3e2c2647766b6f0acbd122f116f3ef08
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2021-Jan-28 16:48:47 |
| Detected languages |
English - United States
|
| CompanyName | Chogolisa Company |
| FileDescription | Chogolisa Purview Install |
| FileVersion | 1.3.9.7 |
| InternalName | ChogolisaPurviewInstall.exe |
| LegalCopyright | Copyright 2020 |
| OriginalFilename | ChogolisaPurviewInstall.exe |
| ProductName | ChogolisaPurviewInstall |
| ProductVersion | 1.3.9.7 |
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0 |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to AES Microsoft's Cryptography API |
| Suspicious | The PE is possibly packed. |
Unusual section name found: .text1
Unusual section name found: .text2 Unusual section name found: .mdata Unusual section name found: .text3 Unusual section name found: .fdata |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Malicious | VirusTotal score: 3/70 (Scanned on 2021-01-30 22:21:10) |
DrWeb:
Adware.Siggen.33074
Webroot: W32.Adware.Gen Gridinsoft: Adware.SpecialSearchOffer.dd!c |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x128 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 10 |
| TimeDateStamp | 2021-Jan-28 16:48:47 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x1d1e00 |
| SizeOfInitializedData | 0xf1800 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x001522A0 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x1d5000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x2c8000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x2cd89b |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.text1
.text2
.mdata
.text3
.fdata
.rdata
.data
.rsrc
.reloc
Imports
| KERNEL32.dll |
SetEndOfFile
GetDriveTypeA GetCurrentThreadId RaiseException FlushFileBuffers LCMapStringW GetCurrentDirectoryW GlobalHandle GetWindowsDirectoryW LoadLibraryA UnlockFile CancelSynchronousIo AddVectoredContinueHandler GetSystemDefaultUILanguage IsProcessorFeaturePresent lstrcmpW FileTimeToLocalFileTime FindFirstVolumeW MoveFileExW Process32FirstW GetCurrentProcessId GetACP WaitForSingleObjectEx UnhandledExceptionFilter GetStringTypeW IsValidCodePage DisassociateCurrentThreadFromCallback GetCPInfo GetOEMCP FindResourceExW SetFilePointerEx CreateToolhelp32Snapshot FindFirstFileExW WaitForSingleObject GetEnvironmentVariableW GetCurrentProcess GlobalFree GetPrivateProfileStringW FileTimeToSystemTime SystemTimeToTzSpecificLocalTime SetThreadPriority LoadResource TlsFree ResetEvent CreateMutexW CloseHandle GetTempFileNameW WaitForMultipleObjects CreateEventExW GetFullPathNameW GetModuleHandleExW DecodePointer SetEnvironmentVariableW HeapQueryInformation GetConsoleMode SleepEx HeapReAlloc CommConfigDialogA HeapFree GetStartupInfoW GetUserDefaultUILanguage FindNextFileW SearchPathW TlsAlloc InitializeCriticalSection GetEnvironmentStringsW Process32NextW FormatMessageW CreateFileW SetEvent QueryPerformanceCounter SetLastError GetVolumeInformationW GlobalFlags ExitProcess