0a13612f52c6ceb541c0144d3cdb1947

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Jan-19 02:49:50
Detected languages English - United States
Debug artifacts c:\BWA\iTunesWinPackageData_Final-358.32\srcroot\setup\setup.pdb

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Possibly launches other programs:
  • CreateProcessA
Can create temporary files:
  • GetTempPathA
  • CreateFileA
Suspicious VirusTotal score: 1/70 (Scanned on 2020-11-16 05:43:54) CrowdStrike: win/malicious_confidence_60% (W)

Hashes

MD5 0a13612f52c6ceb541c0144d3cdb1947
SHA1 a88428e422647e40ad140f4a66adf46997f735b7
SHA256 236f89f80987e348e7caf6669ce8f7f5fa8dd319c4f1ba65e2bb54167e1958f3
SHA3 8d4ce24b642c80849bd555ea1922f624017a3ac0b12bed696489f8d9422681d6
SSDeep 393216:lK9GS+xNxcKRKQfShkubuIcY7TCHNbV8iWqhQz:lMSbIQfFu4Nh8/
Imports Hash 472de29f64f1ae564cddbc987fd7baf7

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2012-Jan-19 02:49:50
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 9.0
SizeOfCode 0x13c00
SizeOfInitializedData 0x43eb800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000DF08 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x4402000
SizeOfHeaders 0x400
Checksum 0x43fc54d
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 db026f2d67dbf02036c007d7177aba37
SHA1 a9a328d2783050a0cc9b36c3371ae3d7ab4d78b0
SHA256 d023116050df2b1b5ddca16c692aa9cfea4ceac68c4d57f38717c33e87cfb05e
SHA3 965d9b02fc68753dbfa9bf3fbd9bf6a1d793052cd6617d188aed630b6e298ab3
VirtualSize 0x13b49
VirtualAddress 0x1000
SizeOfRawData 0x13c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.37358

.rdata

MD5 32c4fab3dc85d01eb8cde1671a28c042
SHA1 9de11cbf567ccc86cb06d771e24e8b70b3d9b809
SHA256 3a4cf9203458ffc31ff6fcb9ccb2bfa9edb640a457c2331926233190707f11d8
SHA3 2665edefba78512cce556d58186804b2bb2f34de44f3ed24b355ee1bffa6291a
VirtualSize 0x327c
VirtualAddress 0x15000
SizeOfRawData 0x3400
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.23855

.data

MD5 cebbb179d18d4af279bb1434c6f94f33
SHA1 812ef94a01d7f7dc3cf79fc818917c5510a9af44
SHA256 5f9e43c3142fc0d8cd4849b8302f9af970ad5746cc9e745dd887f1bea96b78ca
SHA3 a96646b090ea10b6c68f8f85ee8d7b089074eb452d42392be3cf61eb0c24b56f
VirtualSize 0x8b70
VirtualAddress 0x19000
SizeOfRawData 0x2000
PointerToRawData 0x17400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.31826

.pdata

MD5 74e93f2f92610a7515a4d027f98eb705
SHA1 8c95e0d5ec2736345b7bae347b8214b1a5f68f0e
SHA256 78b0ceced299d7b9271f44d71101d6264236b4ef13cbd671db41c77d5a70083f
SHA3 d34c7504f8c607fe7c5be84fe3550ebda30be6a91925f9a0fe1e328c409d98fe
VirtualSize 0xd38
VirtualAddress 0x22000
SizeOfRawData 0xe00
PointerToRawData 0x19400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.82925

.rsrc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x43de968
VirtualAddress 0x23000
SizeOfRawData 0x43dea00
PointerToRawData 0x1a200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0

Imports

msi.dll #141
#93
#71
#8
#112
COMCTL32.dll InitCommonControlsEx
KERNEL32.dll GetStartupInfoA
LocalFree
RemoveDirectoryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetProcessWorkingSetSize
GetCurrentProcess
GetSystemDirectoryA
CreateDirectoryA
GetTickCount
DeleteFileA
CloseHandle
GetLastError
CreateMutexA
GetCurrentProcessId
GetModuleFileNameA
GetTempPathA
LocalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
FreeResource
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetProcAddress
GetModuleHandleA
SetStdHandle
GetLocalTime
GetStringTypeW
GetStringTypeA
HeapReAlloc
GetLocaleInfoA
HeapFree
GetModuleHandleW
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetFileType
MultiByteToWideChar
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapSetInformation
HeapCreate
FlushFileBuffers
RtlUnwindEx
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
USER32.dll GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
DestroyWindow
SendMessageA

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

PRODUCTCODE

Type RT_RCDATA
Language English - United States
Codepage UNKNOWN
Size 0x26
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2e4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x520
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2012-Jan-19 02:49:50
Version 0.0
SizeofData 89
AddressOfRawData 0x16a28
PointerToRawData 0x15a28
Referenced File c:\BWA\iTunesWinPackageData_Final-358.32\srcroot\setup\setup.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x2b50f6a5
Unmarked objects 0
C++ objects (VS2008 SP1 build 30729) 33
ASM objects (VS2008 SP1 build 30729) 11
128 (VS2012 build 50727 / VS2005 build 50727) 21
Imports (VS2012 build 50727 / VS2005 build 50727) 9
Total imports 123
C objects (VS2008 SP1 build 30729) 108
Linker (VS2008 build 21022) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

[*] Warning: Could not read a WIN_CERTIFICATE's header. [!] Error: Could not read a VS_VERSION_INFO header! [*] Warning: Section .rsrc is larger than the executable! [*] Warning: Section .rsrc is larger than the executable! [!] Error: Could not read a VS_VERSION_INFO header! [*] Warning: Could not parse a VERSION_INFO resource! [*] Warning: Resource PRODUCTCODE is empty! [*] Warning: Resource 1 is empty! [*] Warning: Resource is empty! [*] Warning: Section .rsrc is larger than the executable!
<-- -->