Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2010-Mar-18 11:21:36 |
Detected languages |
English - United States
|
Debug artifacts |
setup.pdb
|
FileDescription | Setup |
FileVersion | 10.0.30319.1 built by: RTMRel |
InternalName | setup.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | setup.exe |
ProductVersion | 10.0.30319.1 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/71 (Scanned on 2024-04-22 07:56:54) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2010-Mar-18 11:21:36 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x4ea00 |
SizeOfInitializedData | 0x19a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0002E541 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x50000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | A.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x6e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x65cd5 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
Process32NextW
Process32FirstW CreateToolhelp32Snapshot GetCurrentProcessId GetNativeSystemInfo SetFilePointer HeapSetInformation CreateEventW SetEvent SizeofResource LockResource LoadResource FindResourceW GetVersionExW CompareStringW GetFileAttributesW GetModuleFileNameW ExpandEnvironmentStringsW GlobalFree OpenProcess GetSystemDirectoryW DeleteFileW GetTempFileNameW GetTempPathW LocalFree FormatMessageW ReadFile GetTimeFormatW GetDateFormatW CreateDirectoryW CopyFileW WideCharToMultiByte GetWindowsDirectoryW GetSystemInfo GetCurrentProcess GetEnvironmentVariableW GetModuleHandleW GetVersion CreateFileW EndUpdateResourceW Sleep GetDiskFreeSpaceExW DeleteCriticalSection CreateThread InitializeCriticalSection EnterCriticalSection LeaveCriticalSection MulDiv lstrlenW GetExitCodeProcess SetEndOfFile GetTickCount FindFirstFileW FindNextFileW FindClose GlobalAlloc LoadLibraryW UpdateResourceA BeginUpdateResourceA InterlockedCompareExchange FindResourceA DeleteFileA lstrlenA CreateFileA UpdateResourceW BeginUpdateResourceW GetEnvironmentVariableA SetStdHandle WriteConsoleW HeapReAlloc IsValidLocale EnumSystemLocalesA GetLocaleInfoA GetUserDefaultLCID HeapSize FlushFileBuffers GetConsoleMode GetConsoleCP GetProcessHeap MultiByteToWideChar LCMapStringW GetStringTypeW GetLocaleInfoW IsValidCodePage GetOEMCP GetACP IsDebuggerPresent UnhandledExceptionFilter TerminateProcess HeapAlloc IsProcessorFeaturePresent GetSystemTimeAsFileTime QueryPerformanceCounter HeapCreate GetCurrentThreadId InterlockedExchange SwitchToThread GetLastError WaitForSingleObject CloseHandle GetProcAddress FreeLibrary WriteFile SetLastError InterlockedIncrement TlsFree TlsSetValue TlsGetValue TlsAlloc GetFileType InitializeCriticalSectionAndSpinCount LocalAlloc LoadLibraryA RaiseException GetCommandLineW GetStartupInfoW RtlUnwind HeapFree InterlockedDecrement GetCPInfo SetUnhandledExceptionFilter ExitProcess GetStdHandle FreeEnvironmentStringsW GetEnvironmentStringsW SetHandleCount |
---|---|
GDI32.dll |
GetStockObject
EnumFontFamiliesExW CreateFontIndirectW DeleteObject CreateCompatibleDC GetDeviceCaps GetObjectW DeleteDC SelectObject GetTextMetricsW GetTextExtentPoint32W |
ole32.dll |
CoUninitialize
CoInitialize |
Secur32.dll |
GetComputerObjectNameW
|
SHELL32.dll |
ShellExecuteExW
SHGetMalloc SHGetPathFromIDListW SHGetSpecialFolderLocation ShellExecuteW ShellExecuteA |
USER32.dll |
MessageBoxA
ShowScrollBar GetClientRect SendMessageA SetClassLongW SetWindowTextW LoadCursorW SetCursor CreateDialogIndirectParamW SetForegroundWindow EnableWindow GetFocus SetFocus ScreenToClient MoveWindow LoadIconW SetDlgItemTextW SendMessageW GetDlgItem MsgWaitForMultipleObjects PeekMessageW IsDialogMessageW TranslateMessage DispatchMessageW DestroyWindow ShowWindow SendDlgItemMessageW GetWindowRect SystemParametersInfoW ExitWindowsEx MessageBoxW DrawTextW GetSystemMetrics GetDC GetDialogBaseUnits ReleaseDC CreateDialogParamW LoadImageW |
CRYPT32.dll |
CertFreeCertificateChain
CertVerifyCertificateChainPolicy CertGetCertificateChain |
WININET.dll |
InternetCrackUrlW
InternetCombineUrlW |
msi.dll |
#8
#150 #78 #92 |
ADVAPI32.dll (delay-loaded) |
RegCloseKey
RegQueryValueExW RegOpenKeyExW CryptDestroyHash CryptReleaseContext CryptGetHashParam CryptHashData CryptCreateHash CryptAcquireContextW FreeSid AllocateAndInitializeSid RegCreateKeyExA RegEnumValueA RegQueryValueExA RegQueryInfoKeyA RegOpenKeyExA RegSetValueExA RegSetValueExW RegQueryInfoKeyW RegCreateKeyExW RegEnumValueW |
Attributes | 0x1 |
---|---|
Name | ADVAPI32.dll |
ModuleHandle | 0x51f48 |
DelayImportAddressTable | 0x51a4c |
DelayImportNameTable | 0x4e454 |
BoundDelayImportTable | 0x4e68c |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Ordinal | 1 |
---|---|
Address | 0x19c45 |
Ordinal | 2 |
---|---|
Address | 0x19c23 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.0.30319.1 |
ProductVersion | 10.0.30319.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
FileDescription | Setup |
FileVersion (#2) | 10.0.30319.1 built by: RTMRel |
InternalName | setup.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | setup.exe |
ProductVersion (#2) | 10.0.30319.1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2010-Mar-18 11:21:36 |
Version | 0.0 |
SizeofData | 34 |
AddressOfRawData | 0xa108 |
PointerToRawData | 0x9508 |
Referenced File | setup.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x450148 |
SEHandlerTable | 0x40a5a0 |
SEHandlerCount | 199 |
XOR Key | 0x9a16eadc |
---|---|
Unmarked objects | 0 |
C++ objects (VS2010 build 30319) | 58 |
ASM objects (VS2010 build 30319) | 20 |
C objects (VS2010 build 30319) | 157 |
Imports (VS2008 SP1 build 30729) | 23 |
Total imports | 337 |
ASM objects (30311) | 1 |
C++ objects (30311) | 35 |
Exports (30311) | 1 |
Resource objects (30311) | 1 |
Linker (30311) | 1 |