Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2012-Feb-24 19:19:59 |
Detected languages |
English - United States
|
CompanyName | DeskToolsSoft |
FileDescription | DriverFinder Installer |
FileVersion | 3.8.0 |
LegalCopyright | Copyright DeskToolsSoft |
OriginalFilename | DriverFinderSetup.exe |
ProductName | DriverFinder |
ProductVersion | 3.8.0.0 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: DeskToolsSoft B.V.
Issuer: Symantec Class 3 Extended Validation Code Signing CA - G2 |
Malicious | VirusTotal score: 8/68 (Scanned on 2020-09-15 09:06:53) |
Cylance:
Unsafe
DrWeb: Program.Unwanted.4490 GData: Win32.Application.DeskTools.A Microsoft: PUA:Win32/Presenoker Malwarebytes: PUP.Optional.DriverFinder ESET-NOD32: a variant of Win32/DriverFinder.A potentially unwanted Yandex: Trojan.Igent.bT3tKb.1 eGambit: Unsafe.AI_Score_99% |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2012-Feb-24 19:19:59 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x7000 |
SizeOfInitializedData | 0x6ce00 |
SizeOfUninitializedData | 0x4200 |
AddressOfEntryPoint | 0x000039E3 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 6.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1ce000 |
SizeOfHeaders | 0x400 |
Checksum | 0x44353 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
SetFileTime
CompareFileTime SearchPathW GetShortPathNameW GetFullPathNameW MoveFileW SetCurrentDirectoryW GetFileAttributesW GetLastError CreateDirectoryW SetFileAttributesW Sleep GetTickCount CreateFileW GetFileSize GetModuleFileNameW GetCurrentProcess CopyFileW ExitProcess GetWindowsDirectoryW GetTempPathW GetCommandLineW SetErrorMode CloseHandle lstrlenW lstrcpynW GetDiskFreeSpaceW GlobalUnlock GlobalLock CreateThread LoadLibraryW CreateProcessW lstrcmpiA GetTempFileNameW lstrcatW GetProcAddress LoadLibraryA GetModuleHandleA OpenProcess lstrcpyW GetVersionExW GetSystemDirectoryW GetVersion lstrcpyA RemoveDirectoryW lstrcmpA lstrcmpiW lstrcmpW ExpandEnvironmentStringsW GlobalAlloc WaitForSingleObject GetExitCodeProcess GlobalFree GetModuleHandleW LoadLibraryExW FreeLibrary WritePrivateProfileStringW GetPrivateProfileStringW WideCharToMultiByte lstrlenA MulDiv WriteFile ReadFile MultiByteToWideChar SetFilePointer FindClose FindNextFileW FindFirstFileW DeleteFileW lstrcpynA |
---|---|
USER32.dll |
GetAsyncKeyState
IsDlgButtonChecked ScreenToClient GetMessagePos CallWindowProcW IsWindowVisible LoadBitmapW CloseClipboard SetClipboardData EmptyClipboard OpenClipboard TrackPopupMenu GetWindowRect AppendMenuW CreatePopupMenu GetSystemMetrics EndDialog EnableMenuItem GetSystemMenu SetClassLongW IsWindowEnabled SetWindowPos DialogBoxParamW CheckDlgButton CreateWindowExW SystemParametersInfoW RegisterClassW SetDlgItemTextW GetDlgItemTextW MessageBoxIndirectW CharNextA CharUpperW CharPrevW wvsprintfW DispatchMessageW PeekMessageW wsprintfA DestroyWindow CreateDialogParamW SetTimer SetWindowTextW PostQuitMessage SetForegroundWindow ShowWindow wsprintfW SendMessageTimeoutW LoadCursorW SetCursor GetWindowLongW GetSysColor CharNextW GetClassInfoW ExitWindowsEx IsWindow GetDlgItem SetWindowLongW LoadImageW GetDC EnableWindow InvalidateRect SendMessageW DefWindowProcW BeginPaint GetClientRect FillRect DrawTextW EndPaint FindWindowExW |
GDI32.dll |
SetBkColor
GetDeviceCaps DeleteObject CreateBrushIndirect CreateFontIndirectW SetBkMode SetTextColor SelectObject |
SHELL32.dll |
SHBrowseForFolderW
SHGetPathFromIDListW SHGetFileInfoW ShellExecuteW SHFileOperationW SHGetSpecialFolderLocation |
ADVAPI32.dll |
RegEnumKeyW
RegOpenKeyExW RegCloseKey RegDeleteKeyW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegQueryValueExW RegEnumValueW |
COMCTL32.dll |
ImageList_AddMasked
ImageList_Destroy #17 ImageList_Create |
ole32.dll |
CoTaskMemFree
OleInitialize OleUninitialize CoCreateInstance |
VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoW VerQueryValueW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0 |
FileVersion | 3.8.0.0 |
ProductVersion | 3.8.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | DeskToolsSoft |
FileDescription | DriverFinder Installer |
FileVersion (#2) | 3.8.0 |
LegalCopyright | Copyright DeskToolsSoft |
OriginalFilename | DriverFinderSetup.exe |
ProductName | DriverFinder |
ProductVersion (#2) | 3.8.0.0 |
Resource LangID | UNKNOWN |
---|
XOR Key | 0x38bf1a05 |
---|---|
Unmarked objects | 0 |
C objects (VS2008 SP1 build 30729) | 3 |
Imports (VS2008 SP1 build 30729) | 17 |
Total imports | 172 |
C objects (VS2010 SP1 build 40219) | 12 |
Resource objects (VS2010 SP1 build 40219) | 1 |
Linker (VS2010 SP1 build 40219) | 1 |