Manalyze report for eb3a2e8678d65259a76c11198bebcd89

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Feb-12 10:21:09
Detected languages	English - United States Process Default Language
Comments	Eraser Setup Bootstrapper
CompanyName	The Eraser Project
FileDescription	Eraser Setup Bootstrapper
FileVersion	`6.2.0.2992`
InternalName	Eraser Setup Bootstrapper
LegalCopyright	Copyright Â© 2008-2021 The Eraser Project
OriginalFilename	Eraser Setup Bootstrapper
ProductVersion	`6.2.0.2992`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 98.049% of the executable.`
Info	The PE is digitally signed.	`Signer: Heidi Computers Ltd` `Issuer: GlobalSign CodeSigning CA - SHA256 - G3`
Safe	VirusTotal score: 0/70 (Scanned on 2022-12-27 11:37:50)	`All the AVs think this file is safe.`

Hashes

MD5	`eb3a2e8678d65259a76c11198bebcd89`
SHA1	`2307953474d5ce0ca357f5f48b2b5e165469e405`
SHA256	`ac33f037fc548bae5b287668a625009e5b11f6424babf742a2532458b55380f6`
SHA3	`28d9f81c5d00162f996e54e113b6f0804030964aa8a46ae0b7fa6df894b7b59c`
SSDeep	`196608:qXBBxGfaaMKkTNKJ8mlpEENcpQ27jhLua0XOswJI9R:qRDOtMKkUJJl+fq27ja9R`
Imports Hash	`e019972e242a5156018177f8de42b357`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2021-Feb-12 10:21:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x19000`
SizeOfInitializedData	`0x840a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000D4EF (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x861000`
SizeOfHeaders	`0x400`
Checksum	`0x85e541`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`07797eae86e5fb9e525d92534b84be92`
SHA1	`a5b6765bce98712216fb013d7b7f55c3caf00f9d`
SHA256	`9f120eebf8c8ec3a75c4cdce82effb873cfeefb4f99a96827670e5879a4b598b`
SHA3	`8486e4c3be56b03a6cbbfdfdab11e14575131078511c5e968cbe14882cb1a4f8`
VirtualSize	`0x18e8b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x19000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64603`

.rdata

MD5	`f44b2aea7c7eac0f72a5b9f30080aca5`
SHA1	`756e135935adc5fc9e5118a64858947fb01d2b9b`
SHA256	`0dc1fad50272d2cd6d0f29717fa43ec102fe977f1da6b0b2ddcf9dfcc6203ba6`
SHA3	`7defb97abad7a31f8c188096cca5733ebf8a3c3d3f99efc2cf64aa4450783315`
VirtualSize	`0xb95e`
VirtualAddress	`0x1a000`
SizeOfRawData	`0xba00`
PointerToRawData	`0x19400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.56876`

.data

MD5	`99bc6090134296b029c94942e47b0219`
SHA1	`87ae7c2b7c7b8867807c94fe34e1b617ef324793`
SHA256	`7748dd68bbdf357346dbf96aeb8ea44a037311c82f7d69a32e6f5d7604ebb2a1`
SHA3	`f79bb6f5a2ee408f2f4b5b79c1da40b7a30246c04787aafc7f12eabeac775577`
VirtualSize	`0x3920`
VirtualAddress	`0x26000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x24e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.69625`

.gfids

MD5	`8dfa46ee9af3a7cec50ca399131170dc`
SHA1	`c963d2bd07db6f68a70d2fdcbf55e66bc50e7a8d`
SHA256	`2ed9614b274bc9d8d7588abcfb63682e328ab583eaa266e54c72fe0fb0304364`
SHA3	`fa50526fbe1b8f1b3b52d72721d267cd497e1c2183c8323a577fe2b0604a28dc`
VirtualSize	`0x150`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52762`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`cb069a05b8edc6a83c1ec5d3cfbe1652`
SHA1	`dcc8a3640f6c0fbd9ac3a1c84d9c18d1221d58d5`
SHA256	`f71edc4444d3d5b3686b93863f85049e5d2b088053720ea73f2fea86e8817f84`
SHA3	`0486f9fef26ef98d0a7a0b08ba37500051fa5e978f7aa67823b93c8a8001887a`
VirtualSize	`0x832530`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x832600`
PointerToRawData	`0x25e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99981`

.reloc

MD5	`f434c0d43c0cb7937f7aa3748be4077c`
SHA1	`8a782fe127a370027506bcd1c6b8139f13559c63`
SHA256	`562d172d0a25a86e10d1df2f8c26b9d82a7417a1d6e78a890a1e5586f4fb4bc1`
SHA3	`a395881748800ad7127d87ededae633fac8421c1a766e3d281dbb03838c9e4e4`
VirtualSize	`0x19ac`
VirtualAddress	`0x85f000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x858400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54345`

Imports

COMCTL32.dll	`#17`
KERNEL32.dll	`GetFileSize` `UpdateResourceW` `EndUpdateResourceW` `FindResourceW` `LoadResource` `SizeofResource` `LockResource` `CreateProcessW` `WaitForSingleObject` `GetExitCodeProcess` `GetNativeSystemInfo` `CreateDirectoryW` `RemoveDirectoryW` `FindFirstFileW` `DeleteFileW` `FindNextFileW` `FindClose` `GetTempPathW` `GetModuleFileNameW` `FormatMessageW` `ReadFile` `BeginUpdateResourceW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `HeapSize` `SetStdHandle` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `IsValidCodePage` `FindFirstFileExW` `GetFileType` `GetProcessHeap` `FlushFileBuffers` `WriteFile` `GetLastError` `CreateFileW` `CloseHandle` `WideCharToMultiByte` `MultiByteToWideChar` `EncodePointer` `DecodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `SetLastError` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetModuleHandleW` `GetProcAddress` `GetStringTypeW` `LCMapStringW` `GetCPInfo` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeSListHead` `RaiseException` `RtlUnwind` `FreeLibrary` `LoadLibraryExW` `HeapAlloc` `HeapReAlloc` `HeapFree` `ExitProcess` `GetModuleHandleExW` `GetStdHandle` `GetACP` `WriteConsoleW`
USER32.dll	`DefWindowProcW` `CallWindowProcW` `PostQuitMessage` `SetWindowTextW` `SetWindowLongW` `GetWindowLongW` `EnableWindow` `UpdateWindow` `InvalidateRect` `ShowWindow` `RegisterClassExW` `LoadCursorW` `LoadIconW` `SendMessageW` `CreateWindowExW` `DestroyWindow` `DispatchMessageW` `TranslateMessage` `GetMessageW` `PeekMessageW` `MessageBoxW` `SystemParametersInfoW`
GDI32.dll	`CreateFontIndirectW`
SHELL32.dll	`CommandLineToArgvW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.90309`
MD5	`660e7dc2a2bbf20812dc4c90c0574e7b`
SHA1	`141834be1d56cac2831131a1e404cfb3769fb965`
SHA256	`f8d876b3d33f3183dfd0a9c37e8bbaad61e683261c8d0424e1c877a319f25bba`
SHA3	`4d8a80166a0a1573ece08f478a14b9d4bfcf68f24f84dbb645e3aafe4b6bc577`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.4813`
MD5	`75e7353512949c10966229fb87cae1f9`
SHA1	`a8eae603adb710066b178c6c404392643d75aacc`
SHA256	`300b7819e45df44e145958e91533c9e655f97ac66fc42e46d5bb4e79359c2b9d`
SHA3	`9e182d522fd206193470c440d1b38b99a4466e782d8209281b7a4f662d66abaf`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.28449`
MD5	`420d505f11cb3e82bcf50b9dddbdf437`
SHA1	`e0143d4e55c43cee4723d42b5d0cb6f2f217107f`
SHA256	`15567b682ac3032e739d8ea374ed8700c9fe1e0023a9868d0f805e77a0efdcdc`
SHA3	`ac1f74e6eadf705b23ce1da358f5baafb1f8b012b49a3e71cc161f8779f66915`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x85dd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97982`
Detected Filetype	PNG graphic file
MD5	`468c77d923ce6941c3691a202a113a85`
SHA1	`6ccee54351eb5386df4ca8685f9b5baa3f7e6f49`
SHA256	`ddbd925d4145260b9ea009b14cb58fa67ac6d9d7a5640ca784ec70625cb4b047`
SHA3	`9ed7d87cf25a146244c0af72d5af2895d253b7ea5011e330d3a9842bb15342d3`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13976`
MD5	`5a428750070a945df379745c037b7741`
SHA1	`694073d5d14d6eb4a2927386c8f4fe00bb3d148b`
SHA256	`ecb29cf0700863e0297240d041018f2804d2d3128170347c845942d5398d682e`
SHA3	`bb72854bef98338c24edd27b2e678386b1031a65a7ac39016e510838905a31db`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09265`
MD5	`019910b4c86131bc82d7c93073ff70a1`
SHA1	`0b2b0f1da3f5a18769ac0f634a4c2bea5b369c00`
SHA256	`850c4472a478ebad3f2dcb3340f3169fb70584c3315f8cd7248277e1693ef8c6`
SHA3	`19fb3b45b62a6f147dfc1f08121f5bcb197df0c982f63b4caeeea6df7e21d33c`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11893`
MD5	`177ea560567140c6b6074a85d30566cd`
SHA1	`d9760ad67a9d4cb67e5158362958dd42287b524c`
SHA256	`1d95eeb0e54d89946dc53f67c4015f003bdfc3035bf2bb122cb14f68a1e3175e`
SHA3	`a41bfe87cbeeb849e4a31a4a4cf02a273bb105caed9e227934d8adbc0cde9a64`

