5aadee88207b27504a8624e611e5ea5d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Jun-29 19:40:03
Detected languages English - United States
Debug artifacts E:\r\ws\St_Make\code\build\win\results\Release\info\airappinstaller.pdb
CompanyName Adobe Systems Inc.
FileDescription Adobe AIR Application Installer
FileVersion 26.0.0.127
InternalName AIRAppInstaller.exe
LegalCopyright Copyright 2007-2017, Adobe Systems Inc.
OriginalFilename AIRAppInstaller.exe
ProductName Adobe AIR
ProductVersion 26.0

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • CreateProcessW
Suspicious The PE is possibly a dropper. Resources amount for 94.3254% of the executable.
Info The PE is digitally signed. Signer: Adobe Systems Incorporated
Issuer: DigiCert EV Code Signing CA (SHA2)
Safe VirusTotal score: 0/66 (Scanned on 2018-04-29 04:27:20) All the AVs think this file is safe.

Hashes

MD5 5aadee88207b27504a8624e611e5ea5d
SHA1 b14b2aac9aba035ca05bac6d0e369d88e6a16ed7
SHA256 1c3c8a8af615d2444097c31beb59a85b055aa71897e7d2efc1c043a83b899435
SHA3 1d5344ec9f4aa0fd3559395fbd6b02b59d89105c017febf34bebf5fff0e5ecab
SSDeep 384:WeQkizD4LlJyZuXH101x/joc1E1k3Hn87EtpevwA0m0IXZsHLMBzy5JNNzFwhhih:Qk2S101x/joc1Ck3Hn87MpiwApU53whQ
Imports Hash 12ea9efe38c3e1aa92683a8e37f8eb3d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2017-Jun-29 19:40:03
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x200
SizeOfInitializedData 0x4a000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001188 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x4f000
SizeOfHeaders 0x400
Checksum 0x574e4
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9ffbb09a96704a3808296f1748c13078
SHA1 16d2d31ab78c0c8b4e68bc0fc704a514a1a1258d
SHA256 6194afa3b0e25faa9b2abd53387d729a00fb22983daf9ddd12116a4207dd57aa
SHA3 a2a864472514d10376949fe27b4115eda03479d364f092a534d14469604f42e9
VirtualSize 0x1b9
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.68415

.rdata

MD5 aaaee4e9c9478693f09888b29f9af9b1
SHA1 5ba8e2d8546c368c96ee700ca9cfd18518e4f183
SHA256 c3c095beb986932fbf0795b1b04027c438eacccd78272f7e775af3917e180f66
SHA3 a831103ac031c3c0dc92a24861f038a4f617c3d93679d1323202c532960117c4
VirtualSize 0x1720
VirtualAddress 0x2000
SizeOfRawData 0x1800
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.04694

.data

MD5 d23fe3ea290c74c5b2f1d36becedabc1
SHA1 2d1fcda614011cd0dc00664f443e88efe4fc579a
SHA256 a8258db0931c43809809086cfa5500e0e480c7a8e998cec34cdbd4731d01a6c9
SHA3 9c875d785a73409aa259f7ce51e5d294e7c1aafcc7e21c8ae6b2d226b5de70c4
VirtualSize 0x110
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.55376

.rsrc

MD5 fd4b2319d8e0486d7dbfffdd234eb89a
SHA1 82958a617c9176ad2ef80970dc85c3eb4ae2a628
SHA256 c3973498771ca1d27fa2255c7bf1611cecd70673068bab9d89fce4c11eb11fa4
SHA3 d7093d012c4f5d5c4bf3203a798cea815ff160c8ea466787188f19d141f75a28
VirtualSize 0x48108
VirtualAddress 0x5000
SizeOfRawData 0x48200
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.87121

.reloc

MD5 c910ec248c40f19dd37592bca681741f
SHA1 e9ad6ad382c609fbfa5bfa7b3ef0adda6f4b2b5a
SHA256 3a8b57789c4d7be0c5bbef0d39f98eadd307a1a8a8a63f5e0fbe5ae3a6694d8c
SHA3 eed208e4e84703e015c4d7f008111bba53355d7d1fe2624d2c26291784e889b2
VirtualSize 0x392
VirtualAddress 0x4e000
SizeOfRawData 0x400
PointerToRawData 0x4a200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.11171

Imports

KERNEL32.dll GetUserDefaultUILanguage
GetLastError
CreateProcessW
lstrcpyW
HeapAlloc
GetProcessHeap
lstrlenW
GetCommandLineW
ExitProcess
USER32.dll MessageBoxW
SHLWAPI.dll AssocQueryStringW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.55302
MD5 a4510ef20e4f6337a6612c7c57595730
SHA1 aae2421babdbc0bce5df0b4d10592993527fd9e4
SHA256 3ca11b5f777ff3e988d3f5c08f9be42eab6082646e04426a6c7eb03641d9c809
SHA3 bcd345d1111c082647932c87841f5ea24464658a964061f6771588b1a7cc720e

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.30505
MD5 b9340dd1f417defdee6c1d11ba9bf3f2
SHA1 58c8241bdb418f62c0a750f9751f432f22b1df3f
SHA256 7e3b925aed17199b0ef7792338155c83aa7eb72996204f798ae1c3962c6b0e76
SHA3 77f7341ed07db43abdca9312e98ecee4537f9ab73ef052791b58a7762fc44134

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.13516
MD5 4bea32006a73f2e18868ca864b0154c5
SHA1 3bc12aec0eb0cff10a114e649f0d21acbe3a85dd
SHA256 7019a942164b8bea32f3a9faf380710039c54b3198289bafb51f7060eb45c492
SHA3 3b506734503c6d567e6d9649574b4666e2e20bff9df4bf0f0b0643bf8953d74e

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.71337
MD5 76ba880637d78d260917384bdcae3426
SHA1 7bee2d72a10336acb640fe24a49e28c0d78c617f
SHA256 23c91c7e8b5d5dbb6376a36eaebbfa63bb2faed681400ebb32f83491f81148c5
SHA3 9dc79f8a8b3a686aacd888fd1efc14b2f7d767457a3c8800cbcd8119c4dacf08

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.00333
MD5 eee48b12b272ca0940a92135f567e551
SHA1 3581472ae3fb54bb456034624f849315edf4a879
SHA256 11d6bdfe1ba89dff869f9cc1055d23710acf4309bed2c05b3cc56f7f29fc4816
SHA3 65f8772cd7d24967f81b309ce687fdbe971ae0fe622e4f00f99fc4c05c3bfbe0

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.91149
MD5 0a26f7ec27c330525a8e6516eedd926e
SHA1 a2ff1ec9d1345f0b652e2b94ed675149ddb81486
SHA256 0f5acad265f7db4a8b1367a93024ec40ee9e110e613ed4d0fcce3e3bcff220e5
SHA3 58221c88bd22486302def9dd83a691fbd831b47aeba81260ffe51f4015757536

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.05864
MD5 f27397e9aa642748be050c19947a3e5e
SHA1 8e5a5303cc7c0f157e9599302fca96c9f8aa8792
SHA256 8e61e58c090dd04050a3dd3ed8668ab938867f382686ada099b12317c70e275e
SHA3 e89de0f85e2cd6dd76c6e6c9a1ba1a3b55fead96829e6cb7a54c6eed5e0f60ea

100

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71787
Detected Filetype Icon file
MD5 eee2def6081be6fc6c237a1035cd0d47
SHA1 8806faa001a31ea3b44f50dd48cc65beaeaf5980
SHA256 b4a86ff543995d1a1dcad86ec767539180bbe55d27b306186eb5fa4bc3d5872f
SHA3 293718c08c74df16bc3e220b2edcbf174192ba2080a5b914811bc9c27d661b57

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x338
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41964
MD5 76e738bf68687c4602c58503d8f9697a
SHA1 d2a92016b0b1122d86275ad74ee9f2d764097b37
SHA256 1719e0e562cd2e7db55991a86467416477cc57d06d611a5fbfa003d880e13394
SHA3 017bfa60e92bc86371c588bfcb09347a797329b94e80f758d43d0f90e8e1b31e

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x37e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.16494
MD5 f9d6b4c2d66730dc2c4e8e860065f257
SHA1 ad294c7c1368f2e600c8f9558432d05578232b65
SHA256 622b1b280deb1a958182e4f0661e9e142cd2207b78aa98330a3b02cbd4ce87ed
SHA3 5d812765d3d5cb14fbaea4c885c7a68e57f115c3ba96cd1710d2fbdeaba8785b

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 26.0.0.127
ProductVersion 26.0.0.127
FileFlags VS_FF_PRERELEASE
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Adobe Systems Inc.
FileDescription Adobe AIR Application Installer
FileVersion (#2) 26.0.0.127
InternalName AIRAppInstaller.exe
LegalCopyright Copyright 2007-2017, Adobe Systems Inc.
OriginalFilename AIRAppInstaller.exe
ProductName Adobe AIR
ProductVersion (#2) 26.0
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Jun-29 19:40:03
Version 0.0
SizeofData 96
AddressOfRawData 0x36c0
PointerToRawData 0x1cc0
Referenced File E:\r\ws\St_Make\code\build\win\results\Release\info\airappinstaller.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xd186cc01
Unmarked objects 0
Imports (VS2012 build 50727 / VS2005 build 50727) 7
Total imports 11
C++ objects (VS2008 SP1 build 30729) 1
Linker (VS2008 build 21022) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

<-- -->