Manalyze report for 13522fd0141cfe692ab856b327c0c8e39922f926e371cf2b1262f601c0e78ad9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Mar-30 10:24:34
Detected languages	English - United States
CompanyName	Sofamire
FileDescription	Installer for
FileVersion	`0.26.3.7`
LegalCopyright
ProductName	Diecast Demo
ProductVersion	`0.26.3.7`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Can access the registry: RegCloseKey RegDeleteKeyW RegDeleteValueW RegEnumKeyW RegEnumValueW RegQueryValueExW RegSetValueExW RegCreateKeyExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Changes object ACLs: SetFileSecurityW` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The PE is possibly a dropper.	`Resources amount for 91.9277% of the executable.`
Suspicious	The file contains overlay data.	`25087 bytes of data starting at offset 0xba800.` `The overlay data has an entropy of 7.98621 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 4/71 (Scanned on 2026-05-12 09:54:41)	`APEX: Malicious` `Jiangmin: Trojan.Agent.efgm` `MaxSecure: Trojan.Malware.300983.susgen` `Trapmine: malicious.moderate.ml.score`

Hashes

MD5	`aefa0597e198b40412075a7ef8cd0692`
SHA1	`372242a25e0816c3173e1ee631638c12ce8da62b`
SHA256	`13522fd0141cfe692ab856b327c0c8e39922f926e371cf2b1262f601c0e78ad9`
SHA3	`7519662b513f4abafbc9db0a3d54b06868d5e0ad1c8999e2235845bc9d9f826d`
SSDeep	`1536:lcVxMtkyfWqPG1QIcVdWToWw2uM9bMtRTGCIXZe:l4MrfWdbcDWToWNu+bMrTUI`
Imports Hash	`3f91aceea750f765ef2ba5d9988e6a00`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2022-Mar-30 10:24:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x7200`
SizeOfInitializedData	`0x2d800`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x000036FC (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x9000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`6.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xfe000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3668d67c78869a28f70344e1d8e85519`
SHA1	`a829b454da851f9ea87fc7cb4a857621b399e7de`
SHA256	`94098bfe47b45561e717998630c199f610373a68fcf3a50f0baa7d33a9e12ed4`
SHA3	`8c5e1cbc821add756f54289ef3b5a20a9454aaed954516ce93f48f90ad4a9c3b`
VirtualSize	`0x7032`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41221`

.rdata

MD5	`84ed2873bb9ae54d09ef52f1faebfe9e`
SHA1	`a292ed7164863434abd65d9230144c1d8e96de1d`
SHA256	`eb77843bc312664ac6595a3b6cac03372d638f073da6c5e8d0ced97df5db7787`
SHA3	`c428f966c2da8808ae53738a5889086e8bcd4a5e7293bca41d2b49b540ddb7d5`
VirtualSize	`0x19a2`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.04078`

.data

MD5	`d11ee5d02bcd95455113cdebfc4a87a5`
SHA1	`3d8e9682397b784c42fafa338e9d8dcc2fdf5bfe`
SHA256	`f5c0e0a3361f886bbf5992ed4ddf8c4a029d3570bffa170fe31ddf7a5e1d986d`
SHA3	`6288a53aea5131fb60a57317270533181b9e303d2a7a392fc11ef7bc441916c4`
VirtualSize	`0x2ab00`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.0355`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x16000`
VirtualAddress	`0x36000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`83d538f91be36f5323db5f6840ca6e49`
SHA1	`ccc0c8e6c78da1c1dc7eecce2c5472466d6d8ab6`
SHA256	`d9c6cad7a36c94d8d71330ae2e4b61b321ee5342caa37ca14e950f634861f071`
SHA3	`0dc8454c70c690d62f0481dcbea954aebf4927a610036f1d97f737943a4a0f9e`
VirtualSize	`0xb1428`
VirtualAddress	`0x4c000`
SizeOfRawData	`0xb1600`
PointerToRawData	`0x9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.74961`

