Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Nov-01 09:22:02 |
Detected languages |
English - United States
|
Debug artifacts |
O:\CPPwrapper_VS2010\Release_RS\optimizerpro_silent.pdb
|
CompanyName | PC Utilities Software Limited |
FileDescription | Keep your PC drivers up to date |
FileVersion | 3.2.0.2 |
InternalName | Driver Pro |
LegalCopyright | PC Utilities Software Limited |
OriginalFilename | Driver Pro |
ProductName | Driver Pro v3.2 |
ProductVersion | 3.2.0.2 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | PEiD Signature: | UPolyX V0.1 -> Delikon |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA1 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. |
Resource IDB_BIN_INSTALL detected as a PE Executable.
Resources amount for 96.3317% of the executable. |
Info | The PE is digitally signed. |
Signer: PC Utilities Software Limited
Issuer: COMODO RSA Code Signing CA |
Malicious | VirusTotal score: 31/57 (Scanned on 2016-11-04 04:50:07) |
Bkav:
W32.HfsAdware.59EA
CAT-QuickHeal: PUA.Driverpro.PR8 McAfee: Artemis!3107C28DA15C Malwarebytes: PUP.Optional.DriverPro VIPRE: OptimizerPro (fs) (not malicious) K7GW: Adware ( 004b203a1 ) K7AntiVirus: Adware ( 004b203a1 ) Baidu: Win32.Adware.SpeedingUpMyPC.a Symantec: SMG.Heur!gen Avast: Win32:Adware-CJK [PUP] Kaspersky: not-a-virus:HEUR:RiskTool.Win32.Generic NANO-Antivirus: Riskware.Win32.OptimizerPro.dtleju AegisLab: Win.Troj.Optimizerpro.mfLp Rising: Malware.Generic!cjJGP5m65YM@4 (thunder) Comodo: Application.Win32.Optimizero.K DrWeb: Trojan.PWS.Tibia.2591 Zillya: Trojan.GenericCRTD.Win32.196 Invincea: virus.win32.parite.b Jiangmin: Adware.BProtector.h Avira: PUA/OptimizerPro.RE Antiy-AVL: RiskWare[RiskTool:not-a-virus]/Win32.OptimizerPro AhnLab-V3: PUP/Win32.Optimizer.R116134 AVware: OptimizerPro (fs) ESET-NOD32: Win32/Adware.SpeedingUpMyPC.Q Yandex: Riskware.OptimizerPro! Ikarus: PUA.SpeedingUpMyPC GData: Win32.Application.OptimizerPro.L AVG: Generic.77D Panda: Trj/Genetic.gen CrowdStrike: malicious_confidence_100% (D) Qihoo-360: HEUR/QVM41.1.0000.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2016-Nov-01 09:22:02 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x14600 |
SizeOfInitializedData | 0x366800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00006869 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x16000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x380000 |
SizeOfHeaders | 0x400 |
Checksum | 0x381b68 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetExitCodeProcess
GetModuleFileNameW SizeofResource LockResource CloseHandle WaitForSingleObject CreateProcessW LoadResource GetTempPathW FindResourceA SetEndOfFile CreateFileW WriteConsoleW SetStdHandle InterlockedIncrement InterlockedDecrement EncodePointer DecodePointer Sleep InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection GetLastError HeapFree GetCommandLineW HeapSetInformation GetStartupInfoW RaiseException RtlUnwind HeapAlloc WideCharToMultiByte LCMapStringW MultiByteToWideChar GetCPInfo TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent SetHandleCount GetStdHandle InitializeCriticalSectionAndSpinCount GetFileType IsProcessorFeaturePresent HeapCreate GetProcAddress GetModuleHandleW ExitProcess ReadFile SetFilePointer WriteFile GetConsoleCP GetConsoleMode FlushFileBuffers FreeEnvironmentStringsW GetEnvironmentStringsW TlsAlloc TlsGetValue TlsSetValue TlsFree SetLastError GetCurrentThreadId QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime GetLocaleInfoW HeapSize GetACP GetOEMCP IsValidCodePage GetUserDefaultLCID GetLocaleInfoA EnumSystemLocalesA IsValidLocale GetStringTypeW HeapReAlloc LoadLibraryW GetProcessHeap |
---|---|
ADVAPI32.dll |
RegCloseKey
RegFlushKey RegCreateKeyExW RegSetValueExW |
ole32.dll |
CoUninitialize
CoInitialize |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 3.2.0.2 |
ProductVersion | 3.2.0.2 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | PC Utilities Software Limited |
FileDescription | Keep your PC drivers up to date |
FileVersion (#2) | 3.2.0.2 |
InternalName | Driver Pro |
LegalCopyright | PC Utilities Software Limited |
OriginalFilename | Driver Pro |
ProductName | Driver Pro v3.2 |
ProductVersion (#2) | 3.2.0.2 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2016-Nov-01 09:22:02 |
Version | 0.0 |
SizeofData | 80 |
AddressOfRawData | 0x19280 |
PointerToRawData | 0x17c80 |
Referenced File | O:\CPPwrapper_VS2010\Release_RS\optimizerpro_silent.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x41c490 |
SEHandlerTable | 0x419b80 |
SEHandlerCount | 27 |
XOR Key | 0xb8e6ed41 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2010 build 30319) | 16 |
C++ objects (VS2010 build 30319) | 53 |
C objects (VS2010 build 30319) | 126 |
Imports (VS2008 SP1 build 30729) | 9 |
Total imports | 94 |
175 (VS2010 build 30319) | 2 |
Resource objects (VS2010 build 30319) | 1 |
Linker (VS2010 build 30319) | 1 |