549255fbf51cae1fc07a1579580229bf

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2014-Dec-08 22:44:59
Detected languages English - United States
Debug artifacts C:\src\wix39r2\build\ship\x86\burn.pdb
CompanyName Intel
FileDescription Intel Driver Update Utility
FileVersion 2.2.0.2
InternalName setup
LegalCopyright Copyright (c) Intel. All rights reserved.
OriginalFilename Intel Driver Update Utility Installer.exe
ProductName Intel Driver Update Utility
ProductVersion 2.2.0.2

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
 References the BITS service
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .wixburn
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryExW
 Can access the registry:
  • RegCloseKey
  • RegQueryValueExW
  • RegDeleteValueW
  • RegSetValueExW
  • RegQueryInfoKeyW
  • RegEnumValueW
  • RegEnumKeyExW
  • RegDeleteKeyW
  • RegCreateKeyExW
  • RegOpenKeyExW
 Possibly launches other programs:
  • CreateProcessW
 Uses Microsoft's cryptographic API:
  • CryptDestroyHash
  • CryptHashData
  • CryptCreateHash
  • CryptGetHashParam
  • CryptReleaseContext
  • CryptAcquireContextW
  • CryptHashPublicKeyInfo
  • CryptCATAdminCalcHashFromFileHandle
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
  • CreateFileA
 Has Internet access capabilities:
  • InternetErrorDlg
  • InternetOpenW
  • InternetConnectW
  • InternetCloseHandle
  • InternetReadFile
  • InternetSetOptionW
  • InternetCrackUrlW
 Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
  • CheckTokenMembership
 Interacts with services:
  • ChangeServiceConfigW
  • ControlService
  • OpenSCManagerW
  • OpenServiceW
  • QueryServiceStatus
  • QueryServiceConfigW
 Manipulates other processes:
  • OpenProcess
 Changes object ACLs:
  • SetNamedSecurityInfoW
 Can shut the system down or lock the screen:
  • InitiateSystemShutdownExW
Info The PE is digitally signed. Signer: Intel(R) Driver Update Utility
Issuer: Intel External Basic Issuing CA 3B
Safe VirusTotal score: 0/66 (Scanned on 2017-11-28 13:32:28) All the AVs think this file is safe.

Hashes

MD5 549255fbf51cae1fc07a1579580229bf
SHA1 02323d4bca510174654a3e8923c59a5d54c44e99
SHA256 6a2fb92015b87846547a99e03e78245604b856ab16ef5c5d07787e970bd40ac5
SHA3 62b7d3f46d4f018515a6f76f866b22cdd6f96685875e0a9147ade4a0faea238c
SSDeep 98304:qnwZvyALk9yHVVdENWruK6FsryS+aP6Ly9hudwanG+m9dc5rE:YML9BVj6Sm/M39swjHc5rE
Imports Hash 809e3b79182667679f065b55da95a51e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2014-Dec-08 22:44:59
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 12.0
SizeOfCode 0x43a00
SizeOfInitializedData 0x25600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0002945F (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x45000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x70000
SizeOfHeaders 0x400
Checksum 0x4d8197
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8fb0cabb69e8b935c89b2adab5fcd712
SHA1 22189a89471ec5b8580c887990288d515c0df22e
SHA256 17624aef376a9939b359233a75ec22ad2045e069b613827ff6ec0a56fd3f52af
SHA3 ac0f6e8de6d7dffb63c75290ca86de3d67827e0a77de068f4f6c6e0efc1f218d
VirtualSize 0x43978
VirtualAddress 0x1000
SizeOfRawData 0x43a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.54272

.rdata

MD5 585955f383320238232ef491b0f26a5b
SHA1 053a645b93d28074ac7151b62544e7fc7f9e0fab
SHA256 b3646adcb25a6e99ab123f13473c4634611e1fcd4096e74c45d4ff6b399ff6d0
SHA3 0419a9569eac97a0cae4fe53ec42aa768a7bf9a10149f33148bea834a24d6f0d
VirtualSize 0x1c85a
VirtualAddress 0x45000
SizeOfRawData 0x1ca00
PointerToRawData 0x43e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.9785

