Manalyze report for 4003eeea42d38388743ac5d942ad837be5b73f8018b28f93bec5d8c2c6e8a7f6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Feb-24 19:19:59
Detected languages	English - United States
Comments	Photoshop for minimalists: no installation, no trash left behind. For additional details, visit http:\\portableXapps.blogspot.com
CompanyName	PortableXApps
FileDescription	Photoshop LITE Portable
FileVersion	`13.0.1.2`
InternalName	Photoshop LITE Portable
LegalCopyright	PortableXApps
LegalTrademarks	PortableXAppsÂ® 2012
OriginalFilename	PhotoshopPortable.exe
ProductName	Photoshop LITE Portable
ProductVersion	`13.0.1.2`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: blogspot.com http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net portableXapps.blogspot.com`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Can access the registry: RegEnumKeyW RegOpenKeyExW RegCloseKey RegDeleteKeyW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegQueryValueExW RegEnumValueW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW` `Manipulates other processes: OpenProcess` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`119351 bytes of data starting at offset 0x12000.` `The overlay data has an entropy of 7.97796 and is possibly compressed or encrypted.`
Safe	VirusTotal score: 0/72 (Scanned on 2026-02-24 15:38:00)	`All the AVs think this file is safe.`

Hashes

MD5	`0c86a4623048ec7ae0eb449c054cc989`
SHA1	`61953837e17fa5b81cb91e8f75226d49c6ea06ec`
SHA256	`4003eeea42d38388743ac5d942ad837be5b73f8018b28f93bec5d8c2c6e8a7f6`
SHA3	`55fe650d41303d47f1e2b1bb9e5c948851c190ab8ba9deb9d0739db3892edb54`
SSDeep	`3072:bweqOYEUXPnypEzyJQIQQQJQDb+y563wQjiC66cJ6IvTWg/RL1ffZNrjoC6eBOom:0EUXKh05Y6mHxBj36NoQbVhzLkEdT0fM`
Imports Hash	`32f3282581436269b3a75b6675fe3e08`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2012-Feb-24 19:19:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x7000`
SizeOfInitializedData	`0x6ce00`
SizeOfUninitializedData	`0x4200`
AddressOfEntryPoint	`0x000039E3 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`6.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x16d000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f569e353af0ed51bf4c216faa9bed4e7`
SHA1	`6a44a12f5af7cce9abbd9cd636f52401b2120209`
SHA256	`43b1b548befd5d2a4638048c6f234cbb66fa07c1fd709bbc3e73bb4d642da595`
SHA3	`2a5b3f035f6962e7f8bbe2adb74570e17e1925c226adfc81c2a4375bea2310a9`
VirtualSize	`0x6f10`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49788`

.rdata

MD5	`91eee43954e068e650f7b73a8b0e6915`
SHA1	`b547eb6e6cac33ee3733ac68385899629a5e5f17`
SHA256	`e0f96857d54993cd0a9a734ab76698d270a5311129cc442a3344bb196b9afe4a`
SHA3	`0e15cfd9c8ce1462c26fb202da97515881abdf0e9729f0cadfda0e8fbe60c89b`
VirtualSize	`0x2a92`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39389`

.data

MD5	`db9f7acbf1c3ddfe255077b699955dfa`
SHA1	`53188fc5923c982a5f95f3d84c9e65d33d887d59`
SHA256	`6db33451a2c8a909671725fe9d9e735e8c3bc704954f014503d33963aca37551`
SHA3	`defd360cc2dc6f7f28b1998314c9492a9f450dc1fad927840058dee2eb8cb32d`
VirtualSize	`0x67ebc`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.47278`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xf1000`
VirtualAddress	`0x73000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`764a2b801e42ce22e9f5921d2420827c`
SHA1	`27904fb3574e7a9901e3ab46899133d5c0b8722d`
SHA256	`488bcb9269dc4a7476ceb7b922ca79072a82c80797e3cf0d094936362f5f6e30`
SHA3	`92f15577b0a630207ac0caea9a2483d63d91fc2bdd9ee2037cb6aca93579676b`
VirtualSize	`0x7dd8`
VirtualAddress	`0x164000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.71304`

.reloc

MD5	`06ab8406fe6d3609a2f0e635eab44786`
SHA1	`b5a741d93cbd8f9b5af565b4805c011330355b58`
SHA256	`c2272b5cf842998f76ae00596f69073e83a04e041bdba1da4595d282100eb5ca`
SHA3	`91d6f1ffc4e5de07419199623cac2f50955ffa576dab835c89a30a7ce99c07fd`
VirtualSize	`0xf8a`
VirtualAddress	`0x16c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.8324`

Imports

KERNEL32.dll	`SetFileTime` `CompareFileTime` `SearchPathW` `GetShortPathNameW` `GetFullPathNameW` `MoveFileW` `SetCurrentDirectoryW` `GetFileAttributesW` `GetLastError` `CreateDirectoryW` `SetFileAttributesW` `Sleep` `GetTickCount` `CreateFileW` `GetFileSize` `GetModuleFileNameW` `GetCurrentProcess` `CopyFileW` `ExitProcess` `GetWindowsDirectoryW` `GetTempPathW` `GetCommandLineW` `SetErrorMode` `CloseHandle` `lstrlenW` `lstrcpynW` `GetDiskFreeSpaceW` `GlobalUnlock` `GlobalLock` `CreateThread` `LoadLibraryW` `CreateProcessW` `lstrcmpiA` `GetTempFileNameW` `lstrcatW` `GetProcAddress` `LoadLibraryA` `GetModuleHandleA` `OpenProcess` `lstrcpyW` `GetVersionExW` `GetSystemDirectoryW` `GetVersion` `lstrcpyA` `RemoveDirectoryW` `lstrcmpA` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalAlloc` `WaitForSingleObject` `GetExitCodeProcess` `GlobalFree` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `WideCharToMultiByte` `lstrlenA` `MulDiv` `WriteFile` `ReadFile` `MultiByteToWideChar` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `lstrcpynA`
USER32.dll	`GetAsyncKeyState` `IsDlgButtonChecked` `ScreenToClient` `GetMessagePos` `CallWindowProcW` `IsWindowVisible` `LoadBitmapW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `TrackPopupMenu` `GetWindowRect` `AppendMenuW` `CreatePopupMenu` `GetSystemMetrics` `EndDialog` `EnableMenuItem` `GetSystemMenu` `SetClassLongW` `IsWindowEnabled` `SetWindowPos` `DialogBoxParamW` `CheckDlgButton` `CreateWindowExW` `SystemParametersInfoW` `RegisterClassW` `SetDlgItemTextW` `GetDlgItemTextW` `MessageBoxIndirectW` `CharNextA` `CharUpperW` `CharPrevW` `wvsprintfW` `DispatchMessageW` `PeekMessageW` `wsprintfA` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `LoadCursorW` `SetCursor` `GetWindowLongW` `GetSysColor` `CharNextW` `GetClassInfoW` `ExitWindowsEx` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `FindWindowExW`
GDI32.dll	`SetBkColor` `GetDeviceCaps` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor` `SelectObject`
SHELL32.dll	`SHBrowseForFolderW` `SHGetPathFromIDListW` `SHGetFileInfoW` `ShellExecuteW` `SHFileOperationW` `SHGetSpecialFolderLocation`
ADVAPI32.dll	`RegEnumKeyW` `RegOpenKeyExW` `RegCloseKey` `RegDeleteKeyW` `RegDeleteValueW` `RegCreateKeyExW` `RegSetValueExW` `RegQueryValueExW` `RegEnumValueW`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `#17` `ImageList_Create`
ole32.dll	`CoTaskMemFree` `OleInitialize` `OleUninitialize` `CoCreateInstance`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36b7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.81403`
Detected Filetype	PNG graphic file
MD5	`793b0e6feec5eae7b340d0d91f490b22`
SHA1	`739dbb097fdf1ecb9d6121b39fc8be434b2acca1`
SHA256	`503429cdf3927c5ebdf9c5df4abc6823c0d31c7423ef6801c2010c509f49a506`
SHA3	`668f37fcb862551974f43d937782a055c702490a5f727ecba7c20b903a1833b0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22567`
MD5	`dd83a468c4c9dbdce5160865b1a2df81`
SHA1	`a35a7d62274225a703142f832e364b0f81eb89c5`
SHA256	`a9172ff7879a5e411177fd753f7f580d5d5e59eac65c964ce456edeb1e9fa9db`
SHA3	`51d5b46faeb2d5fe8192b606d035b3ae980461ffed6761640529eae6f8e48204`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01254`
MD5	`7ef16583e68f7beffd140f470899de0d`
SHA1	`59552a1878957b381e20d4a1b8b47a2c1945ea12`
SHA256	`83851d60f21aec29950137986d7cd4d924324bad0057f72ba3d91306a724fe16`
SHA3	`5e85d11eae1021ceb20ef321b039e4b47115a7ee75ac9224859cf7733476a985`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.67536`
MD5	`c11ce1a4b39070754ddeb19cf469a861`
SHA1	`0e0874bddb534d8a5ef6851616428b06e7be145b`
SHA256	`e52a6803de2ce747854cd65df87906b426e1b644166b2354341b09af1d955d05`
SHA3	`a4e4d5e832b28340ba8165af28a50068243b276428452e168b954dd80ca7612c`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66174`
MD5	`3409f314895161597f3c395cc5f65525`
SHA1	`1a99d016d65e567f24449d9362afb6ac44006d0b`
SHA256	`fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96`
SHA3	`b3b19241cc6454389e45833e50b742ae1927a5f161017350a99f2cbc66914f26`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87228`
MD5	`342ad3fc8890c3e322fa5c9cea16b6fc`
SHA1	`b9f3b3e8f818601b3887ce5d611d511f4663613a`
SHA256	`a8d9dbff8670eb6b79b028eb3242433e9e9da289d816f86e7d2d5b661e74cc5e`
SHA3	`c783f4139d925ff3c102b8a8292dcd6af12cc809d76b1d7f3f1e354c39901220`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48825`
MD5	`6be4e1387d369cf86e68eacbdd0e81dd`
SHA1	`351970fe2681b9b35b5d59ad052011ed96a96e17`
SHA256	`85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0`
SHA3	`45e552e173141e06d113209b6cc915042ad0b4d5531464b8dbe5637029f489cb`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44608`
Detected Filetype	Icon file
MD5	`f8308c075ab191911ae0e7cf06d1951e`
SHA1	`26c800f62dd107014c6f9be3233f53550815c0bf`
SHA256	`003757af98293712789410f528c62d610f360f37c66c5edd19b50950ccf4cd2c`
SHA3	`3b1262b00742e5f0ec7485934120a3d1e7e789ec35f9f579380813777e578f3c`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x47c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38871`
MD5	`62505cb54680d30d747083b3c51fe504`
SHA1	`94214df8865e99b319c44257fbb26500b3989c10`
SHA256	`808ec13ef3c5cc504e6132ce0030eb286c14e98c5ce5442e39ae90a3e254f627`
SHA3	`11d9962d8a2034c70f680cf4b7fe1d3310488d47e5df7c170e2176a7cd9517a0`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19837`
MD5	`c7f9c4ac77f7f3fffd696861433db982`
SHA1	`4f8ccf16e53ab4545469e8e8caab9d00ba9a171d`
SHA256	`9c45034f1d291b4398879599b62bea3146c61094bc3a9d6b9a40bb3bb59e2a0d`
SHA3	`937ca1ccc445aa683f0d71819fa4078cdeeb99904fdf841686404ed71e50e947`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	13.0.1.2
ProductVersion	13.0.1.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Photoshop for minimalists: no installation, no trash left behind. For additional details, visit http:\\portableXapps.blogspot.com
CompanyName	PortableXApps
FileDescription	Photoshop LITE Portable
FileVersion (#2)	13.0.1.2
InternalName	Photoshop LITE Portable
LegalCopyright	PortableXApps
LegalTrademarks	PortableXAppsÂ® 2012
OriginalFilename	PhotoshopPortable.exe
ProductName	Photoshop LITE Portable
ProductVersion (#2)	13.0.1.2

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x38bf1a05`
Unmarked objects	`0`
C objects (VS2008 SP1 build 30729)	`3`
Imports (VS2008 SP1 build 30729)	`17`
Total imports	`172`
C objects (VS2010 SP1 build 40219)	`12`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.