Manalyze report for f2a5161aad850bb528a99195ad45cc19

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Feb-24 19:19:59
Detected languages	English - United States
CompanyName	DeskToolsSoft
FileDescription	DriverFinder Installer
FileVersion	`3.8.0`
LegalCopyright	Copyright DeskToolsSoft
OriginalFilename	DriverFinderSetup.exe
ProductName	DriverFinder
ProductVersion	`3.8.0.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA LoadLibraryExW` `Can access the registry: RegEnumKeyW RegOpenKeyExW RegCloseKey RegDeleteKeyW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegQueryValueExW RegEnumValueW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW` `Manipulates other processes: OpenProcess` `Can shut the system down or lock the screen: ExitWindowsEx`
Info	The PE is digitally signed.	`Signer: DeskToolsSoft B.V.` `Issuer: Symantec Class 3 Extended Validation Code Signing CA - G2`
Malicious	VirusTotal score: 8/68 (Scanned on 2020-09-15 09:06:53)	`Cylance: Unsafe` `DrWeb: Program.Unwanted.4490` `GData: Win32.Application.DeskTools.A` `Microsoft: PUA:Win32/Presenoker` `Malwarebytes: PUP.Optional.DriverFinder` `ESET-NOD32: a variant of Win32/DriverFinder.A potentially unwanted` `Yandex: Trojan.Igent.bT3tKb.1` `eGambit: Unsafe.AI_Score_99%`

Hashes

MD5	`f2a5161aad850bb528a99195ad45cc19`
SHA1	`3530b0ccfa04cf67f820a47ff032e0eff74bc178`
SHA256	`d96080cbe7e3423f3e635a7a5d98407151ca7809f3d2338b9e15a80e666884f9`
SHA3	`7b3b014df56ca41431bedf7385c9827bb8f37b318c67a774d8988bd15660b8fa`
SSDeep	`6144:REUXJ8urxpu4/ElSPu0yI7B8vjoYY4DQtDxl:REq8urxpuCnkhYL`
Imports Hash	`9676d3254c05a4258dfb3154ab9a7a37`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2012-Feb-24 19:19:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x7000`
SizeOfInitializedData	`0x6ce00`
SizeOfUninitializedData	`0x4200`
AddressOfEntryPoint	`0x000039E3 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`6.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x1ce000`
SizeOfHeaders	`0x400`
Checksum	`0x44353`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f569e353af0ed51bf4c216faa9bed4e7`
SHA1	`6a44a12f5af7cce9abbd9cd636f52401b2120209`
SHA256	`43b1b548befd5d2a4638048c6f234cbb66fa07c1fd709bbc3e73bb4d642da595`
SHA3	`2a5b3f035f6962e7f8bbe2adb74570e17e1925c226adfc81c2a4375bea2310a9`
VirtualSize	`0x6f10`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49788`

.rdata

MD5	`91eee43954e068e650f7b73a8b0e6915`
SHA1	`b547eb6e6cac33ee3733ac68385899629a5e5f17`
SHA256	`e0f96857d54993cd0a9a734ab76698d270a5311129cc442a3344bb196b9afe4a`
SHA3	`0e15cfd9c8ce1462c26fb202da97515881abdf0e9729f0cadfda0e8fbe60c89b`
VirtualSize	`0x2a92`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39389`

.data

MD5	`db9f7acbf1c3ddfe255077b699955dfa`
SHA1	`53188fc5923c982a5f95f3d84c9e65d33d887d59`
SHA256	`6db33451a2c8a909671725fe9d9e735e8c3bc704954f014503d33963aca37551`
SHA3	`defd360cc2dc6f7f28b1998314c9492a9f450dc1fad927840058dee2eb8cb32d`
VirtualSize	`0x67ebc`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.47278`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x155000`
VirtualAddress	`0x73000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`dc7ee6cb84dbce3e7d5290f2ba2e7cef`
SHA1	`7db44de0e07c1aaa9237a9cd2db74cf056934df9`
SHA256	`68e55b866e5b2fb65d3d514448f45cb5a0dbc74b445aa7f670501470daef21cc`
SHA3	`a726ba114c96b089b3718e47e5f43ddaeaacb798675e90740650dec2d84750a8`
VirtualSize	`0x45d8`
VirtualAddress	`0x1c8000`
SizeOfRawData	`0x4600`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.90256`

.reloc

MD5	`d92e28ce6ac5e1d48f75de1c57470ae9`
SHA1	`5498dc3f3532c2363d4810bfaa57832a40fb52d4`
SHA256	`a9791af65ce3d721af0f521aa5940a2416eae7db8836de730f20a5d3c908c146`
SHA3	`eb69a84fcce3d68919d154c06592691fea5f29eb50293d7279414d5b2465dc7a`
VirtualSize	`0xf8a`
VirtualAddress	`0x1cd000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.92528`

Imports

KERNEL32.dll	`SetFileTime` `CompareFileTime` `SearchPathW` `GetShortPathNameW` `GetFullPathNameW` `MoveFileW` `SetCurrentDirectoryW` `GetFileAttributesW` `GetLastError` `CreateDirectoryW` `SetFileAttributesW` `Sleep` `GetTickCount` `CreateFileW` `GetFileSize` `GetModuleFileNameW` `GetCurrentProcess` `CopyFileW` `ExitProcess` `GetWindowsDirectoryW` `GetTempPathW` `GetCommandLineW` `SetErrorMode` `CloseHandle` `lstrlenW` `lstrcpynW` `GetDiskFreeSpaceW` `GlobalUnlock` `GlobalLock` `CreateThread` `LoadLibraryW` `CreateProcessW` `lstrcmpiA` `GetTempFileNameW` `lstrcatW` `GetProcAddress` `LoadLibraryA` `GetModuleHandleA` `OpenProcess` `lstrcpyW` `GetVersionExW` `GetSystemDirectoryW` `GetVersion` `lstrcpyA` `RemoveDirectoryW` `lstrcmpA` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalAlloc` `WaitForSingleObject` `GetExitCodeProcess` `GlobalFree` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `WideCharToMultiByte` `lstrlenA` `MulDiv` `WriteFile` `ReadFile` `MultiByteToWideChar` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW` `lstrcpynA`
USER32.dll	`GetAsyncKeyState` `IsDlgButtonChecked` `ScreenToClient` `GetMessagePos` `CallWindowProcW` `IsWindowVisible` `LoadBitmapW` `CloseClipboard` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `TrackPopupMenu` `GetWindowRect` `AppendMenuW` `CreatePopupMenu` `GetSystemMetrics` `EndDialog` `EnableMenuItem` `GetSystemMenu` `SetClassLongW` `IsWindowEnabled` `SetWindowPos` `DialogBoxParamW` `CheckDlgButton` `CreateWindowExW` `SystemParametersInfoW` `RegisterClassW` `SetDlgItemTextW` `GetDlgItemTextW` `MessageBoxIndirectW` `CharNextA` `CharUpperW` `CharPrevW` `wvsprintfW` `DispatchMessageW` `PeekMessageW` `wsprintfA` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `LoadCursorW` `SetCursor` `GetWindowLongW` `GetSysColor` `CharNextW` `GetClassInfoW` `ExitWindowsEx` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `GetClientRect` `FillRect` `DrawTextW` `EndPaint` `FindWindowExW`
GDI32.dll	`SetBkColor` `GetDeviceCaps` `DeleteObject` `CreateBrushIndirect` `CreateFontIndirectW` `SetBkMode` `SetTextColor` `SelectObject`
SHELL32.dll	`SHBrowseForFolderW` `SHGetPathFromIDListW` `SHGetFileInfoW` `ShellExecuteW` `SHFileOperationW` `SHGetSpecialFolderLocation`
ADVAPI32.dll	`RegEnumKeyW` `RegOpenKeyExW` `RegCloseKey` `RegDeleteKeyW` `RegDeleteValueW` `RegCreateKeyExW` `RegSetValueExW` `RegQueryValueExW` `RegEnumValueW`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `#17` `ImageList_Create`
ole32.dll	`CoTaskMemFree` `OleInitialize` `OleUninitialize` `CoCreateInstance`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.26612`
MD5	`0ec0a0948a526b9c7eebe39bb02b6b0b`
SHA1	`867b304f20fd74abeb5c30515837f1c41cd3bf8f`
SHA256	`d442adb90ba296c7e617d2f58d6fa6f308bcd8ef65e5e9c66db4dd27f93fcfbe`
SHA3	`5bc458755a2ca5c7475620389d9b6b67952973c4366c6777d45c969b8bc67cd4`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9993`
MD5	`6b224e01af48ec8e4c17a59d9534e885`
SHA1	`de787d2a1e840618ba2c7eb69d28f6966c404d1d`
SHA256	`50279c9885b490e74b49ac0273940b6e0891b62fc9ffb5c52e35422a694f248b`
SHA3	`71b543301bccda64ba61a27873c952890233e0cbec10e0b59245fc303bcfadbc`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24459`
MD5	`ca82d899b1d402941b5c92ed9028cd95`
SHA1	`fb329ec4455d5caf1753305debcc14ab6ebb9015`
SHA256	`9da1013c864092e49c2676b3ba68a0d4513457d77d251730ed73cc5f4a4813b1`
SHA3	`768277223731ffdcb799e50961d0afccf23bbae54118d53b834617ccbd0c5cd9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01502`
MD5	`05e60fd47096a729dda2aaa4ab05ebc7`
SHA1	`de8ec9b484fa4f565b14f55503c9cd95231b633b`
SHA256	`61f762babde9942f43ee97154b8734efeed0632a6ea778dc395793ae3e3e7507`
SHA3	`f8ba0d4a91389414904cc66226099f27f482055e90ba449e2396193f139713d8`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.16057`
MD5	`d9ee3a2962251a241bce41b0524cfc0e`
SHA1	`2ba919aaa7237367a158e4b95385ab1ee07643d8`
SHA256	`69e6579a37fcaec037634e7fecbfc6a26093ea81dc4bd555d8a12187d2cd0866`
SHA3	`a1699668464f7edf9a748dfc264f9d30e3c69a228be0a18cade30c14aa6c77ba`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34146`
MD5	`53482d364aa2d4ae7ca05199dad7651a`
SHA1	`ccb213408acc7f5ddb94753e6410be23aab5cedd`
SHA256	`ff06189b43a5c1d6cc5d1b7cbf6ab56b1157ec52807945d652274a211462cba5`
SHA3	`60659e39ef3f267c267093f8bc4c87ed61eea4ef96ac0f583184f580844573e5`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04232`
MD5	`636ad42555a835e3a94209043df4a45a`
SHA1	`c878613bda5cba6cb5769846e60229890c5df248`
SHA256	`491e52ded039ec6684277e6f1f820e288763ae6d20e682bcfffb6cee4518ac23`
SHA3	`4b79e60727e0f7be7495c59fb949e22bd753cff6e145e4694257a21a7b5dba8c`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71813`
MD5	`a69caf66f3f899403f8b25b02dc61908`
SHA1	`3e5db9186cf0f75be24676462d88170e5950d9c8`
SHA256	`7854e8d67a11148566ad37c5d23e1534e0990fe31a160e0e7da3ca751830bb50`
SHA3	`1eea945e3712b317143e07560f54b0b9a13b1fd6c2b57cab9176181a9aaf4f79`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56193`
MD5	`db6dd0434da4d7cac564518725167e09`
SHA1	`a65a1367d7cd96450f089a8f8108239bbcea9f5b`
SHA256	`c50631fc1f8425a95fd1edcc8e730d339e193a38f18d42372c32847a5ad2c016`
SHA3	`4e3be5455c51e1cb04836e318cb69ecdffd2deadd0f338d4bc985d8f5ca653ff`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68372`
MD5	`583fb02149a19ffff54516cfd5edebd4`
SHA1	`9de29568e142e36811e4fc5130e60fdb78f3db06`
SHA256	`9dfacbe444e14cd17c5956afa713f043c2b1150d37868af1661b5bb848fee3f5`
SHA3	`6c2967d2415996675fe0ca406c7a3ab94fe6cfd18bf7b98cf11f20c314b3fc81`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92787`
MD5	`5dfa289639a3bcc0497da8db163f01fe`
SHA1	`6e2c6ea1e2594b66f563fb589276642c127e875f`
SHA256	`18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01`
SHA3	`85abdc8c431d91c72f3595a39881c96637ead09a0278d3cec0c1c9a8d873f031`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6691`
Detected Filetype	Icon file
MD5	`e624f041c921d299a6da3a8c5f48f989`
SHA1	`ffa07c86ac3dac45398ee07b26610dfb5c99d8ea`
SHA256	`fed46e06346fb8f64b14c18408a82caf955929ac0e65151630539dc5bd194584`
SHA3	`b51d47dbe9cbe18b1f520275504256022a827f919672b081943ae45cd4ff44c9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26347`
MD5	`eee3f20a801af46199ef85a6be193fa7`
SHA1	`84c2fa7dd2d0e5466a3f6ad0697ae2bcd4c27cf5`
SHA256	`d8001f2ed0ffe451357ad3b3a828c36b70311bd03b204c4cca0f7ac03822151c`
SHA3	`5c6973ebd8174a3a16b44e37a258acac2249ce7b16fb5b48e315601d8d652065`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21712`
MD5	`cc7c7b7ebb53d486eb6b188510bdc3dd`
SHA1	`14faf522b106935802f789e0aa6500c18a9c21e0`
SHA256	`df42dbc8fbe6b45f2bdd8bba3cf9bbb3b405ef29ac74ec150f9aa48b03c2e1fc`
SHA3	`257c84bca701e6ce422ffc7875bbd0dbcbac74979e72adfd8bcb769ec57c0f11`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	3.8.0.0
ProductVersion	3.8.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	DeskToolsSoft
FileDescription	DriverFinder Installer
FileVersion (#2)	3.8.0
LegalCopyright	Copyright DeskToolsSoft
OriginalFilename	DriverFinderSetup.exe
ProductName	DriverFinder
ProductVersion (#2)	3.8.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x38bf1a05`
Unmarked objects	`0`
C objects (VS2008 SP1 build 30729)	`3`
Imports (VS2008 SP1 build 30729)	`17`
Total imports	`172`
C objects (VS2010 SP1 build 40219)	`12`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Section .ndata has a size of 0!