Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2012-Jan-19 02:49:50
|
Detected languages |
English - United States
|
Debug artifacts |
c:\BWA\iTunesWinPackageData_Final-358.32\srcroot\setup\setup.pdb
|
Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
Possibly launches other programs:
Can create temporary files:
|
Suspicious |
VirusTotal score: 1/70 (Scanned on 2020-11-16 05:43:54) |
CrowdStrike:
win/malicious_confidence_60% (W)
|
MD5 |
0a13612f52c6ceb541c0144d3cdb1947
|
SHA1 |
a88428e422647e40ad140f4a66adf46997f735b7
|
SHA256 |
236f89f80987e348e7caf6669ce8f7f5fa8dd319c4f1ba65e2bb54167e1958f3
|
SHA3 |
8d4ce24b642c80849bd555ea1922f624017a3ac0b12bed696489f8d9422681d6
|
SSDeep |
393216:lK9GS+xNxcKRKQfShkubuIcY7TCHNbV8iWqhQz:lMSbIQfFu4Nh8/
|
Imports Hash |
472de29f64f1ae564cddbc987fd7baf7
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0xf0
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
5
|
TimeDateStamp |
2012-Jan-19 02:49:50
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
9.0
|
SizeOfCode |
0x13c00
|
SizeOfInitializedData |
0x43eb800
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x000000000000DF08 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x140000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
5.2
|
ImageVersion |
0.0
|
SubsystemVersion |
5.2
|
Win32VersionValue |
0
|
SizeOfImage |
0x4402000
|
SizeOfHeaders |
0x400
|
Checksum |
0x43fc54d
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
db026f2d67dbf02036c007d7177aba37
|
SHA1 |
a9a328d2783050a0cc9b36c3371ae3d7ab4d78b0
|
SHA256 |
d023116050df2b1b5ddca16c692aa9cfea4ceac68c4d57f38717c33e87cfb05e
|
SHA3 |
965d9b02fc68753dbfa9bf3fbd9bf6a1d793052cd6617d188aed630b6e298ab3
|
VirtualSize |
0x13b49
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x13c00
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.37358
|
MD5 |
32c4fab3dc85d01eb8cde1671a28c042
|
SHA1 |
9de11cbf567ccc86cb06d771e24e8b70b3d9b809
|
SHA256 |
3a4cf9203458ffc31ff6fcb9ccb2bfa9edb640a457c2331926233190707f11d8
|
SHA3 |
2665edefba78512cce556d58186804b2bb2f34de44f3ed24b355ee1bffa6291a
|
VirtualSize |
0x327c
|
VirtualAddress |
0x15000
|
SizeOfRawData |
0x3400
|
PointerToRawData |
0x14000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
5.23855
|
MD5 |
cebbb179d18d4af279bb1434c6f94f33
|
SHA1 |
812ef94a01d7f7dc3cf79fc818917c5510a9af44
|
SHA256 |
5f9e43c3142fc0d8cd4849b8302f9af970ad5746cc9e745dd887f1bea96b78ca
|
SHA3 |
a96646b090ea10b6c68f8f85ee8d7b089074eb452d42392be3cf61eb0c24b56f
|
VirtualSize |
0x8b70
|
VirtualAddress |
0x19000
|
SizeOfRawData |
0x2000
|
PointerToRawData |
0x17400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.31826
|
MD5 |
74e93f2f92610a7515a4d027f98eb705
|
SHA1 |
8c95e0d5ec2736345b7bae347b8214b1a5f68f0e
|
SHA256 |
78b0ceced299d7b9271f44d71101d6264236b4ef13cbd671db41c77d5a70083f
|
SHA3 |
d34c7504f8c607fe7c5be84fe3550ebda30be6a91925f9a0fe1e328c409d98fe
|
VirtualSize |
0xd38
|
VirtualAddress |
0x22000
|
SizeOfRawData |
0xe00
|
PointerToRawData |
0x19400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.82925
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x43de968
|
VirtualAddress |
0x23000
|
SizeOfRawData |
0x43dea00
|
PointerToRawData |
0x1a200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
0
|
msi.dll |
#141
#93
#71
#8
#112
|
COMCTL32.dll |
InitCommonControlsEx
|
KERNEL32.dll |
GetStartupInfoA
LocalFree
RemoveDirectoryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetProcessWorkingSetSize
GetCurrentProcess
GetSystemDirectoryA
CreateDirectoryA
GetTickCount
DeleteFileA
CloseHandle
GetLastError
CreateMutexA
GetCurrentProcessId
GetModuleFileNameA
GetTempPathA
LocalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
FreeResource
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetProcAddress
GetModuleHandleA
SetStdHandle
GetLocalTime
GetStringTypeW
GetStringTypeA
HeapReAlloc
GetLocaleInfoA
HeapFree
GetModuleHandleW
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetFileType
MultiByteToWideChar
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapSetInformation
HeapCreate
FlushFileBuffers
RtlUnwindEx
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
|
USER32.dll |
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
DestroyWindow
SendMessageA
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0xea8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x8a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x568
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x42028
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x10828
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x25a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x10a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x468
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_RCDATA
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x26
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_GROUP_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x76
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_VERSION
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x2e4
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x520
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Characteristics |
0
|
TimeDateStamp |
2012-Jan-19 02:49:50
|
Version |
0.0
|
SizeofData |
89
|
AddressOfRawData |
0x16a28
|
PointerToRawData |
0x15a28
|
Referenced File |
c:\BWA\iTunesWinPackageData_Final-358.32\srcroot\setup\setup.pdb
|
XOR Key |
0x2b50f6a5
|
Unmarked objects |
0
|
C++ objects (VS2008 SP1 build 30729) |
33
|
ASM objects (VS2008 SP1 build 30729) |
11
|
128 (VS2012 build 50727 / VS2005 build 50727) |
21
|
Imports (VS2012 build 50727 / VS2005 build 50727) |
9
|
Total imports |
123
|
C objects (VS2008 SP1 build 30729) |
108
|
Linker (VS2008 build 21022) |
1
|
Resource objects (VS2008 SP1 build 30729) |
1
|
[*] Warning: Could not read a WIN_CERTIFICATE's header.
[!] Error: Could not read a VS_VERSION_INFO header!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[!] Error: Could not read a VS_VERSION_INFO header!
[*] Warning: Could not parse a VERSION_INFO resource!
[*] Warning: Resource PRODUCTCODE is empty!
[*] Warning: Resource 1 is empty!
[*] Warning: Resource is empty!
[*] Warning: Section .rsrc is larger than the executable!