SetupComm TlsGetValue GetTempPathW QueryPerformanceFrequency Sleep LocalReAlloc LoadLibraryExW LocalAlloc ExpandEnvironmentStringsA GenerateConsoleCtrlEvent FreeLibraryAndExitThread GetSystemDirectoryA CreateDirectoryTransactedA ExitThread SetStdHandle OutputDebugStringA GetSystemInfo OutputDebugStringW GetPrivateProfileIntW GetTickCount64 WritePrivateProfileStructA FormatMessageA GetModuleFileNameW DuplicateHandle GlobalAlloc GetProfileIntW InitializeSListHead GetSystemTimeAsFileTime LocalFree GetModuleHandleA GetDriveTypeW GetTimeZoneInformation GetVersionExW TerminateProcess GetAtomNameA InitializeCriticalSectionEx VirtualQuery LockResource GetFileSize ResumeThread SignalObjectAndWait GetFileAttributesW DeleteFileW RemoveDirectoryW GlobalDeleteAtom HeapAlloc SetUnhandledExceptionFilter GetStdHandle SizeofResource GetConsoleCP CopyFileW OpenProcess GetConsoleTitleA VirtualProtect GlobalSize GetNLSVersionEx WriteFile GlobalReAlloc FindFirstFileW DeleteCriticalSection GetFileType lstrcpyW LockFile MulDiv GetFileAttributesExW PeekNamedPipe LeaveCriticalSection GetLocaleInfoW GetModuleHandleW GetSystemDirectoryW GetCurrentThread GetShortPathNameW QueryFullProcessImageNameW ReadFile GetProcAddress GetTickCount GlobalLock OpenEventA InitializeCriticalSectionAndSpinCount Thread32Next ReadConsoleW GetFileSizeEx HeapSize CompareStringA SetFilePointer GlobalFindAtomW EnterCriticalSection FreeEnvironmentStringsW WriteConsoleW CreateEventW GetCommandLineW MultiByteToWideChar WideCharToMultiByte GlobalUnlock VirtualAlloc VerSetConditionMask GetLastError CreateProcessW CreateThread GlobalAddAtomW GetProcessHeap FindClose SetThreadpoolThreadMinimum LoadLibraryW LeaveCriticalSectionWhenCallbackReturns GetFileTime RtlUnwind WritePrivateProfileStringW CreateDirectoryW CreateDirectoryExA SetErrorMode GetFileInformationByHandle TlsSetValue EncodePointer lstrcmpA VerifyVersionInfoW GetCommandLineA FindResourceW GlobalGetAtomNameW IsDebuggerPresent CompareStringW FreeLibrary lstrcmpiW VerifyVersionInfoA |
|---|---|
| USER32.dll |
ValidateRect
GetScrollInfo TrackPopupMenu TabbedTextOutW GetMenuDefaultItem GetMenuCheckMarkDimensions ShowWindow SetCursorPos GetDlgCtrlID GetSysColorBrush CopyAcceleratorTableW SetRectEmpty DispatchMessageW BroadcastSystemMessageExW IsCharLowerA GetWindowPlacement MapVirtualKeyExW IsWindowEnabled WinHelpW GetClassLongW SetCapture PostQuitMessage GetDC DestroyMenu LoadIconW SetMenuItemInfoW MapWindowPoints EnumDisplayMonitors ReleaseCapture CallNextHookEx SetCursor GetMenu DestroyWindow CheckDlgButton SetDlgItemTextW MonitorFromPoint GetScrollRange IsCharLowerW WaitMessage DestroyAcceleratorTable GetDesktopWindow InvalidateRect SetClassLongW EmptyClipboard CreatePopupMenu CreateIconFromResourceEx SetParent GetMessageTime PeekMessageW GetComboBoxInfo GetMessagePos IsGUIThread LockWindowUpdate IsClipboardFormatAvailable DeferWindowPos ModifyMenuW SubtractRect SetScrollInfo DefMDIChildProcW UnpackDDElParam ReuseDDElParam SendMessageW SetMenuItemBitmaps DrawTextW PostThreadMessageW CheckMenuItem CreateWindowExW InsertMenuItemW BeginDeferWindowPos IntersectRect CreateAcceleratorTableW DestroyCursor MapVirtualKeyW GetWindow GetPropW KillTimer MessageBoxW DrawStateW DeleteMenu PostMessageW OemKeyScan DrawFocusRect LoadBitmapW CallWindowProcW GetActiveWindow GetKeyboardState GetMonitorInfoW InvertRect UnionRect GetForegroundWindow RemovePropW GetKeyNameTextW CopyImage DrawEdge RedrawWindow GetUpdateRect FrameRect GetMenuStringW IsWindow CharUpperBuffW SetTimer TranslateMDISysAccel PtInRect UpdateLayeredWindow SetForegroundWindow GetWindowContextHelpId GetSysColor ReleaseDC SetWindowsHookExW IsIconic MonitorFromWindow SetPropW GetClassInfoExW ScrollWindow OpenClipboard GetMenuState FindWindowExW OffsetRect MessageBeep SetMenu GetMenuItemInfoW GetWindowRect SetWindowPlacement GetMessageW SendMessageA SystemParametersInfoW ClientToScreen UpdateWindow NotifyWinEvent GetClientRect DrawIconEx GetClassNameW SetLayeredWindowAttributes GetNextDlgTabItem EnumChildWindows TranslateAcceleratorW MoveWindow EndDialog GetCursorPos ShowScrollBar GetMenuItemID LoadAcceleratorsW EnableWindow IsZoomed DefWindowProcW RealChildWindowFromPoint GetSubMenu DrawFrameControl GetFocus IsRectEmpty GetWindowTextW LoadCursorW TranslateMessage DestroyIcon CopyIcon ScreenToClient GetWindowTextLengthW HideCaret SetRect IsMenu GetSystemMetrics GetDoubleClickTime SetClipboardData SendDlgItemMessageA GrayStringW RegisterClipboardFormatW SetMenuDefaultItem GetKeyboardLayout BeginPaint GetWindowThreadProcessId IsDialogMessageW GetDlgItem InsertMenuW CreateMenu EnableMenuItem OpenIcon WindowFromPoint MapDialogRect AppendMenuW GetSystemMenu UnhookWindowsHookEx EndPaint SetWindowLongW SetActiveWindow CharUpperW ToUnicodeEx GetParent SetScrollRange GetNextDlgGroupItem IsCharAlphaW EndDeferWindowPos LoadMenuW GetKeyState GetWindowLongW SetFocus FillRect GetTopWindow RemoveMenu SetWindowPos BringWindowToTop TrackMouseEvent GetCapture UnregisterClassW DrawIcon SetWindowRgn CopyRect GetMenuItemCount CreateDesktopA CloseClipboard GetAsyncKeyState GetWindowRgn DrawTextExW GetLastActivePopup AdjustWindowRectEx EqualRect EnableScrollBar InflateRect DefFrameProcW GetScrollPos GetIconInfo SetWindowTextW RegisterClassW IsWindowVisible SetScrollPos RegisterWindowMessageW IsChild DrawMenuBar GetClassInfoW CreateDialogIndirectParamW LoadImageW ShowOwnedPopups GetWindowDC |
| GDI32.dll |
StretchBlt
OffsetViewportOrgEx GetViewportExtEx GetPaletteEntries CreateSolidBrush LineTo GetBkColor SetDIBColorTable ExtFloodFill GetSystemPaletteEntries GetWindowExtEx SetROP2 GetObjectType PtInRegion RealizePalette CreatePatternBrush Ellipse CreateDCW OffsetRgn Polyline GetNearestPaletteIndex MoveToEx CreateDIBSection GetStockObject BitBlt DeleteDC GetTextExtentPoint32W GetLayout SetPolyFillMode ExtSelectClipRgn CreateCompatibleDC RestoreDC GetBoundsRect CreateHatchBrush GetWindowOrgEx CopyMetaFileW ExtTextOutW CreatePolygonRgn CreateFontIndirectW TextOutW DPtoLP RoundRect EnumFontFamiliesW CreateDIBitmap GetObjectW CreateRoundRectRgn GetPixel CreateRectRgnIndirect SetTextColor CreateEllipticRgn IntersectClipRect SetPaletteEntries CreateCompatibleBitmap CreateBitmap SetBkMode SelectObject GetTextMetricsW RectVisible SetPixel SetViewportOrgEx OffsetWindowOrgEx GetTextColor GetViewportOrgEx CombineRgn CreateRectRgn SelectClipRgn SetMapMode FrameRgn PtVisible PatBlt CreatePen GetDeviceCaps FillRgn SetBkColor SetPixelV GetDIBits SelectPalette SetTextAlign ExcludeClipRect Rectangle SaveDC LPtoDP SetLayout GetTextFaceW Escape SetViewportExtEx Polygon CreatePalette GetRgnBox GetTextCharsetInfo ScaleViewportExtEx SetWindowOrgEx ScaleWindowExtEx DeleteObject SetRectRgn EnumFontFamiliesExW GetClipBox SetWindowExtEx |
| MSIMG32.dll |
TransparentBlt
AlphaBlend |
| WINSPOOL.DRV |
DocumentPropertiesW
OpenPrinterW ClosePrinter |
| ADVAPI32.dll |
RegDeleteKeyTransactedA
RegConnectRegistryExW CryptDestroyHash RegEnumValueW OpenProcessToken CryptAcquireContextA PerfStartProvider RegSetKeySecurity RegQueryValueW BuildImpersonateTrusteeA ObjectPrivilegeAuditAlarmW LookupPrivilegeValueW RegDeleteValueW AllocateAndInitializeSid BuildTrusteeWithSidA AdjustTokenGroups RegOpenKeyExW FreeSid DestroyPrivateObjectSecurity CryptReleaseContext OpenEncryptedFileRawA RegEnumKeyExW RegEnumKeyW ObjectDeleteAuditAlarmA AdjustTokenPrivileges RegDeleteKeyW ConvertStringSecurityDescriptorToSecurityDescriptorA RegSetValueExW AddAuditAccessAce CryptGenRandom CryptCreateHash FindFirstFreeAce CryptHashData BackupEventLogW RegCloseKey RegReplaceKeyW CryptDestroyKey RegQueryValueExW RegSetValueA IsTokenRestricted RegCreateKeyExW CryptImportKey CryptGetHashParam CryptEncrypt ObjectCloseAuditAlarmW |
| SHELL32.dll |
ExtractIconExW
ShellExecuteW SHGetPathFromIDListW ShellExecuteExW SHAppBarMessage SHGetFileInfoW SHGetMalloc SHGetSpecialFolderPathW SHBrowseForFolderW SHGetDesktopFolder #63 SHGetDataFromIDListA #42 DragQueryFileW DragFinish SHGetSpecialFolderLocation CommandLineToArgvW |
| COMCTL32.dll |
InitCommonControlsEx
|
| SHLWAPI.dll |
PathAppendW
PathRelativePathToA PathFindExtensionW PathIsUNCW PathStripToRootW StrCatW StrSpnW #15 #462 PathIsRootW UrlIsNoHistoryW ColorHLSToRGB PathRemoveFileSpecW PathFindFileNameW PathFileExistsW UrlIsW PathStripPathW StrFormatKBSizeW |
| UxTheme.dll |
GetThemePartSize
IsThemeBackgroundPartiallyTransparent OpenThemeData IsAppThemed GetThemeColor CloseThemeData DrawThemeText DrawThemeBackground GetCurrentThemeName DrawThemeParentBackground GetWindowTheme GetThemeSysColor |
| ole32.dll |
OleDuplicateData
CoInitializeSecurity CoInitializeEx CoUninitialize OleGetClipboard CoTaskMemAlloc CoCreateGuid CoCreateInstance CoDisconnectObject CreateStreamOnHGlobal OleTranslateAccelerator OleDestroyMenuDescriptor CoTaskMemFree CoInitialize ReleaseStgMedium DoDragDrop OleLockRunning IsAccelerator RevokeDragDrop CoLockObjectExternal OleCreateMenuDescriptor RegisterDragDrop |
| OLEAUT32.dll |
#4
#6 #2 #337 #211 #346 #238 #147 #77 #16 #303 #177 #167 #185 #8 #10 #114 #9 #12 #7 #161 #184 |
| gdiplus.dll |
GdipDrawImageI
GdipGetImageHeight GdipFree GdipGetImageGraphicsContext GdipCreateBitmapFromHBITMAP GdipDeleteGraphics GdipGetImagePaletteSize GdipDrawImageRectI GdipCloneImage GdipCreateBitmapFromStream GdipCreateFromHDC GdipSetInterpolationMode GdipGetImagePalette GdipDisposeImage GdipBitmapLockBits GdiplusShutdown GdipGetImageWidth GdipCreateBitmapFromScan0 GdipAlloc GdipGetImagePixelFormat GdipBitmapUnlockBits GdiplusStartup |
| WS2_32.dll |
#14
#8 #57 #10 #20 #17 #13 #1 WSAIoctl getaddrinfo freeaddrinfo #23 #21 #15 #9 #7 #115 #116 #111 #151 #18 #112 #16 #19 #2 #3 #4 #5 #6 |
| CRYPT32.dll |
CertFreeCertificateContext
|
| WLDAP32.dll |
#79
#200 #33 #32 #27 #35 #30 #301 #26 #22 #41 #50 #45 #60 #46 #143 #211 |
| Normaliz.dll |
IdnToAscii
|
| WTSAPI32.dll |
WTSShutdownSystem
WTSEnumerateProcessesW WTSVirtualChannelClose WTSVirtualChannelPurgeInput WTSVirtualChannelRead |
| OLEACC.dll |
LresultFromObject
AccessibleObjectFromWindow CreateStdAccessibleObject |
| IMM32.dll |
ImmGetOpenStatus
ImmGetContext ImmReleaseContext |
| WINMM.dll |
PlaySoundW
|
Delayed Imports
1
2
3
4
5
102
128
1 (#2)
1 (#3)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.3.9.7 |
| ProductVersion | 1.3.9.7 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | Chogolisa Company |
| FileDescription | Chogolisa Purview Install |
| FileVersion (#2) | 1.3.9.7 |
| InternalName | ChogolisaPurviewInstall.exe |
| LegalCopyright | Copyright 2020 |
| OriginalFilename | ChogolisaPurviewInstall.exe |
| ProductName | ChogolisaPurviewInstall |
| ProductVersion (#2) | 1.3.9.7 |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2021-Jan-28 16:48:47 |
| Version | 0.0 |
| SizeofData | 1120 |
| AddressOfRawData | 0x2252fc |
| PointerToRawData | 0x2224fc |
TLS Callbacks
| StartAddressOfRawData | 0x62576c |
|---|---|
| EndAddressOfRawData | 0x625774 |
| AddressOfIndex | 0x6493d4 |
| AddressOfCallbacks | 0x5d6054 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0xbc |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x641058 |
| SEHandlerTable | 0x623b14 |
| SEHandlerCount | 1530 |
RICH Header
| XOR Key | 0xcbde03d8 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (26715) | 28 |
| Imports (65501) | 8 |
| C objects (VS2015 UPD3.1 build 24215) | 99 |
| 199 (41118) | 6 |
| C objects (26715) | 33 |
| C++ objects (26715) | 209 |
| 262 (26715) | 2 |
| Imports (26715) | 37 |
| Total imports | 930 |
| C objects (VS 2015/2017/2019 runtime 29118) | 20 |
| ASM objects (VS 2015/2017/2019 runtime 29118) | 26 |
| C++ objects (VS 2015/2017/2019 runtime 29118) | 357 |
| C++ objects (VS2019 Update 8 (16.8.4) compiler 29336) | 14 |
| Resource objects (VS2019 Update 8 (16.8.4) compiler 29336) | 1 |
| 151 | 1 |
| Linker (VS2019 Update 8 (16.8.4) compiler 29336) | 1 |
Errors
[*] Warning: [plugin_authenticode] Error reading the PKCS7 certificate.