Manalyze report for 9b19f19ea5a2de87e1b689f9f47d416b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Jul-09 04:21:37
Detected languages	English - United States
CompanyName	FlashDevelop.org
FileDescription	FlashDevelop Installer
FileVersion	`5.3.3.0`
LegalCopyright	FlashDevelop.org 2005-2018
ProductName	FlashDevelop Installer
ProductVersion	`5.3.3.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: FlashDevelop.org http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Can access the registry: RegDeleteKeyA RegOpenKeyExA RegEnumValueA RegDeleteValueA RegCloseKey RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Changes object ACLs: SetFileSecurityA` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`26359404 bytes of data starting at offset 0xc800.` `The overlay data has an entropy of 7.99999 and is possibly compressed or encrypted.` `Overlay data amounts for 99.8061% of the executable.`
Suspicious	VirusTotal score: 2/67 (Scanned on 2020-09-23 04:51:15)	`APEX: Malicious` `VBA32: suspected of Archive.MailBomb`

Hashes

MD5	`9b19f19ea5a2de87e1b689f9f47d416b`
SHA1	`b07d231d368e5624b2d5fca92a129ea6691ba0d5`
SHA256	`7b3109dd768c0c2ef285a0d4a019ab4e89d58f0229a3b820d72f363e7ee3de38`
SHA3	`df2283cf7cac4baf854823cf0db718fc09396f3224f03674d8e369058cf4f5fe`
SSDeep	`393216:u8PPjJPi+JWvxXb4Yo8pZpcxm/a0MGiPnSr4ghYzZYKNsxyZsRrQMB6l416orUyx:bPbJPfupkYtGxma0ViMY2/DR0K6i+K`
Imports Hash	`ccc86c26d13cc5dac6b692ee1ca646c9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Jul-09 04:21:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5e00`
SizeOfInitializedData	`0x1d000`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x0000322B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x33000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`566b191b40fde4369ae73a05b57df1d2`
SHA1	`cfa42dcf56bdb3a78018895af323e496e224fb32`
SHA256	`07f9cc0ea455b39e9ecf4a703840a559755e599c217c17655485b1189a05bc1d`
SHA3	`20532695e48bbb1daaf59b2686af0168fa592aeda2b40a5ba05cae10402b1345`
VirtualSize	`0x5dc5`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47111`

.rdata

MD5	`6389f916226544852e494114faf192ad`
SHA1	`5a8bd7dc51e26e238ac906646d9390d89e9de99b`
SHA256	`96fda7c3b5c92d7089fdd266fb9069a5490e2ae8ea7704c5a15f8ef53ee746ad`
SHA3	`4b0f9cf9e8c6bf0014311228d4e775d5a3ef7c286d6e4b0c9e2e4756a62b3dba`
VirtualSize	`0x1246`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0004`

.data

MD5	`72dcd89e8824ae186467be61797ed81e`
SHA1	`c6906f332b1845c07472aabe92674e8d436cbf12`
SHA256	`3e9253bb993ad5268ecf27f1ef8f33adad3dbb57ce5bf0d58e1ae1c0a64b4545`
SHA3	`979578ce7b54a64e6c3682c3ddb6023964ecb9681571ec94b197f5bcc6cf37d8`
VirtualSize	`0x1a818`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.2206`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa000`
VirtualAddress	`0x24000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`9d61ccd6a1108791707881e6c10e28c1`
SHA1	`59885dce5bea015a2ecc725b7fb9b7add04df3d4`
SHA256	`6f1ba4ea229ef143cee4caf741f724da9e52ab0a3d39a03b230a6ef9d012c4a9`
SHA3	`da6891e67edf9c6d3f72887f1bf13f0134cce3b77b9848a89ec840277edf1389`
VirtualSize	`0x4e00`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.79509`

Imports

KERNEL32.dll	`CopyFileA` `Sleep` `GetTickCount` `CreateFileA` `GetFileSize` `GetModuleFileNameA` `ReadFile` `GetFileAttributesA` `SetFileAttributesA` `ExitProcess` `SetEnvironmentVariableA` `GetWindowsDirectoryA` `GetTempPathA` `GetCommandLineA` `lstrlenA` `GetVersion` `GetCurrentProcess` `GetFullPathNameA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `GetLastError` `CreateDirectoryA` `CreateProcessA` `RemoveDirectoryA` `GetTempFileNameA` `WriteFile` `lstrcpyA` `MoveFileExA` `lstrcatA` `GetSystemDirectoryA` `GetProcAddress` `CloseHandle` `SetCurrentDirectoryA` `MoveFileA` `CompareFileTime` `GetShortPathNameA` `SearchPathA` `lstrcmpiA` `SetFileTime` `lstrcmpA` `ExpandEnvironmentStringsA` `lstrcpynA` `SetErrorMode` `GlobalFree` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `GetPrivateProfileStringA` `FindClose` `MultiByteToWideChar` `FreeLibrary` `MulDiv` `WritePrivateProfileStringA` `LoadLibraryExA` `GetModuleHandleA` `GetExitCodeProcess` `WaitForSingleObject` `GlobalAlloc`
USER32.dll	`ScreenToClient` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `GetWindowLongA` `SetCursor` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostQuitMessage` `GetWindowRect` `EnableMenuItem` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `EndDialog` `RegisterClassA` `SystemParametersInfoA` `CreateWindowExA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `GetDC` `CreateDialogParamA` `SetTimer` `GetDlgItem` `SetWindowLongA` `SetForegroundWindow` `LoadImageA` `IsWindow` `SendMessageTimeoutA` `FindWindowExA` `OpenClipboard` `TrackPopupMenu` `AppendMenuA` `EndPaint` `DestroyWindow` `wsprintfA` `ShowWindow` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `ShellExecuteA` `SHFileOperationA`
ADVAPI32.dll	`RegDeleteKeyA` `SetFileSecurityA` `OpenProcessToken` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `RegOpenKeyExA` `RegEnumValueA` `RegDeleteValueA` `RegCloseKey` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_Create` `ImageList_AddMasked` `ImageList_Destroy` `#17`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoCreateInstance`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.26612`
MD5	`0ec0a0948a526b9c7eebe39bb02b6b0b`
SHA1	`867b304f20fd74abeb5c30515837f1c41cd3bf8f`
SHA256	`d442adb90ba296c7e617d2f58d6fa6f308bcd8ef65e5e9c66db4dd27f93fcfbe`
SHA3	`5bc458755a2ca5c7475620389d9b6b67952973c4366c6777d45c969b8bc67cd4`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9993`
MD5	`6b224e01af48ec8e4c17a59d9534e885`
SHA1	`de787d2a1e840618ba2c7eb69d28f6966c404d1d`
SHA256	`50279c9885b490e74b49ac0273940b6e0891b62fc9ffb5c52e35422a694f248b`
SHA3	`71b543301bccda64ba61a27873c952890233e0cbec10e0b59245fc303bcfadbc`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24459`
MD5	`ca82d899b1d402941b5c92ed9028cd95`
SHA1	`fb329ec4455d5caf1753305debcc14ab6ebb9015`
SHA256	`9da1013c864092e49c2676b3ba68a0d4513457d77d251730ed73cc5f4a4813b1`
SHA3	`768277223731ffdcb799e50961d0afccf23bbae54118d53b834617ccbd0c5cd9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01502`
MD5	`05e60fd47096a729dda2aaa4ab05ebc7`
SHA1	`de8ec9b484fa4f565b14f55503c9cd95231b633b`
SHA256	`61f762babde9942f43ee97154b8734efeed0632a6ea778dc395793ae3e3e7507`
SHA3	`f8ba0d4a91389414904cc66226099f27f482055e90ba449e2396193f139713d8`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.16057`
MD5	`d9ee3a2962251a241bce41b0524cfc0e`
SHA1	`2ba919aaa7237367a158e4b95385ab1ee07643d8`
SHA256	`69e6579a37fcaec037634e7fecbfc6a26093ea81dc4bd555d8a12187d2cd0866`
SHA3	`a1699668464f7edf9a748dfc264f9d30e3c69a228be0a18cade30c14aa6c77ba`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34146`
MD5	`53482d364aa2d4ae7ca05199dad7651a`
SHA1	`ccb213408acc7f5ddb94753e6410be23aab5cedd`
SHA256	`ff06189b43a5c1d6cc5d1b7cbf6ab56b1157ec52807945d652274a211462cba5`
SHA3	`60659e39ef3f267c267093f8bc4c87ed61eea4ef96ac0f583184f580844573e5`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04232`
MD5	`636ad42555a835e3a94209043df4a45a`
SHA1	`c878613bda5cba6cb5769846e60229890c5df248`
SHA256	`491e52ded039ec6684277e6f1f820e288763ae6d20e682bcfffb6cee4518ac23`
SHA3	`4b79e60727e0f7be7495c59fb949e22bd753cff6e145e4694257a21a7b5dba8c`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x114`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47661`
MD5	`4b92e2d40018f2d075a9e088641f7294`
SHA1	`fbec59881f21f3a00e36b0663dbe04ec82cf98f1`
SHA256	`cb10fca44424eaf8e93c38572f774365513d99d61bd1c59604887ef97b262838`
SHA3	`19d87cb8c408288405fdd05ee766cf25d527f759bad39717ab81c297605e37fa`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63517`
MD5	`6eae9b6c6961c0c62dfa63eaa4b49db6`
SHA1	`cc5cf45a93107d46e6957c963d6bffc6f88bf1cd`
SHA256	`f4288444e967e22284e3f041b6a05e53aacfe744157f09420d345ca705b75cca`
SHA3	`a309dbab3b1fd66e5aeb2a8521b93d2fef7a19cb63b927b81742552ed6ef7666`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60687`
MD5	`69141205bb5e5ad1c454f47e18a7c87a`
SHA1	`2b374d037fd3dd165fd4f660dc64c851c47f1ff9`
SHA256	`4b506d469d6b0eed1c6617707b3d0b2fb1eb6eca4db1f2238f6a70baf2476d12`
SHA3	`976ff7c5e3aae8d3877169013cbe00f581875d5e294b02ebcc880543759ba1b4`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84796`
MD5	`9b825f341727970290a26cc8931d8cd4`
SHA1	`58d783b63b41074e109d7084726ecfac898d867f`
SHA256	`791a1142f62b9ff27a2d9ef190f2cc4c6bbc59ee901f8ae51855c67767c2511e`
SHA3	`f022f5d7d5d5b8c2966244948bfd26f0f00a75965090edf202f1fb438e9dc5c7`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38127`
MD5	`18d9dd122e499f1cef773ecab806312d`
SHA1	`225cac0b8be2c06d1e109981dc0782def3041274`
SHA256	`d93697ce2033d3ec93647213587d117e3daf6782f25521353bab352e208fc188`
SHA3	`d3ad7a2aba65af821504e23564de82a1f13b5b748ef98d4ae5c8e858441c31a3`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87972`
MD5	`f0d5df23fd8d248651e773605d8f226f`
SHA1	`9dc40f7c2dd1a8fb3c7ddc9e1595a787764a9753`
SHA256	`6ac4c8cebc04b6ce7bcc9a3c9eacd1a1c6249399b5b082879d427b1255060157`
SHA3	`2e6f8b78510b45885207f52050832fd81d4f52b2459f67f92c31851d5c1f17be`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6691`
Detected Filetype	Icon file
MD5	`e624f041c921d299a6da3a8c5f48f989`
SHA1	`ffa07c86ac3dac45398ee07b26610dfb5c99d8ea`
SHA256	`fed46e06346fb8f64b14c18408a82caf955929ac0e65151630539dc5bd194584`
SHA3	`b51d47dbe9cbe18b1f520275504256022a827f919672b081943ae45cd4ff44c9`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30117`
MD5	`0f159842be80c43d0a66caf900e8c06b`
SHA1	`be447d32d78cd4af5d3e8aa45e58a6cb677e9215`
SHA256	`0b4fd3a5259fc77bcb9dd99dd34a2d153f9b38409a717bc869c8c99c44664632`
SHA3	`c90f7edb965e066c5efa1f8e32b1cd780d9a0ef571bc27ed6ec1616f3517f4ab`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x430`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28759`
MD5	`fbb3ac52a82b1d745d83a9d80f935ee2`
SHA1	`d8b592ad7ce1967fc38be600980ae542aefb07ae`
SHA256	`3010b97a5742c85edee43af66c98ab77472033e553400def25abb0761d74abbb`
SHA3	`ef7e756660e533a6c4fa0e93b4b934bef5af08ab334a846f82d753fbd89fb623`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	5.3.3.0
ProductVersion	5.3.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	FlashDevelop.org
FileDescription	FlashDevelop Installer
FileVersion (#2)	5.3.3.0
LegalCopyright	FlashDevelop.org 2005-2018
ProductName	FlashDevelop Installer
ProductVersion (#2)	5.3.3.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd246d0e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`159`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!