Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Feb-22 16:35:43 |
Detected languages |
English - United States
|
Debug artifacts |
C:\JobRelease\win\Release\stubs\x86\Updater.pdb
|
CompanyName | Caphyon |
ProductVersion | 18.0 |
FileVersion | 18.0 |
ProductName | Advanced Installer 18.0 |
LegalCopyright | Copyright (C) 2021 Caphyon |
InternalName | updater |
OriginalFileName | updater.exe |
FileDescription | updater 18.0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to security software:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Caphyon SRL
Issuer: thawte SHA256 Code Signing CA |
Suspicious | VirusTotal score: 1/71 (Scanned on 2025-02-04 07:17:47) | MaxSecure: Trojan.Malware.218443187.susgen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2021-Feb-22 16:35:43 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xaa400 |
SizeOfInitializedData | 0x4c800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00076B92 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xac000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xfb000 |
SizeOfHeaders | 0x400 |
Checksum | 0xfe570 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
VERSION.dll |
GetFileVersionInfoSizeW
VerQueryValueW GetFileVersionInfoW |
---|---|
WININET.dll |
HttpSendRequestW
InternetCrackUrlW InternetCreateUrlW InternetCloseHandle InternetSetStatusCallbackW InternetSetOptionW InternetOpenW InternetGetLastResponseInfoW InternetReadFile InternetQueryDataAvailable FtpGetFileSize InternetQueryOptionW HttpQueryInfoW InternetConnectW HttpOpenRequestW InternetErrorDlg FtpCommandW FtpOpenFileW |
msi.dll |
#224
#173 |
CRYPT32.dll |
CertNameToStrW
CertFreeCertificateContext |
MPR.dll |
WNetAddConnection2W
|
KERNEL32.dll |
GetConsoleMode
GetConsoleOutputCP GetFileType SetFilePointerEx GetFileSizeEx IsValidLocale GetUserDefaultLCID EnumSystemLocalesW CopyFileExW GetLastError FileTimeToSystemTime SystemTimeToFileTime CompareFileTime DeleteFileW MoveFileW CopyFileW CreateFileW CloseHandle HeapDestroy HeapSize HeapReAlloc HeapFree HeapAlloc GetProcessHeap ReadFile SizeofResource LockResource LoadResource FindResourceExW FindResourceW WideCharToMultiByte FindClose GetSystemTime FindFirstFileW RemoveDirectoryW FindNextFileW GetFileSize CreateDirectoryW SetFileAttributesW GetFileTime WriteFile SetFilePointer SetFileTime LoadLibraryW GetProcAddress GetTempPathW GetTempFileNameW GetSystemDirectoryW LoadLibraryExW CreateToolhelp32Snapshot Process32FirstW OpenProcess Process32NextW GetCurrentProcess GetCurrentProcessId GetExitCodeProcess WaitForSingleObject FreeLibrary FindFirstFileExW GetModuleHandleW Sleep RaiseException LocalFree GetTickCount LocalAlloc GetUserDefaultUILanguage FileTimeToLocalFileTime GetDateFormatW GetTimeFormatW GetLocaleInfoW CreateProcessW MultiByteToWideChar FormatMessageW SetLastError GetEnvironmentVariableW GetModuleFileNameW DeleteCriticalSection InitializeCriticalSectionEx lstrcmpiW VerifyVersionInfoW VerSetConditionMask lstrlenW CompareStringW GetExitCodeThread TerminateThread CreateThread Wow64DisableWow64FsRedirection Wow64RevertWow64FsRedirection EnterCriticalSection InitializeCriticalSection LeaveCriticalSection OutputDebugStringW GetCurrentThreadId GetLocalTime FlushFileBuffers GetStringTypeW ResetEvent CreateEventW SetEvent GlobalFree MulDiv QueryPerformanceFrequency QueryPerformanceCounter GetSystemDefaultLangID GetPrivateProfileStringW GetPrivateProfileSectionNamesW WritePrivateProfileStringW UnmapViewOfFile ReleaseMutex CreateFileMappingW MapViewOfFile CreateMutexW OpenFileMappingW OpenEventW lstrcpynW DecodePointer GetACP QueryFullProcessImageNameW IsValidCodePage VirtualAlloc IsProcessorFeaturePresent FlushInstructionCache InterlockedPushEntrySList InterlockedPopEntrySList InitializeSListHead EncodePointer IsDebuggerPresent LoadLibraryExA VirtualQuery VirtualProtect GetSystemInfo GetOEMCP GetCPInfo InitializeCriticalSectionAndSpinCount GetCommandLineA GetCommandLineW GetEnvironmentStringsW FreeEnvironmentStringsW SetStdHandle ReadConsoleW WriteConsoleW SetEndOfFile VirtualFree GetModuleHandleExW ExitProcess RtlUnwind TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime LCMapStringW WaitForSingleObjectEx UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess GetStartupInfoW GetStdHandle |
USER32.dll |
GetSubMenu
LoadMenuW ModifyMenuW GetMessagePos SetCursorPos RemovePropW SetPropW GetWindowDC DrawEdge GetActiveWindow LookupIconIdFromDirectoryEx CreateIconFromResourceEx DialogBoxParamW MoveWindow GetSystemMenu DrawMenuBar RegisterWindowMessageW PostQuitMessage SetMenuDefaultItem GetMenuItemID GetPropW MonitorFromPoint GetWindow ShowWindow IsWindowVisible SetForegroundWindow MessageBoxW GetDlgCtrlID FillRect TrackMouseEvent DestroyWindow EndPaint BeginPaint SetCursor RegisterClassExW TrackPopupMenu KillTimer SetTimer GetDesktopWindow PostThreadMessageW GetDlgItem EndDialog MonitorFromWindow GetMonitorInfoW GetWindowRect EnableMenuItem SetFocus ReleaseCapture GetCapture PtInRect ScreenToClient GetCursorPos UpdateWindow InvalidateRect CharNextW OffsetRect ReleaseDC IsWindow SetRectEmpty GetWindowTextW GetWindowTextLengthW CreateWindowExW SystemParametersInfoW LoadCursorW GetClassNameW GetClientRect DrawFocusRect GetFocus DrawTextW GetSysColor IsWindowEnabled RedrawWindow MapWindowPoints DestroyMenu LockWindowUpdate CreateDialogParamW GetMessageW PostMessageW GetClassInfoExW SetWindowPos UnregisterClassW CallWindowProcW DefWindowProcW SetWindowLongW GetSystemMetrics LoadImageW DispatchMessageW EnableWindow SetCapture PeekMessageW SetWindowTextW LoadStringW GetParent SendMessageW GetDC GetWindowLongW GetWindowThreadProcessId EnumWindows GetForegroundWindow TranslateMessage |
GDI32.dll |
GetObjectW
PatBlt CreateBitmap DeleteObject CreateFontIndirectW DeleteDC SelectObject SetTextColor GetStockObject SetBkMode GetDeviceCaps CreatePatternBrush |
SHELL32.dll |
Shell_NotifyIconW
ShellExecuteW SHBrowseForFolderW SHGetMalloc SHGetPathFromIDListW SHGetSpecialFolderLocation SHGetFolderPathW ShellExecuteExW |
ole32.dll |
CoInitializeEx
CoTaskMemAlloc CoUninitialize CoCreateInstance CoTaskMemFree CoRevokeClassObject CoRegisterClassObject CoAddRefServerProcess CoReleaseServerProcess CLSIDFromString CoResumeClassObjects CoCreateGuid CoTaskMemRealloc |
OLEAUT32.dll |
RevokeActiveObject
DispGetIDsOfNames SysAllocString LoadTypeLib VarUI4FromStr SysFreeString DispInvoke |
SHLWAPI.dll |
PathIsUNCW
PathFileExistsW PathAppendW |
COMCTL32.dll |
CreatePropertySheetPageW
DestroyPropertySheetPage InitCommonControlsEx PropertySheetW |
UxTheme.dll |
IsAppThemed
EnableThemeDialogTexture |
WINTRUST.dll (delay-loaded) |
WinVerifyTrust
|
Attributes | 0x1 |
---|---|
Name | WINTRUST.dll |
ModuleHandle | 0xdb368 |
DelayImportAddressTable | 0xdb35c |
DelayImportNameTable | 0xd7514 |
BoundDelayImportTable | 0xd7888 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Found Updates for %s |
Updates for %s were detected. |
Please select the next course of action. |
Welcome to the Updates Wizard |
Download and install now |
Remind me tomorrow |
Remind me in a week from today |
Disable the automatic updates check |
Configure |
Updates |
Next check: %s %s |
Do not check for updates automatically |
Check and prompt me to download and install updates |
Check frequency: |
days |
Downloads folder: |
Check Options |
Download Options |
Update Options |
Choose Updates to Install |
Update |
Size |
New Features |
Action |
Install |
Download |
Skip |
Fixed Bugs |
Enhancements |
Checking for Updates |
Pause |
Resume |
Downloading (%s of %s, %d%% complete) |
(%u%%) %s for %s |
The server %s at %s requires a username and password. |
Canceling... |
Download finished |
Error: %s |
Pending |
%d%% |
Finished |
Error: Wrong file size |
Error: Already downloaded |
URL |
Unable to expand path |
Status |
Downloading Updates |
Paused |
Automatically install updates after finishing downloads |
Configuration file not found |
Installed |
Installing |
Installing update %s. |
Installing Updates |
Some of the updates failed to install properly. |
OK |
Your software is up to date |
Undefined configuration file format |
Undefined file version |
Unable to save file |
Invalid command line |
Invalid client configuration file |
Action canceled |
File not found |
Unable to find update |
Unknown exception |
Update installation failed |
Dependent update not installed |
Invalid or missing updates configuration file. The first line of the .INI file should be ";aiu;". It is possible that the content on the server does not match the updates configuration file URL. |
Missing |
updates |
Check and automatically download and install: |
Critical |
All |
Error: Corrupt file (wrong %s signature). File removed. |
Checking integrity (%s)... |
The file was corrupt (wrong %s signature). Restart download? |
You need a user name and password to access this resource. |
User name: |
Password: |
User Authentication |
Connect to %s |
Remember my credentials |
Invalid updates configuration file. |
Update installation canceled. |
Warning |
The release date of one of the selected updates is outside of your license's maintenance plan. Do you still want to install it? |
Canceled |
The server understood the request, but is refusing to fulfill it. |
The Certificate Issuer for this site is untrusted or unknown. Do you wish to proceed? |
Security Alert |
To access the update you need User Name/Password authentication |
The connection with the server timed-out and the server does not support Resume. This error also occurs if the server reports a wrong HTTP "CONTENT LENGTH". |
Internet request timeout. |
%s for %s |
Unable to find resource on server. Please check if the URL is correct. |
Updates for %s are available |
Back |
Next |
Finish |
Cancel |
Requires renewal of license maintenance plan. |
This update requires renewal of license maintenance plan. Do you still want to install it? |
Update size: %s |
Download restarting... |
Update Summary |
Install Summary |
The downloaded update size does not match the size specified in updates configuration file. |
The support service has encountered an error. |
Update installation was blocked, untrusted publisher. Please contact technical support. |
Update installation was blocked, License Check script unknown return code. Please contact technical support. |
Update installation was blocked, License Check script URL unreachable. Please contact technical support. |
Update package file not found. Check your update download URL's. |
Update installation was blocked, digital signature mismatch. Please contact technical support. |
The notification format is invalid. Some mandatory fields are missing. |
You have a custom proxy "%s". The error may be caused by a non working proxy. |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 18.0.0.0 |
ProductVersion | 18.0.0.0 |
FileFlags |
VS_FF_DEBUG
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Caphyon |
ProductVersion (#2) | 18.0 |
FileVersion (#2) | 18.0 |
ProductName | Advanced Installer 18.0 |
LegalCopyright | Copyright (C) 2021 Caphyon |
InternalName | updater |
OriginalFileName | updater.exe |
FileDescription | updater 18.0 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Feb-22 16:35:43 |
Version | 0.0 |
SizeofData | 72 |
AddressOfRawData | 0xc3308 |
PointerToRawData | 0xc1b08 |
Referenced File | C:\JobRelease\win\Release\stubs\x86\Updater.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Feb-22 16:35:43 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0xc3350 |
PointerToRawData | 0xc1b50 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Feb-22 16:35:43 |
Version | 0.0 |
SizeofData | 1072 |
AddressOfRawData | 0xc3364 |
PointerToRawData | 0xc1b64 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Feb-22 16:35:43 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x4c37a4 |
---|---|
EndAddressOfRawData | 0x4c37ac |
AddressOfIndex | 0x4db9f4 |
AddressOfCallbacks | 0x4ac5fc |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xbc |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x4da064 |
SEHandlerTable | 0x4c2800 |
SEHandlerCount | 706 |
XOR Key | 0x8df2b8d1 |
---|---|
Unmarked objects | 0 |
ASM objects (27412) | 14 |
C++ objects (27412) | 185 |
C objects (VS 2015/2017/2019 runtime 29118) | 19 |
ASM objects (VS 2015/2017/2019 runtime 29118) | 24 |
C++ objects (VS 2015/2017/2019 runtime 29118) | 94 |
C objects (27412) | 27 |
C objects (CVTCIL) (27412) | 1 |
Imports (27412) | 31 |
Total imports | 440 |
C++ objects (LTCG) (VS2019 Update 8 (16.8.5-6) compiler 29337) | 124 |
Resource objects (VS2019 Update 8 (16.8.5-6) compiler 29337) | 1 |
Linker (VS2019 Update 8 (16.8.5-6) compiler 29337) | 1 |