Advanced File Analysis System

File Name: OutlookAccountsView_2.exe

File Type: PE32+ executable (GUI) x86-64, for MS Windows

SHA1: cb8b6c26650b97c57d2fca8793c10c931f6b6707

MD5: 5b0af6878305d0b795bfb5315609960b

CREATED / DROPPED FILES

File Path	Type and Hashes

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	OutlookAccountsView_2.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
SHA1:	cb8b6c26650b97c57d2fca8793c10c931f6b6707
MD5:	5b0af6878305d0b795bfb5315609960b
First Seen Date:	2022-01-19 13:55:56.487789 ( 2022-01-19 13:55:56.487789 )
Number of Clients Seen:	5
Last Analysis Date:	2022-01-20 11:30:44.882003 ( 2022-01-20 11:30:44.882003 )
Human Expert Analysis Date:	2022-02-06 22:31:16.480188 ( 2022-02-06 22:31:16.480188 )
Human Expert Analysis Result:	Clean

PE Headers

Property	Value
magic literal enum	4
file type enum	7
debug artifacts	[{u'Path': u'c:\\projects\\vs2005\\outlookaccountsview\\x64\\release\\OutlookAccountsView.pdb\x00', u'GUID': u'{54cfbaf8-2c70-465d-a1e7-585dcc1f0fbc}', u'timestamp': u'2022-01-17 09:47:53'}]
number of sections	5
trid	[[61.7, u'Win64 Executable (generic)'], [29.2, u'Windows screen saver'], [4.4, u'Generic Win/DOS Executable'], [4.4, u'DOS Executable Generic']]
compilation time stamp	0x61E53B49 [Mon Jan 17 09:47:53 2022 UTC]
LegalCopyright	Copyright \xa9 2020 - 2022 Nir Sofer
InternalName	OutlookAccountsView
FileVersion	1.00
CompanyName	NirSoft
ProductName	OutlookAccountsView
ProductVersion	1.00
FileDescription	OutlookAccountsView
OriginalFilename	OutlookAccountsView.exe
Translation	0x0409 0x04b0
entry point	0x140015e10 (.text)
machine type	AMD64 only, not Itaniums, with 0200 - 64 bit
file size	140288
ssdeep	1536:gDdccC2vf2XNt9/K/5yH4hi65krHyo+d0o2F1TISh2Kkxu+T2pHT0MCQaro:gDdccvmNz5H62++bTISUKk0zpOQaro
sha256	c32bc56669f88a4182f1b691b19d098ec2069c1f66c66f53e64d71942b1f857b
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/c/b/8/b/cb8b6c26650b97c57d2fca8793c10c931f6b6707', u'EXE:OriginalFileName': u'OutlookAccountsView.exe', u'EXE:ProductName': u'OutlookAccountsView', u'EXE:InternalName': u'OutlookAccountsView', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2022:01:19 13:55:47+00:00', u'EXE:InitializedDataSize': 52224, u'File:FileModifyDate': u'2022:01:19 13:55:09+00:00', u'EXE:FileVersionNumber': u'1.0.0.0', u'EXE:FileVersion': 1.0, u'File:FileSize': u'137 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'AMD AMD64', u'EXE:FileOS': u'Windows NT 32-bit', u'EXE:ProductVersion': 1.0, u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win64 EXE', u'EXE:CompanyName': u'NirSoft', u'File:FileName': u'cb8b6c26650b97c57d2fca8793c10c931f6b6707', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32+', u'EXE:TimeStamp': u'2022:01:17 09:47:53+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright \xa9 2020 - 2022 Nir Sofer', u'EXE:LinkerVersion': 8.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/c/b/8/b', u'EXE:FileDescription': u'OutlookAccountsView', u'EXE:EntryPoint': u'0x15e10', u'EXE:SubsystemVersion': 5.2, u'EXE:CodeSize': 87040, u'File:FileInodeChangeDate': u'2022:01:19 13:55:42+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.0.0.0'}]
mime type	application/x-dosexec
imphash	aeaa8a3abbef56e46a111464bddb0a66

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0x153db	0x15400	6.1877159152	0853b578af2b5fc506eb2792801fa601
.rdata	0x17000	0x537a	0x5400	4.74423119717	048997446af1917b955979c89cd087e6
.data	0x1d000	0x26a8	0x1000	1.06924579844	3b0da737644fdc30aeff9f5200ca35e8
.pdata	0x20000	0xf78	0x1000	4.90507595491	1d40b07519c152f78533a36156e274b3
.rsrc	0x21000	0x5710	0x5800	4.78905101547	aac8b2078e120be32dcf82fe5ddd9739

PE Imports

msvcrt.dll
- _initterm
- __wgetmainargs
- _wcmdln
- exit
- _cexit
- _exit
- _c_exit
- _XcptFilter
- __C_specific_handler
- _onexit
- __dllonexit
- _memicmp
- _wcslwr
- qsort
- _itow
- __setusermatherr
- _commode
- _fmode
- __set_app_type
- strlen
- malloc
- _wcsnicmp
- free
- modf
- wcschr
- wcsrchr
- wcstoul
- wcscmp
- wcsncmp
- ??2@YAPEAX_K@Z
- ??3@YAXPEAX@Z
- wcslen
- _wcsicmp
- memcmp
- memcpy
- _ultow
- _wtoi
- _purecall
- wcscpy
- memset
- wcscat
- _snwprintf
- wcsncat
COMCTL32.dll
- ImageList_AddMasked
- ImageList_SetImageCount
- CreateToolbarEx
- CreateStatusWindowW
- ImageList_ReplaceIcon
- None
- ImageList_Create
- ImageList_Add
VERSION.dll
- GetFileVersionInfoSizeW
- VerQueryValueW
- GetFileVersionInfoW
CRYPT32.dll
- CryptUnprotectData
KERNEL32.dll
- OpenProcess
- CreateProcessW
- GetCurrentThreadId
- SetEnvironmentVariableW
- Sleep
- EnumResourceTypesW
- GetStartupInfoW
- GetFileSize
- GetLastError
- GetProcAddress
- FreeLibrary
- LoadLibraryW
- CloseHandle
- LocalFree
- LocalAlloc
- GetModuleHandleW
- GetVersionExW
- FindNextFileW
- FindResourceW
- WriteFile
- GetFileAttributesW
- FindClose
- LoadResource
- ReadFile
- LoadLibraryExW
- GetModuleFileNameW
- GlobalAlloc
- CreateFileW
- GetSystemDirectoryW
- GetWindowsDirectoryW
- GetCurrentProcess
- WideCharToMultiByte
- MultiByteToWideChar
- lstrlenW
- LockResource
- GlobalLock
- GlobalUnlock
- lstrcpyW
- GetTempPathW
- SizeofResource
- FindFirstFileW
- FormatMessageW
- EnumResourceNamesW
- WritePrivateProfileStringW
- GetPrivateProfileIntW
- GetPrivateProfileStringW
- GetStdHandle
- GetTickCount
- DeleteFileW
- SetErrorMode
- ExitProcess
- GetCurrentProcessId
- ReadProcessMemory
USER32.dll
- GetDC
- ReleaseDC
- SetCursor
- LoadCursorW
- GetSysColorBrush
- ShowWindow
- ChildWindowFromPoint
- EndDialog
- GetDlgItem
- SetWindowTextW
- UpdateWindow
- SendMessageW
- InvalidateRect
- SetDlgItemTextW
- GetDlgItemTextW
- GetWindowRect
- SetWindowLongPtrW
- GetWindowPlacement
- GetDlgItemInt
- GetSystemMetrics
- SetDlgItemInt
- DeferWindowPos
- EndPaint
- BeginPaint
- CreateWindowExW
- GetClientRect
- SetWindowPos
- GetWindow
- SendDlgItemMessageW
- GetForegroundWindow
- LoadAcceleratorsW
- DefWindowProcW
- RegisterClassW
- PostMessageW
- MessageBoxW
- SetMenu
- TranslateAcceleratorW
- LoadImageW
- LoadIconW
- GetSysColor
- SetWindowLongW
- GetWindowLongW
- BeginDeferWindowPos
- EndDeferWindowPos
- SetFocus
- SetClipboardData
- EnableWindow
- MapWindowPoints
- GetCursorPos
- GetMenuStringW
- MoveWindow
- CloseClipboard
- GetMenu
- GetParent
- EmptyClipboard
- OpenClipboard
- EnableMenuItem
- GetClassNameW
- CheckMenuItem
- GetSubMenu
- GetMenuItemCount
- GetDesktopWindow
- DestroyWindow
- GetWindowTextW
- LoadMenuW
- ModifyMenuW
- GetMenuItemInfoW
- GetDlgCtrlID
- DestroyMenu
- CreateDialogParamW
- DialogBoxParamW
- EnumChildWindows
- LoadStringW
- TranslateMessage
- DrawTextExW
- GetKeyState
- RegisterWindowMessageW
- TrackPopupMenu
- PostQuitMessage
- GetMessageW
- DispatchMessageW
- IsDialogMessageW
- GetMonitorInfoW
- MonitorFromWindow
- EnumWindows
- AttachThreadInput
- SetForegroundWindow
- GetWindowThreadProcessId
- DrawFrameControl
GDI32.dll
- GetTextExtentPoint32W
- GetStockObject
- SetBkColor
- CreateCompatibleBitmap
- SetStretchBltMode
- StretchBlt
- GetObjectW
- DeleteDC
- GetPixel
- SetPixel
- SelectObject
- CreateCompatibleDC
- SetTextColor
- CreateFontIndirectW
- GetDeviceCaps
- SetBkMode
- DeleteObject
comdlg32.dll
- FindTextW
- GetSaveFileNameW
ADVAPI32.dll
- RegConnectRegistryW
- QueryServiceStatus
- ChangeServiceConfigW
- CloseServiceHandle
- ControlService
- OpenSCManagerW
- GetUserNameW
- OpenServiceW
- RegCloseKey
- RegEnumKeyExW
- RegOpenKeyExW
- RegEnumValueW
- RegQueryInfoKeyW
- RegQueryValueExW
- GetTokenInformation
- OpenProcessToken
- StartServiceW
SHELL32.dll
- ShellExecuteW
- ShellExecuteExW
- SHGetFileInfoW

PE Resources

{u'lang': u'LANG_ENGLISH', u'name': u'RT_CURSOR', u'offset': 136696, u'sha256': u'b47ec18790b022ee5e1b699b32625e7de342f274da9579d169cf48a2e3839f14', u'type': u'data', u'size': 308}

{u'lang': u'LANG_HEBREW', u'name': u'RT_BITMAP', u'offset': 137004, u'sha256': u'53dd076632cb98f40070d50c520d086d7f8f19f30d7b35238437af07f732fc63', u'type': u'data', u'size': 5416}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_BITMAP', u'offset': 142420, u'sha256': u'd734115a357c3a8530d8236632bfe6a5568be8459b95b88c557affb11838e6fd', u'type': u'data', u'size': 216}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_BITMAP', u'offset': 142636, u'sha256': u'785d147c0e4b682c4a839122fce96b8c7f935e4e64669fb04ccf48b68d1ea446', u'type': u'data', u'size': 216}

{u'lang': u'LANG_HEBREW', u'name': u'RT_ICON', u'offset': 142852, u'sha256': u'1c053a0c5f2f50488c5b0233ec74fb6aef7ca00c73f6fd1594534147e6b84793', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_HEBREW', u'name': u'RT_ICON', u'offset': 147116, u'sha256': u'883a5a62ae2f0c444fb36fdac979d7ee718981f9273e3ed3fdfda8b07d365c12', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}

{u'lang': u'LANG_HEBREW', u'name': u'RT_ICON', u'offset': 148244, u'sha256': u'286c36a43d277707ba5d079076bfea3ba297f29d0490213dda31e5267532204e', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MENU', u'offset': 149372, u'sha256': u'065e2f4b34362738eb388bb662028079090a08160316905e98dcd823727fe691', u'type': u'data', u'size': 1036}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MENU', u'offset': 150408, u'sha256': u'e77fbc12cc4502c961240a4497e4e10d9b260db77cb44244164f965fd7a592e7', u'type': u'data', u'size': 504}

{u'lang': u'LANG_HEBREW', u'name': u'RT_DIALOG', u'offset': 150912, u'sha256': u'e1b3f85f90cf9be72d71e4cdc51b21753d71308a3285e32d19f02a20d4b6b60f', u'type': u'data', u'size': 188}

{u'lang': u'LANG_HEBREW', u'name': u'RT_DIALOG', u'offset': 151100, u'sha256': u'e6e4ca03d3bc8f030ce39c751168b24db021f0266b974446a7c4e02fb8c7efa9', u'type': u'data', u'size': 662}

{u'lang': u'LANG_HEBREW', u'name': u'RT_DIALOG', u'offset': 151764, u'sha256': u'0dab35bd9c1ed17790524ac5224bbba4a991477c5a8d2f3771537bfe2639fd28', u'type': u'data', u'size': 1316}

{u'lang': u'LANG_HEBREW', u'name': u'RT_DIALOG', u'offset': 153080, u'sha256': u'd09986de742e891f6eb9b869d0e09a1c266e7370e8558bc69369cbfc555c0909', u'type': u'data', u'size': 250}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 153332, u'sha256': u'43fc337fc6257cadf42ffd01fe102c970b4c1803a7a3a9ae131bd6e528625ffa', u'type': u'data', u'size': 1020}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 154352, u'sha256': u'c26ed9743e041a8304df4c77893a226d386b12042a2b0e431abe09f7a5a5bf08', u'type': u'data', u'size': 228}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 154580, u'sha256': u'78e3046b984d7b27a4881b36a0da9c7a7333ffeeb852eca3989812ef61b4f63d', u'type': u'data', u'size': 264}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 154844, u'sha256': u'f503db127c83a8c1e642dc68bc709250976c8aeff8805e9582b9abc71cc6ad5b', u'type': u'data', u'size': 142}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 154988, u'sha256': u'93724f9560bb371a1cb35c144c9d246a0e1d498770e4f8f439ea23c2b8cbf38f', u'type': u'data', u'size': 64}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 155052, u'sha256': u'be8f179f6fde45e94cb1d80bd6cfc4e547e9d85edb7a847ff67cf165b7e32e4b', u'type': u'data', u'size': 176}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 155228, u'sha256': u'2bc95aac6d50269189a92a499a3c78e7662df0d74f39a9141d78160b7ae07840', u'type': u'data', u'size': 184}

{u'lang': u'LANG_HEBREW', u'name': u'RT_ACCELERATOR', u'offset': 155412, u'sha256': u'8896eabed5943f01a2e911885c0a6d0a7e62713054d3f891bf4dedf66c6a74fb', u'type': u'data', u'size': 96}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_CURSOR', u'offset': 155508, u'sha256': u'c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710', u'type': u'MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1', u'size': 20}

{u'lang': u'LANG_HEBREW', u'name': u'RT_GROUP_ICON', u'offset': 155528, u'sha256': u'401b4df975072efbe6d2c328e80bb1be1c2bfaa1d8b5bb4cca900b65fbfef34b', u'type': u'MS Windows icon resource - 2 icons, 32x32', u'size': 34}

{u'lang': u'LANG_HEBREW', u'name': u'RT_GROUP_ICON', u'offset': 155564, u'sha256': u'd6659139f55adad2497df8d1a11fcd68324a00ccdadbc133ddd49fb79e9ccc1c', u'type': u'MS Windows icon resource - 1 icon, 16x16', u'size': 20}

{u'lang': u'LANG_HEBREW', u'name': u'RT_VERSION', u'offset': 155584, u'sha256': u'a634b6ee9c2f715bc9fbf6add5247a8923283e2c0e6e21bec41c8795979b7e72', u'type': u'data', u'size': 776}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 156360, u'sha256': u'd6f60037767d099af4f2bdfe2c290a5b7c02c72fb3785a9fd9a0a9ec3e2d453d', u'type': u'ASCII text, with very long lines, with CRLF line terminators', u'size': 1095}

CERTIFICATE VALIDATION

Loading...