c83bf1616e1bee34701b192fb640bf7a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Jan-12 00:05:48
Detected languages English - United States
CompanyName The MASM32 SDK
FileDescription MASM32 Installation
FileVersion 11.0
InternalName Install
OriginalFilename install.exe
LegalCopyright © 2011 The MASM32 SDK
ProductName MASM32 SDK
ProductVersion 11.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C# v7.0 / Basic .NET
MASM/TASM - sig1(h)
Microsoft Visual C++
Microsoft Visual C++ v6.0
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • virus
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA256
Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • CreateProcessA
  • WinExec
  • ShellExecuteA
 Enumerates local disk drives:
  • GetVolumeInformationA
  • GetLogicalDriveStringsA
  • GetDriveTypeA
Malicious VirusTotal score: 5/71 (Scanned on 2020-02-09 23:03:59) Bkav: HW32.Packed.
APEX: Malicious
Trapmine: malicious.high.ml.score
eGambit: Unsafe.AI_Score_99%
Cybereason: malicious.c9dbf3

Hashes

MD5 c83bf1616e1bee34701b192fb640bf7a
SHA1 1ebc5ddc9dbf3083e7e45093ab049a5b6dd3b8e9
SHA256 658a362af969d562bfb650d27330f13567f1d0bba4daddb308f5e9faf780c2c9
SHA3 ef34228abc3c4ad505cd5065cb1410f4ad516b5f74e7534d74b99f6caff71dbe
SSDeep 98304:qBc1/NBej40eiaq0HjaItEXgEA6GF49vtlrfuvkZDPfgvPRzjDp/cQOQ:qBmNBL/iCjaCEwEZG2vtlrWKDPfutjD
Imports Hash 7a31906cba8d7e4645fb6e35f435d453

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2012-Jan-12 00:05:48
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x1800
SizeOfInitializedData 0x4f1600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x4f6000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ccd3e83ccefe6a3a4957220bd16cc34a
SHA1 4481f7e6a4339ec20f427246363974e8cfa47689
SHA256 c06c328c0fa233bed416fa2af5f74696add2793042ffeb954f87f1927c6a14b8
SHA3 1c04183f070f10bb941b29abff8091ab20a9316cc94097d5dc68147dc12a8ba2
VirtualSize 0x171a
VirtualAddress 0x1000
SizeOfRawData 0x1800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.58801

.rdata

MD5 8f0b14c0554f35a6b010263726a20023
SHA1 5f02cd5bab2577644d5e4247bc9618a7aba87148
SHA256 83941641d4b4ca964081b503e0cd4d26abb59eded494834aaf56a212c96bab97
SHA3 1c721a52bf794753b15a9216fbf50c986189dae7385b31a378ca281cca5b9ce7
VirtualSize 0x796
VirtualAddress 0x3000
SizeOfRawData 0x800
PointerToRawData 0x1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.85098

.data

MD5 053cc3e89e7a708274c73ac70e080e50
SHA1 43eee8a003678adab59595ae3249dd97a2f04a4e
SHA256 16a0dfa7185125eb3122aa132d94a214ab81022f1943648b1e4be4d87e0b71cc
SHA3 e0142dcbb9c0fefb7573ad46f3165d28197950a42b4057a6d3d04d09572bae63
VirtualSize 0x4cbbe8
VirtualAddress 0x4000
SizeOfRawData 0x4cbc00
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.98929

.rsrc

MD5 666b7fc054e7d4d5f827e0ab85923be2
SHA1 b7e97ce43a19a7a49e2e192b22f4a32a233e7108
SHA256 5b8e6d6524a376536d495ef6d3fdf8f51a9a9c668fa14e525108777473fd69d3
SHA3 801dd535f7c6c1e19b3244a27aa695ca522b9d18b58b64f34af58b1799ec4b94
VirtualSize 0x250d0
VirtualAddress 0x4d0000
SizeOfRawData 0x25200
PointerToRawData 0x4ce000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.34862

Imports

gdi32.dll CreateFontA
GetStockObject
user32.dll SetCapture
ReleaseCapture
LoadBitmapA
GetWindowRect
GetWindowLongA
GetDlgCtrlID
UpdateWindow
TranslateMessage
ShowWindow
SetWindowTextA
SetWindowPos
SetWindowLongA
SetMenu
SetForegroundWindow
SetFocus
SendMessageA
RegisterClassExA
PostQuitMessage
MessageBoxIndirectA
LoadMenuA
LoadIconA
LoadCursorA
GetSystemMetrics
GetParent
GetMessageA
GetDlgItem
EndDialog
DispatchMessageA
DialogBoxParamA
DialogBoxIndirectParamA
DefWindowProcA
CreateWindowExA
CallWindowProcA
AnimateWindow
kernel32.dll DeleteFileA
WriteFile
FlushFileBuffers
ReadFile
GetFileSize
CreateFileA
FindFirstFileA
FindClose
Sleep
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetExitCodeProcess
GetCurrentThread
CreateProcessA
CloseHandle
WinExec
SleepEx
SetCurrentDirectoryA
RemoveDirectoryA
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetVolumeInformationA
GetModuleHandleA
GetLogicalDriveStringsA
GetDriveTypeA
GetCurrentDirectoryA
GetCommandLineA
ExitProcess
CreateDirectoryA
comctl32.dll InitCommonControlsEx
shell32.dll ShellExecuteA

Delayed Imports

700

Type RT_BITMAP
Language English - United States
Codepage UNKNOWN
Size 0x10028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.33591
MD5 e1f25f4267bb587d7b6b77dc3cb78b6b
SHA1 665f37a4836c533494999673a8a6488b004c7343
SHA256 138dfb7335926a110346bf5009cc59cf5d89ed098ecef5783cf4f539abe0a067
SHA3 b59b61c033ea398c0054023136a360b3a1d2d96ac6e7b80cc916fce86fa10178
Preview

701

Type RT_BITMAP
Language English - United States
Codepage UNKNOWN
Size 0x10028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.34223
MD5 b58cadd9bb2471691fbee68d6f9ebd69
SHA1 af52ff6ae1144a925ee1ac80959f28e3db38dee3
SHA256 645f426b9091ecdb59b4f7016b11bf4b458dfa81430d8bf96192e2293061b5ba
SHA3 62b8f6a82a34fe613772155a93a2a76d82c601fd1a339b6cf65b3169bc1b7110
Preview

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.58139
MD5 779d00ad0bbc376a42bd9c6942e68b10
SHA1 a9d6af0ee297539c32a52481267daca31675a788
SHA256 f2d1855ef926f786f07de56046d1a3809623d3b9ae57d611767a74fbd3875cdc
SHA3 7b477e94d682cc9b6b328173036cfcdd98193ae3549c45079e539a2f92a58df6

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.25905
MD5 44030421f6235495d11678211efc97e5
SHA1 6e9523ad8d575d0e0334063becde4065fafe620b
SHA256 7aacc3938f87130f1085d6527af51f5b4305a35d6a0a7b4d7f6581a005a9dcdc
SHA3 46da15734cebdfb04eb0d3d367b91f9013c26437e0d47452a81abb72254f51c6

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.43111
MD5 7f2bc5035ddaa00a36f9e4109b7f28fe
SHA1 ed524dd76254760053ce3bdbe0987791cecef438
SHA256 dd1c9c9d8051eec140282ca5940c3864d9580b90671a1fe1c55b4edc784a49bd
SHA3 403cec360b7b33e52c5b54715317021e17f9278b1efef155eb517477211e5c90

2000

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0xf4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.16908
MD5 196f4aeda65daac4fe774e6e44f19cc9
SHA1 44cc2f376305c69b990dc3983145a6685798f13e
SHA256 5caea6d14e42900adc7c67b715229e8bbc416c1517ec27422aba14ce8ad9485d
SHA3 028527f4f8f00ea1571ac52b88674844cd39fbeb627384c3431ccb88c986163f

3000

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0xf8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.18601
MD5 8ce93a9d2154e4184f28ce036606b898
SHA1 0b88b475ab3e4182b8dc8ca9e2496ea781590822
SHA256 8c8b6550b3ac668f6bc7a2d498918722df8cf07ef51a4cbaceeb7254466b3713
SHA3 cfcef641645658352653939603a8540424824e2b082da660e5143252c5c68be5

500

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 6da8e7d5ae1d5d15e0230a67a7c16c6d
SHA1 678db52cbe5d617c33c6269bfd4b6d8d1a17f956
SHA256 6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396
SHA3 994fc217c7b8bc8008ac262ff58044403206de6eceafd424d4640ecad395eb2f

501

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.94375
Detected Filetype Icon file
MD5 d3bdbb19efa0630f837601a23f30ff3d
SHA1 f9513900fbb276100e1fcb1b798616c0ae0d4bc6
SHA256 852391035320228f8de3412c040f63d082abc6cc8ab8d715d1d5a92c243cbd97
SHA3 d64b14bf272ad71e0c7853722283bb1c1c821b983a886b63a7999ba1060420b6

502

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.94375
Detected Filetype Icon file
MD5 84c3cc2a9e3bd387754b60b052e63efe
SHA1 23bc2baff4dc0afe221240187fa7c6cc478591aa
SHA256 e30dc85dc21227ef94c3452d2c60b9cc6407e146e398ca1ee54b10cdc902f003
SHA3 4a99c48084141ff7c92f1731894df05e896b627a2af841c1474f93036cc2deaa

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35135
MD5 0d708466107c19df9fffcd4aa058ab57
SHA1 3270c94a3f1e2578cd3fb711c8b59a4d4059bf73
SHA256 4b93c63d061fc8d6d16e973a68b1dea0eca35725e2ddd1019efaf286ba56aed3
SHA3 55db5724069144badb2b09d810a53fb1222c0cb781e48b6f3c861fc5420b58d8

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x1ad
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.11464
MD5 6713ff583630527292956a7085b9e801
SHA1 82bbff3642a969a98ae8502e415443e8b827fe7d
SHA256 3287ee769ccfc3e9254535e27ddd5e1d880613520b1644bf8f4e5b51460fcfce
SHA3 3235ca2064cbf1f61548facb153c03c13e7bd60c38767763eab2081dd41d39dd

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 11.0.0.0
ProductVersion 11.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName The MASM32 SDK
FileDescription MASM32 Installation
FileVersion (#2) 11.0
InternalName Install
OriginalFilename install.exe
LegalCopyright © 2011 The MASM32 SDK
ProductName MASM32 SDK
ProductVersion (#2) 11.0
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xf0c17688
Unmarked objects 0
19 (8078) 80
18 (8444) 10
42 (8803) 1
Unmarked objects (#2) 2
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

<-- -->