11d96c60f6bbecc4af486d7903dace65

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - United States
Comments This installation was built with Inno Setup.
CompanyName Alexandre Devilliers (aka Elbereth)
FileDescription Dragon UnPACKer 5 Setup
FileVersion 5.7.0 Beta
LegalCopyright Elbereth / MPL 2.0
ProductName Dragon UnPACKer
ProductVersion 5.7.0

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • http://www.jrsoftware.org
  • http://www.jrsoftware.org/ishelp/index.php?topic
  • jrsoftware.org
  • www.jrsoftware.org
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
Possibly launches other programs:
  • CreateProcessA
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Can shut the system down or lock the screen:
  • ExitWindowsEx
Suspicious The file contains overlay data. 2777178 bytes of data starting at offset 0x64400.
The overlay data has an entropy of 7.99993 and is possibly compressed or encrypted.
Overlay data amounts for 87.1189% of the executable.
Suspicious VirusTotal score: 1/75 (Scanned on 2024-09-03 12:22:17) Bkav: W32.AIDetectMalware

Hashes

MD5 11d96c60f6bbecc4af486d7903dace65
SHA1 25f43c07c49132178aad065f543700be2942372a
SHA256 dd942be70ecbc8778d9c9b7c4c7f48104c6535dea31c7814607c85160ef5a0ea
SHA3 52c92232ff4cd30275736c40350923dc38f877084eb8bea1c3d55b88bb564e17
SSDeep 98304:Eb/pBysob0HcivwSQcw0WwtZXNFHrTPuJd38:qaaHc5aNTPkM
Imports Hash 4fb639b17a439bf0efa713bd4c6e715b

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x9e00
SizeOfInitializedData 0x5a200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000A5F8 (Section: CODE)
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 6.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 c3bd95c4b1a8e5199981e0d9b45fd18c
SHA1 2dc455018195cdf209f64bf29ffde4117116b387
SHA256 c5208a3c758d042ab6484a0eb1acf2e194eab8e6ac61620d728a7a18a801f44b
SHA3 ca35b076e7c116920a56e2556ba003c29402b73629b35cef7eab8daafea33733
VirtualSize 0x9d30
VirtualAddress 0x1000
SizeOfRawData 0x9e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.63177

DATA

MD5 1ee71d84f1c77af85f1f5c278f880572
SHA1 7de911e50da81747314fc3485c1084d4ee50e6e7
SHA256 cf4e6480022c8eb98f3e55bd2500d15af438fc8030ff45378d06f85667b21701
SHA3 3b99c7e61fc4cbf760235841c472b86851e95cb909b0c9c25773658daace7f58
VirtualSize 0x250
VirtualAddress 0xb000
SizeOfRawData 0x400
PointerToRawData 0xa200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.75182

BSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe8c
VirtualAddress 0xc000
SizeOfRawData 0
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 bb5485bf968b970e5ea81292af2acdba
SHA1 40a39d9e8c8cecd5356ab96745d82d2ebfe17cfb
SHA256 d9ea6e80cc1edfdffa8d534a8c61448b19b74d683845b94ad6d9a543e5ceb8cf
SHA3 09274dc071547ce3dc33528de99c9ad5a9eb119600e5a61b3127f74cde6dcfbf
VirtualSize 0x950
VirtualAddress 0xd000
SizeOfRawData 0xa00
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.43073

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8
VirtualAddress 0xe000
SizeOfRawData 0
PointerToRawData 0xb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 9ba824905bf9c7922b6fc87a38b74366
SHA1 f43ee83e6afa1c343ff6db68e13efde43471cbb6
SHA256 ad44157821ba24c07dd44f66940dd75adee9d6919a0577c5a75aa502637dddaa
SHA3 370eba5499bce03a18d462f5b9e6ee4598126f2a2243cc5fa1590c7c7245c5d7
VirtualSize 0x18
VirtualAddress 0xf000
SizeOfRawData 0x200
PointerToRawData 0xb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 0.204488

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8c4
VirtualAddress 0x10000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED

.rsrc

MD5 1ba75627b0e7db896936a8ee05ab4e46
SHA1 0235d51bf4c7a710ab988605a192fe6afe1597d5
SHA256 ed0962f60779c374e42c3a16f885dab738245370cfbc34c5569db1809807a26f
SHA3 4b520687470a2b8c5f146333e4c49a5cb71e1b55cb98ea47df005d10b8a10b8c
VirtualSize 0x591fc
VirtualAddress 0x11000
SizeOfRawData 0x59200
PointerToRawData 0xb200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 4.95819

Imports

kernel32.dll DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll MessageBoxA
oleaut32.dll VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen
advapi32.dll RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
kernel32.dll (#2) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll (#2) MessageBoxA
comctl32.dll InitCommonControls
advapi32.dll (#2) RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.95953
MD5 0931e2f2a68df7e98a30c244d43560d2
SHA1 53ee6cf597176411da31ea8d3d42dd9d87c122ee
SHA256 ccca5e61465cc10c5593bf461f6912586e506a6157ec700070fa0cf0b3d4267b
SHA3 1009dfcc87f94a8656569422886d94ad1d76e56ae1226d26b746f5e61656b311

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.5196
MD5 540638c1c2e9f1a93f20897ba42c45c6
SHA1 f05f7ec05fef5998cf9b9e5d83ac78baace8c920
SHA256 602e7916b7a0b423f7f5b26b314eec1c082b17c815bf9cd25de644e6f3ba2c05
SHA3 e5cac47b450a82e7721632d577c2bca5dcc89ff4b2f6382271bc774f548ecd45

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.84879
MD5 82b3a4c5e01615ff264c1cc8bdf56480
SHA1 9a357c1bc1e3a34b6d92438026deeb5cf3b8c267
SHA256 b10669642bb7609a9566269a6901dcf7cd2e5fa86638110a39cd9fbbf82ba3a9
SHA3 df40cdf8ff2c9ceab7d93c542b2eb640d79e7326a415f15bb0e3c5c98af554cd

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.16942
MD5 ed30c225eed23c182bd49cabd4ced94c
SHA1 f696094cc2a3271b114718346f67103d5eae9c94
SHA256 ef84a1fc8c126b2c59389e38b3a6c8e43a477f522c8bd82b0878687e729bd5b1
SHA3 83a805241e8bb52c0e9f89abc3131029e17b4150f59f9234b08e30040953bbae

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.18077
MD5 176122cee516422e4b28bbb0b28e5bd8
SHA1 c3ea15854f1d4611b3c239977273537cdf3af443
SHA256 494f850d6583705385a73fddba66d15763c35708643b24d0f5832d86eb0c11e5
SHA3 fad88d504cf7df2c6d80cb9bcbf7be8fb531d75017c8638b61e425f49b82461a

4089

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2f2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21823
MD5 bbf4b644f9dd284b35eb31573d0df2f7
SHA1 4f9885ae629e83464e313af5254ef86f01accd0b
SHA256 2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f
SHA3 ebed2e4a929600c1460761d462143feb092840986b31c9748d3aeb8174d4205e

4090

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x30c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31515
MD5 ac2a0551cb90f91d779ee8622682dfb1
SHA1 ff0db7d2f48d85ceb3539b21ebe9d0ca3443f1da
SHA256 840989e0a92f2746ae60b8e3efc1a39bcca17e82df3634c1643d76141fc75bb3
SHA3 58a85f5c53df73aa79e5f5a36aa151ca0d9da4d450ebc2975a3ee827b46342a5

4091

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2ce
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25024
MD5 c99b474c52df3049dfb38b5308f2827d
SHA1 7375e693629ce6bbd1a0419621d094bcd2c67bb7
SHA256 26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78
SHA3 c6013febd14dd876e3b81111ec17dd2724dbf4147b0ad7be9d03259bcb59fef3

4093

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.86149
MD5 aec4e28ea9db1361160cde225d158108
SHA1 249013a10cde021c713ba2dc8912f9e05be35735
SHA256 d786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c
SHA3 a067c4d88d719ed8d568951acb776bd798b691a8b153f8d94ba0574ede1fbf4c

4094

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xb4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20731
MD5 c76a8843204c0572bca24ada35abe8c7
SHA1 066052030d0a32310da8cb5a51d0590960a65f32
SHA256 00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd
SHA3 07523cf88b3803ea41acfeb3c9c0c4b5b4b9fb6f9a3232802491d8de1b6c9166

4095

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04592
MD5 4bd4f3f6d918ba49d8800ad83d277a86
SHA1 1f5e4c73965fea1d1f729efbe7568dcd081a2168
SHA256 34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3
SHA3 2d01c56a5bf0b390addf4fb5b6ae02f9a64bd03ffd300d3763615bbb8ec911fe

11111

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.3956
MD5 e1cba7a991cec80a633465b39defd8a7
SHA1 7c1ee4667e92c0535de5e58ab3421ba3e003ce54
SHA256 0590fa6c33195cb2ba0012168d867957116c1100bfbbce304f64f0a1a24db06f
SHA3 6e6363494eb8adce138e33d9702954cda22273257c3cc25b6e534b2406cb284d

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.68016
Detected Filetype Icon file
MD5 7ff49e570390d3280f444f953a1cbb49
SHA1 7b699c761ffeb8bde33a9fe9af9657d86b7079f4
SHA256 1f4d71f4b7b17391d9854eddd2420e073f32e1a65580aa9849d71582294aa1dd
SHA3 9b54a02851d1c70ae2ad9a26fb692bfffbc8cdd4cd82279dd4c32067161eb00e

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x4f4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.84281
MD5 7fa41bd4dc4a4e54edfded999eadfd49
SHA1 cf96161886f006cdb2ffff4234fd6dc10b3a55b7
SHA256 3043d505c021e048e47e486bca1c1c2d0d287569a636ab92855017a58921672b
SHA3 d45ef2da50b5a861d3761bf3bb56f10770dcd4b8c406d4e323bd6d6efc337882

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x5e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.11919
MD5 a561f3d4bfa3931040422a49ec17c06e
SHA1 9a27136c8b8073f832d2f3a9239a49f0c14cfaf6
SHA256 8d51d4405593fb12ba0d4a2708507e2300b363f7ce3cf538cb65c25cc1d3044f
SHA3 5ef4d8131a8cc50f1295dc3ebde9c211384f3ca41c657f5c8b18fd6b3a5c7c75

String Table contents

'%s' is not a valid integer value
'%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time
'%s' is not a valid date and time
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant type conversion
Invalid variant operation
Variant method calls not supported
Read
Write
Format result longer than 4096 characters
Format string too long
Error creating variant array
Variant is not an array
Variant array index out of bounds
External exception %x
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.7.0.0
ProductVersion 5.7.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments This installation was built with Inno Setup.
CompanyName Alexandre Devilliers (aka Elbereth)
FileDescription Dragon UnPACKer 5 Setup
FileVersion (#2) 5.7.0 Beta
LegalCopyright Elbereth / MPL 2.0
ProductName Dragon UnPACKer
ProductVersion (#2) 5.7.0
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x40e000
EndAddressOfRawData 0x40e008
AddressOfIndex 0x40c3d0
AddressOfCallbacks 0x40f010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: directory 5 has a size of 0! This PE may have been manually crafted! [!] Error: Could not reach the requested directory (offset=0x0). [*] Warning: Section BSS has a size of 0! [*] Warning: Section .tls has a size of 0! [*] Warning: Section .reloc has a size of 0!
<-- -->