Manalyze report for 04f5fccf43e0fd089af00dd1481be824

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Apr-02 03:20:09
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Can access the registry: RegDeleteValueA RegOpenKeyExA RegDeleteKeyA RegEnumValueA RegCloseKey RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Changes object ACLs: SetFileSecurityA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: N-ABLE TECHNOLOGIES LTD` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`04f5fccf43e0fd089af00dd1481be824`
SHA1	`8d6c91957f0d7af22c63c32ffd9e792ab71a4971`
SHA256	`570df3b03ecd107e7ec372e6169c2fdd62f0b13ddb541882e9f7ff44604938ab`
SHA3	`b64cc4a1b4edbdf1b9d47b448e27cfb333aa4226af414d8e51516f2c8089b903`
SSDeep	`196608:8s2j8lZGK/BsOY9V2s7cNNlZ/6IoxpLooeMzl6oEP:89j4FsOYH2s7cNLZ/6NxpL52P`
Imports Hash	`b1a57b635b23ffd553b3fd1e0960b2bd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Apr-02 03:20:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5e00`
SizeOfInitializedData	`0x1d600`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x0000326C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x36000`
SizeOfHeaders	`0x400`
Checksum	`0x7b648b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`51e2544a6971f687f7a1241f613014c1`
SHA1	`1dc9b7d6bb158fee5b9f3b28181b389987a1c350`
SHA256	`3f5f7b309092988af8c9e92567926a5e523cad3af0051c20bdf29aad00a33510`
SHA3	`ead501114661f03aac31abc76b71034653f300508cc4ce3d8a5490f65fbe4151`
VirtualSize	`0x5c74`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41039`

.rdata

MD5	`4c84e530bf8db37146334e6c487170bf`
SHA1	`076dcc532f1c101e21550e104a20a7f8e4c30781`
SHA256	`3575075347d3cfff06e9f5c296d8c71c30f2fbcc62228eef437e236010397471`
SHA3	`0eec1a1d948468a2f710745acc56943954e864ce6901ed769f2e04c3dbddd8ea`
VirtualSize	`0x1196`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.20374`

.data

MD5	`75d996f724e5e900c022f56b3df3ae1b`
SHA1	`7b247661a46a3527556a9637ece6c600bf6777ec`
SHA256	`4a63c7ca63538039a0213c12377fc6b0d36530bb0eecc9d4d24728c851334352`
SHA3	`9e187facab9fe47c274f1195debae1114b0f20015ddbfe91134d735bc745713a`
VirtualSize	`0x1b058`
VirtualAddress	`0x9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.13053`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8000`
VirtualAddress	`0x25000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`aa7c1f6a65dd1d112b3352218de68a60`
SHA1	`aad465a520ea86702c95ebd97b03b08ff1c9693e`
SHA256	`e0b012db340899c9e6f7ac4ef600e90795c96aadc7021a0f026addfe91affbea`
SHA3	`691b7d02cbb785b02d588ae19bdf703d1b3ea20606b3d1a815da036b60ed9749`
VirtualSize	`0x8f40`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.24719`

Imports

KERNEL32.dll	`GetTickCount` `GetShortPathNameA` `GetFullPathNameA` `MoveFileA` `SetCurrentDirectoryA` `GetFileAttributesA` `SetFileAttributesA` `CompareFileTime` `SearchPathA` `CreateFileA` `GetFileSize` `GetModuleFileNameA` `GetCurrentProcess` `CopyFileA` `ExitProcess` `GetWindowsDirectoryA` `Sleep` `lstrcmpiA` `lstrlenA` `GetVersion` `SetErrorMode` `lstrcpynA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `GetLastError` `CreateDirectoryA` `CreateProcessA` `RemoveDirectoryA` `GetTempFileNameA` `lstrcatA` `GetSystemDirectoryA` `WaitForSingleObject` `SetFileTime` `CloseHandle` `GlobalFree` `lstrcmpA` `ExpandEnvironmentStringsA` `GetExitCodeProcess` `GlobalAlloc` `GetCommandLineA` `GetTempPathA` `GetProcAddress` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `ReadFile` `FindClose` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `WriteFile` `MulDiv` `MultiByteToWideChar` `LoadLibraryExA` `GetModuleHandleA` `FreeLibrary`
USER32.dll	`SetCursor` `GetWindowRect` `EnableMenuItem` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `EndDialog` `ScreenToClient` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `SetForegroundWindow` `GetWindowLongA` `RegisterClassA` `TrackPopupMenu` `AppendMenuA` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `SystemParametersInfoA` `CreateWindowExA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `SetTimer` `PostQuitMessage` `SetWindowLongA` `SendMessageTimeoutA` `LoadImageA` `wsprintfA` `GetDlgItem` `FindWindowExA` `IsWindow` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `EndPaint` `CreateDialogParamA` `DestroyWindow` `ShowWindow` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `SHFileOperationA` `ShellExecuteA`
ADVAPI32.dll	`RegDeleteValueA` `SetFileSecurityA` `RegOpenKeyExA` `RegDeleteKeyA` `RegEnumValueA` `RegCloseKey` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `ImageList_Create` `#17`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoCreateInstance`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68256`
MD5	`48f98d53a24bc1bdb601cd8205c4e931`
SHA1	`a4543a374fe86b30d01edd654396258fc369eebc`
SHA256	`6bba454c3166e35a26bbb153660d7a75e3300a679fafd9648ea661b369b9f1c6`
SHA3	`114a9c65e65dc523ec9ba08535f02ab8442616e478382ebb3ff805456d330e7e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91758`
MD5	`3766c9e3b463f82bbb3b3665965cacac`
SHA1	`5a3ea39170bcbef3c696ac171568312e0c8ff3de`
SHA256	`0ea72cc66a6cdd232e4b7233d0f5e227304ffe6348d947258265dce12e2a7913`
SHA3	`9e0db93b09fe0185fe16af1999b17746336559d935d35c09fe41f748338f5438`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.15391`
MD5	`1a8977f290ddf504949d587677719a2a`
SHA1	`8d5f726dd8b739d6d81b685fc89fce16ff7c8d4b`
SHA256	`ccad3973eb0ec9005d4508a4bc099e90e32573394be2280e14846b9822adf5af`
SHA3	`0858d94833a3c2f924724602fc4ae03fe02d63ac9dcf781cb2288852402cd25c`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.3422`
MD5	`285d52ebfb49eaa9c0a10f09ad9a7bcd`
SHA1	`8b6cda9c3226e12bafc586470c283a681bebe72f`
SHA256	`f7bb7ab2a0375ca45bf3017e589edb1b7edb4a6c000473d08925e8ac2129ac3c`
SHA3	`dd85aae0d39662a527dc7c267917f0e559e00886709424ac4b3cd49cbf7610c0`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.58514`
MD5	`1d61667fbd104f9a59eed57491bc52e0`
SHA1	`2b8adf6811ad4abb90fcaad85ec7a3b3a3797c20`
SHA256	`8e438a696830a44e082770c9ff1b1cc9ba7682a67c9f4c13d5679d4611b7d5f7`
SHA3	`d2a841124ff22ae15d292c04fd3a96b3837efd9157d7dbc36622720ce7f870b5`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66174`
MD5	`3409f314895161597f3c395cc5f65525`
SHA1	`1a99d016d65e567f24449d9362afb6ac44006d0b`
SHA256	`fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96`
SHA3	`b3b19241cc6454389e45833e50b742ae1927a5f161017350a99f2cbc66914f26`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88094`
MD5	`2d12c45dc2c029044aaff357141cb900`
SHA1	`083db861ab3c7db23c6257878296e73a89a74b8b`
SHA256	`69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729`
SHA3	`349b5d605c9c3efe5e0c4e2faa12dd21022fc5f9b053f2cbf4e2a6b8bc656442`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48825`
MD5	`6be4e1387d369cf86e68eacbdd0e81dd`
SHA1	`351970fe2681b9b35b5d59ad052011ed96a96e17`
SHA256	`85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0`
SHA3	`45e552e173141e06d113209b6cc915042ad0b4d5531464b8dbe5637029f489cb`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79808`
Detected Filetype	Icon file
MD5	`c4e913b78f07714e0212fc8ebbf4ce1c`
SHA1	`0f672187044b81c357136563ed73487f75b7b5ed`
SHA256	`8cec4294fee88d55e8cf16b9c815a7cfe81e1f7795f4a91143dbe04139d3005b`
SHA3	`b11b780158ff908ace00340ed04e5163d07fdcfc1eb707057f9fcdab258f0390`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3b3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22372`
MD5	`7361e0330f9aaeda7d1b4724045b10a3`
SHA1	`5af2e9d5794e69a1d668e71fa122ba50c205dfee`
SHA256	`51dc8c0ea444578b21f438a2a25d90d8a637a942fa2da333b9f99ecb8cf3c1e9`
SHA3	`be05a6d32fae15d1d033a52c2fa682edc2bdf8f4fa6760932481af6cc216fe55`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd24651e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`152`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!