| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2011-Jul-12 08:10:59
|
| Detected languages |
English - United Kingdom
English - United States
|
| CompanyName |
SBE network solutions GmbH
|
| FileDescription |
Ensures that configured user shell folders exist
|
| FileVersion |
1.0
|
| InternalName |
EnsureShellFolders
|
| LegalCopyright |
(c) SBE network solutions GmbH
|
| OriginalFilename |
EnsureShellFolders.exe
|
| ProductName |
EnsureShellFolders
|
| ProductVersion |
1.0
|
| Info |
The PE contains common functions which appear in legitimate applications. |
Can access the registry:
- RegCloseKey
- RegOpenKeyExA
- RegQueryValueExA
- RegSetValueExA
|
| Suspicious |
VirusTotal score: 1/72 (Scanned on 2023-11-30 23:30:22) |
APEX:
Malicious
|
| MD5 |
83c1d4e998b17a9c44620b0af5ec4672
|
| SHA1 |
669416f887e27e4d8d4bea8ec7a27dda930786f0
|
| SHA256 |
3ee07202b4ed21f3a48775b2dcbe4297b891f42fbecf4c0da962af0cc70bbb3d
|
| SHA3 |
2dc7e937472580985b396a6e91d008b7f56ecd3a4e93d8d3e2dca036eb1bd369
|
| SSDeep |
3072:gyLGsczYrxmelg7RrMNll1qllldlXlllspiYxAeZi6/zVM887eaeoxlUlCl6lll:3LG1zY1rZE
|
| Imports Hash |
8c96be31a5cb4ea040b240d8e4c0b380
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
6
|
| TimeDateStamp |
2011-Jul-12 08:10:59
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x6200
|
| SizeOfInitializedData |
0x16a00
|
| SizeOfUninitializedData |
0xc00
|
| AddressOfEntryPoint |
0x00001130 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x8000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x22000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x1f050
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
b4a2819cc6ff5de650cd46fb677570dc
|
| SHA1 |
0f5ad766a7dcb85870525e634e9d6a6371900573
|
| SHA256 |
c82b04eaea93929d51bd26a9715a22ac93bea476a6754a054b0cd94da11fbe31
|
| SHA3 |
5337d38e391df14fdd7eab353bdd9129099176119fc26bb4620418cdd595e153
|
| VirtualSize |
0x6020
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x6200
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.24559
|
| MD5 |
3516a71d563a81d9ad7192ed1264dc45
|
| SHA1 |
1234bef99c7fcbced7dabddf0375facde5004307
|
| SHA256 |
a9a3402a301810a5e5674721d4c25d536077f1c964c5b97e583d1f5000f2cab0
|
| SHA3 |
7287dc1af82cbf02feb30f3851c72606010d2b452f951fa64c5bc1af12fae989
|
| VirtualSize |
0x64
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x6600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.693092
|
| MD5 |
9b9406cc1775b78db945d558eba10e43
|
| SHA1 |
f9e0a3609ef1768a5ef55bd46e23dbbaf9bbbc81
|
| SHA256 |
3903ad9c9b5d7a05f2550c3e9598f268c824a812c56153d32c63ab51d9e183f9
|
| SHA3 |
753f1c1b0d58194aced1c288dff80a72063467997ae89ad9dc1eba97476ed9d3
|
| VirtualSize |
0xd20
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0xe00
|
| PointerToRawData |
0x6800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.58138
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xac0
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
ea106bc79d0fef1c0536be5c259d7824
|
| SHA1 |
9c1df2596237348f3449eb1f357d0a26b3365c43
|
| SHA256 |
9f9c8824e4adce286bc75f9def5f8cedec9130233df0d439287f06cff792db85
|
| SHA3 |
c18afa9e7eab21cf797253544ec1bd3a8c1b392c521356aff7bb4dc0f954f4fd
|
| VirtualSize |
0x660
|
| VirtualAddress |
0xb000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x7600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.08916
|
| MD5 |
4e0378252b4f8904413650c7b8a376c2
|
| SHA1 |
3ecf2062c550f7424e2b9aa4ca86a61fb10fdcc3
|
| SHA256 |
79ecca1eb660c1a9f3555a4c01105f4e4db912b6013357c03a7f6d510bbe67e5
|
| SHA3 |
f3a30fa0eebf5ef66f9dd8989132c02b7c580f1b28b4c971747c316134006f06
|
| VirtualSize |
0x151c4
|
| VirtualAddress |
0xc000
|
| SizeOfRawData |
0x15200
|
| PointerToRawData |
0x7e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
5.70132
|
| ADVAPI32.DLL |
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
GetLastError
GetModuleHandleA
GetProcAddress
GetVersionExA
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
VirtualProtect
VirtualQuery
WideCharToMultiByte
|
| msvcrt.dll |
_mkdir
|
| msvcrt.dll (#2) |
_mkdir
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
2011-Jul-12 08:10:58
|
| Entropy |
6.47527
|
| MD5 |
438311f15f1246109d67a8d0c0a85017
|
| SHA1 |
b82b38b820678869ef4958301775004a53b093ab
|
| SHA256 |
6229fbe1b7ee1035971fd72099450dd720fd61b315e479ec4f7e093362d0ae34
|
| SHA3 |
b19b8133db9e31baddffa0ffe88c4c88b8a327d47e36c0dcd658c464d9754ff3
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x988
|
| TimeDateStamp |
2011-Jul-12 08:10:58
|
| Entropy |
6.15922
|
| MD5 |
5ed7f4422a350814c0567ed2be1ff0c5
|
| SHA1 |
a5c8f2273d50ab6a02f5e352fa698bf5e42d252c
|
| SHA256 |
15d46566d7212bce39358223c4d3dc734f2dffc8a740eba10486313a9f381512
|
| SHA3 |
32778462c5d2eba5f61c47e3afe2fe7dffe89b8ea55fd397c6c928ee29ac14b8
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
2011-Jul-12 08:10:58
|
| Entropy |
6.15176
|
| MD5 |
0323bdcf9e6e27780d2254a4c96c7f82
|
| SHA1 |
651a5140d002fbb9924345bff41cc2d419c994df
|
| SHA256 |
7b3c17c6b1342996cb19947cfa0bb99aff46c45e5e0eb9c2b838aff3983fd81a
|
| SHA3 |
a4e3f07b8cf63f024a2583604e5439ffffb33b280aee39123ffe5b12b79a03b1
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
2011-Jul-12 08:10:58
|
| Entropy |
5.92608
|
| MD5 |
c1af77414d4e1a0b279315fd93b4065a
|
| SHA1 |
dedad2116c774726c8fe678d838da8c92f0e98dd
|
| SHA256 |
c400e8453cdab853af6eea7e86a003ffc5c24ebb50e3305ea71c384661bf0c3d
|
| SHA3 |
7c74d4425916e9cfa6ca607591ef669b68fc53b8b0ff16cc2b4ad5be24e32a90
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10828
|
| TimeDateStamp |
2011-Jul-12 08:10:58
|
| Entropy |
5.56401
|
| MD5 |
c3894f21e7d244130f95e66f6ea8c276
|
| SHA1 |
94346ca7736ae4a3656c062608bbaf9f85e7e5fb
|
| SHA256 |
eb651f16fe3b1e0ce1ebbb50c7bd674544f903829109c6f5c0bcd06368b8b0d9
|
| SHA3 |
3392bca66c539af2fb5d825d36962e6b27757953e0f43894b145c066c07db621
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4c
|
| TimeDateStamp |
2011-Jul-12 08:10:58
|
| Entropy |
2.82914
|
| Detected Filetype |
Icon file
|
| MD5 |
a1697bc56a7898148c652d33bf9e120d
|
| SHA1 |
ded2543530f3d9d294ca58b3e6ebced21479ff0e
|
| SHA256 |
9265532ba125a4d4ced68f468600bdfa64ad441bcd558092f0b2e4e1aca70420
|
| SHA3 |
1a64d049dffff9be80633825ecb429a551107dc8da687d70f948d0914f9eecfc
|
| Type |
RT_VERSION
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x360
|
| TimeDateStamp |
2011-Jul-12 08:10:58
|
| Entropy |
3.27919
|
| MD5 |
b0e6852dabeb5eb9c267c0f647fbddcc
|
| SHA1 |
f9ae55ea08f5bfcbe7b97e3955cb69cf36e80e95
|
| SHA256 |
2fb387bccde23622f5a9fe43dbb2a674966d8e55ee3a598ceedb9c9230d37063
|
| SHA3 |
b972717d33658822ba6e53ce76c25bb666cc08ae4db0a3095212b8aa1a374d94
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
1.0.0.0
|
| ProductVersion |
1.0.0.0
|
| FileFlags |
(EMPTY)
|
| FileOs |
(EMPTY)
|
| FileType |
VFT_UNKNOWN
|
| Language |
English - United Kingdom
|
| CompanyName |
SBE network solutions GmbH
|
| FileDescription |
Ensures that configured user shell folders exist
|
| FileVersion (#2) |
1.0
|
| InternalName |
EnsureShellFolders
|
| LegalCopyright |
(c) SBE network solutions GmbH
|
| OriginalFilename |
EnsureShellFolders.exe
|
| ProductName |
EnsureShellFolders
|
| ProductVersion (#2) |
1.0
|
| Resource LangID |
English - United States
|
[*] Warning: Section .bss has a size of 0!
3ee07202b4ed21f3a48775b2dcbe4297b891f42fbecf4c0da962af0cc70bbb3d