Manalyze report for 1fb0d435a6e6a60e2f66c29d6562ff4bb974f5e4df78545b655f11b49bb04b23

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-Sep-06 18:27:36
Detected languages	Chinese - PRC
CompanyName	www.winchiphead.com
FileDescription	EXE For Driver Installation
FileVersion	`1, 4, 0, 0`
InternalName	SETUP
LegalCopyright	Copyright (C) W.ch 2001-2007
OriginalFilename	SETUP.EXE
ProductName	Setup.exe
ProductVersion	`1.40`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	Interesting strings found in the binary:	`Contains domain names: http://wch.cn winchiphead.com www.winchiphead.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Safe	VirusTotal score: 0/71 (Scanned on 2026-01-23 05:24:26)	`All the AVs think this file is safe.`

Hashes

MD5	`34bc90fa25e826c36df9481efaec5589`
SHA1	`cc86433948aecd8c0a74a390d22c601fbee66b3e`
SHA256	`1fb0d435a6e6a60e2f66c29d6562ff4bb974f5e4df78545b655f11b49bb04b23`
SHA3	`e1744d44c6949001d32aedfb0c45b67cd350e0cc1d246cace418935c12042eee`
SSDeep	`768:O9KpAiVsiL6NOhl0DDCh2XsHv/i8t80H1kHNKLlh6oKjE:BAzC6NOhVwsHi8t8M1KcLaoaE`
Imports Hash	`ae7dbb3a9cd4ec910f8832698ce34e89`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2007-Sep-06 18:27:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x8000`
SizeOfInitializedData	`0xd000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000040D0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x9000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x16000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`28cc8af82868e21fbe7aeab0ad7e42c1`
SHA1	`826615f30f014a3d368c6c1def85e5f3b2f2b8ff`
SHA256	`237c465ebb0c3341eca37123c7a1ead4e5ef0c8822078c20aea56f81ee5112ca`
SHA3	`b0366b0a0c2a619384f7e18474f4687abefde6c7b1b6ffd0fa4bad0f4e031e37`
VirtualSize	`0x7f77`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64966`

.rdata

MD5	`3d268423f2e2e44e91a75a64e632e486`
SHA1	`448f076b4fa43da8a1cbba3ef5b2db8ca18fec27`
SHA256	`a0d0459473f207fc8482a066c61bc1db65f7efe9440d3b8e5400f23a6393ba59`
SHA3	`9ea00697cb840d47f9898f7233a1eef85655e5edc4be9340abdd2030d15a3a97`
VirtualSize	`0x1036`
VirtualAddress	`0x9000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.35084`

.data

MD5	`18815dc213c191627e4877011d0d8fc5`
SHA1	`17d3c228ea63ba15a119eb144dc7bdf8a11e7f88`
SHA256	`b4d15b6d06cb7a365179ef758f6bf4894318cfd3a6d23ebcb2629810a1457617`
SHA3	`f2e3e19889fc67d51cce75c8e335c116e96da93dfe023413e6da101a1bda026b`
VirtualSize	`0x954c`
VirtualAddress	`0xb000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.51198`

.rsrc

MD5	`963d30bdac12f03fa6791fc1f15e2751`
SHA1	`99d9dc2d2af29adb461549dc8a4535eba8e6e9b9`
SHA256	`7265944c5e25a4799e3b89623ee7801e2a5d8f55d83c2d569d510b1689c89167`
SHA3	`d11d2057a35aad2c54a46cf5db3c65f3849e1234c25a84e00ba19e6d05d0749c`
VirtualSize	`0xc50`
VirtualAddress	`0x15000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.8912`

Imports

KERNEL32.dll	`GetUserDefaultLangID` `CreateThread` `CloseHandle` `Sleep` `GetLastError` `GetProcAddress` `LoadLibraryA` `GetPrivateProfileSectionA` `GetPrivateProfileStringA` `DeleteFileA` `CopyFileA` `SetLastError` `LocalAlloc` `LocalFree` `GetVersion` `GetSystemDirectoryA` `CompareStringW` `CompareStringA` `FlushFileBuffers` `SetStdHandle` `HeapReAlloc` `VirtualAlloc` `HeapAlloc` `SetFilePointer` `GetTimeZoneInformation` `GetStringTypeW` `GetCurrentDirectoryA` `LCMapStringW` `LCMapStringA` `MultiByteToWideChar` `WriteFile` `RtlUnwind` `HeapFree` `VirtualFree` `HeapCreate` `HeapDestroy` `GetFileType` `GetStdHandle` `SetHandleCount` `GetEnvironmentStringsW` `GetEnvironmentStrings` `WideCharToMultiByte` `FreeEnvironmentStringsW` `FreeEnvironmentStringsA` `GetModuleFileNameA` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `GetOEMCP` `SetEnvironmentVariableA` `GetACP` `GetCPInfo` `ExitProcess` `GetCommandLineA` `GetStartupInfoA` `GetWindowsDirectoryA` `GetStringTypeA` `lstrlenA` `FindFirstFileA` `FindNextFileA` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `GetModuleHandleA`
USER32.dll	`UpdateWindow` `CharUpperA` `IsDlgButtonChecked` `EnableWindow` `FindWindowExA` `EnumChildWindows` `GetWindowTextA` `SendDlgItemMessageA` `SetDlgItemTextA` `MessageBoxA` `DefWindowProcA` `GetDlgItem` `ShowWindow` `LoadIconA` `SendMessageA` `EndDialog` `DialogBoxParamA`
SETUPAPI.dll	`SetupDiBuildDriverInfoList` `SetupDiEnumDriverInfoA` `SetupDiGetDriverInfoDetailA` `SetupDiDestroyDriverInfoList` `SetupDefaultQueueCallbackA` `SetupOpenInfFileA` `SetupDiGetActualSectionToInstallA` `SetupOpenFileQueue` `SetupInitDefaultQueueCallbackEx` `SetupInstallFilesFromInfSectionA` `SetupCommitFileQueueA` `SetupCloseFileQueue` `SetupCloseInfFile` `SetupTermDefaultQueueCallback` `SetupCopyOEMInfA` `SetupDiGetClassDevsA` `SetupDiEnumDeviceInfo` `SetupDiGetDeviceRegistryPropertyA` `SetupDiCallClassInstaller` `SetupDiDestroyDeviceInfoList` `SetupDiSetDeviceRegistryPropertyA`
CFGMGR32.dll	`CM_Reenumerate_DevNode` `CM_Locate_DevNodeA`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18748`
MD5	`08114f68eb09d752e482285da00cd929`
SHA1	`d2fac2c767845671c08a635c672a3e9ce8f6d513`
SHA256	`2629ace99863314686a5204338491ea858e701841901253a89f743b1c2ec8461`
SHA3	`adf486edcdea830f569b32360ede6d3167e596e398633afa87187603f6d0ab6d`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.09703`
MD5	`fc3fe7b241723b058ea109814ce16893`
SHA1	`51d029a9181766ffe819059fbf4e390ba7d72b7a`
SHA256	`3209af956be1ab6d5209966e9709726b76a8d1d25b1ea601b93dc1c5dc11f318`
SHA3	`4f10ee91ac47673d9ea715fc94c7428a54787b49e1d44e6b85465b39f4f053be`

103

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30072`
MD5	`0381e5112d557b1a59f5259e0d0ef95c`
SHA1	`67c74e0b949102fa0d726f3e09db4256aa0a6637`
SHA256	`156a8ee7baf12a3253f8941977d1aa4460fca489edc4f1fd3b831e6f0bfda535`
SHA3	`88699be2347f2588b9cd863a0c5e42b948b3bbfd44541a3cdc424bf437363a86`

129

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x20a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56001`
MD5	`8a9aa03cd1403fce02c1ba8234250012`
SHA1	`4ca575f8b250118cc2a3398dc41074d73a837908`
SHA256	`812884bb97d56e5e9598b5f81e6421e58a0c5cfa4cc48f9bbaaf4cb9ff284091`
SHA3	`9f1cdae6b867b5e35f74331577c29dd832e813f67effd5338fd19573bd7e03a8`

107

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

108

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43705`
MD5	`5b240b0cfe119ee81a50b8c4346c5333`
SHA1	`f927135b1b20a9b8972ad314028dd47149b70a93`
SHA256	`3cf4d43a3ccbe7ef102af61249177d7d3f1cd8848123c71a7642edacc551a8cd`
SHA3	`a886123f9a60632fb41a67401b4f27bf61423cd5cbeb5fb145d3163038db26a4`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.4.0.0
ProductVersion	1.4.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Chinese - PRC
CompanyName	www.winchiphead.com
FileDescription	EXE For Driver Installation
FileVersion (#2)	1, 4, 0, 0
InternalName	SETUP
LegalCopyright	Copyright (C) W.ch 2001-2007
OriginalFilename	SETUP.EXE
ProductName	Setup.exe
ProductVersion (#2)	1.40

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x4daf4c41`
Unmarked objects	`0`
12 (7291)	`1`
14 (7299)	`17`
C objects (VS98 build 8168)	`60`
19 (8152)	`2`
19 (8034)	`7`
Total imports	`105`
C++ objects (VS98 build 8168)	`3`
Resource objects (VS98 cvtres build 1720)	`1`

Errors

Leave a comment

No comments yet.