Manalyze report for e061c78198bdb7b72474aab06674e6a8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2011-Jan-31 17:44:13
Detected languages	English - United States
CompanyName	SibCode
FileDescription	Junior Icon Editor Setup
FileVersion	`4.39`
InternalName	junior-icon-editor
LegalCopyright	Copyright © 2019 SibCode
OriginalFilename	junior-icon-editor.exe
ProductName	Junior Icon Editor
ProductVersion	`4.39`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	The PE is a gentee installer	`Unusual section name found: .gentee`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can create temporary files: CreateFileA GetTempPathA`
Info	The PE's resources present abnormal characteristics.	`Resource SETUP_TEMP is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`5777759 bytes of data starting at offset 0x23000.` `The overlay data has an entropy of 7.99862 and is possibly compressed or encrypted.` `Overlay data amounts for 97.5788% of the executable.`
Suspicious	VirusTotal score: 1/72 (Scanned on 2020-05-17 19:40:09)	`Trapmine: malicious.high.ml.score`

Hashes

MD5	`e061c78198bdb7b72474aab06674e6a8`
SHA1	`201da4d3ac8c3b253f8179ad22826d4592108944`
SHA256	`b671b29be2ab4e703570832047ec5977593c80f5e8b24d4d0265a864c3e0d6f2`
SHA3	`3e853bc6b873a6c3650e0e5ac608ae9754390df194eda603b4e94141d1ba7fbd`
SSDeep	`98304:FQPNON3z+v+RatFHerLfrhw2rblibvBOtfOyDYmFqrkn/GX7HAp5rqm+YJ8U:Fg+kzenfrhwbBOt9kW5/WH4r7`
Imports Hash	`d221b1dc8c3a08622f6512e7876527c8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2011-Jan-31 17:44:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x21000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001D20 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x23000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9ce5929599c65c95975bf6e171805391`
SHA1	`44e5ac6b7259d15a257cf020a870456bf0cde3c5`
SHA256	`bdcf6ee9d53629f23962a504655dec18264488f5826c186350260bacec943663`
SHA3	`e175a0341ae65f0a4f76a1a571a2d08d89d2fb101a2335ac61b3e2698d2c5d12`
VirtualSize	`0xeac`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.942`

.rdata

MD5	`56c29371c9f98c47567a6bd6b37649d7`
SHA1	`3e3027f74d40518ae5ddae605810ebd1f786f277`
SHA256	`6da392077c0161c5461703f01769c8438e4d39ba8371f3f1271c19df242cf6f2`
SHA3	`3aadd782ed90ecbe9e0509ef6ae2c0e4c5ee0841184c51d269b8ac6b2584c6bc`
VirtualSize	`0x488`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.73751`

.data

MD5	`d4a8a270215b2fec747caabfd58d8f7b`
SHA1	`9ce1fa071c456c255e5fefb7f83eccf292ff4e45`
SHA256	`adca1cf9ebe22a884107d88df38db733718ba7bd8c2ac42d8ccd0244ee55ab50`
SHA3	`20b17048bd2938c28e3aa47b9a9846e7303c4be3c7573d7533fac02f71970f26`
VirtualSize	`0x560`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.01054`

.gentee

MD5	`0c199a18b33cc3b339b8901eb1e7d7ef`
SHA1	`15bf1ef580ac298874bb3a33b4ac269ad46a9815`
SHA256	`326b25cc5a4102fc3788d65d4151e67456113eaecef1ccf79a2e970607e4462e`
SHA3	`a6c084e8d5565b86da12a87ac142f8fb9e5a9fbef58744a0a4104840e5378326`
VirtualSize	`0x13542`
VirtualAddress	`0x4000`
SizeOfRawData	`0x14000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.92267`

.rsrc

MD5	`2cef9d470eddee5358af58a9447d57d7`
SHA1	`51f1753f9fb9ffb85d2c1ee3da5dcf7cfeb93701`
SHA256	`40a5441c931f956c2f1666473c54fcbd99635fd46c99034e51bac5e1ab558320`
SHA3	`b0f6a788e5586f3e9a782a660065a70f71c26f3ccc19ecf1182772068e1ae34d`
VirtualSize	`0xabd4`
VirtualAddress	`0x18000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.38756`

Imports

KERNEL32.dll	`CloseHandle` `WriteFile` `CreateDirectoryA` `lstrcpyA` `CreateFileA` `GetFileAttributesA` `lstrlenA` `GetTempPathA` `lstrcmpA` `lstrcatA` `ExitProcess` `DeleteFileA` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `GetModuleHandleA` `GetFileSize` `GetLastError` `CreateMutexA` `GetModuleFileNameA` `VirtualAlloc` `VirtualFree` `GetStartupInfoA`
USER32.dll	`MessageBoxA` `wsprintfA`
MSVCRT.dll	`_exit` `_XcptFilter` `exit` `_acmdln` `__getmainargs` `_initterm` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `_except_handler3` `_controlfp`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84943`
MD5	`8dbec8df8e2e08dea4ca49538120d443`
SHA1	`3c2b588eac36cb6e98ed830e7730665f7494f685`
SHA256	`75e25842983579f7eb76d50ab8bfeedefead7fcf24a8d420dd02bca8d33181c2`
SHA3	`96d27bbb9e8a402ca8fc9d6851fa999bfc252eae1ee6acde4350d7282304df85`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00647`
MD5	`e8241408034a9cd0ff6491da3ac30aca`
SHA1	`e5d7310c44a715ffac64e5194bb0814f6419a42e`
SHA256	`16aeb3df2cf9f9c2019e19ffc8c2091bed21fef060e7e480c1c074803ddc9298`
SHA3	`94cef1eff621783fa5ec1f81fa9756306ee5b501ead69ff57090b95bd065e27f`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38159`
MD5	`1c84f26db3768421b8eed36dd8f37528`
SHA1	`397b9949fd6f8fdcc50308f3fe7d8ce3ee8d33c3`
SHA256	`f4ba828dc6deff4a4719c975a47b9a5c1689fc08f74768fd20a005c43ea340bc`
SHA3	`e7185f4bcb2d4a021069595315afd98305ee362a1a515bb4e7608027cb2aa248`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23453`
MD5	`7dec29f73dc6e4cc7befe01f50852f7d`
SHA1	`0b3709c1fc9520899c769de0d897297a8fe59ab0`
SHA256	`4553c622c04d9e02986e6a1a6f835d30b2a8c4dc9aa1163744908b95c8414f08`
SHA3	`da3e2930c5033c092932d210a923d57c1345a968d3f82898c2f1ac02449be5e6`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82371`
MD5	`d0b46e7029d24521c56547801d08d653`
SHA1	`c10c7b48da527b80167abb211aab42b8ca786a57`
SHA256	`b9a4b04273f13b7f260edf74c1e4dd0aaf7bc6139b49fc2625a82c673bcfce65`
SHA3	`c19e199c5788772d8634a643be56e5b8ad4e37b70a3f662dc0c4b85a9347cd30`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36298`
MD5	`b1412e568f9cca3e46dab3d682c02828`
SHA1	`c3b2cc5924c789b417a3977a32faa0f0716490e4`
SHA256	`db3639609e35e1f3e44a8043b6e79d150a948002cbd331b4cdf11b757d4d4cb2`
SHA3	`d46a128513a6b9314b79258eec18a05f786024faaf902747bd399fd06a8daf78`

IDD_DLGFIN2

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59268`
MD5	`b7d5ed1ba9c286fc09b8852e903c2061`
SHA1	`0caccf1e9f851cfd8efa1339c6b1569d3bec33d8`
SHA256	`7a0bbae05b593f79f6cd4be6a8d5b4972ef3addb3acfc38b388722483221d5fd`
SHA3	`d00fb797270ad0f2ce0cb5438969c7d15938623cc8372591bf6b84d634f421c7`

IDD_DLGLIC2

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88953`
MD5	`7e941b0c01ceadbcdec2607d96c68dd7`
SHA1	`af7af8eb4de32e947a7a2f83890e196d3b2e5472`
SHA256	`3864cfd73ad809ca6b60fb51182c5a939587f6816ce0ba9b0f6e75380332cf65`
SHA3	`f52f6bcab0c7fd4cc05aa9fc0a1c398000af6981fde4bc320e7bf86433e84676`

IDD_DLGPATH

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x220`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68908`
MD5	`3ef3f70a92a3a7cbc171162619ecceaf`
SHA1	`2469a659ebaa6b6a798ff7d15dae049efe2f39d4`
SHA256	`d6f7d315ce79053a5db3f6515d149fbe1c9ba4589a894f2b4b657e3975a59e45`
SHA3	`8cf68837e32dfd043c3db5baa3b8fb89d6d3d7923317f02979fa2f980b3f77c4`

IDD_DLGPROG

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x258`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78207`
MD5	`83f886e48ea671361b4181f25698e302`
SHA1	`03d6789f31f5eac23a133e9fa750d9ac46a0d977`
SHA256	`1fa9bfbe52593bee309852d7f88848c82e5399a22e852d1eb5ef481066ae7675`
SHA3	`d4a681fd2f822899c9d3c5c17b07007e589bc12a17c6799b3e45344bc4479e79`

IDD_DLGSETS

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73533`
MD5	`bc7262db33de6321b90f2a332591a5e1`
SHA1	`cefec5f7de14c05a8ba489e0fcecc3f720814228`
SHA256	`10dd1f32bec73a6c1a534e1933363cf49716469ee96b0b61e785ad33e157afcd`
SHA3	`336492bd4b8e71c316659a11d7bc823982d26ff5bcb0843e8006ad51b4e6c944`

IDD_DLGUCONF2

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x138`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48111`
MD5	`e7aa89917bf6713e33c82b7e708941d5`
SHA1	`8c8478dfe9b1d42b86019a00f7977a4235a306ed`
SHA256	`eb2a0da1ae09220058b7bbd9def25e443af1dfeecbd696323085b5de194961bf`
SHA3	`2411b9d4dc3580dffb834ffd8201c235ebcd0572f84c0f36bcf3c002861f1f61`

IDD_DLGUFIN2

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.57386`
MD5	`13454b71bc108cd9c3a2d7bdfb2e9e6d`
SHA1	`500b8895dc01273d788ed7fa8b68035261015910`
SHA256	`a9b70a9151f3eae98b6818e5f87b8a63f25db68e223c4cc2d0fb30f4418fbdcb`
SHA3	`11eaf281cc183c1a54788de7110f231a00817b77a39715b767c830c9ff38845e`

IDD_DLGUNDEL

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x198`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66424`
MD5	`e45631901d541cd943bfc10f3101e465`
SHA1	`cb900b70f247cd73d91322774b1b11a22833253d`
SHA256	`5b97b0023f2bf2914063717fef44fa78cf8f72bd40b6b0b8a49a4f5d0783b44f`
SHA3	`a8ba20a9378a7cc03dc388350e8dfddab86bb0c35abcee97f10e95fa4f9a9707`

IDD_DLGUPROG

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x198`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68145`
MD5	`de7f7177222038a0ce83ee69d2f86ba3`
SHA1	`984c098eee9fd017420ec9631dde684775d8ee49`
SHA256	`9d9f6148a755725154a3143cb7b2c73197b53ecbea0e0f65d237189307f92ef6`
SHA3	`c65cb95686ad13aa7c88c2cdcd18c15e834ebc62e984c59819fb4217edf0ffc5`

IDD_DLGWEL2

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.49586`
MD5	`3de8469250a01965644090bad40ae930`
SHA1	`478b763401cb2a2a49196bf5fe41bbd16b5ed1c6`
SHA256	`77aff78319a3522825c58bdda87301976f189b64808a77653317e9fbc1d251e7`
SHA3	`888fc863657e09aa4e3ef551062479874d3df15b194c681d3602064db891e9c1`

1000

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.23119`
MD5	`81bf8b7f3015b1d938a97a60fa875b50`
SHA1	`cd01837ff775b450c54b6915339f13ee9914e09f`
SHA256	`03f6404df1247682388152559c2476682359967f670a685fc0a7da7d58c3abd6`
SHA3	`f205479fc1f88d9ad673bb8cd5a584ab65845870e2ff798a7c5a1a0693e3ba67`

SETUP_TEMP

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x318e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97828`
MD5	`e818ac90413fc345646b3a52b5d6dc53`
SHA1	`9d107ce8d9c501985abe827515a3339c088acf05`
SHA256	`1136b5dbcd2f2ffe7b1d1271953814aa91300c80586776b9a54c8e828591e3d0`
SHA3	`b17f8dd46e1388c141e11b21e728279dc5d0e4c33fba000bd4f94f8f55cd2711`

SETUP_ICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69913`
Detected Filetype	Icon file
MD5	`fc8846589a152507308beb48ead7a796`
SHA1	`787c24f9fbf50523b34bcb328ed56d33c4e7ffd7`
SHA256	`4a2d022975e1b62b89e1e757b73f563b68b21b71edf8cac8dbbf062b2cb2d2fe`
SHA3	`8ddbf8de92320682fb04bf04b166aab2b443a9fd6055b504b0c29ee44468a9c9`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x384`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33782`
MD5	`bae68b5903f40d6b571e16aabb04c6cf`
SHA1	`3168aeb5d69568bb60c571a0ba726c0b50834b92`
SHA256	`77858e6d9d8d5004b166ca73351840dfb690b7dfdc97b1b5b4ffed2535c6d2a4`
SHA3	`7bffdee45676e9b0fab7926b43af7181266a18629cd13740671763da1f7bdb68`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x777`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06336`
MD5	`ab6bd5ee9951a0a16fb2dc6a615b9215`
SHA1	`04a15ff6e613286ac015b868511cda0561cfb9e9`
SHA256	`5402fb068aea9848451a39f3f7473d7e0f1e3efaeb316410b96c2359d13c6de2`
SHA3	`d5d6f141d6b53b086fd046555345af08219ac170c506b1546ea31211c006ed8a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.39.0.0
ProductVersion	4.39.0.0
FileFlags	`VS_FF_PRERELEASE`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	SibCode
FileDescription	Junior Icon Editor Setup
FileVersion (#2)	4.39
InternalName	junior-icon-editor
LegalCopyright	Copyright © 2019 SibCode
OriginalFilename	junior-icon-editor.exe
ProductName	Junior Icon Editor
ProductVersion (#2)	4.39

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xcbafd91b`
Unmarked objects	`0`
14 (7299)	`1`
Linker (VS98 build 8168)	`2`
19 (8034)	`5`
Total imports	`40`
C objects (VS98 build 8168)	`17`

e061c78198bdb7b72474aab06674e6a8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.gentee

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

IDD_DLGFIN2

IDD_DLGLIC2

IDD_DLGPATH

IDD_DLGPROG

IDD_DLGSETS

IDD_DLGUCONF2

IDD_DLGUFIN2

IDD_DLGUNDEL

IDD_DLGUPROG

IDD_DLGWEL2

1000

SETUP_TEMP

SETUP_ICON

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors