Manalyze report for 650c121ef770044b5b8533ec524b9c7b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Dec-11 21:50:45
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Can access the registry: RegDeleteKeyA RegOpenKeyExA RegEnumValueA RegDeleteValueA RegCloseKey RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Changes object ACLs: SetFileSecurityA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Aller Media e.K.` `Issuer: Certum Code Signing 2021 CA`
Suspicious	VirusTotal score: 2/72 (Scanned on 2025-04-27 07:36:44)	`GData: Win32.Application.FraudVLC.063IAO` `VBA32: suspected of Trojan.Downloader.gen`

Hashes

MD5	`650c121ef770044b5b8533ec524b9c7b`
SHA1	`958aff891948845f648041f62e42efd7d0fe5cbe`
SHA256	`ffb7e0228d5212b01b82d48a1a058ada453228b70a0285e39822facefcc24e52`
SHA3	`f49b1632795a52441a2eb4fbc71c91beceacf636eb112acbe4c7db7fc6ba613e`
SSDeep	`3072:T1E/rS2paccKntcpbdJIpIxqgnmQQrSQSTr:T1oneboIxuQsx2`
Imports Hash	`4f67aeda01a0484282e8c59006b0b352`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Dec-11 21:50:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x1d000`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000032BF (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x4c000`
SizeOfHeaders	`0x400`
Checksum	`0x36755`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1892c55874b94ef60ac62cf77f0ecd0e`
SHA1	`95487725a8bb3a7284cb15204d9d83d8dd16a070`
SHA256	`c46db17bdcc6d27e134436026027456b8e5522cee7aa5056d4f513430c3d203c`
SHA3	`b10a21e295e30ef344b55eeb7b57bd384ed5b3ec36c475bd899a58fc47272aa8`
VirtualSize	`0x5e59`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42419`

.rdata

MD5	`6389f916226544852e494114faf192ad`
SHA1	`5a8bd7dc51e26e238ac906646d9390d89e9de99b`
SHA256	`96fda7c3b5c92d7089fdd266fb9069a5490e2ae8ea7704c5a15f8ef53ee746ad`
SHA3	`4b0f9cf9e8c6bf0014311228d4e775d5a3ef7c286d6e4b0c9e2e4756a62b3dba`
VirtualSize	`0x1246`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0004`

.data

MD5	`f02c8b5709d3fb8c6cc1ab777c138d8f`
SHA1	`c95896cfaab005ecd71497fdbf013ea77cf1b85a`
SHA256	`c3888e36a58e370976092a6f7d0374b84cc2465856675cb58dd9c7de3d5f009b`
SHA3	`3653898572e644df42cf75d23f90306c1157fd59276df04098ff493909f5ce50`
VirtualSize	`0x1a818`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.21193`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe000`
VirtualAddress	`0x24000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`9b75b80ae5e665343a05bfa9cafd2533`
SHA1	`15f0234a907c157e3c618d46877d17ebcaa7a95a`
SHA256	`c1ecb1d7aca98e6bc6f2ec489b3aa9345fcdf47fb4c645ebb5f105438e35772f`
SHA3	`b925bd802ead673a3581d091c5ae9e62617840cb2164ff6c3fd8fbda79de6558`
VirtualSize	`0x19530`
VirtualAddress	`0x32000`
SizeOfRawData	`0x19600`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.26853`

Imports

KERNEL32.dll	`CopyFileA` `Sleep` `GetTickCount` `CreateFileA` `GetFileSize` `GetModuleFileNameA` `ReadFile` `GetFileAttributesA` `SetFileAttributesA` `ExitProcess` `SetEnvironmentVariableA` `GetWindowsDirectoryA` `GetTempPathA` `GetCommandLineA` `lstrlenA` `GetVersion` `GetCurrentProcess` `GetFullPathNameA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `GetLastError` `CreateDirectoryA` `CreateProcessA` `RemoveDirectoryA` `GetTempFileNameA` `WriteFile` `lstrcpyA` `MoveFileExA` `lstrcatA` `GetSystemDirectoryA` `GetProcAddress` `CloseHandle` `SetCurrentDirectoryA` `MoveFileA` `CompareFileTime` `GetShortPathNameA` `SearchPathA` `lstrcmpiA` `SetFileTime` `lstrcmpA` `ExpandEnvironmentStringsA` `lstrcpynA` `SetErrorMode` `GlobalFree` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `GetPrivateProfileStringA` `FindClose` `MultiByteToWideChar` `FreeLibrary` `MulDiv` `WritePrivateProfileStringA` `LoadLibraryExA` `GetModuleHandleA` `GetExitCodeProcess` `WaitForSingleObject` `GlobalAlloc`
USER32.dll	`ScreenToClient` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `GetWindowLongA` `SetCursor` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostQuitMessage` `GetWindowRect` `EnableMenuItem` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `EndDialog` `RegisterClassA` `SystemParametersInfoA` `CreateWindowExA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `GetDC` `CreateDialogParamA` `SetTimer` `GetDlgItem` `SetWindowLongA` `SetForegroundWindow` `LoadImageA` `IsWindow` `SendMessageTimeoutA` `FindWindowExA` `OpenClipboard` `TrackPopupMenu` `AppendMenuA` `EndPaint` `DestroyWindow` `wsprintfA` `ShowWindow` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `ShellExecuteA` `SHFileOperationA`
ADVAPI32.dll	`RegDeleteKeyA` `SetFileSecurityA` `OpenProcessToken` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `RegOpenKeyExA` `RegEnumValueA` `RegDeleteValueA` `RegCloseKey` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_Create` `ImageList_AddMasked` `ImageList_Destroy` `#17`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoCreateInstance`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58522`
MD5	`5e736d28492f4acddfef8ae975bc4983`
SHA1	`56748fadf9b13b5c379e88520a24ef458a5a5b3f`
SHA256	`0ed1b4e869523b29ed1ce8e2f3f43549f109a317bc72637ffec4e41e026d53bd`
SHA3	`a567270774e426c5e3a5072eb350f470f05e8bc6b893f546c1cb2ec4364417da`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03782`
MD5	`a3d2d7f24e1f283addd5c8694f47a14a`
SHA1	`bb195b995a6d4654df9e845ed06bc4af90fbb687`
SHA256	`f5de38ec627bb97d347a9315cf9e3e6c108523be1bcd327a6d82de842d4470e9`
SHA3	`65cccf67101da28ef46435fcaeb701b651a9ffee765da84e12a1c8b08f402001`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.27757`
MD5	`4d6a47169f4658a44aaf34032ad8175b`
SHA1	`c9e2dae5a3b53337793002c5e77478f47268bf36`
SHA256	`1439b236781c38053a0b66c8212461d7c5e957d1abfd6af586e5fe8d1c4fbefe`
SHA3	`e26bc3d8715639aa1a9264e4a6e304b08c8f53305af9218d4648052a3de7c09f`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87484`
MD5	`6c120a005008391580fc7ae6421dc3d6`
SHA1	`cf4f7978e015ae6893e0ab83ac598739b0430c79`
SHA256	`06872b633d5443fda745530ef35e0f0600f80de401efe3a3559b70d2df3cc620`
SHA3	`96626c97fc8cea0f143d1b93279db0875bddaf1a4bb9618e631507623f3c33a7`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68416`
MD5	`128644fc6a564959159b75fb44439052`
SHA1	`da8b2a4585a6917a6c4b457d493aad606e5dc02d`
SHA256	`a9543d517d3ad10a8d42edab2e1bd943a29041184f34296a61526a4fd9989550`
SHA3	`99e42fcbce1f621b176760d9f93c45c61983ee16e079f2820ace09942118f250`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`809457c05fe696f5d34ac5ac8768cdd4`
SHA1	`a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9`
SHA256	`1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be`
SHA3	`002d1b10f28d74c7572fc7c5b403eb32f2a0540c4958d7878ef67edfd17c8109`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71813`
MD5	`7add80697358fcc3e63354d269ea5ac9`
SHA1	`72c0a1363b9b4fee0a4acb42b31cd9b5e0664c4c`
SHA256	`b29c7a1301ddb0e896faf944d8ea8f4e57ff4f3d5fc3e5dc5bf3e64ed6be2fdd`
SHA3	`40a0e6b6b579b110550a4c3304eb33293a293d9aa288b02b11750143b52423fe`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89887`
MD5	`663040d6315b1d6ce8c0334d182ed8fc`
SHA1	`ebcfff801a12fb8ad1200a4526fca8bd2c3e96cf`
SHA256	`cb3c86cbcb579244a6f819f9c1807a7e89b6e600982ec6ea0841fcdcb16a9efd`
SHA3	`6a25a2cb16aeb17693f10e8aaa0245c701701db571b458fde7830291a4a01cfc`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93488`
Detected Filetype	Icon file
MD5	`113389f5e12acd87d3d9c719d747c4fc`
SHA1	`6c61487d593b5d4c9a70f013c4089321369582a9`
SHA256	`ef70a9ae6ac3aa2a8e4d4bede6b0c4605e325c4f0ced7e8c0dee8cd0fc8cf5f2`
SHA3	`3a361c70b6dc336c5f83b76b6eb3ff52eef94755101e4106a429f00bed6f42ca`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x423`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2963`
MD5	`49137dfb57a353a38f72136416dc3e9f`
SHA1	`f96b4de727ee77d62134f240328a853eba69d878`
SHA256	`008dbe3201f83d981e0890a802c73f74b854486734d10232bac2f36b821edb84`
SHA3	`b8a14406a78b27ab6d00853dc8c421ee5b0f18aed1179610f22200b1e9559832`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd246d0e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`159`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!