8c9085d4f753a2aab26082fd2eb46a8e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Dec-31 00:38:38
Detected languages English - United States
Russian - Russia
CompanyName Snoop05
FileDescription 15 seconds ADB Installer
FileVersion 1.4.3
InternalName adb-installer
LegalCopyright
OriginalFilename adb-installer-1.4.3.exe
PrivateBuild December 30, 2012
ProductName 15 seconds ADB Installer
ProductVersion 1.4.3

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Suspicious The file contains overlay data. 9251703 bytes of data starting at offset 0x58a00.
The overlay data has an entropy of 7.99989 and is possibly compressed or encrypted.
Overlay data amounts for 96.2245% of the executable.
Malicious VirusTotal score: 3/62 (Scanned on 2022-11-23 19:22:41) APEX: Malicious
Jiangmin: Trojan.Fsysna.kjz
Malwarebytes: Malware.Heuristic.1003

Hashes

MD5 8c9085d4f753a2aab26082fd2eb46a8e
SHA1 eae637085255a1c7d903a880374b20d108a3c38b
SHA256 ca297f88ae58cc436028e07482e04e429e6bc81eab291cba814aa196d2c4f419
SHA3 8bca48b12c0ab09aca6e9e16efd0441f04644f7eb525c06b256591ae28c5c113
SSDeep 196608:cwYvfXDBYhBpeLHe3+EPegZT3VCz0TByC+Py7FU+LCZAsdX3LBO9:3ibBYDey3PFCuByPyhRwxBBI
Imports Hash 254a3a10c7173262c1ad498fb1bffb52

DOS Header

e_magic MZ
e_cblp 0x60
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x60

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2012-Dec-31 00:38:38
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0xe000
SizeOfInitializedData 0x4b000
SizeOfUninitializedData 0x5f000
AddressOfEntryPoint 0x0006CAD0 (Section: UPX1)
BaseOfCode 0x60000
BaseOfData 0x6e000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xb9000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x5f000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 18aa317adce1d31150ddba79a7e3d9c4
SHA1 4b37550328d668ec0d7858805073e67f1be4f905
SHA256 46556b5df76af8a0167302cae59849f528061eae268760db71a22dae38b1c757
SHA3 5d8c7de7eee32151f0c7c41af46fbab564e04c1886ecb0f6b273bea701ba2e2a
VirtualSize 0xe000
VirtualAddress 0x60000
SizeOfRawData 0xd800
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.97261

.rsrc

MD5 6aaa52b37b81d4762bf3f69f0c15e98c
SHA1 0abc729d1b61536b29ad617b70e12760950dd916
SHA256 a9c65e6eff125b9e06f531ad08922f6554481ba3c7d7f0b9900c9194fca6b40e
SHA3 ce5fc2a424975c42b1c6b5041afb79d06d1e7500cc515d86b9a5d16a894c49c3
VirtualSize 0x4b000
VirtualAddress 0x6e000
SizeOfRawData 0x4b000
PointerToRawData 0xda00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.00963

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
ADVAPI32.dll FreeSid
COMCTL32.dll #17
GDI32.dll DeleteDC
MSVCRT.dll free
ole32.dll CoInitialize
OLEAUT32.dll SysAllocString
SHELL32.dll SHGetMalloc
USER32.dll GetDC

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.72409
MD5 31c152332900d97843faa43c13375530
SHA1 ab56d5a2a654677645563b3e88261d4fc74d3287
SHA256 a0468e5b05aadbf635566e94fb650c56131d52abdd72b777e5f81dd477da48de
SHA3 2a56c2ce619b5561bc63c0d96497e95103f301b74245b2ac4fa408f89b34a537

1 (#2)

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.1359
MD5 b3e65ae20b308c584a48e30c471e8019
SHA1 fa5fbbce19371d210dddf28970d9e73350350793
SHA256 8c6f1fe099115380345b5d4cc65ecf8d8c5fdcad97abf41a7538318ca5543512
SHA3 b75841f55428ab967fac0943fbb104d23491cb219b1f2b077a45339ad8e8e0e2

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.07125
MD5 a8080ddab4439019ef5b71ebbd457733
SHA1 697425f54cdff00c7e4b3052075e72e9d1e8bfc8
SHA256 80c414bb425c171edbcb96fe60fb67d5b0176eb4c3d2136d10ce4685d6ec9e8e
SHA3 fc3f16684edaf17a026d9145766f9caf92b91c3dbbd39b1343cea27d5a8e8a65

2 (#2)

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.60602
MD5 6a034f265793bbd5e677bf682c0d2742
SHA1 86f908fe1f2a6cc2dbaf3fc4ee371c164ee79061
SHA256 f124dfe6e202fe58203edbdae89af837860e9b30ebcdecfa631181c89c12eeaa
SHA3 aa36db07693387113a2eefbdc308376622db184cc77b5a50526cda137b9cc2e7

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.37994
MD5 8cbd28c223c5d4631b3ce66d2a82fe13
SHA1 ca2a5a0d1595d9361f3ef7c4ae16bc27bc51cab0
SHA256 582446a46c9310d3fe9627dddb9338cacb186c176998639416aeb6324d9b3318
SHA3 7a8108e2ca5d07c53c87a1ff6073298abbaaa5e92d1a2cc5422cc19ea8c0a06a

3 (#2)

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.63074
MD5 05b53ec0b7816b0cfefacc0f5f0b1037
SHA1 b750d7343f4cb4cbdb227fbf0ad488af9e06891e
SHA256 d95f957bd2c5ad21cdda8ff0e3bc34643c433a89631a698f46c3cbadd481bef8
SHA3 a9805dbdf1f9250dd9a17d2fd443e664c85be6c02ba163edd0ef072c42d4309e

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48238
MD5 dfabc9996f13f91b3263c4db838f623c
SHA1 e17419f0e90dcec530e0665a5ea4755db4376d06
SHA256 5eecbfe9ffaa99540febeb854e924057260485e117bb4301f1b65f69dab6d12d
SHA3 902968e188f4d04a2080eb3e798fc92f57ad1063928cc3418332b5787309b682

4 (#2)

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.3817
MD5 8528f1e7df7b6d98bc54ddd9fb8d27f2
SHA1 6a985f2c03ef8cb14135fe46db8af9c434cc87e9
SHA256 019b84b7510645d6a52a703f9b6a56039efbaf3bef33709fc96aba6dfb736077
SHA3 356e879eaf0a682d5e8639e08d782c5e36b4c84346c9ebc5cb9aff67fd4ad863

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.28424
MD5 8b70d54c48ff3eec308fc56eb6c4ff6b
SHA1 b62c8e94addb1daa4ef0927f3452d842c9556e0b
SHA256 3135c69363d6728745390f45f290d2b81bbf5cb27ba87ce965f7fd138a335fe4
SHA3 25bbd2f6892af353d2a6247b10a006e8d8407c1db7bba373481dcc35cf1e8fd6

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39214
MD5 bc5f79566b0d4219ab7bb73944d3cf7d
SHA1 eb0cbedbe2a3e296e1fa9492342b023c21afefa8
SHA256 6e71aa47da4ce1f3afd18de38f874a9faa96d28948c8fd6f91f2a7fcd5332a37
SHA3 027ff29d721c569df842679b0d3264da4304a3696139f145facea308f4c6f301

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.17501
MD5 5119871452552e3e0073465bb0c49e2d
SHA1 9fd40a367606c492528e0a7141dec6c87d463029
SHA256 df835f215732d42d589fcf442b1075b87c366eda31cd8c746aad351428ab19b6
SHA3 d6979678df09bb1f7a133190d7226eaf00ecad41480c8d66f83c9f3657413b68

8

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.89055
MD5 7679f210b045ff9f86aa7e7574caa648
SHA1 64411be94eddb98ab35357bfd83a1e770ae5a1e1
SHA256 963db0b9b2e9e67e9ff86af1198f803944e3824ec9772c9047077094d7192225
SHA3 b2dca41438a16a80e8924e27bc8755f12fe381faa17fb44b803bc70635dd94d5

9

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.75163
MD5 da545eb24635c3191b6ee81e1d75301c
SHA1 176e1faad44fd64c72a79c8c552950177f717903
SHA256 8716fe2585d38c382bda69a57affaa3294f5e21b9089052b8016a5f6ec1382e4
SHA3 bbcbc14038722ef2462785e2777c0fb0e2bf3e8f49a688b4e9a56a1bdca49b67

10

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.43924
MD5 41018a48539f3d2a06a4bbebd48bd71e
SHA1 8bf773f1681aa2ef43bc72f594cf371e9aaf95de
SHA256 7b7966cab0f6d21d1e8e6242f59f4fc00d966f37c42b1c793e0a0de95f53d779
SHA3 96356d453ce7a50bc90039db8f935f875eab414506eb3431ed39e8606cb3579c

11

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.83833
MD5 f6d497ac4c76aa1b39b06f7b6deb1063
SHA1 937b4e69466920a0903ec18ee432a5d4834c7f95
SHA256 c00f9899a633d3fc83e34f992f9cccedc8811036e4b21c9b7b9a4744074aa6e8
SHA3 f52a6948f000a163fe46875ab64c4249120a44ed16a2ac60f0a8bc4bc189ecba

12

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.26854
MD5 839026064bf7d8bb2890a5a57f97a41e
SHA1 2ea76bb6624c4ba372b1e176b9fcd216da81b607
SHA256 575ba9846df72d00c959cbea53cae8420b2a6766c852f9fc956f29393488990c
SHA3 3dea668fbbdaab855babc264a61ccb26916d2493c93bb0aa3f7cb6a0d2bcd019

13

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.9369
MD5 d4c24c6c0d3773b7477b54e762f2de8f
SHA1 497a304d5803c03d0ab87a166693ae75dab42488
SHA256 a79aa501b3a249363aef8f4439f8f08e1b1c080095c3067066b159e049c5286a
SHA3 b25252ba790c49f3504ccb2e9bd1389e3e8f23724a188d4227d074ff1a0dce31

1 (#3)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xbc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.03198
Detected Filetype Icon file
MD5 c549ed8d865ab7d94ee3a684b7712bda
SHA1 ac8248813507f80ba95203d73f68b120f5678b56
SHA256 f6c2b4e13e96ef034d5ffd56d50e61652c405441d29645ff35d547071e2a12e2
SHA3 19f1f6580025a15e8008434cad7a4191418674659e3605bffb542987f5dd7199

101

Type RT_GROUP_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.72839
MD5 7fbb48d54249494c555ea8a1a542fcf3
SHA1 03f7af9f530b62b4668f6e8b89e9a1f239bce95c
SHA256 5c31ba1914a9c5016bbee249a8831b4bee8398a2cc75bb0246e6d84969050524
SHA3 a28018233b14109a7b85c95da315be52dbdd274a216b35a36caa614d871f35db

1 (#4)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x318
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39218
MD5 78305b70430f9c92413d169099aea643
SHA1 ca6448f33e18ab8c697cf713f87c560a7a8c346f
SHA256 67d30b3d2ae21ae38048ea5701b4af1c246e3f8b48a3257f1ba24a475a5ddf85
SHA3 d5617f50bca496eef8da64612d4e789f91c2e68fbfc9c3e6c97d82c0d6157d54

1 (#5)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x346
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.23138
MD5 e32a5384ce1d3d6ce2f07bae63580af4
SHA1 ecd92eb0584dc4e5b87b9d87aac587c1fb5a3538
SHA256 e7c9872b3f255430bf4a174164305dfefbe2affd5b942c942b349047d9289297
SHA3 02ee32c8bcdd6cefb446c2a5d7f6073bc3f316daf7571f7befa4a3eb018c1315

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.4.3.0
ProductVersion 1.4.3.0
FileFlags VS_FF_PRIVATEBUILD
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Snoop05
FileDescription 15 seconds ADB Installer
FileVersion (#2) 1.4.3
InternalName adb-installer
LegalCopyright
OriginalFilename adb-installer-1.4.3.exe
PrivateBuild December 30, 2012
ProductName 15 seconds ADB Installer
ProductVersion (#2) 1.4.3
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0! [!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file. [*] Warning: Resource 101 is empty!
<-- -->