Manalyze report for e493966557f6719c4e4d23a1466e407c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Dec-11 21:50:45
Detected languages	English - United States
Comments	Distributed by WildTangent
CompanyName	WildTangent
FileDescription	Installer for WildTangent Games App
FileVersion	`4.1.1.36`
LegalCopyright	(C) 2010 WildTangent, Inc.
ProductName	WildTangent Games App
ProductVersion	`4.1.1.36`

Plugin Output

Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Can access the registry: RegDeleteKeyA RegOpenKeyExA RegEnumValueA RegDeleteValueA RegCloseKey RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: CreateFileA GetTempPathA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Changes object ACLs: SetFileSecurityA` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: WildTangent Inc` `Issuer: thawte SHA256 Code Signing CA - G2`
Safe	VirusTotal score: 0/66 (Scanned on 2018-01-09 06:49:04)	`All the AVs think this file is safe.`

Hashes

MD5	`e493966557f6719c4e4d23a1466e407c`
SHA1	`ede76455ee2a3d781f584381b9e1848bdd38989c`
SHA256	`ba930c5604b5084ca3ea47b3274910e7fef059e48cd99b56cedb7572c02ab27c`
SHA3	`b3238236a177ebf4d98887a0726f68dc5596854039b19195b459e62d704d71d5`
SSDeep	`24576:6oHmSQgOZ6UAwFYChGSWblqqYojmmCUnqyQCh3mZUBjmUx:6TzUkhRWb4fRTyj2Yx`
Imports Hash	`ccc86c26d13cc5dac6b692ee1ca646c9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Dec-11 21:50:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x1d000`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000032BF (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x5a000`
SizeOfHeaders	`0x400`
Checksum	`0x1312e5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1892c55874b94ef60ac62cf77f0ecd0e`
SHA1	`95487725a8bb3a7284cb15204d9d83d8dd16a070`
SHA256	`c46db17bdcc6d27e134436026027456b8e5522cee7aa5056d4f513430c3d203c`
SHA3	`b10a21e295e30ef344b55eeb7b57bd384ed5b3ec36c475bd899a58fc47272aa8`
VirtualSize	`0x5e59`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42419`

.rdata

MD5	`6389f916226544852e494114faf192ad`
SHA1	`5a8bd7dc51e26e238ac906646d9390d89e9de99b`
SHA256	`96fda7c3b5c92d7089fdd266fb9069a5490e2ae8ea7704c5a15f8ef53ee746ad`
SHA3	`4b0f9cf9e8c6bf0014311228d4e775d5a3ef7c286d6e4b0c9e2e4756a62b3dba`
VirtualSize	`0x1246`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0004`

.data

MD5	`f02c8b5709d3fb8c6cc1ab777c138d8f`
SHA1	`c95896cfaab005ecd71497fdbf013ea77cf1b85a`
SHA256	`c3888e36a58e370976092a6f7d0374b84cc2465856675cb58dd9c7de3d5f009b`
SHA3	`3653898572e644df42cf75d23f90306c1157fd59276df04098ff493909f5ce50`
VirtualSize	`0x1a818`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.21193`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa000`
VirtualAddress	`0x24000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`3127bdb2680e567bf569b4c6da441efc`
SHA1	`819d7533a2f0e5258e8658632e424b3fdbb3a5fa`
SHA256	`e63847c2af569da683f3b929c1257b60f90d731b4d82e988ec00a7d6a4231d8f`
SHA3	`74b3b346e86406fb047d43e917da426a52546867b78a246184fb13bd5196b90e`
VirtualSize	`0x2b5b8`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x2b600`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.42447`

Imports

KERNEL32.dll	`CopyFileA` `Sleep` `GetTickCount` `CreateFileA` `GetFileSize` `GetModuleFileNameA` `ReadFile` `GetFileAttributesA` `SetFileAttributesA` `ExitProcess` `SetEnvironmentVariableA` `GetWindowsDirectoryA` `GetTempPathA` `GetCommandLineA` `lstrlenA` `GetVersion` `GetCurrentProcess` `GetFullPathNameA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `GetLastError` `CreateDirectoryA` `CreateProcessA` `RemoveDirectoryA` `GetTempFileNameA` `WriteFile` `lstrcpyA` `MoveFileExA` `lstrcatA` `GetSystemDirectoryA` `GetProcAddress` `CloseHandle` `SetCurrentDirectoryA` `MoveFileA` `CompareFileTime` `GetShortPathNameA` `SearchPathA` `lstrcmpiA` `SetFileTime` `lstrcmpA` `ExpandEnvironmentStringsA` `lstrcpynA` `SetErrorMode` `GlobalFree` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `GetPrivateProfileStringA` `FindClose` `MultiByteToWideChar` `FreeLibrary` `MulDiv` `WritePrivateProfileStringA` `LoadLibraryExA` `GetModuleHandleA` `GetExitCodeProcess` `WaitForSingleObject` `GlobalAlloc`
USER32.dll	`ScreenToClient` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `GetWindowLongA` `SetCursor` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `PostQuitMessage` `GetWindowRect` `EnableMenuItem` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `EndDialog` `RegisterClassA` `SystemParametersInfoA` `CreateWindowExA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `GetDC` `CreateDialogParamA` `SetTimer` `GetDlgItem` `SetWindowLongA` `SetForegroundWindow` `LoadImageA` `IsWindow` `SendMessageTimeoutA` `FindWindowExA` `OpenClipboard` `TrackPopupMenu` `AppendMenuA` `EndPaint` `DestroyWindow` `wsprintfA` `ShowWindow` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `ShellExecuteA` `SHFileOperationA`
ADVAPI32.dll	`RegDeleteKeyA` `SetFileSecurityA` `OpenProcessToken` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `RegOpenKeyExA` `RegEnumValueA` `RegDeleteValueA` `RegCloseKey` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_Create` `ImageList_AddMasked` `ImageList_Destroy` `#17`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoCreateInstance`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12645`
MD5	`4eb6e090d8639c21ac6160fb7f8d1c8d`
SHA1	`50cf8b82da5242ef0370cf3627013043ba782ffd`
SHA256	`89a3bcdbeb840062dab2f738d6abfde1e12d06e60df71e1357bf692729c01218`
SHA3	`0548e2c573abdb82effa44b624581ae80511b7c80829e94c08895cbb41927802`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11d20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98933`
Detected Filetype	PNG graphic file
MD5	`76b1097092c4a663ce16870965cd8243`
SHA1	`080d8215a6c1f649db933bb86f4f09f909a7759d`
SHA256	`151734837b03b2351a80f4aed9734893b3ca2cacf1d576351d7b28f404afccd8`
SHA3	`27560a6f3867a86b94d1f31ddaca35cfa0f1c3bd2e02e027ed274c181357ad73`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.53219`
MD5	`0c517b6ecc8c60e9d4a45f9872e6d10e`
SHA1	`b7d9e033387729990da9d1cbd864aada53bf3118`
SHA256	`540a3d28c800c1240d3ed37b21e8039eae859aa150533580fc414c0efea28dba`
SHA3	`12dd74bbd2532a1a05918b6017e0a1e59a83c241a75cedef0c353092a5f107ea`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.55192`
MD5	`12719b111af8d745b09492d3325f6b3e`
SHA1	`7fe7ad90de4b416ae2e7064da8b1e60e2e371301`
SHA256	`c390ddbd5e25d65697d728ed866f9e9b82f821d78bac7d681b071d62f46a1904`
SHA3	`a36ccb16cd23117068c24466eb1f6e2b4f19ea5e42c4ea5744d94a7314919cf6`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.6727`
MD5	`b22fc2b4c7bbaf2a3fc54c4f8af5f434`
SHA1	`d5e1139872895465c5f928bdc7fe9be8452dd4fc`
SHA256	`9a585918a1928e48c834cf2e075f1afea7ee095dba0dd545177d4ca3efea3e65`
SHA3	`3811db8b62c4b51b4ac35bcd7f93752cc05281e069c9dd49a689d6c428f2fb49`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.52962`
MD5	`00ec4b4221296cb243fc505ddc509f98`
SHA1	`d27c48966bd3da72c785b0d9b5a92200ff70685b`
SHA256	`751faee91b50237ec9801659c660137f670846f4bee50dff46e793fc866b9e85`
SHA3	`532cf222612dd37db39a326e1c19ac90ff083f1d3bad97245878c63fe1c3b8a9`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.88988`
MD5	`92fdb063314207da119b0bd46ccceb9d`
SHA1	`e74be164a6c642a88e824579a839a0ced91b7799`
SHA256	`66fea3a03ce093bb792e0944e389e25434a565f7fda9684cd590e33ebd98ad3c`
SHA3	`90ebf3228883c3c0c2db5c05463bd9b8b9def4c6418921d5cb6a20bc6eb1399b`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.66531`
MD5	`56745b3e94ea6fc77da7835ac02684aa`
SHA1	`d1766d2a5308eadc77e626011011b39e08961202`
SHA256	`1cb1c0cfdca402f70622437f1e6191de1d3390d8996e49d0f322d0e0fb48f73f`
SHA3	`f847ecb0a9d37022f0e6b8e252d66995c8979314a6085ef14fc218d4e579dbea`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.20542`
MD5	`640814fa220035931fcdce453e90fa2f`
SHA1	`c88db02182cac6932f8325b946e531791dc47c3b`
SHA256	`6b5b5ade97c35533facbb8466ef5c3fb26dee400d2efb82671c3d82213ca1a3c`
SHA3	`e43e6dce4608ab1c74d91877453e02e2c4348482fdf698201dac1b1e8107af4a`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.33659`
MD5	`121e60f4ff1e6a2aa53967523dec2c54`
SHA1	`5c9c8dbf12990e8203e88bfb93ca76903714b1f0`
SHA256	`e0c3af1637ff1d29454695d20804472f891feb0d1dcc7196237dae64879e8fe3`
SHA3	`8a6e0c11357aa2d5ab013e4d7047704ec41774279fb3b04003598de01d165a38`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48825`
MD5	`6be4e1387d369cf86e68eacbdd0e81dd`
SHA1	`351970fe2681b9b35b5d59ad052011ed96a96e17`
SHA256	`85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0`
SHA3	`45e552e173141e06d113209b6cc915042ad0b4d5531464b8dbe5637029f489cb`

211

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36476`
MD5	`2be3bcd55b1b72399df63e9c689d8f5f`
SHA1	`e57896fa1df9372b1c5a9e763d1da7a77af521ce`
SHA256	`564c895446fafa8f70c06d52141b03bb6bbab392ce362cae8c345a60c7519c99`
SHA3	`dfcd3b0ca5972684d1c4f55b1d0e316d3d32e3c9ee7ebacdd15b8caee47b2c05`

311

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63292`
MD5	`9fd86d0859f2cb45a303f2eccbb728ef`
SHA1	`e5ee9f452cb943e5c3b21783da7abf4a748d9ca2`
SHA256	`66c5a54fc613b3a72b0ce1651649944bfbef2d0c2068f2ecba821ed82188496c`
SHA3	`7fe952e87ecbbdf41b8934c0cd40f81161a5b312c4640e037bd47dca5b16717d`

411

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36476`
MD5	`a6e82d7b05a5b3f5961b64f1642a06ee`
SHA1	`12b290ffc5492d4ee7fcb2398411f5cd8e2f63fd`
SHA256	`e9c101b10de7cb49faad8c6cbc66a8c98b63d107c92fbd6160bf711149450786`
SHA3	`aa6c8ba15c0f1fd950ab322991aff62e650279e97a3f3c6b885148ed427c7059`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88417`
Detected Filetype	Icon file
MD5	`78fe2abfa3cbbd89de8b397e902e5d65`
SHA1	`0201e88bc8fb17423a1d4e39d5aca919c8cfd295`
SHA256	`167302bdf0885707bcbb1ebdb6bef28af1acd585b3b177a9286c276bf48e73be`
SHA3	`477e9b5cbbf39dfb8dcf806104fbfc699dc0c465ac68cff9da467f14f57bd9da`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35071`
MD5	`dea16df5f2a65fa83fbefd702e55222f`
SHA1	`bc0f6581e49020422907e175c69bd3fc6a1c6091`
SHA256	`42462b42e95ee71a80a77b340f03232f4cdf6e58ac770b98f9fd0bc7f905609e`
SHA3	`8cfa6947b808fb6d9244b7e31f13fd837094aa2e8a561f5f035b99fb7b2bf51d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x423`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2963`
MD5	`49137dfb57a353a38f72136416dc3e9f`
SHA1	`f96b4de727ee77d62134f240328a853eba69d878`
SHA256	`008dbe3201f83d981e0890a802c73f74b854486734d10232bac2f36b821edb84`
SHA3	`b8a14406a78b27ab6d00853dc8c421ee5b0f18aed1179610f22200b1e9559832`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	4.1.1.36
ProductVersion	4.1.1.36
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Distributed by WildTangent
CompanyName	WildTangent
FileDescription	Installer for WildTangent Games App
FileVersion (#2)	4.1.1.36
LegalCopyright	(C) 2010 WildTangent, Inc.
ProductName	WildTangent Games App
ProductVersion (#2)	4.1.1.36

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd246d0e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`159`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!