Imports

ADVAPI32.dll	`RegCloseKey` `RegDeleteKeyW` `RegDeleteValueW` `RegEnumKeyW` `RegEnumValueW` `RegQueryValueExW` `RegSetValueExW` `OpenProcessToken` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `SetFileSecurityW` `RegCreateKeyExW` `RegOpenKeyExW`
SHELL32.dll	`ShellExecuteExW` `SHFileOperationW` `SHBrowseForFolderW` `SHGetPathFromIDListW` `SHGetFileInfoW` `SHGetSpecialFolderLocation`
ole32.dll	`OleInitialize` `OleUninitialize` `CoTaskMemFree` `IIDFromString` `CoCreateInstance`
COMCTL32.dll	`#17` `ImageList_Destroy` `ImageList_AddMasked` `ImageList_Create`
USER32.dll	`DispatchMessageW` `wsprintfA` `SystemParametersInfoW` `SetClassLongW` `GetWindowLongW` `GetSysColor` `ScreenToClient` `SetCursor` `GetWindowRect` `TrackPopupMenu` `AppendMenuW` `EnableMenuItem` `CreatePopupMenu` `GetSystemMenu` `GetSystemMetrics` `IsWindowEnabled` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `OpenClipboard` `CheckDlgButton` `EndDialog` `DialogBoxParamW` `IsWindowVisible` `SetWindowPos` `CreateWindowExW` `GetClassInfoW` `PeekMessageW` `CallWindowProcW` `GetMessagePos` `CharNextW` `ExitWindowsEx` `SetWindowTextW` `SetTimer` `CreateDialogParamW` `DestroyWindow` `LoadImageW` `FindWindowExW` `SetWindowLongW` `InvalidateRect` `ReleaseDC` `GetDC` `SetForegroundWindow` `EnableWindow` `GetDlgItem` `ShowWindow` `IsWindow` `PostQuitMessage` `SendMessageTimeoutW` `SendMessageW` `wsprintfW` `FillRect` `GetClientRect` `EndPaint` `BeginPaint` `DrawTextW` `DefWindowProcW` `SetDlgItemTextW` `GetDlgItemTextW` `CharNextA` `MessageBoxIndirectW` `RegisterClassW` `CharPrevW` `LoadCursorW`
GDI32.dll	`SetBkMode` `CreateBrushIndirect` `GetDeviceCaps` `SelectObject` `DeleteObject` `SetBkColor` `SetTextColor` `CreateFontIndirectW`
KERNEL32.dll	`WriteFile` `GetLastError` `WaitForSingleObject` `GetExitCodeProcess` `GetTempFileNameW` `CreateFileW` `CreateDirectoryW` `WideCharToMultiByte` `lstrlenW` `lstrcpynW` `GlobalLock` `GlobalUnlock` `CreateThread` `GetDiskFreeSpaceW` `CopyFileW` `GetVersionExW` `GetWindowsDirectoryW` `ExitProcess` `GetCurrentProcess` `CreateProcessW` `GetTempPathW` `SetEnvironmentVariableW` `GetCommandLineW` `GetModuleFileNameW` `GetTickCount` `GetFileSize` `MultiByteToWideChar` `MoveFileW` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `lstrcmpiW` `lstrcmpW` `MulDiv` `GlobalFree` `GlobalAlloc` `LoadLibraryExW` `GetModuleHandleW` `FreeLibrary` `Sleep` `CloseHandle` `SetFileTime` `SetFilePointer` `SetFileAttributesW` `ReadFile` `GetShortPathNameW` `GetFullPathNameW` `GetFileAttributesW` `FindNextFileW` `FindFirstFileW` `FindClose` `DeleteFileW` `CompareFileTime` `SearchPathW` `SetCurrentDirectoryW` `ExpandEnvironmentStringsW` `RemoveDirectoryW` `GetSystemDirectoryW` `MoveFileExW` `GetModuleHandleA` `GetProcAddress` `lstrcmpiA` `lstrcpyA` `lstrcatW` `SetErrorMode`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xafca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.73183`
MD5	`e687b276aecac7dbce5a53252dd272c7`
SHA1	`4c6d8b11d13c2642df09ec32a1b174739ad8f7f4`
SHA256	`97abba60ac9a9129fde97df4bab44e1ab86d0bc76a29096a3c92d7d0cf2697fa`
SHA3	`47d34873b122a787c039881b819df904749ccffc030d7b2bdbaec85c4f989d43`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71813`
MD5	`a69caf66f3f899403f8b25b02dc61908`
SHA1	`3e5db9186cf0f75be24676462d88170e5950d9c8`
SHA256	`7854e8d67a11148566ad37c5d23e1534e0990fe31a160e0e7da3ca751830bb50`
SHA3	`1eea945e3712b317143e07560f54b0b9a13b1fd6c2b57cab9176181a9aaf4f79`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70411`
MD5	`9bf5ce4f6c93b09e4f5659e204c7ef69`
SHA1	`70260f4f07476e289d4f0da08f6ea81edf377c05`
SHA256	`4978808cfa3a9f541262585edca9b87268d2025e637f7254b269cef216b39a79`
SHA3	`006381732c2dfc87ce25f0b93f7446bbeb1549e901e375f8a720af89e0ef211a`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67385`
MD5	`d1a92272fbd597e1aa19021483110d5a`
SHA1	`9f75072682b37c6c52361d8c988ebd06dd003f63`
SHA256	`15663576584c947d634dab9848defcc7d8f05eb0b7e7c6d52d81eca695fc7a6e`
SHA3	`704756797695ae34f6fae500852bca70e5066a1d1993348fe40ccf626235d0d6`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.52183`
MD5	`6ffba239dcfcab2080195f23947b70aa`
SHA1	`bcda1ca8ee9bb9878bde83aa06c670bb5a4d5843`
SHA256	`a7e5ea849cb343e9b58de221aeb25c9dd4a3748070bfba879a30c4265fc39023`
SHA3	`a75544b4c3fcbcb32fe4e02d1a631e045b2e58516aa1065bb96cce681aea7030`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92767`
MD5	`1db3e4c32b9560257ddf3506fef9dd3f`
SHA1	`6666e0c8336456cfacec71d84415c6516e9e2673`
SHA256	`587a03198c39f990e77691056bb5705e21374281862ce06de94c68172f50f763`
SHA3	`30ca0affc3f1d2ef8b37f2103db7581caaf88548823fb3ae1d308fae9738dab4`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`3df5dd07b0cdb254ddc1bf5c33a3939a`
SHA1	`d51131051dae584e9f00884cab6c3ec66108366c`
SHA256	`a23ade7af35349636e012d3268cb830d978488b2c17255945513587894751d4c`
SHA3	`ce5ed40f9f38f2c61a37477bd918d07cb34d1ae7f02fec484e032b4ab60ffd33`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22669`
MD5	`c21836aa1e443a4a368be5ce3936ba69`
SHA1	`056bf8b14bd4111f67a0ff53064a6b8bd843584b`
SHA256	`4a8dbf3efe0012ab5e4b2b64129e45a1188080856c59a3828febaddded717c75`
SHA3	`22cf136f53b8eb7f96322b7ea0caaf46fd9084949695b7063473cf3f11e0f9a0`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x439`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29429`
MD5	`abe20cd034a940d331a7bcdefb551b8c`
SHA1	`f33ba68d8e336c1124e56a966dbb7a4e0ecbea31`
SHA256	`7d057092023135b9be659837a452fe0a698b8e41cead35fec5e028913490978b`
SHA3	`3dcf0ab4934fdd5eb1ae639ee171f983489f616b74c702d85a0207e4f2d35406`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	0.26.3.7
ProductVersion	0.26.3.7
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Sofamire
FileDescription	Installer for
FileVersion (#2)	0.26.3.7
LegalCopyright
ProductName	Diecast Demo
ProductVersion (#2)	0.26.3.7

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x6fa9248f`
Unmarked objects	`0`
C objects (29395)	`2`
C objects (CVTCIL) (29395)	`1`
Imports (29395)	`15`
Total imports	`165`
C objects (VS2019 Update 11 (16.11.11) compiler 30141)	`11`
Resource objects (VS2019 Update 11 (16.11.11) compiler 30141)	`1`
Linker (VS2019 Update 11 (16.11.11) compiler 30141)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.