35248c41b1e633c9d5529cd1b4f91b61
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2018-Jan-05 12:30:57 |
| Detected languages |
English - United States
|
| Debug artifacts |
C:\_2020code\muroc\WSS_WiFi\WiFi_Muroc\SelfExtractingEXE\sestub\Win32\Release\SEStub.pdb
|
| CompanyName | Intel(R) Corporation |
| FileDescription | Intel(R) PROSet/Wireless SEStub Setup Program |
| FileVersion | 17, 0, 0, 0 |
| InternalName | SEStub |
| LegalCopyright | Copyright © Intel Corporation 2006-2011 |
| OriginalFilename | SEStub.exe |
| ProductName | Intel(R) PROSet/Wireless |
| ProductVersion | 17, 0, 0, 0 |
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Looks for VirtualPC presence:
|
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Intel(R) Wireless Connectivity Solutions
Issuer: Intel External Issuing CA 7B |
| Safe | VirusTotal score: 0/63 (Scanned on 2018-03-21 03:52:24) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xe8 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2018-Jan-05 12:30:57 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 11.0 |
| SizeOfCode | 0x5ee00 |
| SizeOfInitializedData | 0x20400 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0003515D (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x60000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x82000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x10a5387 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
.reloc
Imports
| KERNEL32.dll |
InitializeCriticalSection
EnterCriticalSection LeaveCriticalSection DeleteCriticalSection GetCurrentThreadId GetTempPathA CreateFileA GetFileAttributesA GetFileSize SetFilePointer CloseHandle GetLastError MapViewOfFileEx UnmapViewOfFile CreateFileMappingA DeleteFileA FindClose FindFirstFileA FindNextFileA FlushFileBuffers GetFileSizeEx GetFileTime ReadFile RemoveDirectoryA SetFileTime WriteFile WaitForSingleObject GetExitCodeProcess CreateProcessA GetModuleFileNameA LoadResource LockResource SizeofResource FindResourceA GetCommandLineA SetCurrentDirectoryA OutputDebugStringA Sleep CreateThread GetVersion GetSystemDirectoryA GetWindowsDirectoryA GetVersionExA FreeLibrary GetProcAddress SetDefaultDllDirectories LoadLibraryA GetSystemDefaultLangID CreateDirectoryA GetTickCount LocalAlloc LocalFree GetTempFileNameA SetEndOfFile CreateFileW ReadConsoleW WriteConsoleW SetStdHandle LoadLibraryW OutputDebugStringW GetTimeZoneInformation HeapReAlloc FreeEnvironmentStringsW GetEnvironmentStringsW GetSystemTimeAsFileTime GetCurrentProcessId QueryPerformanceCounter SetConsoleCtrlHandler LoadLibraryExW DeleteFileW RaiseException InterlockedExchange LoadLibraryExA InterlockedIncrement InterlockedDecrement EncodePointer DecodePointer WideCharToMultiByte MultiByteToWideChar GetStringTypeW HeapFree RtlUnwind AreFileApisANSI ExitProcess GetModuleHandleExW HeapAlloc InitializeCriticalSectionAndSpinCount FatalAppExitA GetCPInfo UnhandledExceptionFilter SetUnhandledExceptionFilter SetLastError GetCurrentProcess TerminateProcess TlsAlloc TlsGetValue TlsSetValue TlsFree GetStartupInfoW GetModuleHandleW CreateSemaphoreW IsProcessorFeaturePresent GetDateFormatW GetTimeFormatW CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetStdHandle GetModuleFileNameW HeapSize IsDebuggerPresent GetProcessHeap GetConsoleCP GetConsoleMode GetFileType SetFilePointerEx GetCurrentThread IsValidCodePage GetACP GetOEMCP MoveFileExW SetEnvironmentVariableA |
|---|---|
| USER32.dll |
MessageBoxA
EnableWindow SendDlgItemMessageA SetDlgItemTextA GetDlgItem CreateDialogParamA IsWindow PostQuitMessage SendMessageA DispatchMessageA TranslateMessage GetMessageA LoadStringA DestroyWindow |
| SHELL32.dll |
SHGetSpecialFolderPathA
|
| COMCTL32.dll (delay-loaded) |
InitCommonControlsEx
|
Delayed Imports
| Attributes | 0x1 |
|---|---|
| Name | COMCTL32.dll |
| ModuleHandle | 0x788e8 |
| DelayImportAddressTable | 0x785a8 |
| DelayImportNameTable | 0x74534 |
| BoundDelayImportTable | 0x74614 |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
1
2
103
1 (#2)
104
1 (#3)
String Table contents
| Unable to apply this package to this computer. The operating system on this computer is different than the target operating system of the package. |
| Setup |
| Administrator privileges are required to apply this package. For Windows XP logon as an Administrator. For Windows Vista right-click the package and select Run as administrator. |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 17.0.0.0 |
| ProductVersion | 17.0.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | Intel(R) Corporation |
| FileDescription | Intel(R) PROSet/Wireless SEStub Setup Program |
| FileVersion (#2) | 17, 0, 0, 0 |
| InternalName | SEStub |
| LegalCopyright | Copyright © Intel Corporation 2006-2011 |
| OriginalFilename | SEStub.exe |
| ProductName | Intel(R) PROSet/Wireless |
| ProductVersion (#2) | 17, 0, 0, 0 |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2018-Jan-05 12:30:57 |
| Version | 0.0 |
| SizeofData | 113 |
| AddressOfRawData | 0x6d560 |
| PointerToRawData | 0x6c760 |
| Referenced File | C:\_2020code\muroc\WSS_WiFi\WiFi_Muroc\SelfExtractingEXE\sestub\Win32\Release\SEStub.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2018-Jan-05 12:30:57 |
| Version | 0.0 |
| SizeofData | 16 |
| AddressOfRawData | 0x6d5d4 |
| PointerToRawData | 0x6c7d4 |
TLS Callbacks
Load Configuration
| Size | 0x48 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x477358 |
| SEHandlerTable | 0x46f160 |
| SEHandlerCount | 270 |
RICH Header
| XOR Key | 0xa52a8711 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (50929) | 27 |
| C objects (50929) | 205 |
| C++ objects (50929) | 75 |
| 185 (30716) | 7 |
| Total imports | 150 |
| C objects (VS2010 build 30319) | 10 |
| C++ objects (61219) | 6 |
| Resource objects (VS2012 UPD4 build 61030) | 1 |
| Linker (VS2012 UPD4 build 61030) | 1 |