3adc361922d7ce0893277a99cf668dde

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2015-Oct-02 15:39:01
Detected languages English - United States
FileVersion 2,0,0,45
ProductName SHARP Launcher Install Program
ProductVersion 2,0,0,45

Plugin Output

Info Matching compiler(s): Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • regsvr32.exe
Contains domain names:
  • clickteam.com
  • http://www.clickteam.com
  • http://www.clickteam.com/pub
  • www.clickteam.com
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • FindWindowA
Code injection capabilities (PowerLoader):
  • GetWindowLongA
  • FindWindowA
Can access the registry:
  • RegDeleteValueA
  • RegCreateKeyExA
  • RegCreateKeyA
  • RegCloseKey
  • RegOpenKeyA
  • RegSetValueExA
  • RegQueryValueA
  • RegOpenKeyExA
  • RegQueryValueExA
Possibly launches other programs:
  • CreateProcessA
  • WinExec
  • ShellExecuteA
Can create temporary files:
  • GetTempPathA
  • CreateFileA
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Enumerates local disk drives:
  • GetDriveTypeA
Can take screenshots:
  • FindWindowA
  • BitBlt
  • CreateCompatibleDC
Can shut the system down or lock the screen:
  • ExitWindowsEx
Suspicious The file contains overlay data. 3881761 bytes of data starting at offset 0x25000.
The overlay data has an entropy of 7.99912 and is possibly compressed or encrypted.
Overlay data amounts for 96.2425% of the executable.
Info No VirusTotal score. A scan of the file is currently queued.

Hashes

MD5 3adc361922d7ce0893277a99cf668dde
SHA1 4bd7d2841104f871c8ea3e54507aa829ad797e3a
SHA256 3902f94e9186609e4bb8805b9f510be4aed2144b183477fa02fec4ded94dc4bd
SHA3 1a426e952fd86108455358c0f9c537912bbb24a2655e788b4cab1647b8ec7d1f
SSDeep 98304:ogWeea5asALYZOYtVHrzEPvFxP2t2HYoxjN:oXe7sssYZ1fHSvFxP224oxjN
Imports Hash d4d0b2504c47f756a9660ad08a7de039

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2015-Oct-02 15:39:01
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x17000
SizeOfInitializedData 0xd000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001403C (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x18000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x25000
SizeOfHeaders 0x1000
Checksum 0x3e0f7f
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3b9bc806e5ce4326e066403d2d60586a
SHA1 b6087c238ec0943b08b7be8d321d2900832ad67e
SHA256 b2db4647ad8ced552b94fa9f1254b620414295fe2a44a50982fbd1bbfafb07ec
SHA3 accd7ce93fe52ba582e49b29ffe981affaefe6a0df6f736418c9ab5a3d3988fd
VirtualSize 0x16e8a
VirtualAddress 0x1000
SizeOfRawData 0x17000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.59535

.rdata

MD5 149b2084b44ede565bd54dc16f456af3
SHA1 782637f1ed6fc0cabd25064f210e5ce6b2dd1ff2
SHA256 5d9e97b462cb09f31c4d37f7ac507bca24763cfcbab9f7b4b7b7caf1d9ede214
SHA3 5099dce8c41d82ff7696d13fc79d047cfd7f31de699a393a40a0127742f8844a
VirtualSize 0x1d0c
VirtualAddress 0x18000
SizeOfRawData 0x2000
PointerToRawData 0x18000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.14024

.data

MD5 4814d245e23d6abe0c6f4db8b72e6a63
SHA1 8532f053544b99148e7057a6cd4ccb4be999c961
SHA256 060f5ad5bb8d5133f8c927c50e28907c1f481882f5cf84d7fe5b1f02e4017f74
SHA3 b7f6a3e6ea9dd03e9304ab973a75b147506c1af5593f6d48820cf630ca9bb404
VirtualSize 0x58c4
VirtualAddress 0x1a000
SizeOfRawData 0x6000
PointerToRawData 0x1a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.70589

.rsrc

MD5 e13eade4aebc1563af8c983d6417114e
SHA1 4bb7b09acc9d32f4d755c36c3201b29529792302
SHA256 3a114dd9219e864dc7fb751211d6f2c3a697f3a4956f914809350d3195a2e888
SHA3 9ef8ebca789e7049e40d786e354203ed3b2a8d9009bedf219b5938fcad0f4c9d
VirtualSize 0x4527
VirtualAddress 0x20000
SizeOfRawData 0x5000
PointerToRawData 0x20000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.65973

Imports

KERNEL32.dll GetModuleFileNameA
GetVersionExA
GetVersion
GetPrivateProfileStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
GetDriveTypeA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
MoveFileA
DeleteFileA
RtlUnwind
SetEnvironmentVariableA
CreateDirectoryA
HeapFree
HeapAlloc
HeapCompact
TerminateProcess
ExitProcess
GetCurrentProcess
MoveFileExA
FormatMessageA
SetFileTime
WritePrivateProfileStringA
OpenFile
GetFileAttributesA
SetFileAttributesA
SetErrorMode
GetLocalTime
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
GetTempPathA
GetShortPathNameA
GetExitCodeProcess
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateProcessA
Sleep
lstrcatA
lstrlenA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetLastError
FindFirstFileA
FindClose
GetWindowsDirectoryA
LCMapStringA
GetSystemDirectoryA
USER32.dll DialogBoxParamA
ExitWindowsEx
IsIconic
PostQuitMessage
DefWindowProcA
AdjustWindowRectEx
BringWindowToTop
EndDialog
IsDlgButtonChecked
CheckDlgButton
SetTimer
GetDlgItemTextA
SendDlgItemMessageA
GetLastActivePopup
RegisterClassA
LoadCursorA
LoadIconA
PostMessageA
GetWindow
SendMessageA
GetSysColor
ScreenToClient
GetWindowRect
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
CreateDialogParamA
RedrawWindow
PeekMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
SetWindowTextA
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
GetWindowLongA
IsWindowEnabled
CallWindowProcA
ValidateRect
SetWindowLongA
GetClassNameA
MessageBoxA
EnableWindow
SendMessageTimeoutA
wsprintfA
GetSystemMetrics
DrawTextA
FindWindowA
GDI32.dll CreatePalette
SetBkColor
ExtTextOutA
CreateFontIndirectA
GetSystemPaletteEntries
SetBkMode
AddFontResourceA
RemoveFontResourceA
GetStockObject
GetDeviceCaps
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
CreateHalftonePalette
CreateDIBPatternBrush
CreateSolidBrush
SetBrushOrgEx
SetTextColor
StretchDIBits
SetStretchBltMode
ADVAPI32.dll RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
SHELL32.dll SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
ole32.dll OleInitialize
CoCreateInstance
CoGetMalloc
OleUninitialize
VERSION.dll GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA
COMCTL32.dll #17

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04199
MD5 2a7fe800361eb1ab0c13e164b6f1d4cc
SHA1 b2c8a61d198af14715986fbf96756865d175acc9
SHA256 6053bc2952d6d04e7871809ee7a83892e47e0e206e3c5a6742e7e87f0d1b7ffe
SHA3 85a827dbc32013f133036bbb36d4b32d8bf2fb3512135232968ca6c841a6d68f

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.34575
MD5 41314cc096f30f26a387a627b93261ae
SHA1 2048f77206d6953aa8fc0f252a4fd1c742870dc4
SHA256 06eef7be050ac5bd058a8194881d55a97697a18ef95309dc43d934d011e9138d
SHA3 e649de4ea38f19d862b86330eb1b7f9afe9c8b30f809efca2f6fcb95172a7a87

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.32057
MD5 acbec51c85fd23216d5f7bd500021d80
SHA1 24116f364aa18375cfae2b630a39a2c7e84e419d
SHA256 c6fa79ab1e6d291b8478cbd06980313a2d5f930fdd1162964ac50d87407d3a20
SHA3 9103315a42c1ec34bc04e4d22b781143140a74322ab3d4444d5215aa32a47a48

112

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x26
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.86945
MD5 fc131a28274f92bb72744a1f5dabed1f
SHA1 bc691d6989c70106bf70c8cffc27523bc119d44c
SHA256 ca5d05d931937eb904234603889b45d9a4ba6f3ea8f159e3fec4d7f8044eb27c
SHA3 5153fb415ea669e13d8834a1f6610395309cd863ce4e27c591ce29d2562cc10b

113

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x26
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.86945
MD5 c08a8c6881b25b62c3ba22c79132a730
SHA1 a683a209d9a506072fcdb02c69f23232effdd6bc
SHA256 4cad9cd5b271996e83e5aa051c2b7416283d285ed7659be1d74ad5c25e804d8a
SHA3 aee3214141c18469df7f786f341ee60c8002a9622b02e3a3e512b7642f400d2a

131

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x7a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.6218
MD5 de7e1b34659a4886c68617fe770ecd45
SHA1 b225dbfb0e92dce5173a484ec2ac7734ce7ae124
SHA256 f0405d353583a0087b3018f1e12a661e6f109cb2a37da19e42e90526ea733d06
SHA3 80918880e307fb8a93504c555880dbb45cf448d8461e38f9953ba98e83ac1aeb

132

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x26
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.81682
MD5 dc88d3fb1aa7ea2a0e1e789fd39e9797
SHA1 f7212839ab66c8551dcd8936df7bec0f76145e53
SHA256 96da82ab825dbc11f2af393f9fff9f7229894c126731336338b24433e878f2f8
SHA3 8adfd94e4496f2f5f18067c668219374d61f66bfd004bd99b9d2f166d4d11fa4

800

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.45849
Detected Filetype Icon file
MD5 1ec6a7b3300970378c29695a6cc13d36
SHA1 99ce74251d19d800608e30bed6e0d793931da56e
SHA256 77a1efb6136f52dd2372987b13bf486aa75baeacb93bad009aa3e284c57b8694
SHA3 7a94ba315b3ab461cec9dad3048599d32b0e597047f9655159bd6dfdc694e4a3

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x318
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.09081
MD5 af5c9ef2e44e572533496042b496c80d
SHA1 fe97ebef28f7a60906c58db4e1962d30786abe17
SHA256 d37cf9b69b41c51293eeb8523898a2a4b0f037bf3ab621594f04d397bc7c7bbc
SHA3 400054718fc2d73c9d1bbedf876cd9dd380d4f7f74fad7d72521662bd1bdfbe7

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x3cb
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.24462
MD5 d8bdd2cf8c894f10d11f790aa08dd317
SHA1 6de6737c7f12dcda74a14e056ae22949463c71e9
SHA256 7487f0c258df21c54fe252e9710e60814b27ad3a9adec6b11c006afab0f5fdf8
SHA3 233b1319ec86ac53d43e2aae467d031866ef83d26eb0b13dfc774414f0a11e47

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.0.0.45
ProductVersion 2.0.0.45
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
FileVersion (#2) 2,0,0,45
ProductName SHARP Launcher Install Program
ProductVersion (#2) 2,0,0,45
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x7364b7da
Unmarked objects 0
12 (7291) 2
C++ objects (8047) 6
14 (7299) 18
C objects (8047) 43
C objects (VC++ 6.0 SP5 build 8804) 15
C objects (2190) 2
Imports (2179) 17
Total imports 198
49 (9044) 2
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

<-- -->