4216fe29f8250470a6c1a775bd16d5ec

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2023-Sep-03 10:32:14
Detected languages English - United States
CompanyName Hamrick Software
FileDescription VueScan Installer
FileVersion 9.8.16
InternalName VueScan Installer
LegalCopyright Copyright 2023 Hamrick Software
ProductName VueScan Installer 9.8.16
ProductVersion 9.8.16

Plugin Output

Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Functions related to the privilege level:
  • CheckTokenMembership
 Enumerates local disk drives:
  • GetDriveTypeW
Info The PE is digitally signed. Signer: Hamrick Software
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Safe VirusTotal score: 0/72 (Scanned on 2025-05-11 05:13:01) All the AVs think this file is safe.

Hashes

MD5 4216fe29f8250470a6c1a775bd16d5ec
SHA1 5b83f1204dada50aa4609049ead7f0cd96845244
SHA256 590d95bf7392dba3603ffae0b1a131ad9fb4978150ee234b62d67b138e9eb88d
SHA3 b09bd68de7b7e3520559dc879ad4201ddd9bbf5ae931499aa9ca4c424a5f435b
SSDeep 393216:WQ9WLcKS1wNLH04sjYyQ0KSW9MoEvwyhWgJcgtE6n:WQHargYyWSpvwPgJc4xn
Imports Hash f51174f7977db2c4d469a5f711e3a5b9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2023-Sep-03 10:32:14
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x21a00
SizeOfInitializedData 0x33800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000007E68 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x5a000
SizeOfHeaders 0x400
Checksum 0xfb2007
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a3e4c6a337c6bca55faa656525aee745
SHA1 91ceba06c0d1451ddf0f01010676eadde1b3073d
SHA256 1c32aed5306e8dd8bfea199be6e855af70d82780a9f5597f0fff0b17150db2cc
SHA3 424a6c3db142633421efe723c052ee9d6f4eb91713bceaa9b44babe6471854a9
VirtualSize 0x21950
VirtualAddress 0x1000
SizeOfRawData 0x21a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.4044

.rdata

MD5 d038d21c9d862367d66585fe6b52b261
SHA1 5d960c87257ddbee259af4bf923e3353b4236544
SHA256 908def1bc253d3726e382e68a03e8dc707b7d151c1fe525d1b7a302cbadceab7
SHA3 0c945644be55c2cde0d086e25d2a7ca329c50dbda23f3a036008c394b80dcd54
VirtualSize 0xb77e
VirtualAddress 0x23000
SizeOfRawData 0xb800
PointerToRawData 0x21e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.05608

.data

MD5 80329d71e409081f258cadf0bb2a7e29
SHA1 748a7b84b99e2ea6f87c5dcbf1b2c3653915a520
SHA256 cc0c7a569e5cd9078832d0d72fac7bd51ed7dd1017654c5392b08a6bb9c1ae00
SHA3 9b04095423b0552f2c1348e2fd8f586f36e570fe57bda426c3fd6acce5b4b7b4
VirtualSize 0x214e8
VirtualAddress 0x2f000
SizeOfRawData 0xe00
PointerToRawData 0x2d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.9574

.pdata

MD5 7bb42ffe05e57b723e0c3fe06be7033f
SHA1 5a8fc8ea49441b09871f8c3496f25d141f5485d4
SHA256 640444eb6f8e2cf3a44fb0abbeec6d262b70f2eb32aeef1bf829ad21f39f2f4f
SHA3 40bf1baa442e9727710c48f1fd98a7b7ffee2346ddc24513dc368bb858738714
VirtualSize 0x19e0
VirtualAddress 0x51000
SizeOfRawData 0x1a00
PointerToRawData 0x2e400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.27141

_RDATA

MD5 7edd8c9dcb1c1b48cc50be5f24eeb508
SHA1 3641522b5f56ceced70d3bf9d58b898d11d6fd02
SHA256 c18cce9453a062ecc4303d31025bcd1c9182b87d46041e0f2c4752d6639a79a6
SHA3 575fcc0e4092f47d8a6ed2d20284b8df8f84d0d997d726102792ed0312e9d0b8
VirtualSize 0x15c
VirtualAddress 0x53000
SizeOfRawData 0x200
PointerToRawData 0x2fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.8148

.rsrc

MD5 10164638c0a03a8993f1acb3972d869a
SHA1 481ce238752df4a5b280296d3cf0c5fb31c9be16
SHA256 9f32652c931c5c5bc5938b3cf2df51fc0fb0c18fdde021435b4c1114147aac8b
SHA3 8a0054fe4eac03d154260042319f4644097b70db6625b1c914e939b242c0b709
VirtualSize 0x4560
VirtualAddress 0x54000
SizeOfRawData 0x4600
PointerToRawData 0x30000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.75413

.reloc

MD5 6f90516c202d612f51d878a5574a1b3c
SHA1 dbb7d9fcf7a6bf4a0dafd38462e5a5adbc902bb6
SHA256 22bf083aad2d2dcbf2f9db23939613c131729ecfb7bac4cdd4efd4619746f14a
SHA3 2c67e77f523f798a3ef4ca27d0606536df9afd48df01168d01a766f4293a3c71
VirtualSize 0x68c
VirtualAddress 0x59000
SizeOfRawData 0x800
PointerToRawData 0x34600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.9586

Imports

USER32.dll PostMessageA
EnumWindows
MessageBoxA
GetWindowTextA
ADVAPI32.dll FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SHELL32.dll SHGetFolderPathW
ShellExecuteExW
SHFileOperationW
KERNEL32.dll FlushFileBuffers
GetTimeZoneInformation
HeapSize
HeapReAlloc
RtlPcToFileHeader
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
CloseHandle
GetLastError
SetErrorMode
WaitForSingleObject
Sleep
CreateProcessW
GetVersion
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
FreeEnvironmentStringsW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
WriteConsoleW
RtlUnwind
MoveFileExW
CreateFileW
GetFileType
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DeleteFileW
CreateDirectoryW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
SetEndOfFile
HeapFree
HeapAlloc
GetConsoleOutputCP
GetConsoleMode
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
SetStdHandle
ReadFile
ReadConsoleW
SetFilePointerEx
GetCurrentDirectoryW
GetFileSizeEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.90216
MD5 a2ded54d4a9b210175173d0e71ef1128
SHA1 f6411fda0329620e6593812d5f3b1bb29f86102d
SHA256 00b5ab981f34a54793c5e6205533bda7b0f682dffc52b60290ba77da3ad20517
SHA3 23158337147bf9bb053348da0518ad3f5432ee16fd1e5ba25f39e81ff5057067

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.75642
MD5 69566855f476b68068751dd428e73e0c
SHA1 78f9fd60320bd63541c5a31c39653042e7058fb7
SHA256 e7007400eb9146edf1b7a80adb0ade51edd25af8bd3aa257e73d734d10a13645
SHA3 bc47cbdd563be0f9fb8e2a280462d7d6791d411ab1dc97841fd6e2d38fd1100c

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.50765
MD5 b1fc2db4a531570c4b49d8bebccf9af6
SHA1 04d8c04a679bff205d51ad480c34c147380727a1
SHA256 543502263e5445b4a66e1b2cf2499053d7c8d9afed992303a0dba7c8ccfc1b53
SHA3 692649d7c4854bc0a4ee5285aa81c6219456fc80aa419d2e85c0ed3eb333d343

SETUP

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.45849
Detected Filetype Icon file
MD5 409e1724611e0bc39356e2f58888db55
SHA1 c06c0e66cc2f7956256e2f018aa0294bfa914960
SHA256 6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210
SHA3 315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2cc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39554
MD5 7f1e9d45a4d637a1b9edfa63978036e6
SHA1 d43f229fa4619aecafeebf54a8cc154d942c8d3b
SHA256 a0f9816c554bb1761401fbe272bc5e77bbd79027a527599ee88daaa600629a37
SHA3 0706336035b78d3354d80aa3227d2211762eb2296017adac1d739284f49026f6

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x601
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07637
MD5 4cce76d481417ff605e286f6362fa519
SHA1 ba2ec9407568b649a0fa4c3872a654a35bdbff15
SHA256 dcd0ae877aad964c361fb72fa1b65ae0a0eb9117dd62d73b97b40d714421cc34
SHA3 d7b3acf595104e9a6f02c8f507c8aa67f67862743a4f3aa1d4aba5b4c4481981

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 9.8.16.0
ProductVersion 9.8.16.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Hamrick Software
FileDescription VueScan Installer
FileVersion (#2) 9.8.16
InternalName VueScan Installer
LegalCopyright Copyright 2023 Hamrick Software
ProductName VueScan Installer 9.8.16
ProductVersion (#2) 9.8.16
Resource LangID English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2023-Sep-03 10:32:14
Version 0.0
SizeofData 796
AddressOfRawData 0x2c09c
PointerToRawData 0x2ae9c

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14002f0b8

RICH Header

XOR Key 0x1165558c
Unmarked objects 0
ASM objects (29395) 9
C++ objects (29395) 166
C objects (29395) 10
253 (VS2022 Update 4 (17.4.2) compiler 31935) 4
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935) 40
C objects (VS2022 Update 4 (17.4.2) compiler 31935) 17
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935) 9
Imports (29395) 9
Total imports 120
C++ objects (32124) 1
C objects (32124) 4
Resource objects (32124) 1
Linker (32124) 1

Errors