549255fbf51cae1fc07a1579580229bf

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2014-Dec-08 22:44:59
Detected languages English - United States
Debug artifacts C:\src\wix39r2\build\ship\x86\burn.pdb
CompanyName Intel
FileDescription Intel Driver Update Utility
FileVersion 2.2.0.2
InternalName setup
LegalCopyright Copyright (c) Intel. All rights reserved.
OriginalFilename Intel Driver Update Utility Installer.exe
ProductName Intel Driver Update Utility
ProductVersion 2.2.0.2

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
References the BITS service.:
  • 0d 4c e3 5c c9 0d 1f 4c 89 7c da a1 b7 8c ee 7c
  • 4b d3 91 49 a1 80 91 42 83 b6 33 28 36 6b 90 97
  • c7 99 ea 97 86 01 d4 4a 8d f9 c5 b4 e0 ed 6b 22
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .wixburn
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryExW
Possibly launches other programs:
  • CreateProcessW
Uses Microsoft's cryptographic API:
  • CryptDestroyHash
  • CryptHashData
  • CryptCreateHash
  • CryptGetHashParam
  • CryptReleaseContext
  • CryptAcquireContextW
  • CryptHashPublicKeyInfo
  • CryptCATAdminCalcHashFromFileHandle
Can create temporary files:
  • GetTempPathW
  • CreateFileW
  • CreateFileA
Has Internet access capabilities:
  • InternetErrorDlg
  • InternetOpenW
  • InternetConnectW
  • InternetCloseHandle
  • InternetReadFile
  • InternetSetOptionW
  • InternetCrackUrlW
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
  • CheckTokenMembership
Interacts with services:
  • ChangeServiceConfigW
  • ControlService
  • OpenSCManagerW
  • OpenServiceW
  • QueryServiceStatus
  • QueryServiceConfigW
Manipulates other processes:
  • OpenProcess
Changes object ACLs:
  • SetNamedSecurityInfoW
Can shut the system down or lock the screen:
  • InitiateSystemShutdownExW
Info The PE is digitally signed. Signer: Intel(R) Driver Update Utility.
Issuer: Intel External Basic Issuing CA 3B.
Safe VirusTotal score: 0/66 (Scanned on 2017-11-28 13:32:28) All the AVs think this file is safe.

Hashes

MD5 549255fbf51cae1fc07a1579580229bf
SHA1 02323d4bca510174654a3e8923c59a5d54c44e99
SHA256 6a2fb92015b87846547a99e03e78245604b856ab16ef5c5d07787e970bd40ac5
SHA3 03d2ee450d2a0f31a390ceb387abb6fb518f12284db4f1f3ad4b936bde0a59c2
SSDeep 98304:qnwZvyALk9yHVVdENWruK6FsryS+aP6Ly9hudwanG+m9dc5rE:YML9BVj6Sm/M39swjHc5rE
Imports Hash 809e3b79182667679f065b55da95a51e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2014-Dec-08 22:44:59
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 12.0
SizeOfCode 0x43a00
SizeOfInitializedData 0x25600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0002945F (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x45000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x70000
SizeOfHeaders 0x400
Checksum 0x4d8197
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8fb0cabb69e8b935c89b2adab5fcd712
SHA1 22189a89471ec5b8580c887990288d515c0df22e
SHA256 17624aef376a9939b359233a75ec22ad2045e069b613827ff6ec0a56fd3f52af
SHA3 5eb1e549ce86f26464c491b33d14d1dcb2bb5cc2811e0f52c76300aceec2a8a6
VirtualSize 0x43978
VirtualAddress 0x1000
SizeOfRawData 0x43a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.54272

.rdata

MD5 585955f383320238232ef491b0f26a5b
SHA1 053a645b93d28074ac7151b62544e7fc7f9e0fab
SHA256 b3646adcb25a6e99ab123f13473c4634611e1fcd4096e74c45d4ff6b399ff6d0
SHA3 743c4607322965d72f32af77b6982a49d9f6a421f69a9e3d190cc99b97ca24da
VirtualSize 0x1c85a
VirtualAddress 0x45000
SizeOfRawData 0x1ca00
PointerToRawData 0x43e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.9785

.data

MD5 521e3bf37c9bca1475a3c03097a537c9
SHA1 587bb4536f51b294ff433c53edab4bf07522612a
SHA256 e8664030205e329ca5f0e550b5dc40527b08de76dc7e952fba352fbb882fef5d
SHA3 9b6c67312cd3c100fe91b3c16209c733b6cbabc20e1d1bb08f09d76934de48c2
VirtualSize 0x33c0
VirtualAddress 0x62000
SizeOfRawData 0x1400
PointerToRawData 0x60800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.479

.wixburn

MD5 c58fb7290a166efdecc98d54d515f4b8
SHA1 33c6b227ac50acbc351a70cedb42f5c6b17ec068
SHA256 f3cd0992ee9f80f0439d96ceb747de8b4c7ae4def67a02e443567518f24689df
SHA3 82b09fd1f062db3363514a782a7e4694c95db134095ddbf704773e3748ff4cdc
VirtualSize 0x38
VirtualAddress 0x66000
SizeOfRawData 0x200
PointerToRawData 0x61c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.735162

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 d5c44f659751a819616c58c9efe38e80f2b84cf621036da99c019bbe4f1fb647
VirtualSize 0x9
VirtualAddress 0x67000
SizeOfRawData 0x200
PointerToRawData 0x61e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 b0ba10ae0bf26ada0b38f3cab7536f9a
SHA1 b86cfdb5b8c9b756321c2bb71cdd918300cb8849
SHA256 5b80122641ffb7220bb1c420274fef9236a9e131fc687f1c28d9c2ae3cc2c399
SHA3 34b194611e36a14ddf16c659957b52ffc91f226b762fab7061511d79bfd0dfa7
VirtualSize 0x37e8
VirtualAddress 0x68000
SizeOfRawData 0x3800
PointerToRawData 0x62000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.47365

.reloc

MD5 162009a884633328727f4fd671c06450
SHA1 fb5b1b33bef0275c3599726efd251203f6ba7c97
SHA256 23d784cb68859e0b03a88ffa56a47071e14ec3746af596598f5596783981538a
SHA3 9cc463b0d11dc18845c60b70faebefddf1dac2e6bc25ab5035591bd30388823d
VirtualSize 0x3b3c
VirtualAddress 0x6c000
SizeOfRawData 0x3c00
PointerToRawData 0x65800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.76008

Imports

ADVAPI32.dll OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
QueryServiceConfigW
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
USER32.dll GetMessageW
PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
TranslateMessage
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
MessageBoxW
GetCursorPos
GetWindowLongW
SetWindowLongW
DispatchMessageW
LoadCursorW
IsDialogMessageW
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MsgWaitForMultipleObjects
LoadBitmapW
OLEAUT32.dll #2
#6
#8
#9
GDI32.dll SelectObject
DeleteObject
GetObjectW
StretchBlt
CreateCompatibleDC
DeleteDC
SHELL32.dll ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
ole32.dll CoInitializeEx
CoUninitialize
CoInitializeSecurity
CLSIDFromProgID
CoInitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2
KERNEL32.dll VerSetConditionMask
FreeLibrary
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
lstrlenW
GetModuleHandleExW
GetSystemDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
CompareStringW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ExpandEnvironmentStringsW
GetFileAttributesW
ReadFile
SetFilePointerEx
CreateFileW
CreateProcessW
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
LoadLibraryW
lstrlenA
RemoveDirectoryW
CreateEventW
GetCurrentProcessId
ProcessIdToSessionId
LocalFree
OpenProcess
GetProcessId
WaitForSingleObject
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
GetVersionExW
SetFileAttributesW
FindFirstFileW
FindNextFileW
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CompareStringA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
GetLastError
GetCurrentThreadId
VirtualFree
VirtualAlloc
MoveFileExW
CopyFileW
DeleteFileW
GetFileSizeEx
GlobalFree
GlobalAlloc
GetModuleHandleA
GetCurrentProcess
HeapSetInformation
GetFullPathNameW
CreateDirectoryW
TlsAlloc
CloseHandle
Sleep
ReleaseMutex
DeleteCriticalSection
FindClose
InitializeCriticalSection
TerminateProcess
InitializeCriticalSectionAndSpinCount
GetTempFileNameW
FormatMessageW
GetLocalTime
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
HeapSize
HeapReAlloc
GetConsoleMode
GetConsoleCP
OutputDebugStringW
RtlUnwind
LoadLibraryExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
HeapFree
RaiseException
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
Cabinet.dll #20
#23
#22
CRYPT32.dll CertGetCertificateContextProperty
CryptHashPublicKeyInfo
msi.dll #238
#111
#173
#45
#205
#90
#141
#169
#70
#88
#190
#171
#118
#115
#125
#17
#137
#116
#8
RPCRT4.dll UuidCreate
WININET.dll InternetErrorDlg
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetCrackUrlW
WINTRUST.dll WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
VERSION.dll GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
SHLWAPI.dll PathCanonicalizeW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
Entropy 4.27817
MD5 dd74ac90d0252284f1ce309880b60a82
SHA1 add64a2bb1668d419438ce849b4dee87ec84267f
SHA256 9e3bdf1cc1dcfd284924c25050c51cca0412ec699da8dc2046e6f76096bce5ee
SHA3 7328cb70ad4df35fbe8c02c081f8aaef21484bdff7d3f1e3ac968acf340a5da7

1 (#2)

Type RT_MESSAGETABLE
Language English - United States
Codepage Latin 1 / Western European
Size 0x259c
Entropy 5.07118
MD5 4ebaf3030be392d8239ae1b319f45759
SHA1 a61f07baf1c5503b3ad9211f72b0dc70ff60cd76
SHA256 463ae5a9c5f800c7e192677ea7310ebb9f40efb7adf1819cf8815e279b4e0ea6
SHA3 2ee9c54ebf4cf9c1415b3dafc4e3d1009929be1cdc45f24bb722516b36a7a704

1 (#3)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
Entropy 1.81924
Detected Filetype Icon file
MD5 cbee427fa121aba9b9b265ff05de5383
SHA1 24fcae33001c8e0f5ec795c6edf076a69d59589f
SHA256 494e4fd717fa1ee0c5c7bb3b4e28fdab4b7f6e95b4f9865f5ab86f03f62ae62c
SHA3 0dedec4905e83f946617924ce33e2651c5f8fbc2463fea33077526f38a40dae4

1 (#4)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x344
Entropy 3.30086
MD5 5392ef3ae27977f969189af5ade75f33
SHA1 fdc7c69ac45160fad04ad82c67f57b986f0d0afe
SHA256 df9ed7000661562ac0ad3bf0c7095a25d1aa6d9e11c6f08339d4f0d08cc90bd0
SHA3 1f89427d832de8cfd8d70d9049da0cbc0e9bb194d8e9c3413536a4576e52a95e

1 (#5)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x4d2
Entropy 5.30829
MD5 8ff25bb3faceb412f946beb4d4b70aba
SHA1 e77a0a3c8dcda8fca1bf8032ced5c633bd13695b
SHA256 409b7a72f95793e29fe6b03ef2c28effbc5b80ffe57fb7a974439022cc7a0e75
SHA3 82df5653723f3d5e9f613fb8fa0ae98b1b4861d79e061d3cfeacbc149d105404

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.2.0.2
ProductVersion 2.2.0.2
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Intel
FileDescription Intel Driver Update Utility
FileVersion (#2) 2.2.0.2
InternalName setup
LegalCopyright Copyright (c) Intel. All rights reserved.
OriginalFilename Intel Driver Update Utility Installer.exe
ProductName Intel Driver Update Utility
ProductVersion (#2) 2.2.0.2
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2014-Dec-08 22:44:59
Version 0.0
SizeofData 63
AddressOfRawData 0x5f840
PointerToRawData 0x5e640
Referenced File C:\src\wix39r2\build\ship\x86\burn.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2014-Dec-08 22:44:59
Version 0.0
SizeofData 20
AddressOfRawData 0x5f880
PointerToRawData 0x5e680

TLS Callbacks

StartAddressOfRawData 0x467000
EndAddressOfRawData 0x467008
AddressOfIndex 0x4632b0
AddressOfCallbacks 0x4454d4
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x462000
SEHandlerTable 0x45fb60
SEHandlerCount 3

RICH Header

XOR Key 0x2b39d818
Unmarked objects 0
C++ objects (20806) 39
ASM objects (20806) 19
C objects (20806) 121
C objects (VS2008 SP1 build 30729) 5
Imports (VS2008 SP1 build 30729) 31
Total imports 326
C++ objects (VS2013 build 21005) 74
Resource objects (VS2013 build 21005) 1
151 2
Linker (VS2013 build 21005) 1

Errors