Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2010-Nov-18 16:27:35 |
Detected languages |
English - United States
|
FileVersion | 4.2.1846.3481 |
ProductVersion | |
.1846.3481 | |
CompanyName | Lavasoft |
FileDescription | Web Companion Installer |
InternalName | |
taller.exe | |
LegalCopyright | c Lavasoft Limited. All Rights Reserved. |
OriginalFilename | Installer.exe |
ProductName | |
Companion Installer |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Lavasoft Software Canada
Issuer: GlobalSign CodeSigning CA - G3 |
Malicious | VirusTotal score: 4/66 (Scanned on 2018-07-16 22:20:04) |
ESET-NOD32:
a variant of MSIL/WebCompanion.C potentially unwanted
TrendMicro-HouseCall: Suspicious_GEN.F47V0502 DrWeb: Program.Unwanted.2823 Cyren: W32/GenPua.201E1912!Olympus |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2010-Nov-18 16:27:35 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x19a00 |
SizeOfInitializedData | 0xe600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00014B04 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1b000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x2e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x59613 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
OLEAUT32.dll |
#9
#2 |
---|---|
USER32.dll |
SendMessageA
SetTimer DialogBoxParamW DialogBoxParamA SetWindowLongA GetWindowLongA SetWindowTextW LoadIconA LoadStringW LoadStringA CharUpperW CharUpperA DestroyWindow EndDialog PostMessageA ShowWindow MessageBoxW GetDlgItem KillTimer SetWindowTextA |
SHELL32.dll |
ShellExecuteExA
|
KERNEL32.dll |
GetStringTypeW
GetStringTypeA LCMapStringW LCMapStringA InterlockedIncrement InterlockedDecrement GetProcAddress GetOEMCP GetACP GetCPInfo IsBadCodePtr IsBadReadPtr GetFileType SetHandleCount GetEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsW FreeEnvironmentStringsA UnhandledExceptionFilter HeapSize GetCurrentProcess TerminateProcess IsBadWritePtr HeapCreate HeapDestroy GetEnvironmentVariableA SetUnhandledExceptionFilter TlsAlloc ExitProcess GetVersion GetCommandLineA GetStartupInfoA GetModuleHandleA WaitForSingleObject CloseHandle CreateProcessA SetCurrentDirectoryA GetCommandLineW GetVersionExA LeaveCriticalSection EnterCriticalSection DeleteCriticalSection MultiByteToWideChar WideCharToMultiByte GetLastError LoadLibraryA AreFileApisANSI GetModuleFileNameA GetModuleFileNameW LocalFree FormatMessageA FormatMessageW GetWindowsDirectoryA SetFileTime CreateFileW SetLastError SetFileAttributesA RemoveDirectoryA SetFileAttributesW RemoveDirectoryW CreateDirectoryA CreateDirectoryW DeleteFileA DeleteFileW lstrlenA GetFullPathNameA GetFullPathNameW GetCurrentDirectoryA GetTempPathA GetTempFileNameA FindClose FindFirstFileA FindFirstFileW FindNextFileA CreateFileA GetFileSize SetFilePointer ReadFile WriteFile SetEndOfFile GetStdHandle WaitForMultipleObjects Sleep VirtualAlloc VirtualFree CreateEventA SetEvent ResetEvent InitializeCriticalSection RtlUnwind RaiseException HeapAlloc HeapFree HeapReAlloc CreateThread GetCurrentThreadId TlsSetValue TlsGetValue ExitThread |
Extraction Failed |
File is corrupt |
Cannot create folder '{0}' |
Extracting |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 4.2.1846.3481 |
ProductVersion | 4.2.1846.3481 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
FileVersion (#2) | 4.2.1846.3481 |
ProductVersion | |
.1846.3481 | |
CompanyName | Lavasoft |
FileDescription | Web Companion Installer |
InternalName | |
taller.exe | |
LegalCopyright | c Lavasoft Limited. All Rights Reserved. |
OriginalFilename | Installer.exe |
ProductName | |
Companion Installer |
Resource LangID | English - United States |
---|
XOR Key | 0x4738099 |
---|---|
Unmarked objects | 0 |
14 (7299) | 25 |
C objects (VS98 SP6 build 8804) | 64 |
C objects (2190) | 1 |
Total imports | 184 |
Imports (2179) | 9 |
C++ objects (VS98 SP6 build 8804) | 77 |
C objects (VS2010 build 30319) | 7 |
ASM objects (VS2010 build 30319) | 1 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |