d3dd0700e1018baa99ae9f8daafd18a6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - United States
Russian - Russia
Comments
CompanyName Crackingpatching.com Team
FileDescription Bootstrap Studio 1.0.0 Installation
FileVersion 1.0.0
LegalCopyright Crackingpatching.com Team

Plugin Output

Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • FindWindowA
Code injection capabilities (PowerLoader):
  • GetWindowLongA
  • FindWindowA
Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
  • RegSetValueExA
  • RegQueryInfoKeyA
  • RegEnumKeyExA
  • RegCreateKeyExA
Possibly launches other programs:
  • WinExec
  • ShellExecuteA
Can create temporary files:
  • GetTempPathA
  • CreateFileA
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Manipulates other processes:
  • OpenProcess
Can take screenshots:
  • CreateCompatibleDC
  • BitBlt
  • GetDCEx
  • GetDC
  • FindWindowA
Can shut the system down or lock the screen:
  • ExitWindowsEx
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 2011-Dec-13 00:00:22
Suspicious The file contains overlay data. 388635 bytes of data starting at offset 0x71800.
The overlay data has an entropy of 7.99722 and is possibly compressed or encrypted.
Malicious VirusTotal score: 15/70 (Scanned on 2020-01-08 10:26:57) CAT-QuickHeal: Trojan.Presenoker
Cylance: Unsafe
ESET-NOD32: a variant of Win32/RiskWare.HackTool.Agent.K
Paloalto: generic.ml
Tencent: Malware.Win32.Gencirc.10b49844
Invincea: heuristic
Trapmine: suspicious.low.ml.score
SentinelOne: DFI - Suspicious PE
Cyren: W32/Trojan.KFUF-6195
Webroot: W32.Hack.Tool
Microsoft: Program:Win32/Uwasson.A!ml
Endgame: malicious (moderate confidence)
Ikarus: PUA.RiskWare.Hacktool
eGambit: Unsafe.AI_Score_99%
Fortinet: Riskware/HackTool_Agent

Hashes

MD5 d3dd0700e1018baa99ae9f8daafd18a6
SHA1 1f9b8097a92ff52b9e8572d867a1334ba03913b8
SHA256 aa824eb6f90bc3d8f7efb52c58202cb80dd666ff860668c8580daa09a40b5b12
SHA3 6aa3ba43fd48b30da02debe24d98cd7a2393a56c78eda24105270a14747286b5
SSDeep 12288:OANwRo+mv8QD4+0V16KWEQF2dXMhGpw5UJmQVyF8Dx0gBCcf+Prs:OAT8QE+k6EQFU+mw5UJrVyEBFss
Imports Hash b28ee14bfd2d9cf0dd7828bad72ca488

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x24600
SizeOfInitializedData 0x4ce00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00025468 (Section: CODE)
BaseOfCode 0x1000
BaseOfData 0x26000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x78000
SizeOfHeaders 0x400
Checksum 0x7abb0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 5e14e4ede2e2215bc7d72837b9871f8f
SHA1 b23023c88b9130efa688c77a0d24e6a2c423fab6
SHA256 75656197ad5cd8fbf10851b56fe7b1118383ce2fe69e9ba2e0eb86ee62833d3d
SHA3 d921e73fd7b3b6b81d0aadf66e63f2299ca3b2c191217e6c371ee64d0ba30162
VirtualSize 0x244cc
VirtualAddress 0x1000
SizeOfRawData 0x24600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.59443

DATA

MD5 abafcbfbd7f8ac0226ca496a92a0cf06
SHA1 e6d34e556463e08e8b1c5b5cbb9967c3c662c029
SHA256 1706c98e15f709d9343227787f451017d335ab86c060c7cbbb5cf12170f4e54d
SHA3 99ba741825583169851f5fc2106947193c1021ddc956a8bf921c453b2ee93673
VirtualSize 0x2894
VirtualAddress 0x26000
SizeOfRawData 0x2a00
PointerToRawData 0x24a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.79376

BSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10f5
VirtualAddress 0x29000
SizeOfRawData 0
PointerToRawData 0x27400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 a4e0ac39d5ed487ceea059fa23dfce5e
SHA1 57dbb9ad99992432dba6a1ca14ffddf7780ddf98
SHA256 1589bb39ca35524604119bfedf88a265c1790f280ec5dd58ce279b57d7b38d37
SHA3 bf789146bda84ea8224c271684b7f3b296b735439a77559febe69cd7d78171f9
VirtualSize 0x1798
VirtualAddress 0x2b000
SizeOfRawData 0x1800
PointerToRawData 0x27400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.88555

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8
VirtualAddress 0x2d000
SizeOfRawData 0
PointerToRawData 0x28c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 c4fdd0c5c9efb616fcc85d66056ca490
SHA1 7d9ccb6391020266050c96487449a1aadfbe589d
SHA256 47fb5182ffc61caf80b51da5ccc9690af4db7850e9606940aa64090eebb0561f
SHA3 e73ffc12e5d80d115e474806fa706823f53afebd7eb00e88f4d4c7917059f51e
VirtualSize 0x18
VirtualAddress 0x2e000
SizeOfRawData 0x200
PointerToRawData 0x28c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 0.204488

.reloc

MD5 867a1120317d51734587a74f6ee70016
SHA1 4d98e9a5cd438d32008aa2db9c2af8f5714c89fd
SHA256 4bfa53f467e9ba6e24b464f4752e9b753fe097cfafc81796a450acc5bf3a8bd2
SHA3 739b765ee273d2e256360c45444e6e24c2c66a9164e4d6d331eae0dd622a393e
VirtualSize 0x1884
VirtualAddress 0x2f000
SizeOfRawData 0x1a00
PointerToRawData 0x28e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 6.58665

.rsrc

MD5 66dac8038bf0c920f3f4cee976b65f24
SHA1 39f8505636da12668eb1d969e6b91a79a16ea3c8
SHA256 4494cf5d6567d43ccaff085fee1284707a52f22f82890f34ffb009169b97ef97
SHA3 5291b35ffa43b815e08b61421f1ef263a3016f63cb0f4d65244b3c9b07b53382
VirtualSize 0x46f60
VirtualAddress 0x31000
SizeOfRawData 0x47000
PointerToRawData 0x2a800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 4.14043

Imports

kernel32.dll DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll GetKeyboardType
MessageBoxA
advapi32.dll RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll SysFreeString
SysReAllocStringLen
kernel32.dll (#2) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
advapi32.dll (#2) RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll (#3) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
gdi32.dll StretchDIBits
StretchBlt
SetWindowOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetDIBits
SetBrushOrgEx
SetBkMode
SetBkColor
SelectObject
SaveDC
RestoreDC
OffsetRgn
MoveToEx
IntersectClipRect
GetStockObject
GetPixel
GetDIBits
ExtSelectClipRgn
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
BitBlt
user32.dll (#2) GetKeyboardType
MessageBoxA
winmm.dll timeKillEvent
timeSetEvent
oleaut32.dll (#2) SysFreeString
SysReAllocStringLen
ole32.dll OleInitialize
comctl32.dll ImageList_Draw
ImageList_SetBkColor
ImageList_Create
InitCommonControls
shell32.dll SHGetFileInfoA
user32.dll (#3) GetKeyboardType
MessageBoxA
gdi32.dll (#2) StretchDIBits
StretchBlt
SetWindowOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetDIBits
SetBrushOrgEx
SetBkMode
SetBkColor
SelectObject
SaveDC
RestoreDC
OffsetRgn
MoveToEx
IntersectClipRect
GetStockObject
GetPixel
GetDIBits
ExtSelectClipRgn
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
BitBlt
kernel32.dll (#4) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
advapi32.dll (#3) RegQueryValueExA
RegOpenKeyExA
RegCloseKey
shell32.dll (#2) SHGetFileInfoA
cabinet.dll FDIDestroy
FDICopy
FDICreate
ole32.dll (#2) OleInitialize
shell32.dll (#3) SHGetFileInfoA

Delayed Imports

50

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.24025
MD5 e2034173095893bb12293baf9f4f7be9
SHA1 cd9196218c3381466428e315929bafafff885b71
SHA256 36dfbd0ed6c0aef76434f85ce890bb40596a746c18cb587de71b581c0773d270
SHA3 ddc4ea062486fa4674de73a7d1fb600fb64563a649f993f750a499dc60136d80

51

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.94231
MD5 297187a1827a762195061b41ede849ea
SHA1 f8c75d2f2f7257b0ccb99d488c0c86bdd1ea8048
SHA256 72380bafb061c71db6bef7a4f6069068e379e7306a9ad764b60f920e9096d72b
SHA3 3122587aeb87b1b2c8ea6721e7c2e4414ed987ccb5f738d7ba8aab521b529c22

52

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.73718
MD5 e6134d243ffc34be054e64d0872494ec
SHA1 e89dd6a8c49285b27631ba4509577d299151bf55
SHA256 37325c0acd2c9cb962eadbe95725198698e6d12c59458cfdad606e9ed1626bd0
SHA3 ebf6b81a4857a4adb1d84ed9e2f5f3163c1c277690afff728082c8d86784b56c

53

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.51902
MD5 55f3b0c54140a1a78c351f5e61dd7ebc
SHA1 51ca177e3b8ed607d505f90a7aa234d7cf56a47f
SHA256 07da4c992b79e6d27f67e4974120d486442d45f2124147614ae11d43a9c18132
SHA3 ffcfceb1735e02ac92eff3dec972fa97710bfb7de754b03a1d5a8db7c8b20e2b

54

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.05378
MD5 d654e1f645344c19a81996c553367e85
SHA1 a8dcace91152bcfd90cd2f58cb52a32f09b98d4c
SHA256 09b0b0ec3d1bd447f7e0a80db728fd71623dd2a580bc34156bb7ab9a26669201
SHA3 edee7bee1c31790a9e922e0734940bf2b37c39dbff0d51322fe9f405ad5d3164

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2011-Dec-13 00:00:22
Entropy 4
MD5 d8090aba7197fbf9c7e2631c750965a8
SHA1 04f73efb0801b18f6984b14cd057fb56519cd31b
SHA256 88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610
SHA3 a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x110
TimeDateStamp 2011-Dec-13 00:00:22
Entropy 5.28362
MD5 fbba41fa21bdd3ce99d0268d577f352a
SHA1 5a87423f2d852d431478881c160c6c7f6262d5df
SHA256 0d9a7ca2193a69f7048c46748a3e98e7e101bda4e5bbe903858539e20ffed78d
SHA3 9bfadc055ec99191e78759bd6ce0a3f29cfed82fb137210895ec1c38eb38402b

MAINICON

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.75922
Detected Filetype Icon file
MD5 b44bd874d4c9f7ab3fbb3ce0f9bd2224
SHA1 4e75c05c9ae303836f19def2a62212a69b88ec48
SHA256 956a9528d0fe75126c1628391a8f48d38b15048fd1d817b29635b2a5eea5e1c2
SHA3 4482e891ccb1d77de4d827adc1ce7da8ba87615d21396d63aa670518824f3845

1

Type RT_VERSION
Language Russian - Russia
Codepage UNKNOWN
Size 0x374
TimeDateStamp 2011-Dec-13 00:00:22
Entropy 2.85355
MD5 be0640351359a73f09b58bfc3dd4b332
SHA1 244467a501950b69dae110c04080286887d55b28
SHA256 ac3e6dbc4f3861e8215d039da8b8128ac79fcab8135e7005da197e4c7fea11da
SHA3 d0ce296a5182328d63d3054f40b6af58a5e5709d4ee6fdd600923f2045a5d743

1 (#2)

Type RT_MANIFEST
Language Russian - Russia
Codepage UNKNOWN
Size 0x376
TimeDateStamp 2011-Dec-13 00:00:22
Entropy 4.93923
MD5 609957cfd6c1674f59c260b2da0a2a72
SHA1 2949d33d30c03887a101ebefca1db917f1d2bac7
SHA256 1e9cffb6544cb40c042cf9413e0481026699ef5f8e74613293bd60ae098f3c09
SHA3 413f25170a49ac4d961ec8a798af1da7800fb4d2db8734d4172695e4a2ebc823

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments
CompanyName Crackingpatching.com Team
FileDescription Bootstrap Studio 1.0.0 Installation
FileVersion (#2) 1.0.0
LegalCopyright Crackingpatching.com Team
Resource LangID Russian - Russia

TLS Callbacks

StartAddressOfRawData 0x42d000
EndAddressOfRawData 0x42d008
AddressOfIndex 0x42608c
AddressOfCallbacks 0x42e010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0! [*] Warning: Section .tls has a size of 0!