| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | WinThruster_Setup_2016.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 841ba6d196edbd4c9ba6ff2c191498a676a5374f |
| MD5: | 3f6e581dea165c768336fbecdf9b10ce |
| First Seen Date: | 2016-01-11 20:32:21.993985 ( ) |
| Number of Clients Seen: | 13 |
| Last Analysis Date: | 2017-01-09 11:21:14.790974 ( ) |
| Human Expert Analysis Date: | 2016-01-12 01:20:10.188472 ( ) |
| Human Expert Analysis Result: | PUA |
| Property | Value |
|---|---|
| number of sections | 9 |
| file size | 3901768 |
| LegalCopyright | \xa9 solvusoft Corporation |
| FileVersion | WinThruster |
| CompanyName | solvusoft Corporation |
| Comments | This installation was built with Inno Setup. |
| ProductName | WinThruster |
| ProductVersion | 1.79 |
| FileDescription | WinThruster |
| Translation | 0x0000 0x04b0 |
| entry point | 0x416478 (.itext) |
| mime type | application/x-dosexec |
| machine type | Intel 386 or later - 32Bit |
| compilation time stamp | 0x4CCC861E [Sat Oct 30 20:54:54 2010 UTC] |
| sha256 | a034661407b2c7cb649847eeb779134e299ffeba45a94ee1fdef15112b8d1bfd |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x143f0 | 0x14400 | 6.482200 | - |
| .itext | 0x16000 | 0xbe8 | 0xc00 | 6.009291 | - |
| .data | 0x17000 | 0xd9c | 0xe00 | 2.675929 | - |
| .bss | 0x18000 | 0x5710 | 0x0 | 0.000000[SUSPICIOUS] | - |
| .idata | 0x1e000 | 0xf9e | 0x1000 | 4.967783 | - |
| .tls | 0x1f000 | 0x8 | 0x0 | 0.000000[SUSPICIOUS] | - |
| .rdata | 0x20000 | 0x18 | 0x200 | 0.190489[SUSPICIOUS] | - |
| .reloc | 0x21000 | 0x1940 | 0x0 | 0.000000[SUSPICIOUS] | - |
| .rsrc | 0x23000 | 0xba04 | 0xbc00 | 4.363387 | - |
-
oleaut32.dll
- SysFreeString
- SysReAllocStringLen
- SysAllocStringLen
-
advapi32.dll
- RegQueryValueExW
- RegOpenKeyExW
- RegCloseKey
-
user32.dll
- GetKeyboardType
- LoadStringW
- MessageBoxA
- CharNextW
-
kernel32.dll
- GetACP
- Sleep
- VirtualFree
- VirtualAlloc
- GetSystemInfo
- GetTickCount
- QueryPerformanceCounter
- GetVersion
- GetCurrentThreadId
- VirtualQuery
- WideCharToMultiByte
- MultiByteToWideChar
- lstrlenW
- lstrcpynW
- LoadLibraryExW
- GetThreadLocale
- GetStartupInfoA
- GetProcAddress
- GetModuleHandleW
- GetModuleFileNameW
- GetLocaleInfoW
- GetCommandLineW
- FreeLibrary
- FindFirstFileW
- FindClose
- ExitProcess
- WriteFile
- UnhandledExceptionFilter
- RtlUnwind
- RaiseException
- GetStdHandle
- CloseHandle
-
kernel32.dll
- TlsSetValue
- TlsGetValue
- LocalAlloc
- GetModuleHandleW
-
user32.dll
- CreateWindowExW
- TranslateMessage
- SetWindowLongW
- PeekMessageW
- MsgWaitForMultipleObjects
- MessageBoxW
- LoadStringW
- GetSystemMetrics
- ExitWindowsEx
- DispatchMessageW
- DestroyWindow
- CharUpperBuffW
- CallWindowProcW
-
kernel32.dll
- WriteFile
- WideCharToMultiByte
- WaitForSingleObject
- VirtualQuery
- VirtualProtect
- VirtualFree
- VirtualAlloc
- SizeofResource
- SignalObjectAndWait
- SetLastError
- SetFilePointer
- SetEvent
- SetErrorMode
- SetEndOfFile
- ResetEvent
- RemoveDirectoryW
- ReadFile
- MultiByteToWideChar
- LockResource
- LoadResource
- LoadLibraryW
- LeaveCriticalSection
- InitializeCriticalSection
- GetWindowsDirectoryW
- GetVersionExW
- GetUserDefaultLangID
- GetThreadLocale
- GetSystemInfo
- GetStdHandle
- GetProcAddress
- GetModuleHandleW
- GetModuleFileNameW
- GetLocaleInfoW
- GetLocalTime
- GetLastError
- GetFullPathNameW
- GetFileSize
- GetFileAttributesW
- GetExitCodeProcess
- GetEnvironmentVariableW
- GetDiskFreeSpaceW
- GetDateFormatW
- GetCurrentProcess
- GetCommandLineW
- GetCPInfo
- InterlockedExchange
- InterlockedCompareExchange
- FreeLibrary
- FormatMessageW
- FindResourceW
- EnumCalendarInfoW
- EnterCriticalSection
- DeleteFileW
- DeleteCriticalSection
- CreateProcessW
- CreateFileW
- CreateEventW
- CreateDirectoryW
- CompareStringW
- CloseHandle
-
advapi32.dll
- RegQueryValueExW
- RegOpenKeyExW
- RegCloseKey
- OpenProcessToken
- LookupPrivilegeValueW
-
comctl32.dll
- InitCommonControls
-
kernel32.dll
- Sleep
-
advapi32.dll
- AdjustTokenPrivileges
-
oleaut32.dll
- SafeArrayPtrOfIndex
- SafeArrayGetUBound
- SafeArrayGetLBound
- SafeArrayCreate
- VariantChangeType
- VariantCopy
- VariantClear
- VariantInit
RT_ICON
RT_STRING
RT_RCDATA
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST