popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2011-12-16 06:58:57

PE Imphash

f221bd0a5050ce1161617d2aef8cf2d7

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000019e2 0x00002000 5.5810609241
.rdata 0x00003000 0x000008d6 0x00001000 3.23440224155
.data 0x00004000 0x000004a6 0x00001000 1.24994841847
.rsrc 0x00005000 0x0002c9f0 0x0002d000 5.61040797974

Resources

Name Offset Size Language Sub-language File type
PART 0x00005658 0x000186a0 LANG_ENGLISH SUBLANG_ENGLISH_US Microsoft Cabinet archive data, 77512 bytes, 1 file
PART 0x00005658 0x000186a0 LANG_ENGLISH SUBLANG_ENGLISH_US Microsoft Cabinet archive data, 77512 bytes, 1 file
PART 0x00005658 0x000186a0 LANG_ENGLISH SUBLANG_ENGLISH_US Microsoft Cabinet archive data, 77512 bytes, 1 file
RT_ICON 0x00005508 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00005508 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00005630 0x00000022 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00031768 0x00000283 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x403020 LoadLibraryA
0x403024 CreateEventA
0x40302c LocalFree
0x403030 CloseHandle
0x403034 WriteFile
0x403038 CreateFileA
0x40303c lstrcpyA
0x403040 LockResource
0x403044 LoadResource
0x403048 SizeofResource
0x40304c FindResourceA
0x403050 LoadLibraryExA
0x403054 DeleteFileA
0x403058 SetFileAttributesA
0x40305c lstrcatA
0x403060 lstrcmpiA
0x403064 GetStartupInfoA
0x403068 ExitProcess
0x40306c GetCommandLineA
0x403070 GetProcAddress
0x40307c DebugBreak
0x403080 HeapAlloc
0x403084 GetProcessHeap
0x403088 HeapReAlloc
0x40308c HeapFree
0x403098 GetLastError
0x40309c SetLastError
0x4030a0 GetSystemDirectoryA
0x4030a8 GetFileAttributesA
0x4030ac GetDriveTypeA
0x4030b0 lstrcpynA
0x4030b4 ReadFile
0x4030b8 GetFileSize
0x4030bc GetVersionExA
0x4030c0 CreateDirectoryA
0x4030c4 EnumResourceNamesA
0x4030cc RemoveDirectoryA
0x4030d0 FreeLibrary
0x4030d8 GetModuleHandleA
0x4030dc lstrlenA
Library USER32.dll:
0x4030e4 CharNextA
0x4030e8 MessageBoxA
0x4030ec wsprintfA
Library ADVAPI32.dll:
0x403000 RegFlushKey
0x403004 RegCloseKey
0x403008 RegOpenKeyExA
0x40300c RegSetValueExA
0x403010 RegCreateKeyExA
0x403014 RegDeleteValueA
0x403018 RegQueryValueExA
Library ole32.dll:
0x4030f4 CoInitialize
0x4030f8 CoUninitialize
!This program cannot be run in DOS mode.
`.rdata
@.data
PSSh81@
u0SShH1@
SShH1@
t h\C@
jdPh|C@
Installer
CurInstall
ConfigDateStamp
%x.bin\
DllRegisterServer
DllUnregisterServer
The YourLocalLotto Toolbar Easy Installer has been successfully %sinstalled
Failed to %sinstall the YourLocalLotto Toolbar Easy Installer
Software\FocusInteractive\bar\Switches
CLSID\{%s}\InprocServer32
Software\yourlocallotto1_20EI
%SystemDrive%
SOFTWARE\Microsoft\Windows\CurrentVersion
lstrlenA
WaitForMultipleObjects
FreeLibrary
RemoveDirectoryA
SetCurrentDirectoryA
EnumResourceNamesA
CreateDirectoryA
GetProcAddress
LoadLibraryA
CreateEventA
GetUserDefaultLangID
LocalFree
CloseHandle
WriteFile
CreateFileA
lstrcpyA
LockResource
LoadResource
SizeofResource
FindResourceA
LoadLibraryExA
DeleteFileA
SetFileAttributesA
lstrcatA
lstrcmpiA
GetStartupInfoA
ExitProcess
GetCommandLineA
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
DebugBreak
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetLastError
GetSystemDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetDriveTypeA
lstrcpynA
ReadFile
GetFileSize
GetVersionExA
KERNEL32.dll
wsprintfA
MessageBoxA
CharNextA
USER32.dll
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
ADVAPI32.dll
CoUninitialize
CoInitialize
ole32.dll
NP20EISb.dll
NPT8EISB.DLL
20EIPlug.dll
T8EIPLUG.DLL
20EZSETP.dll
T8EZSETP.DLL
http://imgfarm.com/images/nocache/tr/au1.gif
result=%x
YourLocalLotto Toolbar Easy Installer Installer
YourLocalLotto Toolbar
MyFree
SetupDecompressOrCopyFileA
SetupGetFileCompressionInfoA
SETUPAPI
yourlocallotto1_20EI:Installer:Shared04
yourlocallotto1_20EI:Installer:Shared03
\Installr
\yourlocallotto1_20EI
\Program Files
Software\AppDataLow
IEGetWriteableHKCU
ieframe.dll
Software
ProgramFilesDir
ProgramFilesPath
wwwwwx
wwwwwwwx
wwwwww
20EzSetp.dll
lxz`@T
:+#:]g
:U;R,z
jGO.7>m
K@3NO^
.`I]le
XHF(GZN
8a*r<]
{W*\kCb
f|^i).
"Wqi"t|
0^oZdS
\;1"R93
^qr=?z
?5650'
V]fn*E
.qiZk
30)Cm`
~r7)aw
JS&4l->
K7k*.q
?eR3}on
pr($eH'
cmlh{U1_
'Vdm|(
n3cpf$
@9n0s8E
Q)P7/K
RXIac/
Y@9`40
qUI?hz
b\>--e
\/@:-l
Z-6;&,'
H3Yte3
O}#d!:*
8xd}r4
<CPJ@z%
D==](XGe
+qFKKqX
b!/s\|
WhcN7}
PY\nW#i})
<Cm\+,
XH-U[G
Ga_@mJ
OXWKd@&
&]eA^n
hDzbo6Sx
UgBwq[
5O#A~@
5@G^}e
#;[tt'
yNv}l\L
eFgdd^G!
RW+m#
_g2TN-
rEWi]gM6w
djQ1/e
zFmg.}
JwdT<dJ
9|yBH&6Ra
w&G}*H\
,7]J"V}^]
<U{}D<
Nqi+'I
=mq%|Q%4
rj+4UHn%
N[G+)K
NeY"1(J#`
Ro9Ik>
1DhfFDhfZDhf
{eUh&i
Fq+ks
Fe_Eg1
r1sA53_V
wdp|c
2kUQ}M
jwmAcM
>cxH5M
,j;Q]"
[Q#ubE
@!anQg
3Y^8gb
[QVf-._
S+JvrOT
J:B<!@7Y86
K}:!I=
/l}r9<IX
Hex'>9
N*%)1I0*
N]vb(
ISY/u3
JUi9)_;Y
C[aPt4
!\7J23n6
ELA.:>>.b~*O
K0e]1A
,_nGbc
E=n4hL
`[EICF
4ZC%N]
;\5.pi
xxUfa"a$
7s]rX3
prbbBbc
f>=l]3
\Jz;lT0
!ljbzb
x\K9JM
V~6rXl
OMCO?y
$7~MI>
-@F5oh9f
0*8XCK
z.P-8G
L-))icw3
hZvUMeh
]oCV$e}K
6Y{B{Y
#UIwKK
c^f~g:
Xv<{3[
M*M*GR4
#T$TO,
t8c}1}
/<nZ</f
}\l0oh
)+)Zk(p
wKitLD
'a/2g+h
#C-xucF
20EIPlug.dll
<Pg<^?>
<tQRKK]]
2OJ@m0
>0r@FA
(ey@u6z
FD&2S*i
RXsKUI
U5W"W;q
g)2F3gqL
N,4l%&/6
>+,NC
kWu\\
nH7>D
R)Sb7
A}_io=
_Sr#ukE
t5m;-]
)M:OI>
=o=3ul
45a(c?
,)[Zp+k
A z,:F
$t6!Z&
zX$_Nfy
97216}
VuXXqqqh
tFYlt+
R-DZRC
qU:I{B
9r\lqC
~g,X'b
NP20EISB.dll
1r/eycd
CGH1hQ+
gFegUW
3_4h"he
S~Bn9Q
>+s9^L
R>~E'8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="EasySetup"
type="win32"/>
<description>Easy Installer</description>
<!-- Identify the application security requirements. -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
E:\Builds\vveprik\templatebsi1,2,5,11\Variations\TemplateBSI\Release.t8installer\t8Setup1.pdb
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
100531000000Z
120506235959Z0
NewYork1
White Plains1&0$
Mindspark Interactive Network1>0<
5Digital ID Class 3 - Microsoft Software Validation v21&0$
Mindspark Interactive Network0
3http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
960129000000Z
280801235959Z0_1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
090521000000Z
190520235959Z0
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
'tag'Mj
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!00
#http://logo.verisign.com/vslogo.gif0
http://ocsp.verisign.com01
http://crl.verisign.com/pca3.crl0)
Class3CA2048-1-550
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification10
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA
http://eula.mindspark.com/0
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
120201211258Z0#
T8EZSETP.DLL
T8EIPLUG.DLL
NPT8EISB.DLL
<<<Obsolete>>
,YourLocalLotto Toolba
Antivirus Signature
Bkav W32.HfsAdware.1166
TotalDefense Win32/Tnega.GaNNPfC
MicroWorld-eScan Clean
nProtect Clean
CMC Clean
CAT-QuickHeal PUA.Mindsparki1.Gen
ALYac Clean
Malwarebytes PUP.Optional.MindSpark
VIPRE MyWebSearch.J (v) (not malicious)
AegisLab Webtoolbar.W32.Gen!c
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
TheHacker Clean
Arcabit PUP.WebToolbar.MyWebSearch
Baidu Win32.Trojan.WisdomEyes.151026.9950.9996
F-Prot W32/MyWeb.G
Symantec Clean
ESET-NOD32 Win32/AdInstaller potentially unwanted
TrendMicro-HouseCall TROJ_SPNR.0EI513
Avast Win32:FunWeb-J [PUP]
ClamAV Win.Adware.Mywebsearch-219
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.rh
BitDefender Clean
NANO-Antivirus Riskware.Win32.WebSearch.dbxdjn
SUPERAntiSpyware PUP.AdInstaller
Tencent Win32.Trojan.Falsesign.Aguu
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Trojan.MulDrop6.40078
Zillya Adware.MyWebSearch.Win32.2684
TrendMicro TROJ_SPNR.0EI513
McAfee-GW-Edition Clean
Sophos Generic PUA MH (PUA)
Cyren W32/MyWeb.YEIO-7739
Jiangmin Clean
Avira Clean
Antiy-AVL RiskWare[WebToolbar]/Win32.MyWebSearch.rh
Kingsoft Clean
Microsoft Clean
ViRobot Adware.MyWebSearch.211008.C[h]
GData Win32.Adware.Mindspark.E
AhnLab-V3 PUP/Win32.FunWeb
McAfee Clean
AVware MyWebSearch.J (v)
VBA32 Clean
Baidu-International Adware.Win32.MyWebSearch.bQ
Zoner Clean
Rising Trjoan.Generic-xQZSKt3K8GV (Cloud)
Yandex PUA.Toolbar.MyWebSearch!
Ikarus Clean
Fortinet Riskware/MyWebSearch
AVG AdInstaller.FunWeb
Panda Clean
Qihoo-360 Trojan.Generic
No IRMA results available.