.data

MD5 521e3bf37c9bca1475a3c03097a537c9
SHA1 587bb4536f51b294ff433c53edab4bf07522612a
SHA256 e8664030205e329ca5f0e550b5dc40527b08de76dc7e952fba352fbb882fef5d
SHA3 3c3e34e52ce1c40ab822d51ac0aef94d317979b395aba0514ee1da7de6917919
VirtualSize 0x33c0
VirtualAddress 0x62000
SizeOfRawData 0x1400
PointerToRawData 0x60800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.479

.wixburn

MD5 c58fb7290a166efdecc98d54d515f4b8
SHA1 33c6b227ac50acbc351a70cedb42f5c6b17ec068
SHA256 f3cd0992ee9f80f0439d96ceb747de8b4c7ae4def67a02e443567518f24689df
SHA3 eb5a3b1f865513ff68a3e17beefcf8b3254b3e26f2978ced5d2e4ac27cbe2cd3
VirtualSize 0x38
VirtualAddress 0x66000
SizeOfRawData 0x200
PointerToRawData 0x61c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.735162

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x9
VirtualAddress 0x67000
SizeOfRawData 0x200
PointerToRawData 0x61e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 b0ba10ae0bf26ada0b38f3cab7536f9a
SHA1 b86cfdb5b8c9b756321c2bb71cdd918300cb8849
SHA256 5b80122641ffb7220bb1c420274fef9236a9e131fc687f1c28d9c2ae3cc2c399
SHA3 b4e011b447d44eb1d1c3375e8b6bc8f97c20f52cf784106805c4b97ac5a1ba58
VirtualSize 0x37e8
VirtualAddress 0x68000
SizeOfRawData 0x3800
PointerToRawData 0x62000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.47365

.reloc

MD5 162009a884633328727f4fd671c06450
SHA1 fb5b1b33bef0275c3599726efd251203f6ba7c97
SHA256 23d784cb68859e0b03a88ffa56a47071e14ec3746af596598f5596783981538a
SHA3 212362e2207ecb2045db8c5b26d455eab5592162682ec248ede9f5d5760c7326
VirtualSize 0x3b3c
VirtualAddress 0x6c000
SizeOfRawData 0x3c00
PointerToRawData 0x65800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.76008

Imports

ADVAPI32.dll OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
QueryServiceConfigW
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
USER32.dll GetMessageW
PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
TranslateMessage
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
MessageBoxW
GetCursorPos
GetWindowLongW
SetWindowLongW
DispatchMessageW
LoadCursorW
IsDialogMessageW
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MsgWaitForMultipleObjects
LoadBitmapW
OLEAUT32.dll #2
#6
#8
#9
GDI32.dll SelectObject
DeleteObject
GetObjectW
StretchBlt
CreateCompatibleDC
DeleteDC
SHELL32.dll ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
ole32.dll CoInitializeEx
CoUninitialize
CoInitializeSecurity
CLSIDFromProgID
CoInitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2
KERNEL32.dll VerSetConditionMask
FreeLibrary
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
lstrlenW
GetModuleHandleExW
GetSystemDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
CompareStringW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ExpandEnvironmentStringsW
GetFileAttributesW
ReadFile
SetFilePointerEx
CreateFileW
CreateProcessW
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
LoadLibraryW
lstrlenA
RemoveDirectoryW
CreateEventW
GetCurrentProcessId
ProcessIdToSessionId
LocalFree
OpenProcess
GetProcessId
WaitForSingleObject
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
GetVersionExW
SetFileAttributesW
FindFirstFileW
FindNextFileW
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CompareStringA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
GetLastError
GetCurrentThreadId
VirtualFree
VirtualAlloc
MoveFileExW
CopyFileW
DeleteFileW
GetFileSizeEx
GlobalFree
GlobalAlloc
GetModuleHandleA
GetCurrentProcess
HeapSetInformation
GetFullPathNameW
CreateDirectoryW
TlsAlloc
CloseHandle
Sleep
ReleaseMutex
DeleteCriticalSection
FindClose
InitializeCriticalSection
TerminateProcess
InitializeCriticalSectionAndSpinCount
GetTempFileNameW
FormatMessageW
GetLocalTime
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
HeapSize
HeapReAlloc
GetConsoleMode
GetConsoleCP
OutputDebugStringW
RtlUnwind
LoadLibraryExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
HeapFree
RaiseException
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
Cabinet.dll #20
#23
#22
CRYPT32.dll CertGetCertificateContextProperty
CryptHashPublicKeyInfo
msi.dll #238
#111
#173
#45
#205
#90
#141
#169
#70
#88
#190
#171
#118
#115
#125
#17
#137
#116
#8
RPCRT4.dll UuidCreate
WININET.dll InternetErrorDlg
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetCrackUrlW
WINTRUST.dll WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
VERSION.dll GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
SHLWAPI.dll PathCanonicalizeW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.27817
MD5 dd74ac90d0252284f1ce309880b60a82
SHA1 add64a2bb1668d419438ce849b4dee87ec84267f
SHA256 9e3bdf1cc1dcfd284924c25050c51cca0412ec699da8dc2046e6f76096bce5ee
SHA3 1d44a4f6d410b654acadbadd50c6e757bbf9802e022d732bcbdf1c1fb6cdfa63

1 (#2)

Type RT_MESSAGETABLE
Language English - United States
Codepage Latin 1 / Western European
Size 0x259c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07118
MD5 4ebaf3030be392d8239ae1b319f45759
SHA1 a61f07baf1c5503b3ad9211f72b0dc70ff60cd76
SHA256 463ae5a9c5f800c7e192677ea7310ebb9f40efb7adf1819cf8815e279b4e0ea6
SHA3 4fb3479faa6e57ec16c4370357f519c5f5601b8f544e80a139dc50676fb76596

1 (#3)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.81924
Detected Filetype Icon file
MD5 cbee427fa121aba9b9b265ff05de5383
SHA1 24fcae33001c8e0f5ec795c6edf076a69d59589f
SHA256 494e4fd717fa1ee0c5c7bb3b4e28fdab4b7f6e95b4f9865f5ab86f03f62ae62c
SHA3 a3fa35d56632275ba55716a4964f02031270f61f06a903fc460ac2dd6bebde85

1 (#4)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x344
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30086
MD5 5392ef3ae27977f969189af5ade75f33
SHA1 fdc7c69ac45160fad04ad82c67f57b986f0d0afe
SHA256 df9ed7000661562ac0ad3bf0c7095a25d1aa6d9e11c6f08339d4f0d08cc90bd0
SHA3 7a483b1b9c4c607c054a3208911a0f2a25f8d3095ddcfc166a02e4509b25192a

1 (#5)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x4d2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.30829
MD5 8ff25bb3faceb412f946beb4d4b70aba
SHA1 e77a0a3c8dcda8fca1bf8032ced5c633bd13695b
SHA256 409b7a72f95793e29fe6b03ef2c28effbc5b80ffe57fb7a974439022cc7a0e75
SHA3 3fe08b5bceae3a00c5e5c93835e5efd035482c03a6c9aae3749b8dba22bacd0b

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.2.0.2
ProductVersion 2.2.0.2
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Intel
FileDescription Intel Driver Update Utility
FileVersion (#2) 2.2.0.2
InternalName setup
LegalCopyright Copyright (c) Intel. All rights reserved.
OriginalFilename Intel Driver Update Utility Installer.exe
ProductName Intel Driver Update Utility
ProductVersion (#2) 2.2.0.2
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2014-Dec-08 22:44:59
Version 0.0
SizeofData 63
AddressOfRawData 0x5f840
PointerToRawData 0x5e640
Referenced File C:\src\wix39r2\build\ship\x86\burn.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2014-Dec-08 22:44:59
Version 0.0
SizeofData 20
AddressOfRawData 0x5f880
PointerToRawData 0x5e680

TLS Callbacks

StartAddressOfRawData 0x467000
EndAddressOfRawData 0x467008
AddressOfIndex 0x4632b0
AddressOfCallbacks 0x4454d4
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x462000
SEHandlerTable 0x45fb60
SEHandlerCount 3

RICH Header

XOR Key 0x2b39d818
Unmarked objects 0
C++ objects (20806) 39
ASM objects (20806) 19
C objects (20806) 121
C objects (VS2008 SP1 build 30729) 5
Imports (VS2008 SP1 build 30729) 31
Total imports 326
C++ objects (VS2013 build 21005) 74
Resource objects (VS2013 build 21005) 1
151 2
Linker (VS2013 build 21005) 1

Errors

<-- -->