Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Aug-20 18:35:44 |
Detected languages |
English - United States
|
Debug artifacts |
C:\CodeBases\isdev\redist\Language Independent\i386\setupPreReq.pdb
|
CompanyName | CMS Online |
FileDescription | Setup Launcher Unicode |
FileVersion | 1.08.7000 |
InternalName | Setup |
LegalCopyright | Copyright (c) 2016 Flexera Software LLC. All Rights Reserved. |
OriginalFilename | InstallShield Setup.exe |
ProductName | CMS Terminal Integration Service Installation |
ProductVersion | 1.08.7000 |
Internal Build Number | 169350 |
ISInternalVersion | 23.0.288 |
ISInternalDescription | Setup Launcher Unicode |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource 103 is possibly compressed or encrypted. |
Info | The PE is digitally signed. |
Signer: Complete Merchant Solutions
Issuer: Go Daddy Secure Certificate Authority - G2 |
Safe | VirusTotal score: 0/69 (Scanned on 2021-06-12 05:01:18) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2016-Aug-20 18:35:44 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 11.0 |
SizeOfCode | 0xec600 |
SizeOfInitializedData | 0x90c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0006D1DC (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xee000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x187000 |
SizeOfHeaders | 0x400 |
Checksum | 0x9299de |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
#17
|
---|---|
KERNEL32.dll |
MoveFileW
LocalFree FormatMessageW GetSystemInfo MulDiv RaiseException EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionAndSpinCount DeleteCriticalSection LoadLibraryExW GetVersion GetLocalTime GetFileAttributesW GetCurrentDirectoryW FileTimeToLocalFileTime GetFileTime GetSystemDefaultUILanguage GlobalAlloc GlobalFree FlushFileBuffers SetEndOfFile VirtualQuery IsBadReadPtr GetDiskFreeSpaceExW GetDriveTypeW GetCurrentThread InterlockedExchange LoadLibraryExA GetPrivateProfileSectionW GetShortPathNameW GetModuleHandleW GetProcAddress GetSystemDirectoryA LoadLibraryA GetLastError SetLastError GetPrivateProfileStringW GetFileSize CloseHandle CreateFileMappingW MapViewOfFile UnmapViewOfFile lstrlenA MultiByteToWideChar WideCharToMultiByte ReadFile SetFilePointer WriteFile HeapAlloc GetSystemTimeAsFileTime SetFileAttributesW FindNextFileW FindFirstFileW FindClose CreateDirectoryW CompareFileTime VerLanguageNameW GetUserDefaultLangID GetSystemDefaultLangID lstrcmpiW lstrcmpW IsValidLocale GetLocaleInfoW lstrcpyA ExitThread GetExitCodeProcess GetCommandLineW LoadLibraryW FreeLibrary FreeResource GetPrivateProfileSectionNamesA GetPrivateProfileStringA GetPrivateProfileIntA lstrcatA lstrcmpiA lstrcpynA LocalAlloc lstrcmpA SystemTimeToFileTime ResetEvent SetEvent Process32NextW Process32FirstW CreateToolhelp32Snapshot FindResourceExW GetEnvironmentVariableW SetFileTime OpenProcess GetProcessTimes ReadConsoleW WriteConsoleW SetStdHandle SetFilePointerEx GetConsoleMode GetConsoleCP CompareStringA CompareStringW lstrcatW GetVersionExW InterlockedDecrement InterlockedIncrement CreateEventW QueryPerformanceFrequency GetTempFileNameW CopyFileW GetTickCount GetExitCodeThread CreateThread FindResourceW GlobalUnlock GlobalLock SizeofResource LockResource LoadResource lstrcpyW GetWindowsDirectoryW SetErrorMode GetTempPathW CreateFileW ExpandEnvironmentStringsW MoveFileExW WriteProcessMemory VirtualProtectEx GetSystemDirectoryW FlushInstructionCache SetThreadContext GetThreadContext CreateProcessW ResumeThread TerminateProcess ExitProcess GetCurrentProcess Sleep WaitForSingleObject DuplicateHandle RemoveDirectoryW DeleteFileW SetCurrentDirectoryW lstrlenW lstrcpynW GetModuleFileNameW GetProcessHeap HeapFree FatalAppExitA WritePrivateProfileSectionW EnumSystemLocalesW GetUserDefaultLCID GetTimeFormatW GetDateFormatW SetConsoleCtrlHandler OutputDebugStringW FreeEnvironmentStringsW GetEnvironmentStringsW GetCurrentProcessId QueryPerformanceCounter GetFileType HeapReAlloc CreateSemaphoreW GetStartupInfoW TlsFree TlsSetValue TlsGetValue TlsAlloc SetUnhandledExceptionFilter UnhandledExceptionFilter GetStringTypeW GetCPInfo GetOEMCP GetACP IsValidCodePage GetCurrentThreadId HeapSize AreFileApisANSI GetModuleHandleExW GetStdHandle IsProcessorFeaturePresent IsDebuggerPresent RtlUnwind LCMapStringW DecodePointer EncodePointer |
USER32.dll |
MapWindowPoints
GetMessageW TranslateMessage DispatchMessageW PostMessageW DefWindowProcW PostQuitMessage RegisterClassW CreateWindowExW SetTimer KillTimer LoadCursorW LoadIconW wsprintfW PeekMessageW MsgWaitForMultipleObjects GetDesktopWindow ShowWindow DialogBoxIndirectParamW EndDialog GetDlgItem SetWindowTextW CharPrevW wvsprintfW LoadImageW CreateDialogParamW MoveWindow GetParent GetWindowTextW SetCursor GetWindow GetDlgItemTextW SetFocus SetForegroundWindow SetActiveWindow SetDlgItemTextW FindWindowW SubtractRect IntersectRect SetRect FillRect SetWindowPos GetSysColor GetDC GetSystemMetrics GetDlgCtrlID CreateDialogIndirectParamW ExitWindowsEx CharUpperW wsprintfA CallWindowProcW DrawIcon DrawTextW UpdateWindow InvalidateRect SetPropW GetPropW RemovePropW GetSysColorBrush DrawFocusRect CopyRect InflateRect EnumChildWindows GetClassNameW MapDialogRect RegisterClassExW MonitorFromPoint CharNextW IsDialogMessageW FindWindowExW ScreenToClient MessageBoxW GetWindowRect EnableWindow SendDlgItemMessageW DestroyWindow IsWindow SendMessageW WaitForInputIdle SetWindowLongW GetWindowLongW GetClientRect EndPaint BeginPaint ReleaseDC GetWindowDC |
GDI32.dll |
CreateHalftonePalette
GetDIBColorTable SelectPalette RealizePalette GetSystemPaletteEntries CreatePalette CreateFontW SetTextColor SetBkMode GetDeviceCaps CreateSolidBrush GetObjectW TranslateCharsetInfo CreateFontIndirectW SetStretchBltMode StretchBlt SelectObject DeleteDC CreateDIBitmap CreateCompatibleDC BitBlt DeleteObject GetStockObject CreateCompatibleBitmap CreateDCW CreatePatternBrush GetTextExtentPoint32W RestoreDC SaveDC DeleteMetaFile CreateBitmap CreateRectRgn PatBlt PlayMetaFile SelectClipRgn SetBkColor SetMapMode SetMetaFileBitsEx SetPixel SetViewportExtEx SetViewportOrgEx SetWindowExtEx SetWindowOrgEx UnrealizeObject |
ADVAPI32.dll |
RegQueryValueExW
RegOpenKeyExW CryptVerifySignatureW CryptSignHashW CryptDestroyHash CryptHashData CryptCreateHash CryptImportKey CryptExportKey CryptGetHashParam CryptSetHashParam CryptDestroyKey CryptDeriveKey CryptReleaseContext CryptAcquireContextW RegOpenKeyW RegEnumKeyW RegCreateKeyW RegOverridePredefKey LookupPrivilegeValueW AdjustTokenPrivileges GetTokenInformation FreeSid EqualSid AllocateAndInitializeSid OpenThreadToken OpenProcessToken SetEntriesInAclW SetSecurityDescriptorOwner SetSecurityDescriptorGroup SetSecurityDescriptorDacl InitializeSecurityDescriptor CreateWellKnownSid RegQueryInfoKeyW RegEnumKeyExW RegDeleteKeyW RegEnumValueW RegDeleteValueW RegSetValueExW RegCreateKeyExW RegCloseKey |
SHELL32.dll |
CommandLineToArgvW
ShellExecuteW SHBrowseForFolderW SHGetFolderPathW SHGetPathFromIDListW ShellExecuteExW SHGetMalloc SHGetSpecialFolderLocation |
ole32.dll |
CoUninitialize
CoInitializeSecurity CoInitialize CoTaskMemRealloc ProgIDFromCLSID CreateStreamOnHGlobal CoTaskMemAlloc CLSIDFromProgID GetRunningObjectTable CreateItemMoniker CoCreateGuid StringFromGUID2 CoCreateInstance CoTaskMemFree |
OLEAUT32.dll |
SysReAllocStringLen
VarUI4FromStr SystemTimeToVariantTime VarBstrCmp CreateErrorInfo SetErrorInfo UnRegisterTypeLib RegisterTypeLib LoadTypeLib SysStringLen SysAllocString SysStringByteLen SysAllocStringByteLen VarBstrCat VarBstrFromDate VariantClear VariantChangeType SysAllocStringLen SysFreeString GetErrorInfo |
RPCRT4.dll |
UuidToStringW
UuidFromStringW RpcStringFreeW UuidCreate |
gdiplus.dll |
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile GdipCreateBitmapFromStreamICM GdipCreateBitmapFromFileICM GdipCreateBitmapFromResource GdipCreateFromHDC GdipDeleteGraphics GdipSetInterpolationMode GdipDrawImageRectI GdipGetImageWidth GdipGetImageHeight GdipAlloc GdipFree GdiplusStartup GdipCloneImage GdipDisposeImage |
VERSION.dll (delay-loaded) |
VerQueryValueW
GetFileVersionInfoW GetFileVersionInfoSizeW |
Attributes | 0x1 |
---|---|
Name | VERSION.dll |
ModuleHandle | 0x136d74 |
DelayImportAddressTable | 0x1327d0 |
DelayImportNameTable | 0x12c6a4 |
BoundDelayImportTable | 0x12cc7c |
UnloadDelayImportTable | 0x12ce44 |
TimeStamp | 1970-Jan-01 00:00:00 |
Setup Initialization Error |
%s |
%1 Setup is preparing the %2, which will guide you through the program setup process. Please wait. |
Checking Operating System Version |
Checking Windows(R) Installer Version |
Configuring Windows Installer |
Configuring %s |
Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Restart to reboot the system. |
%s |
Choose Setup Language |
Select the language for this installation from the choices below. |
The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later. |
This setup will perform an upgrade of '%s'. Do you want to continue? |
A later version of '%s' is already installed on this machine. The setup cannot continue. |
OK |
Cancel |
Password: |
Install |
&Next > |
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 6 (or later version), before relaunching the installation |
Error writing to the temporary location |
Error extracting %s to the temporary location |
Error reading setup initialization file |
Installer not found in %s |
File %s not found |
Internal error in Windows Installer |
Error populating strings. Verify that all strings in Setup.ini are valid. |
Restart |
Setup needs %lu KB free disk space in %s. Please free up some space and try again |
You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation |
Command line parameters: |
/L language ID |
/S Hide intialization dialog. For silent mode use: /S /v/qn |
/V parameters to MsiExec.exe |
Windows(R) Installer %s found. This is an older version of the Windows(R) Installer. Click OK to continue. |
ANSI code page for %s is not installed on the system and therefore setup cannot run in the selected language. Run the setup and select another language. |
Setup requires Windows Installer version %s or higher to install the Microsoft .NET Framework version 2.0. Please install the Windows Installer version %s or higher and try again. |
This setup does not contain the Windows Installer engine (%s) required to run the installation on this operating system. |
Unable to install %s Scripting Runtime. |
Unable to create InstallDriver instance, Return code: %d |
Please specify a location to save the installation package. |
Unable to extract the file %s. |
Extracting files. |
Downloading file %s. |
An error occurred while downloading the file %s. What would you like to do? |
hr |
min |
sec |
MB |
KB |
/sec |
Failed to verify signature of file %s. |
Estimated time remaining: |
%d %s of %d %s downloaded at %01d.%01d %s%s |
Preparing to Install... |
Get help for this installation. |
Help |
Unable to save file: %s |
Failed to complete installation. |
Invalid command line. |
/UA<url to InstMsiA.exe> |
/UW<url to InstMsiW.exe> |
/UM<url to msi package> |
/US<url to IsScript.msi> |
Setup Initialization Error, failed to clone the process. |
The file %s already exists. Would you like to replace it? |
Could not verify signature. You need Internet Explorer 3.02 or later with Authenticode update. |
Setup requires a newer version of WinInet.dll. You may need to install Internet Explorer 3.02 or later. |
You do not have sufficient privileges to complete this installation. Log on as administrator and then retry this installation |
Error installing Microsoft(R) .NET Framework, Return Code: %d |
%s optionally uses the Microsoft (R) .NET %s Framework. Would you like to install it now? |
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 3 (or later version), before relaunching the installation |
%s optionally uses the Visual J# Redistributable Package. Would you like to install it now? |
(This will also install the .NET Framework.) |
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running Windows 2000 Service Pack 3 (or later version), before relaunching the installation |
%s requires the following items to be installed on your computer. Click Install to begin installing these requirements. |
Installing %s |
Would you like to cancel the setup after %s has finished installing? |
The files for installation requirement %s could not be found. The installation will now stop. This is probably due to a failed, or canceled download. |
The installation of %s appears to have failed. Do you want to continue the installation? |
Succeeded |
Installing |
Pending |
Installed |
Status |
Requirement |
Failed |
Extracting |
Downloading |
Skipped |
The installation of %s has failed. Setup will now exit. |
The installation of %s requires a reboot. Click Yes to restart now or No if you plan to restart later. |
%1 optionally uses %2. Would you like to install it now? |
Downloading file %2 of %3: %1 |
This installation lets you install multiple instances of the product. Select the instance you would like to install, and then click Next to continue: |
&Install a new instance |
&Maintain or upgrade an existing instance |
Default |
Instance ID |
Product Name |
Location |
This installation lets you patch multiple instances of the product. Select an option below to specify how you would like to apply this patch, and then click Next to continue. |
Patch &all of the existing instances |
&Patch an existing instance |
This installation requires Windows Installer version 4.5 or newer. Setup will now exit. |
Decompressing |
Version |
Choose Setup Language |
Select the language for the installation from the choices below. |
&OK |
InstallShield Wizard |
Cancel |
&Next > |
< &Back |
Do you wish to install %s? |
Authenticity Verified |
The identity of this software publisher was verified by %s. |
Caution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion. |
&Always trust software published by %s. |
This software has not been altered since publication by %s. To install %s, click OK. |
InstallShield |
Preparing Setup |
Please wait while the InstallShield Wizard prepares the setup. |
Finish |
Transfer rate: |
Estimated time left: |
/s |
%s - InstallShield Wizard |
Exit Setup |
Are you sure you want to cancel the setup? |
&Install a new instance of this application. |
Existing Installed Instances Detected |
Select the appropriate application instance to maintain or update. |
Setup has detected one or more instances of this application already installed on your system. |
&Maintain or update the instance of this application selected below: |
Setup has detected one or more instances of this application already installed on your system. You can maintain or update an existing instance or install a completely new instance. |
Select the instance of the application you want to &maintain or update below: |
Display Name |
Install Location |
%s Setup is preparing the InstallShield Wizard, which will guide you through the rest of the setup process. Please wait. |
Error Code: |
Error Information: |
An error (%s) has occurred while running the setup. |
Please make sure you have finished any previous setup and closed other applications. If the error still occurs, please contact your vendor: %s. |
&Detail |
&Report |
There is not enough space to initialize the setup. Please free up at least %ld KB on your %s drive before you run the setup. |
A user with administrator rights installed this application. You need to have similar privileges to modify or uninstall it. |
Another instance of this setup is already running. Please wait for the other instance to finish and then try again. |
Security Warning |
Do you want to run this setup? |
The origin and integrity of this application could not be verified. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication. |
I &do not trust this setup |
I &understand the security risk and wish to continue |
The origin and integrity of this application could not be verified because it was not signed by the publisher. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication. |
The origin and integrity of this application could not be verified. The certificate used to sign the software has expired or is invalid or untrusted. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication. |
The software is corrupted or has been altered since it was published. You should not continue this setup. |
This setup was created with a BETA VERSION of %s |
This Setup was created with an EVALUATION VERSION of %s |
Please enter the password |
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality. For more information, see InstallShield KB article Q200900. |
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s days after they were built. Please rebuild the setup to run it again. The setup will now exit. |
This setup works until %s. The setup will now exit. |
InstallShield Setup Player V23 |
The path to the installation contains unsupported characters. Try moving the installation to a location that does not have special characters, and then try relaunching it. |
This setup requires administrative privileges that appear to be unavailable. Would you like to try again? |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.8.7000.0 |
ProductVersion | 1.8.7000.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | CMS Online |
FileDescription | Setup Launcher Unicode |
FileVersion (#2) | 1.08.7000 |
InternalName | Setup |
LegalCopyright | Copyright (c) 2016 Flexera Software LLC. All Rights Reserved. |
OriginalFilename | InstallShield Setup.exe |
ProductName | CMS Terminal Integration Service Installation |
ProductVersion (#2) | 1.08.7000 |
Internal Build Number | 169350 |
ISInternalVersion | 23.0.288 |
ISInternalDescription | Setup Launcher Unicode |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2016-Aug-20 18:35:44 |
Version | 0.0 |
SizeofData | 92 |
AddressOfRawData | 0x10a328 |
PointerToRawData | 0x108d28 |
Referenced File | C:\CodeBases\isdev\redist\Language Independent\i386\setupPreReq.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2016-Aug-20 18:35:44 |
Version | 0.0 |
SizeofData | 16 |
AddressOfRawData | 0x10a384 |
PointerToRawData | 0x108d84 |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x5309a0 |
SEHandlerTable | 0x50c640 |
SEHandlerCount | 1494 |
XOR Key | 0x87563365 |
---|---|
Unmarked objects | 0 |
211 (VS2012 UPD1 build 51106) | 11 |
C objects (VS2012 UPD1 build 51106) | 1 |
ASM objects (50929) | 23 |
C objects (50929) | 141 |
188 (30716) | 3 |
C++ objects (50929) | 66 |
185 (30716) | 21 |
Total imports | 497 |
C++ objects (VS2012 UPD1 build 51106) | 64 |
Resource objects (VS2012 UPD1 build 51106) | 1 |
151 | 1 |
Linker (VS2012 UPD1 build 51106) | 1 |