Manalyze report for 56555893c99d8064cc2b1b698ece3bb193ee609e36ef420166f88925debf20fb

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Sep-01 13:43:08
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	installer.pdb
FileVersion	`2.7.0.3`
InternalName	installer
LegalCopyright	Copyright (C) 2025 Kristjan Skutta
OriginalFilename	installer.exe
ProductName	Wallpaper Engine Installer
ProductVersion	`2.7.0.3`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: ShellExecuteW`
Info	The PE is digitally signed.	`Signer: Skutta Software GmbH` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/70 (Scanned on 2026-03-02 10:06:00)	`All the AVs think this file is safe.`

Hashes

MD5	`1e1b9629740ca38ac998462fa435f83b`
SHA1	`ca4ec2a8fff6a8ee4219bd4518e2fc94663418a9`
SHA256	`56555893c99d8064cc2b1b698ece3bb193ee609e36ef420166f88925debf20fb`
SHA3	`bf819241e5fd7efcfe77f35cfa070274d4cc5bd178a58dc236e8d0b8b535fd04`
SSDeep	`6144:wthQZCu3JWwHLomjc4I0teF+KKb5hMGsgL7GmMH:ZZn3ww9lt3b3/nGmMH`
Imports Hash	`d54f762d93145219cc887da353bf48c6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x40`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2025-Sep-01 13:43:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x29c00`
SizeOfInitializedData	`0x38c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00009BBB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x66000`
SizeOfHeaders	`0x400`
Checksum	`0x727e4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`045cd4ce5184936fed3dbe10dbc55453`
SHA1	`8faad72ea103549f85d4d972919bead82e270b84`
SHA256	`ad23fe25f1adf5590bd910ac4505b07e44e0369c426d4d3905faaa45b77df479`
SHA3	`91d583669f6ea3910f5dc52e00e9bff66b115ea6ce7dd0ecf7e13092abd80f32`
VirtualSize	`0x29b36`
VirtualAddress	`0x1000`
SizeOfRawData	`0x29c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62964`

.rdata

MD5	`f0e450e575ab4eb144758a5a0887784d`
SHA1	`aca47d6b0fa29718b1df8d6e9e9fb681ce13420a`
SHA256	`75dc527e97663001e4198aa1bd0e8813098a78535f0ad622d4c24f5dbf1e2739`
SHA3	`eaed3a7737aad5c0127c37d29826e2cd684fd6ea20b6651ce9d1782491fe9efe`
VirtualSize	`0xc8de`
VirtualAddress	`0x2b000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x2a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.3011`

.data

MD5	`45875665539086d243bf533a703fef4d`
SHA1	`c9d3ec34997f0b575dde57097359d930d3ade213`
SHA256	`39305522fc1030c50778feb9fd4253f1a907123b2bf6951702a39f0be9c9fb1b`
SHA3	`37505b525f8506dcfbc52dec8b145ada04662cefdca382934d9fd58efd294eb7`
VirtualSize	`0x1dac`
VirtualAddress	`0x38000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x36a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.73202`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x80`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x37a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`d7b31600c98132d6a7fdae5ec63efc07`
SHA1	`ebc3306e2633f66af476248ad9360bf97c06408c`
SHA256	`239fe89ee81414acf74a8f2a0c76646b44216b57d769b6dfdb61cbd8cc5316c9`
SHA3	`cc85b1235d21b6b932a1d2e26128493d0c9f808787457d20356d64f7f4690352`
VirtualSize	`0x282c0`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x28400`
PointerToRawData	`0x37c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.45518`

.reloc

MD5	`3affa46317620c0a9e6540a6ce102f84`
SHA1	`20c6e1ce93c21e9bad3f02815fc23a327d7121d1`
SHA256	`e6315a98b37af6f24502325946960ee911624134c7c39410cd88d811eba75e02`
SHA3	`39c029582ceca0125398f4746a2b14a3433bd13bbad0aba840f8a6364ef8a93f`
VirtualSize	`0x1d70`
VirtualAddress	`0x64000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x60000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54357`

Imports

KERNEL32.dll	`MultiByteToWideChar` `IsProcessorFeaturePresent` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `GetModuleHandleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetCurrentProcess` `TerminateProcess` `WriteConsoleW` `HeapSize` `GetTimeZoneInformation` `FormatMessageA` `LocalFree` `GetLocaleInfoEx` `GetCurrentDirectoryW` `CreateFileW` `FindClose` `FindFirstFileW` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesExW` `CloseHandle` `GetLastError` `GetProcAddress` `GetFileInformationByHandleEx` `WideCharToMultiByte` `GetStringTypeW` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetCPInfo` `RaiseException` `RtlUnwind` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `HeapFree` `HeapAlloc` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `VirtualProtect` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetProcessHeap` `GetFileType` `SetStdHandle` `GetFileSizeEx` `SetFilePointerEx` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `ReadFile` `ReadConsoleW` `HeapReAlloc` `SetEndOfFile`
SHELL32.dll	`ShellExecuteW`

Delayed Imports

NoHotPatch

Ordinal	`1`
Address	`0x38b78`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0284`
MD5	`3dce7bd93eb165869da086518fc32f04`
SHA1	`8759123d45ac0852ee30a1bb09149ad28d97b71b`
SHA256	`4f1c0cf1e24a518dc1d6835ff3e750c8ec2a0ef14ddeade59198ea8012315edb`
SHA3	`0fb4ed09b17377dccd51a8f3390f4c1e21084a2b52a236b69032e8aa3db0eb8b`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.51636`
MD5	`2c88083c1687b49050de505367eff122`
SHA1	`490fa1d152ae446b23cf8a0bf7e8cf6579b6ebea`
SHA256	`0753b7336768f055b4ffc8b596105e1ac0257e71e813c6cf954196f712339f30`
SHA3	`661dfcf872467aeda4b251e4ea9d330805e345659d07cfc533304b28553b01fb`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.54965`
MD5	`1d85a3999390526401e3a36ff0d1f577`
SHA1	`5beaf6ede4a49f2f50ba6424272cd56847d52068`
SHA256	`a05305018d39c733afb8fafde3c44141517a34eb3daa4cf3a66c4b6190d3b1b7`
SHA3	`88af78c940cbd864759dc7292a0a831849731656f23f32d8fb7942e701916a8f`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40066`
MD5	`12016695682c830f459a806b6b4cf1c4`
SHA1	`d17230a4e4d7ba723962c4c1de6f672325384aca`
SHA256	`4e61c956ab2abc522bd67f1bb75a291a12352e0d9098206cf43bf5e2ad969e5b`
SHA3	`98ad6291d31c153ba6fd7b1c96f2128146e0327302381d0e1a5d116642c33c7d`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71881`
MD5	`e8cb5dfcb88ae96dd84f6a20b30038f0`
SHA1	`fb3d589628485a0893ae3a65554fa71ed8c4e941`
SHA256	`da3671cf88c77e1a8d14550c0c15dd53ad1c06751426a6c4eb789c9e65fdfcb6`
SHA3	`b988d2a02a9cb24d97c471961835b70a1c015a5a7336cb69aa689e7bbda52f8b`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75065`
MD5	`8a3a32dd72e744f45bd150e7fb26ee36`
SHA1	`3029ca9aedcd24edd567d279c33e2886b6c6029b`
SHA256	`09edd0564066c6c65132aa9e85f0ce5f798e921690daf6b6ab53e6e0f5777b2b`
SHA3	`f1989c4e14461d40f85f2fdde296efa0ce3157d1867205cb3179c70be75126b9`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16171`
MD5	`76d87a2068fc3622c28d42a1bb74cdd6`
SHA1	`bc83c6211c86cffc17080099aee5d7aeeb59f0bf`
SHA256	`801063904c88cc8df1a63fbd7e37bbae661b740308065f120eecab74cbe1f6b3`
SHA3	`c94c0fdc83f1ffd993c15a1215f4d4b668205f7f73b0680e06eeff949241b2d6`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09808`
MD5	`f1791e7718f29aa505283c38be1b4dea`
SHA1	`a61369a4b4356ef5b7b0c2264bd1215633dbfe6c`
SHA256	`adf92e1ea5318e47c3ddbfa309f11e20a40d1d711bd73d7c6570a29675e1d519`
SHA3	`6ef824312a0e443e8aec8ac204e3c2d31c06e86f88c09e968a497affc7810370`

102

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06388`
Detected Filetype	Icon file
MD5	`111a78da3cf9fa241bfd4bb4668051d1`
SHA1	`fa928b4443be40518655f7c2f90571620cfcbed2`
SHA256	`61702d4411f0861317b110d96855d77f33b85c370962b5d9b9325cecdfb81a65`
SHA3	`f36f5f23a6fc8cedb547983cf2694d173bd310f40b0864e1af676cd8ac4c123d`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x27c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37812`
MD5	`d15b6a639b35ca601ca7ace5d7478e6a`
SHA1	`6645d19b06163c9c2bb474a4989b58515e33790e`
SHA256	`b4d4d171344a392d4a51441202bc773aeb2ec7e837d608f1a1693bc766a16b3e`
SHA3	`2d3f0ea3f2b6ac4eb8686554df6044bdb3e557ae45ff138c8ffeb241e7238e5c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x585`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13247`
MD5	`f901d40e529dac465c8bef4b1a2db51a`
SHA1	`9b23bdf09009ed6cbb2e521f929535c23382e8ee`
SHA256	`54b6f6b785053a47499565b1c1eb3ddbe8f5c7b724e082a8b7463baab156b187`
SHA3	`dd9632305cea3102ed6cae0d57202877d39c9d96481727294b3d421ebb408f11`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.7.0.3
ProductVersion	2.7.0.3
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	UNKNOWN
FileVersion (#2)	2.7.0.3
InternalName	installer
LegalCopyright	Copyright (C) 2025 Kristjan Skutta
OriginalFilename	installer.exe
ProductName	Wallpaper Engine Installer
ProductVersion (#2)	2.7.0.3

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Sep-01 13:43:08
Version	`0.0`
SizeofData	`38`
AddressOfRawData	`0x360b0`
PointerToRawData	`0x350b0`
Referenced File	installer.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Sep-01 13:43:08
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x360d8`
PointerToRawData	`0x350d8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Sep-01 13:43:08
Version	`0.0`
SizeofData	`1060`
AddressOfRawData	`0x360ec`
PointerToRawData	`0x350ec`

TLS Callbacks

StartAddressOfRawData	`0x436520`
EndAddressOfRawData	`0x436522`
AddressOfIndex	`0x439d08`
AddressOfCallbacks	`0x42b1ec`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`0x00429E61`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x438040`
SEHandlerTable	`0x435f8c`
SEHandlerCount	`17`

RICH Header

Errors

Leave a comment

No comments yet.