Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
Dutch - Netherlands
English - United States |
Comments | This installation was built with Inno Setup. |
CompanyName | Xacti, LLC |
FileDescription | Inbox Translators Toolbar Setup |
FileVersion | 2.0.1.90 |
LegalCopyright | copyright © Inbox.com |
ProductName | Inbox Translators Toolbar |
ProductVersion | 2.0.1.90 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Info | The PE is digitally signed. |
Signer: Xacti
Issuer: Thawte Code Signing CA - G2 |
Malicious | VirusTotal score: 31/68 (Scanned on 2018-07-15 08:09:13) |
Bkav:
W32.HfsAdware.7877
CAT-QuickHeal: PUA.Xacti.Gen McAfee: Artemis!03D0A383A217 Cylance: Unsafe K7GW: Unwanted-Program ( 00496c421 ) K7AntiVirus: Unwanted-Program ( 00496c421 ) Invincea: heuristic NANO-Antivirus: Riskware.Win32.InstallToolbar.falasm Cyren: W32/Trojan.GZDX-5938 Symantec: PUA.InboxToolbar ClamAV: Win.Adware.Toolbar-6606401-0 Kaspersky: HEUR:Hoax.Win32.Reptile.gen Emsisoft: Application.InstallBox (A) DrWeb: Tool.InstallToolbar.269 McAfee-GW-Edition: BehavesLike.Win32.BadFile.vc Fortinet: Riskware/InnoGenForcAlgo SentinelOne: static engine - malicious Jiangmin: WebToolbar.Generic.bv Webroot: Pua.Xactitoolbar Avira: PUA/Crawler.Gen MAX: malware (ai score=98) Antiy-AVL: GrayWare[AdWare]/Win32.Inbox.k Endgame: malicious (high confidence) Microsoft: PUA:Win32/CrossRider ZoneAlarm: HEUR:Hoax.Win32.Reptile.gen ESET-NOD32: Win32/Toolbar.Inbox.H potentially unwanted Yandex: PUA.Toolbar.Inbox! Ikarus: AdWare.Agent GData: Win32.Application.ToolbarCrawler.A CrowdStrike: malicious_confidence_100% (D) Qihoo-360: Win32/Virus.Adware.5b0 |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0xba00 |
SizeOfInitializedData | 0x5400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000C1C0 (Section: CODE) |
BaseOfCode | 0x1000 |
BaseOfData | 0xd000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x18000 |
SizeOfHeaders | 0x400 |
Checksum | 0x25a404 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId WideCharToMultiByte lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
---|---|
user32.dll |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
oleaut32.dll |
SysFreeString
|
kernel32.dll (#2) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId WideCharToMultiByte lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
advapi32.dll (#2) |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
kernel32.dll (#3) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId WideCharToMultiByte lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
user32.dll (#2) |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
comctl32.dll |
InitCommonControls
|
kernel32.dll (#4) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId WideCharToMultiByte lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
advapi32.dll (#3) |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
Saturday |
October |
November |
December |
Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
Sunday |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
Jun |
Jul |
Aug |
Sep |
Oct |
Nov |
Dec |
January |
February |
March |
April |
May |
June |
July |
August |
September |
Variant or safe array index out of bounds |
Invalid variant type conversion |
Invalid variant operation |
Invalid argument |
External exception %x |
Assertion failed |
Interface not supported |
Exception in safecall method |
%s (%s, line %d) |
Abstract Error |
Access violation at address %p in module '%s'. %s of address %p |
Jan |
Feb |
Mar |
Apr |
May |
Invalid pointer operation |
Invalid class typecast |
Access violation at address %p. %s of address %p |
Access violation |
Stack overflow |
Control-C hit |
Privileged instruction |
Operation aborted |
Exception %s in module %s at %p. |
%s%s |
Application Error |
Format '%s' invalid or incompatible with argument |
No argument for format '%s' |
Variant method calls not supported |
Read |
Write |
Error creating variant or safe array |
Out of memory |
I/O error %d |
File not found |
Invalid filename |
Too many open files |
File access denied |
Read beyond end of file |
Disk full |
Invalid numeric input |
Division by zero |
Range check error |
Integer overflow |
Invalid floating point operation |
Floating point division by zero |
Floating point overflow |
Floating point underflow |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.0.1.90 |
ProductVersion | 2.0.1.90 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
Comments | This installation was built with Inno Setup. |
CompanyName | Xacti, LLC |
FileDescription | Inbox Translators Toolbar Setup |
FileVersion (#2) | 2.0.1.90 |
LegalCopyright | copyright © Inbox.com |
ProductName | Inbox Translators Toolbar |
ProductVersion (#2) | 2.0.1.90 |
Resource LangID | English - United States |
---|
StartAddressOfRawData | 0x411000 |
---|---|
EndAddressOfRawData | 0x411008 |
AddressOfIndex | 0x40d090 |
AddressOfCallbacks | 0x412010 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |