Manalyze report for 2d9b0917b0aeec54b192cc8351505ac04bd7796fa6d364013cfc1b464f9b430f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Mar-30 16:55:23
Detected languages	English - United States Russian - Russia
Comments	Amazing Launcher setup
CompanyName	AMAZING
FileDescription	Amazing Launcher setup
FileVersion	`1`
InternalName	AmazingSetup
LegalCopyright	Snegirev Maxim (c) 2024
LegalTrademarks	AMAZING
OriginalFilename	AmazingSetup.exe
ProductName	AmazingSetup
ProductVersion	`1`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Can access the registry: RegEnumValueW RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW RegOpenKeyExW RegCreateKeyExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Individual Entrepreneurship Chuev Nikita Andreevich` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`
Malicious	VirusTotal score: 3/70 (Scanned on 2025-03-10 10:36:37)	`Kingsoft: Msil.TrojDownloader.agent.v` `Rising: Downloader.Agent!8.B23 (CLOUD)` `huorong: TrojanDownloader/MSIL.Agent.ay`

Hashes

MD5	`d5d51775fad7de0ee8f2a1d1d9f5011c`
SHA1	`38e3a83a3b54beeccf6730a8d54a7b128684587e`
SHA256	`2d9b0917b0aeec54b192cc8351505ac04bd7796fa6d364013cfc1b464f9b430f`
SHA3	`947bf66c67c161655d05ed289cbb991a212681c802962634ccfd6cf5da872534`
SSDeep	`196608:lacKhAdXe/4Uc/YOvAnyhY+N+vVFeM51Xw:lPKGXexc/YOvdhYm+NYI1A`
Imports Hash	`f4639a0b3116c2cfc71144b88a929cfd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2024-Mar-30 16:55:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6a00`
SizeOfInitializedData	`0x2d200`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x00003552 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x5d000`
SizeOfHeaders	`0x400`
Checksum	`0x6cf143`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`595406ea4e71ef6f8675a1bd30bcc8f9`
SHA1	`c7a19a07f995a4fda4dc31a45035082a84f5cf28`
SHA256	`b4a6ff6f191a159043ffffa183e2fef9d6bb005521c480e9eeff3a396316ff21`
SHA3	`5231a5c74192437da36ed36a8904ee24a141e3229eacabbb979d4dd6b4b6aeb7`
VirtualSize	`0x68f8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48222`

.rdata

MD5	`a995b118b38426885fc6ccaa984c8b7a`
SHA1	`9844579ec308452627ef731b5e1a1241ddc0fa2c`
SHA256	`e4a15bb054e962743cf6587247e1b36ec2f1a4c56d5430eab24cdcc336f5bece`
SHA3	`f2ca027f7b7b8ad33860315a6df25444bb3648d4f142d975c221e7a8e6a534b7`
VirtualSize	`0x1464`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.96909`

.data

MD5	`7a91ec9f1c18e608c3f3f503ba4191c1`
SHA1	`3c15fde552ffcda63f8c7ca4716ffc5bdeafc0dc`
SHA256	`0b394d61932417aac0ac358d6e055b7ae4ac5a5e3be7bec1127415c5b6823149`
SHA3	`115e6402ebfc5611f2f9d0d0e95566b136fc87dd610865fb0e7eb1b7088426ca`
VirtualSize	`0x2a818`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.16554`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x21000`
VirtualAddress	`0x35000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`20928e6c41800e63c02e5788cc7c0042`
SHA1	`022556eb45d827a54bac5738807527aefc3ccb22`
SHA256	`60ab3961cda92d225999eb993acbbb9f722259d55e87c96cb3de210c7e3a1387`
SHA3	`c68331b3dacc163967cfbd9abd475462e8cadcb75aa65510b2f7fd5abb7b8ae8`
VirtualSize	`0x6668`
VirtualAddress	`0x56000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.25935`

Imports

ADVAPI32.dll	`RegEnumValueW` `RegEnumKeyW` `RegQueryValueExW` `RegSetValueExW` `RegCloseKey` `RegDeleteValueW` `RegDeleteKeyW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `RegOpenKeyExW` `RegCreateKeyExW`
SHELL32.dll	`SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetFileInfoW` `SHFileOperationW` `ShellExecuteExW`
ole32.dll	`CoCreateInstance` `OleUninitialize` `OleInitialize` `IIDFromString` `CoTaskMemFree`
COMCTL32.dll	`ImageList_Destroy` `#17` `ImageList_AddMasked` `ImageList_Create`
USER32.dll	`MessageBoxIndirectW` `GetDlgItemTextW` `SetDlgItemTextW` `CreatePopupMenu` `AppendMenuW` `TrackPopupMenu` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `IsWindowVisible` `CallWindowProcW` `GetMessagePos` `CheckDlgButton` `LoadCursorW` `SetCursor` `GetSysColor` `SetWindowPos` `GetWindowLongW` `IsWindowEnabled` `SetClassLongW` `GetSystemMenu` `EnableMenuItem` `GetWindowRect` `ScreenToClient` `EndDialog` `RegisterClassW` `SystemParametersInfoW` `CharPrevW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `FindWindowExW` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `CharNextA` `wsprintfA` `DispatchMessageW` `CreateWindowExW` `PeekMessageW` `GetSystemMetrics`
GDI32.dll	`GetDeviceCaps` `SetBkColor` `SelectObject` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor`
KERNEL32.dll	`lstrcmpiA` `CreateFileW` `GetTempFileNameW` `RemoveDirectoryW` `CreateProcessW` `CreateDirectoryW` `GetLastError` `CreateThread` `GlobalLock` `GlobalUnlock` `GetDiskFreeSpaceW` `WideCharToMultiByte` `lstrcpynW` `lstrlenW` `SetErrorMode` `GetVersionExW` `GetCommandLineW` `GetTempPathW` `GetWindowsDirectoryW` `WriteFile` `CopyFileW` `ExitProcess` `GetCurrentProcess` `GetModuleFileNameW` `GetFileSize` `GetTickCount` `Sleep` `SetFileAttributesW` `GetFileAttributesW` `SetCurrentDirectoryW` `MoveFileW` `GetFullPathNameW` `GetShortPathNameW` `SearchPathW` `CompareFileTime` `SetFileTime` `CloseHandle` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalAlloc` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `MultiByteToWideChar` `ReadFile` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `MulDiv` `lstrcpyA` `MoveFileExW` `lstrcatW` `GetSystemDirectoryW` `GetProcAddress` `GetModuleHandleA` `GetExitCodeProcess` `WaitForSingleObject` `SetEnvironmentVariableW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x303f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94853`
Detected Filetype	PNG graphic file
MD5	`03cc75d17c4ad9ea7a2cdf22effb3ecf`
SHA1	`29461f281d2acf5885d1e0336fa62438417665c1`
SHA256	`52ac34e28a4004479eb38aeb8e8238abd8701c7773d67ae062321e1226eb6ab1`
SHA3	`aeb2fe2f8987d70c5b3f07b1369a860b5003f79057d1f0084f1bd0f6b03f5741`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`0d3a12fd3f68decc694da04b57e61d8c`
SHA1	`f73d4d591f6ef0b2b04fc90d2e840329f7590743`
SHA256	`ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76`
SHA3	`42ec79da319d9c0b1f8ee21fbb28002d15857d9af0c8a1f2db5e41f6c5e23c88`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`28f8d082df931688124f25f23c688904`
SHA1	`2f057655ecdd3ab25cfe985714e270786ce16cae`
SHA256	`4e7a8c59942ff527ff680aa88cc66bb8c8e7b6c02a018bc85ba36794e278670f`
SHA3	`99f004163a598b6df87372bd9b7d5e7704dbfdf7cfb3ec96da9e31c0275f7465`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a42b23f1c58701e073db2e9de0b27333`
SHA1	`f22232cbadff165ceb212527a6d77124312d0688`
SHA256	`e253c6a87bdd62e771c0ef1b9850dbc9523c51408ca282f994d3530dbbad9b11`
SHA3	`bc93a26ac3218cac12b89fa3242b509e44b087d2c22a54d9a47c63692dc8dc57`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7e1b34650fb04bc15a494a1d712cffee`
SHA1	`43e1808e4308baf093556946552f4fabc05278d8`
SHA256	`3731b0a75ab19d96b774da62d37eccacd517c6593af20aa66525dc0b951cdba9`
SHA3	`79a9c096a1a56ae4f98f1e8ad4c44fa5c08e5d98e745898df9031e3b3a13c46c`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`809457c05fe696f5d34ac5ac8768cdd4`
SHA1	`a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9`
SHA256	`1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be`
SHA3	`002d1b10f28d74c7572fc7c5b403eb32f2a0540c4958d7878ef67edfd17c8109`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71813`
MD5	`a69caf66f3f899403f8b25b02dc61908`
SHA1	`3e5db9186cf0f75be24676462d88170e5950d9c8`
SHA256	`7854e8d67a11148566ad37c5d23e1534e0990fe31a160e0e7da3ca751830bb50`
SHA3	`1eea945e3712b317143e07560f54b0b9a13b1fd6c2b57cab9176181a9aaf4f79`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68372`
MD5	`583fb02149a19ffff54516cfd5edebd4`
SHA1	`9de29568e142e36811e4fc5130e60fdb78f3db06`
SHA256	`9dfacbe444e14cd17c5956afa713f043c2b1150d37868af1661b5bb848fee3f5`
SHA3	`6c2967d2415996675fe0ca406c7a3ab94fe6cfd18bf7b98cf11f20c314b3fc81`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92767`
MD5	`1db3e4c32b9560257ddf3506fef9dd3f`
SHA1	`6666e0c8336456cfacec71d84415c6516e9e2673`
SHA256	`587a03198c39f990e77691056bb5705e21374281862ce06de94c68172f50f763`
SHA3	`30ca0affc3f1d2ef8b37f2103db7581caaf88548823fb3ae1d308fae9738dab4`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.467829`
Detected Filetype	Icon file
MD5	`78718ab709f69d032510e5bae5b67d3f`
SHA1	`964c9a4a82c9e2853bfcd8c5b40235cc4333e4de`
SHA256	`4fd0b9531f88ebfc28202bfb7cb6fc7022d940c8f42bc3929d6007ecca787900`
SHA3	`c5bb29d2b4b91b4fdb7ebaca9c2972b21aad5f54a74e97ba35fdc2e339ed1199`

1 (#2)

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x34c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30833`
MD5	`e68053a529c308a15d89aeff526632ad`
SHA1	`d58542e3e9d3a55f2c41866a6eff7486a7d7e64d`
SHA256	`5a7eb2f338d33c23bfa97910a12e9a57e7bd6248cb74a73407ba19c2bd7b91de`
SHA3	`cf518507846bad02cb6fbea049ee42fd55078e5530cbe8a5493f7881096843e6`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x423`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2963`
MD5	`db2986d5e7fdcaf36dab849258f08d3d`
SHA1	`901d89ce95e8a0a947c125f91cf71e60baf9dd00`
SHA256	`ce3a62c82d7aa2b83e7252daa837571af52c8842709dff844e7b77f2c009efb2`
SHA3	`ecb68e8319036c0715ae6f7d03f1dda0c5b39199fbee79993f6fd2a806bcdab4`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Russian - Russia
Comments	Amazing Launcher setup
CompanyName	AMAZING
FileDescription	Amazing Launcher setup
FileVersion (#2)	1
InternalName	AmazingSetup
LegalCopyright	Snegirev Maxim (c) 2024
LegalTrademarks	AMAZING
OriginalFilename	AmazingSetup.exe
ProductName	AmazingSetup
ProductVersion (#2)	1

Resource LangID	Russian - Russia

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd24e50e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`163`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.