Manalyze report for 43e89724bb8934402dabb6990f2c64ca

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Oct-01 09:06:16
Detected languages	English - United States
FileDescription	INF Scanner Installer
FileVersion	`1.00.71`
InternalName	wiainst
Comments	Developed by Dmitry E. Smirnov
OriginalFilename	wiainst.exe
ProductName	INF Scanner Installer
ProductVersion	`1.00.71`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegOpenKeyExA RegEnumKeyExA RegDeleteKeyExA RegDeleteValueA RegEnumValueA RegDeleteKeyA RegSetValueExA RegCreateKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileA GetTempPathA`
Info	The PE is digitally signed.	`Signer: Samsung Electronics CO.` `Issuer: VeriSign Class 3 Code Signing 2004 CA`
Safe	VirusTotal score: 0/66 (Scanned on 2017-12-27 17:14:25)	`All the AVs think this file is safe.`

Hashes

MD5	`43e89724bb8934402dabb6990f2c64ca`
SHA1	`6fee9a7e780e1f60bceaf05f5b02f64922fd18de`
SHA256	`6d67337e9e228fe4b2c5f58fcc5077afae63124d1de06299be746547b22ce03c`
SHA3	`898a953e133d777baa4a6c611231c73a0587b9f337021fbcf69822aa86d06eab`
SSDeep	`3072:8D1/1VGmDTNPrrsg5O+XM2sIi/YSnizx6WLUftzogDJpBNLMX2gJ5g:8D13nTlVcVIVSnUx6WLItzBqX2Ug`
Imports Hash	`26ecacb6f3ea176c561b2927e822adc0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2010-Oct-01 09:06:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0x15e00`
SizeOfInitializedData	`0xb400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000A160 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x26000`
SizeOfHeaders	`0x400`
Checksum	`0x293cf`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`494013b1d51fcc1bad29741d9ca2c34e`
SHA1	`a3cba25e39af64e89ac9590b2fb74bf6b5b03f8a`
SHA256	`b793f86e6fcacbe5e41c7b331c322d2f6aeea8b25622c51dd2f5ea3ec75d1edc`
SHA3	`ece9a4e4b4395aa26abb7cb7301460926f3d6e0ad6d571ca7b7168b1837cc063`
VirtualSize	`0x15caa`
VirtualAddress	`0x1000`
SizeOfRawData	`0x15e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.24188`

.rdata

MD5	`d3b754e10061853d2234bfa089c65e93`
SHA1	`3f91998a4b23616f8ac4dab0c730be9e050565b9`
SHA256	`6b5065c17df31ddb8bd6fdd7b3bc17ba4a2610c44b57d6039325531677c22499`
SHA3	`f0c8aa10e8a584761972c91a94726e53cbac8a88665b4f20029bbb3975a44213`
VirtualSize	`0x7ae2`
VirtualAddress	`0x17000`
SizeOfRawData	`0x7c00`
PointerToRawData	`0x16200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.43021`

.data

MD5	`0a8d1c10e549704c3c83525ec4f6bc49`
SHA1	`24ea0d552d19937516e7a4ce04e106ae8724d5f0`
SHA256	`e61424997bdaf5c341f9016cdba63682d73998c247130b335bd872c8e71a6995`
SHA3	`7fd3afd8b7947c36126804d9832bddb4651cbfa55a8698cc02eb596ed8c76ed6`
VirtualSize	`0x38f8`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x1de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.362`

.pdata

MD5	`d98080fa9f4d14c7ab8ef53d6162feaf`
SHA1	`a646875b7b58eb49536bc23b0aad1ff0155e7373`
SHA256	`a0626531f8156a1eb3797fb145d2da6785c730460e48163657531dc396e51359`
SHA3	`65d7538f4146cc7d42c8f804aa5d4a8035c6883a67e52d7a31789dcddab1afcd`
VirtualSize	`0x13ec`
VirtualAddress	`0x23000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x1f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.14978`

.rsrc

MD5	`a392668837ea671377c123e3071e5dab`
SHA1	`9ae29147fd8425ba5a4f5e5ad3fb485a4fcf00b2`
SHA256	`93cb981f3909f3b0405f957bc58238fee9ee0dcf4bdb4990b2787089de51e828`
SHA3	`04ae6bfa6f51d4c0b872ed1e328e448bc22366b84bafaad85bd689bff22b3e03`
VirtualSize	`0xb9c`
VirtualAddress	`0x25000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x20a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.37729`

Imports

VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA`
SETUPAPI.dll	`SetupCloseInfFile` `SetupGetStringFieldA` `SetupFindFirstLineA` `SetupGetLineByIndexA` `SetupGetIntField` `SetupGetLineCountA` `SetupGetSourceInfoA` `SetupGetSourceFileLocationA` `SetupSetDirectoryIdA` `SetupOpenAppendInfFileA` `SetupOpenInfFileA` `SetupCloseFileQueue` `SetupInstallFromInfSectionA` `SetupInstallServicesFromInfSectionA` `SetupTermDefaultQueueCallback` `SetupDiGetClassDevsA` `SetupDiEnumDeviceInfo` `SetupDiGetDeviceRegistryPropertyA` `SetupDiGetINFClassA` `SetupDiCreateDeviceInfoList` `SetupDiCreateDeviceInfoA` `SetupDiSetDeviceRegistryPropertyA` `SetupDiCallClassInstaller` `SetupDiRemoveDevice` `SetupDiDestroyDeviceInfoList` `SetupOpenFileQueue` `SetupInstallFilesFromInfSectionA` `SetupScanFileQueueA` `SetupInitDefaultQueueCallbackEx` `SetupDefaultQueueCallbackA` `SetupCommitFileQueueA`
COMCTL32.dll	`#17`
KERNEL32.dll	`InitializeCriticalSection` `HeapSize` `GetLocaleInfoA` `EnterCriticalSection` `HeapReAlloc` `GetStringTypeW` `GetStringTypeA` `LCMapStringW` `LCMapStringA` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetTickCount` `QueryPerformanceCounter` `HeapCreate` `LeaveCriticalSection` `lstrcpyA` `GetVersionExA` `lstrlenA` `CreateFileA` `GetTempPathA` `CloseHandle` `FormatMessageA` `WriteFile` `GetLastError` `GetTimeFormatA` `GetLocalTime` `CreateDirectoryA` `GetFileAttributesA` `ReadFile` `LoadLibraryA` `DeleteFileA` `FreeLibrary` `GetModuleFileNameA` `RemoveDirectoryA` `FindClose` `FindNextFileA` `FindFirstFileA` `lstrcmpiA` `lstrcatA` `GetFullPathNameA` `CreateProcessA` `LocalFree` `GetCurrentProcess` `WaitForSingleObject` `LocalAlloc` `Sleep` `GetShortPathNameA` `CompareFileTime` `GetFileTime` `GetWindowsDirectoryA` `GetSystemDirectoryA` `WritePrivateProfileSectionA` `GetPrivateProfileSectionA` `SetFileAttributesA` `MultiByteToWideChar` `CopyFileA` `GetModuleHandleA` `HeapSetInformation` `DeleteCriticalSection` `GetFileType` `SetHandleCount` `GetEnvironmentStringsW` `WideCharToMultiByte` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `SetFilePointer` `SetStdHandle` `GetConsoleCP` `GetConsoleMode` `WriteConsoleW` `FlushFileBuffers` `WriteConsoleA` `GetConsoleOutputCP` `GetProcAddress` `FreeEnvironmentStringsA` `GetStdHandle` `ExitProcess` `RtlPcToFileHeader` `RaiseException` `FlsAlloc` `GetCurrentThreadId` `SetLastError` `RtlLookupFunctionEntry` `RtlUnwindEx` `GetCommandLineA` `HeapFree` `HeapAlloc` `GetProcessHeap` `GetStartupInfoA` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlCaptureContext` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `FlsGetValue` `FlsSetValue` `TlsFree` `FlsFree`
USER32.dll	`LoadStringA` `wsprintfA` `MessageBoxA` `wvsprintfA`
WINSPOOL.DRV	`GetPrinterDriverDirectoryA` `GetPrintProcessorDirectoryA`
ADVAPI32.dll	`RegOpenKeyExA` `ChangeServiceConfig2A` `RegEnumKeyExA` `GetLengthSid` `RegDeleteKeyExA` `RegDeleteValueA` `RegEnumValueA` `RegDeleteKeyA` `RegSetValueExA` `RegCreateKeyExA` `RegQueryValueExA` `RegCloseKey`
SHELL32.dll	`SHFileOperationA` `SHGetFolderPathA`
ole32.dll	`CoInitializeEx` `CoCreateInstance` `CoUninitialize`
OLEAUT32.dll	`#2` `#6`

Delayed Imports

1

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30143`
MD5	`d51219e0e2e5bcc97c4b0401c90bb7cd`
SHA1	`0ce51f7e97c269341b323461c07db3c5045592e8`
SHA256	`0301bedff1b269ebb5cfe3408d9dba2d618d71e9341e56650f68401b11e3cb22`
SHA3	`9fc63271848a6e6c9cfb80bf22e4574cc819012fe377f045405c31020435e1a6`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29872`
MD5	`cd0afc841bdcf37b5fa1d1701bd4f087`
SHA1	`a570410b356b55df003b71fe48fba23a6bbff61b`
SHA256	`261502ede62da7b8f4ea325e5a84833f48baf80d3f8324ca101dcb0d1da877ae`
SHA3	`fc2975acb3e2ab1b074759d3dc5c7802a1759fee185a4376e924405b8bb1a9a0`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x34f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10107`
MD5	`32a3f3a5f5b41e77110d184d585dc761`
SHA1	`318438288a377bad1a8372f1fea29874b09b1a1d`
SHA256	`3ae66578799083bc2bab9a6d19a578bce5551ced40442ed610a7d7418164a795`
SHA3	`4271b7e43f63585d5cdc3edfa3301f4f0551b14938dddbfbf58cc91d547c320e`

String Table contents

Program usage:
>wiainst.exe [/h] [/?]
>wiainst.exe InfPath [/iN] [/mManufacturer] [/w]
>wiainst.exe /uScannerName [/mManufacturer] [/p]

InfPath - INF filename (with path if needed)
/mManufacturer - manufacturer
/iN - index of scanner in INF file
/w - overwrite files
/d - delayed file copying (WinNT+)
/x - non-device installation (USD driver)
/r - restart STI service
/lLanguage - current language suffix
/uScannerName - uninstall scanner
/p - remove pre-installed files
/h, /? - show syntax

Please refer to LOG file created:

INF Scanner Installer - version

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.71.0
ProductVersion	1.0.71.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	INF Scanner Installer
FileVersion (#2)	1.00.71
InternalName	wiainst
Comments	Developed by Dmitry E. Smirnov
OriginalFilename	wiainst.exe
ProductName	INF Scanner Installer
ProductVersion (#2)	1.00.71

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x18e93aba`
Unmarked objects	`0`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`8`
C objects (VS2012 build 50727 / VS2005 build 50727)	`90`
Imports (40310)	`21`
Total imports	`178`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`48`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

43e89724bb8934402dabb6990f2c64ca

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

Imports

Delayed Imports

1

1 (#2)

1 (#3)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors