abb21bd37a95721fe957330219ab0a02
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2024-May-08 18:25:01 |
| Detected languages |
English - United States
|
| Debug artifacts |
D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb
|
| CompanyName | Microsoft Corporation |
| FileDescription | Visual Studio Installer |
| FileVersion | 17.10.35013.160 |
| InternalName | vs_community.exe |
| OriginalFilename | vs_community.exe |
| ProductName | Microsoft Visual Studio Community |
| ProductVersion | Visual Studio 2022 |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
| Suspicious | The PE is possibly packed. | Unusual section name found: .boxld01 |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA 2011 |
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x118 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 6 |
| TimeDateStamp | 2024-May-08 18:25:01 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x37800 |
| SizeOfInitializedData | 0x30c00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0001DFD0 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x39000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.1 |
| ImageVersion | A.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x6d000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x3d7d26 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x2000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.data
.idata
.boxld01
.rsrc
.reloc
Imports
| ole32.dll |
CoInitializeEx
|
|---|---|
| COMCTL32.dll |
#17
|
| RPCRT4.dll |
UuidCreate
UuidToStringW RpcStringFreeW |
| SHELL32.dll |
SHGetPathFromIDListW
CommandLineToArgvW ShellExecuteExW SHBrowseForFolderW |
| SHLWAPI.dll |
PathRemoveExtensionW
|
| USER32.dll |
GetWindowLongW
SetWindowLongW PostQuitMessage EndDialog SetWindowTextW DialogBoxParamW SendMessageW GetWindow GetWindowThreadProcessId GetTopWindow MessageBoxW GetDlgItem LoadStringW PostMessageW |
| ADVAPI32.dll |
RegCloseKey
CryptGenRandom CryptReleaseContext DecryptFileW RegOpenKeyExW RegQueryValueExW CryptAcquireContextW |
| KERNEL32.dll |
FileTimeToDosDateTime
FileTimeToLocalFileTime MoveFileExW GlobalFree GlobalAlloc SetCurrentDirectoryW GetCurrentDirectoryW RemoveDirectoryW GetFileAttributesW DeleteFileW FileTimeToSystemTime GetSystemInfo CreateEventA GetModuleHandleW GetEnvironmentVariableW GetTickCount SetEnvironmentVariableW GetLastError ExpandEnvironmentStringsW Sleep GetProcessId WaitForSingleObject GetExitCodeProcess CloseHandle SetFileAttributesW InitializeCriticalSection CreateEventW CreateThread DeleteCriticalSection EnterCriticalSection LeaveCriticalSection SetEvent GetCommandLineW lstrlenW CompareStringW LocalFree CreateDirectoryW GetTempPathW LoadLibraryW GetProcAddress GetSystemDirectoryW SetDefaultDllDirectories FreeLibrary WaitForMultipleObjects ExitThread SetLastError SystemTimeToTzSpecificLocalTime GetSystemTime GetTimeZoneInformation FormatMessageW lstrlenA GetComputerNameW GetLocalTime GetVersionExW CreateFileA SetFileTime LocalFileTimeToFileTime DosDateTimeToFileTime SetFilePointer InitializeCriticalSectionAndSpinCount ResetEvent WaitForSingleObjectEx UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead RtlUnwind FreeLibraryAndExitThread EncodePointer TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW RaiseException GetStdHandle WriteFile GetModuleFileNameW ExitProcess GetModuleHandleExW HeapFree HeapAlloc GetFileType LCMapStringW FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetCommandLineA MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetStdHandle GetStringTypeW GetProcessHeap GetFileSizeEx SetFilePointerEx FlushFileBuffers GetConsoleOutputCP GetConsoleMode HeapSize HeapReAlloc ReadFile DecodePointer CreateFileW WriteConsoleW DuplicateHandle FindFirstFileW SetEndOfFile |
| Cabinet.dll |
#23
#22 #20 |
| OLEAUT32.dll |
VariantClear
SysAllocString |
| VERSION.dll |
GetFileVersionInfoW
VerQueryValueW GetFileVersionInfoSizeW |
| bcrypt.dll |
BCryptCreateHash
BCryptHashData BCryptFinishHash BCryptDestroyHash BCryptCloseAlgorithmProvider BCryptOpenAlgorithmProvider |
Delayed Imports
?dwPlaceholder@@3PAEA
| Ordinal | 1 |
|---|---|
| Address | 0x3d000 |
1
2
3
4
5
6
7
8
9
10
11
12
129
130
1 (#2)
2 (#2)
32
107
1 (#3)
1 (#4)
String Table contents
| Preparing: |
| Are you sure you want to cancel? |
| An error was encountered. |
| There is not enough disk space on your drive for the new files |
| to be uncompressed and installed. Please run this application |
| again after you have freed some space on your drive. |
| Unable to create or save new files in the folder into which |
| the files are being extracted. Please check the folder properties |
| to ensure you have permission on the folder to |
| write files and that the folder is not read-only. |
| The application cannot find one of its required files, possibly |
| because it was unable to create it in the folder. Please make |
| sure that the folder in which this application was downloaded is |
| accessible and not read-only. |
| Unable to execute the embedded application to complete the installation. |
| This application requires .Net Framework 4.6 or higher to be installed. |
| Please install the latest .NET Framework from https://go.microsoft.com/fwlink/?linkid=840938, or Windows Update. |
| Visual Studio Installer |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 17.10.35013.160 |
| ProductVersion | 17.10.35013.160 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | Microsoft Corporation |
| FileDescription | Visual Studio Installer |
| FileVersion (#2) | 17.10.35013.160 |
| InternalName | vs_community.exe |
| OriginalFilename | vs_community.exe |
| ProductName | Microsoft Visual Studio Community |
| ProductVersion (#2) | Visual Studio 2022 |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-May-08 18:25:01 |
| Version | 0.0 |
| SizeofData | 81 |
| AddressOfRawData | 0x8d50 |
| PointerToRawData | 0x8150 |
| Referenced File | D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-May-08 18:25:01 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x8da4 |
| PointerToRawData | 0x81a4 |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-May-08 18:25:01 |
| Version | 0.0 |
| SizeofData | 928 |
| AddressOfRawData | 0x8db8 |
| PointerToRawData | 0x81b8 |
TLS Callbacks
| StartAddressOfRawData | 0x435dd0 |
|---|---|
| EndAddressOfRawData | 0x435dd8 |
| AddressOfIndex | 0x43a0ac |
| AddressOfCallbacks | 0x401038 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0xa0 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x439008 |
| SEHandlerTable | 0x408b80 |
| SEHandlerCount | 116 |
| GuardCFCheckFunctionPointer | 4436680 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
RICH Header
| XOR Key | 0x7b80e07c |
|---|---|
| Unmarked objects | 0 |
| ASM objects (28900) | 10 |
| C++ objects (28900) | 144 |
| C++ objects (VS 2015/2017 runtime 26706) | 43 |
| C objects (VS 2015/2017 runtime 26706) | 19 |
| ASM objects (VS 2015/2017 runtime 26706) | 20 |
| C objects (28900) | 21 |
| Imports (28900) | 25 |
| Total imports | 204 |
| C++ objects (LTCG) (27051) | 71 |
| Exports (27051) | 1 |
| Resource objects (27051) | 1 |
| 151 | 2 |
| Linker (27051) | 1 |