Manalyze report for 201e1912ab74f06f2ec3c09ae4bfcb00

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Nov-18 16:27:35
Detected languages	English - United States
FileVersion	`4.2.1846.3481`
ProductVersion
.1846.3481
CompanyName	Lavasoft
FileDescription	Web Companion Installer
InternalName
taller.exe
LegalCopyright	c Lavasoft Limited. All Rights Reserved.
OriginalFilename	Installer.exe
ProductName
Companion Installer

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileW GetTempPathA CreateFileA`
Info	The PE is digitally signed.	`Signer: Lavasoft Software Canada` `Issuer: GlobalSign CodeSigning CA - G3`
Malicious	VirusTotal score: 4/66 (Scanned on 2018-07-16 22:20:04)	`ESET-NOD32: a variant of MSIL/WebCompanion.C potentially unwanted` `TrendMicro-HouseCall: Suspicious_GEN.F47V0502` `DrWeb: Program.Unwanted.2823` `Cyren: W32/GenPua.201E1912!Olympus`

Hashes

MD5	`201e1912ab74f06f2ec3c09ae4bfcb00`
SHA1	`deebd168b598c633fb7510fd2d3023d18a30d484`
SHA256	`2a3110e7e158344192ba7fabf3809289a5b3511ade60d5f4acd0dc75c11970e0`
SHA3	`ced1e4111fa5ce1c5b2637e36989b5786781c6f0a62af5c8fceae65d0d5887ca`
SSDeep	`6144:31OgDPdkBAFZWjadD4sKGoa2YyGCmMSLKXo7OcehCC/6kPYAHr2TF0G:31OgLdalz5oeIZkH4F0G`
Imports Hash	`a6246e8e9aebf63fde695671f153a78e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2010-Nov-18 16:27:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x19a00`
SizeOfInitializedData	`0xe600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00014B04 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2e000`
SizeOfHeaders	`0x400`
Checksum	`0x59613`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8c9346b8cd91e8d7aa2e1586eb1a1b30`
SHA1	`b89caf4e5d6b26ae7c31f5883bd6f65b800c62ec`
SHA256	`99f2799afc0c62e358c674048ff12ff8ff6cfbd043fd7dbfdfa6074a4a4abb26`
SHA3	`34a56c9f0cfe149e54193c7bc84123be312fadb6c110b3064148c2c2de9d6f82`
VirtualSize	`0x199ea`
VirtualAddress	`0x1000`
SizeOfRawData	`0x19a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60849`

.rdata

MD5	`5e256dc61db6deff01801e77de19d038`
SHA1	`8e65f609c6e46e1579e4425c2a811297bff84fce`
SHA256	`7cb94e778db30749a87f35d2f7b808a60a2af1f2a39c815ceb4eef1363c67f58`
SHA3	`2f99a585f37918495f1a8040ecd6ee7ce7cdc9eb9213fc572539239ae1a11eec`
VirtualSize	`0x4494`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x19e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.36802`

.data

MD5	`1d347e5500f0d4c5672ba18282b866f7`
SHA1	`3565d4fb3481e36dff2b69d356a4d6d0ad3506c5`
SHA256	`2bc590c7a6e55b782df9aa9aff9db5c6d98acb694c09376274e958a6c1902598`
SHA3	`ceb07de21c9fbb373c98fe57c1a625023eb8da81888324c75ed857a08c4dd32a`
VirtualSize	`0x5a48`
VirtualAddress	`0x20000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.37054`

.sxdata

MD5	`35925cfdc1176bd9ffc634a58b40ec17`
SHA1	`1f070e9dfbda0054d1a843e803e1a254701be02a`
SHA256	`bf34b3fc4d68c6e36efc565b159ae9a2de58b3a37034f15484e2e7f56c25972a`
SHA3	`c8f8b902b96f2da26afb84ebe3c80ce3e6045a76e47174f64032fc4e0d1fd9cc`
VirtualSize	`0x4`
VirtualAddress	`0x26000`
SizeOfRawData	`0x200`
PointerToRawData	`0x21600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_LNK_INFO` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`e46bc28f1c5367d318ae02f9df45fb3b`
SHA1	`010ce30a84a337b4e2ff3f4767861f521c209d24`
SHA256	`104f43723e10d6ec8a97836ef9257660a65127b6939455b06f54251073016b33`
SHA3	`6a15e74237a5aff1e5f464ea3a43a4ce1dba6e50e451fec6d774e33ed16773a5`
VirtualSize	`0x6b0c`
VirtualAddress	`0x27000`
SizeOfRawData	`0x6c00`
PointerToRawData	`0x21800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.45578`

Imports

OLEAUT32.dll	`#9` `#2`
USER32.dll	`SendMessageA` `SetTimer` `DialogBoxParamW` `DialogBoxParamA` `SetWindowLongA` `GetWindowLongA` `SetWindowTextW` `LoadIconA` `LoadStringW` `LoadStringA` `CharUpperW` `CharUpperA` `DestroyWindow` `EndDialog` `PostMessageA` `ShowWindow` `MessageBoxW` `GetDlgItem` `KillTimer` `SetWindowTextA`
SHELL32.dll	`ShellExecuteExA`
KERNEL32.dll	`GetStringTypeW` `GetStringTypeA` `LCMapStringW` `LCMapStringA` `InterlockedIncrement` `InterlockedDecrement` `GetProcAddress` `GetOEMCP` `GetACP` `GetCPInfo` `IsBadCodePtr` `IsBadReadPtr` `GetFileType` `SetHandleCount` `GetEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `FreeEnvironmentStringsA` `UnhandledExceptionFilter` `HeapSize` `GetCurrentProcess` `TerminateProcess` `IsBadWritePtr` `HeapCreate` `HeapDestroy` `GetEnvironmentVariableA` `SetUnhandledExceptionFilter` `TlsAlloc` `ExitProcess` `GetVersion` `GetCommandLineA` `GetStartupInfoA` `GetModuleHandleA` `WaitForSingleObject` `CloseHandle` `CreateProcessA` `SetCurrentDirectoryA` `GetCommandLineW` `GetVersionExA` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `MultiByteToWideChar` `WideCharToMultiByte` `GetLastError` `LoadLibraryA` `AreFileApisANSI` `GetModuleFileNameA` `GetModuleFileNameW` `LocalFree` `FormatMessageA` `FormatMessageW` `GetWindowsDirectoryA` `SetFileTime` `CreateFileW` `SetLastError` `SetFileAttributesA` `RemoveDirectoryA` `SetFileAttributesW` `RemoveDirectoryW` `CreateDirectoryA` `CreateDirectoryW` `DeleteFileA` `DeleteFileW` `lstrlenA` `GetFullPathNameA` `GetFullPathNameW` `GetCurrentDirectoryA` `GetTempPathA` `GetTempFileNameA` `FindClose` `FindFirstFileA` `FindFirstFileW` `FindNextFileA` `CreateFileA` `GetFileSize` `SetFilePointer` `ReadFile` `WriteFile` `SetEndOfFile` `GetStdHandle` `WaitForMultipleObjects` `Sleep` `VirtualAlloc` `VirtualFree` `CreateEventA` `SetEvent` `ResetEvent` `InitializeCriticalSection` `RtlUnwind` `RaiseException` `HeapAlloc` `HeapFree` `HeapReAlloc` `CreateThread` `GetCurrentThreadId` `TlsSetValue` `TlsGetValue` `ExitThread`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75404`
MD5	`45dfb274318b08cbcf6c20733ca0ecb0`
SHA1	`92b48f895f6f1296bfd00b57801890ec4e3779ec`
SHA256	`12433a0afda687b794b86c11b19d92c96d437765fe7513056c249136ff4e2c41`
SHA3	`bff76d485f8f0f9097d9c287512c59a006bc878edcc35272760b9280d8abfce0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18403`
MD5	`a792cef939f02d76cd876d1da1ffd1b7`
SHA1	`63e2d98ac53e5763e269277d05a1d1737dc04974`
SHA256	`fe174802e7a3a9d4ef79ae6e9baf2f3dedb02b8c0f5f5342ad04a37e3b9d6eeb`
SHA3	`39848cd80ec893f2971c96b27a6bdce65825c9f9dfb824e4b3f86ab87df3e3e7`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76693`
MD5	`a7e57968a0c93730317de3208eb431bc`
SHA1	`2f0b4336901247689fd7680390fa13f200ed51ef`
SHA256	`124a76c44014b2b22cb704e0a4c86ddbab4c3194ec00f2d847293df3620a94c8`
SHA3	`da28ec2b7dd6848df2e132f01ee54dd35ea20958f233b1389218445d33035303`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50691`
MD5	`0d98562d8b45dc079e1f03c2d66512ab`
SHA1	`1d4c8df72f4cf7bca7c99f6b7caef4e64f8595a0`
SHA256	`d222e3a18acacb64e634d710fb447e2bc5a959df6294c64f5a2c4b40556aa789`
SHA3	`a530b9005e35de9760eb3c8477bfe4b2bc74ce5ec49ca594c4fc0d2fb39669cd`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25855`
MD5	`4371666fc9b6f6e79a5d881feeda3b81`
SHA1	`de5b3fefa7ee56a9cc58c0d38266ff88a3b5c963`
SHA256	`fca0e9956af4b27d09782d65cc6cd77289386d684de553337dd85731258ec058`
SHA3	`4c76dc679ce155d3ebb09de5c05a82ea935473bab17fc9b0b5aa84475d8cf7f0`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.00183`
MD5	`76b7cd985f7d4a8de31e808c50b30349`
SHA1	`219b463e96ea00aeb45c1492214b98fa11f31a6c`
SHA256	`b8560d3d0a26d9c3bc372cf640b3a291e65ab42396a936fbd2dd32c79787be9d`
SHA3	`267ec5eb0246467e12eed83deea0f204ac277da1f7a352b6bb689c2dc3f2aa88`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a7b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85645`
Detected Filetype	PNG graphic file
MD5	`8dde3193ed57d4d6e2e8025d1a8e4891`
SHA1	`f9b627f647d1cbe390731a59eb83b89cfdb42d0e`
SHA256	`3fe49af7d3e344b0d891523827cc7c12856c74907ce2e73bfc635e1b689a5656`
SHA3	`61b6ad0db3b634ce1422de65c981cf6afe6de211d63c5ff09b953c662d25b98e`

500

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09294`
MD5	`8af78cd954cddc9ab418bafca9f62e0c`
SHA1	`c6ff8bd069db0ba61c844f4560cf8dfc2f0ec6b0`
SHA256	`3520c29b9987183324e6f3ed0a5ebcab2f73b6e6f3fabe17a327e0b8eb4e5ac0`
SHA3	`f2feb2f43fbe5877993c446781f0733e49a4a780833130903146da49840a4085`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78284`
MD5	`f10a79138329e5d18b25d47f648946b3`
SHA1	`05d88947da644a07509a64dc081b8b7d498d8648`
SHA256	`5f298d1dfce9f41bd500e89e57e1da7481713c7b2a37b01825a5e6badf940b14`
SHA3	`bd8d1803273589e9ec27a29accbd6a0e63dc51f4dcbbfaaaeee0cc7ee0cdd552`

5 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.43775`
MD5	`de24c92d0a67718187168052499199cb`
SHA1	`006654de0b450d1f31c7c370a2104558dfe5b9ad`
SHA256	`7bab4b9a6b82cb5e5561b48d0136a492aee4ce78242a5c28e4baa925de511575`
SHA3	`d1e8842da978e4258bf80b8126d03c02506b26d064db7999f6b103b5afb5b50f`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70088`
Detected Filetype	Icon file
MD5	`7ce9e206dec4e2afd36c048015d546b4`
SHA1	`4223f6c66b68a1c32e36d465886d4e00b3ad1147`
SHA256	`e1de9e596940a23ee809a1f67455a3c9b7314b19f2a67d42eabeacb8e316d8ba`
SHA3	`932fb13da707269fc3d2219395835f6cd7b3f110ced473c8b8616f8a571e933e`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40592`
MD5	`8f80832c4b26bd75e9967244ea14f335`
SHA1	`440bfcf1f97ff8665d3ffab87002e9c4717ddda4`
SHA256	`e1340dd431bf96ccfa397829e3d34aadd25a3e8b0cc98fe9ce2cf8762801f5ae`
SHA3	`7ebd13edb80568d6e2b8f967ab4dd979227e7decc298f9402f989ecc91e4823c`

String Table contents

Extraction Failed
File is corrupt
Cannot create folder '{0}'
Extracting

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.2.1846.3481
ProductVersion	4.2.1846.3481
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	4.2.1846.3481
ProductVersion
.1846.3481
CompanyName	Lavasoft
FileDescription	Web Companion Installer
InternalName
taller.exe
LegalCopyright	c Lavasoft Limited. All Rights Reserved.
OriginalFilename	Installer.exe
ProductName
Companion Installer

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x4738099`
Unmarked objects	`0`
14 (7299)	`25`
C objects (VS98 SP6 build 8804)	`64`
C objects (2190)	`1`
Total imports	`184`
Imports (2179)	`9`
C++ objects (VS98 SP6 build 8804)	`77`
C objects (VS2010 build 30319)	`7`
ASM objects (VS2010 build 30319)	`1`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

201e1912ab74f06f2ec3c09ae4bfcb00

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.sxdata

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

500

1 (#2)

5 (#2)

MAINICON

1 (#3)

1 (#4)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors