YHY_Setup.exe

First submission 2024-10-15 19:42:34

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	1601.25 KB (1639678 bytes)
Compile time:	1992-06-20 00:22:17
MD5:	d443c5e14df0a22a4f9b1a4f7fa0ecb7
SHA1:	5bf789c6ca2fe23fe972a17271ff15bb84f4ca8d
SHA256:	b3d75355c374e53960d22d6c5f1f929731a6aff79d841ffcd61834e69f3e528e
Import Hash :	b8494300a1f7342d4c600a7b12e15925
Sections 8	CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 4	import resource tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://data.yhydl.com:20006/file/YHY_Setup.exe	data.yhydl.com	2024-10-15 19:42:35

PE Sections 3 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
CODE	0x1000	0x244cc	148992	d71f59b9a5e078f9ba9facd24daf3e466ea0fea6	bac8bae7a5e5326cf49943b90d1c062a
DATA	0x26000	0x2894	10752	e6d34e556463e08e8b1c5b5cbb9967c3c662c029	abafcbfbd7f8ac0226ca496a92a0cf06
BSS	0x29000	0x10f5	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0x2b000	0x1798	6144	ef5533e0aa30ca3fb193ac5f2701611d033f3215	7a4934595db0efc364c3982c4e335d8c
.tls	0x2d000	0x8	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rdata	0x2e000	0x18	512	7d9ccb6391020266050c96487449a1aadfbe589d	c4fdd0c5c9efb616fcc85d66056ca490
.reloc	0x2f000	0x1884	6656	4d98e9a5cd438d32008aa2db9c2af8f5714c89fd	867a1120317d51734587a74f6ee70016
.rsrc	0x31000	0x62a8	25600	10d7fea2c158b13fb1ec83dbbf7a949438b7085e	25520b49ccb29a324fef22a3c449aaf9

PE Resources 5

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x34498	9640	PE Resource: RT_ICON - Data (0` %KpmX?+ &888ZZZHHH666y`F1#&@]pyzyoY?& 3HHHzzzbbbSSS===""" gQ:((S0 _@@vNN\|SS\|RR\|RRtMMR66(S'LUUU{zzYYYCCC111tgU99^^llff\\F//zC;;;Ueee~xdddOOO?77}SSppxxWW&TSSS)}}}ffffF..V```HlippF..SaaaHPItrlppF..AbbbH41`CVs\|vvaa&y'cccH ffWWSdddH####`y@yyF//(eeeH 0 0 0 0i`\\FeeeH(=(=(=(=&ssyy2""jfffH1I1I1I1I%M3kGG$gggH;Y;Y;Y;Y-cvF\\.iiiHDfDfDfDf"3ssMzzvu}ffff?jjjHLsLsLsLs&:ssMoppp~}5$$EkkkHWWWW/Q \|iff5$$ElllH___[O0vippff5$$EmmmH\UOMM0`mmkymk6$$?mmmH<@EJM2Nnyyrr8&&.nnnH9<@EJ70mffff"oooH:^<@E<#i{ayXXcpppHZ~FVyyhFF@ rrrHxnlkk4""!sssHxppUUCtttHxuusjj:&&uuuHyuk{{{{{{{{{{{{ojppqKK)vvvHz\|pppppppppppppmkfrrXX2 vvvHeeeeeeeeeeeeeedvett^^,8 wwwHZT.9DZZZZZZZZaffkk~TTxxxHO#w;)2<OOOSy`ffll^^nIIY yyyH8\|rG* $,7R}[t_ffffcc~VVpNNN;;S{{{H^nR6%ooocO1 \|\|\|HlWWWCCC666O{{{Illxxx---2wwwLyynnpprruuwwyy{{gggssscnnpprruuwwyy{{}}OOOtdpwxyy{{}}9III aiu[xxxuiuLLL( uH bbb1u000rWiusssqqq4JnuUUUjjj%%%2 b###$xxxeBGX=boL BGX\??????
RT_RCDATA	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x36a50	272
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x36b60	90
RT_VERSION	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x36bbc	884	PE Resource: RT_VERSION - Data t4VS_VERSION_INFO?StringFileInfo040904e4Comments=CompanyNamey^NNSnn{t gPlQS =FileDescriptionNNSnuNOo`{t\|~ 1.4.4 Installation JFileVersion1.4.4 eLegalCopyrighty^NNSnn{t gPlQS DVarFileInfo$Translation
RT_MANIFEST	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x36f30	886	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="" name="Microsoft.Windows.SIM" type="win32"/> <description>Smart Install Maker - create setup software</description> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator"/> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" publicKeyToken="6595b64144ccf1df" language="" processorArchitecture="*"/> </dependentAssembly> </dependency> </assembly>

Meta infos 6

LegalCopyright:	\x798f\x5efa\x4ebf\x534e\x6e90\x80fd\x6e90\x7ba1\x7406\x6709\x9650\x516c\x53f8
FileVersion:	1.4.4
CompanyName:	\x798f\x5efa\x4ebf\x534e\x6e90\x80fd\x6e90\x7ba1\x7406\x6709\x9650\x516c\x53f8
Translation:	0x0409 0x04e4
FileDescription:	\x4ebf\x534e\x6e90\x751f\x4ea7\x4fe1\x606f\x7ba1\x7406\x7cfb\x7edf 1.4.4 Installation
Comments:

Packers detected 4

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0
BobSoft Mini Delphi -> BoB / BobSoft

Anti debug functions 5

FindWindowA
GetLastError
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
$inst\7.tmp
$inst\5.tmp
$inst\8.tmp
Library
USER32.dll
cabinet.dll
UxTheme.dll
PSAPI.DLL
COMCTL32.dll
GDI32.dll
KERNEL32.dll
WINMM.dll
ADVAPI32.dll
OLEAUT32.dll
ole32.dll
SHELL32.dll

Strings analysis - Possible URLs found 1

http://

Import functions

winmm.dll 2 gdi32.dll 39 shell32.dll 8 kernel32.dll 88 oleaut32.dll 3 advapi32.dll 19 ole32.dll 6 cabinet.dll 3 user32.dll 77 comctl32.dll 4

Function	Address	Souspicious	Anti Debug
timeKillEvent	0x42b5b0
timeSetEvent	0x42b5b4

Function	Address	Souspicious	Anti Debug
StretchDIBits	0x42b318
StretchBlt	0x42b31c
SetWindowOrgEx	0x42b320
SetTextColor	0x42b324
SetStretchBltMode	0x42b328
SetRectRgn	0x42b32c
SetROP2	0x42b330
SetPixel	0x42b334
SetDIBits	0x42b338
SetBrushOrgEx	0x42b33c
SetBkMode	0x42b340
SetBkColor	0x42b344
SelectObject	0x42b348
SaveDC	0x42b34c
RestoreDC	0x42b350
OffsetRgn	0x42b354
MoveToEx	0x42b358
IntersectClipRect	0x42b35c
GetStockObject	0x42b360
GetPixel	0x42b364
GetDIBits	0x42b368
ExtSelectClipRgn	0x42b36c
ExcludeClipRect	0x42b370
DeleteObject	0x42b374
DeleteDC	0x42b378
CreateSolidBrush	0x42b37c
CreateRectRgn	0x42b380
CreateDIBitmap	0x42b384
CreateDIBSection	0x42b388
CreateCompatibleDC	0x42b38c
CreateCompatibleBitmap	0x42b390
CreateBrushIndirect	0x42b394
CreateBitmap	0x42b398
CombineRgn	0x42b39c
BitBlt	0x42b3a0
GetTextExtentPoint32A	0x42b510
GetObjectA	0x42b514
CreateFontIndirectA	0x42b518
AddFontResourceA	0x42b51c

Function	Address	Souspicious	Anti Debug
SHGetFileInfoA	0x42b584
ShellExecuteExA	0x42b5bc
ShellExecuteA	0x42b5c0
SHGetSpecialFolderLocation	0x42b5f0
SHGetPathFromIDListA	0x42b5f4
SHGetMalloc	0x42b5f8
SHChangeNotify	0x42b5fc
SHBrowseForFolderA	0x42b600

Function	Address	Souspicious	Anti Debug
DeleteCriticalSection	0x42b1cc
LeaveCriticalSection	0x42b1d0
EnterCriticalSection	0x42b1d4
InitializeCriticalSection	0x42b1d8
VirtualFree	0x42b1dc
VirtualAlloc	0x42b1e0
LocalFree	0x42b1e4
LocalAlloc	0x42b1e8
GetVersion	0x42b1ec
GetCurrentThreadId	0x42b1f0
WideCharToMultiByte	0x42b1f4
GetThreadLocale	0x42b1f8
GetStartupInfoA	0x42b1fc
GetLocaleInfoA	0x42b200
GetCommandLineA	0x42b204
FreeLibrary	0x42b208
ExitProcess	0x42b20c
WriteFile	0x42b210
UnhandledExceptionFilter	0x42b214
RtlUnwind	0x42b218
RaiseException	0x42b21c
GetStdHandle	0x42b220
TlsSetValue	0x42b250
TlsGetValue	0x42b254
LocalAlloc	0x42b258
GetModuleHandleA	0x42b25c
WriteFile	0x42b288
WinExec	0x42b28c
WaitForSingleObject	0x42b290
TerminateProcess	0x42b294
SystemTimeToFileTime	0x42b298
Sleep	0x42b29c
SetFileTime	0x42b2a0
SetFilePointer	0x42b2a4
SetErrorMode	0x42b2a8
SetEndOfFile	0x42b2ac
ReadFile	0x42b2b0
OpenProcess	0x42b2b4
MultiByteToWideChar	0x42b2b8
LocalFileTimeToFileTime	0x42b2bc
LoadLibraryA	0x42b2c0
GlobalFree	0x42b2c4
GlobalAlloc	0x42b2c8
GetVersion	0x42b2cc
GetUserDefaultLangID	0x42b2d0
GetProcAddress	0x42b2d4
GetModuleHandleA	0x42b2d8
GetLocalTime	0x42b2dc
GetLastError	0x42b2e0
GetFileTime	0x42b2e4
GetFileSize	0x42b2e8
GetExitCodeProcess	0x42b2ec
GetCurrentThread	0x42b2f0
GetCurrentProcess	0x42b2f4
FreeLibrary	0x42b2f8
FindClose	0x42b2fc
FileTimeToSystemTime	0x42b300
FileTimeToLocalFileTime	0x42b304
DosDateTimeToFileTime	0x42b308
CompareFileTime	0x42b30c
CloseHandle	0x42b310
WritePrivateProfileStringA	0x42b4a0
SetFileAttributesA	0x42b4a4
SetCurrentDirectoryA	0x42b4a8
RemoveDirectoryA	0x42b4ac
LoadLibraryA	0x42b4b0
GetWindowsDirectoryA	0x42b4b4
GetVersionExA	0x42b4b8
GetTimeFormatA	0x42b4bc
GetTempPathA	0x42b4c0
GetSystemDirectoryA	0x42b4c4
GetShortPathNameA	0x42b4c8
GetPrivateProfileStringA	0x42b4cc
GetModuleHandleA	0x42b4d0
GetModuleFileNameA	0x42b4d4
GetFullPathNameA	0x42b4d8
GetFileAttributesA	0x42b4dc
GetDiskFreeSpaceA	0x42b4e0
GetDateFormatA	0x42b4e4
GetComputerNameA	0x42b4e8
GetCommandLineA	0x42b4ec
FindNextFileA	0x42b4f0
FindFirstFileA	0x42b4f4
ExpandEnvironmentStringsA	0x42b4f8
DeleteFileA	0x42b4fc
CreateFileA	0x42b500
CreateDirectoryA	0x42b504
CompareStringA	0x42b508

Function	Address	Souspicious	Anti Debug
SysFreeString	0x42b244
SysReAllocStringLen	0x42b248
SysAllocStringLen	0x42b5a8

Function	Address	Souspicious	Anti Debug
RegQueryValueExA	0x42b234
RegOpenKeyExA	0x42b238
RegCloseKey	0x42b23c
RegCloseKey	0x42b264
OpenThreadToken	0x42b268
OpenProcessToken	0x42b26c
GetTokenInformation	0x42b270
FreeSid	0x42b274
EqualSid	0x42b278
AllocateAndInitializeSid	0x42b27c
AdjustTokenPrivileges	0x42b280
RegSetValueExA	0x42b47c
RegQueryValueExA	0x42b480
RegQueryInfoKeyA	0x42b484
RegOpenKeyExA	0x42b488
RegEnumKeyExA	0x42b48c
RegCreateKeyExA	0x42b490
LookupPrivilegeValueA	0x42b494
GetUserNameA	0x42b498

Function	Address	Souspicious	Anti Debug
OleInitialize	0x42b5a0
OleInitialize	0x42b5d8
CoTaskMemFree	0x42b5dc
CoCreateInstance	0x42b5e0
CoUninitialize	0x42b5e4
CoInitialize	0x42b5e8

Function	Address	Souspicious	Anti Debug
FDIDestroy	0x42b5c8
FDICopy	0x42b5cc
FDICreate	0x42b5d0

Function	Address	Souspicious	Anti Debug
GetKeyboardType	0x42b228
MessageBoxA	0x42b22c
WaitMessage	0x42b3a8
ValidateRect	0x42b3ac
TranslateMessage	0x42b3b0
ShowWindow	0x42b3b4
SetWindowPos	0x42b3b8
SetTimer	0x42b3bc
SetParent	0x42b3c0
SetForegroundWindow	0x42b3c4
SetFocus	0x42b3c8
SetCursor	0x42b3cc
SendMessageA	0x42b3d0
ScreenToClient	0x42b3d4
ReleaseDC	0x42b3d8
PostQuitMessage	0x42b3dc
OffsetRect	0x42b3e0
KillTimer	0x42b3e4
IsZoomed	0x42b3e8
IsWindowVisible	0x42b3ec
IsWindowEnabled	0x42b3f0
IsWindow	0x42b3f4
IsIconic	0x42b3f8
InvalidateRect	0x42b3fc
GetWindowRgn	0x42b400
GetWindowRect	0x42b404
GetWindowDC	0x42b408
GetUpdateRgn	0x42b40c
GetSystemMetrics	0x42b410
GetSystemMenu	0x42b414
GetSysColor	0x42b418
GetParent	0x42b41c
GetWindow	0x42b420
GetKeyState	0x42b424
GetFocus	0x42b428
GetDCEx	0x42b42c
GetDC	0x42b430
GetCursorPos	0x42b434
GetClientRect	0x42b438
GetCapture	0x42b43c
FillRect	0x42b440
ExitWindowsEx	0x42b444
EnumWindows	0x42b448
EndPaint	0x42b44c
EnableWindow	0x42b450
EnableMenuItem	0x42b454
DrawIcon	0x42b458
DestroyWindow	0x42b45c
DestroyIcon	0x42b460
DeleteMenu	0x42b464
CopyImage	0x42b468
ClientToScreen	0x42b46c
BeginPaint	0x42b470
CharLowerBuffA	0x42b474
wvsprintfA	0x42b524
SetWindowLongA	0x42b528
SetPropA	0x42b52c
SendMessageA	0x42b530
RemovePropA	0x42b534
RegisterClassA	0x42b538
PostMessageA	0x42b53c
PeekMessageA	0x42b540
MessageBoxA	0x42b544
LoadIconA	0x42b548
LoadCursorA	0x42b54c
GetWindowTextLengthA	0x42b550
GetWindowTextA	0x42b554
GetWindowLongA	0x42b558
GetPropA	0x42b55c
GetClassLongA	0x42b560
GetClassInfoA	0x42b564
FindWindowA	0x42b568
DrawTextA	0x42b56c
DispatchMessageA	0x42b570
DefWindowProcA	0x42b574
CreateWindowExA	0x42b578
CallWindowProcA	0x42b57c

Function	Address	Souspicious	Anti Debug
ImageList_Draw	0x42b58c
ImageList_SetBkColor	0x42b590
ImageList_Create	0x42b594
InitCommonControls	0x42b598

Name	Latest seen	MD5
XW_Setup.exe	2024-10-15 19:43:12	5fafebcba3e76e2c9938b628ec620dbb