26de8b100eb8cf8496441f1173d85cce
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2015-Sep-09 05:59:06 |
| Detected languages |
English - United States
|
| Debug artifacts |
C:\CodeBases\isdev\redist\Language Independent\i386\setup.pdb
|
| CompanyName | Timersoft |
| FileDescription | Setup Launcher Unicode |
| FileVersion | 2.5 |
| InternalName | Setup |
| LegalCopyright | Copyright (c) 2015 Flexera Software LLC. All Rights Reserved. |
| OriginalFilename | InstallShield Setup.exe |
| ProductName | Lottery Looper |
| ProductVersion | 2.5 |
| Internal Build Number | 158438 |
| ISInternalVersion | 22.0.347 |
| ISInternalDescription | Setup Launcher Unicode |
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Microsoft's Cryptography API |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE's resources present abnormal characteristics. | Resource 103 is possibly compressed or encrypted. |
| Suspicious | The file contains overlay data. |
1106136 bytes of data starting at offset 0x13ba00.
The overlay data has an entropy of 7.99952 and is possibly compressed or encrypted. |
| Safe | VirusTotal score: 0/67 (Scanned on 2021-07-15 01:34:42) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 4 |
| TimeDateStamp | 2015-Sep-09 05:59:06 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 11.0 |
| SizeOfCode | 0xb3600 |
| SizeOfInitializedData | 0x88000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000777CC (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0xb5000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.1 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.1 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x145000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
Imports
| VERSION.dll |
VerQueryValueW
GetFileVersionInfoW GetFileVersionInfoSizeW |
|---|---|
| COMCTL32.dll |
#17
|
| KERNEL32.dll |
LoadLibraryW
GetModuleHandleW lstrcmpW lstrcmpiW GetSystemDefaultLangID GetUserDefaultLangID VerLanguageNameW CompareFileTime CreateDirectoryW FindClose FindFirstFileW FindNextFileW SetFileAttributesW GetSystemTimeAsFileTime GetPrivateProfileStringW MoveFileW LocalFree FormatMessageW GetSystemInfo MulDiv RaiseException EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionAndSpinCount DeleteCriticalSection LoadLibraryExW GetVersion GetLocalTime IsValidLocale GetCommandLineW GetFileAttributesW FlushFileBuffers SetEndOfFile VirtualQuery lstrcpyA IsBadReadPtr GetDiskFreeSpaceW GetDriveTypeW GetExitCodeProcess GetCurrentThread GetLocaleInfoW InterlockedExchange LoadLibraryExA GetProcAddress FreeLibrary CompareStringA CompareStringW lstrcatW GetVersionExW InterlockedDecrement InterlockedIncrement CreateEventW QueryPerformanceFrequency ReadConsoleW WriteConsoleW SetStdHandle SetFilePointerEx GetConsoleMode GetTempFileNameW SetConsoleCtrlHandler OutputDebugStringW EnumSystemLocalesW GetUserDefaultLCID FatalAppExitA FreeEnvironmentStringsW GetEnvironmentStringsW GetFileType HeapReAlloc CreateSemaphoreW GetStartupInfoW TlsFree TlsSetValue TlsGetValue TlsAlloc SetUnhandledExceptionFilter UnhandledExceptionFilter GetStringTypeW GetCPInfo GetOEMCP IsValidCodePage GetCurrentThreadId HeapSize AreFileApisANSI GetModuleHandleExW GetStdHandle GetACP IsProcessorFeaturePresent IsDebuggerPresent RtlUnwind lstrcpynA LocalAlloc QueryPerformanceCounter SearchPathW lstrcmpA SystemTimeToFileTime ResetEvent SetEvent VirtualProtect GetCurrentProcessId Process32NextW Process32FirstW CreateToolhelp32Snapshot GetDateFormatW GetTimeFormatW GetCurrentDirectoryW FindResourceExW GetLastError CopyFileW GetTickCount GetExitCodeThread CreateThread FindResourceW GlobalFree GlobalUnlock GlobalLock GlobalAlloc SizeofResource LockResource LoadResource lstrcpyW GetWindowsDirectoryW SetErrorMode GetTempPathW ExpandEnvironmentStringsW MoveFileExW WriteProcessMemory VirtualProtectEx GetSystemDirectoryW FlushInstructionCache SetThreadContext GetThreadContext CreateProcessW ResumeThread TerminateProcess ExitProcess GetCurrentProcess Sleep WaitForSingleObject DuplicateHandle RemoveDirectoryW DeleteFileW SetCurrentDirectoryW lstrlenW lstrcpynW GetModuleFileNameW GetProcessHeap HeapFree HeapAlloc WriteFile SetFilePointer ReadFile WideCharToMultiByte GetEnvironmentVariableW SetFileTime GetFileTime OpenProcess GetProcessTimes LCMapStringW DecodePointer EncodePointer MultiByteToWideChar lstrlenA UnmapViewOfFile MapViewOfFile CreateFileMappingW CloseHandle GetFileSize CreateFileW SetLastError GetConsoleCP |
| USER32.dll |
DefWindowProcW
PostMessageW DispatchMessageW PostQuitMessage RegisterClassW TranslateMessage GetMessageW CharUpperW KillTimer SetTimer GetDC CharPrevW SendDlgItemMessageW wvsprintfW LoadImageW CreateDialogParamW MoveWindow SetCursor GetWindow GetDlgItemTextW SetFocus EnableWindow SetForegroundWindow SetActiveWindow SetDlgItemTextW IsDialogMessageW FindWindowW SubtractRect IntersectRect SetRect FillRect GetSysColorBrush GetSysColor GetWindowRect ExitWindowsEx GetSystemMetrics GetDlgCtrlID CreateDialogIndirectParamW DestroyWindow IsWindow SendMessageW MessageBoxW CharNextW WaitForInputIdle SetWindowLongW GetWindowLongW GetClientRect EndPaint BeginPaint ReleaseDC GetWindowDC SetWindowPos SetWindowTextW GetDlgItem EndDialog DialogBoxIndirectParamW ShowWindow GetDesktopWindow MsgWaitForMultipleObjects PeekMessageW wsprintfW LoadIconW LoadCursorW CreateWindowExW |
| GDI32.dll |
GetObjectW
SetTextColor SetBkMode GetDeviceCaps CreateFontW CreateFontIndirectW SetStretchBltMode StretchBlt SelectObject DeleteDC CreateDIBitmap CreateCompatibleDC BitBlt DeleteObject GetStockObject CreatePalette GetSystemPaletteEntries RealizePalette SelectPalette GetDIBColorTable CreateHalftonePalette UnrealizeObject TranslateCharsetInfo CreateSolidBrush |
| ADVAPI32.dll |
RegCloseKey
CryptSignHashW CryptHashData CryptCreateHash CryptAcquireContextW RegOpenKeyW RegEnumKeyW RegCreateKeyW LookupPrivilegeValueW AdjustTokenPrivileges CryptVerifySignatureW RegOpenKeyExW RegQueryValueExW RegDeleteValueW RegCreateKeyExW RegEnumValueW GetTokenInformation FreeSid EqualSid AllocateAndInitializeSid OpenThreadToken OpenProcessToken SetSecurityDescriptorOwner SetSecurityDescriptorGroup SetSecurityDescriptorDacl InitializeSecurityDescriptor RegQueryInfoKeyW RegEnumKeyExW RegDeleteKeyW RegSetValueExW |
| SHELL32.dll |
SHGetSpecialFolderLocation
ShellExecuteW SHBrowseForFolderW SHGetPathFromIDListW CommandLineToArgvW ShellExecuteExW SHGetMalloc |
| ole32.dll |
CoCreateInstance
StringFromGUID2 CoCreateGuid CreateItemMoniker GetRunningObjectTable CLSIDFromProgID CoTaskMemAlloc CoTaskMemRealloc CoTaskMemFree ProgIDFromCLSID CoUninitialize CoInitializeSecurity CoInitialize |
| OLEAUT32.dll |
LoadTypeLib
SysAllocStringLen SysFreeString SysReAllocStringLen SysStringLen SysAllocString SysStringByteLen SysAllocStringByteLen VarBstrCat VarBstrFromDate VariantClear VariantChangeType GetErrorInfo VarUI4FromStr SystemTimeToVariantTime RegisterTypeLib SetErrorInfo CreateErrorInfo |
| CRYPT32.dll |
CryptAcquireCertificatePrivateKey
CryptImportPublicKeyInfo PFXImportCertStore CertSaveStore CertOpenStore CertFindCertificateInStore CertCompareCertificate CertOpenSystemStoreW CertGetIssuerCertificateFromStore CertSetCertificateContextProperty CertGetCertificateContextProperty CertAddCertificateContextToStore CertEnumCertificatesInStore |
| RPCRT4.dll |
UuidCreate
UuidToStringW UuidFromStringW RpcStringFreeW |
| msi.dll (delay-loaded) |
#8
#113 #70 #264 #32 #159 #160 #78 #150 #92 #17 #125 #118 #120 #103 #205 #141 #96 #72 |
Delayed Imports
| Attributes | 0x1 |
|---|---|
| Name | msi.dll |
| ModuleHandle | 0xf2898 |
| DelayImportAddressTable | 0xee4e8 |
| DelayImportNameTable | 0xe92a0 |
| BoundDelayImportTable | 0xe92f0 |
| UnloadDelayImportTable | 0xe9340 |
| TimeStamp | 1970-Jan-01 00:00:00 |
IDR_GIF1
IDR_GIF1 (#2)
10554
10652
103
10550
10551
10553
10650
10651
1
2
3
4
5
6
7
8
9
10
11
103 (#2)
105
106
107
108
109
119
121
125
126
127
128
129
130
131
132
1000
1001
1008
1026
1034
3003
3004
69
70
71
72
73
76
101
102
103 (#3)
104
105 (#2)
107 (#2)
108 (#2)
113
114
115
116
117
118
119 (#2)
120
126 (#2)
134
135
138
100
112
217
1 (#2)
1 (#3)
1 (#4)
String Table contents
| Setup Initialization Error |
| %s |
| %1 Setup is preparing the %2, which will guide you through the program setup process. Please wait. |
| Checking Operating System Version |
| Checking Windows(R) Installer Version |
| Configuring Windows Installer |
| Configuring %s |
| Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Restart to reboot the system. |
| %s |
| Choose Setup Language |
| Select the language for this installation from the choices below. |
| The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later. |
| This setup will perform an upgrade of '%s'. Do you want to continue? |
| A later version of '%s' is already installed on this machine. The setup cannot continue. |
| OK |
| Cancel |
| Password: |
| Install |
| &Next > |
| Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 6 (or later version), before relaunching the installation |
| Error writing to the temporary location |
| Error extracting %s to the temporary location |
| Error reading setup initialization file |
| Installer not found in %s |
| File %s not found |
| Internal error in Windows Installer |
| Error populating strings. Verify that all strings in Setup.ini are valid. |
| Restart |
| Setup needs %lu KB free disk space in %s. Please free up some space and try again |
| You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation |
| Command line parameters: |
| /L language ID |
| /S Hide intialization dialog. For silent mode use: /S /v/qn |
| /V parameters to MsiExec.exe |
| Windows(R) Installer %s found. This is an older version of the Windows(R) Installer. Click OK to continue. |
| ANSI code page for %s is not installed on the system and therefore setup cannot run in the selected language. Run the setup and select another language. |
| Setup requires Windows Installer version %s or higher to install the Microsoft .NET Framework version 2.0. Please install the Windows Installer version %s or higher and try again. |
| This setup does not contain the Windows Installer engine (%s) required to run the installation on this operating system. |
| Unable to install %s Scripting Runtime. |
| Unable to create InstallDriver instance, Return code: %d |
| Please specify a location to save the installation package. |
| Unable to extract the file %s. |
| Extracting files. |
| Downloading file %s. |
| An error occurred while downloading the file %s. What would you like to do? |
| hr |
| min |
| sec |
| MB |
| KB |
| /sec |
| Failed to verify signature of file %s. |
| Estimated time remaining: |
| %d %s of %d %s downloaded at %01d.%01d %s%s |
| Preparing to Install... |
| Get help for this installation. |
| Help |
| Unable to save file: %s |
| Failed to complete installation. |
| Invalid command line. |
| /UA<url to InstMsiA.exe> |
| /UW<url to InstMsiW.exe> |
| /UM<url to msi package> |
| /US<url to IsScript.msi> |
| Setup Initialization Error, failed to clone the process. |
| The file %s already exists. Would you like to replace it? |
| Could not verify signature. You need Internet Explorer 3.02 or later with Authenticode update. |
| Setup requires a newer version of WinInet.dll. You may need to install Internet Explorer 3.02 or later. |
| You do not have sufficient privileges to complete this installation. Log on as administrator and then retry this installation |
