b7907ea1b4a213de503a633f1c8c7503

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Jan-04 20:21:28
Comments Best tool to manage Windows Firewall with Advanced Security
CompanyName Malwarebytes
FileDescription Malwarebytes Windows Firewall Control - Setup
FileVersion 6.1.0.0
InternalName wfc6setup.exe
LegalCopyright © 2020 Malwarebytes. All Rights Reserved.
LegalTrademarks
OriginalFilename wfc6setup.exe
ProductName Malwarebytes Windows Firewall Control - Setup
ProductVersion 6.1.0.0
Assembly Version 6.1.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • sc.exe
May have dropper capabilities:
  • CurrentVersion\Run
Contains domain names:
  • BiniSoft.org
  • binisoft.org
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/winfx/2006/xaml
  • http://schemas.microsoft.com/winfx/2006/xaml/presentation
  • https://binisoft.org
  • microsoft.com
  • schemas.microsoft.com
Info The PE is digitally signed. Signer: Malwarebytes Inc
Issuer: DigiCert Assured ID Code Signing CA-1
Safe VirusTotal score: 0/73 (Scanned on 2020-06-22 04:59:37) All the AVs think this file is safe.

Hashes

MD5 b7907ea1b4a213de503a633f1c8c7503
SHA1 d3c3da6f1e35e923918d3d70fe5b347a87318479
SHA256 bc929e6642656c49071519248de410d4da5dff7c667e6e88fd2619f761413b8c
SHA3 af1539d0fe91e9b313215d6d54c47e04a9baca2144658a5fd93ba0006b025b66
SSDeep 49152:/hq7UMHVJ9pOd88v9gyv/MD/sTbi707qXnmo7Qn3c6NIftzQIWbKelA51:Y71VJjE8O+yv/IUbi4wJ44EI/eS
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Jan-04 20:21:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x2a6c00
SizeOfInitializedData 0x5400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x002A8BD2 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x2aa000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x2b2000
SizeOfHeaders 0x200
Checksum 0x2b02f0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d476388c71ae007d79a7afde098e10b6
SHA1 49d4234a2e76621fbbc5e672c76dcb6d1da64ef2
SHA256 b3e8c76bc7aaa1b095d1bc0ff7f6558fb4c59bf0a7aecbcbc09ba09d40ad9ab3
SHA3 013e01109f5f0674435354a3c5a3efdfe4eb184dac30147235901811b83af165
VirtualSize 0x2a6bd8
VirtualAddress 0x2000
SizeOfRawData 0x2a6c00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.98491

.rsrc

MD5 3f8c6c356ae8bb7845bbb9e18428c85f
SHA1 711fbefaade76f01641d536a45441fa507d9e7d6
SHA256 997e70e4f50112b1c69ceaafa3e276f59bb5660e2d79f80f2afd37324dbe2797
SHA3 f92d56e581b1cf5adb931293f9e88407f792d4c01b80db1143203744d831fb7e
VirtualSize 0x5180
VirtualAddress 0x2aa000
SizeOfRawData 0x5200
PointerToRawData 0x2a6e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.2254

.reloc

MD5 5a82fbc6e66c8e6f8c6beda7b8e44c02
SHA1 21c2a8d8b143887c882984659f21225e990b2fca
SHA256 ec9ac0880eebaa3f69c09d4c08c6216369c581cbfc1ffbeeb426f3c4fa1af152
SHA3 665123c0d47c164ad2e84c23f6cbeb59e5fecf62b7f17fcf195e2e0e051b4fbd
VirtualSize 0xc
VirtualAddress 0x2b0000
SizeOfRawData 0x200
PointerToRawData 0x2ac000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.33822
MD5 9f3efa5fc45a905f4340cf83f9695451
SHA1 d75195a31dbc18056f501484026a65a916ede0cb
SHA256 5156eba61ca2e3ec8d14b15e5c261a00ab1565ea61e6c89d4e4c790f32d0b289
SHA3 9446baeb7e2294ef25abf028553e9338ba999173a9e4c45d4a2c4f84ed5e9814

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.29655
MD5 9efb12adfad882f2e7d3bdb20b0453e7
SHA1 ceabe2c1b9543640c46990be451230ef7f9a8385
SHA256 c085c067f1ab86ae23fa525af308a808d6e629ea34d4a46e29e2504f328340f5
SHA3 791d70102c1d7dc0b85777a71ece56c5412fb961e9839a1fe4b35b5e6bd070a9

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37041
MD5 cddacff6321b96fe39d3642f653b1ea8
SHA1 73a3f68f795f8792763192719c0aafb09996671e
SHA256 eb7da90417f3d4038692ab4f83c15d448b1b7b4541257980f3b7a0db7b0176fd
SHA3 b33f6b90058e204b5e396d583ca084753d621ef531c89474bcdb1df7b95d1af0

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.82607
MD5 1c48c83db3aaf031eae36c7d499ff18e
SHA1 4938eaa8c7afe3a7c9933bb7a43aa51f70f80e85
SHA256 e1a81e163f0189e4934de0e5f07c4aad34bfce97728f97b9a99059133a6eb33a
SHA3 ecd3c9856368a1f12f80a807c0db76459083bbe142a6e6f42742b530ade0dbc5

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62308
Detected Filetype Icon file
MD5 5c84b5099ac46312565be1aa2e21eff0
SHA1 25f00759b0e6641f9b423e6a52556c2e4e2796c3
SHA256 816cc8c77a0adb35a7432b2bac047e9834bfd21b0ef96c612e5f8bc4f0986620
SHA3 17e6deff600599725f4cf3c95b7472cf6ca993cdc40907ae04b6209f5619547f

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.4091
MD5 18cc6cdcf08029af3af0878080f26074
SHA1 f0fb6d6ead0bd7ab0d67e60524a5de274d59b236
SHA256 dd864d34717993533b94be45bfee9afd8a651ea96525b3ee9907330267db7c99
SHA3 c37f2e2d9731d753e07fae5ba6ad95640e406c11e1fa11f68495976173360a47

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x6d1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.07521
MD5 b7a8b4b89a9c0398eb03fbb2505e9f30
SHA1 9b66994a9ff18ab63210954ceac6e48bb2d5d7de
SHA256 e0e32bfc210b100ad9c0a9f5d904def3a3bb475219919a8172212f4c0e228f19
SHA3 ee41a8ca60d8ae8a664b68701c7fc264105785f10316f5d9e9476b90509300bf

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.1.0.0
ProductVersion 6.1.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Best tool to manage Windows Firewall with Advanced Security
CompanyName Malwarebytes
FileDescription Malwarebytes Windows Firewall Control - Setup
FileVersion (#2) 6.1.0.0
InternalName wfc6setup.exe
LegalCopyright © 2020 Malwarebytes. All Rights Reserved.
LegalTrademarks
OriginalFilename wfc6setup.exe
ProductName Malwarebytes Windows Firewall Control - Setup
ProductVersion (#2) 6.1.0.0
Assembly Version 6.1.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors