Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2024-May-08 18:25:01 |
Detected languages |
English - United States
|
Debug artifacts |
D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Visual Studio Installer |
FileVersion | 17.10.35013.160 |
InternalName | vs_community.exe |
OriginalFilename | vs_community.exe |
ProductName | Microsoft Visual Studio Community |
ProductVersion | Visual Studio 2022 |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. | Unusual section name found: .boxld01 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA 2011 |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2024-May-08 18:25:01 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x37800 |
SizeOfInitializedData | 0x30c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001DFD0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x39000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | A.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x6d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x3d7d26 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ole32.dll |
CoInitializeEx
|
---|---|
COMCTL32.dll |
#17
|
RPCRT4.dll |
UuidCreate
UuidToStringW RpcStringFreeW |
SHELL32.dll |
SHGetPathFromIDListW
CommandLineToArgvW ShellExecuteExW SHBrowseForFolderW |
SHLWAPI.dll |
PathRemoveExtensionW
|
USER32.dll |
GetWindowLongW
SetWindowLongW PostQuitMessage EndDialog SetWindowTextW DialogBoxParamW SendMessageW GetWindow GetWindowThreadProcessId GetTopWindow MessageBoxW GetDlgItem LoadStringW PostMessageW |
ADVAPI32.dll |
RegCloseKey
CryptGenRandom CryptReleaseContext DecryptFileW RegOpenKeyExW RegQueryValueExW CryptAcquireContextW |
KERNEL32.dll |
FileTimeToDosDateTime
FileTimeToLocalFileTime MoveFileExW GlobalFree GlobalAlloc SetCurrentDirectoryW GetCurrentDirectoryW RemoveDirectoryW GetFileAttributesW DeleteFileW FileTimeToSystemTime GetSystemInfo CreateEventA GetModuleHandleW GetEnvironmentVariableW GetTickCount SetEnvironmentVariableW GetLastError ExpandEnvironmentStringsW Sleep GetProcessId WaitForSingleObject GetExitCodeProcess CloseHandle SetFileAttributesW InitializeCriticalSection CreateEventW CreateThread DeleteCriticalSection EnterCriticalSection LeaveCriticalSection SetEvent GetCommandLineW lstrlenW CompareStringW LocalFree CreateDirectoryW GetTempPathW LoadLibraryW GetProcAddress GetSystemDirectoryW SetDefaultDllDirectories FreeLibrary WaitForMultipleObjects ExitThread SetLastError SystemTimeToTzSpecificLocalTime GetSystemTime GetTimeZoneInformation FormatMessageW lstrlenA GetComputerNameW GetLocalTime GetVersionExW CreateFileA SetFileTime LocalFileTimeToFileTime DosDateTimeToFileTime SetFilePointer InitializeCriticalSectionAndSpinCount ResetEvent WaitForSingleObjectEx UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead RtlUnwind FreeLibraryAndExitThread EncodePointer TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW RaiseException GetStdHandle WriteFile GetModuleFileNameW ExitProcess GetModuleHandleExW HeapFree HeapAlloc GetFileType LCMapStringW FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetCommandLineA MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetStdHandle GetStringTypeW GetProcessHeap GetFileSizeEx SetFilePointerEx FlushFileBuffers GetConsoleOutputCP GetConsoleMode HeapSize HeapReAlloc ReadFile DecodePointer CreateFileW WriteConsoleW DuplicateHandle FindFirstFileW SetEndOfFile |
Cabinet.dll |
#23
#22 #20 |
OLEAUT32.dll |
VariantClear
SysAllocString |
VERSION.dll |
GetFileVersionInfoW
VerQueryValueW GetFileVersionInfoSizeW |
bcrypt.dll |
BCryptCreateHash
BCryptHashData BCryptFinishHash BCryptDestroyHash BCryptCloseAlgorithmProvider BCryptOpenAlgorithmProvider |
Ordinal | 1 |
---|---|
Address | 0x3d000 |
Preparing: |
Are you sure you want to cancel? |
An error was encountered. |
There is not enough disk space on your drive for the new files |
to be uncompressed and installed. Please run this application |
again after you have freed some space on your drive. |
Unable to create or save new files in the folder into which |
the files are being extracted. Please check the folder properties |
to ensure you have permission on the folder to |
write files and that the folder is not read-only. |
The application cannot find one of its required files, possibly |
because it was unable to create it in the folder. Please make |
sure that the folder in which this application was downloaded is |
accessible and not read-only. |
Unable to execute the embedded application to complete the installation. |
This application requires .Net Framework 4.6 or higher to be installed. |
Please install the latest .NET Framework from https://go.microsoft.com/fwlink/?linkid=840938, or Windows Update. |
Visual Studio Installer |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 17.10.35013.160 |
ProductVersion | 17.10.35013.160 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Visual Studio Installer |
FileVersion (#2) | 17.10.35013.160 |
InternalName | vs_community.exe |
OriginalFilename | vs_community.exe |
ProductName | Microsoft Visual Studio Community |
ProductVersion (#2) | Visual Studio 2022 |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-May-08 18:25:01 |
Version | 0.0 |
SizeofData | 81 |
AddressOfRawData | 0x8d50 |
PointerToRawData | 0x8150 |
Referenced File | D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-May-08 18:25:01 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x8da4 |
PointerToRawData | 0x81a4 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-May-08 18:25:01 |
Version | 0.0 |
SizeofData | 928 |
AddressOfRawData | 0x8db8 |
PointerToRawData | 0x81b8 |
StartAddressOfRawData | 0x435dd0 |
---|---|
EndAddressOfRawData | 0x435dd8 |
AddressOfIndex | 0x43a0ac |
AddressOfCallbacks | 0x401038 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x439008 |
SEHandlerTable | 0x408b80 |
SEHandlerCount | 116 |
GuardCFCheckFunctionPointer | 4436680 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0x7b80e07c |
---|---|
Unmarked objects | 0 |
ASM objects (28900) | 10 |
C++ objects (28900) | 144 |
C++ objects (VS 2015/2017 runtime 26706) | 43 |
C objects (VS 2015/2017 runtime 26706) | 19 |
ASM objects (VS 2015/2017 runtime 26706) | 20 |
C objects (28900) | 21 |
Imports (28900) | 25 |
Total imports | 204 |
C++ objects (LTCG) (27051) | 71 |
Exports (27051) | 1 |
Resource objects (27051) | 1 |
151 | 2 |
Linker (27051) | 1 |