43e89724bb8934402dabb6990f2c64ca

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Oct-01 09:06:16
Detected languages English - United States
FileDescription INF Scanner Installer
FileVersion 1.00.71
InternalName wiainst
Comments Developed by Dmitry E. Smirnov
OriginalFilename wiainst.exe
ProductName INF Scanner Installer
ProductVersion 1.00.71

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Can access the registry:
  • RegOpenKeyExA
  • RegEnumKeyExA
  • RegDeleteKeyExA
  • RegDeleteValueA
  • RegEnumValueA
  • RegDeleteKeyA
  • RegSetValueExA
  • RegCreateKeyExA
  • RegQueryValueExA
  • RegCloseKey
Possibly launches other programs:
  • CreateProcessA
Can create temporary files:
  • CreateFileA
  • GetTempPathA
Info The PE is digitally signed. Signer: Samsung Electronics CO.
Issuer: VeriSign Class 3 Code Signing 2004 CA
Safe VirusTotal score: 0/66 (Scanned on 2017-12-27 17:14:25) All the AVs think this file is safe.

Hashes

MD5 43e89724bb8934402dabb6990f2c64ca
SHA1 6fee9a7e780e1f60bceaf05f5b02f64922fd18de
SHA256 6d67337e9e228fe4b2c5f58fcc5077afae63124d1de06299be746547b22ce03c
SHA3 898a953e133d777baa4a6c611231c73a0587b9f337021fbcf69822aa86d06eab
SSDeep 3072:8D1/1VGmDTNPrrsg5O+XM2sIi/YSnizx6WLUftzogDJpBNLMX2gJ5g:8D13nTlVcVIVSnUx6WLItzBqX2Ug
Imports Hash 26ecacb6f3ea176c561b2927e822adc0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2010-Oct-01 09:06:16
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 8.0
SizeOfCode 0x15e00
SizeOfInitializedData 0xb400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000A160 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x26000
SizeOfHeaders 0x400
Checksum 0x293cf
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 494013b1d51fcc1bad29741d9ca2c34e
SHA1 a3cba25e39af64e89ac9590b2fb74bf6b5b03f8a
SHA256 b793f86e6fcacbe5e41c7b331c322d2f6aeea8b25622c51dd2f5ea3ec75d1edc
SHA3 ece9a4e4b4395aa26abb7cb7301460926f3d6e0ad6d571ca7b7168b1837cc063
VirtualSize 0x15caa
VirtualAddress 0x1000
SizeOfRawData 0x15e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.24188

.rdata

MD5 d3b754e10061853d2234bfa089c65e93
SHA1 3f91998a4b23616f8ac4dab0c730be9e050565b9
SHA256 6b5065c17df31ddb8bd6fdd7b3bc17ba4a2610c44b57d6039325531677c22499
SHA3 f0c8aa10e8a584761972c91a94726e53cbac8a88665b4f20029bbb3975a44213
VirtualSize 0x7ae2
VirtualAddress 0x17000
SizeOfRawData 0x7c00
PointerToRawData 0x16200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.43021

.data

MD5 0a8d1c10e549704c3c83525ec4f6bc49
SHA1 24ea0d552d19937516e7a4ce04e106ae8724d5f0
SHA256 e61424997bdaf5c341f9016cdba63682d73998c247130b335bd872c8e71a6995
SHA3 7fd3afd8b7947c36126804d9832bddb4651cbfa55a8698cc02eb596ed8c76ed6
VirtualSize 0x38f8
VirtualAddress 0x1f000
SizeOfRawData 0x1800
PointerToRawData 0x1de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.362

.pdata

MD5 d98080fa9f4d14c7ab8ef53d6162feaf
SHA1 a646875b7b58eb49536bc23b0aad1ff0155e7373
SHA256 a0626531f8156a1eb3797fb145d2da6785c730460e48163657531dc396e51359
SHA3 65d7538f4146cc7d42c8f804aa5d4a8035c6883a67e52d7a31789dcddab1afcd
VirtualSize 0x13ec
VirtualAddress 0x23000
SizeOfRawData 0x1400
PointerToRawData 0x1f600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.14978

.rsrc

MD5 a392668837ea671377c123e3071e5dab
SHA1 9ae29147fd8425ba5a4f5e5ad3fb485a4fcf00b2
SHA256 93cb981f3909f3b0405f957bc58238fee9ee0dcf4bdb4990b2787089de51e828
SHA3 04ae6bfa6f51d4c0b872ed1e328e448bc22366b84bafaad85bd689bff22b3e03
VirtualSize 0xb9c
VirtualAddress 0x25000
SizeOfRawData 0xc00
PointerToRawData 0x20a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.37729

Imports

VERSION.dll GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
SETUPAPI.dll SetupCloseInfFile
SetupGetStringFieldA
SetupFindFirstLineA
SetupGetLineByIndexA
SetupGetIntField
SetupGetLineCountA
SetupGetSourceInfoA
SetupGetSourceFileLocationA
SetupSetDirectoryIdA
SetupOpenAppendInfFileA
SetupOpenInfFileA
SetupCloseFileQueue
SetupInstallFromInfSectionA
SetupInstallServicesFromInfSectionA
SetupTermDefaultQueueCallback
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiRemoveDevice
SetupDiDestroyDeviceInfoList
SetupOpenFileQueue
SetupInstallFilesFromInfSectionA
SetupScanFileQueueA
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackA
SetupCommitFileQueueA
COMCTL32.dll #17
KERNEL32.dll InitializeCriticalSection
HeapSize
GetLocaleInfoA
EnterCriticalSection
HeapReAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
LeaveCriticalSection
lstrcpyA
GetVersionExA
lstrlenA
CreateFileA
GetTempPathA
CloseHandle
FormatMessageA
WriteFile
GetLastError
GetTimeFormatA
GetLocalTime
CreateDirectoryA
GetFileAttributesA
ReadFile
LoadLibraryA
DeleteFileA
FreeLibrary
GetModuleFileNameA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
GetFullPathNameA
CreateProcessA
LocalFree
GetCurrentProcess
WaitForSingleObject
LocalAlloc
Sleep
GetShortPathNameA
CompareFileTime
GetFileTime
GetWindowsDirectoryA
GetSystemDirectoryA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
SetFileAttributesA
MultiByteToWideChar
CopyFileA
GetModuleHandleA
HeapSetInformation
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
WriteConsoleW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
GetProcAddress
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
RtlPcToFileHeader
RaiseException
FlsAlloc
GetCurrentThreadId
SetLastError
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
TlsFree
FlsFree
USER32.dll LoadStringA
wsprintfA
MessageBoxA
wvsprintfA
WINSPOOL.DRV GetPrinterDriverDirectoryA
GetPrintProcessorDirectoryA
ADVAPI32.dll RegOpenKeyExA
ChangeServiceConfig2A
RegEnumKeyExA
GetLengthSid
RegDeleteKeyExA
RegDeleteValueA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SHELL32.dll SHFileOperationA
SHGetFolderPathA
ole32.dll CoInitializeEx
CoCreateInstance
CoUninitialize
OLEAUT32.dll #2
#6

Delayed Imports

1

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x4ba
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30143
MD5 d51219e0e2e5bcc97c4b0401c90bb7cd
SHA1 0ce51f7e97c269341b323461c07db3c5045592e8
SHA256 0301bedff1b269ebb5cfe3408d9dba2d618d71e9341e56650f68401b11e3cb22
SHA3 9fc63271848a6e6c9cfb80bf22e4574cc819012fe377f045405c31020435e1a6

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x2a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29872
MD5 cd0afc841bdcf37b5fa1d1701bd4f087
SHA1 a570410b356b55df003b71fe48fba23a6bbff61b
SHA256 261502ede62da7b8f4ea325e5a84833f48baf80d3f8324ca101dcb0d1da877ae
SHA3 fc2975acb3e2ab1b074759d3dc5c7802a1759fee185a4376e924405b8bb1a9a0

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x34f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.10107
MD5 32a3f3a5f5b41e77110d184d585dc761
SHA1 318438288a377bad1a8372f1fea29874b09b1a1d
SHA256 3ae66578799083bc2bab9a6d19a578bce5551ced40442ed610a7d7418164a795
SHA3 4271b7e43f63585d5cdc3edfa3301f4f0551b14938dddbfbf58cc91d547c320e

String Table contents

Program usage:
>wiainst.exe [/h] [/?]
>wiainst.exe InfPath [/iN] [/mManufacturer] [/w]
>wiainst.exe /uScannerName [/mManufacturer] [/p]
InfPath - INF filename (with path if needed)
/mManufacturer - manufacturer
/iN - index of scanner in INF file
/w - overwrite files
/d - delayed file copying (WinNT+)
/x - non-device installation (USD driver)
/r - restart STI service
/lLanguage - current language suffix
/uScannerName - uninstall scanner
/p - remove pre-installed files
/h, /? - show syntax
Please refer to LOG file created:
INF Scanner Installer - version

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.71.0
ProductVersion 1.0.71.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
FileDescription INF Scanner Installer
FileVersion (#2) 1.00.71
InternalName wiainst
Comments Developed by Dmitry E. Smirnov
OriginalFilename wiainst.exe
ProductName INF Scanner Installer
ProductVersion (#2) 1.00.71
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x18e93aba
Unmarked objects 0
ASM objects (VS2012 build 50727 / VS2005 build 50727) 8
C objects (VS2012 build 50727 / VS2005 build 50727) 90
Imports (40310) 21
Total imports 178
C++ objects (VS2012 build 50727 / VS2005 build 50727) 48
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors