Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
English - United States
Russian - Russia |
FileDescription | InnoUnp - Inno Setup Unpacker |
ProductName | Inno Setup Unpacker |
ProductVersion | 0.50 |
FileVersion | 0.50 |
InternalName | innounp.exe |
OriginalFilename | innounp.exe |
LegalCopyright | Copyright (c) 2004-2006 QuickeneR. |
Licence | GNU General Public License (GPL) |
Info | http://innounp.sourceforge.net/ |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Malicious | VirusTotal score: 3/70 (Scanned on 2024-06-06 05:12:14) |
APEX:
Malicious
Lionic: Virus.Win32.Neshta.n!c Trapmine: malicious.moderate.ml.score |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x97800 |
SizeOfInitializedData | 0x13a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00097D4C (Section: CODE) |
BaseOfCode | 0x1000 |
BaseOfData | 0x99000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xb2000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetLastError GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter SetFilePointer SetEndOfFile RtlUnwind ReadFile RaiseException GetStdHandle GetFileSize GetFileType CreateFileA CloseHandle |
---|---|
user32.dll |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
oleaut32.dll |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
kernel32.dll (#2) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetLastError GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter SetFilePointer SetEndOfFile RtlUnwind ReadFile RaiseException GetStdHandle GetFileSize GetFileType CreateFileA CloseHandle |
kernel32.dll (#3) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetLastError GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter SetFilePointer SetEndOfFile RtlUnwind ReadFile RaiseException GetStdHandle GetFileSize GetFileType CreateFileA CloseHandle |
user32.dll (#2) |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
kernel32.dll (#4) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetLastError GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter SetFilePointer SetEndOfFile RtlUnwind ReadFile RaiseException GetStdHandle GetFileSize GetFileType CreateFileA CloseHandle |
oleaut32.dll (#2) |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
comdlg32.dll |
GetOpenFileNameA
|
Cannot open file "%s". %s |
Invalid property value |
List capacity out of bounds (%d) |
List count out of bounds (%d) |
List index out of bounds (%d) |
Stream read error |
%s.Seek not implemented |
Operation not allowed on sorted list |
Stream write error |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
Sunday |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
Saturday |
Cannot assign a %s to a %s |
String list does not allow duplicates |
Cannot create file "%s". %s |
Oct |
Nov |
Dec |
January |
February |
March |
April |
May |
June |
July |
August |
September |
October |
November |
December |
Sun |
Interface not supported |
Exception in safecall method |
%s (%s, line %d) |
Abstract Error |
Access violation at address %p in module '%s'. %s of address %p |
System Error. Code: %d. |
%s |
A call to an OS function failed |
Jan |
Feb |
Mar |
Apr |
May |
Jun |
Jul |
Aug |
Sep |
Write |
Error creating variant or safe array |
Variant or safe array index out of bounds |
Variant or safe array is locked |
Invalid variant type conversion |
Invalid variant operation |
Invalid variant operation (%s%.8x) |
%s |
Could not convert variant of type (%s) into type (%s) |
Overflow while converting variant of type (%s) into type (%s) |
Variant overflow |
Invalid argument |
Invalid variant type |
Operation not supported |
Unexpected variant error |
External exception %x |
Assertion failed |
Floating point overflow |
Floating point underflow |
Invalid pointer operation |
Invalid class typecast |
Access violation at address %p. %s of address %p |
Access violation |
Stack overflow |
Control-C hit |
Privileged instruction |
Operation aborted |
Exception %s in module %s at %p. |
%s%s |
Application Error |
Format '%s' invalid or incompatible with argument |
No argument for format '%s' |
Variant method calls not supported |
Read |
Invalid argument to time encode |
Invalid argument to date encode |
Out of memory |
I/O error %d |
File not found |
Invalid filename |
Too many open files |
File access denied |
Read beyond end of file |
Disk full |
Invalid numeric input |
Division by zero |
Range check error |
Integer overflow |
Invalid floating point operation |
Floating point division by zero |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.50.0.0 |
ProductVersion | 0.50.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
FileDescription | InnoUnp - Inno Setup Unpacker |
ProductName | Inno Setup Unpacker |
ProductVersion (#2) | 0.50 |
FileVersion (#2) | 0.50 |
InternalName | innounp.exe |
OriginalFilename | innounp.exe |
LegalCopyright | Copyright (c) 2004-2006 QuickeneR. |
Licence | GNU General Public License (GPL) |
Info | http://innounp.sourceforge.net/ |
Resource LangID | Russian - Russia |
---|
StartAddressOfRawData | 0x4a4000 |
---|---|
EndAddressOfRawData | 0x4a400c |
AddressOfIndex | 0x4990c0 |
AddressOfCallbacks | 0x4a5010 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |