Manalyze report for 6c7d5b4521e8114f2b98a99a0d434c04

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Sep-25 21:57:46
Detected languages	English - United States
CompanyName	Fast Corporation LTD
FileDescription	PC App Store Setup
LegalCopyright	Fast Corporation LTD
ProductName	PC App Store
ProductVersion	`1.0.0.2026`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCreateKeyExW RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW RegOpenKeyExW RegEnumValueW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetFileSecurityW` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`6c7d5b4521e8114f2b98a99a0d434c04`
SHA1	`ea89122c36c6df75b086ba2a8c240bd552f55c7e`
SHA256	`98e5e072e97e5c5c2be23ae59dca99e20531602fea44fd89749a8f572570599f`
SHA3	`794356b47028e9e61dbcbf5f9902236c195c771bbb184f983df7ead85044410e`
SSDeep	`98304:/qglSKocbIfIi754CIo568pVb7OWbOOgyPinmh:/qglSKlbIb754CIWpVb7OWbOOg+imh`
Imports Hash	`56a78d55f3f7af51443e58e0ce2fb5f6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Sep-25 21:57:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6a00`
SizeOfInitializedData	`0x2da00`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x0000352D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x82000`
SizeOfHeaders	`0x400`
Checksum	`0x427781`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ce9df19df15aa7bfbc0a8d0af0b841d0`
SHA1	`6cba022a30ad3c84a5343e05a15e49562c18aba0`
SHA256	`c902047f3976f37a722b89e3e2401d690d77b3e70ebaf7a32e9ac5ce6ff34a5e`
SHA3	`a80cef7bf78b6d8cf31176f4f7b837d46a7ec1b2d2dd9ab44d791ec0b29f199c`
VirtualSize	`0x6897`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4584`

.rdata

MD5	`a118375c929d970903c1204233b7583d`
SHA1	`73c2bec231377068f99d5c55ff5c975960280e6c`
SHA256	`322668435dbcf8d7246f9f554db08e811dd251f45ad883764e7af6b723e51e0a`
SHA3	`712081c7df3abf95c9a3dacb7e21700d783b1ca8d1105fe9df0f6df834b73c24`
VirtualSize	`0x14a6`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.02411`

.data

MD5	`82a10c59a8679bb952fc8316070b8a6c`
SHA1	`7e347dcff055b97091b833896e1097b7ed374fdd`
SHA256	`05429ca22a1221b4c12a26881799b71b769633a366bccd17b0114acd29ac162f`
SHA3	`e2e59928a622a7543320d477ef40fed9784205f20846697c8936055ee1f94925`
VirtualSize	`0x2b018`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.15458`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x43000`
VirtualAddress	`0x36000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`35a8ed1c8c60a14826d9277e640dd37d`
SHA1	`86258b81cef37866795e183514a0dfe68a8624c2`
SHA256	`fb3d03039c8bc2e1e4943e261ab0f4f45796545db429d0e71b85a9da38e4b128`
SHA3	`812cd34ac4c243c099729221a7ded13ea747239d61e723559bc7ee23d49cf815`
VirtualSize	`0x8ab0`
VirtualAddress	`0x79000`
SizeOfRawData	`0x8c00`
PointerToRawData	`0x8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.59069`

Imports

ADVAPI32.dll	`RegCreateKeyExW` `RegEnumKeyW` `RegQueryValueExW` `RegSetValueExW` `RegCloseKey` `RegDeleteValueW` `RegDeleteKeyW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `SetFileSecurityW` `RegOpenKeyExW` `RegEnumValueW`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHFileOperationW` `SHBrowseForFolderW` `SHGetPathFromIDListW` `ShellExecuteExW` `SHGetFileInfoW`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateInstance` `IIDFromString` `CoTaskMemFree`
COMCTL32.dll	`#17` `ImageList_Create` `ImageList_Destroy` `ImageList_AddMasked`
USER32.dll	`GetClientRect` `EndPaint` `DrawTextW` `IsWindowEnabled` `DispatchMessageW` `wsprintfA` `CharNextA` `CharPrevW` `MessageBoxIndirectW` `GetDlgItemTextW` `SetDlgItemTextW` `GetSystemMetrics` `FillRect` `AppendMenuW` `TrackPopupMenu` `OpenClipboard` `SetClipboardData` `CloseClipboard` `IsWindowVisible` `CallWindowProcW` `GetMessagePos` `CheckDlgButton` `LoadCursorW` `SetCursor` `GetSysColor` `SetWindowPos` `GetWindowLongW` `PeekMessageW` `SetClassLongW` `GetSystemMenu` `EnableMenuItem` `GetWindowRect` `ScreenToClient` `EndDialog` `RegisterClassW` `SystemParametersInfoW` `CreateWindowExW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `FindWindowExW` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `EmptyClipboard` `CreatePopupMenu`
GDI32.dll	`SetBkMode` `SetBkColor` `GetDeviceCaps` `CreateFontIndirectW` `CreateBrushIndirect` `DeleteObject` `SetTextColor` `SelectObject`
KERNEL32.dll	`GetExitCodeProcess` `WaitForSingleObject` `GetModuleHandleA` `GetProcAddress` `GetSystemDirectoryW` `lstrcatW` `Sleep` `lstrcpyA` `WriteFile` `GetTempFileNameW` `CreateFileW` `lstrcmpiA` `RemoveDirectoryW` `CreateProcessW` `CreateDirectoryW` `GetLastError` `CreateThread` `GlobalLock` `GlobalUnlock` `GetDiskFreeSpaceW` `WideCharToMultiByte` `lstrcpynW` `lstrlenW` `SetErrorMode` `GetVersionExW` `GetCommandLineW` `GetTempPathW` `GetWindowsDirectoryW` `SetEnvironmentVariableW` `CopyFileW` `ExitProcess` `GetCurrentProcess` `GetModuleFileNameW` `GetFileSize` `GetTickCount` `MulDiv` `SetFileAttributesW` `GetFileAttributesW` `SetCurrentDirectoryW` `MoveFileW` `GetFullPathNameW` `GetShortPathNameW` `SearchPathW` `CompareFileTime` `SetFileTime` `CloseHandle` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalAlloc` `GetModuleHandleW` `LoadLibraryExW` `MoveFileExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `MultiByteToWideChar` `ReadFile` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39401`
MD5	`ae05cce7f17f6005b731f2b3da8bedf4`
SHA1	`96903f005ebebf8268fafb575d6fd9396ba74be4`
SHA256	`b45f1c52077a2e9eb9f558969d14292c4d691a913a5c642b06eeb6196091f28a`
SHA3	`1f2984df489102b0ed789dded5956ee5ebcff1ab3e0154c8aa31231e28a8313d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3901`
MD5	`d68360fd0e5e52c98796c0535a843723`
SHA1	`c190c5968497f5bae06435ad3896a00080897f11`
SHA256	`198613ec45d98ea75aa3bec038459441fb226b6e780d112d51f25c21844214ea`
SHA3	`d202c0388075b14b8aab6d89f7e4cf33df57c9f74006115c68ea9d59098d1de2`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40513`
MD5	`088abf72923f71ea055ab5b0721189fd`
SHA1	`8f6ef318f3c123ab81662078aff7dda3295f179b`
SHA256	`f630bc7aff45c2385faed402dd1160b29bbcd9686750a7ebc1d63889fff1ff4e`
SHA3	`8eda19acd06808a5706a6acfc11d4b055ea578df839b906f74c1d11e9d16d4c7`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.30362`
MD5	`52bfcdf40ed469805becd4091c35b695`
SHA1	`44f248bd2e7d998f044244824363874575d0a59d`
SHA256	`3e29299615e6517a11417a2191c4a05ce6e79a2fbccfd3be9f8cce8ead71521d`
SHA3	`7faa1d5c65a0b022f114d67f906436c1263040104b6c56e955bb25e00a764ee8`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.52183`
MD5	`6ffba239dcfcab2080195f23947b70aa`
SHA1	`bcda1ca8ee9bb9878bde83aa06c670bb5a4d5843`
SHA256	`a7e5ea849cb343e9b58de221aeb25c9dd4a3748070bfba879a30c4265fc39023`
SHA3	`a75544b4c3fcbcb32fe4e02d1a631e045b2e58516aa1065bb96cce681aea7030`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92767`
MD5	`1db3e4c32b9560257ddf3506fef9dd3f`
SHA1	`6666e0c8336456cfacec71d84415c6516e9e2673`
SHA256	`587a03198c39f990e77691056bb5705e21374281862ce06de94c68172f50f763`
SHA3	`30ca0affc3f1d2ef8b37f2103db7581caaf88548823fb3ae1d308fae9738dab4`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62308`
Detected Filetype	Icon file
MD5	`be3145d96584cd4583190932b5143d27`
SHA1	`efb1ceab001fa14ba11b4d2cea599b9c1d60d2de`
SHA256	`11d29dcaf0b5aa1cc1e9597b62ecd23b363ee8901ba4fe88764b8821cd4e55a0`
SHA3	`99338133c550d1b8233db5d747340cbe860f64c765f2b567e9b3b882457d5cfb`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x240`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2731`
MD5	`cdcb00a188d991cb5cf09b3cbc49c48d`
SHA1	`1cb1fd9c707efbaa882c274d26f532ace95f4c32`
SHA256	`1811022a60a943707eb9ff646052eaf6f2d9bf49ca1301fb365bc4974b3a42dd`
SHA3	`6abe78865ee21e8e5c782f0a2f5db539017871d4978ed0a212bb13abdfbe577e`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x423`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29652`
MD5	`b8a892a48614f0785e13d89f73286598`
SHA1	`652b3ceae6ee7b9bd71ab809e86d9123253bb7a1`
SHA256	`ad54570966156168778cfe52795fc43998a47766ee7079ac1a1e5c39e4cb8a22`
SHA3	`a26365869c4765315b04c3884d1005612305c774e32aa65318d42b82cbd4decf`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.0.0.2026
ProductVersion	1.0.0.2026
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Fast Corporation LTD
FileDescription	PC App Store Setup
LegalCopyright	Fast Corporation LTD
ProductName	PC App Store
ProductVersion (#2)	1.0.0.2026

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd26650e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`165`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[!] Error: Could not read a WIN_CERTIFICATE's data.
[*] Warning: Section .ndata has a size of 0!