| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2020-Nov-22 23:15:05 |
| Detected languages |
English - United States
|
| Debug artifacts |
C:\CodeBases\isdev\redist\language independent\i386\SetupSuite.pdb
|
| CompanyName | Flexera |
| FileDescription | Setup Suite Launcher Unicode |
| FileVersion | 26.0.717 |
| InternalName | SetupSuite |
| LegalCopyright | Copyright (c) 2020 Flexera. All Rights Reserved. |
| OriginalFilename | InstallShield SetupSuite.exe |
| ProductName | InstallShield |
| ProductVersion | 26.0 |
| Internal Build Number | 200860 |
| ISInternalVersion | 26.0.717 |
| ISInternalDescription | Setup Suite Launcher Unicode |
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
| Suspicious | The PE is possibly packed. | Unusual section name found: .orpc |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Canon Production Printing Netherlands B.V.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
| Suspicious | VirusTotal score: 1/65 (Scanned on 2024-07-25 05:10:38) | Jiangmin: Trojan.Penguish.j |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x120 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 8 |
| TimeDateStamp | 2020-Nov-22 23:15:05 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0xd7400 |
| SizeOfInitializedData | 0x82200 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0009EF09 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0xda000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.1 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.1 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x161000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x642753 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
WaitForSingleObject
GetExitCodeThread MoveFileExW CreateNamedPipeW GetDriveTypeW SetEvent EnterCriticalSection LeaveCriticalSection CopyFileW GetUserDefaultLangID OpenEventW DeleteCriticalSection RaiseException DecodePointer GetCurrentThreadId InitializeCriticalSectionEx HeapFree HeapSize HeapReAlloc HeapAlloc GetProcessHeap CreateMutexW VirtualQuery GetSystemInfo IsBadReadPtr GetFileTime WriteFile GetFileAttributesW SetFileAttributesW FlushFileBuffers GetUserDefaultLCID GetSystemDefaultLCID GetSystemDefaultUILanguage GetACP GetSystemDefaultLangID LoadLibraryW GetModuleHandleExW ConnectNamedPipe GetCurrentProcessId GetStringTypeW GetStdHandle ReleaseMutex GetTempPathW GetVersionExW FileTimeToLocalFileTime SystemTimeToFileTime SetFilePointer CreateEventW QueryPerformanceFrequency FindFirstFileW FindClose ReadFile FileTimeToSystemTime FreeLibrary GetEnvironmentVariableW CreateProcessW GetWindowsDirectoryW GetSystemDirectoryW LocalFree GetModuleFileNameW RemoveDirectoryW DeleteFileW CloseHandle UnmapViewOfFile WideCharToMultiByte MapViewOfFile CreateFileMappingW GetFileSize CreateFileW lstrlenA FormatMessageW MultiByteToWideChar SetLastError GetLastError LoadLibraryA GetSystemDirectoryA GetProcAddress CompareStringA GetModuleHandleW WriteConsoleW SetFilePointerEx GetConsoleMode GetConsoleCP ExitProcess VirtualAlloc GetFullPathNameW FreeLibraryAndExitThread ExitThread CreateThread TlsFree TlsSetValue TlsGetValue TlsAlloc RtlUnwind EncodePointer InitializeSListHead GetSystemTimeAsFileTime GetStartupInfoW IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter WaitForSingleObjectEx LocalAlloc GetCurrentThread QueryPerformanceCounter lstrlenW lstrcatW lstrcpyW lstrcpynW lstrcmpiW GetTickCount SetStdHandle SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA FindNextFileW FindFirstFileExW GetOEMCP IsValidCodePage GetCPInfo LCMapStringW CompareStringW VirtualProtect LoadLibraryExA IsDebuggerPresent OutputDebugStringW InitializeCriticalSectionAndSpinCount GetTimeFormatW GetDateFormatW InterlockedDecrement GetVersion GetProcessTimes OpenProcess GetCurrentProcess TerminateProcess GetExitCodeProcess SetFileTime CompareFileTime LoadLibraryExW GetTempFileNameW GetCurrentDirectoryW ResetEvent GetFileType |
|---|---|
| USER32.dll |
CharUpperW
wsprintfW GetDesktopWindow PostThreadMessageW DispatchMessageA DispatchMessageW TranslateMessage GetMessageA GetMessageW IsWindowUnicode PeekMessageW MsgWaitForMultipleObjectsEx MessageBoxW GetGUIThreadInfo WaitForInputIdle ExitWindowsEx CharLowerW MsgWaitForMultipleObjects |
| ADVAPI32.dll |
RegOpenKeyW
AdjustTokenPrivileges AllocateAndInitializeSid FreeSid InitializeSecurityDescriptor SetSecurityDescriptorDacl LookupPrivilegeValueW RegOverridePredefKey RegEnumValueW SetEntriesInAclW OpenThreadToken GetTokenInformation EqualSid RegDeleteValueW RegQueryInfoKeyW RegEnumKeyExW RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegQueryValueExW RegOpenKeyExW RegCloseKey OpenProcessToken |
| SHELL32.dll |
SHGetFolderPathW
ShellExecuteExW SHGetSpecialFolderPathW |
| ole32.dll |
CoMarshalInterThreadInterfaceInStream
CoInitializeEx CoUninitialize CoRegisterPSClsid CoRegisterClassObject CoRevokeClassObject CoGetInterfaceAndReleaseStream CLSIDFromProgID CoAddRefServerProcess CoMarshalInterface CreateStreamOnHGlobal CoUnmarshalInterface CoCreateInstance CoReleaseMarshalData CoCreateGuid CoReleaseServerProcess |
| OLEAUT32.dll |
SafeArrayCreate
SafeArrayGetUBound SafeArrayGetLBound SafeArrayGetDim SafeArrayDestroy SafeArrayGetElement SafeArrayPutElement VariantTimeToSystemTime VariantChangeTypeEx GetErrorInfo LoadTypeLib LoadRegTypeLib VarBstrCat SysAllocStringByteLen SysStringByteLen SystemTimeToVariantTime VariantChangeType BSTR_UserMarshal VARIANT_UserMarshal BSTR_UserUnmarshal VARIANT_UserSize VARIANT_UserUnmarshal VARIANT_UserFree BSTR_UserFree BSTR_UserSize SysAllocString VariantCopy VariantClear VariantInit SysStringLen SysReAllocStringLen SysAllocStringLen SysFreeString RegisterTypeLib UnRegisterTypeLib |
| SHLWAPI.dll |
PathFindFileNameW
PathFileExistsW SHCreateStreamOnFileW |
| RPCRT4.dll |
UuidToStringW
UuidCreate RpcStringFreeW IUnknown_QueryInterface_Proxy NdrDllGetClassObject NdrOleAllocate IUnknown_Release_Proxy NdrOleFree NdrCStdStubBuffer2_Release IUnknown_AddRef_Proxy NdrStubCall2 NdrStubForwardingFunction |
| msi.dll (delay-loaded) |
#111
#286 #285 #195 #287 #171 #115 #125 #118 #175 #190 #88 #169 #141 #205 #179 #70 |
| Attributes | 0x1 |
|---|---|
| Name | msi.dll |
| ModuleHandle | 0x12b820 |
| DelayImportAddressTable | 0x12b7d4 |
| DelayImportNameTable | 0x123784 |
| BoundDelayImportTable | 0x123adc |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
| SetupSuite |
| SETUPSUITE |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Nov-22 23:15:05 |
| Version | 0.0 |
| SizeofData | 91 |
| AddressOfRawData | 0x100754 |
| PointerToRawData | 0xfdf54 |
| Referenced File | C:\CodeBases\isdev\redist\language independent\i386\SetupSuite.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Nov-22 23:15:05 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x1007b0 |
| PointerToRawData | 0xfdfb0 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Nov-22 23:15:05 |
| Version | 0.0 |
| SizeofData | 1108 |
| AddressOfRawData | 0x1007c4 |
| PointerToRawData | 0xfdfc4 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Nov-22 23:15:05 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
| StartAddressOfRawData | 0x52e000 |
|---|---|
| EndAddressOfRawData | 0x52e008 |
| AddressOfIndex | 0x52bd20 |
| AddressOfCallbacks | 0x4da544 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x5c |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x5260b0 |
| SEHandlerTable | 0x4ff500 |
| SEHandlerCount | 1173 |
| XOR Key | 0x7dffcd71 |
|---|---|
| Unmarked objects | 0 |
| 241 (40116) | 12 |
| 243 (40116) | 139 |
| 242 (40116) | 24 |
| ASM objects (VS2015 UPD3 build 24123) | 22 |
| C objects (VS2015 UPD3 build 24123) | 19 |
| C objects (VS2015 UPD3.1 build 24215) | 1 |
| C++ objects (VS2015 UPD3.1 build 24215) | 12 |
| C++ objects (23013) | 2 |
| C++ objects (VS2015 UPD3 build 24123) | 56 |
| 244 (40116) | 4 |
| 239 (40116) | 17 |
| Total imports | 382 |
| C++ objects (LTCG) (VS2015 UPD3.1 build 24215) | 74 |
| Resource objects (VS2015 UPD3 build 24210) | 1 |
| 151 | 1 |
| Linker (VS2015 UPD3.1 build 24215) | 1 |
No comments yet.