Manalyze report for 2ac0ef5566630c83b0fb2e88c8c9f2388fe2be7aaa3a903ccf7024a011f5a5fc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2014-Oct-07 04:40:17
Detected languages	English - United States
CompanyName	Bigly Software
CompanyWebsite	http://www.BiglyBT.com
ProductName	BiglyBT Stub Installer

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: BiglyBT.com http://nsis.sf.net http://nsis.sf.net/NSIS_Error http://www.BiglyBT.com nsis.sf.net www.BiglyBT.com`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExA` `Can access the registry: RegCloseKey RegOpenKeyExA RegDeleteKeyA RegDeleteValueA RegEnumValueA RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Open Source Developer` `Issuer: Certum Code Signing 2021 CA`
Suspicious	VirusTotal score: 1/70 (Scanned on 2026-02-21 07:11:37)	`Bkav: W32.AIDetectMalware`

Hashes

MD5	`d060e3fd5c6e709c7d21b070232ffed2`
SHA1	`b0d0f7dcef6299c4075845dbf2a2ee3d9769de95`
SHA256	`2ac0ef5566630c83b0fb2e88c8c9f2388fe2be7aaa3a903ccf7024a011f5a5fc`
SHA3	`3e861d12e4208df6774c8226bd0ca1b12f4f7a70189d206d9545458a0236d1a1`
SSDeep	`1536:loAs868MBX80Stmv8oXJOdsu8tJ9Pztmp9yimcUgWkT1Id7jAckWdhgDJQaM1gw5:eAsj8MBX8s0oXJC8NPztE9yzCWT7jAcZ`
Imports Hash	`59a4a44a250c4cf4f2d9de2b3fe5d95f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2014-Oct-07 04:40:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5c00`
SizeOfInitializedData	`0x1cc00`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x00003217 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x38000`
SizeOfHeaders	`0x400`
Checksum	`0x1eaab`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`92032f5e50e74fe0fe80a33ba4ca92db`
SHA1	`4ccbaddbb239a58e04ea02027b171f35e16dfb12`
SHA256	`f881e177c2be756004684d9c8c8dde9a04353378413ea6d33ff7c03585fa369e`
SHA3	`a872592dff1329a327159f7db320a876d2a35d3740987b68232144c9734b9dbc`
VirtualSize	`0x5bf4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47821`

.rdata

MD5	`5801d712ecba58aa87d1e7d1aa24f3aa`
SHA1	`0ec4a63131e982d6c2f062510def1c9cc9289b04`
SHA256	`8b2280421a981161fd3454df323dc2829d171a642d5f11de47c895f784ba52d7`
SHA3	`eca35642bb2f89b4724b5d3c49708b96bc0fdcf7db04a6b26cf4dbda9b7087b9`
VirtualSize	`0x11ce`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23612`

.data

MD5	`f2470ac8847791744aff280e7e2f5353`
SHA1	`8d1d071e3f45ba87014fced1f57d807c0ccb6577`
SHA256	`1a5ff591def1c79f5135cd8d72d17de05e96629ee1bc38c6ce38322cb0c64a45`
SHA3	`78f1248f5e15aeffc820ff9542bc927e9d3a5caa7301ba8ebb377598a5dc6b30`
VirtualSize	`0x1a7f8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.0254`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xd000`
VirtualAddress	`0x24000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`970cdeb2a8a60a1125d2ac1bac98500c`
SHA1	`84b065fd818ec03f1476f3017466ae41a36769f3`
SHA256	`1a6980fa814f7ba039607531813658b73d6c1c5a6794e686a7338b701cb74db9`
SHA3	`2bbf2c0150bf71204019099b0e38f2f7361bddf6f78da2981091108eca957651`
VirtualSize	`0x69a0`
VirtualAddress	`0x31000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.74514`

Imports

KERNEL32.dll	`GetTickCount` `GetFullPathNameA` `MoveFileA` `SetCurrentDirectoryA` `GetFileAttributesA` `GetLastError` `CreateDirectoryA` `SetFileAttributesA` `SearchPathA` `GetShortPathNameA` `CreateFileA` `GetFileSize` `GetModuleFileNameA` `ReadFile` `GetCurrentProcess` `CopyFileA` `ExitProcess` `SetEnvironmentVariableA` `Sleep` `CloseHandle` `GetCommandLineA` `SetErrorMode` `LoadLibraryA` `lstrlenA` `lstrcpynA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `CreateProcessA` `RemoveDirectoryA` `GetTempFileNameA` `lstrcpyA` `lstrcatA` `GetSystemDirectoryA` `GetVersion` `GetProcAddress` `GlobalAlloc` `CompareFileTime` `SetFileTime` `ExpandEnvironmentStringsA` `lstrcmpiA` `lstrcmpA` `WaitForSingleObject` `GlobalFree` `GetExitCodeProcess` `GetModuleHandleA` `GetTempPathA` `GetWindowsDirectoryA` `LoadLibraryExA` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `WriteFile` `FindClose` `WritePrivateProfileStringA` `MultiByteToWideChar` `MulDiv` `GetPrivateProfileStringA` `FreeLibrary`
USER32.dll	`CreateWindowExA` `EndDialog` `ScreenToClient` `GetWindowRect` `EnableMenuItem` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `GetWindowLongA` `SetCursor` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `GetDC` `SystemParametersInfoA` `RegisterClassA` `TrackPopupMenu` `AppendMenuA` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamA` `SetTimer` `GetDlgItem` `wsprintfA` `SetForegroundWindow` `ShowWindow` `IsWindow` `LoadImageA` `SetWindowLongA` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `EndPaint` `PostQuitMessage` `FindWindowExA` `SendMessageTimeoutA` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `ShellExecuteA` `SHFileOperationA`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegDeleteKeyA` `RegDeleteValueA` `RegEnumValueA` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_Create` `ImageList_AddMasked` `ImageList_Destroy` `#17`
ole32.dll	`CoCreateInstance` `CoTaskMemFree` `OleInitialize` `OleUninitialize`
VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2b19`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93386`
Detected Filetype	PNG graphic file
MD5	`05058f6d577433058ee161d0228d8ff9`
SHA1	`2e052baae6113dfe8e120ea160777f20da1037a4`
SHA256	`f53a27befb05938abd5116834110ee874bd9aeb5ca2f7c64fa55b0019a460d79`
SHA3	`046d5369e292e3d8e48005630bc7bdd41ee9e7cb94a43ef4a6f60c70ebab84c4`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfc3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92361`
Detected Filetype	PNG graphic file
MD5	`a85be2c911050969f78db1c9eba50340`
SHA1	`ea9e9b6d6958d67eb80eb9660b8e823800764db6`
SHA256	`0d87b4c49809cbec90ac0af80edd3e6a8ca680efc77380677db9ab0a4d5a9dc6`
SHA3	`5c67e8142e71feced85876e54e0f518dc5d7ef214eef7a8330a29680d38c7f4c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x86d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88408`
Detected Filetype	PNG graphic file
MD5	`e9a404de01a35a1aea9c2f724efbde18`
SHA1	`bd3d9ca276726dda25afe7c4157c31e36b4b2518`
SHA256	`b858175879ab589957ffc46da836e18d8f3c907068a062d82898ff2407e5b0a3`
SHA3	`011830c5130b32fff3b7af877246daf21e8086897f0ae6aece9e2f059d841c8e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7df`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.81325`
Detected Filetype	PNG graphic file
MD5	`eec2d021f43699032788305ef3273744`
SHA1	`69095738a6ec2e0edb4e4ea79a63eed0c1cad739`
SHA256	`1fc3a7e053cf19261450c0fc83a732ece312c62539ae617a2848c3660d649d12`
SHA3	`ce92240e22f80a8f867642d5d1e086d735a3c457d88f046f62e4b10bde4181b0`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x66c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85399`
Detected Filetype	PNG graphic file
MD5	`df1298d423651d03cdbf19e6ea9fd116`
SHA1	`ca00ae1d4dd3a1a9e2bc390b070d97b6c3a9c2a2`
SHA256	`40cb933dae2c438ec8e1353a8a698c0b49ac203df68595d501b995c06c51e0a0`
SHA3	`75a4968c0a1b23317e58fdb384dbe1e1b52a212d1cb7256f4cb66d56964798d8`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.79999`
Detected Filetype	PNG graphic file
MD5	`8b5e92c417181bd22dd6842b278a0182`
SHA1	`76aa7aec33c7739b0f0cf1748f05750490013fbe`
SHA256	`4b70a27f72e76e2060fe93d14e7b29fa3c9414372043d21df22ac2a18339aaa1`
SHA3	`34f63351521a26e45c93e32a9c977981e40dcd6ea249fa778b81c790c6010711`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x476`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77972`
Detected Filetype	PNG graphic file
MD5	`3d2ba1ee94592209047c4b5c9da9d23d`
SHA1	`daa4ef78969c7196b7357eb2f8bdb3f1cbd893df`
SHA256	`43c7c5796b0dd4303dbade66936cdb89a2f3769bf892435ed72d8e72705b4ea2`
SHA3	`cc406f412f207001864f2c583ac1ae79eca6b9e6f2ad83c038e942f2d255d5ef`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x241`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.58068`
Detected Filetype	PNG graphic file
MD5	`2d83664cf99346785ed034cbf9962d38`
SHA1	`1129b35b0a4ceaa08aae34faa5b72efffd61639d`
SHA256	`32b306496845b064d2233de773878dff77f48d420a9add6915efc39f3ebbd0b8`
SHA3	`a1a6e868bda20d5af0c240858b289201a1af4ec722e21d034f25e5624c932d57`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x180`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.24305`
Detected Filetype	PNG graphic file
MD5	`dba96c42d9bbf5febcafb341ea612c97`
SHA1	`3356a8f0cc302d53d8e03c734de9fee0c5b8ddf9`
SHA256	`8a38687872c20df3a1df9e7df761a2662dca74945d9f2e4977020569e8b4bf7b`
SHA3	`5872cfc1cfaa48299ebbe19a1df14c539f7d618878b03ea253f20d5adf650b21`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66174`
MD5	`3409f314895161597f3c395cc5f65525`
SHA1	`1a99d016d65e567f24449d9362afb6ac44006d0b`
SHA256	`fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96`
SHA3	`b3b19241cc6454389e45833e50b742ae1927a5f161017350a99f2cbc66914f26`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88094`
MD5	`2d12c45dc2c029044aaff357141cb900`
SHA1	`083db861ab3c7db23c6257878296e73a89a74b8b`
SHA256	`69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729`
SHA3	`349b5d605c9c3efe5e0c4e2faa12dd21022fc5f9b053f2cbf4e2a6b8bc656442`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48825`
MD5	`6be4e1387d369cf86e68eacbdd0e81dd`
SHA1	`351970fe2681b9b35b5d59ad052011ed96a96e17`
SHA256	`85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0`
SHA3	`45e552e173141e06d113209b6cc915042ad0b4d5531464b8dbe5637029f489cb`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04936`
Detected Filetype	Icon file
MD5	`bdf109d4527dffc1bd7c4db0112fb0b6`
SHA1	`5e54b499528b1b600a7ab21939ee53178e26ea9e`
SHA256	`73343cb72eb86f9c5ab0bdfe1acf29e25298de294fb3f8d5b8db66bf16a03d7d`
SHA3	`900e125d678e872aa3f7392817794a08f949086d159216818f08a9edc027df7e`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22557`
MD5	`74482e562b9b63805926e0cbd45e73d0`
SHA1	`ae31a04026f7989212a2e7504fb75d6f4b304d5f`
SHA256	`9911abe5118123e369d31807c3c3eaf874d9406c80b6d9f7f12b3eeda8e2cd9a`
SHA3	`681143b8b2dbb535b12c409614c417f89a2049ee61465f7ddf1b8f3263601da8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x305`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.27179`
MD5	`cb1fdd060c806cf8a38bcb43d9e3016d`
SHA1	`72eb24b0790009ea64193def231dc5b98770ebc3`
SHA256	`3452bec74632f41f377fc278518c241b6ee4d6047da9a523d00a11af3e2d9a12`
SHA3	`2ce6b57e9639541fc92058b6b3b231ddd2510b506daccb19ba057f1eaa251673`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.0.0.2
ProductVersion	1.0.0.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Bigly Software
CompanyWebsite	http://www.BiglyBT.com
ProductName	BiglyBT Stub Installer

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x69eb1175`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`158`
Imports (VS2003 (.NET) build 4035)	`17`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.