101

Type	`RT_RCDATA`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x823f18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99997`
Detected Filetype	7-Zip compressed file
MD5	`d313fcc7e852e3e6c6c3db56d5cb6285`
SHA1	`b0e3a5f98b65118ffc001171239ff0795c9613a7`
SHA256	`f897c77c78e0867beac8cf20672824eaa1fcd69b19edb748f12907189b6f40cd`
SHA3	`a57e0722a9bd9b890b8dff16a83a6bf45d5a07a01befb5380984022a58b79360`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71858`
Detected Filetype	Icon file
MD5	`7b4d3af61da5d5b0b6014b46c9d0d952`
SHA1	`57d6a342fc7d4de130075592e5b8772e4d2321dd`
SHA256	`09c1515ecfa54e34544a2470b2c7da30ea8a20db634dcfdf51400ba72d174521`
SHA3	`c9446913828ab5e79fffc3f7e5959c587d83ae31bc5197facf51d1230fbb33f8`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41295`
MD5	`997063ba51854568026b701481aae193`
SHA1	`88f93562461d48866d54d72af31cf1f2fe80763b`
SHA256	`2757c9b4e15df8c08d23cc3f0cd2ef9a964569a9d14e5717acc4d383c39f82a1`
SHA3	`db9afdb8be1c511229c069cd35491fc124704c9da4e33eb8d991ee2e6824f3bc`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x260`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11909`
MD5	`94b6bd63e760deac181845e28a69f57a`
SHA1	`9507d501a31045b7d24780be3d6ed6b03d282f39`
SHA256	`b567c754a8e3c74259e3d973adaf812ace9f83851629d2a04a88bc98d18fce52`
SHA3	`c3fb6e966c095dd3390f2cab86644d02c4cf8a2dd143a0a20fabf11d5c91f6c7`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.2.0.2992
ProductVersion	6.2.0.2992
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Eraser Setup Bootstrapper
CompanyName	The Eraser Project
FileDescription	Eraser Setup Bootstrapper
FileVersion (#2)	6.2.0.2992
InternalName	Eraser Setup Bootstrapper
LegalCopyright	Copyright Â© 2008-2021 The Eraser Project
OriginalFilename	Eraser Setup Bootstrapper
ProductVersion (#2)	6.2.0.2992

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Feb-12 10:21:09
Version	`0.0`
SizeofData	`960`
AddressOfRawData	`0x240e8`
PointerToRawData	`0x234e8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Feb-12 10:21:09
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x42b000`
EndAddressOfRawData	`0x42b008`
AddressOfIndex	`0x427030`
AddressOfCallbacks	`0x41a22c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x426070`
SEHandlerTable	`0x424090`
SEHandlerCount	`22`

RICH Header

XOR Key	`0x74b61f7f`
Unmarked objects	`0`
241 (40116)	`12`
243 (40116)	`135`
242 (40116)	`29`
ASM objects (VS2015 UPD3 build 24123)	`21`
C++ objects (VS2015 UPD3 build 24123)	`54`
C objects (VS2015 UPD3 build 24123)	`34`
Imports (65501)	`13`
Total imports	`138`
C++ objects (LTCG) (24234)	`19`
Resource objects (24234)	`1`
151	`1`
Linker (24234)	`1`

eb3a2e8678d65259a76c11198bebcd89

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.gfids

.tls

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

101

100

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors