Manalyze report for 22dbea3528b023dfe48c76fdc0537bd4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Dec-15 22:24:36
Detected languages	English - United States
CompanyName	Tim Kosse
FileDescription	FileZilla FTP Client
FileVersion	`3.48.1`
LegalCopyright	Tim Kosse
OriginalFilename	FileZilla_3.48.1_win32-setup.exe
ProductName	FileZilla
ProductVersion	`3.48.1`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCreateKeyExW RegOpenKeyExW RegEnumValueW RegDeleteKeyW RegDeleteValueW RegCloseKey RegSetValueExW RegQueryValueExW RegEnumKeyW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetFileSecurityW` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Tim Kosse` `Issuer: Sectigo RSA Code Signing CA`
Safe	VirusTotal score: 0/72 (Scanned on 2020-06-29 13:09:32)	`All the AVs think this file is safe.`

Hashes

MD5	`22dbea3528b023dfe48c76fdc0537bd4`
SHA1	`8d682279d45db1331ef69bf8f220bbb6819ef88c`
SHA256	`cb3c7d63432d72d5a29c958defed67f2b51eef958f15c43c52bdfd0d5656fa40`
SHA3	`449091e32627d27d825c91dc267f84b54671dc49b13b1c36898721ee35051339`
SSDeep	`196608:+CjZ8gVJXf3bRLMRJ/FeEalpdDTi7aRa3j24eMLN:+7yXzRLyFalXDmf3j2WLN`
Imports Hash	`f6b8aa5eda0f635aadea6599807a6a47`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Dec-15 22:24:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6600`
SizeOfInitializedData	`0x22a00`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x000034A5 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6f000`
SizeOfHeaders	`0x400`
Checksum	`0x7cd1ea`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bfe2b726d49cbd922b87bad5eea65e61`
SHA1	`f8cf896a63a2b1e91357e07ad7c6ac1fdfb563ea`
SHA256	`45206751328829133f1d55ef54304e45d497fb0e59158d533ebe1351996f9631`
SHA3	`3f49ef515d96549450a722b6766c9e2bff177bd16bc734b395404f9225faf63c`
VirtualSize	`0x6409`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41619`

.rdata

MD5	`d45dcba8ca646543f7e339e20089687e`
SHA1	`bc86d89dc84b61007ef3c370441808ae63b914b6`
SHA256	`1ff6a6913bbc4a34cae2c496ab7d059c120601d8eaebaf841eae5fc13188b26d`
SHA3	`59ec16f5eea60b7bdf111c719a52033226c17f3df39e4cd275f78fa547771321`
VirtualSize	`0x1396`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.15491`

.data

MD5	`8575fc5e872ca789611c386779287649`
SHA1	`919a09af848861c30a3d498fbd9e4ce73d81554a`
SHA256	`b70fa3c995d4a1b5857a8aae5777a06fedd497d9cc56c39d85a11f9251eb9e7a`
SHA3	`04a3ba3bb5b1aea1923097ad160fa84986672867416aff504de6a03d89063235`
VirtualSize	`0x20358`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.0044`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x39000`
VirtualAddress	`0x2b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`873b0fc0110861c7d018bd30ea7d5f4b`
SHA1	`19b1a739b50a16100242028ad5af6afa57f3f1cd`
SHA256	`ea6580aa66562197b7a9a4336e366c76df4c491b255ca9b04b13a6d28e1bfe33`
SHA3	`df8fb20ef43225d8db58c841dca91233e3b855662e0893cf377b6adf86f8f12b`
VirtualSize	`0xa3a0`
VirtualAddress	`0x64000`
SizeOfRawData	`0xa400`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.57283`

Imports

KERNEL32.dll	`ExitProcess` `SetFileAttributesW` `Sleep` `GetTickCount` `CreateFileW` `GetFileSize` `GetModuleFileNameW` `GetCurrentProcess` `SetCurrentDirectoryW` `GetFileAttributesW` `SetEnvironmentVariableW` `GetWindowsDirectoryW` `GetTempPathW` `GetCommandLineW` `GetVersion` `SetErrorMode` `lstrlenW` `lstrcpynW` `CopyFileW` `GetShortPathNameW` `GlobalLock` `CreateThread` `GetLastError` `CreateDirectoryW` `CreateProcessW` `RemoveDirectoryW` `lstrcmpiA` `GetTempFileNameW` `WriteFile` `lstrcpyA` `MoveFileExW` `lstrcatW` `GetSystemDirectoryW` `GetProcAddress` `GetModuleHandleA` `GetExitCodeProcess` `WaitForSingleObject` `lstrcmpiW` `MoveFileW` `GetFullPathNameW` `SetFileTime` `SearchPathW` `CompareFileTime` `lstrcmpW` `CloseHandle` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalUnlock` `GetDiskFreeSpaceW` `GlobalAlloc` `FindFirstFileW` `FindNextFileW` `DeleteFileW` `SetFilePointer` `ReadFile` `FindClose` `lstrlenA` `MulDiv` `MultiByteToWideChar` `WideCharToMultiByte` `GetPrivateProfileStringW` `WritePrivateProfileStringW` `FreeLibrary` `LoadLibraryExW` `GetModuleHandleW`
USER32.dll	`GetSystemMenu` `SetClassLongW` `EnableMenuItem` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `GetWindowLongW` `SetCursor` `LoadCursorW` `CheckDlgButton` `GetMessagePos` `LoadBitmapW` `CallWindowProcW` `IsWindowVisible` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `ScreenToClient` `GetWindowRect` `GetDlgItem` `GetSystemMetrics` `SetDlgItemTextW` `GetDlgItemTextW` `MessageBoxIndirectW` `CharPrevW` `CharNextA` `wsprintfA` `DispatchMessageW` `PeekMessageW` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndDialog` `RegisterClassW` `SystemParametersInfoW` `CreateWindowExW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `GetDC` `SetTimer` `SetWindowTextW` `LoadImageW` `SetForegroundWindow` `ShowWindow` `IsWindow` `SetWindowLongW` `FindWindowExW` `TrackPopupMenu` `AppendMenuW` `CreatePopupMenu` `EndPaint` `CreateDialogParamW` `SendMessageTimeoutW` `wsprintfW` `PostQuitMessage`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectW` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `ShellExecuteExW` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetFileInfoW` `SHFileOperationW`
ADVAPI32.dll	`AdjustTokenPrivileges` `RegCreateKeyExW` `RegOpenKeyExW` `SetFileSecurityW` `OpenProcessToken` `LookupPrivilegeValueW` `RegEnumValueW` `RegDeleteKeyW` `RegDeleteValueW` `RegCloseKey` `RegSetValueExW` `RegQueryValueExW` `RegEnumKeyW`
COMCTL32.dll	`ImageList_Create` `ImageList_AddMasked` `ImageList_Destroy` `#17`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoCreateInstance`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x485d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97032`
Detected Filetype	PNG graphic file
MD5	`2924b557e888e657f8a120f6bcdce299`
SHA1	`be71b735851cb6346c260f3916ae1e7df88357ae`
SHA256	`6b7068803141200a79f8e4f682535396adbce72bdcaf7536660e7ae0013a82f1`
SHA3	`64cfe2662ffed9e32f405350b02b7725c77bd8b4bc588bbdc9f6740834f02a50`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69314`
MD5	`a4d15c4ddb5be6d7eede380a4cf5572e`
SHA1	`10659b4b5de57f4490ac51e20c3ce89a2e4412d4`
SHA256	`cb3f3760ed06090cda59e1d0d3fd975366bf748b86512cfad3f59029281bc584`
SHA3	`58f6b43cd2ffd97f33e42fd1a182e3d1be522a1931917468e16030369f49f7de`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16834`
MD5	`e2a4955458d12273cb9daf03d0cf36f1`
SHA1	`f05a3c95a04fa02e7fa0b5f845180ba5f8751fb9`
SHA256	`15e66f5f93d09d3f58ca107a86a51dadac61536b6134a36b2c059a7401b38942`
SHA3	`7f773e913727464a63608616aca3a017c8f6737ac9736911035057467870d7be`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.66044`
MD5	`3a6b0e1778b655c587f4d909f58a0c78`
SHA1	`be110736cfe842619c38bd757df1af4b81794594`
SHA256	`390938282a2a5a2ca58d345ddc271d4b1279da59af604fcb3825029e79eaa8a1`
SHA3	`00d7c42d4580fb5a016374b8bc121214a55750c84104fd3828c78d789c6fc966`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91531`
MD5	`eb2ef8695f47efe38c78a7add48c31ba`
SHA1	`7b3181b1815be24eb252a024df5cab6878650825`
SHA256	`941b9e1aa6d0c83313eb91868c1300ed96fa4721339cd6fed734f94fca4fbb2f`
SHA3	`9f15575e5a5bb1be2cf90e50c1907c5f1feca7d6a55eb17cabc8882b77682dc0`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71813`
MD5	`a69caf66f3f899403f8b25b02dc61908`
SHA1	`3e5db9186cf0f75be24676462d88170e5950d9c8`
SHA256	`7854e8d67a11148566ad37c5d23e1534e0990fe31a160e0e7da3ca751830bb50`
SHA3	`1eea945e3712b317143e07560f54b0b9a13b1fd6c2b57cab9176181a9aaf4f79`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70411`
MD5	`9bf5ce4f6c93b09e4f5659e204c7ef69`
SHA1	`70260f4f07476e289d4f0da08f6ea81edf377c05`
SHA256	`4978808cfa3a9f541262585edca9b87268d2025e637f7254b269cef216b39a79`
SHA3	`006381732c2dfc87ce25f0b93f7446bbeb1549e901e375f8a720af89e0ef211a`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.52183`
MD5	`6ffba239dcfcab2080195f23947b70aa`
SHA1	`bcda1ca8ee9bb9878bde83aa06c670bb5a4d5843`
SHA256	`a7e5ea849cb343e9b58de221aeb25c9dd4a3748070bfba879a30c4265fc39023`
SHA3	`a75544b4c3fcbcb32fe4e02d1a631e045b2e58516aa1065bb96cce681aea7030`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89887`
MD5	`663040d6315b1d6ce8c0334d182ed8fc`
SHA1	`ebcfff801a12fb8ad1200a4526fca8bd2c3e96cf`
SHA256	`cb3c86cbcb579244a6f819f9c1807a7e89b6e600982ec6ea0841fcdcb16a9efd`
SHA3	`6a25a2cb16aeb17693f10e8aaa0245c701701db571b458fde7830291a4a01cfc`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63186`
Detected Filetype	Icon file
MD5	`63d76266efe0561d609993fd55638b06`
SHA1	`862b90c1433ac10375b45aa16a7a7e9e2db76833`
SHA256	`7c3fc357e1343b522e6fdd85d5e835bc326a762ea5666a5f39bb82147f650f3f`
SHA3	`5dc024bc4ab13fc1956b1258560b4baa5f654c5c2ee3552ebbf95dc0a2eb77e6`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29544`
MD5	`23e067f1dd96f40a5c7a048be3297978`
SHA1	`e7ce849fee217f45db3d87302cce7d70502493f8`
SHA256	`26f0d000e4315c296ac283212f173a1ea016ef25637b82cf2ac90e9a97c85d19`
SHA3	`f2a90cb29ee4563128b7f3d384982a448a23149b067110681ba46a36f1c9ee94`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x423`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29611`
MD5	`87d4fc207e2f334ede55ac9160602c94`
SHA1	`32b9b90a524d4a352d4bf719a0c8367534b7465d`
SHA256	`e4039327090739a6754db86ef1704a8a07115ceb11719c0987a9d00a77a77f16`
SHA3	`2aee41e621180606b743045a0aa710f5b4988e35a00a353a245493ab66a42fef`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	3.48.1.0
ProductVersion	3.48.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Tim Kosse
FileDescription	FileZilla FTP Client
FileVersion (#2)	3.48.1
LegalCopyright	Tim Kosse
OriginalFilename	FileZilla_3.48.1_win32-setup.exe
ProductName	FileZilla
ProductVersion (#2)	3.48.1

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd26650e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`165`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!