Manalyze report for 1d036b4831e5c433ce7e13b0ccabb809

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Aug-05 00:46:33
Detected languages	English - United States
CompanyName	Intel Corporation
FileDescription	The Intel® System Support Utility
FileVersion	`2.5.0.12`
LegalCopyright	Copyright © Intel Corporation 2015
OriginalFileName	SSU.exe
ProductName	Intel® System Support Utility
ProductVersion	`2.5.0.12`

Plugin Output

Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExA` `Can access the registry: RegCloseKey RegOpenKeyExA RegDeleteKeyA RegDeleteValueA RegEnumValueA RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Intel(R) INTELND1617S2` `Issuer: Intel External Issuing CA 7B`
Safe	VirusTotal score: 0/67 (Scanned on 2018-04-10 13:41:29)	`All the AVs think this file is safe.`

Hashes

MD5	`1d036b4831e5c433ce7e13b0ccabb809`
SHA1	`c074c124e741dbd2ed82f83f954bd77c68a35f33`
SHA256	`ba2940ae12de3a37eb5a70d86dcd14c2bbee602e3d5141f7554b54a19661e32b`
SHA3	`ca83e590f2e8fd18a5d23071ffc6f7c77c5ec12a0a2e9d89ca4ec3914f41b27a`
SSDeep	`6144:j9KOQS4cV/YdsgPOscR7uyxO/UX6DonzZyiQzAqvwBv1BX2hmxTi7CqOj:jsG8s0SRxhKiwzXdAOOj`
Imports Hash	`d7491ce7fa16431d00135edd80c7bdbd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2015-Aug-05 00:46:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x27c00`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000030E2 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x45000`
SizeOfHeaders	`0x400`
Checksum	`0x6a85f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0f7709b4e0c12b91da151dcfc3331f9d`
SHA1	`2c5483e42c66bc03f6ccc03bd370b8151f1bccee`
SHA256	`2ddb748fccad15b2d54fdba43d50c9c574ef7f25aac5a40d6a8f719666a26fb6`
SHA3	`2252da07a25eff6a9c3089c6bd91cf182a049c964cc88fc491f40b7bbe8f3a9a`
VirtualSize	`0x5e38`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44232`

.rdata

MD5	`bed60c9116dbff6d06b51530a732c0c9`
SHA1	`6dba0bb21c48c914a32e00be24ec402203667819`
SHA256	`7cde5f387256223aa7527aec642234537dab482bae262234282730f0589704a2`
SHA3	`3e33425c15272ea46fde513fe760f71dc9d4d88405b1ece6171df418e894f3d7`
VirtualSize	`0x12da`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10051`

.data

MD5	`0faf5f726198aee81b8efff69b4710f2`
SHA1	`59b968a270214f87f724ee75b69babfb5139979a`
SHA256	`f7e0667580f77ceb67b0845e1f1930934ea2b7650608e0895fb528dcea574abf`
SHA3	`1f6347125d690cf0a1c4584017a60be4e42a416145e5a88775d251754b507eb2`
VirtualSize	`0x254b8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.12438`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8000`
VirtualAddress	`0x2f000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`d76be681f51b9ed836ab3fd7dcd65830`
SHA1	`92d8ddee46ee79bab61fabd7eccc9a1a254481fc`
SHA256	`2bb8d16031265f9ceb41c6d6712d284364ca71bd6b45f6cef90a13876d8c0456`
SHA3	`78021b8bb92b8b57f57f9958b268a1557a51e2f021225c2798ad32a3a72373f7`
VirtualSize	`0xd260`
VirtualAddress	`0x37000`
SizeOfRawData	`0xd400`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.02999`

Imports

KERNEL32.dll	`GetTickCount` `GetFullPathNameA` `MoveFileA` `SetCurrentDirectoryA` `GetFileAttributesA` `GetLastError` `CreateDirectoryA` `SetFileAttributesA` `SearchPathA` `GetShortPathNameA` `GetFileSize` `GetModuleFileNameA` `GetCurrentProcess` `CopyFileA` `ExitProcess` `SetEnvironmentVariableA` `GetWindowsDirectoryA` `GetTempPathA` `Sleep` `CloseHandle` `LoadLibraryA` `lstrlenA` `lstrcpynA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `CreateProcessA` `RemoveDirectoryA` `CreateFileA` `GetTempFileNameA` `ReadFile` `lstrcpyA` `lstrcatA` `GetSystemDirectoryA` `GetVersion` `GetProcAddress` `GlobalAlloc` `CompareFileTime` `SetFileTime` `ExpandEnvironmentStringsA` `lstrcmpiA` `lstrcmpA` `WaitForSingleObject` `GlobalFree` `GetExitCodeProcess` `GetModuleHandleA` `SetErrorMode` `GetCommandLineA` `LoadLibraryExA` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `WriteFile` `FindClose` `WritePrivateProfileStringA` `MultiByteToWideChar` `MulDiv` `GetPrivateProfileStringA` `FreeLibrary`
USER32.dll	`CreateWindowExA` `EndDialog` `ScreenToClient` `GetWindowRect` `EnableMenuItem` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `GetWindowLongA` `SetCursor` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `GetDC` `SystemParametersInfoA` `RegisterClassA` `TrackPopupMenu` `AppendMenuA` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamA` `SetTimer` `GetDlgItem` `wsprintfA` `SetForegroundWindow` `ShowWindow` `IsWindow` `LoadImageA` `SetWindowLongA` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `EndPaint` `PostQuitMessage` `FindWindowExA` `SendMessageTimeoutA` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `ShellExecuteA` `SHFileOperationA`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegDeleteKeyA` `RegDeleteValueA` `RegEnumValueA` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_Create` `ImageList_AddMasked` `ImageList_Destroy` `#17`
ole32.dll	`CoCreateInstance` `CoTaskMemFree` `OleInitialize` `OleUninitialize`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc7a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7819`
MD5	`ca129c4537e562f70b82bbf3d25568b2`
SHA1	`bc7cd60f6b47f4e758e53f2cef7aac7b16f8cbfe`
SHA256	`07f22e867b00b508b0efce432408ade55d252f205eb8da5a164218abee35f03c`
SHA3	`291261721466f8866ef78c4f59f84322dc9a337f553241b90e32e17deac1e4ff`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66174`
MD5	`3409f314895161597f3c395cc5f65525`
SHA1	`1a99d016d65e567f24449d9362afb6ac44006d0b`
SHA256	`fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96`
SHA3	`b3b19241cc6454389e45833e50b742ae1927a5f161017350a99f2cbc66914f26`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88094`
MD5	`2d12c45dc2c029044aaff357141cb900`
SHA1	`083db861ab3c7db23c6257878296e73a89a74b8b`
SHA256	`69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729`
SHA3	`349b5d605c9c3efe5e0c4e2faa12dd21022fc5f9b053f2cbf4e2a6b8bc656442`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48825`
MD5	`6be4e1387d369cf86e68eacbdd0e81dd`
SHA1	`351970fe2681b9b35b5d59ad052011ed96a96e17`
SHA256	`85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0`
SHA3	`45e552e173141e06d113209b6cc915042ad0b4d5531464b8dbe5637029f489cb`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`66e51be6d27be1989b23acceef9f70e8`
SHA1	`726303802b41dcceb27bff4c80c665a701583d6e`
SHA256	`56b72586d28a31cf71cf30f989e83c8e3f6de2ceaaff5e3b2ab30b0b6eec1f45`
SHA3	`0f1d440cd21bcf2f93d11a0ba795736432edd081b260ed4de0ca77dc8e8841ab`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34382`
MD5	`40ba5e818621a9559c6723d3b7af1e1c`
SHA1	`17fca400b84f4758249073065d7dfe9eebfc5ff6`
SHA256	`9eefbce7dc3d73162ff619b8797af2354e0db1c4fac13cd27b45e7e7f41e9ac7`
SHA3	`553c9cf36cfdcbd47f0caee354bc99d89f34c80ed98c7420555a3f498fba14f7`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x34a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28836`
MD5	`501fde587b3630145de454303a047682`
SHA1	`2923a90818de20d893ee40a515fd3969ca75771f`
SHA256	`b214d59a9d368a4c51aa0c8b030ca7c6e393efef289decf25793ac9050844d7b`
SHA3	`4754091b38b1aab87d3b926983471b763dea619053d19258e0f673953fbadf78`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	2.5.0.12
ProductVersion	2.5.0.12
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Intel Corporation
FileDescription	The Intel® System Support Utility
FileVersion (#2)	2.5.0.12
LegalCopyright	Copyright © Intel Corporation 2015
OriginalFileName	SSU.exe
ProductName	Intel® System Support Utility
ProductVersion (#2)	2.5.0.12

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x69eb1175`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`158`
Imports (VS2003 (.NET) build 4035)	`17`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!