5d59b9701e26e7dab1a3b3ebdb3b026c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-May-16 05:59:04
Detected languages English - United States
Debug artifacts D:\_work\4\s\Endpoint\Setup required\MSI Enterprise\Win32\Release\STInstallAgent.pdb
CompanyName Safetica Technologies
FileDescription Safetica MSI Install
FileVersion 11,4,6,0
InternalName Safetica MSI Install
LegalCopyright Copyright (C) 2024, Safetica
LegalTrademarks Safetica Technologies
OriginalFilename STInstallAgent.dll
ProductName Safetica MSI Install
ProductVersion 11.4.6

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • regsvr32.exe
 May have dropper capabilities:
  • CurrentControlSet\Services
  • CurrentVersion\Run
 Accesses the WMI:
  • ROOT\CIMV2
Suspicious The PE is possibly packed. Unusual section name found: .orpc
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryW
  • LoadLibraryA
 Can access the registry:
  • RegDeleteKeyExW
  • RegEnumKeyExW
  • RegEnumValueW
  • RegQueryValueW
  • RegEnumKeyW
  • RegSetValueExW
  • RegDeleteValueW
  • RegDeleteKeyW
  • RegCreateKeyExW
  • RegQueryValueExW
  • RegCloseKey
  • RegOpenKeyExW
 Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
 Uses functions commonly found in keyloggers:
  • MapVirtualKeyW
  • CallNextHookEx
  • GetForegroundWindow
  • GetAsyncKeyState
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Leverages the raw socket API to access the Internet:
  • htonl
  • GetAddrInfoW
  • InetNtopW
  • WSAStartup
  • WSACleanup
  • FreeAddrInfoW
  • GetNameInfoW
  • ntohl
 Interacts with services:
  • OpenServiceW
  • OpenSCManagerW
 Enumerates local disk drives:
  • GetVolumeInformationW
  • GetDriveTypeW
 Can take screenshots:
  • GetDC
  • BitBlt
  • CreateCompatibleDC
Safe VirusTotal score: 0/69 (Scanned on 2024-06-07 07:46:24) All the AVs think this file is safe.

Hashes

MD5 5d59b9701e26e7dab1a3b3ebdb3b026c
SHA1 86ae7398d6ae1397f21bf46267034d0c18d7909a
SHA256 d3a25972b22e4f761ad679d327e55430e6ef65ddf24bee640289eec835ec9cb1
SHA3 88f8d230b86c8529c773ed3d29eb2c257fd379b727aa8455a07c28e42e972674
SSDeep 49152:irF/yYWtmJKPS5VjDxMLcJ4XnmTproJ9iYsJJzKFy1dyds9MFNMurCPgfdP:imtmMwDOLcJ4XmTxojDMyds9MFNMBPq
Imports Hash b466e27ed81f6bd554bfb0d405c17744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2024-May-16 05:59:04
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1f7000
SizeOfInitializedData 0xd4000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x001A0E99 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1f9000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x2cf000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 48cb9b315a07a8f9d646b5ed20497e6d
SHA1 dee7df04b8e9d1b22d54909525ab6ce281df1770
SHA256 a3abef31453536eb9ce20d3abda3f66359094af13ea874381dbfb6b3081de1ec
SHA3 cec200e8ceed87b73b1a5872118bfaf62631567b19c94a2c95a3cf6ee0ff9423
VirtualSize 0x1f6c5c
VirtualAddress 0x1000
SizeOfRawData 0x1f6e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.57092

.orpc

MD5 3c95b5683da1b5b082bcdac905359e48
SHA1 5f62128743c9634c39ae6e48c7c80c50e0f16f38
SHA256 3c00596997addb8a01c6a36fe0550a0edd85b7ec93ee41ca0b6fad31379f5e1d
SHA3 7bd000e2519966784dea060d9fb3a608737598859d542d9c2e62875c7ad8fa9b
VirtualSize 0x10c
VirtualAddress 0x1f8000
SizeOfRawData 0x200
PointerToRawData 0x1f7200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 3.51613

.rdata

MD5 41c75238be74531da6e3046e9c2c1aa8
SHA1 11b8b0436bf50e94ba6a8673bcc93a08582909c5
SHA256 e94587f8a31e9dc8a4c65d382f584765918e9ea54210a12c2e1742206af8f0bd
SHA3 7d8fc2b0d64b43d3b97dfead7534d67401fd4a77228856ccf0ec278fc0a7f095
VirtualSize 0x9a7fa
VirtualAddress 0x1f9000
SizeOfRawData 0x9a800
PointerToRawData 0x1f7400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.613

.data

MD5 30461a06900b98cedfa41eda85359d14
SHA1 7ba081e9ecb64762ab2ae683b802348367609d76
SHA256 48cd9156e31492a948e886b5d520b997a815bb8b8e5b78bb88f450bf97fc42a7
SHA3 8edb9463f2b5bce117ec3bf6fc81df9bba4b9f7a432fadf166b47ad328d9ba53
VirtualSize 0x127b4
VirtualAddress 0x294000
SizeOfRawData 0xdc00
PointerToRawData 0x291c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.14958

.rsrc

MD5 53410e1270226ae3f18f39130e70848d
SHA1 262d9a9abaf1c3b8a51ddc880f549bdbdd02f40f
SHA256 938ba1e9f9dc8745f19e2f9ec7243ddaa97f245c6b2f32636935234ae86ffe67
SHA3 7da2b4f5e2527404460748e4c8900ab22d55990f2e9e1244b3fe1e1c94717936
VirtualSize 0x6d0
VirtualAddress 0x2a7000
SizeOfRawData 0x800
PointerToRawData 0x29f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.73042

.reloc

MD5 b2da8b049722f7ebfd48cd4a3efd00aa
SHA1 9f5274152e4236d8470cce5d30af65c10dcc8aa9
SHA256 24ac69b64ae447502ad668c0897e3da6f58a62775647f231a48872a3653d015c
SHA3 fa5f9075f2871e7be5357bd9fd8f43e9702810e03bc7ffc40c72f0bbf10030f5
VirtualSize 0x2662c
VirtualAddress 0x2a8000
SizeOfRawData 0x26800
PointerToRawData 0x2a0000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.57386

Imports

RPCRT4.dll CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
UuidToStringW
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_CountRefs
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrClientCall2
NdrDllGetClassObject
RpcBindingFree
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
RpcBindingSetOption
VERSION.dll VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
MPR.dll WNetGetUniversalNameW
NETAPI32.dll NetShareGetInfo
Netbios
NetApiBufferFree
KERNEL32.dll GetSystemInfo
CreateProcessW
IsWow64Process
GetExitCodeProcess
GetNativeSystemInfo
QueueUserWorkItem
GetVolumePathNameW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetCommandLineW
GetCommandLineA
ExitThread
InterlockedFlushSList
RtlUnwind
GetCPInfo
CompareStringEx
LCMapStringEx
GetLocaleInfoEx
FindFirstFileExW
QueryPerformanceFrequency
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStringTypeW
FormatMessageA
RaiseException
OutputDebugStringW
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
MultiByteToWideChar
MoveFileExW
WideCharToMultiByte
LocalAlloc
Sleep
LocalFree
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
WaitForMultipleObjects
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
GetUserDefaultUILanguage
CreateMutexW
ReleaseMutex
DeleteFileW
CopyFileW
ReadFile
WriteFile
SetFilePointer
CreateFileW
FileTimeToSystemTime
GetLocalTime
GetFileSize
FormatMessageW
GetModuleHandleExW
GetModuleFileNameW
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThreadId
GetCurrentProcessId
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FreeLibraryAndExitThread
CreateThread
ResetEvent
FileTimeToLocalFileTime
GetProcAddress
GetModuleHandleW
SetEndOfFile
GetTempPathW
FindFirstFileW
FindNextFileW
FindClose
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
SetThreadPriority
ResumeThread
OutputDebugStringA
GetCurrentThread
GetVersionExW
FreeLibrary
GetModuleHandleA
LoadLibraryExW
LoadLibraryW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
CompareStringW
GlobalGetAtomNameW
EncodePointer
GetSystemDirectoryW
LoadLibraryA
GlobalFindAtomW
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
VirtualProtect
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
GetTickCount64
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
InitializeSListHead
USER32.dll MoveWindow
MapDialogRect
IntersectRect
TrackMouseEvent
LoadImageW
GetNextDlgGroupItem
SetCapture
ReleaseCapture
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
WindowFromPoint
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
UnregisterClassW
GetDesktopWindow
EnumThreadWindows
MessageBeep
EnableScrollBar
GetClassNameW
EndDialog
HideCaret
MessageBoxW
GetMenuStringW
GetMenuState
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
CheckDlgButton
SetWindowTextW
IsDialogMessageW
CopyImage
SystemParametersInfoW
DeleteMenu
ClientToScreen
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
FillRect
DestroyIcon
CharUpperW
DestroyMenu
GetMenuItemInfoW
InflateRect
SendDlgItemMessageA
SetRectEmpty
OffsetRect
CreateDialogIndirectParamW
GetNextDlgTabItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
PostMessageW
PostQuitMessage
ShowOwnedPopups
SetCursor
EnableWindow
IsWindowEnabled
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
UnhookWindowsHookEx
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
SetParent
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetAsyncKeyState
GDI32.dll DeleteObject
GetObjectW
SetTextColor
SetBkColor
DeleteDC
CreateBitmap
GetDeviceCaps
CreateDCW
PtVisible
BitBlt
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32W
CreateFontIndirectW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
CreateCompatibleDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CopyMetaFileW
MSIMG32.dll TransparentBlt
AlphaBlend
WINSPOOL.DRV OpenPrinterW
ClosePrinter
DocumentPropertiesW
ADVAPI32.dll GetLengthSid
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
RegDeleteKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SHELL32.dll SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage
SHLWAPI.dll PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
UxTheme.dll GetWindowTheme
GetThemeSysColor
IsAppThemed
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
GetThemePartSize
DrawThemeText
DrawThemeBackground
OpenThemeData
CloseThemeData
ole32.dll OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoInitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoRegisterPSClsid
OleRun
CoRegisterClassObject
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OLEAUT32.dll SysStringLen
SysAllocStringLen
LoadTypeLib
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserSize
SysFreeString
SysAllocString
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VariantCopy
VariantChangeType
VariantInit
msi.dll #74
gdiplus.dll GdipDrawImageI
GdipCreateFromHDC
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawImageRectI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
OLEACC.dll AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
IMM32.dll ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
WINMM.dll PlaySoundW
WS2_32.dll htonl
GetAddrInfoW
InetNtopW
WSAStartup
WSACleanup
FreeAddrInfoW
GetNameInfoW
ntohl
IPHLPAPI.DLL GetAdaptersInfo

Delayed Imports

DCRollback

Ordinal 1
Address 0x2aba0

DCInstall

Ordinal 2
Address 0x2a610

DCUninstall

Ordinal 3
Address 0x2ade0

DCCheckOs

Ordinal 4
Address 0x2a600

7

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x32
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.34631
MD5 a8b8ac1fa9fed0be421a58a2197115f9
SHA1 62cabb5d0bafb9893cdf76840b301dfe4d274af1
SHA256 e8944c6754ecb440cb2fa86d6b04452d0e84f8d03ec28c26ca415fa6359f78c4
SHA3 64281e6df6fe4f0b825314272bd97852a9804e52663c08b52c77c33af44aaf9c

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x380
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35412
MD5 20150c72f75af0c9624b45e2b2d8487a
SHA1 50ab5df65b28f3b995d9a7eefd22a27312ab8dda
SHA256 8dcc9e532cc01fd1b73a4b23cd5eda84c125e096da6d4296f14488bf9d8e9be3
SHA3 c5a116467706a9957da69982ae662f38fd99ef907f6acf09ba833c179fb258dd

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x224
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04378
MD5 245b863be176aab16ef1dbe168defe03
SHA1 c0a369f6f0e77b89c5d9d37fb94e1d5e2d431b5b
SHA256 59ba97d56a01766792386c3b379946bb613c8921e3daf8a878855a268ad5e4aa
SHA3 7efbe82f17422b353f747a146c1e8f1b9df37e90648150f2020442ff9477341e

String Table contents

DCInstall

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 11.4.6.0
ProductVersion 11.4.6.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Safetica Technologies
FileDescription Safetica MSI Install
FileVersion (#2) 11,4,6,0
InternalName Safetica MSI Install
LegalCopyright Copyright (C) 2024, Safetica
LegalTrademarks Safetica Technologies
OriginalFilename STInstallAgent.dll
ProductName Safetica MSI Install
ProductVersion (#2) 11.4.6
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2024-May-16 05:59:04
Version 0.0
SizeofData 109
AddressOfRawData 0x27c1a4
PointerToRawData 0x27a5a4
Referenced File D:\_work\4\s\Endpoint\Setup required\MSI Enterprise\Win32\Release\STInstallAgent.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2024-May-16 05:59:04
Version 0.0
SizeofData 20
AddressOfRawData 0x27c214
PointerToRawData 0x27a614

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-May-16 05:59:04
Version 0.0
SizeofData 956
AddressOfRawData 0x27c228
PointerToRawData 0x27a628

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2024-May-16 05:59:04
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x1027c5f4
EndAddressOfRawData 0x1027c5fc
AddressOfIndex 0x102a67a0
AddressOfCallbacks 0x101f9e28
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x10294fe4
SEHandlerTable 0x1027ad68
SEHandlerCount 1168

RICH Header

XOR Key 0x4714e55b
Unmarked objects 0
ASM objects (29395) 28
C objects (29395) 38
C++ objects (29395) 213
C objects (CVTCIL) (29395) 1
C objects (VS 2015-2022 runtime 32533) 18
ASM objects (VS 2015-2022 runtime 32533) 27
C++ objects (VS 2015-2022 runtime 32533) 408
Imports (29395) 51
Total imports 1001
C++ objects (LTCG) (VS2022 Update 7 (17.7.4) compiler 32825) 44
Exports (VS2022 Update 7 (17.7.4) compiler 32825) 1
Resource objects (VS2022 Update 7 (17.7.4) compiler 32825) 1
151 1
Linker (VS2022 Update 7 (17.7.4) compiler 32825) 1

Errors

<-- -->