| Error installing Microsoft(R) .NET Framework, Return Code: %d |
| %s optionally uses the Microsoft (R) .NET %s Framework. Would you like to install it now? |
| Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 3 (or later version), before relaunching the installation |
| %s optionally uses the Visual J# Redistributable Package. Would you like to install it now? |
| (This will also install the .NET Framework.) |
| Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running Windows 2000 Service Pack 3 (or later version), before relaunching the installation |
| %s requires the following items to be installed on your computer. Click Install to begin installing these requirements. |
| Installing %s |
| Would you like to cancel the setup after %s has finished installing? |
| The files for installation requirement %s could not be found. The installation will now stop. This is probably due to a failed, or canceled download. |
| The installation of %s appears to have failed. Do you want to continue the installation? |
| Succeeded |
| Installing |
| Pending |
| Installed |
| Status |
| Requirement |
| Failed |
| Extracting |
| Downloading |
| Skipped |
| The installation of %s has failed. Setup will now exit. |
| The installation of %s requires a reboot. Click Yes to restart now or No if you plan to restart later. |
| %1 optionally uses %2. Would you like to install it now? |
| Downloading file %2 of %3: %1 |
| This installation lets you install multiple instances of the product. Select the instance you would like to install, and then click Next to continue: |
| &Install a new instance |
| &Maintain or upgrade an existing instance |
| Default |
| Instance ID |
| Product Name |
| Location |
| This installation lets you patch multiple instances of the product. Select an option below to specify how you would like to apply this patch, and then click Next to continue. |
| Patch &all of the existing instances |
| &Patch an existing instance |
| This installation requires Windows Installer version 4.5 or newer. Setup will now exit. |
| Decompressing |
| Version |
| Choose Setup Language |
| Select the language for the installation from the choices below. |
| &OK |
| InstallShield Wizard |
| Cancel |
| &Next > |
| < &Back |
| Do you wish to install %s? |
| Authenticity Verified |
| The identity of this software publisher was verified by %s. |
| Caution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion. |
| &Always trust software published by %s. |
| This software has not been altered since publication by %s. To install %s, click OK. |
| InstallShield |
| Preparing Setup |
| Please wait while the InstallShield Wizard prepares the setup. |
| Finish |
| Transfer rate: |
| Estimated time left: |
| /s |
| %s - InstallShield Wizard |
| Exit Setup |
| Are you sure you want to cancel the setup? |
| &Install a new instance of this application. |
| Existing Installed Instances Detected |
| Select the appropriate application instance to maintain or update. |
| Setup has detected one or more instances of this application already installed on your system. |
| &Maintain or update the instance of this application selected below: |
| Setup has detected one or more instances of this application already installed on your system. You can maintain or update an existing instance or install a completely new instance. |
| Select the instance of the application you want to &maintain or update below: |
| Display Name |
| Install Location |
| %s Setup is preparing the InstallShield Wizard, which will guide you through the rest of the setup process. Please wait. |
| Error Code: |
| Error Information: |
| An error (%s) has occurred while running the setup. |
| Please make sure you have finished any previous setup and closed other applications. If the error still occurs, please contact your vendor: %s. |
| &Detail |
| &Report |
| There is not enough space to initialize the setup. Please free up at least %ld KB on your %s drive before you run the setup. |
| A user with administrator rights installed this application. You need to have similar privileges to modify or uninstall it. |
| Another instance of this setup is already running. Please wait for the other instance to finish and then try again. |
| Security Warning |
| Do you want to run this setup? |
| The origin and integrity of this application could not be verified. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication. |
| I &do not trust this setup |
| I &understand the security risk and wish to continue |
| The origin and integrity of this application could not be verified because it was not signed by the publisher. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication. |
| The origin and integrity of this application could not be verified. The certificate used to sign the software has expired or is invalid or untrusted. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication. |
| The software is corrupted or has been altered since it was published. You should not continue this setup. |
| This setup was created with a BETA VERSION of %s |
| This Setup was created with an EVALUATION VERSION of %s |
| Please enter the password |
| This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality. For more information, see InstallShield KB article Q200900. |
| This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s days after they were built. Please rebuild the setup to run it again. The setup will now exit. |
| This setup works until %s. The setup will now exit. |
| InstallShield Setup Player V22 |
| The path to the installation contains unsupported characters. Try moving the installation to a location that does not have special characters, and then try relaunching it. |
| This setup requires administrative privileges that appear to be unavailable. Would you like to try again? |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 2.5.0.0 |
| ProductVersion | 2.5.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_DLL
|
| Language | English - United States |
| CompanyName | Timersoft |
| FileDescription | Setup Launcher Unicode |
| FileVersion (#2) | 2.5 |
| InternalName | Setup |
| LegalCopyright | Copyright (c) 2015 Flexera Software LLC. All Rights Reserved. |
| OriginalFilename | InstallShield Setup.exe |
| ProductName | Lottery Looper |
| ProductVersion (#2) | 2.5 |
| Internal Build Number | 158438 |
| ISInternalVersion | 22.0.347 |
| ISInternalDescription | Setup Launcher Unicode |
| Resource LangID | UNKNOWN |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2015-Sep-09 05:59:06 |
| Version | 0.0 |
| SizeofData | 86 |
| AddressOfRawData | 0xcf3d8 |
| PointerToRawData | 0xcddd8 |
| Referenced File | C:\CodeBases\isdev\redist\Language Independent\i386\setup.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2015-Sep-09 05:59:06 |
| Version | 0.0 |
| SizeofData | 16 |
| AddressOfRawData | 0xcf430 |
| PointerToRawData | 0xcde30 |
TLS Callbacks
Load Configuration
| Size | 0x48 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x4ed0f0 |
| SEHandlerTable | 0x4d1330 |
| SEHandlerCount | 1169 |
RICH Header
| XOR Key | 0x9d9f1b85 |
|---|---|
| Unmarked objects | 0 |
| 211 (VS2012 UPD1 build 51106) | 11 |
| ASM objects (50929) | 22 |
| C objects (VS2012 UPD1 build 51106) | 1 |
| C objects (50929) | 139 |
| 188 (30716) | 3 |
| C++ objects (50929) | 67 |
| Total imports | 366 |
| 185 (30716) | 23 |
| C++ objects (VS2012 UPD1 build 51106) | 53 |
| Resource objects (VS2012 UPD1 build 51106) | 1 |
| 151 | 1 |
| Linker (VS2012 UPD1 build 51106) | 1 |