700cfdd36397c1d6e38ac1ffbeedb467

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Mar-24 08:31:19
Detected languages English - United States
Comments Please visit http://www.internetdownloadmanager.com
CompanyName Tonec Inc.
FileDescription Internet Download Manager installer
FileVersion 6, 42, 7, 1
InternalName installer
LegalCopyright © 1999-2024. Tonec FZE. All rights reserved.
LegalTrademarks Internet Download Manager (IDM)
OriginalFilename installer.exe
ProductName Internet Download Manager installer
ProductVersion 6, 42, 7, 1

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Microsoft Visual C++
Microsoft Visual C++ v6.0
Info Interesting strings found in the binary: Contains domain names:
  • http://www.internetdownloadmanager.com
  • internetdownloadmanager.com
  • www.internetdownloadmanager.com
Suspicious The PE is possibly packed. Section .text is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
 Can access the registry:
  • RegDeleteValueW
  • RegQueryValueExW
  • RegOpenKeyExA
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
Info The PE is digitally signed. Signer: Tonec Inc.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Safe VirusTotal score: 0/72 (Scanned on 2024-03-29 05:20:46) All the AVs think this file is safe.

Hashes

MD5 700cfdd36397c1d6e38ac1ffbeedb467
SHA1 82965d71c532144deface87ea05b65f873ff4b7b
SHA256 0030f7369113888430c728c3a2a6c7673c2305c5f5b1248a66e1f4fcb0802a6b
SHA3 1b231b37bf3336eed300432760e1e9081cc134397ef64fca9dbb67e523cb72eb
SSDeep 196608:zbM5pBFP9ZbIWAkfQYlY8smundWPN8HgrBUFaEbrmTf3NiVMZnW7IKcyD2pemtUj:CdP3bLAUlYlo/6h3mxiWZMcyKpVU1m6
Imports Hash 537bdcfbc92564b518f9e6a7cca8f970

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2024-Mar-24 08:31:19
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x3e00
SizeOfInitializedData 0x6800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00004336 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x5000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x400
Checksum 0xb90f11
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e34fc5be572b1d90e68a890c43975c33
SHA1 231d7aa2ce2fe8827a9d4190c708fc0d81a0d1a8
SHA256 a1f0aa70c1b178f9b998cbbfbb18ecde697fe89be2f40dcacc80e93fd740032b
SHA3 8212447bd3ca4c1bf4e0f4e8b53bb327d65ce0a46c1ad1f745a8bc233857320a
VirtualSize 0x3c54
VirtualAddress 0x1000
SizeOfRawData 0x3e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_LOCKED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.31322

.data

MD5 8e4edba87ef82aa8c4be3b8b828fc2e2
SHA1 9f8a3e389db05ed730cb1fdc6c37644c8d8081a4
SHA256 7008699b1a1109722d292fd867afcf5a1df5388b5cf91501233d4047c9a514a3
SHA3 8196565d91990d4d3eeac5278c74576f7a2738a99dcf296d75f4ef09eab52627
VirtualSize 0x1f70
VirtualAddress 0x5000
SizeOfRawData 0x1c00
PointerToRawData 0x4200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.75499

.rsrc

MD5 2962ba57223aeec0f7344f564ba0b01a
SHA1 93588f9ea86ed87c99e84f85ea55edc0269765a6
SHA256 53876dbd4d43df40382a7639c1f8662c5236d9210e2bf9102ac6fc76a9d8f6a5
SHA3 f9e2d3c23a22d7c0c6fa15139de908f8b87e898a7e335a62e45453883cc65277
VirtualSize 0x4778
VirtualAddress 0x7000
SizeOfRawData 0x4800
PointerToRawData 0x5e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.50962

Imports

MSVCRT.dll _controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_wsplitpath
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
free
calloc
memcpy
_except_handler3
memchr
memcmp
_itoa
strlen
??2@YAPAXI@Z
??3@YAXPAX@Z
wcsstr
strstr
wcschr
wcslen
wcscat
memset
wcsncpy
__CxxFrameHandler
wcscpy
KERNEL32.dll GetStartupInfoA
GetFileSize
CreateFileMappingA
GetFileTime
SetFileTime
MapViewOfFile
ExitThread
UnmapViewOfFile
FormatMessageA
CreateFileW
SetFilePointer
WriteFile
lstrlenA
LocalFree
GetCurrentProcess
WaitForSingleObject
GetExitCodeThread
GetModuleFileNameW
CreateProcessW
CloseHandle
CreateMutexA
ExitProcess
GetVersionExA
GetTempPathW
GetFileAttributesW
CreateDirectoryW
CreateThread
LoadLibraryA
FreeLibrary
GetDiskFreeSpaceW
GetProcAddress
GetModuleHandleA
GetLastError
USER32.dll SetForegroundWindow
ShowWindow
FindWindowA
wsprintfA
DestroyWindow
MessageBoxA
SetWindowTextA
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfW
PostQuitMessage
CreateDialogParamA
ADVAPI32.dll RegDeleteValueW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
SHELL32.dll SHGetPathFromIDListW
SHBrowseForFolderW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.16329
MD5 22b5208fd33f39a96113c64c24afa79c
SHA1 7a70793e4dc3cb7388c49546a28dfb7c100034f7
SHA256 de3d46f63bbf78a5938201e061449420519986a2584e13a4798934b6d3a2c103
SHA3 77da5491d253c72caeb9f06f5e16ee7684a6a8bd7a7cee7316caa04f21e16655

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.43807
MD5 9f19adff526a8a458885da518c7080b9
SHA1 126cc8b1938d16a5d79377dc74955a0b0482b10f
SHA256 63981971f0288b4d232f5c8cef1b9c474ae0093bd17226b332ef471bc3c74351
SHA3 c6b4f3f6c95c0d3de2f6cace27b51ece62eeef0cc6264645f85451e90428b3cf

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.32162
MD5 059f3ab932a58897ce5e72af6116b4fd
SHA1 bdb0eaa963f642e73ce0612dd59925a6d7d73845
SHA256 3203ade86fd3a5e5feef75c8ee56ea07fa702e2fe0b4d1abce092ce8b9b3e43b
SHA3 e5038565954558940ff93765c2693a39798e44f0a0231609ebd8e6f83ec6d44d

101

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0xa0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.13793
MD5 8bb3080147c34da10752ca396de8d83a
SHA1 ab24bdc19f1293468dd2130e25071f8a2118cd1c
SHA256 d4216c06cf9b0c4588f238eae89f7b7c733ab9fb048b0f7e437ef0defedb50b0
SHA3 85d4544e56617c49ac8f326c2defda2a4ae5b5c47c8f86513d60eadf397f120c

102

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.45849
Detected Filetype Icon file
MD5 409e1724611e0bc39356e2f58888db55
SHA1 c06c0e66cc2f7956256e2f018aa0294bfa914960
SHA256 6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210
SHA3 315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x480
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.4479
MD5 d33d66153d6eb6cac58edf444b93337c
SHA1 125ffba71da96d6ad3fb4de24c3f3841815b7461
SHA256 9b558106bb336ce1753eafefe32dc991b20a11db63d01a53ffaa43a0c7f64964
SHA3 a5696bcf8ff042840383a130b3ae635dcc9bb2f9dbd944a715189fc84ce0fb3c

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x589
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.29447
MD5 f61526c6a9b5a35012be7e3dd8f97503
SHA1 ce128a83cb0d87af3ca5b194e1c678ac6f783bd2
SHA256 a61e45d37f2228caf68fd14129c7542fa1396a12c01af5f7e3ad224bab3450c3
SHA3 8b4375c0449c3611ec028b4db14104cb0c7abb00c3e2c04a2851238901b3ed4e

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.42.7.1
ProductVersion 6.42.7.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments Please visit http://www.internetdownloadmanager.com
CompanyName Tonec Inc.
FileDescription Internet Download Manager installer
FileVersion (#2) 6, 42, 7, 1
InternalName installer
LegalCopyright © 1999-2024. Tonec FZE. All rights reserved.
LegalTrademarks Internet Download Manager (IDM)
OriginalFilename installer.exe
ProductName Internet Download Manager installer
ProductVersion (#2) 6, 42, 7, 1
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x14221cb
Unmarked objects 0
19 (8034) 8
14 (7299) 2
C objects (8047) 11
Linker (8047) 3
Total imports 87
C++ objects (VC++ 6.0 SP5 build 8804) 2
C objects (VC++ 6.0 SP5 build 8804) 9
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

<-- -->