filename | ieinstal.exe | |
---|---|---|
size | 473600 (0x73a00) | |
md5 | 74188984d3fea2af4654819dbbb866d4 | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xf0 |
Rich Header
lib id | version | times used |
---|---|---|
126 | 50727 | 1 |
207 | 65501 | 3 |
205 | 65501 | 2 |
206 | 65501 | 25 |
203 | 65501 | 29 |
1 | 0 | 312 |
211 | 65501 | 38 |
201 | 65501 | 1 |
204 | 65501 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text | 0x1000 | 0xbdcc | 0xbe00 | R-X CODE | |
.data | 0xd000 | 0x4c8 | 0x200 | RW- IDATA | |
.idata | 0xe000 | 0x157e | 0x1600 | R-- IDATA | |
.rsrc | 0x10000 | 0x650d0 | 0x65200 | R-- IDATA | |
.reloc | 0x76000 | 0xde0 | 0xe00 | R-- IDATA DISCARDABLE |
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
ADVAPI32.dll | 605 | RegCreateKeyExW | |
ADVAPI32.dll | 620 | RegDeleteValueW | |
ADVAPI32.dll | 32 | AllocateAndInitializeSid | |
ADVAPI32.dll | 307 | FreeSid | |
ADVAPI32.dll | 95 | CheckTokenMembership | |
ADVAPI32.dll | 596 | RegCloseKey | |
ADVAPI32.dll | 674 | RegSetValueExW | |
ADVAPI32.dll | 608 | RegCreateKeyW | |
ADVAPI32.dll | 673 | RegSetValueExA | |
ADVAPI32.dll | 657 | RegQueryValueExA | |
ADVAPI32.dll | 658 | RegQueryValueExW | |
ADVAPI32.dll | 616 | RegDeleteKeyW | |
ADVAPI32.dll | 603 | RegCreateKeyA | |
ADVAPI32.dll | 644 | RegOpenKeyExA | |
ADVAPI32.dll | 630 | RegEnumValueW | |
ADVAPI32.dll | 645 | RegOpenKeyExW | |
ADVAPI32.dll | 535 | OpenThreadToken | |
ADVAPI32.dll | 367 | GetTokenInformation | |
ADVAPI32.dll | 329 | GetKernelObjectSecurity | |
ADVAPI32.dll | 133 | CopySid | |
ADVAPI32.dll | 280 | EqualSid | |
ADVAPI32.dll | 397 | InitializeSecurityDescriptor | |
ADVAPI32.dll | 131 | ConvertStringSidToSidW | |
ADVAPI32.dll | 735 | SetSecurityDescriptorDacl | |
ADVAPI32.dll | 310 | GetAce | |
ADVAPI32.dll | 719 | SetEntriesInAclW | |
ADVAPI32.dll | 412 | IsValidSid | |
ADVAPI32.dll | 353 | GetSecurityDescriptorSacl | |
ADVAPI32.dll | 330 | GetLengthSid | |
ADVAPI32.dll | 146 | CreateWellKnownSid | |
ADVAPI32.dll | 363 | GetSidSubAuthority | |
ADVAPI32.dll | 364 | GetSidSubAuthorityCount | |
ADVAPI32.dll | 726 | SetKernelObjectSecurity | |
ADVAPI32.dll | 396 | InitializeAcl | |
ADVAPI32.dll | 739 | SetSecurityDescriptorSacl | |
ADVAPI32.dll | 27 | AddMandatoryAce | |
ADVAPI32.dll | 650 | RegOverridePredefKey | |
ADVAPI32.dll | 642 | RegOpenCurrentUser | |
ADVAPI32.dll | 634 | RegGetValueW | |
ADVAPI32.dll | 530 | OpenProcessToken | |
KERNEL32.dll | 977 | MultiByteToWideChar | |
KERNEL32.dll | 364 | FindFirstFileA | |
KERNEL32.dll | 1170 | RemoveDirectoryA | |
KERNEL32.dll | 360 | FindClose | |
KERNEL32.dll | 942 | LocalAlloc | |
KERNEL32.dll | 381 | FindNextFileA | |
KERNEL32.dll | 576 | GetFinalPathNameByHandleW | |
KERNEL32.dll | 738 | GetTempPathA | |
KERNEL32.dll | 946 | LocalFree | |
KERNEL32.dll | 902 | K32GetModuleBaseNameW | |
KERNEL32.dll | 1264 | SetEvent | |
KERNEL32.dll | 182 | CreateEventW | |
KERNEL32.dll | 823 | HeapSetInformation | |
KERNEL32.dll | 261 | DeleteCriticalSection | |
KERNEL32.dll | 1192 | ResumeThread | |
KERNEL32.dll | 772 | GetVersionExA | |
KERNEL32.dll | 1538 | lstrcmpiW | |
KERNEL32.dll | 557 | GetExitCodeThread | |
KERNEL32.dll | 1268 | SetFileAttributesA | |
KERNEL32.dll | 293 | EnterCriticalSection | |
KERNEL32.dll | 1370 | SuspendThread | |
KERNEL32.dll | 1441 | VirtualProtect | |
KERNEL32.dll | 403 | FlushInstructionCache | |
KERNEL32.dll | 1438 | VirtualFree | |
KERNEL32.dll | 1443 | VirtualQuery | |
KERNEL32.dll | 1324 | SetThreadContext | |
KERNEL32.dll | 740 | GetThreadContext | |
KERNEL32.dll | 560 | GetFileAttributesA | |
KERNEL32.dll | 611 | GetModuleFileNameW | |
KERNEL32.dll | 585 | GetFullPathNameW | |
KERNEL32.dll | 1304 | SetProcessDEPPolicy | |
KERNEL32.dll | 1435 | VirtualAlloc | |
KERNEL32.dll | 754 | GetTickCount | |
KERNEL32.dll | 726 | GetSystemTimeAsFileTime | |
KERNEL32.dll | 526 | GetCurrentThreadId | |
KERNEL32.dll | 522 | GetCurrentProcessId | |
KERNEL32.dll | 1069 | QueryPerformanceCounter | |
KERNEL32.dll | 612 | GetModuleHandleA | |
KERNEL32.dll | 1377 | TerminateProcess | |
KERNEL32.dll | 1347 | SetUnhandledExceptionFilter | |
KERNEL32.dll | 1410 | UnhandledExceptionFilter | |
KERNEL32.dll | 702 | GetStartupInfoW | |
KERNEL32.dll | 1362 | Sleep | |
KERNEL32.dll | 669 | GetProcAddress | |
KERNEL32.dll | 1537 | lstrcmpiA | |
KERNEL32.dll | 194 | CreateFileW | |
KERNEL32.dll | 565 | GetFileAttributesW | |
KERNEL32.dll | 930 | LeaveCriticalSection | |
KERNEL32.dll | 936 | LoadLibraryW | |
KERNEL32.dll | 1006 | OpenProcess | |
KERNEL32.dll | 839 | InitializeCriticalSection | |
KERNEL32.dll | 521 | GetCurrentProcess | |
KERNEL32.dll | 935 | LoadLibraryExW | |
KERNEL32.dll | 219 | CreateProcessW | |
KERNEL32.dll | 165 | CopyFileW | |
KERNEL32.dll | 1485 | WideCharToMultiByte | |
KERNEL32.dll | 414 | FreeLibrary | |
KERNEL32.dll | 1309 | SetProcessShutdownParameters | |
KERNEL32.dll | 592 | GetLastError | |
KERNEL32.dll | 674 | GetProcessHeap | |
KERNEL32.dll | 615 | GetModuleHandleW | |
KERNEL32.dll | 1451 | WaitForSingleObject | |
KERNEL32.dll | 819 | HeapFree | |
KERNEL32.dll | 815 | HeapAlloc | |
KERNEL32.dll | 525 | GetCurrentThread | |
KERNEL32.dll | 174 | CreateDirectoryExA | |
KERNEL32.dll | 1534 | lstrcmpA | |
KERNEL32.dll | 1291 | SetLastError | |
KERNEL32.dll | 186 | CreateFileA | |
KERNEL32.dll | 247 | DeactivateActCtx | |
KERNEL32.dll | 2 | ActivateActCtx | |
KERNEL32.dll | 232 | CreateThread | |
KERNEL32.dll | 263 | DeleteFileA | |
KERNEL32.dll | 266 | DeleteFileW | |
KERNEL32.dll | 127 | CloseHandle | |
KERNEL32.dll | 287 | DuplicateHandle | |
KERNEL32.dll | 1162 | ReleaseActCtx | |
KERNEL32.dll | 168 | CreateActCtxW | |
USER32.dll | 625 | PostQuitMessage | |
USER32.dll | 49 | CharNextW | |
USER32.dll | 560 | LoadStringW | |
msvcrt.dll | 610 | _lock | |
msvcrt.dll | 1031 | _wcmdln | |
msvcrt.dll | 490 | _initterm | |
msvcrt.dll | 230 | __setusermatherr | |
msvcrt.dll | 208 | __p__fmode | |
msvcrt.dll | 294 | _cexit | |
msvcrt.dll | 373 | _exit | |
msvcrt.dll | 1200 | exit | |
msvcrt.dll | 1311 | rand_s | |
msvcrt.dll | 1292 | memcpy_s | |
msvcrt.dll | 1295 | memset | |
msvcrt.dll | 1258 | iswalpha | |
msvcrt.dll | 966 | _unlock | |
msvcrt.dll | 159 | __dllonexit | |
msvcrt.dll | 779 | _onexit | |
msvcrt.dll | 228 | __set_app_type | |
msvcrt.dll | 243 | __wgetmainargs | |
msvcrt.dll | 275 | _amsg_exit | |
msvcrt.dll | 203 | __p__commode | |
msvcrt.dll | 113 | _XcptFilter | |
msvcrt.dll | 1415 | wcstok | |
msvcrt.dll | 313 | _controlfp | |
msvcrt.dll | 364 | _except_handler4_common | |
msvcrt.dll | 1049 | _wcsnicmp | |
msvcrt.dll | 1162 | _wtoi | |
msvcrt.dll | 1259 | iswascii | |
msvcrt.dll | 1248 | iscntrl | |
msvcrt.dll | 1000 | _vsnprintf | |
msvcrt.dll | 1260 | iswcntrl | |
msvcrt.dll | 1394 | wcschr | |
msvcrt.dll | 1006 | _vsnwprintf | |
msvcrt.dll | 1409 | wcsrchr | |
msvcrt.dll | 55 | void __cdecl terminate(void) ?terminate@@YAXXZ | |
ole32.dll | 113 | CoRevokeClassObject | |
ole32.dll | 101 | CoRegisterClassObject | |
ole32.dll | 26 | CoCreateInstance | |
ole32.dll | 127 | CoUninitialize | |
ole32.dll | 79 | CoInitialize | |
ole32.dll | 112 | CoRevertToSelf | |
ole32.dll | 123 | CoTaskMemFree | |
ole32.dll | 77 | CoImpersonateClient | |
ole32.dll | 122 | CoTaskMemAlloc | |
ole32.dll | 47 | CoGetCallContext | |
ole32.dll | 12 | CLSIDFromString | |
ole32.dll | 442 | StringFromGUID2 | |
ole32.dll | 81 | CoInitializeSecurity | |
ole32.dll | 80 | CoInitializeEx | |
OLEAUT32.dll | 163 | ||
OLEAUT32.dll | 442 | ||
OLEAUT32.dll | 186 | ||
OLEAUT32.dll | 6 | ||
OLEAUT32.dll | 7 | ||
OLEAUT32.dll | 2 | ||
OLEAUT32.dll | 443 | ||
RPCRT4.dll | 513 | RpcStringFreeW | |
RPCRT4.dll | 522 | UuidCreate | |
RPCRT4.dll | 531 | UuidToStringW | |
urlmon.dll | 29 | CompatFlagsFromClsid | |
urlmon.dll | 27 | CoInternetSetFeatureEnabled | |
urlmon.dll | 13 | CoInternetCreateSecurityManager | |
urlmon.dll | 107 | ||
urlmon.dll | 519 | ||
urlmon.dll | 49 | Extract | |
WINTRUST.dll | 2 | CryptCATAdminAcquireContext | |
WINTRUST.dll | 4 | CryptCATAdminAddCatalog | |
WINTRUST.dll | 9 | CryptCATAdminReleaseCatalogContext | |
WINTRUST.dll | 10 | CryptCATAdminReleaseContext | |
AUTHZ.dll | 8 | AuthzFreeContext | |
AUTHZ.dll | 10 | AuthzFreeResourceManager | |
AUTHZ.dll | AuthzAccessCheck | ||
AUTHZ.dll | 20 | AuthzInitializeResourceManager | |
AUTHZ.dll | 14 | AuthzInitializeContextFromSid | |
iertutil.dll | 172 | ||
iertutil.dll | 200 | ||
iertutil.dll | 201 | ||
iertutil.dll | 134 | ||
iertutil.dll | 658 | ||
iertutil.dll | 650 | ||
ntdll.dll | 329 | NtFreeVirtualMemory |
StringTable 040904B0
CompanyName | Microsoft Corporation |
FileDescription | Internet Explorer Add-on Installer |
FileVersion | 11.00.9600.18015 (winblue_ltsb.150814-1859) |
InternalName | ieinstal.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | ieinstal.exe |
ProductName | Internet Explorer |
ProductVersion | 11.00.9600.18015 |
VS_FIXEDFILEINFO
FileVersion | 11.0.9600.18015 |
ProductVersion | 11.0.9600.18015 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 1 |
FileSubtype | 0 |
offset | size | type | comment | |
---|---|---|---|---|
0 | 473600 | EXE | 08/15/2015 05:11:44 | # |
15c1 | 15 | HTM | # | |
11a40 | 52173 | PNG | (256 x 256) | # |
43a10 | 52173 | PNG | (256 x 256) | # |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] ignoring invalid PEdump::BITMAPINFOHEADER