Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Nov-15 15:02:14 |
Detected languages |
English - United States
Russian - Russia |
TLS Callbacks | 1 callback(s) detected. |
Debug artifacts |
D:\TemporaryBuilds\installer_builder_1\172\s\_bin\architect8\Win32\analytics.pdb
|
CompanyName | © pdfforge GmbH. |
FileVersion | 5.0.1.0 |
LegalCopyright | © pdfforge GmbH. All rights reserved. |
InternalName | analytics.dll |
OriginalFilename | analytics.dll |
ProductName | PDF Architect 8 |
ProductVersion | 5.0.1.0 |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Accesses the WMI:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: pdfforge GmbH
Issuer: thawte SHA256 Code Signing CA |
Safe | VirusTotal score: 0/62 (Scanned on 2021-11-24 16:02:50) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x138 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2021-Nov-15 15:02:14 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x150000 |
SizeOfInitializedData | 0x84a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000E4108 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x151000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1d8000 |
SizeOfHeaders | 0x400 |
Checksum | 0x1c9dc2 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount HeapFree HeapSize HeapReAlloc HeapAlloc HeapDestroy GetProcessHeap GetSystemTimeAsFileTime FormatMessageA FormatMessageW LocalFree CreateEventA GetCurrentProcess WaitForSingleObjectEx SetEvent IsWow64Process DeleteFileW SetLastError GetTickCount GetWindowsDirectoryW EnterCriticalSection GetUserDefaultLCID GetVersionExW GetSystemInfo Sleep QueryPerformanceCounter QueryPerformanceFrequency GetStdHandle GetTempPathA OutputDebugStringA InitializeCriticalSection GetWindowsDirectoryA GetConsoleScreenBufferInfo SetConsoleTextAttribute GetCurrentThreadId GetTimeZoneInformation ReadConsoleW FlushFileBuffers GetFileSizeEx EnumSystemLocalesW EncodePointer DecodePointer DeleteCriticalSection SetThreadLocale GetThreadLocale GetModuleFileNameW LoadLibraryExW FindResourceW LoadResource SizeofResource GetLastError RaiseException lstrcmpiW GetModuleHandleW GetProcAddress FreeLibrary WriteFile CreateDirectoryW GetFileAttributesW WideCharToMultiByte LocalFileTimeToFileTime MultiByteToWideChar GetCurrentDirectoryW SystemTimeToFileTime ReadFile CloseHandle SetFilePointer CreateFileW RtlUnwind GetFileAttributesExW IsValidLocale GetLocaleInfoW CompareStringW GetTimeFormatW SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP GetACP IsValidCodePage AreFileApisANSI DeviceIoControl SetFilePointerEx SetEndOfFile RemoveDirectoryW FindNextFileW GetDateFormatW FreeLibraryAndExitThread ExitThread CreateThread ExitProcess GetConsoleMode GetConsoleOutputCP WriteConsoleW GetModuleHandleExW GetFileType InterlockedFlushSList FindFirstFileExW SetStdHandle IsDebuggerPresent OutputDebugStringW GetStringTypeW InitializeSRWLock ReleaseSRWLockExclusive AcquireSRWLockExclusive InitializeCriticalSectionEx TryEnterCriticalSection LCMapStringEx GetLocaleInfoEx CompareStringEx GetCPInfo UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent ResetEvent CreateEventW InitializeSListHead GetStartupInfoW GetCurrentProcessId ReleaseSemaphore WaitForMultipleObjectsEx OpenEventA SetWaitableTimer ResumeThread TlsAlloc TlsGetValue TlsSetValue TlsFree GetModuleHandleA CreateWaitableTimerA LoadLibraryA GetStringTypeExW LCMapStringW FindClose InterlockedPushEntrySList |
---|---|
USER32.dll |
CharNextW
LoadStringW GetSystemMetrics |
ADVAPI32.dll |
CryptAcquireContextA
CryptGenRandom CryptReleaseContext CryptAcquireContextW RegQueryValueExW SetNamedSecurityInfoW InitializeAcl AddAce GetSidLengthRequired InitializeSid GetSidSubAuthority IsValidSid CopySid GetLengthSid RegDeleteValueW RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegEnumKeyExW RegQueryInfoKeyW RegCloseKey RegDeleteKeyW |
SHELL32.dll |
SHGetFolderPathW
SHGetSpecialFolderPathW |
ole32.dll |
CoInitializeSecurity
CoInitializeEx CoSetProxyBlanket CoInitialize CoCreateInstance StringFromGUID2 CoTaskMemAlloc CoTaskMemRealloc CoTaskMemFree CoUninitialize |
OLEAUT32.dll |
VariantInit
VariantClear LoadRegTypeLib SysAllocStringByteLen SysStringLen SysAllocStringLen SysFreeString LoadTypeLib SysAllocString UnRegisterTypeLib VarUI4FromStr GetErrorInfo RegisterTypeLib VariantCopy |
SHLWAPI.dll |
PathFileExistsW
|
WININET.dll |
InternetOpenW
InternetSetOptionW InternetCloseHandle HttpSendRequestW InternetConnectW InternetReadFile HttpOpenRequestW InternetQueryOptionW HttpQueryInfoW InternetErrorDlg |
msi.dll |
#205
#70 |
Ordinal | 1 |
---|---|
Address | 0x67d0 |
Ordinal | 2 |
---|---|
Address | 0x67f0 |
Ordinal | 3 |
---|---|
Address | 0x6a80 |
Ordinal | 4 |
---|---|
Address | 0x6910 |
Ordinal | 5 |
---|---|
Address | 0x69d0 |
PDF Architect 8 |
{E9048F8E-A294-4148-98DC-BEECF15E6C03} |
PDF Architect 8 Installer |
{3A9A27DE-E9E8-4397-99AC-4B28B69B14A2} |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 5.0.1.0 |
ProductVersion | 5.0.1.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | © pdfforge GmbH. |
FileVersion (#2) | 5.0.1.0 |
LegalCopyright | © pdfforge GmbH. All rights reserved. |
InternalName | analytics.dll |
OriginalFilename | analytics.dll |
ProductName | PDF Architect 8 |
ProductVersion (#2) | 5.0.1.0 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Nov-15 15:02:14 |
Version | 0.0 |
SizeofData | 105 |
AddressOfRawData | 0x184028 |
PointerToRawData | 0x183428 |
Referenced File | D:\TemporaryBuilds\installer_builder_1\172\s\_bin\architect8\Win32\analytics.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Nov-15 15:02:14 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x184094 |
PointerToRawData | 0x183494 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Nov-15 15:02:14 |
Version | 0.0 |
SizeofData | 1004 |
AddressOfRawData | 0x1840a8 |
PointerToRawData | 0x1834a8 |
StartAddressOfRawData | 0x101844a4 |
---|---|
EndAddressOfRawData | 0x101844ac |
AddressOfIndex | 0x101b9a10 |
AddressOfCallbacks | 0x10151564 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks |
0x100E6F90
|
Size | 0xbc |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1019b1d8 |
SEHandlerTable | 0x10183110 |
SEHandlerCount | 966 |
XOR Key | 0xae27b167 |
---|---|
Unmarked objects | 0 |
ASM objects (27412) | 21 |
C++ objects (27412) | 210 |
262 (27412) | 1 |
253 (28518) | 2 |
C objects (VS 2015/2017/2019 runtime 29804) | 16 |
ASM objects (VS 2015/2017/2019 runtime 29804) | 25 |
C++ objects (VS 2015/2017/2019 runtime 29804) | 96 |
C objects (27412) | 29 |
C++ objects (VS2019 Update 7 (16.7.1) compiler 29111) | 5 |
C++ objects (VS2019 Update 9 (16.9.2-3) compiler 29913) | 4 |
Imports (27412) | 21 |
Total imports | 276 |
C++ objects (28106) | 72 |
C++ objects (VS2019 Update 3 (16.3) compiler 28107) | 3 |
265 (VS2019 Update 9 (16.9.2-3) compiler 29913) | 53 |
Exports (VS2019 Update 9 (16.9.2-3) compiler 29913) | 1 |
Resource objects (VS2019 Update 9 (16.9.2-3) compiler 29913) | 1 |
151 | 1 |
Linker (VS2019 Update 9 (16.9.2-3) compiler 29913) | 1 |