Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Oct-31 08:38:17 |
Detected languages |
English - United States
|
CompanyName | Cloud Installer |
FileDescription | IESettings |
FileVersion | 4, 2, 0, 6 |
InternalName | IESettings |
LegalCopyright | Copyright (C) 2017 Cloud Installer |
OriginalFilename | IESettings |
ProductName | IESettings |
ProductVersion | 4, 2, 0, 6 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA1
Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. | Resource 130 detected as a PE Executable. |
Info | The PE is digitally signed. |
Signer: Cloud Installer
Issuer: GlobalSign CodeSigning CA - SHA256 - G3 |
Malicious | VirusTotal score: 32/66 (Scanned on 2017-11-05 18:55:57) |
MicroWorld-eScan:
Gen:Variant.Zusy.260852
McAfee: StartPage-FAM Cylance: Unsafe K7GW: Adware ( 00516a1f1 ) K7AntiVirus: Adware ( 00516a1f1 ) Arcabit: Trojan.Zusy.D3FAF4 GData: Gen:Variant.Zusy.260852 Kaspersky: HEUR:Trojan.Win32.StartPage BitDefender: Gen:Variant.Zusy.260852 NANO-Antivirus: Trojan.Win32.StartPage.esqohz Rising: Adware.Agent!1.ADA9 (CLASSIC) Ad-Aware: Gen:Variant.Zusy.260852 Emsisoft: Application.AdSearch (A) F-Secure: Gen:Variant.Zusy.260852 DrWeb: Adware.Downware.18374 VIPRE: Trojan.Win32.Generic!BT Invincea: heuristic McAfee-GW-Edition: StartPage-FAM Ikarus: PUA.Agent Jiangmin: Trojan.StartPage.cop Avira: TR/Dropper.onxnv Endgame: malicious (high confidence) ZoneAlarm: HEUR:Trojan.Win32.StartPage AhnLab-V3: PUP/Win32.StartPage.R211933 ALYac: Gen:Variant.Zusy.260852 AVware: Trojan.Win32.Generic!BT MAX: malware (ai score=85) ESET-NOD32: a variant of Win32/Adware.Agent.NSS Yandex: PUA.Downware! SentinelOne: static engine - malicious Cybereason: malicious.1b8fb7 CrowdStrike: malicious_confidence_90% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2017-Oct-31 08:38:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x3fc00 |
SizeOfInitializedData | 0xc9400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00020362 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x41000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x10b000 |
SizeOfHeaders | 0x400 |
Checksum | 0x10c27e |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
OLEACC.dll |
AccessibleObjectFromWindow
|
---|---|
KERNEL32.dll |
InterlockedIncrement
lstrcmpiW LoadLibraryExW TlsSetValue LeaveCriticalSection InterlockedDecrement EnterCriticalSection WideCharToMultiByte GetCurrentProcessId CreateThread MultiByteToWideChar SetFileAttributesW GetFileAttributesW GetProcessId GetModuleFileNameW CreateDirectoryW MulDiv GetModuleHandleW FindResourceW ReadConsoleW SetEndOfFile WriteConsoleW SetFilePointerEx FlushFileBuffers SetStdHandle FreeLibrary FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP IsValidCodePage FindNextFileW FindFirstFileExW FindClose GetConsoleMode GetConsoleCP EnumSystemLocalesW LoadResource FindResourceExW LockResource Sleep SizeofResource GetProcessHeap DeleteCriticalSection HeapDestroy DecodePointer HeapAlloc RaiseException HeapReAlloc GetLastError HeapSize InitializeCriticalSectionAndSpinCount HeapFree GetProcAddress GetUserDefaultLCID IsValidLocale GetFileType GetACP WriteFile GetStdHandle GetModuleHandleExW ExitProcess VirtualQuery VirtualProtect GetSystemInfo RtlUnwind QueryPerformanceCounter GetStartupInfoW TerminateProcess SetUnhandledExceptionFilter UnhandledExceptionFilter WaitForSingleObjectEx ResetEvent SetEvent GetLocaleInfoW LCMapStringW CompareStringW GetCPInfo GetSystemTimeAsFileTime ReadFile SetFilePointer CreateFileW CloseHandle GetFileSize SetLastError GetCurrentThreadId GlobalAlloc GlobalLock GlobalUnlock lstrcmpW GetCurrentProcess GetEnvironmentVariableW TlsGetValue FormatMessageW LocalFree IsDebuggerPresent OutputDebugStringW EncodePointer InitializeSListHead InterlockedPopEntrySList InterlockedPushEntrySList FlushInstructionCache IsProcessorFeaturePresent VirtualAlloc VirtualFree LoadLibraryExA GetStringTypeW CreateEventW TlsAlloc TlsFree |
USER32.dll |
UpdateWindow
GetDesktopWindow BeginPaint UnregisterClassW EndPaint KillTimer CallWindowProcW PostMessageW CharNextW MessageBoxW ShowWindow InvalidateRect GetWindowLongW GetWindowThreadProcessId GetMessageW DefWindowProcW GetWindowRect DestroyWindow GetDC IsWindowVisible SetWindowPos EqualRect EnumChildWindows CreateWindowExW GetSystemMetrics RegisterClassExW IsWindow DispatchMessageW SetTimer PeekMessageW GetWindowTextW GetCursorPos ReleaseDC SetForegroundWindow ReleaseCapture RegisterWindowMessageW GetParent GetClassInfoExW GetDlgItem GetClientRect SetCapture SetFocus CreateAcceleratorTableW GetSysColor IsChild DestroyAcceleratorTable ClientToScreen RedrawWindow InvalidateRgn SetWindowTextW SendMessageW ScreenToClient FillRect GetFocus GetWindow GetWindowTextLengthW MoveWindow EnumWindows LoadBitmapW SetLayeredWindowAttributes TranslateMessage LoadCursorW GetClassNameW SetWindowLongW DrawTextW |
GDI32.dll |
GetObjectW
DeleteDC GetStockObject CreateCompatibleBitmap CreateSolidBrush CreateFontIndirectW SetBkMode SetTextColor GetDeviceCaps CreateCompatibleDC SelectObject BitBlt DeleteObject GetDIBits |
ADVAPI32.dll |
CryptCreateHash
CryptAcquireContextW RegQueryInfoKeyW RegDeleteKeyW RegEnumKeyExW RegOpenKeyExW RegDeleteValueW RegCloseKey RegCreateKeyExW RegSetValueExW CryptHashData CryptDestroyHash CryptGetHashParam CryptReleaseContext RegEnumKeyW RegQueryValueExW |
SHELL32.dll |
SHGetFolderPathW
ShellExecuteW ShellExecuteExW |
ole32.dll |
OleLockRunning
CoGetClassObject OleUninitialize StringFromGUID2 CoTaskMemRealloc CreateStreamOnHGlobal OleInitialize CLSIDFromString CLSIDFromProgID CoCreateGuid CoTaskMemFree CoCreateInstance CoTaskMemAlloc CoUninitialize CoInitialize |
OLEAUT32.dll |
#161
#420 #313 #7 #4 #162 #9 #314 #2 #6 #8 #277 |
SHLWAPI.dll |
UrlEscapeW
PathAppendW PathAddBackslashW UrlUnescapeW |
WININET.dll |
InternetCloseHandle
HttpSendRequestW InternetCrackUrlW InternetOpenW HttpOpenRequestW InternetConnectW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 4.2.0.6 |
ProductVersion | 4.2.0.6 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_UNKNOWN
|
Language | English - United States |
CompanyName | Cloud Installer |
FileDescription | IESettings |
FileVersion (#2) | 4, 2, 0, 6 |
InternalName | IESettings |
LegalCopyright | Copyright (C) 2017 Cloud Installer |
OriginalFilename | IESettings |
ProductName | IESettings |
ProductVersion (#2) | 4, 2, 0, 6 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Oct-31 08:38:17 |
Version | 0.0 |
SizeofData | 952 |
AddressOfRawData | 0x527a4 |
PointerToRawData | 0x517a4 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Oct-31 08:38:17 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x452b6c |
---|---|
EndAddressOfRawData | 0x452b74 |
AddressOfIndex | 0x459318 |
AddressOfCallbacks | 0x441470 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x98 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x45706c |
SEHandlerTable | 0x452560 |
SEHandlerCount | 145 |
XOR Key | 0xcf225d3b |
---|---|
Unmarked objects | 0 |
241 (40116) | 13 |
243 (40116) | 155 |
242 (40116) | 29 |
ASM objects (25305) | 22 |
C objects (25305) | 36 |
C++ objects (25305) | 71 |
C objects (VS2008 SP1 build 30729) | 5 |
Imports (VS2008 SP1 build 30729) | 23 |
Total imports | 275 |
265 (25508) | 18 |
Resource objects (25508) | 1 |
151 | 2 |
Linker (25508) | 1 |