Manalyze report for e8804078258fc77a76bd1f6838c8c7f10fb3df9b0af7ab68d09d613089c3f70c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jun-30 04:44:48
Detected languages	English - United Kingdom
Debug artifacts	C:\temp\build\ThirdPartyPlugins\LockedList\Win32\Release\LockedList.pdb
CompanyName	Afrow Soft Ltd.
FileDescription	LockedList NSIS plug-in
FileVersion	`3.0.0.4`
InternalName	LockedList
LegalCopyright	Copyright © Stuart Welch 2014
OriginalFilename	LockedList.dll
ProductName	LockedList NSIS plug-in
ProductVersion	`3.0.0.4`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Manipulates other processes: OpenProcess`
Info	The PE is digitally signed.	`Signer: Trihedral Engineering Limited` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Suspicious	VirusTotal score: 1/67 (Scanned on 2024-02-03 08:01:24)	`DeepInstinct: MALICIOUS`

Hashes

MD5	`26d6062056ff045d19e1aa031bb7165b`
SHA1	`ff498c502cce1063f961f04e40494182360cbc68`
SHA256	`e8804078258fc77a76bd1f6838c8c7f10fb3df9b0af7ab68d09d613089c3f70c`
SHA3	`26a7fab61b741e0f5c1ff5011f40f06a2d495b26bc4a0ad8288016765e8c1ae8`
SSDeep	`768:rjsM/rDb7V/OtttOxkG8wSJShlf5x15MtJq3DdDGive5hmf:UKL4jtdNJST/15sw3B1`
Imports Hash	`ec7f7fb5d5936eff6100a8e1a2a7d2c4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Jun-30 04:44:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x4a00`
SizeOfInitializedData	`0x4400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003EFA (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x400`
Checksum	`0xebca`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2e52a8ad2be6d27b0b27658b68d57869`
SHA1	`705c83e013aca35a6939b2a55ca9b620dda0a11f`
SHA256	`427040446b35ab00755e8f4ed2e921d4ae4b79fa193a9c66e5d30f683ed485d9`
SHA3	`c17b9427487c87e47dcd0c84b4a91d6bbcd8a8038628c753843452f4cb917787`
VirtualSize	`0x4838`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.19258`

.rdata

MD5	`2576ab7a167a4166ac18f672b107ad04`
SHA1	`b6224cca7a840155dd15dea006e5e0726f425fd3`
SHA256	`8b8cd7343044b2d7f38c2bca375cc195648e9254f9c9ab9f02b964bf67c81397`
SHA3	`b7ca758fec4904e99409fca85032b95161afda0b44b0c25d0ab5e8dfab828755`
VirtualSize	`0x14ee`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.96612`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1d20`
VirtualAddress	`0x8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`0ae9dd3bfbcaf8c5f2f2402bc1080760`
SHA1	`3f53512b8223427edde5801486d5afff48ad2ae0`
SHA256	`3a8288ce7dad51fa3c11cab7e61bd828c2b2a4aad531b18536ccd85a08a05d2e`
SHA3	`0a433b8a90f7f06e4928e3864c76ecaf54c692c2efd3505e1a2e6267b14cd315`
VirtualSize	`0x480`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.63101`

.reloc

MD5	`272758fbeadf7045c376e69aa0cc2319`
SHA1	`e8651c9776fca6dc7fad1334da5cc1e2cafbfab4`
SHA256	`fcd7e2a3374253f0077196b58d3756d313b38c552ce1af66b4ea675eb9b654f0`
SHA3	`fb436d797f74cdd8f7c664228c5014042872ae28f5f6dcadd1b4428c3f72e2c4`
VirtualSize	`0x978`
VirtualAddress	`0xb000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63141`

Imports

COMCTL32.dll	`ImageList_ReplaceIcon` `ImageList_Create`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoSizeA` `GetFileVersionInfoA`
SHLWAPI.dll	`PathFileExistsA` `PathAppendA` `PathRemoveFileSpecA`
KERNEL32.dll	`ResetEvent` `GetProcAddress` `LoadLibraryA` `GetModuleFileNameA` `GetCurrentProcess` `lstrlenW` `TerminateProcess` `WaitForMultipleObjects` `lstrlenA` `WaitForSingleObject` `LocalAlloc` `lstrcmpA` `lstrcatA` `GetModuleHandleA` `OpenProcess` `GetExitCodeThread` `Sleep` `GetLastError` `CreateFileA` `GlobalAlloc` `lstrcpyA` `GlobalFree` `CloseHandle` `CreateThread` `LocalFree` `GetCurrentProcessId` `WideCharToMultiByte` `lstrcmpiA` `MultiByteToWideChar` `lstrcpynA` `QueryDosDeviceA` `DuplicateHandle` `GetVersion` `SetEvent` `TerminateThread` `CreateEventA`
USER32.dll	`CharLowerA` `SetCursorPos` `GetDlgItem` `GetClientRect` `AppendMenuA` `CreateDialogParamA` `SetCursor` `SetClipboardData` `SendMessageA` `TranslateMessage` `CreateWindowExA` `DestroyMenu` `MoveWindow` `MessageBoxA` `SetWindowTextA` `MapWindowPoints` `GetWindowTextA` `EmptyClipboard` `CallWindowProcA` `CloseClipboard` `SetWindowLongA` `IsDialogMessageA` `GetCursorPos` `OpenClipboard` `IsWindow` `ShowWindow` `wsprintfA` `TrackPopupMenu` `MsgWaitForMultipleObjects` `GetClassNameA` `CreatePopupMenu` `GetSystemMetrics` `ScreenToClient` `PostMessageA` `SetActiveWindow` `SetWindowPos` `SendMessageTimeoutA` `DestroyWindow` `GetWindowRect` `DispatchMessageA` `LoadImageA` `GetMessageA` `EnumWindows` `GetWindowLongA` `GetWindow` `GetWindowThreadProcessId` `EnableWindow` `DestroyIcon` `PeekMessageA`
ADVAPI32.dll	`AdjustTokenPrivileges` `LookupPrivilegeValueA` `OpenProcessToken`
SHELL32.dll	`ExtractIconExA` `ShellExecuteExA`

Delayed Imports

AddApplications

Ordinal	`1`
Address	`0x3628`

AddCaption

Ordinal	`2`
Address	`0x3597`

AddClass

Ordinal	`3`
Address	`0x3506`

AddCustom

Ordinal	`4`
Address	`0x3670`

AddFile

Ordinal	`5`
Address	`0x33e4`

AddFolder

Ordinal	`6`
Address	`0x3864`

AddModule

Ordinal	`7`
Address	`0x3475`

CloseProcess

Ordinal	`8`
Address	`0x3d7c`

Dialog

Ordinal	`9`
Address	`0x39a7`

EnumProcesses

Ordinal	`10`
Address	`0x3e6b`

FindProcess

Ordinal	`11`
Address	`0x3c99`

InitDialog

Ordinal	`12`
Address	`0x390c`

IsFileLocked

Ordinal	`13`
Address	`0x3c17`

Show

Ordinal	`14`
Address	`0x3990`

SilentPercentComplete

Ordinal	`15`
Address	`0x3bd3`

SilentSearch

Ordinal	`16`
Address	`0x39e1`

SilentWait

Ordinal	`17`
Address	`0x3ae5`

101

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21147`
MD5	`8078e5912d4241658f0d2ec6a528cc9a`
SHA1	`84d4dd8c7aef877af23f36a6f4e78aeaf349b2f8`
SHA256	`e9e9e72688ccaa0a76fe5e27f514b47d0d34d0c5a317055ac07aaa411dd00d31`
SHA3	`7b01889d5a9af251515e8e98a3ca72052467083360b9dac56fed6a40d9896867`

1

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x308`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41791`
MD5	`bb9cb0e5dbbc8a1bd7e4ec273e871a1c`
SHA1	`a014fd800ed29e8f6d8aca550d1c0aa616762c4b`
SHA256	`f7ea1147e00a894d89fafbdbc4e5de8f0f9dafc2525f9bc5531e6e47b967b2c6`
SHA3	`da41469488cb01f8b8f696d29a9f0e24fc1da1f4b8528b0635cdf33e17809d20`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.0.4
ProductVersion	3.0.0.4
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United Kingdom
CompanyName	Afrow Soft Ltd.
FileDescription	LockedList NSIS plug-in
FileVersion (#2)	3.0.0.4
InternalName	LockedList
LegalCopyright	Copyright © Stuart Welch 2014
OriginalFilename	LockedList.dll
ProductName	LockedList NSIS plug-in
ProductVersion (#2)	3.0.0.4

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Jun-30 04:44:48
Version	`0.0`
SizeofData	`96`
AddressOfRawData	`0x6a64`
PointerToRawData	`0x5864`
Referenced File	C:\temp\build\ThirdPartyPlugins\LockedList\Win32\Release\LockedList.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Jun-30 04:44:48
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x6ac4`
PointerToRawData	`0x58c4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Jun-30 04:44:48
Version	`0.0`
SizeofData	`236`
AddressOfRawData	`0x6ad8`
PointerToRawData	`0x58d8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Jun-30 04:44:48
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x989b9dec`
Unmarked objects	`0`
Imports (65501)	`15`
Total imports	`98`
C++ objects (VS2015 UPD3.1 build 24215)	`1`
C++ objects (LTCG) (VS2015 UPD3.1 build 24215)	`3`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

Errors

[*] Warning: Section .data has a size of 0!

Leave a comment

No comments yet.