affb528c4ee1b817a8adce384f6180d621e9338ca771ba517114f8908d1a24d4

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Nov-22 23:15:05
Detected languages English - United States
Debug artifacts C:\CodeBases\isdev\redist\language independent\i386\SetupSuite.pdb
CompanyName Flexera
FileDescription Setup Suite Launcher Unicode
FileVersion 26.0.717
InternalName SetupSuite
LegalCopyright Copyright (c) 2020 Flexera. All Rights Reserved.
OriginalFilename InstallShield SetupSuite.exe
ProductName InstallShield
ProductVersion 26.0
Internal Build Number 200860
ISInternalVersion 26.0.717
ISInternalDescription Setup Suite Launcher Unicode

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
Miscellaneous malware strings:
  • cmd.exe
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Suspicious The PE is possibly packed. Unusual section name found: .orpc
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryExA
  • LoadLibraryExW
Can access the registry:
  • RegOpenKeyW
  • RegOverridePredefKey
  • RegEnumValueW
  • RegDeleteValueW
  • RegQueryInfoKeyW
  • RegEnumKeyExW
  • RegDeleteKeyW
  • RegSetValueExW
  • RegCreateKeyExW
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegCloseKey
Possibly launches other programs:
  • CreateProcessW
Can create temporary files:
  • GetTempPathW
  • CreateFileW
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
Enumerates local disk drives:
  • GetDriveTypeW
Manipulates other processes:
  • OpenProcess
Can shut the system down or lock the screen:
  • ExitWindowsEx
Info The PE is digitally signed. Signer: Canon Production Printing Netherlands B.V.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Suspicious VirusTotal score: 1/65 (Scanned on 2024-07-25 05:10:38) Jiangmin: Trojan.Penguish.j

Hashes

MD5 1394799d326c8e80357e7d9341f49380
SHA1 d2fed31de3c6fb762bebc953f1421c9bee01b207
SHA256 affb528c4ee1b817a8adce384f6180d621e9338ca771ba517114f8908d1a24d4
SHA3 ab3df61b067dac3394a5f3a94101312a25700291bd04941287f47aa258c18936
SSDeep 98304:cv4qNCvuPAU0XHdvrQYEKtDZyuWpSmSghzt79iPRcJwFe+IPULhRSxsDs:Yn90XFrnEKtF8SmSyh79+c+FemLhRQ
Imports Hash 739d30e42859caddae6d7ccc9e44472d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x120

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2020-Nov-22 23:15:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xd7400
SizeOfInitializedData 0x82200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0009EF09 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xda000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x161000
SizeOfHeaders 0x400
Checksum 0x642753
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1750bfb54f760909316fb75e8cdc2e75
SHA1 5ea90d111f992faf3fc7a6689c67e1f0b493ac24
SHA256 ea9de2c2b6bf70a9b5503d4300055fe3e011e9285c102739df99441e7f87300b
SHA3 e6dc9893b082ae00a5b26213c1d8ac2a0c4783cd0c16d6d4c55b59172cacbe73
VirtualSize 0xd712e
VirtualAddress 0x1000
SizeOfRawData 0xd7200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.43146

.orpc

MD5 cd354034c97e7e49a28d023bcd2e4b72
SHA1 9c63675ee37fb05eecce67e217adc3c03aefaf79
SHA256 f049116ebe7d2f979bfb37771e52e39f2197ef0e385a89185c0514b2f58d5fc9
SHA3 b3bc0976cc378443221e9384b6bdd338df027865df8072a68d784fe2f8d26b85
VirtualSize 0x1a2
VirtualAddress 0xd9000
SizeOfRawData 0x200
PointerToRawData 0xd7600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.75849

.rdata

MD5 f4c4ac5ffd30e7f7533b304e8759dc27
SHA1 25cdcf08b8d2b1a82c55d34209472a649d59f82d
SHA256 03fd9c0799216ef7ef6362f9ed258af20319853f1079e5c3cfc2d30606e8f078
SHA3 e27919fc4530ebdaab76973f9d42a09045ff7abab01b95348e2a6a5c94f408aa
VirtualSize 0x4b17e
VirtualAddress 0xda000
SizeOfRawData 0x4b200
PointerToRawData 0xd7800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.48269

.data

MD5 d0de12512c17fef8658a1c83392a64c5
SHA1 a510f7d6d122e0450fb6fe930768e9948b7e7b44
SHA256 205198bacbf04c8ebe931898aeb54a2abc8e5bc7e338cfb249cc789d714304e6
SHA3 52618e1cf91d286489c9f0079b82222330a451b944ee4bced0f3df4b336d3414
VirtualSize 0x66f4
VirtualAddress 0x126000
SizeOfRawData 0x5a00
PointerToRawData 0x122a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.76445

.gfids

MD5 29953cd638712138d6b85f5b2994674c
SHA1 305360520a601ea6ea16290499375900165246eb
SHA256 03337cde81992f692a81646f05f4584c51f0d9843dba596cc0a6ffa0c993977e
SHA3 a65a7aa4c52b6f090d9ca7ccb437a8c5ff7668385c061a6442f90089a3b797ef
VirtualSize 0x134
VirtualAddress 0x12d000
SizeOfRawData 0x200
PointerToRawData 0x128400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.52788

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0x12e000
SizeOfRawData 0x200
PointerToRawData 0x128600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.rsrc

MD5 33f4fa149622b9f332bd16cfd15ae41e
SHA1 bd53cc8ce2129194662f6f9f88f4a4124843a67b
SHA256 97303509e7e810427ae130c0189d40610e43991e7af51d3ffaa49243cdcc1e1a
SHA3 367b3cfd5664db908b208e455ffb7719056a487246faad21519ae026aafd2b68
VirtualSize 0x1fc44
VirtualAddress 0x12f000
SizeOfRawData 0x1fe00
PointerToRawData 0x128800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.22371

.reloc

MD5 db0fd7e505616cb28e3e64ec7d9fcd4f
SHA1 55f44142d0640aa9c95001e7323b9f7af6e5384a
SHA256 5444286224bd755dc95ec0585d15c3654fe31edd854bbbdf716c496ce481009e
SHA3 447decc5a3d76a79c512a00424067f2971651ac2e40cc97c559184f4e5d4c6f7
VirtualSize 0x1126c
VirtualAddress 0x14f000
SizeOfRawData 0x11400
PointerToRawData 0x148600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.5664

Imports

KERNEL32.dll WaitForSingleObject
GetExitCodeThread
MoveFileExW
CreateNamedPipeW
GetDriveTypeW
SetEvent
EnterCriticalSection
LeaveCriticalSection
CopyFileW
GetUserDefaultLangID
OpenEventW
DeleteCriticalSection
RaiseException
DecodePointer
GetCurrentThreadId
InitializeCriticalSectionEx
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateMutexW
VirtualQuery
GetSystemInfo
IsBadReadPtr
GetFileTime
WriteFile
GetFileAttributesW
SetFileAttributesW
FlushFileBuffers
GetUserDefaultLCID
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetACP
GetSystemDefaultLangID
LoadLibraryW
GetModuleHandleExW
ConnectNamedPipe
GetCurrentProcessId
GetStringTypeW
GetStdHandle
ReleaseMutex
GetTempPathW
GetVersionExW
FileTimeToLocalFileTime
SystemTimeToFileTime
SetFilePointer
CreateEventW
QueryPerformanceFrequency
FindFirstFileW
FindClose
ReadFile
FileTimeToSystemTime
FreeLibrary
GetEnvironmentVariableW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
LocalFree
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
CloseHandle
UnmapViewOfFile
WideCharToMultiByte
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
lstrlenA
FormatMessageW
MultiByteToWideChar
SetLastError
GetLastError
LoadLibraryA
GetSystemDirectoryA
GetProcAddress
CompareStringA
GetModuleHandleW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
ExitProcess
VirtualAlloc
GetFullPathNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
LocalAlloc
GetCurrentThread
QueryPerformanceCounter
lstrlenW
lstrcatW
lstrcpyW
lstrcpynW
lstrcmpiW
GetTickCount
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
GetOEMCP
IsValidCodePage
GetCPInfo
LCMapStringW
CompareStringW
VirtualProtect
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
GetTimeFormatW
GetDateFormatW
InterlockedDecrement
GetVersion
GetProcessTimes
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
SetFileTime
CompareFileTime
LoadLibraryExW
GetTempFileNameW
GetCurrentDirectoryW
ResetEvent
GetFileType
USER32.dll CharUpperW
wsprintfW
GetDesktopWindow
PostThreadMessageW
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageW
MsgWaitForMultipleObjectsEx
MessageBoxW
GetGUIThreadInfo
WaitForInputIdle
ExitWindowsEx
CharLowerW
MsgWaitForMultipleObjects
ADVAPI32.dll RegOpenKeyW
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegOverridePredefKey
RegEnumValueW
SetEntriesInAclW
OpenThreadToken
GetTokenInformation
EqualSid
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
SHELL32.dll SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW
ole32.dll CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoUninitialize
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoGetInterfaceAndReleaseStream
CLSIDFromProgID
CoAddRefServerProcess
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateInstance
CoReleaseMarshalData
CoCreateGuid
CoReleaseServerProcess
OLEAUT32.dll SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetElement
SafeArrayPutElement
VariantTimeToSystemTime
VariantChangeTypeEx
GetErrorInfo
LoadTypeLib
LoadRegTypeLib
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SystemTimeToVariantTime
VariantChangeType
BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserFree
BSTR_UserSize
SysAllocString
VariantCopy
VariantClear
VariantInit
SysStringLen
SysReAllocStringLen
SysAllocStringLen
SysFreeString
RegisterTypeLib
UnRegisterTypeLib
SHLWAPI.dll PathFindFileNameW
PathFileExistsW
SHCreateStreamOnFileW
RPCRT4.dll UuidToStringW
UuidCreate
RpcStringFreeW
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrOleAllocate
IUnknown_Release_Proxy
NdrOleFree
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
msi.dll (delay-loaded) #111
#286
#285
#195
#287
#171
#115
#125
#118
#175
#190
#88
#169
#141
#205
#179
#70

Delayed Imports

Attributes 0x1
Name msi.dll
ModuleHandle 0x12b820
DelayImportAddressTable 0x12b7d4
DelayImportNameTable 0x123784
BoundDelayImportTable 0x123adc
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

1

Type TYPELIB
Language English - United States
Codepage Latin 1 / Western European
Size 0x6850
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.58498
MD5 7c4cd814eb0b82d782efd580eac78d72
SHA1 06825c62235cae1f711a7307f72938ae68521259
SHA256 e0f3c247f94092eb8c7fe94d2a0194826ea033c9012a6c5e70c0912b4d1df09d
SHA3 3515ec1582b7be8517b245b197c7941f63605aac389b7d566f1aef1ef8b2c9a7

1 (#2)

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x6f02
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.91425
Detected Filetype PNG graphic file
MD5 5b9aa6849c85c77dc9cc28f2cd13fa18
SHA1 9b05676f53159de0859815363fd518215ad3a690
SHA256 cf8d60d497f38685f4e238f073d61a542daf7ed2b28542c0cfc8f8d5d5a81e3e
SHA3 0040cfa5b4afd5c48a83b036d71fc838b141a4c43babe3db251a5fd1aa14ff1b

1 (#3)

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.67732
MD5 07dbf03fcd263378ff834b33a124713a
SHA1 35b63af4195ee25daf709d949b7a1a3aa5604f0f
SHA256 2c0dac40992d77fca9b9fada755b2a5de1afd689fcca63ce43563d7575ef7177
SHA3 575692dfb14708f926808ce904f3a8592e36cdae4d586e7b33fccf49561ac24d

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31163
MD5 2c4c2ace15b7bbede07ec64626ec9b5a
SHA1 ef68430a8d6ec04c23edea5b07bc591ed7653823
SHA256 3ff598246933facbf5c36c5ba94ee549d2572a919344e98fb7fe65699640effb
SHA3 2cfbef476caf56238808ac3bd3323e22b8b07861a34a0c825433611dd2a751d3

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.94006
MD5 6fc66216b68b96ae8c964b7a9b6aae2d
SHA1 9d73658fae8afd0b67ad1d6e9a93b8f08d3a5472
SHA256 9a86ae28f0d2b3564c103e8655df2213e4762c0e89af9e62b4aff53a770df91c
SHA3 60b9789fdd486ed9281a2fbc1cce94534ee0aebe7223654576a266ebd1eeeef0

7

Type RT_STRING
Language English - United States
Codepage Latin 1 / Western European
Size 0x48
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.94502
MD5 796e8ab5af9ee5c296c5afc082f2a424
SHA1 beae470d4f10a0d87a626fcbebebac191b4f20aa
SHA256 7afa8de1da2c68014757338c69ea92faa18c1785b650b6d97c9a405045091fa7
SHA3 701ba3165dbfc7ab30832c45b4fa89bec9c44ae19d4f2a8b1df30310b129aac5

101

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4782
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94728
Detected Filetype PNG graphic file
MD5 ddafe32fb92dc31f9814d16c9a928d94
SHA1 dec0678a5d3693b1f66d6e974aad7910defc822f
SHA256 9244d62024143ade86feeec043b31a91a7490f5f832ee6e61600c68bce36c01e
SHA3 0dbd082998ebb7fd9cffdc3969722158b03ca376edab5c24566030a6f8a16d3b

151

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4782
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94728
Detected Filetype PNG graphic file
MD5 ddafe32fb92dc31f9814d16c9a928d94
SHA1 dec0678a5d3693b1f66d6e974aad7910defc822f
SHA256 9244d62024143ade86feeec043b31a91a7490f5f832ee6e61600c68bce36c01e
SHA3 0dbd082998ebb7fd9cffdc3969722158b03ca376edab5c24566030a6f8a16d3b

201

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4782
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94728
Detected Filetype PNG graphic file
MD5 ddafe32fb92dc31f9814d16c9a928d94
SHA1 dec0678a5d3693b1f66d6e974aad7910defc822f
SHA256 9244d62024143ade86feeec043b31a91a7490f5f832ee6e61600c68bce36c01e
SHA3 0dbd082998ebb7fd9cffdc3969722158b03ca376edab5c24566030a6f8a16d3b

100

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.51664
Detected Filetype Icon file
MD5 bf09473e150d2e15e1218f034f5eb3c4
SHA1 ad73a2ff68abbbdc7d3805bb42dd2de68536d4f8
SHA256 772603ebc4f7ba7e86a20e4cf9742551da90d0e716847f981c7e259cf80c8600
SHA3 2d69ee176a327d5bbbf53db1c53c79fe3a0ff0cd07e1c4ff5f40075901871d8d

100 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.45849
Detected Filetype Icon file
MD5 409e1724611e0bc39356e2f58888db55
SHA1 c06c0e66cc2f7956256e2f018aa0294bfa914960
SHA256 6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210
SHA3 315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9

1 (#4)

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x40c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38394
MD5 a89261f11065c7723562994af818e629
SHA1 c60d2e752db25f0ef3a3b358b97b3012fc37e40e
SHA256 3f64972e84d984f2a24cdc243ccec83578ecbcd0f178a9ca6498f4ceba3fa86b
SHA3 313b1231b24280fc555d537e784c473807216c39a4849d96b9b0b1b881c2c565

1 (#5)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x428
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.36518
MD5 5d71581ec87c2a1c1c7b863a043278a9
SHA1 c95c708db278a1405ff94d46086c9d5a42d34b77
SHA256 94f75e44143655cd9d5c9c1fdf0355711260283d54b6891480f4de8b71d7fa56
SHA3 2addd0bf1849dfd8a96bcd8442e6a19f27a06f04f3dcb1788b8f1f2473f5d358

1 (#6)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x533
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.2661
MD5 20913020057f4bb577b5568818e9d77b
SHA1 3a9b4b890038a59065bc212fd22d066fb244f5da
SHA256 89e95cc25c8fed8da5475afe2eb0cd7060be823e5cceb827e7e6830f4869eeed
SHA3 2419474912c4ae9677993648588e1292439a4e033fd560117e0a89caff96a199

1 (#7)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x280
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07176
MD5 0f3b71d0fa474d73aff7de9cdf842732
SHA1 7990f81c60b8ab722c5ad7367f69c85106be5ed5
SHA256 5055de34114f55b1bfafbbbda68ec60c4291109780b9c197557b7c222c9a4e09
SHA3 c819cff55bde393211a32de2e92c070f295200f1b580ba63c6d18be15e762375

String Table contents

SetupSuite
SETUPSUITE

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-Nov-22 23:15:05
Version 0.0
SizeofData 91
AddressOfRawData 0x100754
PointerToRawData 0xfdf54
Referenced File C:\CodeBases\isdev\redist\language independent\i386\SetupSuite.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2020-Nov-22 23:15:05
Version 0.0
SizeofData 20
AddressOfRawData 0x1007b0
PointerToRawData 0xfdfb0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Nov-22 23:15:05
Version 0.0
SizeofData 1108
AddressOfRawData 0x1007c4
PointerToRawData 0xfdfc4

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2020-Nov-22 23:15:05
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x52e000
EndAddressOfRawData 0x52e008
AddressOfIndex 0x52bd20
AddressOfCallbacks 0x4da544
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x5260b0
SEHandlerTable 0x4ff500
SEHandlerCount 1173

RICH Header

XOR Key 0x7dffcd71
Unmarked objects 0
241 (40116) 12
243 (40116) 139
242 (40116) 24
ASM objects (VS2015 UPD3 build 24123) 22
C objects (VS2015 UPD3 build 24123) 19
C objects (VS2015 UPD3.1 build 24215) 1
C++ objects (VS2015 UPD3.1 build 24215) 12
C++ objects (23013) 2
C++ objects (VS2015 UPD3 build 24123) 56
244 (40116) 4
239 (40116) 17
Total imports 382
C++ objects (LTCG) (VS2015 UPD3.1 build 24215) 74
Resource objects (VS2015 UPD3 build 24210) 1
151 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

[*] Warning: Multiple nodes using the name Version Info in a dictionary.
Leave a comment

No comments yet.