Manalyze report for de44b07c8cdc84f03df851e22226e5fa

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Mar-08 23:05:20
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Can access the registry: RegEnumValueW RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW RegOpenKeyExW RegCreateKeyExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: PERPLEXITY AI` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`
Safe	VirusTotal score: 0/72 (Scanned on 2026-02-07 12:28:52)	`All the AVs think this file is safe.`

Hashes

MD5	`de44b07c8cdc84f03df851e22226e5fa`
SHA1	`3ed1cfb115319b5861b8d60b8c033e21e5318b42`
SHA256	`24b76e0cb7af695f33f5caeba2fd5e34cdeb135093e05749afffee4082b6b0e3`
SHA3	`9e9863c217847253d8a2cc406929e5d31d6ee3240167743937b6e457a628459e`
SSDeep	`196608:6aPbuF94edhUBZHVzounHQfBmL/3265dxMbaAXI0fY1eK0XOJkbdUxfwb1a:xPbubJy5onMb26bxM2ASQK0XO2qxfG8`
Imports Hash	`20181beb3151868c29d9526246a01b9a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Mar-08 23:05:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x7200`
SizeOfInitializedData	`0x2fa00`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x00003A02 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x9000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7b000`
SizeOfHeaders	`0x400`
Checksum	`0xe16d14`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7087b762f89c6a6bba9340bfb64e2aaf`
SHA1	`d7105ac493a3b38faa2daf3e4282ffc3b2559a95`
SHA256	`6b88445d678f1cdb5d8a99860e1e2d2407abf0bbfbd459220f61f6dab3655261`
SHA3	`c4f56448b5cd56f7da4258d79791eda524e13e3a2d7521f1145c76b74f2fc2d8`
VirtualSize	`0x7129`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48555`

.rdata

MD5	`4621cbc1bbc0135b068e6a428411363a`
SHA1	`985d4faa5b9fedd053b866e0f53bfdcdccebfdf3`
SHA256	`46448a34fb146b87d1088b0ec1493fb49a4d68107043ff0b99fd1d66249803a8`
SHA3	`97be596b64982198b7b1ec3ed8ebb747994bb9c9f9dba51b6544e933db781503`
VirtualSize	`0x14b8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.03313`

.data

MD5	`58bb043057bf3efc4290043c6b1209f1`
SHA1	`a5ae9d2b0465bc92b39427f5984ddb2ba95196ab`
SHA256	`f510b7f05557a1e6ee6aeaed48837e5c8ef773785ce3475e910cd09d479be620`
SHA3	`697e1acc30a11989b016e27e73411279986ff28636e5964b57ca47b76b2942c8`
VirtualSize	`0x2d1d8`
VirtualAddress	`0xb000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x8c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.61391`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x12000`
VirtualAddress	`0x39000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`4593911edde042c33435943322ff5e00`
SHA1	`5be9feb5a68bf3638320abe4e716ae299eed3fd9`
SHA256	`7fa3f3bf37cbc8b715ed247821f49b2542e1d16f6950878db4b54cc7397d640d`
SHA3	`c14e464a27d7e15739a4022dd978040aea5fc8a2dfc87e676f65f82f49f494e4`
VirtualSize	`0x2fe48`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x30000`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.18204`

Imports

ADVAPI32.dll	`RegEnumValueW` `RegEnumKeyW` `RegQueryValueExW` `RegSetValueExW` `RegCloseKey` `RegDeleteValueW` `RegDeleteKeyW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `RegOpenKeyExW` `RegCreateKeyExW`
SHELL32.dll	`SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetFileInfoW` `SHFileOperationW` `ShellExecuteExW`
ole32.dll	`CoCreateInstance` `OleUninitialize` `OleInitialize` `IIDFromString` `CoTaskMemFree`
COMCTL32.dll	`ImageList_Destroy` `#17` `ImageList_AddMasked` `ImageList_Create`
USER32.dll	`CharPrevW` `MessageBoxIndirectW` `GetDlgItemTextW` `SetDlgItemTextW` `GetSystemMetrics` `AppendMenuW` `TrackPopupMenu` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `IsWindowVisible` `CallWindowProcW` `GetMessagePos` `IsDlgButtonChecked` `GetAsyncKeyState` `CheckDlgButton` `LoadCursorW` `SetCursor` `GetSysColor` `SetWindowPos` `GetWindowLongW` `IsWindowEnabled` `SetClassLongW` `GetSystemMenu` `EnableMenuItem` `GetWindowRect` `ScreenToClient` `EndDialog` `RegisterClassW` `CharNextA` `CreateWindowExW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `FindWindowExW` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `PeekMessageW` `DispatchMessageW` `wvsprintfW` `SystemParametersInfoW` `wsprintfA` `CreatePopupMenu`
GDI32.dll	`GetDeviceCaps` `SetBkColor` `SelectObject` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor`
KERNEL32.dll	`lstrcmpiA` `CreateFileW` `GetTempFileNameW` `RemoveDirectoryW` `CreateProcessW` `CreateDirectoryW` `CreateThread` `GlobalLock` `GlobalUnlock` `GetDiskFreeSpaceW` `WideCharToMultiByte` `lstrcpynW` `lstrlenW` `SetErrorMode` `GetVersionExW` `GetCommandLineW` `GetTempPathW` `GetWindowsDirectoryW` `SetEnvironmentVariableW` `WriteFile` `ExitProcess` `GetCurrentProcess` `GetModuleFileNameW` `GetFileSize` `GetTickCount` `Sleep` `SetFileAttributesW` `GetFileAttributesW` `SetCurrentDirectoryW` `GetLastError` `MoveFileW` `GetFullPathNameW` `GetShortPathNameW` `SearchPathW` `CompareFileTime` `SetFileTime` `CloseHandle` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalAlloc` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `ReadFile` `MultiByteToWideChar` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `MulDiv` `lstrcpyA` `MoveFileExW` `lstrcatW` `GetSystemDirectoryW` `GetProcAddress` `GetModuleHandleA` `GetExitCodeProcess` `WaitForSingleObject` `CopyFileW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1709b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9909`
Detected Filetype	PNG graphic file
MD5	`8e54e5e71a04d93d07a010c9db434d0f`
SHA1	`d48a4140760564f2e088732da7f1db2bdd595de8`
SHA256	`f190ab2b9ea18d1ab7c4fb5b6ddd1b2e0d01b9bd9d3fec98b1fcf1ab1d1e9438`
SHA3	`a75b200aa5a1972c8b7c75d928293385abc6f6adf3c05dc804dd09fdc1528465`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79378`
MD5	`de8d2c7ed535f7a5cb8be55c3bb25339`
SHA1	`538a0f8243d70a7e6d4bd9f55f08d4a1b8aab077`
SHA256	`95ecabd43ff4d1665bd986db3bfe95bc0e2bf9a81c7dd4e6321e77c75cc2760d`
SHA3	`8189b41a8a3ac8f9214207876014be8d535e64a230ed09fda851776f781cac66`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.04422`
MD5	`3e36b8f506dbde7a3bd627daeba8366b`
SHA1	`3af7c9c67bb639cc4c95c013588de3f0e56bf6b8`
SHA256	`b76b7cce588c0650ad0a6d9f775495263f0c83f957d6489649cebbcf19d447ea`
SHA3	`354a2e90237084c0bd9e9155edb926fa26521b7583d59115a717da0639fa57d9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15295`
MD5	`46626d394fcc60007d2e1bfd3134a095`
SHA1	`2c266d81fa16ad4b8e55502058d3b57407713874`
SHA256	`9dc316ed7f56443009147abdc7f23471b5a2b4f6a20e5b6fe697483600e57ede`
SHA3	`0cb8d478c3d8adbd8c25a772680ef5ee287f754d7a443c19a6b9ee10c0dbf9dc`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.4118`
MD5	`522a9ce8659dda23f9926b3a753d2949`
SHA1	`a80cd651725a7743edde85be5c62937276d0a1bc`
SHA256	`616e18bb3efbe05d156d6d4a5a31e707a66db44211fa5e924da5027283bf905e`
SHA3	`28e3d16cd082e47011334bf2524ec41ac936b8ffb4fd374e07cdc3731952c0d6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.53791`
MD5	`1f7beb823298f861d51ab44493093d34`
SHA1	`e07b69817f9f4b647390ce885966a0b2a23ca8d3`
SHA256	`f4ebad7ba32d7d7c3ba69a9d7523fe8d905f2cbdc388cd5ca9c8fefe695e6cc1`
SHA3	`44f05b88a74b380afcdbfd6e20d9bf339c2be129bc24f1838dec461360fafeee`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66174`
MD5	`3409f314895161597f3c395cc5f65525`
SHA1	`1a99d016d65e567f24449d9362afb6ac44006d0b`
SHA256	`fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96`
SHA3	`b3b19241cc6454389e45833e50b742ae1927a5f161017350a99f2cbc66914f26`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88094`
MD5	`2d12c45dc2c029044aaff357141cb900`
SHA1	`083db861ab3c7db23c6257878296e73a89a74b8b`
SHA256	`69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729`
SHA3	`349b5d605c9c3efe5e0c4e2faa12dd21022fc5f9b053f2cbf4e2a6b8bc656442`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48825`
MD5	`6be4e1387d369cf86e68eacbdd0e81dd`
SHA1	`351970fe2681b9b35b5d59ad052011ed96a96e17`
SHA256	`85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0`
SHA3	`45e552e173141e06d113209b6cc915042ad0b4d5531464b8dbe5637029f489cb`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82454`
Detected Filetype	Icon file
MD5	`d720a45572f066999e60c2577e462a94`
SHA1	`901036f518768ac1a4b61afaa0698fb351ef0701`
SHA256	`2c87d48ef9f0a750b5202076762da8a0a31de9ef4933422a227b32cabe7b848e`
SHA3	`b751f329b88e7e834dc96b6e864f2837b14f9d94309e2b17d94883e763bf5eaa`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x33e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2992`
MD5	`049a11f57000e4e9c591f015e3d6cb28`
SHA1	`62440541c3265540ca97a5ded0a08533c5d24c15`
SHA256	`726a2d84196a8088bcd85b4ad3520ed827ea5769006a6c5ef4268956324fe2ab`
SHA3	`843e43a222c01a6b0b84a9f018d2c04112065680ed55fb8eb0009d49302a9a53`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd28650e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`166`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!