bcea2cb38e00193dc5d55dac4bcb9d73

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Feb-11 04:48:54
Comments
CompanyName
FileDescription BlueStacksTweaker5
FileVersion 5.16.1.0
InternalName BlueStacksTweaker5.exe
LegalCopyright Copyright © AJacobs 2016
LegalTrademarks
OriginalFilename BlueStacksTweaker5.exe
ProductName BlueStacksTweaker5
ProductVersion 5.16.1.0
Assembly Version 5.16.1.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info Interesting strings found in the binary: Contains domain names:
  • Vodafone.de
  • adobe.com
  • bstweaker.tk
  • http://127.0.0.1
  • http://ns.adobe.com
  • http://ns.adobe.com/exif/1.0/
  • http://ns.adobe.com/photoshop/1.0/
  • http://ns.adobe.com/tiff/1.0/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
  • http://ns.adobe.com/xap/1.0/sType/ResourceRef#
  • http://purl.org
  • http://www.w3.org
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • inkscape.org
  • ns.adobe.com
  • www.inkscape.org
  • www.w3.org
Malicious VirusTotal score: 3/72 (Scanned on 2020-05-23 23:32:37) CrowdStrike: win/malicious_confidence_60% (W)
APEX: Malicious
VBA32: CIL.HeapOverride.Heur

Hashes

MD5 bcea2cb38e00193dc5d55dac4bcb9d73
SHA1 d105c924f088e7a464a7449e7fd3f1bfd22a43d7
SHA256 e5f89d20152438bd8106a1ce15019b9dcd83e1e5b65d10f0a0a00770d0b60a11
SHA3 25787ff82eb22c5da0dd08f8a045524b07a953614201df4a39944bfaa704fa45
SSDeep 12288:CKJxMaOOOOOOOOOO1HHYozE29a4V2PBLy3oU:CYbHvL9zGBLy3/
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Feb-11 04:48:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x63c00
SizeOfInitializedData 0x5a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00065B3E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x66000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6e000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 42507381eea760cc78315eaa9bd661b0
SHA1 b729506a7613e1b9d421ccffe3b3750f74b32a3b
SHA256 ed349d0393a9ebe832634a8a7f984a985b40d6f4b970d41f6204cbdf33a711ed
SHA3 c653e7b4d176f964390aedd87024ff8e37d40fa251cccfdca1f04d9937f4c4ff
VirtualSize 0x63b44
VirtualAddress 0x2000
SizeOfRawData 0x63c00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.62796

.rsrc

MD5 1429731d9eb950360da69508e530b05d
SHA1 f1f141d070ab8212fc33654be4c952c2e127f263
SHA256 598dffc232c43fca3960182251c5a52ba1905428ce1cd8ba7eed1dd90e94748e
SHA3 ed80b3d3ce7a6ca2b3e67dc5b484ceff0a7d0572e231746e4d26415fca52093d
VirtualSize 0x5680
VirtualAddress 0x66000
SizeOfRawData 0x5800
PointerToRawData 0x63e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.9458

.reloc

MD5 129f3080d5f75160b229908b871dd8b8
SHA1 3fcf44636142e1592fadfc4eb4ce6c148a2113d4
SHA256 395afb25073e8c1448ca3d05707e131648d60664c3635f2213e8319a44a1c99e
SHA3 1bea23a501c491d1a6333b118a57f728ce4be5f23d13ab8a635a0d0a2c21b589
VirtualSize 0xc
VirtualAddress 0x6c000
SizeOfRawData 0x200
PointerToRawData 0x69600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.67484
MD5 47e9e24c749b0fd41bd8c6839e57c07c
SHA1 a81018f0b90a72aa70dcf7e901f6129d38d8462f
SHA256 23db16eb771ea7020b260020291f749a16aeff5e7611e26a915328a96ebf39b4
SHA3 31768a761ef0894450caa17c9332785d8602cb68e2c815024f3faec48adc38e3

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 3e1d980f0dc747eec9d946c155cb1498
SHA1 15414ced0202f709d400c957d441a8856dde8479
SHA256 027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd
SHA3 11e83c27ff3b8cca2c537273338202138c94fb4b10a6b2daf0f7d23d177cc049

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x386
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35478
MD5 be1c60a37f6f4b2dc1f67e24e436402d
SHA1 a4af1b87925a3f3135b5644f06d93f1f044d378e
SHA256 906166588b8db00cd332f9706f8846496ff31c29cb56925b30b795a10dbd03d7
SHA3 cc6f97726fb6f6644ef1b14d5e852e0116efbb28e454e1800179aa31cae41fd4

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xf8c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.43024
MD5 fbc0e90a742b7d449967346160f28637
SHA1 d8b2b8989ad9f0ad2b8c1434d9f7f193a595172b
SHA256 e4efe55e1d18d7452e1ded3846d91b1b4d1318cb5546f7c2e4ad2eb052d9d129
SHA3 49cbb1e4135501a5345493771d2c5117e67c8dfef7fd1ab9998018594dbc170f

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.16.1.0
ProductVersion 5.16.1.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription BlueStacksTweaker5
FileVersion (#2) 5.16.1.0
InternalName BlueStacksTweaker5.exe
LegalCopyright Copyright © AJacobs 2016
LegalTrademarks
OriginalFilename BlueStacksTweaker5.exe
ProductName BlueStacksTweaker5
ProductVersion (#2) 5.16.1.0
Assembly Version 5.16.1.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors