8ae74fe676cf429de0233dea70a93634

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Sep-17 05:33:38
Detected languages English - United States
Debug artifacts C:\agent\_work\66\s\build\ship\x86\burn.pdb
CompanyName Open Media LLC
FileDescription 4K Video Downloader+
FileVersion 1.3.0.38
InternalName setup
LegalCopyright Copyright (c) Open Media LLC. All rights reserved.
OriginalFilename 4kvideodownloaderplus_1.3.0_x64_online.exe
ProductName 4K Video Downloader+
ProductVersion 1.3.0.38

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
 References the BITS service
Contains domain names:
  • appsyndication.org
  • cacerts.digicert.com
  • crl.sectigo.com
  • crl.usertrust.com
  • crl3.digicert.com
  • crl4.digicert.com
  • crt.sectigo.com
  • crt.usertrust.com
  • digicert.com
  • http://appsyndication.org
  • http://cacerts.digicert.com
  • http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
  • http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
  • http://crl.sectigo.com
  • http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
  • http://crl.usertrust.com
  • http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
  • http://crl3.digicert.com
  • http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
  • http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
  • http://crl4.digicert.com
  • http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
  • http://crt.sectigo.com
  • http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
  • http://crt.usertrust.com
  • http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
  • http://ocsp.digicert.com0
  • http://ocsp.digicert.com0A
  • http://ocsp.digicert.com0\
  • http://ocsp.sectigo.com0
  • http://ocsp.usertrust.com0
  • http://www.digicert.com
  • http://www.digicert.com/CPS0
  • https://sectigo.com
  • sectigo.com
  • usertrust.com
  • www.digicert.com
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .wixburn
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryExW
  • LoadLibraryExA
 Can access the registry:
  • RegCloseKey
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegDeleteValueW
  • RegSetValueExW
  • RegQueryInfoKeyW
  • RegEnumValueW
  • RegEnumKeyExW
  • RegDeleteKeyW
  • RegCreateKeyExW
 Possibly launches other programs:
  • CreateProcessW
 Uses Microsoft's cryptographic API:
  • CryptDestroyHash
  • CryptHashData
  • CryptCreateHash
  • CryptGetHashParam
  • CryptReleaseContext
  • CryptAcquireContextW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
  • CreateFileA
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
  • CheckTokenMembership
 Interacts with services:
  • ChangeServiceConfigW
  • ControlService
  • OpenSCManagerW
  • OpenServiceW
  • QueryServiceStatus
  • QueryServiceConfigW
 Manipulates other processes:
  • OpenProcess
 Changes object ACLs:
  • SetNamedSecurityInfoW
 Can shut the system down or lock the screen:
  • InitiateSystemShutdownExW
Info The PE is digitally signed. Signer: Open Media LLC
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1

Hashes

MD5 8ae74fe676cf429de0233dea70a93634
SHA1 97217d4ec84fc325598481182d4ffbb6aab49d4b
SHA256 61b74757886c050cffb49d1fb087be299ead442fd0407b2b5b8c91225072d22e
SHA3 2f6f5c8837fa06bcb766e230f9a7ba23816ce1bc6a575a6023e561a0a75c3aab
SSDeep 24576:wNsfiTdYSuVzZH9tH1v1O3W3ZtxEVFxi1ABiu1:ET2pZ1O3WpHEV311
Imports Hash b1ce55e7058b68e65129931cb91d6667

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2019-Sep-17 05:33:38
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x49000
SizeOfInitializedData 0x7bc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0002DF71 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4a000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0xc9000
SizeOfHeaders 0x400
Checksum 0xf63f5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c66f549d5fc7d10a5f63350701c6b3f9
SHA1 de32335bc79b639efba0b1dfaa7c22a50275edc3
SHA256 42eb0252dc577d4d4812813d5c6fcc8fc36e35ff34f37eab9be6aa97c83ea6a2
SHA3 cdf0d408bd27527b68653ab24dd557b174a96b18868ce4f29f378a3b5515526d
VirtualSize 0x48ff7
VirtualAddress 0x1000
SizeOfRawData 0x49000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.57206

.rdata

MD5 5a2f02dbbbda51cfac50fb52cea6d11b
SHA1 63565726d080fd7c14550f55dff4c72d84d44624
SHA256 d9a0545612f8a37fac5bc27fea47409c0dae7eed7c1125001cbb6522b440ce06
SHA3 8a5e69dfc740352f6e31c705c007cd2897d2d5024db16e91c15d23684e729e04
VirtualSize 0x1f760
VirtualAddress 0x4a000
SizeOfRawData 0x1f800
PointerToRawData 0x49400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.13752

.data

MD5 8fe8ba25b04a7beb04c2ab2d5e9ea736
SHA1 a4790eeb8451301390d01bb6652e32b5bfbdb845
SHA256 27f9065f88d460dbd90e6405fdff2c4420f3ae533433ca0c8c0b485c386cad3f
SHA3 2eee2a21641d785d4ee6ea117764cbd16efe3c13a1024465bc382b37de2e5cce
VirtualSize 0x16fc
VirtualAddress 0x6a000
SizeOfRawData 0xa00
PointerToRawData 0x68c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.15516

.wixburn

MD5 3c2ad020e17ddb997a402262c5f03b98
SHA1 cc2ff9cf4ee36a1d84275e7868545d85ac674ce4
SHA256 ecfe356bcd8b807adac12eb371d6d1055b23b8cebb9959902aa13453b9c6681f
SHA3 69670c6eeabb2caa6eaf8435a07c21e54d0d8da56cbf0d18a9c70798af410050
VirtualSize 0x38
VirtualAddress 0x6c000
SizeOfRawData 0x200
PointerToRawData 0x69600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.711068

.rsrc

MD5 969fd55753675c68608a1c82f837cf0d
SHA1 e1a07668bef1293589be118c05a83ae8a186c0f6
SHA256 769ca317a43c6c74724faf7a9688c6526ec0a10ca5fba052d91aed594dd3bd84
SHA3 841c0f6b3bef857c580311e32caf143add0834a6ffc316626c781a861b247caf
VirtualSize 0x578ac
VirtualAddress 0x6d000
SizeOfRawData 0x57a00
PointerToRawData 0x69800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.35614

.reloc

MD5 7cc10e0060080262550138057fd6b87d
SHA1 2353dc215ea026e12a356a521e068590ec8c05f6
SHA256 1cc8e1b211101590dfd7eeae662a0eec8d3bec12defe13f81b4cd540291bad8a
SHA3 cb77bedd87064e0382a625fe7beb5998a852dd04882a50962fca9c04d245cb8e
VirtualSize 0x3dd0
VirtualAddress 0xc5000
SizeOfRawData 0x3e00
PointerToRawData 0xc1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.78827

Imports

ADVAPI32.dll RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW
USER32.dll PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
OLEAUT32.dll VariantInit
SysAllocString
VariantClear
SysFreeString
GDI32.dll DeleteDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
SHELL32.dll CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
ole32.dll CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CoInitializeSecurity
KERNEL32.dll GetCPInfo
GetOEMCP
IsValidCodePage
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineA
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetCommandLineW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
GetComputerNameW
SetCurrentDirectoryW
GetFileType
GetACP
ExitProcess
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
LoadLibraryExA
RPCRT4.dll UuidCreate
Cabinet.dll (delay-loaded) #22
#23
#20

Delayed Imports

Attributes 0x1
Name Cabinet.dll
ModuleHandle 0x6b594
DelayImportAddressTable 0x6a944
DelayImportNameTable 0x67d40
BoundDelayImportTable 0x67fec
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.34853
MD5 e154f43c6f3392829aff59f66f3b030e
SHA1 a6448e4ce0d001eaf9627e00f17ce83dd153020d
SHA256 27315b232f66ddb941367a404a2c86631f168464f4a7cbd5c38581bc1c4159df
SHA3 7e83327870f8a74e2d50fd492c5586b1cab477ebf8db061c9925518171423bb2

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x6b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25404
MD5 3e47af51b25a613ee74e9675627906b2
SHA1 737a7964375440d3e9c9cf7ee598f9976cfa0c6f
SHA256 4a1be12845c4989dbc43e0789d2664a8c31d10e8fd25146413930cc9d560947b
SHA3 ffc53ea52dce4125850ed7c3d939b6dba189569c35712eea295acc25da85aa26

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.20991
MD5 3f338261873d3df1c51a38447618332f
SHA1 2deea9c68c36dd918d8c4bf6358cceec5c3d73ef
SHA256 e767b72c780924310c761cbcdeb4e7cdfc20bf51d542a9756fbe02133f2dc481
SHA3 fd02d196a3956731e4948d50cf94880aa961fa0c352ef50ba4383b3543ee02b9

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x1588
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.391
MD5 402ab2cd3c0e6cccba8c94584591db63
SHA1 1b5ef3908935929bbf882c46d136b0b7e49282ae
SHA256 fea6b569a566ae8f60966c9444cc2b199ea40100b0e7538d943e58f6ebc9dcd2
SHA3 fb1b75e6764e8165e19cef11978aff9b122e0d4f216cc3f9be15c197d5a906ee

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x1a68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.0362
MD5 137d401a41886fe70bce4565b9da9ccf
SHA1 bdfd4492bc4bd907f28deedf8f99191075c8edea
SHA256 49a3011f0b145fcb3b7c4f3865b9e9f4956e2a6c3a41a2e92b0dab15497c28d0
SHA3 d5bb7a17010d1be51a460fbe12287a6ee3c14f9c3ce656cadf1c62ca20fd7592

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.1494
MD5 532fc804bd85f1bbb45fc9c328af5018
SHA1 68a5be994e369737456d9c4dd5f53be521930c1c
SHA256 24e84920977b7fb3a0ce0597ddb041ade7d1fa0ba266766018064ba5144f9a2e
SHA3 74892997531e3b0833061be161d73fd1c6ad18d2b6b20d8c90d91c68c35f65f0

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x3a48
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04265
MD5 a0ff32a9b164e057c2d7efb8b10f015c
SHA1 79d3c21f729265e4dd97ab46b099b3794c5af2d6
SHA256 6244691d17cb549b7cbffbc92e4c68a95e5e87e0b9d864b0d4a58b70205b802a
SHA3 f981750c67ea71b40aa069493daa61219e3170d2f31310409eb79d6cb74adbba

8

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x5488
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.96293
MD5 9ad8dc4952df577038bc721806cdf485
SHA1 909cdadf72a077ea271284c05a2392b5a96c0ba2
SHA256 b0163ec572f6ff45aabe176dc8972cddfbf9ec7b7bcce1b7d87bfe12d1dc3039
SHA3 52ddb6bad56a589d3586ddf6eda503fc80b06f82f0219b9c9e5cb078b5079e88

9

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x67e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.95546
MD5 13217869c503fd5a57c5d26085b46dc6
SHA1 017a9c18c53b9c12b19be77fa01a31d48a6af835
SHA256 956ed4247ebaa604b8968c2172964ad0eddb5cdb06ab34392640ee7c783c2c27
SHA3 5ea9dd041fb4177eaed4304bd49b1bcd151fbbdc56a814a90c3f9d050c00452d

10

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00111
MD5 7d73f990aa59fed49f6b083da8b0803f
SHA1 53af9fb573a7585b820c8513df84163ebc66a98b
SHA256 9c6e0ca77288bcebfbd96ad683acccba535329c876888bec50e669ae47653448
SHA3 28c6779e3447e5bbe51418611235961d87418333bdcd529da25dde772e271523

11

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0xc59f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99032
Detected Filetype PNG graphic file
MD5 02bc67d77173a492a6ed3ce49d423721
SHA1 8a7e02d9dd4f8ff069581fe39122f766369013bb
SHA256 41dab04e58362117c28e2f57caf61c8757eadc87c2f883343f62017ede7c1409
SHA3 93bd1d37a465a3b2cf82f09634f5d18cf36b3924d6b7315f94f08b2b46b3d954

12

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x288c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99298
Detected Filetype PNG graphic file
MD5 3a232d5f00cf780f95369fe6bdb223f7
SHA1 eb4035c66c877eeace4f65edc7a98ecd7fa5e54b
SHA256 504767dd20ab3d77976ff5462fd62b02f78ea184715c7bd8ed3901a91767c505
SHA3 7848d6893fabf77b96c9a840f9f580b13ae89143c80c316161137e366afbaf95

1 (#2)

Type RT_MESSAGETABLE
Language English - United States
Codepage Latin 1 / Western European
Size 0x2840
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.06919
MD5 a99c9f2aba6eb725972156b7a4943e46
SHA1 9bfca5062deb9d067f118019fe748d110962a8d7
SHA256 e580ff987740c1e27979aaaa14ba001b06c86929cc321945cf1bdb614d257255
SHA3 4266b8855f8b84c8583e3f5c0ffccc59eece1761a21cfeff04601c9bfa9e6db4

1 (#3)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0xae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.22865
Detected Filetype Icon file
MD5 c244c690e8a636014764b868c6399861
SHA1 379e5a0f9ec2974e0578c25172113903e7aa492e
SHA256 40a7671235acb96a6818e3e6cec3933eb612d80ee05c37162558fbc752f53f51
SHA3 2013cb1be28c435623793daff47ad9a9591bab47f21743f7ca6205f5e3be6ee2

1 (#4)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x360
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.3689
MD5 e50ea38e9b3cf4f80ebb0c98d68af22c
SHA1 67d887c676827a99fa3decb1caa8f81c6dc8b04b
SHA256 c27031fdeed8bf5a064a4a844b26dcc5f27ccc683d6b8e35416378182021bbce
SHA3 dbf5e654616c4dc471b6898bd4292178d094e4a0fcc3115d327bc337ff5438c1

1 (#5)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x4d2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.30829
MD5 8ff25bb3faceb412f946beb4d4b70aba
SHA1 e77a0a3c8dcda8fca1bf8032ced5c633bd13695b
SHA256 409b7a72f95793e29fe6b03ef2c28effbc5b80ffe57fb7a974439022cc7a0e75
SHA3 3fe08b5bceae3a00c5e5c93835e5efd035482c03a6c9aae3749b8dba22bacd0b

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.3.0.38
ProductVersion 1.3.0.38
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Open Media LLC
FileDescription 4K Video Downloader+
FileVersion (#2) 1.3.0.38
InternalName setup
LegalCopyright Copyright (c) Open Media LLC. All rights reserved.
OriginalFilename 4kvideodownloaderplus_1.3.0_x64_online.exe
ProductName 4K Video Downloader+
ProductVersion (#2) 1.3.0.38
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Sep-17 05:33:38
Version 0.0
SizeofData 68
AddressOfRawData 0x673cc
PointerToRawData 0x667cc
Referenced File C:\agent\_work\66\s\build\ship\x86\burn.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Sep-17 05:33:38
Version 0.0
SizeofData 20
AddressOfRawData 0x67410
PointerToRawData 0x66810

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Sep-17 05:33:38
Version 0.0
SizeofData 984
AddressOfRawData 0x67424
PointerToRawData 0x66824

TLS Callbacks

StartAddressOfRawData 0x46780c
EndAddressOfRawData 0x467814
AddressOfIndex 0x46aa94
AddressOfCallbacks 0x44a43c
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0xa0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x46a008
SEHandlerTable 0x4673c0
SEHandlerCount 3

RICH Header

XOR Key 0xa8016b7d
Unmarked objects 0
241 (40116) 10
243 (40116) 125
242 (40116) 24
C objects (VS 2015/2017 runtime 26706) 19
ASM objects (VS 2015/2017 runtime 26706) 20
C++ objects (VS 2015/2017 runtime 26706) 43
C objects (VS2008 SP1 build 30729) 5
Imports (VS2008 SP1 build 30729) 17
Total imports 341
C++ objects (VS2017 v15.9.11 compiler 27030) 75
Resource objects (VS2017 v15.9.11 compiler 27030) 1
151 2
Linker (VS2017 v15.9.11 compiler 27030) 1

Errors

[!] Error: [plugin_virustotal] VirusTotal API access denied. Please verify that your API key is valid.