418cd1da7084a8441dab07b86afdc460
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2010-Apr-10 12:19:31 |
| Detected languages |
English - United States
|
| CompanyName | DT Soft Ltd. |
| FileDescription | DAEMON Tools Lite Setup |
| FileVersion | 4.45.1.0236.0 |
| InternalName | DAEMONSetup4.45.1.0236.exe |
| LegalCopyright | Copyright (C) 2004-2009 |
| OriginalFilename | DAEMONSetup4.45.1.0236.exe |
| ProductName | DAEMON Tools Lite |
| ProductVersion | 4.45.1.0236.0 |
Plugin Output
| Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: DT Soft Ltd
Issuer: VeriSign Class 3 Code Signing 2009-2 CA |
| Malicious | VirusTotal score: 21/67 (Scanned on 2020-01-22 21:26:55) |
Zillya:
Adware.Agent.Win32.87018
K7GW: Unwanted-Program ( 0040fa551 ) K7AntiVirus: Unwanted-Program ( 004d38111 ) TrendMicro: Adware.Win32.OpenCandy.AA Cyren: W32/OpenCandy.E.gen!Eldorado ESET-NOD32: Win32/OpenCandy potentially unsafe NANO-Antivirus: Riskware.Win32.OpenCandy.ezagpo Rising: Malware.Undefined!8.C (CLOUD) Comodo: Malware@#2q4xswbncrj7v DrWeb: Adware.OpenCandy.128 Invincea: heuristic Fortinet: W32/OpenCandy F-Prot: W32/OpenCandy.E.gen!Eldorado Jiangmin: AdWare.OpenCandy.k Avira: PUA/OpenCandy.Gen Microsoft: PUA:Win32/CandyOpen VBA32: Adware.OpenCandy TrendMicro-HouseCall: Adware.Win32.OpenCandy.AA Yandex: PUA.OpenCandy! eGambit: Unsafe.AI_Score_99% GData: Win32.Adware.OpenCandy.D |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xe0 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2010-Apr-10 12:19:31 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 9.0 |
| SizeOfCode | 0x6400 |
| SizeOfInitializedData | 0x69400 |
| SizeOfUninitializedData | 0x4200 |
| AddressOfEntryPoint | 0x0000354B (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x8000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.0 |
| ImageVersion | 6.0 |
| SubsystemVersion | 5.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x23d000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0xe0e4dd |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.ndata
.rsrc
Imports
| KERNEL32.dll |
SetFileTime
CompareFileTime SearchPathW GetShortPathNameW GetFullPathNameW MoveFileW SetCurrentDirectoryW GetFileAttributesW GetLastError CreateDirectoryW SetFileAttributesW Sleep GetTickCount CreateFileW GetFileSize GetModuleFileNameW GetCurrentProcess CopyFileW ExitProcess GetWindowsDirectoryW GetTempPathW GetCommandLineW SetErrorMode CloseHandle lstrlenW lstrcpynW GetDiskFreeSpaceW GlobalUnlock GlobalLock CreateThread LoadLibraryW CreateProcessW lstrcmpiA GetTempFileNameW lstrcatW GetProcAddress LoadLibraryA GetModuleHandleA OpenProcess lstrcpyW GetVersionExW GetSystemDirectoryW GetVersion lstrcpyA RemoveDirectoryW lstrcmpiW lstrcmpW ExpandEnvironmentStringsW GlobalAlloc WaitForSingleObject GetExitCodeProcess GlobalFree GetModuleHandleW LoadLibraryExW FreeLibrary WritePrivateProfileStringW GetPrivateProfileStringW WideCharToMultiByte MulDiv lstrlenA WriteFile ReadFile MultiByteToWideChar SetFilePointer FindClose FindNextFileW FindFirstFileW DeleteFileW lstrcpynA |
|---|---|
| USER32.dll |
ScreenToClient
GetMessagePos CallWindowProcW IsWindowVisible LoadBitmapW CloseClipboard SetClipboardData EmptyClipboard OpenClipboard TrackPopupMenu GetWindowRect AppendMenuW CreatePopupMenu GetSystemMetrics EndDialog EnableMenuItem GetSystemMenu SetClassLongW IsWindowEnabled SetWindowPos DialogBoxParamW CheckDlgButton CreateWindowExW SystemParametersInfoW RegisterClassW SetDlgItemTextW GetDlgItemTextW MessageBoxIndirectW CharNextA CharUpperW CharPrevW DispatchMessageW PeekMessageW wsprintfA DestroyWindow CreateDialogParamW SetTimer SetWindowTextW PostQuitMessage SetForegroundWindow ShowWindow wsprintfW SendMessageTimeoutW LoadCursorW SetCursor GetWindowLongW GetSysColor CharNextW GetClassInfoW ExitWindowsEx FindWindowExW GetDlgItem SetWindowLongW LoadImageW GetDC EnableWindow InvalidateRect SendMessageW DefWindowProcW BeginPaint GetClientRect FillRect DrawTextW EndPaint IsWindow |
| GDI32.dll |
SetBkColor
GetDeviceCaps DeleteObject CreateBrushIndirect CreateFontIndirectW SetBkMode SetTextColor SelectObject |
| SHELL32.dll |
SHBrowseForFolderW
SHGetPathFromIDListW SHGetFileInfoW ShellExecuteW SHFileOperationW SHGetSpecialFolderLocation |
| ADVAPI32.dll |
RegEnumKeyW
RegOpenKeyExW RegCloseKey RegDeleteKeyW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegQueryValueExW RegEnumValueW |
| COMCTL32.dll |
ImageList_AddMasked
ImageList_Destroy #17 ImageList_Create |
| ole32.dll |
CoTaskMemFree
OleInitialize OleUninitialize CoCreateInstance |
| VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoW VerQueryValueW |
Delayed Imports
110
1
2
3
4
102
103
104
105
106
111
103 (#2)
1 (#2)
1 (#3)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0 |
| FileVersion | 4.45.1.236 |
| ProductVersion | 4.45.1.236 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| CompanyName | DT Soft Ltd. |
| FileDescription | DAEMON Tools Lite Setup |
| FileVersion (#2) | 4.45.1.0236.0 |
| InternalName | DAEMONSetup4.45.1.0236.exe |
| LegalCopyright | Copyright (C) 2004-2009 |
| OriginalFilename | DAEMONSetup4.45.1.0236.exe |
| ProductName | DAEMON Tools Lite |
| ProductVersion (#2) | 4.45.1.0236.0 |
| Resource LangID | UNKNOWN |
|---|
TLS Callbacks
Load Configuration
RICH Header
| XOR Key | 0x37178e78 |
|---|---|
| Unmarked objects | 0 |
| C objects (VS2012 build 50727 / VS2005 build 50727) | 3 |
| Imports (VS2012 build 50727 / VS2005 build 50727) | 17 |
| Total imports | 168 |
| C objects (VS2008 SP1 build 30729) | 11 |
| Linker (VS2008 SP1 build 30729) | 1 |
| Resource objects (VS2008 SP1 build 30729) | 1 |
Errors
[*] Warning: Section .ndata has a size of 0!
[*] Warning: [plugin_authenticode] Hashing algorithm 1.2.840.1015.13.1.1.5 is not supported.