0a13612f52c6ceb541c0144d3cdb1947

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Jan-19 02:49:50
Detected languages English - United States
Debug artifacts c:\BWA\iTunesWinPackageData_Final-358.32\srcroot\setup\setup.pdb

Plugin Output

Suspicious The PE is possibly packed. The PE's resources are bigger than it is.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Possibly launches other programs:
  • CreateProcessA
Can create temporary files:
  • GetTempPathA
  • CreateFileA
Safe VirusTotal score: 0/63 (Scanned on 2017-07-20 16:36:24) All the AVs think this file is safe.

Hashes

MD5 0a13612f52c6ceb541c0144d3cdb1947
SHA1 a88428e422647e40ad140f4a66adf46997f735b7
SHA256 236f89f80987e348e7caf6669ce8f7f5fa8dd319c4f1ba65e2bb54167e1958f3
SHA3 ad93d42517b6a1045ddbeebc554dc2502868ce8e2f581281d37216329e226e7e
SSDeep 393216:lK9GS+xNxcKRKQfShkubuIcY7TCHNbV8iWqhQz:lMSbIQfFu4Nh8/
Imports Hash 472de29f64f1ae564cddbc987fd7baf7

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2012-Jan-19 02:49:50
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 9.0
SizeOfCode 0x13c00
SizeOfInitializedData 0x43eb800
SizeOfUninitializedData 0
AddressOfEntryPoint 0xdf08 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x4402000
SizeOfHeaders 0x400
Checksum 0x43fc54d
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 db026f2d67dbf02036c007d7177aba37
SHA1 a9a328d2783050a0cc9b36c3371ae3d7ab4d78b0
SHA256 d023116050df2b1b5ddca16c692aa9cfea4ceac68c4d57f38717c33e87cfb05e
SHA3 1e61716c817ad87abe3e650edbca9d5a6b7556d6e658f1ee91bc2834089f0632
VirtualSize 0x13b49
VirtualAddress 0x1000
SizeOfRawData 0x13c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.37358

.rdata

MD5 32c4fab3dc85d01eb8cde1671a28c042
SHA1 9de11cbf567ccc86cb06d771e24e8b70b3d9b809
SHA256 3a4cf9203458ffc31ff6fcb9ccb2bfa9edb640a457c2331926233190707f11d8
SHA3 52f0c7ae1093d208b49330859eee2493555d54e9ef55e72787f4943426d10ec3
VirtualSize 0x327c
VirtualAddress 0x15000
SizeOfRawData 0x3400
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.23855

.data

MD5 cebbb179d18d4af279bb1434c6f94f33
SHA1 812ef94a01d7f7dc3cf79fc818917c5510a9af44
SHA256 5f9e43c3142fc0d8cd4849b8302f9af970ad5746cc9e745dd887f1bea96b78ca
SHA3 5f3b551b37d33a24ffd53537f2ab32e4df54c9eacf62e5acfd057342ea52c9c9
VirtualSize 0x8b70
VirtualAddress 0x19000
SizeOfRawData 0x2000
PointerToRawData 0x17400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.31826

.pdata

MD5 74e93f2f92610a7515a4d027f98eb705
SHA1 8c95e0d5ec2736345b7bae347b8214b1a5f68f0e
SHA256 78b0ceced299d7b9271f44d71101d6264236b4ef13cbd671db41c77d5a70083f
SHA3 adffcbea1bc2bc2dbfbbe311709df2479f021c19fbffb24936bd44d42c05c551
VirtualSize 0xd38
VirtualAddress 0x22000
SizeOfRawData 0xe00
PointerToRawData 0x19400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.82925

.rsrc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0x43de968
VirtualAddress 0x23000
SizeOfRawData 0x43dea00
PointerToRawData 0x1a200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0

Imports

msi.dll #141
#93
#71
#8
#112
COMCTL32.dll InitCommonControlsEx
KERNEL32.dll GetStartupInfoA
LocalFree
RemoveDirectoryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetProcessWorkingSetSize
GetCurrentProcess
GetSystemDirectoryA
CreateDirectoryA
GetTickCount
DeleteFileA
CloseHandle
GetLastError
CreateMutexA
GetCurrentProcessId
GetModuleFileNameA
GetTempPathA
LocalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
FreeResource
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetProcAddress
GetModuleHandleA
SetStdHandle
GetLocalTime
GetStringTypeW
GetStringTypeA
HeapReAlloc
GetLocaleInfoA
HeapFree
GetModuleHandleW
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetFileType
MultiByteToWideChar
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapSetInformation
HeapCreate
FlushFileBuffers
RtlUnwindEx
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
USER32.dll GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
DestroyWindow
SendMessageA

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

CABINET

Type RT_RCDATA
Language English - United States
Codepage UNKNOWN
Size 0x4385ddd
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

PRODUCTCODE

Type RT_RCDATA
Language English - United States
Codepage UNKNOWN
Size 0x26
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x76
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2e4
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x520
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2012-Jan-19 02:49:50
Version 0.0
SizeofData 89
AddressOfRawData 0x16a28
PointerToRawData 0x15a28
Referenced File c:\BWA\iTunesWinPackageData_Final-358.32\srcroot\setup\setup.pdb

TLS Callbacks

Load Configuration

Errors

[*] Warning: Could not read a WIN_CERTIFICATE's header. [!] Error: Could not read a VS_VERSION_INFO header! [*] Warning: Section .rsrc is larger than the executable! [*] Warning: Section .rsrc is larger than the executable! [!] Error: Resource CABINET is bigger than the PE. Not trying to load it in memory. [!] Error: Resource CABINET is bigger than the PE. Not trying to load it in memory. [!] Error: Resource CABINET is bigger than the PE. Not trying to load it in memory. [!] Error: Could not read a VS_VERSION_INFO header! [*] Warning: Could not parse a VERSION_INFO resource! [!] Error: Resource CABINET is bigger than the PE. Not trying to load it in memory. [!] Error: Resource CABINET is bigger than the PE. Not trying to load it in memory. [*] Warning: Resource CABINET is empty! [*] Warning: Resource PRODUCTCODE is empty! [*] Warning: Resource is empty! [*] Warning: Resource is empty! [*] Warning: Section .rsrc is larger than the executable! [!] Error: Resource CABINET is bigger than the PE. Not trying to load it in memory. [!] Error: Resource CABINET is bigger than the PE. Not trying to load it in memory.