3ed410db724e5219738e764c3c9a7a575f6f8ba1ee357c2d3f2bf546187f0352
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2019-Dec-17 09:36:36 |
| Detected languages |
English - United States
|
| Debug artifacts |
C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb
|
| CompanyName | Proton Technologies AG |
| FileDescription | ProtonVPN Installer |
| FileVersion | 1.13.4 |
| InternalName | ProtonVPN_win_v1.13.4-139b12d9 |
| LegalCopyright | Copyright (C) 2020 Proton Technologies AG |
| OriginalFileName | ProtonVPN_win_v1.13.4-139b12d9.exe |
| ProductName | ProtonVPN |
| ProductVersion | 1.13.4 |
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to security software:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA256 Uses constants related to AES |
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: ProtonVPN AG
Issuer: GlobalSign CodeSigning CA - SHA256 - G3 |
| Safe | VirusTotal score: 0/69 (Scanned on 2020-03-29 08:16:44) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x118 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2019-Dec-17 09:36:36 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x16ca00 |
| SizeOfInitializedData | 0x92000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0011952F (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x16e000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x204000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0xdcaf94 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
.reloc
Imports
| KERNEL32.dll |
GetModuleFileNameW
FormatMessageW OutputDebugStringW CreateFileW CloseHandle WriteFile DeleteFileW HeapDestroy HeapSize HeapReAlloc HeapFree HeapAlloc GetProcessHeap RemoveDirectoryW GetTempPathW GetTempFileNameW CreateDirectoryW MoveFileW GetLastError SizeofResource LockResource LoadResource FindResourceW FindResourceExW EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount GetCurrentThreadId RaiseException SetLastError GlobalUnlock GlobalLock GlobalAlloc MulDiv lstrcmpW CreateEventW SetEvent InitializeCriticalSection lstrcpynW WaitForSingleObject CreateThread GetProcAddress LoadLibraryExW DecodePointer Sleep GetDiskFreeSpaceExW GetExitCodeThread GetCurrentProcessId FreeLibrary GetSystemDirectoryW lstrlenW VerifyVersionInfoW VerSetConditionMask lstrcmpiW GetModuleHandleW LoadLibraryW GetDriveTypeW CompareStringW FindFirstFileW FindNextFileW GetLogicalDriveStringsW GetFileSize GetFileAttributesW SetFileAttributesW GetFileTime CopyFileW ReadFile SetFilePointer FindClose MultiByteToWideChar WideCharToMultiByte GetCurrentProcess GetSystemInfo WaitForMultipleObjects ReadConsoleW VirtualProtect VirtualQuery LoadLibraryExA GetStringTypeW GetShortPathNameW SetUnhandledExceptionFilter GetEnvironmentVariableW GetEnvironmentStringsW LocalFree LoadLibraryA GetModuleFileNameA GetFullPathNameW GetCurrentThread FlushFileBuffers SetConsoleTextAttribute GetStdHandle GetConsoleScreenBufferInfo CreateProcessW GetExitCodeProcess GetTickCount GetCommandLineW SetCurrentDirectoryW SetEndOfFile EnumResourceLanguagesW GetLocaleInfoW GetSystemDefaultLangID GetUserDefaultLangID GetWindowsDirectoryW GetSystemTime SystemTimeToFileTime FileTimeToSystemTime CreateToolhelp32Snapshot Process32FirstW Process32NextW ResetEvent GlobalFree GetPrivateProfileStringW GetPrivateProfileSectionNamesW WritePrivateProfileStringW GetLocalTime CreateNamedPipeW ConnectNamedPipe TerminateThread LocalAlloc CompareFileTime CopyFileExW OpenEventW PeekNamedPipe IsProcessorFeaturePresent WaitForSingleObjectEx UnhandledExceptionFilter TerminateProcess IsDebuggerPresent GetStartupInfoW QueryPerformanceCounter GetSystemTimeAsFileTime InitializeSListHead EncodePointer InterlockedPopEntrySList InterlockedPushEntrySList FlushInstructionCache VirtualAlloc VirtualFree QueryPerformanceFrequency SwitchToThread TlsAlloc TlsGetValue TlsSetValue TlsFree GetCPInfo LCMapStringW RtlUnwind ExitProcess GetModuleHandleExW GetFileType IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetConsoleCP GetConsoleMode IsValidCodePage GetACP GetOEMCP FindFirstFileExW GetCommandLineA FreeEnvironmentStringsW SetStdHandle GetFileSizeEx SetFilePointerEx WriteConsoleW |
|---|---|
| msi.dll (delay-loaded) |
#6
#7 #62 #54 #58 #147 #140 #221 #94 #51 #169 #80 #224 #19 #8 #96 #281 #137 #115 #166 #52 #150 #78 #141 #90 #204 #113 #16 #116 #67 #114 #120 #47 #26 #34 #145 #103 #74 #118 #20 #160 #159 #32 #186 #171 #48 #24 #70 #195 #205 #121 #158 #49 #125 #17 #92 #139 |
Delayed Imports
| Attributes | 0x1 |
|---|---|
| Name | msi.dll |
| ModuleHandle | 0x1d22f8 |
| DelayImportAddressTable | 0x1d21cc |
| DelayImportNameTable | 0x1c9218 |
| BoundDelayImportTable | 0x1caca4 |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
221
222
210
219
249
255
10106
10107
10124
10125
1
2
3
4
5
213
214
201
202
203
206
211
212
216
217
218
223
225
2000
10123
9
10
11
12
13
14
15
16
17
18
634
4063
4064
4065
4066
128
1 (#2)
1 (#3)
String Table contents
| Setup |
| This archive is corrupted. |
| This archive has an unsupported version. |
| Windows Installer could not be started. |
| An error occurred while reading the file. |
| An error occurred while extracting. |
| Select the download folder. |
| %s can not be installed on systems with Windows Installer version smaller than %s. |
| Error |
| This package requires Windows Installer version "%s". You have "%s". |
| Please upgrade your Windows Installer. |
| Checking integrity (MD5)... |
| Corrupt file (wrong MD5 signature). File removed. |
| %s Options |
| Extracting the main application files... |
| URL |
| Status |
| Command Line: |
| %s [options] |
| options: |
| /? or /help - displays this message |
| /extract:<directory> - extracts all files in <directory> |
| /listlangs - list languages supported by this setup |
| /exenoui - launches the EXE setup without UI |
| /exebasicui - launches the EXE setup with basic UI |
| /exelang <langId> - launches the EXE setup using the specified language |
| /username - username used by the proxy |
| /password - password used by the proxy |
| /exelog<path_to_log_file> - creates a log file at specified path |
| /exenoupdates - does not check for a newer version |
| <msiOptions> - options for msiexec.exe on running the MSI package |
| Name |
| Action |
| Skip |
| Download |
| Install |
| Installed |
| Not Found |
| Open Site |
| Installing %s |
| Press the Next button to download the prerequisites. |
| Press the Next button to install the prerequisites. |
| Press the Next button to open the prerequisites' web sites. |
| Press the Finish button to install the main application. |
| Pause |
| Resume |
| Required: any. |
| %s Setup |
| Required: %s or lower. |
| Required: %s or higher. |
| Required: between %s and %s. |
| Found: nothing. |
| Found: %s. |
| Version |
| This prerequisite is mandatory. It must be installed and can not be unchecked. |
| Name |
| Press the Finish button when you are done and ready to install %s. |
| Press the Next button to install the prerequisites. |
| Status |
| Pending |
| Installing... |
| Installed |
| Error: %s |
| Installing %s from: %s |
| Some prerequisites could not be installed. Press Back to return to the prerequisites list. |
| After launching all packages some required prerequisites are still missing. Press Back to return to the prerequisites list. |
| All prerequisites have been installed successfully. Press Finish to install the main application. |
| Welcome to the %s Prerequisites Wizard |
| Prerequisite |
| Some prerequisites could not be downloaded. You can try again or remove them from the prerequisites list. |
| Pending |
| Finished |
| Wrong size |
| %d.%d KB/s |
| Some required prerequisites are still missing. You can try again or remove them from the prerequisites list. |
| %d hr %d min at %s/sec |
| %d min %d sec at %s/sec |
| %d sec at %s/sec |
| Size |
| Paused |
| Progress: %d%% (%s of %s) |
| Downloading: %s %d%% (%s of %s) |
| Download Finished |
| Paused |
| Opening site of %s |
| Downloading %s |
| Extracting files from archive... |
| Extracting file to %s |
| The %s file can't be unpacked. Error message: %s |
| The Java Runtime Environment version 1.5 or later must be installed in order to unpack JAR files. |
| Another instance of setup is already running. |
| Found an acceptable version. |
| Error: %s |
| You must reboot your computer in order to continue the installation. Press Yes to restart now or press No to abort the installation and manually restart later. |
| Confirmation |
| Unpacking file:%s |
| There is not enough space in folder:%s |
| Please free some space and press Retry or press Cancel to abort the installation. |
| Preparing... |
| %s Languages |
| Searching for prerequisites... |
| Install Location |
| Product Name |
| Question |
| An upgrade of the selected instance will be performed. Do you want to continue? |
| Upgrade all installed instances. |
| This package allows you to install multiple instances of %s. Please select the option you want and press OK to continue: |
| Evaluating launch conditions... |
| %s cannot be installed on systems without %s |
| Connect to %s |
| The server %s at %s requires a username and password. Please enter them below. |
| Cannot access URL: %s |
| Failed |
| There is a newer version of %s (%s). |
| Would you like to download and install it? |
| Checking for a newer version... |
| Failed to download newer version (Error: %s). Would you like to retry or proceed and install current version? |
| Failed to read from file "%s". Error: %s |
| Failed to write in file "%s". Error: %s |
| Instance |
| Default |
| Version |
| Setup package was encrypted using AES 256 algorithm. To continue the setup process, you should provide the password needed to decrypt the package. |
| A reboot was initiated. Application will close automatically. |
| Deleting extracted files... |
| Unmatching digital signature between EXE bootstraper and MSI database |
| Back |
| Next |
| Finish |
| Cancel |
| Downloaded file does not have expected size |
| %s mandatory prerequisite was not correctly installed. |
| Searching for installed AppX package... |
| Installing AppX package... |
| Removing AppX package... |
| Invalid command line |
| Unable to init windows application |
| Internal error |
| This installation package is not supported by this processor type. Contact your product vendor. |
| Advanced Installer |
| Unexpected exception. |
| The application ran into a problem that it couldn't handle. |
| Sorry for the inconvenience. |
| Exception (at %2!ls!:%3!ld!) - %1!ls! |
| STD Exception (at %2!ls!:%3!ld!) - %1!hs! |
| A COM API returned error: [0x%1!lX!]. |
| %1!ls! %3!ls!:%4!ld! %2!ls! |
| Could not allocate memory. |
| Parse error in file: "%1!ls!" at line: [%2!ld!] column: [%3!ld!] (code: %4!ls!). |
| Unsupported file encoding. |
| File "%1!ls!" could not be read. |
| File not found: "%1!ls!". |
| Error opening file: "%1!ls!". |
| File "%1!ls!" could not be written. |
| Unsupported command file format. The supported file formats are: ANSI, Unicode Big Endian and Unicode Little Endian. The first line of the file must begin with "%1!ls!". |
| Value is missing for the parameter %s. |
| Invalid "%s" parameter value: "%s". |
| Unknown parameter: |
| Maybe you should use instead: |
| A required argument is missing: %s. |
| One of the following parameters is required: |
| Null pointer exception. |
| Error parsing XML file: "%1!ls!". |
| Invalid XPath expression: "%1!ls!". |
| Command "%s" is unknown. Maybe you should use instead "%s" |
| Invalid XSL transform. |
| Invalid input filtered. |
| Your input has been filtered because it contained invalid characters for this field. |
| Your input has been filtered. |
| The port number needs to be in 0-65564 range. |
| Error calling MSI API: %1!ld! Method: %2!ls! Table: %3!ls!. |
| Error calling MSI API: %1!ld! Method: %2!ls! Table: %3!ls!. Extended Error: %4!ls!. |
| Provide a valid Offline Registry handle. |
| Invalid hexadecimal string "%s" in registry value "%s". |
| The version is invalid! |
| Underscore can be used after every digit, except for the last one. |
| Invalid version format, expected: major, major.minor, major.minor.build or major.minor.build.revision. |
| Invalid version format, expected: major or major.minor. |
| Invalid dot sequence. |
| The version is not allowed to start with the dot character. |
| The version is not allowed to end with the dot character. |
| Each part of the version number must be an integer between 0 and |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.13.4.0 |
| ProductVersion | 1.13.4.0 |
| FileFlags |
VS_FF_DEBUG
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_DLL
|
| Language | English - United States |
| CompanyName | Proton Technologies AG |
| FileDescription | ProtonVPN Installer |
| FileVersion (#2) | 1.13.4 |
| InternalName | ProtonVPN_win_v1.13.4-139b12d9 |
| LegalCopyright | Copyright (C) 2020 Proton Technologies AG |
| OriginalFileName | ProtonVPN_win_v1.13.4-139b12d9.exe |
| ProductName | ProtonVPN |
| ProductVersion (#2) | 1.13.4 |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2019-Dec-17 09:36:36 |
| Version | 0.0 |
| SizeofData | 75 |
| AddressOfRawData | 0x197584 |
| PointerToRawData | 0x196384 |
| Referenced File | C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2019-Dec-17 09:36:36 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x1975d0 |
| PointerToRawData | 0x1963d0 |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2019-Dec-17 09:36:36 |
| Version | 0.0 |
| SizeofData | 1072 |
| AddressOfRawData | 0x1975e4 |
| PointerToRawData | 0x1963e4 |
IMAGE_DEBUG_TYPE_ILTCG
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2019-Dec-17 09:36:36 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
TLS Callbacks
| StartAddressOfRawData | 0x597a24 |
|---|---|
| EndAddressOfRawData | 0x597a2c |
| AddressOfIndex | 0x5d26b0 |
| AddressOfCallbacks | 0x56e3a8 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0xa4 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x5cd010 |
| SEHandlerTable | 0x595870 |
| SEHandlerCount | 1861 |
RICH Header
| XOR Key | 0x2d35e784 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (26213) | 14 |
| C++ objects (26213) | 179 |
| C objects (VS2019 Update 2 (16.2) compiler 27905) | 19 |
| ASM objects (VS2019 Update 2 (16.2) compiler 27905) | 23 |
| C++ objects (VS2019 Update 2 (16.2) compiler 27905) | 99 |
| C objects (26213) | 26 |
| Imports (26213) | 3 |
| 263 (26213) | 2 |
| Total imports | 667 |
| 265 (VS2019 Update 3 (16.3) compiler 28107) | 289 |
| Resource objects (VS2019 Update 3 (16.3) compiler 28107) | 1 |
| 151 | 1 |
| Linker (VS2019 Update 3 (16.3) compiler 28107) | 1 |
Errors
Leave a comment
No comments yet.