Manalyze report for bd3eefe3f5a4bb0c948251a5d05727e7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jan-03 19:13:08
Detected languages	English - United States
Comments	TLauncher Setup
CompanyName	TLauncher Inc.
FileDescription	TLauncher Setup
FileVersion	`1.1.3.0`
InternalName	TLauncher
LegalCopyright	TLauncher Copyright © 2023
LegalTrademarks	TLauncher
OriginalFilename	suf_launch.exe
ProductName	TLauncher
ProductVersion	`2.885.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains a XORed PE executable: 53 6f 6e 74 27 77 75 68 60 75 66 6a 27 64 66 69 69 68 73 27 ...` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` Contains domain names: certs.securetrust.com comodo.net comodoca.com crl.comodoca.com crl.securetrust.com crl.trustwave.com crl.usertrust.com crl.vikingcloud.com crt.comodoca.com http://certs.securetrust.com http://certs.securetrust.com/issuers/TWGCA.crt0 http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0 http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0 http://crl.comodoca.com http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t http://crl.securetrust.com http://crl.securetrust.com/TWGCSCA_L1.crl0y http://crl.trustwave.com http://crl.trustwave.com/TWGCA.crl0n http://crl.usertrust.com http://crl.usertrust.com/UTN-USERFirst-Object.crl05 http://crl.vikingcloud.com http://crl.vikingcloud.com/TWGCA.crl0t http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0 http://crt.comodoca.com http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$ http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$ http://ocsp.comodoca.com0 http://ocsp.securetrust.com http://ocsp.securetrust.com/0? http://ocsp.trustwave.com http://ocsp.trustwave.com/06 http://ocsp.usertrust.com0 http://ocsp.vikingcloud.com http://ocsp.vikingcloud.com/0 http://ocsp.vikingcloud.com/0A http://ssl.trustwave.com http://ssl.trustwave.com/issuers/TWGCA.crt0 http://www.indigorose.com http://www.usertrust.com1 https://certs.securetrust.com https://certs.securetrust.com/CA0 https://certs.securetrust.com/CA05 https://secure.comodo.net https://secure.comodo.net/CPS0C https://ssl.trustwave.com https://ssl.trustwave.com/CA03 indigorose.com ocsp.securetrust.com ocsp.trustwave.com ocsp.vikingcloud.com secure.comodo.net securetrust.com ssl.trustwave.com trustwave.com usertrust.com vikingcloud.com www.indigorose.com www.lua.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW` `Functions related to the privilege level: OpenProcessToken`
Info	The PE is digitally signed.	`Signer: TLauncher Inc.` `Issuer: Trustwave Global Code Signing CA`
Suspicious	VirusTotal score: 1/70 (Scanned on 2024-02-11 18:50:35)	`CrowdStrike: win/grayware_confidence_70% (D)`

Hashes

MD5	`bd3eefe3f5a4bb0c948251a5d05727e7`
SHA1	`b18722304d297aa384a024444aadd4e5f54a115e`
SHA256	`f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0`
SHA3	`e4bb1338cbadd5db4b45215773b372e1d0eb28aaf831955012b66058ddf4aa51`
SSDeep	`393216:KXGWOLBh2NPfs/dQETVlOBbpFEjdGphRqV56HpkoaH3D8P2Q6YS6x9DOc:K2/BhSHExi73qqHpu34kYbzOc`
Imports Hash	`d619eda1a774da262071361b928bb2e4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Jan-03 19:13:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x5c00`
SizeOfInitializedData	`0x22c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002CE1 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x2c000`
SizeOfHeaders	`0x400`
Checksum	`0x169873b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9f1962fa11407b703991de156e1a01d9`
SHA1	`285e4cf3603c23eae27b3ed04ae7c61f9e5813e3`
SHA256	`0d1d0ed7b415a15618fddd4e689453a674c787579320f86fe2422d487297dd11`
SHA3	`47a3d1fec2206dfbaa9dc0f0991531ee7e3bccbac952bebe6f215423d3f8b5c4`
VirtualSize	`0x5a18`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40733`

.rdata

MD5	`688c41526d6adab0a871d2b1bda2b85a`
SHA1	`83d31539105727dfa0405664a01594ed2a87a575`
SHA256	`43595f27015f7f96e8cb35373a6c313f0f760a344667a9b8bf67c896e448c78e`
SHA3	`525cbf3079070e5ca70bef32c96d21144e7535b7e39625ba323f2b131adbc3c5`
VirtualSize	`0x2f54`
VirtualAddress	`0x7000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.05968`

.data

MD5	`b9bd8638dfc492fcae8d5be548f076fb`
SHA1	`a42ec5af8a1e9b3494e935384d5837c3d5566237`
SHA256	`cea172f4fb01462a65364ebba38075e637a673f4240bd9aa191b177c10e95125`
SHA3	`f244dad9e894b4c2383b305ef9a18d15f9c328b0600c8433d14dd4249e2ced8f`
VirtualSize	`0x1968`
VirtualAddress	`0xa000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.59807`

.rsrc

MD5	`0e353014bca24811ff217a54b42523bb`
SHA1	`cf2d75dda591e5723fe9dac0f001efa019f6ff37`
SHA256	`6e59376a1fcff8ff48274b6f85c216e8ef509101623630eba5882325f7b76c68`
SHA3	`555ae681683e7ba7bdcb76bfc8dbbe5ce63d576c0028668a000d60bcc8d6f48b`
VirtualSize	`0x1ddd8`
VirtualAddress	`0xc000`
SizeOfRawData	`0x1de00`
PointerToRawData	`0x9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.50327`

.reloc

MD5	`d852505950a77d5ae96630f45867a775`
SHA1	`b71e9ea105f50a116dcbab746be3ed6c87af9bc5`
SHA256	`79697ad5ee57cab8b9cf013d7d6a2d1a4ba0d0467ba0d1e71f6683fd760d78bb`
SHA3	`85209c8c120ef51b3e0dddf6f8da4d3c0729fee592f00973617af9101c45a6d8`
VirtualSize	`0x10d0`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x27a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.81847`

Imports

KERNEL32.dll	`LoadLibraryA` `lstrcpyA` `lstrcatA` `lstrlenA` `GetSystemDirectoryA` `GetProcAddress` `GetModuleHandleA` `_lclose` `GetModuleFileNameA` `_lread` `_llseek` `_lopen` `_lwrite` `_lcreat` `CreateDirectoryA` `SetCurrentDirectoryA` `GetDiskFreeSpaceA` `GetFileAttributesA` `CompareStringA` `DeleteFileA` `GetTempPathA` `GetCurrentDirectoryA` `CloseHandle` `GetExitCodeProcess` `GetLastError` `LocalFree` `GetCurrentProcess` `MoveFileExA` `GetStringTypeW` `MultiByteToWideChar` `LCMapStringW` `HeapReAlloc` `RtlUnwind` `HeapSize` `Sleep` `RemoveDirectoryA` `FreeLibrary` `IsValidCodePage` `GetOEMCP` `GetModuleHandleW` `ExitProcess` `DecodePointer` `HeapFree` `HeapAlloc` `GetCommandLineA` `HeapSetInformation` `GetStartupInfoW` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `EncodePointer` `LoadLibraryW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `InterlockedIncrement` `SetLastError` `GetCurrentThreadId` `InterlockedDecrement` `WriteFile` `GetStdHandle` `GetModuleFileNameW` `IsProcessorFeaturePresent` `HeapCreate` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `GetCPInfo` `GetACP`
USER32.dll	`TranslateMessage` `DispatchMessageA` `PeekMessageA` `wsprintfA` `LoadCursorA` `SetCursor` `MessageBoxA` `MsgWaitForMultipleObjects`
ADVAPI32.dll	`GetTokenInformation` `OpenProcessToken`
SHELL32.dll	`ShellExecuteExA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92261`
Detected Filetype	PNG graphic file
MD5	`2210ca5e3b6a791d018321a1054b4f7e`
SHA1	`64ca01e4d8ea0a5adb1036bae801aeb07fa89020`
SHA256	`a2e988e11f1121dbceaba0c9f15bed7595e67cb4e6258c95c82e009f94fc3540`
SHA3	`caceb190f15de65dde58f1f095c3a2d4d399eb5e691504f4a18dbdb9fe5fba5b`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87454`
MD5	`28a1b81d763624a118ccfb98e0ce01a6`
SHA1	`f178d84237d1c82f9e305998aec85d19109d199a`
SHA256	`98a0bac50d7acea0fc3c79d6b060d072c33690b6de1e279ee3ef78c76d485c5f`
SHA3	`20f30032ee6f58d0f0605819aa598d68e6703da524b1cc405b8a07a5f8a9e141`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04321`
MD5	`740f77cf5df55a8545934f0849802f93`
SHA1	`3cea7437f1a81a72f01217427a413643154b491e`
SHA256	`cfc6206863b5fdae7fd2b489c2c30ce97b8501c8e8ed212dca6445ec1b99f67f`
SHA3	`51d618ba563c6caa31b0e1194616201697e0d79afe32fb59949e2a5ea6051510`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10433`
MD5	`07c75defbe99c950aa137669a1b066d0`
SHA1	`8a1d1be422693635ff3d9014f1293bdd7264c78e`
SHA256	`9648cb92fe5f2954b1cda59ca4f9a63936567de820c1dead332a17216a56ce6d`
SHA3	`c041139298687324e2fa2c2d07dc6a87d3bd183b00460c0bc86e83524d2551d1`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15069`
MD5	`1c7b7303944ce1b1469ebf572ded9c42`
SHA1	`9a29b5c2c400225bf6ea063fbabb38f36cdd293a`
SHA256	`36bbba69354b98a39014e0a13256ad08a978cd4934a3331365af4804442d2184`
SHA3	`84ddc4a15206ade761b4f447106991d621019331fa1b57a874d01080654fd6ae`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24063`
MD5	`d87a0d1aee829428a07b8a1326879286`
SHA1	`e30a138c96cb6ea1d0e14375653068ea86ddd6de`
SHA256	`e4104d291f0f919e4edcf0f1b9289458e69d5057be497f6475b431087dec7828`
SHA3	`3679f553fd3e5eed2c0526a6964019c77a6c393b6862be2b1362c4898399d26a`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45174`
MD5	`af420ff966dc858418e7ada345f08ad9`
SHA1	`56da104efbc4bc3c1f77f5a0a3f0ea83e25e0f79`
SHA256	`3e8675a01fa20affc5991a14a16d42667923bfa21bb65d21ed3a5d22134edd2c`
SHA3	`ef666271c409080a70e9452bf81b849f8c2f44fa3f5c00f34f7bbfcf79266543`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39733`
MD5	`7726b8256001055ab9d274d62fa588bc`
SHA1	`e74bc7a6807d25aae6454c795451813684f17b0c`
SHA256	`3480fea578916245b1c131dc1a5cc2cecc0887c36303a5d0286f21b2328e1c8d`
SHA3	`f9178a9038e1f31468ac463eed610a4ef5a23eb47eb8ee200f322bce9b94b11b`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52276`
MD5	`4642cb48050f1c3a282581d014febe53`
SHA1	`e4c026ee4e1deb82cd1f66f91470bc69a6fc2295`
SHA256	`05602c1896ff6fdf6250d7bfa766bae23ab5b0ca18caf43c1dfb467ad854e0d6`
SHA3	`69a88a448e69f444e3e70e1e36c4d84daa11f5776b23ab43f568cf4ed60905de`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9892`
Detected Filetype	Icon file
MD5	`6aa5b18ae2462273a6e62cdf27de9cec`
SHA1	`6068faf72e86c78a04e35f4f97c9a17f7c5b57de`
SHA256	`462aec5a20b86eb1f8ec71b80bea843a493a58dadfdc2b6869804f61750cbafe`
SHA3	`aad532ead28123d477e3e83c22d1402bf70abed82e0aeb79973d4c413560d993`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x34c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31985`
MD5	`6f90c7ca14f51564a2a3bc380d342efd`
SHA1	`8e04310dcadb76a87720fdfadf72e6648b4b41ce`
SHA256	`fb5fa3b6bd31dd0d1b620a30ed0c5455c2fe278f3d8b295040e569a70f4c30e1`
SHA3	`e7736cfd2d5ffd7962a24713eb4a6940e9edc5a963e84d56aa734ca71cb88c35`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x591`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3701`
MD5	`28a92f66be83b54ca0591c8851f3b421`
SHA1	`61c691d0a3e993ee0bce12246615ddf48f13438a`
SHA256	`8b8b07e89767e6e8c3208435fd02e51d702440aaee7caff3ac3f40c3af311695`
SHA3	`083ac6c2236e35bee37b7d151869f4ee7ec50da4ad51af96a62f79e5bcad3d13`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.1.3.0
ProductVersion	2.885.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	TLauncher Setup
CompanyName	TLauncher Inc.
FileDescription	TLauncher Setup
FileVersion (#2)	1.1.3.0
InternalName	TLauncher
LegalCopyright	TLauncher Copyright © 2023
LegalTrademarks	TLauncher
OriginalFilename	suf_launch.exe
ProductName	TLauncher
ProductVersion (#2)	2.885.0.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40a020`
SEHandlerTable	`0x409510`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x948cbac7`
Unmarked objects	`0`
ASM objects (VS2010 SP1 build 40219)	`14`
C objects (VS2010 SP1 build 40219)	`67`
Imports (VS2008 SP1 build 30729)	`9`
Total imports	`102`
C++ objects (VS2010 SP1 build 40219)	`25`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

bd3eefe3f5a4bb0c948251a5d05727e7

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

101

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors