24a1de7bbe061da6785bcbf0fcce10e2

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - United States
Comments This installation was built with Inno Setup.
CompanyName SOFPRO, Software Protection Labs
FileDescription PC Guard for Win32 V6 DEMO Setup
FileVersion
LegalCopyright Copyright © SOFPRO, Software Protection Labs
ProductName PC Guard for Win32 V6 DEMO
ProductVersion 6.00

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Suspicious The PE is possibly packed. Unusual section name found: DATA
Unusual section name found: BSS
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
Possibly launches other programs:
  • CreateProcessA
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Can shut the system down or lock the screen:
  • ExitWindowsEx
Info The PE is digitally signed. Signer: SOFPRO DOO
Issuer: COMODO RSA Code Signing CA
Safe VirusTotal score: 0/69 (Scanned on 2019-10-10 00:18:21) All the AVs think this file is safe.

Hashes

MD5 24a1de7bbe061da6785bcbf0fcce10e2
SHA1 4a288716868e69c74a4963466dcc1562cdf5ee7f
SHA256 f4d29293d0d0b33a76b755e75a96e6dfba254a85a2bbe6ca9bacdc03f89117dc
SHA3 f96af6ed480ce731a603193329c7ccbc7863e05b3e5262c3ed75446f28654b8c
SSDeep 49152:eygix+r+DWyVOlObreUb0Kx3/c5keMN+ntoTKlF6wyt:PlxhYlSiUbTvbeiYxT6Lt
Imports Hash 4fb639b17a439bf0efa713bd4c6e715b

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xa400
SizeOfInitializedData 0x8400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000AAD0 (Section: CODE)
BaseOfCode 0x1000
BaseOfData 0xc000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 6.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1a000
SizeOfHeaders 0x400
Checksum 0x238f3e
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 49513e676dadfb3919c4b137dd7c6d66
SHA1 e6c4c7e38501072f322e4f18ffd39504f31df249
SHA256 c9cacb8383af383868596fd7cc29cc2dd72cf0fd2dd17afd22250ee487c57e6c
SHA3 9ec3b4e433447fb51ecec6020e864fa57f782df70c5af1a77b8cc66da419966e
VirtualSize 0xa208
VirtualAddress 0x1000
SizeOfRawData 0xa400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.60167

DATA

MD5 0a7b48e75f6b6ef4a087528fee0d185c
SHA1 6bf1df8efc854015630f0cc2bf9ca03245387085
SHA256 76a5e5181b7bd4262c56e346c7a6b9019dc048909f22754790520fc85240d754
SHA3 64a903c8330969ad0dd3bb18e3f28406531d9fc3ed36d56e752dd41fb8251dec
VirtualSize 0x250
VirtualAddress 0xc000
SizeOfRawData 0x400
PointerToRawData 0xa800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.77135

BSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe94
VirtualAddress 0xd000
SizeOfRawData 0
PointerToRawData 0xac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 df5f31e62e05c787fd29eed7071bf556
SHA1 3cfc95ebff0ce7dd7301eecc34bb84ee23beede8
SHA256 6b5e5c1868fa49411f0994cb6d66861b9a3df383e1bbe66616bb298966bfb9ce
SHA3 c4dfb0eb61fd84119a56f4451dbab23dbbc70e162d8912f4b492f5553ac46874
VirtualSize 0x97c
VirtualAddress 0xe000
SizeOfRawData 0xa00
PointerToRawData 0xac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.48608

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8
VirtualAddress 0xf000
SizeOfRawData 0
PointerToRawData 0xb600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 14dfa4128117e7f94fe2f8d7dea374a0
SHA1 2b87a504cb33a3fbd0e12d47b5e2e300f8257779
SHA256 568b1f939a2cb9e982ceec1c3b15a6e8af6c345ba9094b98a61725bc71f4791c
SHA3 e94f4e299914230cc15cd9ab73bf3781bd6c8c9d3b80f85bd7ef74b7bbcb3e55
VirtualSize 0x18
VirtualAddress 0x10000
SizeOfRawData 0x200
PointerToRawData 0xb600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 0.190489

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x920
VirtualAddress 0x11000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED

.rsrc

MD5 5f2678db2ed0dc2b2dcc00dff8aec00b
SHA1 cfbc2654793703370b05d89ceafb78a59fc2e025
SHA256 edb60d91aca21217b8d988a53cd19f9cf4c7d7adaf441c576025a0dc0c54fafb
SHA3 186add7984a01da47194dd30f04b19e19ded501ae75f0b3383bf20b783649800
VirtualSize 0x734c
VirtualAddress 0x12000
SizeOfRawData 0x7400
PointerToRawData 0xb800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 5.9474

Imports

kernel32.dll DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll MessageBoxA
oleaut32.dll VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen
advapi32.dll RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
kernel32.dll (#2) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll (#2) MessageBoxA
comctl32.dll InitCommonControls
advapi32.dll (#2) RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.09291
MD5 d3bd6e46c3a21bacf9e48b2b83000fe4
SHA1 607c3b8b02120f2a64fcf9d5ecf91239060eb522
SHA256 11f0a4b657ffd6e61028377ade57d3211eda6227eff99639be6ba3e6249993bf
SHA3 621d83ca3ebaca902527e803ac0c378978fa0dfeac2acbea9819a4d8100e2c1d

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.00878
MD5 15ab3e4981bd822023680b04fa454fe3
SHA1 cbc6623b7a4153dd4b368279cd2ab836b9c0cce3
SHA256 7e71bfa3aa23bdd83edad0a5af7df1155f1fa43239b2fca27bb8643c4a7a8d38
SHA3 33d00e804c2480a82813a6848212f5a99d1ce4f1b53d8a223848489eeebd3b28

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.55131
MD5 451c0ed699d9b3082a762abb3c0ec561
SHA1 977090558db3431ea14c19eadc17b2d2aac27ee7
SHA256 53a6efc7876656c4c5c7ff51baec121ab37bb814647234c38e3f76fc6284e248
SHA3 8af18cb1a517f86cb5092482231d6a3c11a5027afb21691a625929e70a1c6c58

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.49244
MD5 bb3620937df8e002760a1a06e09ddf7e
SHA1 808d0d8ae20388e0d8b02e1e74ebf10875b22faa
SHA256 ece9553b48471cc345023932dbe5aa3629b9fff340569fbb755f6aad24094479
SHA3 8fcb6c39c2b9fcd325bef8f32951af731585da3819a90a5b73ba7522bc4a0f95

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.8511
MD5 fc8c0bf2f4467b7e079f9fecfd0c9595
SHA1 d57d6dcbebfc67c8f453d2b6ab31a24cd496f84c
SHA256 966dc99506fa85c6e196b240310196fa121368c4b4fb7e7e78f7b571fb97113b
SHA3 50af8e2e56d0f593fa47c03423091261ef3e9c30ad1c51d9de1b9885ec7b0351

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.97444
MD5 b57adfefd8e4603ff92274b379b9cfa7
SHA1 ecef6c29dad0ac101abe79ba6807ae318e044a94
SHA256 9059056a05226741ec8b38be04dd0038733e27c97667b3e7702b23e4263b721a
SHA3 34ec55b59a24455e7edd1efb0ccc5e69da58651f907985b100a868793eaa6780

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.8851
MD5 34e4e1f5903858bb20457c45525fe607
SHA1 32e1c21ea8846bcb5c56d6769d8504dddd9c3c39
SHA256 7e74c41446be5569b7ec8495de9a3a4e2a7d21755735c7b650eabf04882fc927
SHA3 9d29caa8bbe6bde45385d5c4f0a02375b3364b9e507fe8d1d70b879fc6374425

4089

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2f2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.21823
MD5 bbf4b644f9dd284b35eb31573d0df2f7
SHA1 4f9885ae629e83464e313af5254ef86f01accd0b
SHA256 2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f
SHA3 ebed2e4a929600c1460761d462143feb092840986b31c9748d3aeb8174d4205e

4090

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x30c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31515
MD5 ac2a0551cb90f91d779ee8622682dfb1
SHA1 ff0db7d2f48d85ceb3539b21ebe9d0ca3443f1da
SHA256 840989e0a92f2746ae60b8e3efc1a39bcca17e82df3634c1643d76141fc75bb3
SHA3 58a85f5c53df73aa79e5f5a36aa151ca0d9da4d450ebc2975a3ee827b46342a5

4091

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2ce
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25024
MD5 c99b474c52df3049dfb38b5308f2827d
SHA1 7375e693629ce6bbd1a0419621d094bcd2c67bb7
SHA256 26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78
SHA3 c6013febd14dd876e3b81111ec17dd2724dbf4147b0ad7be9d03259bcb59fef3

4093

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.86149
MD5 aec4e28ea9db1361160cde225d158108
SHA1 249013a10cde021c713ba2dc8912f9e05be35735
SHA256 d786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c
SHA3 a067c4d88d719ed8d568951acb776bd798b691a8b153f8d94ba0574ede1fbf4c

4094

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xb4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20731
MD5 c76a8843204c0572bca24ada35abe8c7
SHA1 066052030d0a32310da8cb5a51d0590960a65f32
SHA256 00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd
SHA3 07523cf88b3803ea41acfeb3c9c0c4b5b4b9fb6f9a3232802491d8de1b6c9166

4095

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04592
MD5 4bd4f3f6d918ba49d8800ad83d277a86
SHA1 1f5e4c73965fea1d1f729efbe7568dcd081a2168
SHA256 34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3
SHA3 2d01c56a5bf0b390addf4fb5b6ae02f9a64bd03ffd300d3763615bbb8ec911fe

11111

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.52263
MD5 ee06b53823712f6f8710bf433b1e5c95
SHA1 ae6c4910775549f0dbb04f3acf4825b466ba7e9d
SHA256 23e862d85d09fdcd29616ee89ee1f821cdfb994289cf50787c26bfe00f76a430
SHA3 de9b76e65060d44ed0a68f7f9efb406f8275526acfbf9f5f9754c22b97290983

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.84973
Detected Filetype Icon file
MD5 d311c64bd67186fb70f60f425eac1b07
SHA1 08705415c6a65dface498d0bb77e66d2cba4beb9
SHA256 3047637714cedd7b3c1092c47a226b1fd276b29a74bda5965c53611bf8a4ffc7
SHA3 bae9e7f5a5dcabcec0c58fa9756d413f740238606ac3127d5699a2c4c1b3a7b3

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x4f4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.89809
MD5 719803b6c2c0aa6f51ce43c864504304
SHA1 af0703177ccf598c505b3674f62183fba5fa51f0
SHA256 e890417bf5d51b9cd525917ab5d60c92922f5dbab97f3edd4bcc629b654d49b7
SHA3 b7835d30c261f82354c3e94fb9bfd921d053b4ffb521b2e3f2f660b0f53d7622

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x62c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.13965
MD5 f78a870573f5bf2f15570e286257fae7
SHA1 eaccbf47cd42836b0e21ab2196b86d98a28733ca
SHA256 356ca8abf11d97bf9dcbff47c04bf1ddcb8685ef84d38e6850ec6c28a37655b9
SHA3 f19c38bb277b8098eb08d8b9a12df0b660a7c01098e20adda4c4fc5765d937ca

String Table contents

'%s' is not a valid integer value
'%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time
'%s' is not a valid date and time
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant type conversion
Invalid variant operation
Variant method calls not supported
Read
Write
Format result longer than 4096 characters
Format string too long
Error creating variant array
Variant is not an array
Variant array index out of bounds
External exception %x
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments This installation was built with Inno Setup.
CompanyName SOFPRO, Software Protection Labs
FileDescription PC Guard for Win32 V6 DEMO Setup
FileVersion (#2)
LegalCopyright Copyright © SOFPRO, Software Protection Labs
ProductName PC Guard for Win32 V6 DEMO
ProductVersion (#2) 6.00
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x40f000
EndAddressOfRawData 0x40f008
AddressOfIndex 0x40d3d0
AddressOfCallbacks 0x410010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: directory 5 has a size of 0! This PE may have been manually crafted! [!] Error: Could not reach the requested directory (offset=0x0). [*] Warning: Section BSS has a size of 0! [*] Warning: Section .tls has a size of 0! [*] Warning: Section .reloc has a size of 0!