| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | filedata |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | c596d3996b782414fa812a12d91ac6a23e393efd |
| MD5: | 615ca56d988022b8a0d46a6865467413 |
| First Seen Date: | 2017-06-17 22:12:21.604456 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2017-06-17 22:12:21.604456 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| file type enum | 6 |
| number of sections | 8 |
| compilation time stamp | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] [SUSPICIOUS] |
| LegalCopyright | Internet |
| FileVersion | 5.1.4.2 |
| CompanyName | |
| Comments | This installation was built with Inno Setup. |
| ProductName | Redod |
| ProductVersion | 4.5.6 |
| FileDescription | Redod Setup |
| Translation | 0x0000 0x04b0 |
| entry point | 0x40a5f8 (CODE) |
| machine type | Intel 386 or later - 32Bit |
| file size | 1527256 |
| sha256 | 5cc49fbb472571ef216aa81fcb0f63e09d533ba11fcf9b0badfc64de6d210635 |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| CODE | 0x1000 | 0x9d30 | 0x9e00 | 6.62607332099 | 09134bbfe2b42c53497d3fac1d71f439 |
| DATA | 0xb000 | 0x250 | 0x400 | 2.75182066229 | 1ee71d84f1c77af85f1f5c278f880572 |
| BSS | 0xc000 | 0xe8c | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .idata | 0xd000 | 0x950 | 0xa00 | 4.4307330698 | bb5485bf968b970e5ea81292af2acdba |
| .tls | 0xe000 | 0x8 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .rdata | 0xf000 | 0x18 | 0x200 | 0.20448815744 | 9ba824905bf9c7922b6fc87a38b74366 |
| .reloc | 0x10000 | 0x8c4 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 0x11000 | 0x2c00 | 0x2c00 | 4.53719595799 | ff2e3741e6477431947ad5f16a3056b9 |
-
kernel32.dll
- DeleteCriticalSection
- LeaveCriticalSection
- EnterCriticalSection
- InitializeCriticalSection
- VirtualFree
- VirtualAlloc
- LocalFree
- LocalAlloc
- WideCharToMultiByte
- TlsSetValue
- TlsGetValue
- MultiByteToWideChar
- GetModuleHandleA
- GetLastError
- GetCommandLineA
- WriteFile
- SetFilePointer
- SetEndOfFile
- RtlUnwind
- ReadFile
- RaiseException
- GetStdHandle
- GetFileSize
- GetSystemTime
- GetFileType
- ExitProcess
- CreateFileA
- CloseHandle
-
user32.dll
- MessageBoxA
-
oleaut32.dll
- VariantChangeTypeEx
- VariantCopyInd
- VariantClear
- SysStringLen
- SysAllocStringLen
-
advapi32.dll
- RegQueryValueExA
- RegOpenKeyExA
- RegCloseKey
- OpenProcessToken
- LookupPrivilegeValueA
-
kernel32.dll
- WriteFile
- VirtualQuery
- VirtualProtect
- VirtualFree
- VirtualAlloc
- Sleep
- SizeofResource
- SetLastError
- SetFilePointer
- SetErrorMode
- SetEndOfFile
- RemoveDirectoryA
- ReadFile
- LockResource
- LoadResource
- LoadLibraryA
- IsDBCSLeadByte
- GetWindowsDirectoryA
- GetVersionExA
- GetUserDefaultLangID
- GetSystemInfo
- GetSystemDefaultLCID
- GetProcAddress
- GetModuleHandleA
- GetModuleFileNameA
- GetLocaleInfoA
- GetLastError
- GetFullPathNameA
- GetFileSize
- GetFileAttributesA
- GetExitCodeProcess
- GetEnvironmentVariableA
- GetCurrentProcess
- GetCommandLineA
- GetACP
- InterlockedExchange
- FormatMessageA
- FindResourceA
- DeleteFileA
- CreateProcessA
- CreateFileA
- CreateDirectoryA
- CloseHandle
-
user32.dll
- TranslateMessage
- SetWindowLongA
- PeekMessageA
- MsgWaitForMultipleObjects
- MessageBoxA
- LoadStringA
- ExitWindowsEx
- DispatchMessageA
- DestroyWindow
- CreateWindowExA
- CallWindowProcA
- CharPrevA
-
comctl32.dll
- InitCommonControls
-
advapi32.dll
- AdjustTokenPrivileges
RT_ICON
RT_STRING
RT_RCDATA
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST