Manalyze report for 7ff1405d9b522a87cc2eeb20d1ad557c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Apr-02 03:20:09
Detected languages	English - United States
Comments	Clownfish Voice Changer: The ultimate system wide voice changer for Windows
CompanyName	Shark Labs
FileDescription	Clownfish Voice Changer Setup
FileVersion	`1.20.0.0`
InternalName	Clownfish Voice Changer Setup
LegalCopyright	Shark Labs
LegalTrademarks	Clownfish is a freeware. Visit http://clownfish-translator.com/voicechanger/ for more details.
OriginalFilename	VoiceChanger64.exe
ProductName	Clownfish Voice Changer Setup
ProductVersion	`1.20.0.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: clownfish-translator.com http://clownfish-translator.com http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net translator.com`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Can access the registry: RegDeleteValueA RegOpenKeyExA RegDeleteKeyA RegEnumValueA RegCloseKey RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Changes object ACLs: SetFileSecurityA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: BOGDAN BLAGOEV SHARKOV` `Issuer: COMODO RSA Code Signing CA`
Safe	VirusTotal score: 0/71 (Scanned on 2020-05-19 13:09:31)	`All the AVs think this file is safe.`

Hashes

MD5	`7ff1405d9b522a87cc2eeb20d1ad557c`
SHA1	`f7b378fc520689e8099b8de8e1c2bfe22c72fcc3`
SHA256	`daacd03a80dcdaff9b6deb2501c445be0b07fc5c2202e8eb87cfe9d7dd5802a9`
SHA3	`3f56fb3cf39fb35eb9f39425a14a22967368f62baeccb97d91623a6e3be409c3`
SSDeep	`12288:kxLFkl2pjwgSWxKSjOSw4seRPhnut/n+P3Vcifoq4:kxLFNwETOSxZRPhWn+Pfon`
Imports Hash	`607dd75f08961cd12b1f6ac7fd260c59`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Apr-02 03:20:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5e00`
SizeOfInitializedData	`0x1d600`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x0000326C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3f000`
SizeOfHeaders	`0x400`
Checksum	`0xa623b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`51e2544a6971f687f7a1241f613014c1`
SHA1	`1dc9b7d6bb158fee5b9f3b28181b389987a1c350`
SHA256	`3f5f7b309092988af8c9e92567926a5e523cad3af0051c20bdf29aad00a33510`
SHA3	`ead501114661f03aac31abc76b71034653f300508cc4ce3d8a5490f65fbe4151`
VirtualSize	`0x5c74`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41039`

.rdata

MD5	`4c84e530bf8db37146334e6c487170bf`
SHA1	`076dcc532f1c101e21550e104a20a7f8e4c30781`
SHA256	`3575075347d3cfff06e9f5c296d8c71c30f2fbcc62228eef437e236010397471`
SHA3	`0eec1a1d948468a2f710745acc56943954e864ce6901ed769f2e04c3dbddd8ea`
VirtualSize	`0x1196`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.20374`

.data

MD5	`75d996f724e5e900c022f56b3df3ae1b`
SHA1	`7b247661a46a3527556a9637ece6c600bf6777ec`
SHA256	`4a63c7ca63538039a0213c12377fc6b0d36530bb0eecc9d4d24728c851334352`
SHA3	`9e187facab9fe47c274f1195debae1114b0f20015ddbfe91134d735bc745713a`
VirtualSize	`0x1b058`
VirtualAddress	`0x9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.13053`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x15000`
VirtualAddress	`0x25000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`04cee7b56838f2eac6fcc2cb092df8f9`
SHA1	`d4c340a513bad52f1b338204e334d592a8abd3dd`
SHA256	`a007547939a8aa4d8a95fb86ca31fe2925cf0b38f6c70f24faaf635c340e75e2`
SHA3	`b9954d7fee345753c0b931754595ae3390568cfe2cc8fc7714e00edb3fb68b54`
VirtualSize	`0x4f38`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.95756`

Imports

KERNEL32.dll	`GetTickCount` `GetShortPathNameA` `GetFullPathNameA` `MoveFileA` `SetCurrentDirectoryA` `GetFileAttributesA` `SetFileAttributesA` `CompareFileTime` `SearchPathA` `CreateFileA` `GetFileSize` `GetModuleFileNameA` `GetCurrentProcess` `CopyFileA` `ExitProcess` `GetWindowsDirectoryA` `Sleep` `lstrcmpiA` `lstrlenA` `GetVersion` `SetErrorMode` `lstrcpynA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `GetLastError` `CreateDirectoryA` `CreateProcessA` `RemoveDirectoryA` `GetTempFileNameA` `lstrcatA` `GetSystemDirectoryA` `WaitForSingleObject` `SetFileTime` `CloseHandle` `GlobalFree` `lstrcmpA` `ExpandEnvironmentStringsA` `GetExitCodeProcess` `GlobalAlloc` `GetCommandLineA` `GetTempPathA` `GetProcAddress` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `ReadFile` `FindClose` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `WriteFile` `MulDiv` `MultiByteToWideChar` `LoadLibraryExA` `GetModuleHandleA` `FreeLibrary`
USER32.dll	`SetCursor` `GetWindowRect` `EnableMenuItem` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `EndDialog` `ScreenToClient` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `SetForegroundWindow` `GetWindowLongA` `RegisterClassA` `TrackPopupMenu` `AppendMenuA` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `SystemParametersInfoA` `CreateWindowExA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `SetTimer` `PostQuitMessage` `SetWindowLongA` `SendMessageTimeoutA` `LoadImageA` `wsprintfA` `GetDlgItem` `FindWindowExA` `IsWindow` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `EndPaint` `CreateDialogParamA` `DestroyWindow` `ShowWindow` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `SHFileOperationA` `ShellExecuteA`
ADVAPI32.dll	`RegDeleteValueA` `SetFileSecurityA` `RegOpenKeyExA` `RegDeleteKeyA` `RegEnumValueA` `RegCloseKey` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `ImageList_Create` `#17`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoCreateInstance`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77815`
Detected Filetype	PNG graphic file
MD5	`dd0a4ef8c5f9a08ba6f153849d71b373`
SHA1	`0f17f8892c02dee7fc50627a07e711a71ea41ed7`
SHA256	`cc85d7c4e337ac957849cd38c73b38383bd3375fcbe2233a2a13647dad0127b9`
SHA3	`83f9cbdcd1f99991f768b4d122aa335ec14b99d2e1a11b897db7514b0b6cb3eb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`0d3a12fd3f68decc694da04b57e61d8c`
SHA1	`f73d4d591f6ef0b2b04fc90d2e840329f7590743`
SHA256	`ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76`
SHA3	`42ec79da319d9c0b1f8ee21fbb28002d15857d9af0c8a1f2db5e41f6c5e23c88`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`28f8d082df931688124f25f23c688904`
SHA1	`2f057655ecdd3ab25cfe985714e270786ce16cae`
SHA256	`4e7a8c59942ff527ff680aa88cc66bb8c8e7b6c02a018bc85ba36794e278670f`
SHA3	`99f004163a598b6df87372bd9b7d5e7704dbfdf7cfb3ec96da9e31c0275f7465`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a42b23f1c58701e073db2e9de0b27333`
SHA1	`f22232cbadff165ceb212527a6d77124312d0688`
SHA256	`e253c6a87bdd62e771c0ef1b9850dbc9523c51408ca282f994d3530dbbad9b11`
SHA3	`bc93a26ac3218cac12b89fa3242b509e44b087d2c22a54d9a47c63692dc8dc57`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7e1b34650fb04bc15a494a1d712cffee`
SHA1	`43e1808e4308baf093556946552f4fabc05278d8`
SHA256	`3731b0a75ab19d96b774da62d37eccacd517c6593af20aa66525dc0b951cdba9`
SHA3	`79a9c096a1a56ae4f98f1e8ad4c44fa5c08e5d98e745898df9031e3b3a13c46c`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`809457c05fe696f5d34ac5ac8768cdd4`
SHA1	`a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9`
SHA256	`1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be`
SHA3	`002d1b10f28d74c7572fc7c5b403eb32f2a0540c4958d7878ef67edfd17c8109`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70992`
MD5	`8787162f2e6ba74c06cadcf17b68f0c5`
SHA1	`7d83ee04bbcb75a6be4b1f3fff07120e694175cb`
SHA256	`a9915b533449c6415914dcb0688c8a67906bbf6391e466668723132a9f8f95fe`
SHA3	`1b37fd932eedb7c24be21d6f7265cb4c0d2f65a4183a2b9cd1739f3c3b6d7186`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92787`
MD5	`5dfa289639a3bcc0497da8db163f01fe`
SHA1	`6e2c6ea1e2594b66f563fb589276642c127e875f`
SHA256	`18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01`
SHA3	`85abdc8c431d91c72f3595a39881c96637ead09a0278d3cec0c1c9a8d873f031`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07209`
Detected Filetype	Icon file
MD5	`d3a65ec2ade2f8a942216f5ab70d4f9e`
SHA1	`22e7253abc2b58c99a6f64dc8fa015a1aeb2988b`
SHA256	`0bff4c425ada18501e67e2d9b477c1a3bd1d83efdf4d0517fc1eb6877b3fcafd`
SHA3	`832b99477b284b056352d9ea0a9274b9a3522fb76d1f2b0795b1edea22dbe878`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34506`
MD5	`e4e7f17174a8fa03bb7d421bb2418f82`
SHA1	`ee28abe50a4b4bf736f86cbba7abbc02a752a9f7`
SHA256	`e104d43cbec909ef55445f9fef96395565062b1889c82d98622df5290110589d`
SHA3	`b0cc5cefa547565bff89ed35e1aab23b02730ec29dff4116f62dd5110ee7c418`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3be`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21417`
MD5	`9c3b88e938f953ecc735c511d7a8facc`
SHA1	`0d23fc04046aa1fea468a9007ec9909c44667045`
SHA256	`5ab55ea1740dfd7dbd3104bc63e3c22f2c7ced0ac1b58e0be2535573d55f8402`
SHA3	`01bc560ae60a565dc11168c900acbebeb190eb4fb21a944fdb6623690dca1999`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.20.0.0
ProductVersion	1.20.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Clownfish Voice Changer: The ultimate system wide voice changer for Windows
CompanyName	Shark Labs
FileDescription	Clownfish Voice Changer Setup
FileVersion (#2)	1.20.0.0
InternalName	Clownfish Voice Changer Setup
LegalCopyright	Shark Labs
LegalTrademarks	Clownfish is a freeware. Visit http://clownfish-translator.com/voicechanger/ for more details.
OriginalFilename	VoiceChanger64.exe
ProductName	Clownfish Voice Changer Setup
ProductVersion (#2)	1.20.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd24651e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`152`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!