Manalyze report for 5753a7bd21cfc9d7cd01de28361a3191020135f21f9621faf8d94bc7f1f57ad7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Dec-23 12:09:51
Detected languages	English - United States
Debug artifacts	E:\Agent\_work\38\s\0\Shell\Components\Update\App.UpdateInstaller\WinFinal\UpdateInstaller.pdb
CompanyName	ABBYY Production LLC.
FileDescription	ABBYY updates installer
FileVersion	`15.0.112.2130`
InternalName	UpdateInstaller
LegalCopyright	ÃÂ© 2015 ABBYY Production LLC.
LegalTrademarks	ABBYY, the ABBYY logo are either registered trademarks or trademarks of ABBYY Software Ltd.
OriginalFilename	UpdateInstaller.exe
ProductName	ABBYY FineReader
ProductVersion	`15.0.112.2130`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Malicious	The PE contains functions mostly used by malware.	`Possibly launches other programs: CreateProcessW` `Functions related to the privilege level: OpenProcessToken`
Info	The PE is digitally signed.	`Signer: ABBYY Production LLC` `Issuer: GlobalSign CodeSigning CA - G3`
Safe	VirusTotal score: 0/72 (Scanned on 2025-03-11 05:07:44)	`All the AVs think this file is safe.`

Hashes

MD5	`4a0d73615f3bdf0e90d9c0fdd5bc9712`
SHA1	`92e868ab1f0180b19bcda302bcdc9e5bcd62535e`
SHA256	`5753a7bd21cfc9d7cd01de28361a3191020135f21f9621faf8d94bc7f1f57ad7`
SHA3	`4a707b19d183d6b20189293dd0ffec7aeca72d765062316d1f333293aa4423b9`
SSDeep	`1536:jLObSVTwkjh/YIzJpG0q1uqypgLkByH/jzMB9/7dmoLpQoT605:zB++JNq1uqypskBS/jzMB9/xdLGf05`
Imports Hash	`145098977e9cda3271c28c90db13534b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2019-Dec-23 12:09:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x8800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003913 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x18000`
SizeOfHeaders	`0x400`
Checksum	`0x208ab`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fc002625695249814855bfe46ff61f1d`
SHA1	`4a4c5515692a24894a1a4aff860fb9d1d853f4f4`
SHA256	`8fc49e2f2f068b08964c68af0fa9f1ffc46cd62f39833a1e6326256e63351065`
SHA3	`0d06010446a7ef435127513be7594b0b130076531d17e23937f7890c4f3c68d3`
VirtualSize	`0x9f2b`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.07791`

.rdata

MD5	`8c8ffc42036b698a618fcdf1b2f51176`
SHA1	`2624fcb74ada2e567942a1b47a949ddf0a4ff351`
SHA256	`87620e5fb8992be629213552b6ecc68bc8fc121833b1b52b5a33a3cdd33c469a`
SHA3	`ac115c133ba38de38914609121b94838cdaab43467adddc4532f3e3e639f6cdb`
VirtualSize	`0x5878`
VirtualAddress	`0xb000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0336`

.data

MD5	`339150b54146689e6030ebe4d19e5598`
SHA1	`9f3d6ff8d244479202f89e99d6396354030c466f`
SHA256	`feae9cf16e43b701a7eabdccd91473e5629c355f99fcfda463e8808930511447`
SHA3	`cd4efbe56fb6f335bdb971cc5149cec60ed223e28b8ec4e1ad406c27c5228f97`
VirtualSize	`0x91c`
VirtualAddress	`0x11000`
SizeOfRawData	`0x400`
PointerToRawData	`0xfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.24948`

.gfids

MD5	`2c93d61030980f5fa308a03ac86a18ce`
SHA1	`5a1558cd4a61d0ccaaf9f713885696b285dc2438`
SHA256	`56a9733760aabbdaf708ca47763ef1ad9afc1590b2fcc7fcf3f8b639b7a79771`
SHA3	`833b1b4fa9d74584993b446637fcd376c567047f572e6bf6e93e968c466f5452`
VirtualSize	`0x2c`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.214733`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x13000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`04e09ff2d50f19d16fb95c5676ae7d8a`
SHA1	`bd8ac000a1f347eadde3d544961c057f0aca0b86`
SHA256	`f9d24b0ca29c6cc78c26d0214c105163fd9d44f1cac49a12b6fbc3f9c13b466a`
SHA3	`748120f513bf2098994e5b52eabd501c4d18edb490217fb733073c6063fbbbb0`
VirtualSize	`0x1140`
VirtualAddress	`0x14000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x10600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.08127`

.reloc

MD5	`4103ddbd70a09a61557713df5d3806b1`
SHA1	`02e0e3cac8c6cbdad8780cb5bad9cb48e9ebf86b`
SHA256	`a5bafbd740a453761e89fc8afd165b9b3d5482761e4b86f4108327f64cfa3b09`
SHA3	`54c1e3a448b414c66e93e29871f10754ba3b3902085553895e7c82d5fc774663`
VirtualSize	`0x1368`
VirtualAddress	`0x16000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x11800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67235`

Imports

KERNEL32.dll	`InterlockedDecrement` `ResetEvent` `InterlockedIncrement` `GetCommandLineW` `OutputDebugStringW` `Sleep` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `GetExitCodeThread` `CreateThread` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `GetProcAddress` `TerminateProcess` `GetCurrentProcess` `IsProcessorFeaturePresent` `GetStartupInfoW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `CreateProcessW` `CloseHandle` `ReleaseMutex` `WaitForSingleObject` `GetLastError` `CreateMutexW` `GetModuleHandleW` `SetConsoleCtrlHandler` `CreateEventW` `WaitForSingleObjectEx` `SetEvent`
USER32.dll	`PostQuitMessage`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateGuid`
FineObj.dll	`??1CUnicodeString@FObj@@QAE@XZ` `??0CUnicodeString@FObj@@QAE@XZ` `??0CCommandLine@FObj@@QAE@XZ` `??1CCommandLine@FObj@@QAE@XZ` `?Parse@CCommandLine@FObj@@QAEXPB_W@Z` `?ArgumentCount@CCommandLine@FObj@@QBEHXZ` `?MessageBoxW@FObj@@YAHPB_WH@Z` `?GetKeyValue@CCommandLine@FObj@@QBE_NABVCUnicodeString@2@AAV32@@Z` `??0CUnicodeString@FObj@@QAE@PB_W@Z` `?GenerateInternalError@FObj@@YA_NW4TInternalErrorType@1@PB_W11HK@Z` `?Initialize@FObj@@YA_NPB_W0@Z` `??BCUnicodeString@FObj@@QBEPB_WXZ` `?Ptr@CUnicodeString@FObj@@QBEPB_WXZ` `?Clean@FObj@@YAXXZ` `?Warning@FObj@@YAXPBVCException@1@@Z` `?Delete@CException@FObj@@QAEXXZ` `?GenerateCheckHRESULT@FObj@@YAXJ@Z` `?ThrowMemoryException@FObj@@YAXXZ` `?AddResourcePrefix@FObj@@YAXPB_W0@Z` `?HasKey@CCommandLine@FObj@@QBE_NABVCUnicodeString@2@@Z` `?Value@CUnicodeString@FObj@@QBE_NAAHH@Z` `?DoCreateObject@FObj@@YA?AV?$CPtr@VIObject@FObj@@@1@ABVCUnicodeString@1@@Z` `?SetAppTitle@FObj@@YAXABVCUnicodeString@1@@Z` `?GetCurrentMessageHandler@FObj@@YAPAVCMessageHandler@1@XZ` `??0CMessageHandlerSwitcher@FObj@@QAE@PAVCMessageHandler@1@_N1@Z` `??1CMessageHandlerSwitcher@FObj@@QAE@XZ` `?ERR_BAD_TEXT_FILE@FObj@@3VCError@1@A` `?DetectFileEncoding@FObj@@YAIAAVCBaseFile@1@I@Z` `?ReadRecord@CBaseFile@FObj@@QAEXPAXH@Z` `?GetLength32@CBaseFile@FObj@@QBEHXZ` `?SetLength32@CBaseFile@FObj@@QAEXH@Z` `?GetPosition32@CBaseFile@FObj@@QBEHXZ` `?ReleaseBuffer@CUnicodeString@FObj@@QAEXH@Z` `?GetBuffer@CUnicodeString@FObj@@QAEPA_WH@Z` `?Mid@CUnicodeString@FObj@@QBE?AV12@HH@Z` `??ACUnicodeString@FObj@@QBE_WH@Z` `?ReleaseBuffer@CString@FObj@@QAEXH@Z` `?GetBuffer@CString@FObj@@QAEPADH@Z` `?CreateUnicodeString@CString@FObj@@QBE?AVCUnicodeString@2@I@Z` `??0CString@FObj@@QAE@XZ` `?GetSpecialFolder@FileSystem@FObj@@YA?AVCUnicodeString@2@W4TSpecialFolder@12@_N@Z` `?SubstParam@CUnicodeString@FObj@@QBE?AV12@ABV12@00@Z` `?SubstParam@CUnicodeString@FObj@@QBE?AV12@ABV12@0@Z` `?UnicodeStr@FObj@@YA?AVCUnicodeString@1@ABU_GUID@@@Z` `?Open@CFile@FObj@@QAEXABVCUnicodeString@2@IK_JPAX@Z` `?ThrowFileException@FObj@@YAXKABVCUnicodeString@1@@Z` `?WriteFileEncodingTag@FObj@@YAXAAVCBaseFile@1@I@Z` `?IsOpen@CFile@FObj@@QBE_NXZ` `?UnicodeStr@FObj@@YA?AVCUnicodeString@1@HH@Z` `?IsRegisteredClassName@FObj@@YA_NABVCUnicodeString@1@@Z` `?UnregisterCreateObjectFunction@FObj@@YAXABVtype_info@@@Z` `?RegisterCreateObjectFunction@FObj@@YAXP6A?AV?$CPtr@VIObject@FObj@@@1@XZABVtype_info@@ABVCUnicodeString@1@@Z` `?HashKey@CUnicodeString@FObj@@QBEHXZ` `??1CString@FObj@@QAE@XZ` `?UpperPrimeNumber@FObj@@YAHH@Z` `??1CMemoryManagerSwitcher@FObj@@QAE@XZ` `??0CMemoryManagerSwitcher@FObj@@QAE@PAVIMemoryManager@1@@Z` `?CallInterlockedWeakIncrement@FObj@@YA_NACH@Z` `?MakeDir@FileSystem@FObj@@YAXABVCUnicodeString@2@_N@Z` `?AccessDir@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z` `?CmpNames@FileSystem@FObj@@YAHPBVCUnicodeString@2@0@Z` `??GCTime@FObj@@QBE?AVCTimeSpan@1@V01@@Z` `??MCTimeSpan@FObj@@QBE_NV01@@Z` `??0CTimeSpan@FObj@@QAE@HHHHHH@Z` `?Compare@CUnicodeString@FObj@@QBEHPB_W@Z` `??0CMessageHandler@FObj@@QAE@XZ` `??1CMessageHandler@FObj@@UAE@XZ` `?GetTickCount@CTime@FObj@@SA?AV12@XZ` `?FileName@CFileException@FObj@@QBE?AVCUnicodeString@2@XZ` `?ErrorType@CFileException@FObj@@QBE?AW4TType@12@XZ` `?ErrorCode@CFileException@FObj@@QBEKXZ` `?Error@CCheckException@FObj@@QBEABVCError@2@XZ` `?GetMessageW@CError@FObj@@QBEABVCMessage@2@XZ` `?GetHRESULT@CCOMException@FObj@@QBEJXZ` `??1CInternalError@FObj@@UAE@XZ` `?ErrorCode@CInternalError@FObj@@QBEKXZ` `?ErrorType@CInternalError@FObj@@QBE?AW4TInternalErrorType@2@XZ` `?Line@CInternalError@FObj@@QBEHXZ` `?File@CInternalError@FObj@@QBEPB_WXZ` `??0CInternalError@FObj@@QAE@W4TInternalErrorType@1@PB_WHK@Z` `?Name@CMessage@FObj@@QBEPB_WXZ` `??4CUnicodeString@FObj@@QAEAAV01@PB_W@Z` `?GetInternalErrorCallback@FObj@@YAP6AXW4TInternalErrorType@1@PB_W11HK@ZXZ` `?ERR_BAD_ARCHIVE@FObj@@3VCError@1@A` `?SetInternalErrorCallback@FObj@@YAXP6AXW4TInternalErrorType@1@PB_W11HK@Z@Z` `?GetEXEFileName@FileSystem@FObj@@YA?AVCUnicodeString@2@XZ` `??1CUnicodeSet@FObj@@QAE@XZ` `?EndStaticPart@FObj@@YAXXZ` `?HasStaticPartError@FObj@@YA_NXZ` `?BeginStaticPart@FObj@@YAXXZ` `?GetDrivePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z` `?GetModuleFileNameW@FileSystem@FObj@@YA?AVCUnicodeString@2@PAUHINSTANCE__@@@Z` `?AddNotUnloadingResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z` `?RemoveResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z` `?GetFineObjectsVersion@FObj@@YAHXZ` `?doAlloc@FObj@@YAPAXI@Z` `?doFree@FObj@@YAXPAX@Z` `?GetNameExt@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z` `?CanonicalizePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z` `?safeStr@CUnicodeString@FObj@@CAPB_WPB_W@Z` `?safeStrLen@CUnicodeString@FObj@@CAHPB_W@Z` `?Length@CUnicodeString@FObj@@QBEHXZ` `?GetLength@CUnicodeString@FObj@@QBEHXZ` `?concatStr@CUnicodeString@FObj@@CAPAVCUnicodeStringBody@2@PB_WH0H@Z` `??0CUnicodeString@FObj@@AAE@PAVCUnicodeStringBody@1@@Z` `?GenerateCheckLastError@FObj@@YAXK@Z` `?SerializeVersion@CArchive@FObj@@QAEHH@Z` `?UnicodeName@CArchive@FObj@@QBE?AVCUnicodeString@2@XZ` `?Name@CArchive@FObj@@QBE?AVCUnicodeString@2@XZ` `??0CUnicodeString@FObj@@QAE@ABV01@@Z` `?GenerateCheck@FObj@@YAXABVCError@1@PB_W11@Z` `??0CFile@FObj@@QAE@ABVCUnicodeString@1@I@Z` `??1CFile@FObj@@UAE@XZ` `??0CArchive@FObj@@QAE@PAVCBaseFile@1@W4TDirection@01@H@Z` `??1CArchive@FObj@@UAE@XZ` `?Close@CArchive@FObj@@QAEXXZ` `?Close@CFile@FObj@@UAEXXZ` `?IsEmpty@CUnicodeString@FObj@@QBE_NXZ` `??4CUnicodeString@FObj@@QAEAAV01@ABV01@@Z` `?MergePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z` `?AccessFile@FileSystem@FObj@@YA_NABVCUnicodeString@2@I@Z` `?RegisterDelayLoadedObjectModule@FObj@@YAXABVCUnicodeString@1@0@Z` `?LoadModule@FObj@@YAPAUHINSTANCE__@@PB_W@Z` `?ReplaceExt@FileSystem@FObj@@YAXAAVCUnicodeString@2@ABV32@@Z` `?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z` `?Format@FObj@@YA?AVCUnicodeString@1@PB_WZZ` `?GetBuffer@CUnicodeString@FObj@@QAEPA_WXZ` `?ReleaseBuffer@CUnicodeString@FObj@@QAEXXZ` `?Read@CArchive@FObj@@QAEXPAXH@Z` `??5FObj@@YAAAVCArchive@0@AAV10@AAVCUnicodeString@0@@Z` `?Write@CArchive@FObj@@QAEXPBXH@Z` `??6FObj@@YAAAVCArchive@0@AAV10@ABVCUnicodeString@0@@Z` `?Value@CUnicodeString@FObj@@QBE_NAA_N@Z` `?ReplaceAll@CUnicodeString@FObj@@QAEXABVCUnicodeSet@2@_W@Z` `?UnicodeStr@FObj@@YA?AVCUnicodeString@1@_N@Z` `?UnicodeFormat@CTime@FObj@@QBE?AVCUnicodeString@2@PB_W@Z` `?SeekToBegin@CBaseFile@FObj@@QAEXXZ` `??0CFile@FObj@@QAE@XZ` `?Handle@CFile@FObj@@QBEPAXXZ` `?GetLength@CFile@FObj@@UBE_JXZ` `?GetString@CSetupBase@FObj@@QBE?AVCUnicodeString@2@XZ` `?SetString@CSetupBase@FObj@@QAEXABVCUnicodeString@2@@Z` `??0CSetupBase@FObj@@IAE@ABVCUnicodeString@1@0W4TSetupType@1@W4TSetupRegistryView@1@@Z` `??1CSetupBase@FObj@@MAE@XZ` `??0CUnicodeSet@FObj@@QAE@PB_W@Z`
dbghelp.dll	`MiniDumpWriteDump`
VCRUNTIME140.dll	`_purecall` `_CxxThrowException` `memcpy` `__RTDynamicCast` `__CxxFrameHandler3` `memmove` `__std_terminate` `_except_handler4_common` `__vcrt_InitializeCriticalSectionEx` `memset`
api-ms-win-crt-runtime-l1-1-0.dll	`_register_thread_local_exe_atexit_callback` `_controlfp_s` `_c_exit` `_cexit` `_exit` `exit` `_initterm_e` `_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `_crt_atexit` `_initialize_onexit_table` `_register_onexit_function` `terminate`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode` `__stdio_common_vsnwprintf_s`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode`
ADVAPI32.dll	`SetSecurityDescriptorDacl` `InitializeSecurityDescriptor` `OpenProcessToken` `GetTokenInformation`

Delayed Imports

__FineObjUsed

Ordinal	`1`
Address	`0x11904`

1

Type	`ABBYY_SIGNATURE_1`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.65008`
MD5	`8992a5634158fc06b4d29e2b8af72dfd`
SHA1	`368599042bf7eee0dc60f11f543b20e38a0ca899`
SHA256	`28d0632dd0cc38b141993e2616d84c7831c857c7fe5b9bd855e455c57bd4d265`
SHA3	`62fbdb3b3b282e74391715a71bf3e6aad6e9663b1946799c3773f8ec691bb8a0`

1 (#2)

Type	`ABBYY_SIGNATURE_2`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61865`
MD5	`f74725405cc28e6e1ef22bd6aa4179af`
SHA1	`b17c883786ad3421144c9a3f9c64e2287be5eb16`
SHA256	`fc5e0c500c97a8e585bb7772d8b9c62704c850c7ebdf1a42972ed16ffda5e720`
SHA3	`29fb6d312f93ac15b280ec227b3cbb515cc553172339aec7db7c393624a08643`

1 (#3)

Type	`ABBYY_SIGNATURE_4`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63859`
MD5	`e1df1ccc5e946641e203e36c6e4914da`
SHA1	`edc1b1e2aa25545e60e2f61397c53cba3d63e99d`
SHA256	`9d3a8bfa42ab35e5baf42625833d2fe3726b775195e177edaca383c75345dbc9`
SHA3	`cadf109f7d4b73a0933df85c6276dee17c9c20781b2102570a8cdafc23feec9d`

1 (#4)

Type	`ABBYY_SIGNATURE_5`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64446`
MD5	`559d2b74da47868a56245649141fb2d4`
SHA1	`f0715395615fa0f84c708f3d2f20e8e61fbd8145`
SHA256	`219def726a88b0371a24f381fb5760f19b5015724be72a0d181a5a0de052aed7`
SHA3	`7282c7923e88f6a194e3c43b29ff0ccd3f9e33e88a9d4ea56ab0a7187b686b40`

1 (#5)

Type	`DELAY_LOAD`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x240`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52681`
MD5	`dd2e64f1effb6f33804ef0afc432a54d`
SHA1	`d0ec0d910d2ecef6613219e3e20c078fd482053b`
SHA256	`8c1b6ba00c1ba047697b950ab26c0963822f6c9bce068308cf3a151499d8de4d`
SHA3	`780b261111aeae78cd1efcc9130de9688dac8101c3be236ffe8633dc53c67ffa`

1 (#6)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x410`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50281`
MD5	`df8ac0d4f7ebd9082b6f2fc91bc7fbee`
SHA1	`c2645bac52c49132ad7170792bc72c665333ec42`
SHA256	`7b2f7c1e2309a28ea10ef1a881276c4cc4ba4a8085d5292f94070f93cdcca949`
SHA3	`2ce4677fbc2af60fe3f3cccda201a5048112b7bef4b7e4c4949a96ddb8c4117d`

1 (#7)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x52f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33619`
MD5	`b1fb7895aaae921d27c037d3d94f6c80`
SHA1	`062a6b084b5a4fe40ea8b24aa7098c0924cad351`
SHA256	`819d12b69316c18703e967927396fbefa6fe10ef4ebae251765137235320d49f`
SHA3	`6ce74b14627c97fb94fc9ff99b8bbcde3ec651f8f7916bc3cd9bd51005ba0efa`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	15.0.112.2130
ProductVersion	15.0.112.2130
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	ABBYY Production LLC.
FileDescription	ABBYY updates installer
FileVersion (#2)	15.0.112.2130
InternalName	UpdateInstaller
LegalCopyright	ÃÂ© 2015 ABBYY Production LLC.
LegalTrademarks	ABBYY, the ABBYY logo are either registered trademarks or trademarks of ABBYY Software Ltd.
OriginalFilename	UpdateInstaller.exe
ProductName	ABBYY FineReader
ProductVersion (#2)	15.0.112.2130

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Dec-23 12:09:51
Version	`0.0`
SizeofData	`119`
AddressOfRawData	`0xc844`
PointerToRawData	`0xbc44`
Referenced File	E:\Agent\_work\38\s\0\Shell\Components\Update\App.UpdateInstaller\WinFinal\UpdateInstaller.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Dec-23 12:09:51
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xc8bc`
PointerToRawData	`0xbcbc`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Dec-23 12:09:51
Version	`0.0`
SizeofData	`896`
AddressOfRawData	`0xc8d0`
PointerToRawData	`0xbcd0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Dec-23 12:09:51
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x413000`
EndAddressOfRawData	`0x413008`
AddressOfIndex	`0x4117d4`
AddressOfCallbacks	`0x40b404`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x411018`
SEHandlerTable	`0x40c710`
SEHandlerCount	`77`

RICH Header

XOR Key	`0x8142b67d`
Unmarked objects	`0`
C++ objects (23013)	`2`
Imports (VS2015 UPD3 build 24123)	`2`
C++ objects (VS2015 UPD3.1 build 24215)	`14`
ASM objects (VS2015 UPD3 build 24123)	`5`
C++ objects (VS2015 UPD3 build 24123)	`25`
C objects (VS2015 UPD3 build 24123)	`13`
Imports (VS2015 UPD3.1 build 24215)	`2`
C objects (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`29`
Total imports	`312`
C++ objects (LTCG) (VS2015 UPD3.1 build 24215)	`11`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (20806)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

Errors

Leave a comment

No comments yet.