes: OpenProcess` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Disc Soft Ltd` `Issuer: COMODO RSA Code Signing CA`
Malicious	VirusTotal score: 5/68 (Scanned on 2024-04-19 06:37:07)	`ESET-NOD32: a variant of Win32/DiscSoft.A potentially unwanted` `Elastic: malicious (moderate confidence)` `Ikarus: PUA.DiscSoft` `Malwarebytes: Malware.AI.347011715` `Rising: PUA.CandyOpen!8.F604 (CLOUD)`

Hashes

MD5	`edd2264d569679a7597ec6eb9f6c4fba`
SHA1	`54977c4c26ae144c8b9c025127c91d272ee9f855`
SHA256	`549f3ee874668a2e872684bccfaf3e87ab5f076dff8f6bb4870deec3a1fe9bdb`
SHA3	`675a2de34d0a28b90ee61eab46ae5db18f95aa51e89c6ffb36675ee287d28ef5`
SSDeep	`786432:IQIjnkwICiVPjiYA5Z239V6q5SdceVM5S:IQC/i4YAW9V66S+E`
Imports Hash	`b729b61eb1515fcf7b3e511e4e66258b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2010-Apr-10 12:19:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x6400`
SizeOfInitializedData	`0x69400`
SizeOfUninitializedData	`0x4200`
AddressOfEntryPoint	`0x0000354B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`6.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x305000`
SizeOfHeaders	`0x400`
Checksum	`0x1a824bb`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3291075913c14a1799655a261fb21cca`
SHA1	`fd33c56b0ba15cee847fa40af34e1b198ba40590`
SHA256	`f3aaac998ff2753b9f3f7b7d4f96c8741968c8fdde4d02f7c6eacee9dfd1ffd3`
SHA3	`a3816690a640c9e586202a7a2c36e52403cf88647e7c0da5b039aeff5752a5df`
VirtualSize	`0x63a2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48045`

.rdata

MD5	`170563e94de7ebfd6e622a164ce38c8a`
SHA1	`f30e9e571c36354c2b8080144a5df8e87f1c1b43`
SHA256	`a1f5148f995840627b3ee37ae9b258b2ef77211a37cbd5f42b59dc9841f3b5a9`
SHA3	`650033f75183d3086f24df61d9ff6811372cd6ec1fd95dcd3f76c26c52699289`
VirtualSize	`0x18f2`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.88829`

.data

MD5	`23d69b1e3a55dee07701198b7650a06b`
SHA1	`dbff551bde21727da9f0780bcad038f9f1a182db`
SHA256	`27b867a007bac7bace37338967c27e73ddd9c3e30bb6be701eca434146639d7c`
SHA3	`0d02f356352299788dcf55e2c76c319bfd69a60607653ebe42b08d8722259741`
VirtualSize	`0x6669c`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.42988`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x291000`
VirtualAddress	`0x71000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`51b01446586069589df842857999ecf8`
SHA1	`34c62d7d0a95852de08d6adf53ccdd30ffc963d7`
SHA256	`09930696503c48b29c6b122e647b406ba3b5809667db01e5af62e57ff7f9b3e2`
SHA3	`0e97bbf2832abacac97a71e298d76a16cc91eb606d2c3b0bc83c3065b23ac164`
VirtualSize	`0x2950`
VirtualAddress	`0x302000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54937`

Imports

KERNEL32.dll	`SetFileTime` `CompareFileTime` `SearchPathW` `GetShortPathNameW` `GetFullPathNameW` `MoveFileW` `SetCurrentDirectoryW` `GetFileAttributesW` `GetLastError` `CreateDirectoryW` `SetFileAttributesW` `Sleep` `GetTickCount` `CreateFileW` `GetFileSize` `GetModuleFileNameW` `GetCurrentProcess` `CopyFileW` `ExitProcess` `GetWindowsDirectoryW` `GetTempPathW` `GetCommandLineW` `SetErrorMode` `CloseHandle` `lstrlenW` `lstrcpynW` `GetDiskFreeSpaceW` `GlobalUnlock` `GlobalLock` `CreateThread` `LoadLibraryW` `CreateProcessW` `lstrcmpiA` `GetTempFileNameW` `lstrcatW` `GetProcAddress` `LoadLibraryA` `GetModuleHandleA` `OpenProcess` `lstrcpyW` `GetVersionExW` `GetSystemDirectoryW` `GetVersion` `lstrcpyA` `RemoveDirectoryW` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalAlloc` `WaitForSingleObject` `GetExitCodeProcess` `GlobalFree` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `WideCharToMultiByte` `MulDiv` `lstrlenA` `WriteFile` `ReadFile` `MultiByteToWideChar` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `lstrcpynA`
USER32.dll	`ScreenToClient` `GetMessagePos` `CallWindowProcW` `IsWindowVisible` `LoadBitmapW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `TrackPopupMenu` `GetWindowRect` `AppendMenuW` `CreatePopupMenu` `GetSystemMetrics` `EndDialog` `EnableMenuItem` `GetSystemMenu` `SetClassLongW` `IsWindowEnabled` `SetWindowPos` `DialogBoxParamW` `CheckDlgButton` `CreateWindowExW` `SystemParametersInfoW` `RegisterClassW` `SetDlgItemTextW` `GetDlgItemTextW` `MessageBoxIndirectW` `CharNextA` `CharUpperW` `CharPrevW` `DispatchMessageW` `PeekMessageW` `wsprintfA` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `LoadCursorW` `SetCursor` `GetWindowLongW` `GetSysColor` `CharNextW` `GetClassInfoW` `ExitWindowsEx` `FindWindowExW` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `IsWindow`
GDI32.dll	`SetBkColor` `GetDeviceCaps` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor` `SelectObject`
SHELL32.dll	`SHBrowseForFolderW` `SHGetPathFromIDListW` `SHGetFileInfoW` `ShellExecuteW` `SHFileOperationW` `SHGetSpecialFolderLocation`
ADVAPI32.dll	`RegEnumKeyW` `RegOpenKeyExW` `RegCloseKey` `RegDeleteKeyW` `RegDeleteValueW` `RegCreateKeyExW` `RegSetValueExW` `RegQueryValueExW` `RegEnumValueW`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `#17` `ImageList_Create`
ole32.dll	`CoTaskMemFree` `OleInitialize` `OleUninitialize` `CoCreateInstance`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28897`
MD5	`08a9c6a03dfc41d8390c53cb5863f668`
SHA1	`3ab8700aba90a45b87b3bb5c6b6a3566de4ab08b`
SHA256	`0a4d783c14704c963d417cfab8ad1f66a47866d79b106668cd3432786e442d48`
SHA3	`1a06f589e2f0d3d2bb6a823d54eb8ae76f3c1b1ae19c9cb94ccac96ece54ecde`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47151`
MD5	`0a451222f7037983439a58e3b44db529`
SHA1	`6881cba71174502883d53a8885fb90dad81fd0c0`
SHA256	`dc785b2a3e4ea82bd34121cc04e80758e221f11ee686fcfd87ce49f8e6730b22`
SHA3	`d5599c242df5383add3fb330d42b31f1751594b36bbf52195e7d1dd564e7f0e3`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91708`
MD5	`90ed3aac2a942e3067e6471b32860e77`
SHA1	`b849a2b9901473810b5d74e6703be78c3a7e64e3`
SHA256	`ca8fc96218d0a7e691dd7b95da05a27246439822d09b829af240523b28fd5bb3`
SHA3	`3f02085a0d69091556ede0b585f45145adce9849e175d8177c2f0fe0891a1bd8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25755`
MD5	`c5af786bfd9fd1c53c8fe9f0bd9ce38b`
SHA1	`4f6f7d9973b47063aa5353225a2bc5a76aa2a96a`
SHA256	`f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b`
SHA3	`e178a71f02edb18e31bf550d484b2cba8d865e1e9796065addb07855ce5627f9`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67866`
MD5	`693e5fde9e50f9d2b6c4795f5b47f576`
SHA1	`502c331f05e8ca78ad66dab64fd17a25df2bfbd0`
SHA256	`ed2f2d936eb10234e9fe3c6f4e7a8172c05281796fdffcd21eb435ab89c656f5`
SHA3	`372550d961df1a704067fb4e07d96996b047d6973033d425fed1eb611d48753f`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68372`
MD5	`583fb02149a19ffff54516cfd5edebd4`
SHA1	`9de29568e142e36811e4fc5130e60fdb78f3db06`
SHA256	`9dfacbe444e14cd17c5956afa713f043c2b1150d37868af1661b5bb848fee3f5`
SHA3	`6c2967d2415996675fe0ca406c7a3ab94fe6cfd18bf7b98cf11f20c314b3fc81`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92787`
MD5	`5dfa289639a3bcc0497da8db163f01fe`
SHA1	`6e2c6ea1e2594b66f563fb589276642c127e875f`
SHA256	`18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01`
SHA3	`85abdc8c431d91c72f3595a39881c96637ead09a0278d3cec0c1c9a8d873f031`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21733`
Detected Filetype	Icon file
MD5	`9a3dc770570ed0855e8aab86fa4d49ff`
SHA1	`1c832823d3e76a5782e80519141dfcc82e063dc8`
SHA256	`deb17155bce04980ab004147b427f72000969457f99f22ef0108d5c4e37c46e6`
SHA3	`54b371d95582aec637e4cbf2d90bcbc268bc29b932ec9b09d2e194c5f4bdcb1f`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x34c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43246`
MD5	`dfc5a5a4e6c0fb4bc55993cfed6593da`
SHA1	`c3133b51fec30aa646902ceda88347b6465713b4`
SHA256	`3108554dfb7ddca5e8f63ac7ad21a69300658579d402066d818c3802f0900453`
SHA3	`346c08ad4a2521f6662b53e49b97927d6d9dda6e85803234a3949d1a3431bd80`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21494`
MD5	`98e3e14528b61fe20c6bcac5aff75e8e`
SHA1	`a190daa7d40786b8a07e804c640f220502a887b2`
SHA256	`e07d7fa88eac47bf707d9cabd85df18a4696a209750a5e6ad1401b0dc2db31bf`
SHA3	`352b2f397c2aa589b550663b877b5ca1dcb2e74ef6df543282c4b76df0df80b5`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	6.1.0.485
ProductVersion	6.1.0.485
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Disc Soft Ltd
FileDescription	DAEMON Tools Pro Setup
FileVersion (#2)	6.1.0.0485.0
InternalName	DAEMON Tools Pro6.1.0.0485.exe
LegalCopyright	Copyright (C) 2004-2014
OriginalFilename	DAEMON Tools Pro6.1.0.0485.exe
ProductName	DAEMON Tools Pro
ProductVersion (#2)	6.1.0.0485.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x37178e78`
Unmarked objects	`0`
C objects (VS2012 build 50727 / VS2005 build 50727)	`3`
Imports (VS2012 build 50727 / VS2005 build 50727)	`17`
Total imports	`168`
C objects (VS2008 SP1 build 30729)	`11`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!
[*] Warning: [plugin_authenticode] Hashing algorithm 1.2.840.1015.13.1.1.5 is not supported.