Manalyze report for 6cd593fc080bea3e7bfd4535fde10bcc35215ee52ff0f8c55c9a5fbff7847bb8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Apr-27 01:27:51
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Can access the registry: RegCloseKey RegCreateKeyExA RegDeleteKeyA RegDeleteValueA RegEnumKeyA RegEnumValueA RegOpenKeyExA RegQueryValueExA RegSetValueExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Changes object ACLs: SetFileSecurityA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Datto` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`f7c741d0c65d582102395d2d629b192b`
SHA1	`83c9a62a40b25df40dc4a1f742a4809cfab3da84`
SHA256	`6cd593fc080bea3e7bfd4535fde10bcc35215ee52ff0f8c55c9a5fbff7847bb8`
SHA3	`5d00f488aafc986bd65f1883c1de5127f7f8efdb95f0d5cceff16bfacfbb240b`
SSDeep	`196608:ZaZk+wtP+CHD4a+KFwUUUx9Y2NPFOsti7A95rIUsFp29XaIT030Hy0SarlZr8s2f:9nwmzZFw5S9pE7Asjp29qIT0jarlZr8T`
Imports Hash	`187b3ae62ff818788b8c779ef7bc3d1c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2016-Apr-27 01:27:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x8a00`
SizeOfInitializedData	`0x9800`
SizeOfUninitializedData	`0x25a00`
AddressOfEntryPoint	`0x00004167 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x4e000`
SizeOfHeaders	`0x400`
Checksum	`0xa938e0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2ec988133e621c870cc7b5a3cd9c0a46`
SHA1	`6198958701437089c1d0d9cdfd0b674194630a98`
SHA256	`c5a26b8dbbf47887cc70fd5946399fad57fc65a199df850531d343a39f7f9f06`
SHA3	`87c85d0ba3d12d68991b7cb1de4f89a0a92233177e984099fd3a1530c0addff6`
VirtualSize	`0x8970`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.02723`

.data

MD5	`1f81afc91794a293205881d6e53e0b0f`
SHA1	`30f4dc48541139a31340cd64ab0412561ce2a43e`
SHA256	`11423ac328b6eab32662fdc138722f7936c2601cf961cfeff1652be1b13632a4`
SHA3	`fdd94b636ae8de13f8dc63318988085a50bb4b9362e104ca584167a71ce9f069`
VirtualSize	`0xe8`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.63061`

.rdata

MD5	`7bdb471d068123a70155b53231331703`
SHA1	`0960f8d32f27d1bd91d649d8e3c7174fec875265`
SHA256	`5f35ab59c359167564c239ee0161f84ff090be089c6d51060b10027dbf14a94d`
SHA3	`b45d6ce0b3af11fc34d1301b49df674f576f65e9d456cbb312c82119ae63b9e9`
VirtualSize	`0x6b04`
VirtualAddress	`0xb000`
SizeOfRawData	`0x6c00`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.23063`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x25a00`
VirtualAddress	`0x12000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`c9e9e4693c2aa9c86bd5fec6ae143093`
SHA1	`7038d288eba5ff939f8a77e4a0d891bcd274a649`
SHA256	`4f0be4b1d87ff47377d7e6953fd7fa95b1be5533bd46d0b1fe34bd871a7e642a`
SHA3	`f31e79f16b08b0bc325031154edd81dbf37415499faf5fc12788f836dc94f5fc`
VirtualSize	`0x127c`
VirtualAddress	`0x38000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.18033`

.ndata

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0xc000`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x400`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`5fd1e46006e8e7026e097950b2ab0a52`
SHA1	`440e33ee17c2425a42cb551ee1d47a0fec988589`
SHA256	`f4ff7ceb6ce1493278491f8c315f8931176f7efb1c8a6264ffa9a47e2c5b78c1`
SHA3	`4f062dca66b96f71ca1ae93a8c5d950bbbac6be5201c8e90601e33b9e9299925`
VirtualSize	`0x71d8`
VirtualAddress	`0x46000`
SizeOfRawData	`0x7200`
PointerToRawData	`0x11400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.80708`

Imports

ADVAPI32.dll	`RegCloseKey` `RegCreateKeyExA` `RegDeleteKeyA` `RegDeleteValueA` `RegEnumKeyA` `RegEnumValueA` `RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA` `SetFileSecurityA`
COMCTL32.DLL	`ImageList_AddMasked` `ImageList_Create` `ImageList_Destroy` `InitCommonControls`
GDI32.dll	`CreateBrushIndirect` `CreateFontIndirectA` `DeleteObject` `GetDeviceCaps` `SelectObject` `SetBkColor` `SetBkMode` `SetTextColor`
KERNEL32.dll	`CloseHandle` `CompareFileTime` `CopyFileA` `CreateDirectoryA` `CreateFileA` `CreateProcessA` `CreateThread` `DeleteFileA` `ExitProcess` `ExpandEnvironmentStringsA` `FindClose` `FindFirstFileA` `FindNextFileA` `FreeLibrary` `GetCommandLineA` `GetCurrentProcess` `GetDiskFreeSpaceA` `GetExitCodeProcess` `GetFileAttributesA` `GetFileSize` `GetFullPathNameA` `GetLastError` `GetModuleFileNameA` `GetModuleHandleA` `GetPrivateProfileStringA` `GetProcAddress` `GetShortPathNameA` `GetSystemDirectoryA` `GetTempFileNameA` `GetTempPathA` `GetTickCount` `GetVersion` `GetWindowsDirectoryA` `GlobalAlloc` `GlobalFree` `GlobalLock` `GlobalUnlock` `LoadLibraryExA` `MoveFileA` `MulDiv` `MultiByteToWideChar` `ReadFile` `RemoveDirectoryA` `SearchPathA` `SetCurrentDirectoryA` `SetErrorMode` `SetFileAttributesA` `SetFilePointer` `SetFileTime` `Sleep` `WaitForSingleObject` `WriteFile` `WritePrivateProfileStringA` `lstrcatA` `lstrcmpA` `lstrcmpiA` `lstrcpynA` `lstrlenA`
ole32.dll	`CoCreateInstance` `CoTaskMemFree` `OleInitialize` `OleUninitialize`
SHELL32.dll	`SHBrowseForFolderA` `SHFileOperationA` `SHGetFileInfoA` `SHGetPathFromIDListA` `SHGetSpecialFolderLocation` `ShellExecuteA`
USER32.dll	`AppendMenuA` `BeginPaint` `CallWindowProcA` `CharNextA` `CharPrevA` `CheckDlgButton` `CloseClipboard` `CreateDialogParamA` `CreatePopupMenu` `CreateWindowExA` `DefWindowProcA` `DestroyWindow` `DialogBoxParamA` `DispatchMessageA` `DrawTextA` `EmptyClipboard` `EnableMenuItem` `EnableWindow` `EndDialog` `EndPaint` `ExitWindowsEx` `FillRect` `FindWindowExA` `GetClassInfoA` `GetClientRect` `GetDC` `GetDlgItem` `GetDlgItemTextA` `GetMessagePos` `GetSysColor` `GetSystemMenu` `GetSystemMetrics` `GetWindowLongA` `GetWindowRect` `InvalidateRect` `IsWindow` `IsWindowEnabled` `IsWindowVisible` `LoadBitmapA` `LoadCursorA` `LoadImageA` `MessageBoxIndirectA` `OpenClipboard` `PeekMessageA` `PostQuitMessage` `RegisterClassA` `ScreenToClient` `SendMessageA` `SendMessageTimeoutA` `SetClassLongA` `SetClipboardData` `SetCursor` `SetDlgItemTextA` `SetForegroundWindow` `SetTimer` `SetWindowLongA` `SetWindowPos` `SetWindowTextA` `ShowWindow` `SystemParametersInfoA` `TrackPopupMenu` `wsprintfA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x31dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88193`
Detected Filetype	PNG graphic file
MD5	`069b2731860b3935f77f1317485f2dae`
SHA1	`e6b1cc1abadd3d21ae2c6563e6285179600eb3c0`
SHA256	`4e7ab3cab43b60f0aa50028a785ad934ce0c1ea8d4060a0fc91af66fded9e1a9`
SHA3	`418b07ef0fbf31e15051c417f2270e89e517eab436c56967eaa7f103c182b99c`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95724`
MD5	`db9750e471e6b65bca6fb65ab4d2768c`
SHA1	`2ff08b22c4a01d038516fda2dedef84af4f624c7`
SHA256	`fd102c51778e5a8adf29af94f5bb0d0db66435ed8fbe32d933b67a07e74aecb3`
SHA3	`d032d6630dd4ea40a03f660af81e1ff00e6618966888e871a504c36e24ac080e`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86087`
MD5	`4c086c2c626be9240a1c31ec6fb16a05`
SHA1	`9dba53be87806dace0a73bc1c9e1ea3147a8b42f`
SHA256	`fcf1aea8c46ead3578f357400895411b8cc8ddeb6327071ef6b1d6744c5f54ee`
SHA3	`7f50eb385617dd8de67bea1619faed1f6f0a17fdb5a504ef222f8905745a9c6a`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83746`
MD5	`fde6afb0d2df2bc6d6a3ac2652f72ddc`
SHA1	`27a6a4bdaf5d3506ca366ccc3f1fb24c8b78999d`
SHA256	`f54db407824dfedaab2a649f37b743697960f8cccd03b1e936da39f5e61e7b10`
SHA3	`c27dc7088d03ac388c55f5dda81a5de7dd24051d106bb38673d77b1396103e93`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48825`
MD5	`6be4e1387d369cf86e68eacbdd0e81dd`
SHA1	`351970fe2681b9b35b5d59ad052011ed96a96e17`
SHA256	`85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0`
SHA3	`45e552e173141e06d113209b6cc915042ad0b4d5531464b8dbe5637029f489cb`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44608`
Detected Filetype	Icon file
MD5	`263731070ff4b915101adfd1b1195cb9`
SHA1	`9f5b4ca2d3b71844a19eaf5e16557b42f907fae6`
SHA256	`968e871b281361146724b0651a7df83c695b95d73df490b6d28b70f2245eb1ad`
SHA3	`a8c6d4fb70bb2314fe25f67c364ff58c7ea4c8fa92b31c24a3ebbdd8af653012`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d9`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19461`
MD5	`bf6f5d2b2351d41fcf10c1e7d4d8191d`
SHA1	`e1be32bc21e547b1042fbd160faab2e26fba6983`
SHA256	`577bae225bd204f7f294d0daf9129a5ba95928682251583951c7f18a799bfbc7`
SHA3	`df7dbf17b019b266a4fc87f469782158bf8f3bb32f753cda69f79d85a6389b8f`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.