Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2022-Oct-03 15:05:57 |
Detected languages |
English - United States
German - Switzerland |
CompanyName | Ghisler Software GmbH |
FileDescription | Total Commander Installer |
FileVersion | 10.52 |
InternalName | INSTALL |
LegalCopyright | Copyright © Ghisler Software GmbH 1993-2022 |
OriginalFilename | install.exe |
ProductName | Total Commander Installer |
ProductVersion | 10.52 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to Blowfish |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Ghisler Software GmbH
Issuer: Sectigo Public Code Signing CA R36 |
Suspicious | VirusTotal score: 1/69 (Scanned on 2022-11-26 03:13:11) | Malwarebytes: Malware.Heuristic.1004 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2022-Oct-03 15:05:57 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x19000 |
SizeOfInitializedData | 0xf000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000141F8 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x29000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x8cba10 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetFileSize
IsValidCodePage SetLastError SetNamedPipeHandleState GetCurrentProcessId WideCharToMultiByte TransactNamedPipe LocalAlloc CreateNamedPipeW DisconnectNamedPipe WaitNamedPipeA DuplicateHandle RemoveDirectoryW CopyFileW ConnectNamedPipe CreateThread GetWindowsDirectoryW LoadLibraryExW GetSystemDirectoryW LoadLibraryExA FindNextFileW SetEnvironmentVariableA GetOEMCP GetACP GetSystemDirectoryA CompareStringA GetCPInfo GetStringTypeW GetStringTypeA GetFileType GetStdHandle SetHandleCount GetEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsW FreeEnvironmentStringsA UnhandledExceptionFilter LCMapStringW LCMapStringA HeapReAlloc VirtualAlloc VirtualFree HeapCreate HeapDestroy GetVersion GetStartupInfoA TerminateProcess ExitProcess HeapAlloc HeapFree RtlUnwind FindFirstFileW GetDriveTypeA GetVersionExA SetErrorMode GetCommandLineA GetCommandLineW GetModuleFileNameW GetModuleFileNameA GlobalAlloc LoadLibraryA GlobalFree LocalFree GetUserDefaultLCID WinExec CopyFileA GetPrivateProfileStringA GetWindowsDirectoryA GetEnvironmentVariableW GetEnvironmentVariableA DosDateTimeToFileTime LocalFileTimeToFileTime CreateFileA CreateFileW SetFilePointer ReadFile WriteFile DeleteFileA SetFileTime WritePrivateProfileStringA CreateDirectoryW CreateDirectoryA GetTickCount Sleep GetCurrentProcess OpenProcess GetModuleHandleA CloseHandle GetProcAddress GetLastError FindFirstFileA FindNextFileA FindClose MultiByteToWideChar GetFileAttributesA CompareStringW SetFileAttributesA |
---|---|
USER32.dll |
OemToCharA
CharPrevW LoadIconA RegisterClassA CreateWindowExA GetMessageA FindWindowA GetUserObjectSecurity CharLowerA BeginPaint EndPaint PostQuitMessage DefWindowProcA GetSystemMetrics DrawTextW BringWindowToTop SetForegroundWindow LoadCursorA IsWindowUnicode CharPrevA MessageBoxA UpdateWindow CharUpperA PostMessageA MessageBoxW EnumWindows GetClassNameA GetWindowTextA GetClassLongA GetDlgItemTextW EnableWindow CheckRadioButton GetKeyState IsDlgButtonChecked CheckDlgButton SetFocus DialogBoxParamW SetCursor DialogBoxParamA MessageBeep SendDlgItemMessageW EndDialog SendMessageW SendMessageA GetDlgItemTextA DestroyWindow CreateDialogParamW CreateDialogParamA GetDlgItem ShowWindow GetSystemMenu DeleteMenu IsIconic GetDC GetClientRect FillRect wsprintfA GetSysColor DrawTextA ReleaseDC SendDlgItemMessageA SetWindowTextA SetDlgItemTextW SetDlgItemTextA GetWindowRect GetParent MoveWindow PeekMessageA IsDialogMessageA TranslateMessage DispatchMessageA GetWindowThreadProcessId |
GDI32.dll |
CreateFontA
SelectObject GetStockObject DeleteObject IntersectClipRect SetTextColor SetBkMode CreateSolidBrush SetBkColor |
ADVAPI32.dll |
RegCreateKeyExA
AddAccessAllowedAce RegCreateKeyExW InitializeSecurityDescriptor SetSecurityDescriptorOwner SetSecurityDescriptorDacl IsValidSecurityDescriptor GetLengthSid RegCloseKey RegQueryValueExA RegOpenKeyExA GetUserNameA AdjustTokenPrivileges LookupPrivilegeValueA OpenProcessToken RegQueryValueExW RegOpenKeyExW LookupAccountNameW RegSetValueExA RegDeleteKeyA RegOpenKeyA GetSecurityDescriptorOwner RegCreateKeyA FreeSid LookupAccountSidW EqualSid GetAce AllocateAndInitializeSid DeleteAce LookupAccountSidA GetTokenInformation GetUserNameW InitializeAcl |
SHELL32.dll |
ShellExecuteW
|
COMCTL32.dll |
#17
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.52.0.0 |
ProductVersion | 10.52.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Ghisler Software GmbH |
FileDescription | Total Commander Installer |
FileVersion (#2) | 10.52 |
InternalName | INSTALL |
LegalCopyright | Copyright © Ghisler Software GmbH 1993-2022 |
OriginalFilename | install.exe |
ProductName | Total Commander Installer |
ProductVersion (#2) | 10.52 |
Resource LangID | German - Switzerland |
---|
XOR Key | 0x3cddb040 |
---|---|
Unmarked objects | 0 |
12 (7291) | 5 |
C++ objects (VS98 SP6 build 8804) | 1 |
14 (7299) | 21 |
Unmarked objects (#2) | 27 |
19 (8034) | 11 |
Total imports | 216 |
C objects (VS98 SP6 build 8804) | 78 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |