35248c41b1e633c9d5529cd1b4f91b61

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Jan-05 12:30:57
Detected languages English - United States
Debug artifacts C:\_2020code\muroc\WSS_WiFi\WiFi_Muroc\SelfExtractingEXE\sestub\Win32\Release\SEStub.pdb
CompanyName Intel(R) Corporation
FileDescription Intel(R) PROSet/Wireless SEStub Setup Program
FileVersion 17, 0, 0, 0
InternalName SEStub
LegalCopyright Copyright © Intel Corporation 2006-2011
OriginalFilename SEStub.exe
ProductName Intel(R) PROSet/Wireless
ProductVersion 17, 0, 0, 0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Looks for VirtualPC presence:
  • f 3f 7 b
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA256
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryW
  • LoadLibraryExW
  • LoadLibraryExA
Possibly launches other programs:
  • CreateProcessA
Can create temporary files:
  • GetTempPathA
  • CreateFileA
  • CreateFileW
Info The PE is digitally signed. Signer: Intel(R) Wireless Connectivity Solutions.
Issuer: Intel External Issuing CA 7B.
Safe VirusTotal score: 0/63 (Scanned on 2018-03-21 03:52:24) All the AVs think this file is safe.

Hashes

MD5 35248c41b1e633c9d5529cd1b4f91b61
SHA1 2c18c0ebacb194b26fa51e8661baddd7a5518237
SHA256 c393f521342a4f987affb54ecccbcbc0e474fbc475b0b51ccab56450be352d3b
SHA3 095e2ea7f6119cfa80054115346122871a1e0d842bcf62a40531012fe0cbcf61
SSDeep 393216:XwXRAe3m/0Q/VBmCyePXt917XGcsikGjVjhbhYr:hdVvpVPQc7RjVN2r
Imports Hash 08a8afcbf28592584670a5378f614234

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Jan-05 12:30:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 11.0
SizeOfCode 0x5ee00
SizeOfInitializedData 0x20400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x3515d (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x60000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x82000
SizeOfHeaders 0x400
Checksum 0x10a5387
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3d70540f88e2bd3e7d1c5a044ae64a53
SHA1 30da054e2b56268ef8f9a677ab41e73187bca93a
SHA256 4db34ea238c9a84319a03e12f4168772426fca14e7c3ffa2775f95beb50a2d0b
SHA3 5084c0f53b1e573c22bd76779f78f1dee24df6101db72115cdaf5508ad64972e
VirtualSize 0x5edc7
VirtualAddress 0x1000
SizeOfRawData 0x5ee00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.65635

.rdata

MD5 069ced24410ec5b18da67e97d039c645
SHA1 3d3ab6345e11bba8359ee14f64442233764c6d08
SHA256 c77cb72beaf2c1d86b023e95a9724e2353baadf0ba8f11e476e8d989e4e65f87
SHA3 1ca5bfa5a5ed5dab0633d025cd09edc04f2bf65dff6220c52f1d885db8d0374d
VirtualSize 0x15302
VirtualAddress 0x60000
SizeOfRawData 0x15400
PointerToRawData 0x5f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.21601

.data

MD5 ab15e9409fe5110898c556bd2bc21cf0
SHA1 8cb850da372dce4fc27db3b7943a59a2b36b7414
SHA256 486ac79bbd37142ab213f7936ae134d34d7328e5a4313631e87ec05b2cc9b23b
SHA3 865d8bb75310b8644e11b3f9906f5eca6462456dc7bff03f297ea32b0b977455
VirtualSize 0x4ae0
VirtualAddress 0x76000
SizeOfRawData 0x2600
PointerToRawData 0x74600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.37096

.rsrc

MD5 fa5210c0c7f5a333a3647eafa9eb86b7
SHA1 e28efed1d83812ac609751e67bd58a6a7254c9ca
SHA256 584d413086cdd2ebfd28b19fe1e2ce1b9c67cde7cc10615ddaf0cdfb8d2f3292
SHA3 76ea84603638f40338887ecb7ef8fe1759b8cde2658b7eaabe89c7df7c0eefe1
VirtualSize 0x1480
VirtualAddress 0x7b000
SizeOfRawData 0x1600
PointerToRawData 0x76c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.96973

.reloc

MD5 63119a45a9f3290364612ea24e52cae8
SHA1 a5d3e8c5ea68140c9802e0bef5940c831670dccd
SHA256 aed3f4aac7b8d392d55f12f3a4e5a3f90644d81c2fcadf92fe7f6c1ee6def615
SHA3 e7f74e6ef31c3c2fda461af0f8bf7d82dcd5807a5603d28d7440bd4d173a18ba
VirtualSize 0x4c68
VirtualAddress 0x7d000
SizeOfRawData 0x4e00
PointerToRawData 0x78200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.58976

Imports

KERNEL32.dll InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetTempPathA
CreateFileA
GetFileAttributesA
GetFileSize
SetFilePointer
CloseHandle
GetLastError
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
GetFileSizeEx
GetFileTime
ReadFile
RemoveDirectoryA
SetFileTime
WriteFile
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetModuleFileNameA
LoadResource
LockResource
SizeofResource
FindResourceA
GetCommandLineA
SetCurrentDirectoryA
OutputDebugStringA
Sleep
CreateThread
GetVersion
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
FreeLibrary
GetProcAddress
SetDefaultDllDirectories
LoadLibraryA
GetSystemDefaultLangID
CreateDirectoryA
GetTickCount
LocalAlloc
LocalFree
GetTempFileNameA
SetEndOfFile
CreateFileW
ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryW
OutputDebugStringW
GetTimeZoneInformation
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetConsoleCtrlHandler
LoadLibraryExW
DeleteFileW
RaiseException
InterlockedExchange
LoadLibraryExA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
HeapFree
RtlUnwind
AreFileApisANSI
ExitProcess
GetModuleHandleExW
HeapAlloc
InitializeCriticalSectionAndSpinCount
FatalAppExitA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
IsProcessorFeaturePresent
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetModuleFileNameW
HeapSize
IsDebuggerPresent
GetProcessHeap
GetConsoleCP
GetConsoleMode
GetFileType
SetFilePointerEx
GetCurrentThread
IsValidCodePage
GetACP
GetOEMCP
MoveFileExW
SetEnvironmentVariableA
USER32.dll MessageBoxA
EnableWindow
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
CreateDialogParamA
IsWindow
PostQuitMessage
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadStringA
DestroyWindow
SHELL32.dll SHGetSpecialFolderPathA
COMCTL32.dll (delay-loaded) InitCommonControlsEx

Delayed Imports

Attributes 0x1
Name COMCTL32.dll
ModuleHandle 0x788e8
DelayImportAddressTable 0x785a8
DelayImportNameTable 0x74534
BoundDelayImportTable 0x74614
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
Entropy 3.59412
MD5 af79c7495d2ffdd879f9290ace060654
SHA1 f4ed6bd1080e2dc060b82b0cae6381f2f64bbe1a
SHA256 fc788274490c15df5b3bc7fa648ea652088246146e3da0d12c9608b550e27207
SHA3 442f56a7e76df1142dae9a26f1db5e250bda7b3bbbf35b9900b0b9811487ab87

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
Entropy 6.46237
MD5 7e0a4b69668b0cb32808721fb56ab09b
SHA1 2765f3b5b374576e8ac77e4d209c4ad48a99ec76
SHA256 12f067e42f8ef24be2dc3e3e7234e2620a410498392df79140d0cb7d2913ed2e
SHA3 392176f9e370569c4754beb31e5e0b083758043457036fa5d2c08df69f5efcf2

103

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x10e
Entropy 2.94331
MD5 a92f497b21737e975bcc5fce9c425e58
SHA1 000cb4d621ed285f894aca17797da4ade2189adb
SHA256 c74499ec3a405f91cc22f4daf2f7541a0d1688a3154bcdbbd36c95872877c3fe
SHA3 b4a9031165cbfa5c0626b20c650418c4f10d6a8458556ff26d210c7f97d67bc8

1 (#2)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x2b0
Entropy 3.11635
MD5 b136cfe4dc9075f39d5ff74fa45d38fd
SHA1 bc3f9db0afd64d8d71eec37adfdfd5e1624f3f43
SHA256 f0508c6c4a1519954e681a0d28e716866db54618dd6ca2295a404e8aaa2c848d
SHA3 9f0c525e08e6531b933e3cb2f37f34a96d0252f666f0d6515a11d9edaffbedf6

104

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x22
Entropy 2.37447
Detected Filetype Icon file
MD5 e9ef6e365b9e8c9654a9ece0c4ea75d0
SHA1 9c6f76521ef851a7bcc221d9da02d6e210bc0dc1
SHA256 9f8d3c735f57ec1d0c60b9429f4c64eb1adec6e77084b89d55cd188897e494c2
SHA3 39e04791a4c415b91a58a14efe470d5a8b0dea29d4fcc4375c32335b3daa2ddf

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x358
Entropy 3.42723
MD5 949bf77683c31fef564a60a3c92bea50
SHA1 d6450af30a6eb1fe3fed55a8bf9b360ed0542512
SHA256 ddd9e3a6e73fbf4a10728f1284c19b39c17d775276f37a5a502e488d5c0c1301
SHA3 811a263a9ed7b0934f96d74967c1ac5b9a0329b81be44cf19e33045129f25314

String Table contents

Unable to apply this package to this computer. The operating system on this computer is different than the target operating system of the package.
Setup
Administrator privileges are required to apply this package. For Windows XP logon as an Administrator. For Windows Vista right-click the package and select Run as administrator.

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 17.0.0.0
ProductVersion 17.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Intel(R) Corporation
FileDescription Intel(R) PROSet/Wireless SEStub Setup Program
FileVersion (#2) 17, 0, 0, 0
InternalName SEStub
LegalCopyright Copyright © Intel Corporation 2006-2011
OriginalFilename SEStub.exe
ProductName Intel(R) PROSet/Wireless
ProductVersion (#2) 17, 0, 0, 0
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Jan-05 12:30:57
Version 0.0
SizeofData 113
AddressOfRawData 0x6d560
PointerToRawData 0x6c760
Referenced File C:\_2020code\muroc\WSS_WiFi\WiFi_Muroc\SelfExtractingEXE\sestub\Win32\Release\SEStub.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2018-Jan-05 12:30:57
Version 0.0
SizeofData 16
AddressOfRawData 0x6d5d4
PointerToRawData 0x6c7d4

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x477358
SEHandlerTable 0x46f160
SEHandlerCount 270

RICH Header

XOR Key 0xa52a8711
Unmarked objects 0
ASM objects (50929) 27
C objects (50929) 205
C++ objects (50929) 75
185 (30716) 7
Total imports 150
C objects (VS2010 build 30319) 10
C++ objects (61219) 6
Resource objects (VS2012 UPD4 build 61030) 1
Linker (VS2012 UPD4 build 61030) 1

Errors