Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
1992-Jun-19 22:22:17
|
Detected languages |
English - United States
|
Comments |
This installation was built with Inno Setup.
|
CompanyName |
SysTools Software Private Limited.
|
FileDescription |
SysTools Access Password Recovery Tool Setup
|
FileVersion |
5.2
|
LegalCopyright |
© 2016 SysTools Software Private Limited.
|
ProductName |
SysTools Access Password Recovery
|
ProductVersion |
5.2
|
Malicious |
The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Can access the registry:
- RegQueryValueExA
- RegOpenKeyExA
- RegCloseKey
Possibly launches other programs:
Memory manipulation functions often used by packers:
- VirtualAlloc
- VirtualProtect
Functions related to the privilege level:
- OpenProcessToken
- AdjustTokenPrivileges
Can shut the system down or lock the screen:
|
Info |
The PE is digitally signed. |
Signer: SysTools Inc
Issuer: DigiCert EV Code Signing CA (SHA2)
|
Suspicious |
VirusTotal score: 1/38 (Scanned on 2022-06-17 00:45:21) |
APEX:
Malicious
|
MD5 |
7e6992cfb453a553f0954be391110ea0
|
SHA1 |
db6b276cf8602dc982db07209a1a5591ebfb2600
|
SHA256 |
b902ab10c143ecdca8a352f8f24a90d547b0a554b6760af2dce61c8f2f961946
|
SHA3 |
c11401702ff135253802d74ba184608046929b01a8d8901ca8cce6b6a6d15f51
|
SSDeep |
6144:6/na4kCoIarQM6OC5XmWuCaU4b1D0kfHkdzlMNWK75iqvJvckkygiaWxA2qipIQf:Cna9lIEQM9VWBX4pD0cHk/MYK75iqvl1
|
Imports Hash |
4fb639b17a439bf0efa713bd4c6e715b
|
e_magic |
MZ
|
e_cblp |
0x50
|
e_cp |
0x2
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0xf
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0x1a
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x100
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
8
|
TimeDateStamp |
1992-Jun-19 22:22:17
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
2.0
|
SizeOfCode |
0x9400
|
SizeOfInitializedData |
0x3800
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x00009C40 (Section: CODE)
|
BaseOfCode |
0x1000
|
BaseOfData |
0xb000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
1.0
|
ImageVersion |
6.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x14000
|
SizeOfHeaders |
0x400
|
Checksum |
0x64cc7
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x4000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
0d7ac17dafcd52a9b3ea353c32256c1d
|
SHA1 |
110175bfa6f09a21b5d185101b44af9027df5f69
|
SHA256 |
ff523a52cbb5921c66593bd77e964b697cc2d5295030ddba0fbe7c0c964f5f0e
|
SHA3 |
822ac75a1622fada7c5b454563815abf425be1847aab4d8cad3b33bd618a3402
|
VirtualSize |
0x9364
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x9400
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.56223
|
MD5 |
e8f82382eefca31b62f6a8c8a52ff421
|
SHA1 |
fd8679cc636fa7a085e0d3d3d7d9428e56264902
|
SHA256 |
38bb1f54de5eba80f167a0b06fb80f1d1904bd6aacc97588cf108e858785c862
|
SHA3 |
e0ec98d1f8f43f12fab9589b941d274c7781009c7cb7f7a6b227bc1d65435190
|
VirtualSize |
0x24c
|
VirtualAddress |
0xb000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x9800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
2.75348
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0xe4c
|
VirtualAddress |
0xc000
|
SizeOfRawData |
0
|
PointerToRawData |
0x9c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
bb5485bf968b970e5ea81292af2acdba
|
SHA1 |
40a39d9e8c8cecd5356ab96745d82d2ebfe17cfb
|
SHA256 |
d9ea6e80cc1edfdffa8d534a8c61448b19b74d683845b94ad6d9a543e5ceb8cf
|
SHA3 |
09274dc071547ce3dc33528de99c9ad5a9eb119600e5a61b3127f74cde6dcfbf
|
VirtualSize |
0x950
|
VirtualAddress |
0xd000
|
SizeOfRawData |
0xa00
|
PointerToRawData |
0x9c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.43073
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x8
|
VirtualAddress |
0xe000
|
SizeOfRawData |
0
|
PointerToRawData |
0xa600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
9ba824905bf9c7922b6fc87a38b74366
|
SHA1 |
f43ee83e6afa1c343ff6db68e13efde43471cbb6
|
SHA256 |
ad44157821ba24c07dd44f66940dd75adee9d6919a0577c5a75aa502637dddaa
|
SHA3 |
370eba5499bce03a18d462f5b9e6ee4598126f2a2243cc5fa1590c7c7245c5d7
|
VirtualSize |
0x18
|
VirtualAddress |
0xf000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0xa600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
|
Entropy |
0.204488
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x8b4
|
VirtualAddress |
0x10000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
|
MD5 |
bc9492cb7ea82c09c06631f8187e53bb
|
SHA1 |
e6d0e9371934f55987d15f26e706ecefffbda090
|
SHA256 |
c7023b0315123989cec9ca0e4511c2085c0f6dbbd5eba20b5723fe3f2ef8edf3
|
SHA3 |
9ac26fa1f6001cba98e64939a6f27fcadb10b07856a159e3e37d26b7c9a4bac2
|
VirtualSize |
0x2608
|
VirtualAddress |
0x11000
|
SizeOfRawData |
0x2800
|
PointerToRawData |
0xa800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
|
Entropy |
4.81316
|
kernel32.dll |
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
|
user32.dll |
MessageBoxA
|
oleaut32.dll |
VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen
|
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
|
kernel32.dll (#2) |
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
|
user32.dll (#2) |
MessageBoxA
|
comctl32.dll |
InitCommonControls
|
advapi32.dll (#2) |
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x8a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.58201
|
MD5 |
e2416484c7041d9a4b31f5ba118156f4
|
SHA1 |
6d00fa2f0ade6967edd7046373611c06c80b6a1d
|
SHA256 |
579bbf63c2ccb63df934bad95e34ad0ff488ba9b989e11f525e01373c04c471c
|
SHA3 |
3d101d7bf80f7b27bfcc7b53b4ab3d2c3287d029022b7505c5457b3661485a55
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x568
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.30538
|
MD5 |
e628570d0884b3a3994196c76cbcb322
|
SHA1 |
1c0ee935f3442386382b22a3ed924e59eebdb837
|
SHA256 |
d16b6bd424f60c530c0b44b353b935cc60e598f083d2a9a2aceb47fd3854706d
|
SHA3 |
b8c4b49a27fd623b4f4c9eb846e574668970cd0ae618f5d971c0ea27e22bc155
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x2f2
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.21823
|
MD5 |
bbf4b644f9dd284b35eb31573d0df2f7
|
SHA1 |
4f9885ae629e83464e313af5254ef86f01accd0b
|
SHA256 |
2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f
|
SHA3 |
ebed2e4a929600c1460761d462143feb092840986b31c9748d3aeb8174d4205e
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x30c
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.31515
|
MD5 |
ac2a0551cb90f91d779ee8622682dfb1
|
SHA1 |
ff0db7d2f48d85ceb3539b21ebe9d0ca3443f1da
|
SHA256 |
840989e0a92f2746ae60b8e3efc1a39bcca17e82df3634c1643d76141fc75bb3
|
SHA3 |
58a85f5c53df73aa79e5f5a36aa151ca0d9da4d450ebc2975a3ee827b46342a5
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x2ce
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.25024
|
MD5 |
c99b474c52df3049dfb38b5308f2827d
|
SHA1 |
7375e693629ce6bbd1a0419621d094bcd2c67bb7
|
SHA256 |
26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78
|
SHA3 |
c6013febd14dd876e3b81111ec17dd2724dbf4147b0ad7be9d03259bcb59fef3
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x68
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
2.86149
|
MD5 |
aec4e28ea9db1361160cde225d158108
|
SHA1 |
249013a10cde021c713ba2dc8912f9e05be35735
|
SHA256 |
d786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c
|
SHA3 |
a067c4d88d719ed8d568951acb776bd798b691a8b153f8d94ba0574ede1fbf4c
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0xb4
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.20731
|
MD5 |
c76a8843204c0572bca24ada35abe8c7
|
SHA1 |
066052030d0a32310da8cb5a51d0590960a65f32
|
SHA256 |
00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd
|
SHA3 |
07523cf88b3803ea41acfeb3c9c0c4b5b4b9fb6f9a3232802491d8de1b6c9166
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0xae
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.04592
|
MD5 |
4bd4f3f6d918ba49d8800ad83d277a86
|
SHA1 |
1f5e4c73965fea1d1f729efbe7568dcd081a2168
|
SHA256 |
34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3
|
SHA3 |
2d01c56a5bf0b390addf4fb5b6ae02f9a64bd03ffd300d3763615bbb8ec911fe
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x2c
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.44105
|
MD5 |
571f95065eccbe667944b8b41d5ef4d2
|
SHA1 |
692a836891563bc200d483c59300ef3c3ec38bdc
|
SHA256 |
b8c1aff57913b1b461d854fb0f8ef0f1f9ece4c344d9c79c9928ccac80d02d22
|
SHA3 |
dcbf9d44005dd0cc336d0b63f97ae9eb82b844a872a25e36749969acddd68a2a
|
Type |
RT_GROUP_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x22
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
2.32824
|
Detected Filetype |
Icon file
|
MD5 |
62d6b1d51e9721a781148fb63c1970c6
|
SHA1 |
0491f06e0b5fe9241d44138303ece1776840fd6d
|
SHA256 |
1d47c7bd2cc20089bc0387c8e7ac0a1680e9b4dc81dbde998c3c5c8e6c7d69aa
|
SHA3 |
9f1474d08ea9f8bc44f2b127a2a96dbaaed16872128ddd81afe07b2b3756d3bd
|
Type |
RT_VERSION
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x4b8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.04034
|
MD5 |
6e043283049f453d3abae375c50c295c
|
SHA1 |
793a02a5ca55bae06e2120d9745cc2751a622a22
|
SHA256 |
bb0c0914e5c97e3ce769efeabf748db9a7503116d48baf5107c4957d79909928
|
SHA3 |
4d7658b2826abadeb8584e42a91440523c199b5e4e1c5191139a84c65b6f71e5
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x560
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.05007
|
MD5 |
8d7accca43bc3864983dbbb9af490005
|
SHA1 |
07ae72350bcbfedb5015a78efd74fcfd3bab11ac
|
SHA256 |
ec233469005d39f4f2673be991a0415318631a59c5976c35d4dd22db45226fd0
|
SHA3 |
d340127cbdd815e5c2dd4b44e8755c28512ad5e969b757cfcec6612b00e9d186
|
'%s' is not a valid integer value |
'%s' is not a valid floating point value |
'%s' is not a valid date |
'%s' is not a valid time |
'%s' is not a valid date and time |
Invalid argument to time encode |
Invalid argument to date encode |
Out of memory |
I/O error %d |
File not found |
Invalid filename |
Too many open files |
File access denied |
Read beyond end of file |
Disk full |
Invalid numeric input |
Division by zero |
Range check error |
Integer overflow |
Invalid floating point operation |
Floating point division by zero |
Floating point overflow |
Floating point underflow |
Invalid pointer operation |
Invalid class typecast |
Access violation at address %p. %s of address %p |
Stack overflow |
Control-C hit |
Privileged instruction |
Operation aborted |
Exception %s in module %s at %p. |
%s%s |
Application Error |
Format '%s' invalid or incompatible with argument |
No argument for format '%s' |
Invalid variant type conversion |
Invalid variant operation |
Variant method calls not supported |
Read |
Write |
Format result longer than 4096 characters |
Format string too long |
Error creating variant array |
Variant is not an array |
Variant array index out of bounds |
External exception %x |
Jan |
Feb |
Mar |
Apr |
May |
Jun |
Jul |
Aug |
Sep |
Oct |
Nov |
Dec |
January |
February |
March |
April |
May |
June |
July |
August |
September |
October |
November |
December |
Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
Sunday |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
Saturday |
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
5.2.0.0
|
ProductVersion |
5.2.0.0
|
FileFlags |
(EMPTY)
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language |
UNKNOWN
|
Comments |
This installation was built with Inno Setup.
|
CompanyName |
SysTools Software Private Limited.
|
FileDescription |
SysTools Access Password Recovery Tool Setup
|
FileVersion (#2) |
5.2
|
LegalCopyright |
© 2016 SysTools Software Private Limited.
|
ProductName |
SysTools Access Password Recovery
|
ProductVersion (#2) |
5.2
|
Resource LangID |
English - United States
|
StartAddressOfRawData |
0x40e000
|
EndAddressOfRawData |
0x40e008
|
AddressOfIndex |
0x40c3d0
|
AddressOfCallbacks |
0x40f010
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
(EMPTY)
|
[*] Warning: directory 5 has a size of 0! This PE may have been manually crafted!
[!] Error: Could not reach the requested directory (offset=0x0).
[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .reloc has a size of 0!