Malware score

25/344 heuristic rules

98%


malware score

Status: Clean

0
Suspect Score

24.4
Legit Score

8
Crypted Score

13
Packed Score

Static Analysis Indicators Clean

Digital signature check valid

Field Value

Timestamp

2014/05/01 06:56:46

Cryptography Algorithm

SHA256

Signature version

V2

Subsignature number

6

Field Value

Thumbprint

67b1757863e3eff760ea9ebb02849af07d3a8080

Cryptography Algorithm

sha1RSA(RSA)

Signature version

V3

Issuer

Microsoft Code Signing PCA

Subject

Microsoft Corporation

Valid from

2014/04/22 17:39:00

Valid till

2015/07/22 17:39:00

Serial

33000000ca6cd5321235c4e1550001000000ca

Field Value

Thumbprint

3caf9ba2db5570caf76942ff99101b993888e257

Cryptography Algorithm

sha1RSA(RSA)

Signature version

V3

Issuer

Microsoft Root Certificate Authority

Subject

Microsoft Code Signing PCA

Valid from

2010/08/31 22:19:32

Valid till

2020/08/31 22:29:32

Serial

6133261a000000000031

Field Value

Thumbprint

cdd4eeae6000ac7f40c3802c171e30148030c072

Cryptography Algorithm

sha1RSA(RSA)

Signature version

V3

Issuer

Microsoft Root Certificate Authority

Subject

Microsoft Root Certificate Authority

Valid from

2001/05/09 23:19:22

Valid till

2021/05/09 23:28:13

Serial

79ad16a14aa0a5ad4c7358f407132e65

Field Value

Thumbprint

6474839af67ab79c91007ff62fe08e2acf016b83

Cryptography Algorithm

sha256RSA(RSA)

Signature version

V3

Issuer

Microsoft Code Signing PCA 2011

Subject

Microsoft Corporation

Valid from

2013/09/24 17:41:41

Valid till

2014/12/24 17:41:41

Serial

330000001a77bb74b307d116b800000000001a

PE Markers anomalies check

Fields Values

Rich signature

found

Digital signature

found

Overlay

found

Subsystem

GUI

Compiler

Is .NET Image

Image is Native

Important PE Header Values suspect

Headers Hashes (MD5/SHA256/SSDEEP) Size

IMAGE_DOS_HEADERS

0x40

IMAGE_NT_HEADER

0x108

IMAGE_OPTIONAL_HEADERS

0xe0
ImageFileHeader Field Additional info Value Common

ImageFileHeader.Machine

0x14c

True

ImageFileHeader.TimeDataStamp

0x535fef1c

True

ImageFileHeader.Characteristics

0x102

True

ImageFileHeader.SizeOfOptionalHeader

0xe0

True

ImageOptionalHeader Field Additional info Value Common

ImageOptionalHeader.EntryPoint

0x27e1e

False

ImageOptionalHeader.ImageBase

0x400000

True

ImageOptionalHeader.Checksum

0x6dc784

False

ImageOptionalHeader.LinkerVersion

10.0

True

Resources anomalies check valid

Risk Structure

0%

VersionInfo found

0%

Manifest found

0%

Message Table found

0%

Strings Table not found

0%

RCDATA not found

0%

Icon found

0%

Icon Group not found

0%

Cursor not found

0%

Accelerator not found

Frequency anomalies check suspect

Risk Anomalies Information

0%

File Entropy

7.9890686346586

0%

File Entropy (without zeros)

7.927402

0%

Zero Value Frequency

0.011336038803988

0%

0xFF Bytes Frequency

0.6615504

0%

Chi-Square Distribution

5.9259840273816

0%

Monte Carlo Pi Value

3.1211523770445

0%

Monte Carlo Pi Error Rate

0.65063421006873

0%

Packed percent

0

Entropy status:  Strong Packed  | Zero Value Frequency:  Packed or Crypted

PE Version Info anomalies check valid

Fields Values

Original Filename

vcredist_x64.exeiption

Company name

Product name

File description

Internal name

setup

Legal copyrights

12.0.30501.0 

Language

English (United States), codepage: 1033

SSDEEP

24:UDZ9JlFqOZW0gHZMAK4NDZlnhRI35WZMAK7PNqP:eRVZWjHZBKG9dhRW5WZBKxK

MD5

39E4E7A694203720079C6FE941DBFD3D

SHA256

F740130B5B8C13DBFC9A96C4908710EF89941B588B61B903324FDDAA5C4E15C7

Debug build:  False  | File version: 12.0.30501.0  | Product version:  | Raw size: 1012

Manifest check valid

Fields Values

SSDEEP

24:OVEglNfbN/biNK+bIgYy5xvW0WiEguO4XD3NcZbL7:OagXDAK+bIgYy/5yO4zsL7

MD5

F75C50983F50EC05C07146665A273BCC

SHA256

CA399C884E1A49E9681EAAAB6001B71FF7C0BD993038514CBE52C6758DD87A9F

                                        <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="setup.exe" version="1.0.0.0" processorArchitecture="x86" type="win32"></assemblyIdentity><description>WiX Toolset Bootstrapper</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS></application></compatibility></assembly>
                    	            

Raw size: 1032 bytes

PE Main Icon check valid

Fields Values

SSDEEP

48:cOta08t7E/gbN1pv6u6m0wddAaC0pQeb1i9I2:cOtJyg4Dsm0w3sLV9

MD5

6D7EF6CDB365B368B26410395CBA0A87

SHA256

91CF20DB246B2CBADB4B628F0DDE138C5670BE68479987B84B86F2D2023D7FAE

Icon ID

0

Icon name

1

Language

Not recognized (sublanguage: Not recognized), codepage: Not recognized

Raw size: 2238 bytes | Total icons: 1

PE Sections Info valid

Name VA RVA Characteristics Virtual Size Aligned Raw Size Size Of Raw Data Pointer To Raw Data

.text

0x1000

0x401000

0x60000020 (Executable, Readable)

0x38b74

0x38c00

0x38c00

0x400

.rdata

0x3a000

0x43a000

0x40000040 (Readable)

0x19aae

0x19c00

0x19c00

0x39000

.data

0x54000

0x454000

0xc0000040 (Initialized Data, Readable, Writable)

0x3020

0x1000

0x1000

0x52c00

.wixburn

0x58000

0x458000

0x40000040 (Readable)

0x38

0x200

0x200

0x53c00

.tls

0x59000

0x459000

0xc0000040 (Initialized Data, Readable, Writable)

0x9

0x200

0x200

0x53e00

.rsrc

0x5a000

0x45a000

0x40000040 (Readable)

0x37e4

0x3800

0x3800

0x54000

.reloc

0x5e000

0x45e000

0x42000040 (Initialized Data, Readable)

0x42fa

0x4400

0x4400

0x57800

Total Number Of Sections (NumberOfSections): 7

PE Sections Statistics valid

Name Entropy Zero freq Ratio Hashes

.text

6.5054875247538

0.11482568144273

3.2314568803585%

.rdata

4.9645666906743

0.17264297633495

1.4662557650966%

.data

2.6738024469144

0.717041

0.056941971460061%

.wixburn

0.72196846380691

0.92773438

0.0071177464325076%

.tls

0

1

0.0071177464325076%

.rsrc

5.4370751930714

0.14857700892857

0.19929690011021%

.reloc

5.6966238485852

0.29159007352941

0.24200337870526%

Total Number Of Sections (NumberOfSections): 7

PE imported functions suspect

| Function name: AdjustTokenPrivileges | RVA: 4532000 | HINT: 31 |
| Function name: LookupPrivilegeValueW | RVA: 4532024 | HINT: 407 |
| Function name: OpenProcessToken | RVA: 4532048 | HINT: 503 |
| Function name: ConvertStringSecurityDescriptorToSecurityDescriptorW | RVA: 4532068 | HINT: 114 |
| Function name: RegCloseKey | RVA: 4532124 | HINT: 560 |
| Function name: RegDeleteValueW | RVA: 4532138 | HINT: 584 |
| Function name: RegQueryValueExW | RVA: 4532156 | HINT: 622 |
| Function name: GetUserNameW | RVA: 4532176 | HINT: 357 |
| Function name: InitiateSystemShutdownExW | RVA: 4532192 | HINT: 381 |
| Function name: CreateWellKnownSid | RVA: 4532220 | HINT: 131 |
| Function name: InitializeAcl | RVA: 4532242 | HINT: 374 |
| Function name: SetEntriesInAclW | RVA: 4532258 | HINT: 678 |
| Function name: DecryptFileW | RVA: 4532278 | HINT: 216 |
| Function name: ChangeServiceConfigW | RVA: 4532294 | HINT: 80 |
| Function name: ControlService | RVA: 4532318 | HINT: 92 |
| Function name: CloseServiceHandle | RVA: 4532336 | HINT: 87 |
| Function name: QueryServiceStatus | RVA: 4532358 | HINT: 552 |
| Function name: OpenServiceW | RVA: 4532380 | HINT: 507 |
| Function name: OpenSCManagerW | RVA: 4532396 | HINT: 505 |
| Function name: CryptAcquireContextW | RVA: 4535704 | HINT: 177 |
| Function name: CryptCreateHash | RVA: 4535686 | HINT: 179 |
| Function name: CryptHashData | RVA: 4535670 | HINT: 200 |
| Function name: CryptGetHashParam | RVA: 4535650 | HINT: 196 |
| Function name: CryptDestroyHash | RVA: 4535630 | HINT: 182 |
| Function name: CryptReleaseContext | RVA: 4535608 | HINT: 203 |
| Function name: RegDeleteKeyW | RVA: 4535592 | HINT: 580 |
| Function name: RegCreateKeyExW | RVA: 4535574 | HINT: 569 |
| Function name: RegEnumKeyExW | RVA: 4535558 | HINT: 591 |
| Function name: RegEnumValueW | RVA: 4535542 | HINT: 594 |
| Function name: RegQueryInfoKeyW | RVA: 4535522 | HINT: 616 |
| Function name: RegSetValueExW | RVA: 4535504 | HINT: 638 |
| Function name: SetEntriesInAclA | RVA: 4535484 | HINT: 677 |
| Function name: SetSecurityDescriptorGroup | RVA: 4535454 | HINT: 695 |
| Function name: RegOpenKeyExW | RVA: 4535438 | HINT: 609 |
| Function name: GetTokenInformation | RVA: 4535416 | HINT: 346 |
| Function name: CheckTokenMembership | RVA: 4535392 | HINT: 81 |
| Function name: AllocateAndInitializeSid | RVA: 4535364 | HINT: 32 |
| Function name: FreeSid | RVA: 4535354 | HINT: 288 |
| Function name: LookupAccountNameW | RVA: 4535332 | HINT: 399 |
| Function name: SetNamedSecurityInfoW | RVA: 4535308 | HINT: 689 |
| Function name: InitializeSecurityDescriptor | RVA: 4535276 | HINT: 375 |
| Function name: SetSecurityDescriptorDacl | RVA: 4535248 | HINT: 694 |
| Function name: SetSecurityDescriptorOwner | RVA: 4535218 | HINT: 696 |
| Function name: QueryServiceConfigW | RVA: 4535728 | HINT: 548 |
| Function name: GetMessageW | RVA: 4532428 | HINT: 349 |
| Function name: PeekMessageW | RVA: 4532442 | HINT: 563 |
| Function name: PostMessageW | RVA: 4532458 | HINT: 566 |
| Function name: PostThreadMessageW | RVA: 4532674 | HINT: 569 |
| Function name: PostQuitMessage | RVA: 4532486 | HINT: 567 |
| Function name: SetWindowLongW | RVA: 4532522 | HINT: 708 |
| Function name: DefWindowProcW | RVA: 4532540 | HINT: 156 |
| Function name: UnregisterClassW | RVA: 4532558 | HINT: 774 |
| Function name: DispatchMessageW | RVA: 4532578 | HINT: 175 |
| Function name: TranslateMessage | RVA: 4532598 | HINT: 764 |
| Function name: GetMonitorInfoW | RVA: 4532710 | HINT: 351 |
| Function name: IsDialogMessageW | RVA: 4532618 | HINT: 461 |
| Function name: MessageBoxW | RVA: 4532696 | HINT: 533 |
| Function name: GetWindowLongW | RVA: 4532504 | HINT: 406 |
| Function name: RegisterClassW | RVA: 4532656 | HINT: 590 |
| Function name: IsWindow | RVA: 4532474 | HINT: 475 |
| Function name: MsgWaitForMultipleObjects | RVA: 4532812 | HINT: 540 |
| Function name: WaitForInputIdle | RVA: 4532792 | HINT: 806 |
| Function name: LoadCursorW | RVA: 4532778 | HINT: 491 |
| Function name: LoadBitmapW | RVA: 4532764 | HINT: 487 |
| Function name: GetCursorPos | RVA: 4532748 | HINT: 288 |
| Function name: MonitorFromPoint | RVA: 4532728 | HINT: 536 |
| Function name: CreateWindowExW | RVA: 4532638 | HINT: 110 |
| Function name: #6 | RVA: --- | HINT: --- |
| Function name: #2 | RVA: --- | HINT: --- |
| Function name: #8 | RVA: --- | HINT: --- |
| Function name: #9 | RVA: --- | HINT: --- |
| Function name: DeleteObject | RVA: 4532944 | HINT: 230 |
| Function name: GetObjectW | RVA: 4532930 | HINT: 509 |
| Function name: CreateCompatibleDC | RVA: 4532908 | HINT: 48 |
| Function name: SelectObject | RVA: 4532892 | HINT: 631 |
| Function name: DeleteDC | RVA: 4532866 | HINT: 227 |
| Function name: StretchBlt | RVA: 4532878 | HINT: 691 |
| Function name: ShellExecuteExW | RVA: 4535770 | HINT: 289 |
| Function name: SHGetFolderPathW | RVA: 4535750 | HINT: 195 |
| Function name: CommandLineToArgvW | RVA: 4532970 | HINT: 6 |
| Function name: CoTaskMemFree | RVA: 4533094 | HINT: 104 |
| Function name: CoInitializeSecurity | RVA: 4535788 | HINT: 64 |
| Function name: CLSIDFromProgID | RVA: 4535812 | HINT: 6 |
| Function name: CoCreateInstance | RVA: 4533074 | HINT: 16 |
| Function name: CoInitialize | RVA: 4533058 | HINT: 62 |
| Function name: StringFromGUID2 | RVA: 4533040 | HINT: 377 |
| Function name: CoInitializeEx | RVA: 4533022 | HINT: 63 |
| Function name: CoUninitialize | RVA: 4533004 | HINT: 108 |
| Function name: ReadFile | RVA: 4533376 | HINT: 960 |
| Function name: SetFilePointerEx | RVA: 4533388 | HINT: 1127 |
| Function name: CreateFileW | RVA: 4533408 | HINT: 143 |
| Function name: GetCurrentProcessId | RVA: 4533422 | HINT: 449 |
| Function name: GetProcessId | RVA: 4533444 | HINT: 588 |
| Function name: WriteFile | RVA: 4533460 | HINT: 1317 |
| Function name: ConnectNamedPipe | RVA: 4533472 | HINT: 101 |
| Function name: SetNamedPipeHandleState | RVA: 4533492 | HINT: 1148 |
| Function name: lstrlenW | RVA: 4533518 | HINT: 1358 |
| Function name: CompareStringW | RVA: 4533530 | HINT: 100 |
| Function name: LocalFree | RVA: 4533548 | HINT: 840 |
| Function name: CreateNamedPipeW | RVA: 4533560 | HINT: 160 |
| Function name: WaitForSingleObject | RVA: 4533580 | HINT: 1273 |
| Function name: OpenProcess | RVA: 4533602 | HINT: 896 |
| Function name: lstrlenA | RVA: 4533616 | HINT: 1357 |
| Function name: RemoveDirectoryW | RVA: 4533628 | HINT: 1027 |
| Function name: GetFileAttributesW | RVA: 4533648 | HINT: 490 |
| Function name: ExpandEnvironmentStringsW | RVA: 4533670 | HINT: 285 |
| Function name: LeaveCriticalSection | RVA: 4533698 | HINT: 825 |
| Function name: EnterCriticalSection | RVA: 4533722 | HINT: 238 |
| Function name: FreeLibrary | RVA: 4533746 | HINT: 354 |
| Function name: GetProcAddress | RVA: 4533760 | HINT: 581 |
| Function name: VerifyVersionInfoW | RVA: 4533778 | HINT: 1256 |
| Function name: VerSetConditionMask | RVA: 4533800 | HINT: 1252 |
| Function name: GetComputerNameW | RVA: 4533822 | HINT: 399 |
| Function name: GetTempPathW | RVA: 4533842 | HINT: 645 |
| Function name: GetSystemDirectoryW | RVA: 4533858 | HINT: 624 |
| Function name: GetSystemWow64DirectoryW | RVA: 4533880 | HINT: 638 |
| Function name: GetVolumePathNameW | RVA: 4533908 | HINT: 683 |
| Function name: GetWindowsDirectoryW | RVA: 4533930 | HINT: 687 |
| Function name: GetSystemDefaultLangID | RVA: 4533954 | HINT: 620 |
| Function name: RtlUnwind | RVA: 4536444 | HINT: 1048 |
| Function name: GetDateFormatW | RVA: 4534004 | HINT: 456 |
| Function name: GetSystemTime | RVA: 4534022 | HINT: 631 |
| Function name: InterlockedExchange | RVA: 4534038 | HINT: 748 |
| Function name: LoadLibraryW | RVA: 4534060 | HINT: 831 |
| Function name: InterlockedCompareExchange | RVA: 4534076 | HINT: 745 |
| Function name: GetExitCodeThread | RVA: 4534106 | HINT: 480 |
| Function name: CreateThread | RVA: 4534126 | HINT: 181 |
| Function name: SetEvent | RVA: 4534142 | HINT: 1113 |
| Function name: WaitForMultipleObjects | RVA: 4534154 | HINT: 1271 |
| Function name: CreateEventW | RVA: 4534180 | HINT: 133 |
| Function name: ProcessIdToSessionId | RVA: 4534196 | HINT: 921 |
| Function name: InterlockedIncrement | RVA: 4534220 | HINT: 751 |
| Function name: InterlockedDecrement | RVA: 4534244 | HINT: 747 |
| Function name: GetStringTypeW | RVA: 4534268 | HINT: 617 |
| Function name: GetModuleHandleW | RVA: 4533356 | HINT: 536 |
| Function name: FindClose | RVA: 4534308 | HINT: 302 |
| Function name: FindNextFileW | RVA: 4534320 | HINT: 325 |
| Function name: FindFirstFileW | RVA: 4534336 | HINT: 313 |
| Function name: CreateProcessW | RVA: 4534354 | HINT: 168 |
| Function name: SetCurrentDirectoryW | RVA: 4534372 | HINT: 1101 |
| Function name: GetCurrentDirectoryW | RVA: 4534396 | HINT: 447 |
| Function name: GetExitCodeProcess | RVA: 4534420 | HINT: 479 |
| Function name: DuplicateHandle | RVA: 4534442 | HINT: 232 |
| Function name: SetThreadExecutionState | RVA: 4534460 | HINT: 1171 |
| Function name: CopyFileExW | RVA: 4534486 | HINT: 114 |
| Function name: UnmapViewOfFile | RVA: 4534500 | HINT: 1238 |
| Function name: MapViewOfFile | RVA: 4534518 | HINT: 855 |
| Function name: CreateFileMappingW | RVA: 4534534 | HINT: 140 |
| Function name: CreateMutexW | RVA: 4534556 | HINT: 158 |
| Function name: SetEndOfFile | RVA: 4534572 | HINT: 1107 |
| Function name: ResetEvent | RVA: 4534588 | HINT: 1039 |
| Function name: SetFileTime | RVA: 4534602 | HINT: 1130 |
| Function name: LocalFileTimeToFileTime | RVA: 4534616 | HINT: 838 |
| Function name: DosDateTimeToFileTime | RVA: 4534642 | HINT: 228 |
| Function name: CreateFileA | RVA: 4534666 | HINT: 136 |
| Function name: CompareStringA | RVA: 4534680 | HINT: 97 |
| Function name: GetSystemTimeAsFileTime | RVA: 4534698 | HINT: 633 |
| Function name: VirtualFree | RVA: 4534724 | HINT: 1260 |
| Function name: VirtualAlloc | RVA: 4534738 | HINT: 1257 |
| Function name: DeleteFileW | RVA: 4534754 | HINT: 214 |
| Function name: GetThreadLocale | RVA: 4534768 | HINT: 652 |
| Function name: GetVersionExW | RVA: 4533340 | HINT: 676 |
| Function name: GetCurrentThreadId | RVA: 4533318 | HINT: 453 |
| Function name: TlsAlloc | RVA: 4533306 | HINT: 1221 |
| Function name: TlsSetValue | RVA: 4533292 | HINT: 1224 |
| Function name: ReleaseMutex | RVA: 4533276 | HINT: 1018 |
| Function name: GetLastError | RVA: 4533260 | HINT: 514 |
| Function name: Sleep | RVA: 4533252 | HINT: 1202 |
| Function name: TlsGetValue | RVA: 4533238 | HINT: 1223 |
| Function name: CloseHandle | RVA: 4533224 | HINT: 82 |
| Function name: DeleteCriticalSection | RVA: 4533200 | HINT: 209 |
| Function name: GetTimeZoneInformation | RVA: 4536906 | HINT: 664 |
| Function name: GetACP | RVA: 4536404 | HINT: 360 |
| Function name: GetCPInfo | RVA: 4536392 | HINT: 370 |
| Function name: RaiseException | RVA: 4536374 | HINT: 945 |
| Function name: HeapAlloc | RVA: 4536362 | HINT: 715 |
| Function name: HeapFree | RVA: 4536350 | HINT: 719 |
| Function name: IsDebuggerPresent | RVA: 4536330 | HINT: 768 |
| Function name: UnhandledExceptionFilter | RVA: 4536302 | HINT: 1235 |
| Function name: TerminateProcess | RVA: 4536282 | HINT: 1216 |
| Function name: IsProcessorFeaturePresent | RVA: 4536254 | HINT: 772 |
| Function name: SystemTimeToTzSpecificLocalTime | RVA: 4536872 | HINT: 1214 |
| Function name: SystemTimeToFileTime | RVA: 4536848 | HINT: 1213 |
| Function name: GlobalAlloc | RVA: 4536834 | HINT: 691 |
| Function name: GlobalFree | RVA: 4536820 | HINT: 698 |
| Function name: SetFilePointer | RVA: 4536456 | HINT: 1126 |
| Function name: WideCharToMultiByte | RVA: 4536474 | HINT: 1297 |
| Function name: GetConsoleCP | RVA: 4536496 | HINT: 410 |
| Function name: GetConsoleMode | RVA: 4536512 | HINT: 428 |
| Function name: TlsFree | RVA: 4533190 | HINT: 1222 |
| Function name: InitializeCriticalSection | RVA: 4533162 | HINT: 738 |
| Function name: GetCurrentProcess | RVA: 4533142 | HINT: 448 |
| Function name: HeapSetInformation | RVA: 4533120 | HINT: 723 |
| Function name: GetOEMCP | RVA: 4536414 | HINT: 567 |
| Function name: SetFileAttributesW | RVA: 4534286 | HINT: 1121 |
| Function name: IsValidCodePage | RVA: 4536426 | HINT: 778 |
| Function name: HeapSize | RVA: 4536530 | HINT: 724 |
| Function name: HeapReAlloc | RVA: 4536542 | HINT: 722 |
| Function name: LCMapStringW | RVA: 4536556 | HINT: 813 |
| Function name: MultiByteToWideChar | RVA: 4536572 | HINT: 871 |
| Function name: SetStdHandle | RVA: 4536594 | HINT: 1159 |
| Function name: WriteConsoleW | RVA: 4536610 | HINT: 1316 |
| Function name: FlushFileBuffers | RVA: 4536626 | HINT: 343 |
| Function name: GetLocalTime | RVA: 4536646 | HINT: 515 |
| Function name: FormatMessageW | RVA: 4536662 | HINT: 350 |
| Function name: GetTempFileNameW | RVA: 4536680 | HINT: 643 |
| Function name: GetFullPathNameW | RVA: 4536700 | HINT: 507 |
| Function name: CreateDirectoryW | RVA: 4536720 | HINT: 129 |
| Function name: GetProcessHeap | RVA: 4536740 | HINT: 586 |
| Function name: GetModuleHandleA | RVA: 4536758 | HINT: 533 |
| Function name: GetFileSizeEx | RVA: 4536778 | HINT: 497 |
| Function name: GetUserDefaultLangID | RVA: 4533980 | HINT: 668 |
| Function name: GetTickCount | RVA: 4536238 | HINT: 659 |
| Function name: QueryPerformanceCounter | RVA: 4536212 | HINT: 935 |
| Function name: HeapCreate | RVA: 4536198 | HINT: 717 |
| Function name: SetLastError | RVA: 4536182 | HINT: 1139 |
| Function name: EncodePointer | RVA: 4536166 | HINT: 234 |
| Function name: GetFileType | RVA: 4536152 | HINT: 499 |
| Function name: InitializeCriticalSectionAndSpinCount | RVA: 4536112 | HINT: 739 |
| Function name: SetHandleCount | RVA: 4536094 | HINT: 1135 |
| Function name: GetEnvironmentStringsW | RVA: 4536068 | HINT: 474 |
| Function name: MoveFileExW | RVA: 4536806 | HINT: 864 |
| Function name: FreeEnvironmentStringsW | RVA: 4536042 | HINT: 353 |
| Function name: GetModuleFileNameW | RVA: 4536020 | HINT: 532 |
| Function name: GetStdHandle | RVA: 4536004 | HINT: 612 |
| Function name: DecodePointer | RVA: 4535988 | HINT: 202 |
| Function name: GetCommandLineW | RVA: 4535908 | HINT: 391 |
| Function name: GetStartupInfoW | RVA: 4535926 | HINT: 611 |
| Function name: SetUnhandledExceptionFilter | RVA: 4535944 | HINT: 1189 |
| Function name: ExitProcess | RVA: 4535974 | HINT: 281 |
| Function name: CopyFileW | RVA: 4536794 | HINT: 117 |
| Function name: #23 | RVA: --- | HINT: --- |
| Function name: #22 | RVA: --- | HINT: --- |
| Function name: #20 | RVA: --- | HINT: --- |
| Function name: CryptHashPublicKeyInfo | RVA: 4534812 | HINT: 161 |
| Function name: CertGetCertificateContextProperty | RVA: 4536932 | HINT: 70 |
| Function name: #116 | RVA: --- | HINT: --- |
| Function name: #17 | RVA: --- | HINT: --- |
| Function name: #125 | RVA: --- | HINT: --- |
| Function name: #171 | RVA: --- | HINT: --- |
| Function name: #8 | RVA: --- | HINT: --- |
| Function name: #115 | RVA: --- | HINT: --- |
| Function name: #118 | RVA: --- | HINT: --- |
| Function name: #205 | RVA: --- | HINT: --- |
| Function name: #45 | RVA: --- | HINT: --- |
| Function name: #137 | RVA: --- | HINT: --- |
| Function name: #141 | RVA: --- | HINT: --- |
| Function name: #238 | RVA: --- | HINT: --- |
| Function name: #190 | RVA: --- | HINT: --- |
| Function name: #88 | RVA: --- | HINT: --- |
| Function name: #90 | RVA: --- | HINT: --- |
| Function name: #173 | RVA: --- | HINT: --- |
| Function name: #111 | RVA: --- | HINT: --- |
| Function name: #70 | RVA: --- | HINT: --- |
| Function name: #169 | RVA: --- | HINT: --- |
| Function name: UuidCreate | RVA: 4534858 | HINT: 507 |
| Function name: InternetCrackUrlW | RVA: 4536986 | HINT: 116 |
| Function name: HttpQueryInfoW | RVA: 4536968 | HINT: 90 |
| Function name: InternetCloseHandle | RVA: 4534884 | HINT: 107 |
| Function name: HttpAddRequestHeadersW | RVA: 4534906 | HINT: 83 |
| Function name: HttpOpenRequestW | RVA: 4534932 | HINT: 88 |
| Function name: InternetErrorDlg | RVA: 4534952 | HINT: 124 |
| Function name: InternetReadFile | RVA: 4534972 | HINT: 159 |
| Function name: HttpSendRequestW | RVA: 4534992 | HINT: 94 |
| Function name: InternetSetOptionW | RVA: 4535012 | HINT: 175 |
| Function name: InternetConnectW | RVA: 4535034 | HINT: 114 |
| Function name: InternetOpenW | RVA: 4535054 | HINT: 154 |
| Function name: CryptCATAdminCalcHashFromFileHandle | RVA: 4535100 | HINT: 4 |
| Function name: WTHelperProvDataFromStateData | RVA: 4535172 | HINT: 92 |
| Function name: WTHelperGetProvSignerFromChain | RVA: 4535138 | HINT: 89 |
| Function name: WinVerifyTrust | RVA: 4535082 | HINT: 115 |
| Function name: GetFileVersionInfoW | RVA: 4535848 | HINT: 6 |
| Function name: GetFileVersionInfoSizeW | RVA: 4535870 | HINT: 5 |
| Function name: VerQueryValueW | RVA: 4535830 | HINT: 14 |

Total Number of Imported Functions:  274  | Total Number of Libraries:  14  | Total Number of Blacklisted Functions:  75

PE Resources valid

ID Type Language Size \ Offset Entropy Hashes

1

RT_ICON

1033 (1252)

0x8a8 \ 0x54178

2.4466585046389

1

RT_MESSAGETABLE

1033 (1252)

0x25b4 \ 0x54a20

2.9161115064697

1

RT_GROUP_ICON

1033 (1252)

0x14 \ 0x56fd4

2.0709505944547

1

RT_VERSION

1033 (1252)

0x3f4 \ 0x56fe8

3.5548040061474

1

RT_MANIFEST

1033 (1252)

0x408 \ 0x573dc

3.0727895407455

Total Number of Resources: 5 | Total Size of Rsrc Section: 14336 | Total Entropy of Rsrc Section: 5.4370751930714 | Total Ratio of Rsrc Section: 0.0019926853%

PE Opcodes Frequency & Anomalies Analyzer suspect

# Opcode Quantity of instruction Frequency of instruction Byte

2

AND

8

4.7337279%

-)

3

CALL

1

0.591716%

-)

4

CMP

13

7.6923075%

-)

5

DAA

1

0.591716%

-)

6

INC

2

1.183432%

-)

7

INT 3

15

8.87574%

-)

8

JB

9

5.3254437%

-)

9

JBE

1

0.591716%

-)

10

JG

6

3.5502958%

-)

11

JMP

12

7.1005917%

-)

12

JNZ

6

3.5502958%

-)

13

JZ

6

3.5502958%

-)

14

LEA

2

1.183432%

-)

15

MOV

25

14.792899%

-)

16

NEG

1

0.591716%

-)

17

NOP

3

1.7751479%

-)

18

POP

3

1.7751479%

-)

19

PUSH

7

4.1420116%

-)

20

REP MOVSD

4

2.366864%

-)

21

REP STOSD

1

0.591716%

-)

22

RET

3

1.7751479%

-)

23

ROR

1

0.591716%

-)

24

SHL

2

1.183432%

-)

25

SHR

4

2.366864%

-)

26

SUB

4

2.366864%

-)

27

TEST

4

2.366864%

-)

28

XOR

1

0.591716%

-)

Load more

Total Number Of Opcodes: 169

Opcodes Frequency Chart

PE Dumped Strings valid

# String Common

16

it6,o

Yes

20

VomX_

Yes

41

zYv7

Yes

47

c gbk

Yes

48

w_F9

Yes

50

b3Fpn

Yes

56

GLgK

Yes

60

S7py

Yes

66

QmUS

Yes

71

N-Da

Yes

75

Fb2MnT

Yes

77

CZNZ

Yes

94

n765,p

Yes

97

SUO5

Yes

98

Ebbf

Yes

103

JjyL,

Yes

104

Yqb0

Yes

109

jPd4

Yes

150

QQDx

Yes

151

A7ea

Yes

160

DIth

Yes

166

uBPu

Yes

167

cccK

Yes

178

BcLqc

Yes

183

Xfsl

Yes

191

i -O

Yes

208

JCB.

Yes

210

mdgN

Yes

211

LjEF2

Yes

229

eFHamI

Yes

230

D7i0

Yes

247

Fl,5

Yes

264

YXhgN

Yes

277

bJF

Yes

285

eaz-

Yes

293

PSLev

Yes

295

L5ls

Yes

298

Oy,Q

Yes

304

ux0

Yes

308

S5mA

Yes

314

kLu0

Yes

335

sSIv

Yes

374

O5cr

Yes

382

pd-u

Yes

391

WROs

Yes

393

Z9UIp

Yes

398

I8mb

Yes

402

dROD

Yes

443

fN06Q

Yes

459

eUwC

Yes

Load more

Total Number of Strings: 4228 |  Common strings: 4228 | Danger strings: 0

Bytes Frequency Chart