Manalyze report for d26ad6d225e376cb20b961e88f06cf5b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Aug-05 14:38:04
Detected languages	English - United States
CompanyName	Wavesor Software
FileDescription	WaveBrowser
FileVersion	`1.1.2.9`
LegalCopyright	Copyright 2021 Wavesor Software. All rights reserved.
OriginalFilename	Wave Browser
ProductName	WaveBrowser
ProductVersion	`1.1.2.9`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Can access the registry: RegCreateKeyExA RegOpenKeyExA RegEnumValueA RegDeleteKeyA RegDeleteValueA RegCloseKey RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetFileSecurityA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: Wavesor Software` `Issuer: DigiCert EV Code Signing CA (SHA2)`
Suspicious	VirusTotal score: 1/69 (Scanned on 2021-08-15 15:50:13)	`APEX: Malicious`

Hashes

MD5	`d26ad6d225e376cb20b961e88f06cf5b`
SHA1	`cc408341ef032725fca86dcc340775af98cf75db`
SHA256	`9aac6e2f21d7f81ddacd20ec2a6f08aa6691328296d7e9946047f57a33ce8e1e`
SHA3	`9de20f596d0016baf89ac4f02b5b659dd4ed99cb1bce45a99eb4b01ceeaa274c`
SSDeep	`24576:h71jS89VxRo5mkfpuK+H8cwzpw7hbH0Pce:689VxW0kEmHKh4PV`
Imports Hash	`3abe302b6d9a1256e6a915429af4ffd2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Aug-05 14:38:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x1d000`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000031D6 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3f000`
SizeOfHeaders	`0x400`
Checksum	`0xfa60c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a04138503cbcc902263bedc7fedd6947`
SHA1	`c8ede5e70c0689f0a2834521a9df6e5f26499106`
SHA256	`e6984ea3884a251f4996fcc4dfe791e4e997fa633f4d08743618785da3f78061`
SHA3	`a9768f92d49b14fe88ed183e33755cab8a187c73c6b8da27e3e6e6c4ba309bb1`
VirtualSize	`0x5f0d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45039`

.rdata

MD5	`4856bbf2a79b612f639ebd55d68c4d02`
SHA1	`fcb645867d94c2532fd2cbeb02f0fa9f338ef0e2`
SHA256	`1c470134ef1b9559dfcd2de377812dea6bf6dbb7b6deba1ab385a4a09210cc4a`
SHA3	`71e55ce7fc0b4066bc3ded554ea38edc8290f6cca9caba3133b754ff0f88cf28`
VirtualSize	`0x1250`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.00109`

.data

MD5	`06c5105864978df88e34770eefada5da`
SHA1	`f68a493ef3317fb62278ebc5c9563657f5dd7797`
SHA256	`07014457e1111048bbe6b3789c91dd74560e83e3c91494391e1caf0e02d01b03`
SHA3	`23690bea7d81d6d4a83ca34e34c18ba39fe8d68afa56a275d93697e02dbc0252`
VirtualSize	`0x1a818`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.12959`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x15000`
VirtualAddress	`0x24000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`cdc0e05f4d0c48a55045056c2d84db09`
SHA1	`ab0d0fa14cd82ecf521abe0fdd2aa3aa12668516`
SHA256	`2366500e24b2272c64a56c0b715db2cfd731bdd6fc9fda624d653a7b14651cd1`
SHA3	`f5837531654360c97b557c94e6a72b3a5caf2f0cef99810ab444ab113841cf5f`
VirtualSize	`0x5920`
VirtualAddress	`0x39000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.20741`

Imports

KERNEL32.dll	`GetTempPathA` `GetFileSize` `GetModuleFileNameA` `GetCurrentProcess` `CopyFileA` `ExitProcess` `SetEnvironmentVariableA` `Sleep` `GetTickCount` `GetCommandLineA` `lstrlenA` `GetVersion` `SetErrorMode` `lstrcpynA` `GetDiskFreeSpaceA` `GlobalUnlock` `GetWindowsDirectoryA` `SetCurrentDirectoryA` `GetLastError` `CreateDirectoryA` `CreateProcessA` `RemoveDirectoryA` `CreateFileA` `GetTempFileNameA` `ReadFile` `WriteFile` `lstrcpyA` `MoveFileExA` `lstrcatA` `GetSystemDirectoryA` `GetProcAddress` `GetExitCodeProcess` `WaitForSingleObject` `CompareFileTime` `SetFileAttributesA` `GetFileAttributesA` `GetShortPathNameA` `MoveFileA` `GetFullPathNameA` `SetFileTime` `SearchPathA` `CloseHandle` `lstrcmpiA` `CreateThread` `GlobalLock` `lstrcmpA` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `GetPrivateProfileStringA` `FindClose` `MultiByteToWideChar` `FreeLibrary` `MulDiv` `WritePrivateProfileStringA` `LoadLibraryExA` `GetModuleHandleA` `GlobalAlloc` `GlobalFree` `ExpandEnvironmentStringsA`
USER32.dll	`ScreenToClient` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `GetWindowLongA` `SetCursor` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostQuitMessage` `GetWindowRect` `EnableMenuItem` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `EndDialog` `RegisterClassA` `SystemParametersInfoA` `CreateWindowExA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `GetDC` `CreateDialogParamA` `SetTimer` `GetDlgItem` `SetWindowLongA` `SetForegroundWindow` `LoadImageA` `IsWindow` `SendMessageTimeoutA` `FindWindowExA` `OpenClipboard` `TrackPopupMenu` `AppendMenuA` `EndPaint` `DestroyWindow` `wsprintfA` `ShowWindow` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `ShellExecuteExA` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `SHFileOperationA`
ADVAPI32.dll	`AdjustTokenPrivileges` `RegCreateKeyExA` `RegOpenKeyExA` `SetFileSecurityA` `OpenProcessToken` `LookupPrivilegeValueA` `RegEnumValueA` `RegDeleteKeyA` `RegDeleteValueA` `RegCloseKey` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_Create` `ImageList_AddMasked` `ImageList_Destroy` `#17`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoCreateInstance`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65371`
MD5	`4043c567cabced35e5c3e86342360389`
SHA1	`8e78238d7af44cb224bceaabf4bef3624abeb23b`
SHA256	`0490101728247f715526db07a5ed75efc4ab59bc64da4015570d8f515dc18e1d`
SHA3	`d5e9a0429e4727d17034c96f58e0c72eae019cccd106e83760e06b57e3ce9efe`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`0d3a12fd3f68decc694da04b57e61d8c`
SHA1	`f73d4d591f6ef0b2b04fc90d2e840329f7590743`
SHA256	`ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76`
SHA3	`42ec79da319d9c0b1f8ee21fbb28002d15857d9af0c8a1f2db5e41f6c5e23c88`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`28f8d082df931688124f25f23c688904`
SHA1	`2f057655ecdd3ab25cfe985714e270786ce16cae`
SHA256	`4e7a8c59942ff527ff680aa88cc66bb8c8e7b6c02a018bc85ba36794e278670f`
SHA3	`99f004163a598b6df87372bd9b7d5e7704dbfdf7cfb3ec96da9e31c0275f7465`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a42b23f1c58701e073db2e9de0b27333`
SHA1	`f22232cbadff165ceb212527a6d77124312d0688`
SHA256	`e253c6a87bdd62e771c0ef1b9850dbc9523c51408ca282f994d3530dbbad9b11`
SHA3	`bc93a26ac3218cac12b89fa3242b509e44b087d2c22a54d9a47c63692dc8dc57`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7e1b34650fb04bc15a494a1d712cffee`
SHA1	`43e1808e4308baf093556946552f4fabc05278d8`
SHA256	`3731b0a75ab19d96b774da62d37eccacd517c6593af20aa66525dc0b951cdba9`
SHA3	`79a9c096a1a56ae4f98f1e8ad4c44fa5c08e5d98e745898df9031e3b3a13c46c`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`809457c05fe696f5d34ac5ac8768cdd4`
SHA1	`a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9`
SHA256	`1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be`
SHA3	`002d1b10f28d74c7572fc7c5b403eb32f2a0540c4958d7878ef67edfd17c8109`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x202`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73893`
MD5	`386770584473e271f23dced36427f4ff`
SHA1	`d14ce95f784b35e4e3ebee535476ebcd3e380c19`
SHA256	`425b8270f7ca42a927eae6bea468acf414a3e4b58b5ba2c56aaae4d1b2c11014`
SHA3	`db13e5969376b27e8443eebff685230e2b74685aeb2fba73973f06e5cddc8662`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89384`
MD5	`3f145145da21614de72c0da073529fb6`
SHA1	`824b69a49adb1c6105446ed2d4fdf482d6a497ca`
SHA256	`2291b810e47f055ab2ff100618a8a9966f1fbf5fc0cb58e9f8fbb36ac7c983fa`
SHA3	`999c540cbf8b2538317695989c1e3c2913db9113267473fc49c24cac4119d558`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89887`
MD5	`663040d6315b1d6ce8c0334d182ed8fc`
SHA1	`ebcfff801a12fb8ad1200a4526fca8bd2c3e96cf`
SHA256	`cb3c86cbcb579244a6f819f9c1807a7e89b6e600982ec6ea0841fcdcb16a9efd`
SHA3	`6a25a2cb16aeb17693f10e8aaa0245c701701db571b458fde7830291a4a01cfc`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09336`
Detected Filetype	Icon file
MD5	`fad13aa3b836ca2c8bc7b50195103cb3`
SHA1	`f6da802391ec6d5d7ab479e5f9c92f2f3df083b8`
SHA256	`6c3b67f31ead79484ad77d482da8378abd31e84574240b961498ab3d414b5d81`
SHA3	`9ad73ddff5e40cb7cfe672e1915d279d4c0889893cb000780dcab0d3f91ecf6a`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34739`
MD5	`1996d5f22fab9e45ace9eb64fb7379f2`
SHA1	`d6e5c8ff49334d607b8999052cd2765e495cfe54`
SHA256	`e4cfb70148a6b07e5deb4e2732d69e97bed5b1bc6accb69bde8dd99a8518e91f`
SHA3	`46a25281dab7da516687e09f4bdd2e6c91a67ac91c9773cc501ccd4262d7ca75`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x423`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29611`
MD5	`87d4fc207e2f334ede55ac9160602c94`
SHA1	`32b9b90a524d4a352d4bf719a0c8367534b7465d`
SHA256	`e4039327090739a6754db86ef1704a8a07115ceb11719c0987a9d00a77a77f16`
SHA3	`2aee41e621180606b743045a0aa710f5b4988e35a00a353a245493ab66a42fef`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.1.2.9
ProductVersion	1.1.2.9
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Wavesor Software
FileDescription	WaveBrowser
FileVersion (#2)	1.1.2.9
LegalCopyright	Copyright 2021 Wavesor Software. All rights reserved.
OriginalFilename	Wave Browser
ProductName	WaveBrowser
ProductVersion (#2)	1.1.2.9

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd246d0e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`159`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!