8e8bbbdda102b4647563e2bdbb8ba17b

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-May-01 14:33:52
Detected languages English - United States
Debug artifacts C:\build\work\eca3d12b\wix3\build\ship\x86\burn.pdb
CompanyName Intel
FileDescription Intel® Driver & Support Assistant
FileVersion 3.2.0.9
InternalName setup
LegalCopyright Copyright © Intel Corporation. All rights reserved.
OriginalFilename Intel Driver and Support Assistant Installer.exe
ProductName Intel® Driver & Support Assistant
ProductVersion 3.2.0.9

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
References the BITS service.:
  • 0d 4c e3 5c c9 0d 1f 4c 89 7c da a1 b7 8c ee 7c
  • 4b d3 91 49 a1 80 91 42 83 b6 33 28 36 6b 90 97
  • c7 99 ea 97 86 01 d4 4a 8d f9 c5 b4 e0 ed 6b 22
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .wixburn
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryExW
  • LoadLibraryExA
Possibly launches other programs:
  • CreateProcessW
Uses Microsoft's cryptographic API:
  • CryptDestroyHash
  • CryptHashData
  • CryptCreateHash
  • CryptGetHashParam
  • CryptReleaseContext
  • CryptAcquireContextW
Can create temporary files:
  • CreateFileW
  • GetTempPathW
  • CreateFileA
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
  • CheckTokenMembership
Interacts with services:
  • ChangeServiceConfigW
  • ControlService
  • OpenSCManagerW
  • OpenServiceW
  • QueryServiceStatus
  • QueryServiceConfigW
Manipulates other processes:
  • OpenProcess
Changes object ACLs:
  • SetNamedSecurityInfoW
Can shut the system down or lock the screen:
  • InitiateSystemShutdownExW
Info The PE is digitally signed. Signer: Intel(R) Driver & Support Assistant.
Issuer: Intel External Issuing CA 7B.
Safe VirusTotal score: 0/66 (Scanned on 2018-04-14 16:31:48) All the AVs think this file is safe.

Hashes

MD5 8e8bbbdda102b4647563e2bdbb8ba17b
SHA1 c7b696c2946d691531091b8c08037958f934484e
SHA256 879da6c6e8a7ca7892ba1b615ea6255cf41156dcd5eaf95c5ab9f0efe522250c
SHA3 c496acce9fc854e68498f993a38f87e83dbdf0ecf7d435c6acaf2b483cb953b1
SSDeep 196608:5gKX+QaDwXMsdcIcWRXe5PodPBeQiHP8ZSBLjxnmysnLjII1sRJKryp6Ny/1ROnk:+Z2gwXDdg0qynLjIewjD1ROjsA0
Imports Hash b87a2a6b52aa6910be7b586401633383

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2017-May-01 14:33:52
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x49c00
SizeOfInitializedData 0x27600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0002E1FD (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4b000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x76000
SizeOfHeaders 0x400
Checksum 0xd47b07
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a67b51c27aac0c4dfc083827d24d4658
SHA1 72882483b502a3c529c98d04888b6c7715498459
SHA256 068af32ed901e014be357397efa03fa538d2ecd4de3b6cdd4dff41cda8272094
SHA3 fc71904856928240c19ac17b4bce3d950fd85e2245b4ee74468e7157c068208b
VirtualSize 0x49a67
VirtualAddress 0x1000
SizeOfRawData 0x49c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.56282

.rdata

MD5 119b8fb4aff26bdb2b70951b3ce2b221
SHA1 d0a15bd67600203356e61e0f2c387392df91e31a
SHA256 3d010bacfae2ead5aebcc49413155ce72fef4b577f0ba07431ba91b5abd76bfa
SHA3 7ec7686da65989467360aea4bee610fc5f11a306decf1fbb6fa38857ddc67d6f
VirtualSize 0x1ec60
VirtualAddress 0x4b000
SizeOfRawData 0x1ee00
PointerToRawData 0x4a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.10841

.data

MD5 7dfb613b52fd85bf38fe5b511a5c8a45
SHA1 bdac2068456e6b1fed27d100bc0fd5fbf1c7f3d9
SHA256 991db5045b6b2f4b5a7e0611e58cad5008174f0da586bfbabae9336fd2c84f02
SHA3 372fde42ca1a0b441b677d6858720b91bbe1f62b9d48642ffe6c5abd9d651949
VirtualSize 0x1730
VirtualAddress 0x6a000
SizeOfRawData 0xa00
PointerToRawData 0x68e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.15458

.wixburn

MD5 d9e10be6fa9ad17c3fef85b78befb79a
SHA1 623fb25ed38fb89f3fa836bd93193c3d667bfb3e
SHA256 99a7f314ede7bde33a147f98c9585a1558da97c6ea58beb8633d79641780f39e
SHA3 faa0984b992302ea06282eb0cd4b16fde38a6c9200b959f505c8bce754552865
VirtualSize 0x38
VirtualAddress 0x6c000
SizeOfRawData 0x200
PointerToRawData 0x69800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.739068

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 d5c44f659751a819616c58c9efe38e80f2b84cf621036da99c019bbe4f1fb647
VirtualSize 0x9
VirtualAddress 0x6d000
SizeOfRawData 0x200
PointerToRawData 0x69a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 4208222e2196b342034d0abcc4cc3caa
SHA1 50fb5ac49af49d46c3fb5186dd507e85a49753dd
SHA256 22d065c4a8b2b1b14f078c4639dbf22e15a54bcf48f9d686f00327d568cc40c5
SHA3 3d2ab59fab3dbb1887c7494976560bb6ae7655eb26da5c135d2cf1ea48fe6e12
VirtualSize 0x3ac8
VirtualAddress 0x6e000
SizeOfRawData 0x3c00
PointerToRawData 0x69c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.51216

.reloc

MD5 64b4055db26d6e5c21cfca5abb774e9e
SHA1 339f75ab37c28b6fecc0d020a8f52bf90d9e0fd3
SHA256 d387a02ef137f40ec4da01878deeb2e9f3575beea5dd3b4ab8dd6b56d870dca1
SHA3 b5c58aaa972d3246a9ada705b082e3b247fd9f5fde36a722712fc352d68eb41f
VirtualSize 0x3dec
VirtualAddress 0x72000
SizeOfRawData 0x3e00
PointerToRawData 0x6d800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.79026

Imports

ADVAPI32.dll RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW
USER32.dll GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage
OLEAUT32.dll #6
#2
#8
#9
GDI32.dll CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC
SHELL32.dll SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW
ole32.dll CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID
KERNEL32.dll GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
TlsAlloc
GetEnvironmentStringsW
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsGetValue
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
LoadLibraryExA
RPCRT4.dll UuidCreate
Cabinet.dll (delay-loaded) #22
#23
#20

Delayed Imports

Attributes 0x1
Name Cabinet.dll
ModuleHandle 0x6b5c4
DelayImportAddressTable 0x6a944
DelayImportNameTable 0x68240
BoundDelayImportTable 0x684ec
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
Entropy 4.27817
MD5 dd74ac90d0252284f1ce309880b60a82
SHA1 add64a2bb1668d419438ce849b4dee87ec84267f
SHA256 9e3bdf1cc1dcfd284924c25050c51cca0412ec699da8dc2046e6f76096bce5ee
SHA3 7328cb70ad4df35fbe8c02c081f8aaef21484bdff7d3f1e3ac968acf340a5da7

1 (#2)

Type RT_MESSAGETABLE
Language English - United States
Codepage Latin 1 / Western European
Size 0x2840
Entropy 5.06919
MD5 a99c9f2aba6eb725972156b7a4943e46
SHA1 9bfca5062deb9d067f118019fe748d110962a8d7
SHA256 e580ff987740c1e27979aaaa14ba001b06c86929cc321945cf1bdb614d257255
SHA3 b25b8a61c9021250811dfc3cf1d7b0b663c0aa50d18604109d9d9ced9a7a100c

1 (#3)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
Entropy 1.81924
Detected Filetype Icon file
MD5 cbee427fa121aba9b9b265ff05de5383
SHA1 24fcae33001c8e0f5ec795c6edf076a69d59589f
SHA256 494e4fd717fa1ee0c5c7bb3b4e28fdab4b7f6e95b4f9865f5ab86f03f62ae62c
SHA3 0dedec4905e83f946617924ce33e2651c5f8fbc2463fea33077526f38a40dae4

1 (#4)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x380
Entropy 3.31219
MD5 7a42442d88faaa4dd5a8faf304f51cac
SHA1 7f535db080467ef637f1e7ae60685a38c49954f5
SHA256 ddef3afd310924bb0046ccccddd08be3fb74915e127952d45acb90938b5af5d7
SHA3 ac41990f54f99300d72a0988110b1aeff4831f5e4bba508a9963a10a838a2f8a

1 (#5)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x4d2
Entropy 5.30829
MD5 8ff25bb3faceb412f946beb4d4b70aba
SHA1 e77a0a3c8dcda8fca1bf8032ced5c633bd13695b
SHA256 409b7a72f95793e29fe6b03ef2c28effbc5b80ffe57fb7a974439022cc7a0e75
SHA3 82df5653723f3d5e9f613fb8fa0ae98b1b4861d79e061d3cfeacbc149d105404

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.2.0.9
ProductVersion 3.2.0.9
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Intel
FileDescription Intel® Driver & Support Assistant
FileVersion (#2) 3.2.0.9
InternalName setup
LegalCopyright Copyright © Intel Corporation. All rights reserved.
OriginalFilename Intel Driver and Support Assistant Installer.exe
ProductName Intel® Driver & Support Assistant
ProductVersion (#2) 3.2.0.9
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-May-01 14:33:52
Version 0.0
SizeofData 76
AddressOfRawData 0x678ec
PointerToRawData 0x668ec
Referenced File C:\build\work\eca3d12b\wix3\build\ship\x86\burn.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2017-May-01 14:33:52
Version 0.0
SizeofData 20
AddressOfRawData 0x67938
PointerToRawData 0x66938

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2017-May-01 14:33:52
Version 0.0
SizeofData 984
AddressOfRawData 0x6794c
PointerToRawData 0x6694c

TLS Callbacks

StartAddressOfRawData 0x46d000
EndAddressOfRawData 0x46d008
AddressOfIndex 0x46aac0
AddressOfCallbacks 0x44b43c
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x68
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x46a008
SEHandlerTable 0x4678e0
SEHandlerCount 3

RICH Header

XOR Key 0xdc0f4ed9
Unmarked objects 0
241 (40116) 9
243 (40116) 124
242 (40116) 24
ASM objects (24723) 19
C objects (24723) 19
C++ objects (24723) 38
C objects (VS2008 SP1 build 30729) 5
Imports (VS2008 SP1 build 30729) 17
Total imports 341
C++ objects (25017) 75
Resource objects (25017) 1
151 2
Linker (25017) 1

Errors