| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | MCA_Selector_Setup.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 1520ea3102755b05b82c16031c13fbd53bf62fd2 |
| MD5: | 5a8ad1da1ac30b258522aaadc6299566 |
| First Seen Date: | 2023-06-26 19:26:05.205327 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-06-29 16:08:13.027346 ( ) |
| Human Expert Analysis Date: | 2023-06-27 10:09:22.592135 ( ) |
| Human Expert Analysis Result: | Clean |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 10 |
| trid | [[64.3, u'Inno Setup installer'], [24.3, u'Win32 EXE PECompact compressed (generic)'], [3.8, u'Win32 Dynamic Link Library (generic)'], [2.6, u'Win32 Executable (generic)'], [1.2, u'Win16/32 Executable Delphi generic']] |
| compilation time stamp | 0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC] |
| LegalCopyright | |
| FileVersion | |
| CompanyName | Querz |
| Comments | This installation was built with Inno Setup. |
| ProductName | MCA Selector |
| ProductVersion | 2.2.2 |
| FileDescription | MCA Selector Setup |
| OriginalFileName | |
| Translation | 0x0000 0x04b0 |
| entry point | 0x4b5eec (.itext) |
| machine type | Intel 386 or later - 32Bit |
| file size | 43059712 |
| ssdeep | 786432:3V5b6iY0kxDq1XBZY4V4YR5xddLxSx8Utoc1OZij8elT6Z+iW:Lb6RZD8Xvt1HfMXovok7W |
| sha256 | 3f28b132c987c5d8e0337429ca8e6381e518ed09c6434eba90c52382400b48ed |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/5/2/0/1520ea3102755b05b82c16031c13fbd53bf62fd2', u'EXE:OriginalFileName': u' ', u'EXE:ProductName': u'MCA Selector ', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:06:29 16:07:49+00:00', u'EXE:InitializedDataSize': 34816, u'File:FileModifyDate': u'2023:06:26 19:25:22+00:00', u'EXE:FileVersionNumber': u'0.0.0.0', u'EXE:FileVersion': u' ', u'File:FileSize': u'41 MB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'2.2.2 ', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Querz ', u'File:FileName': u'1520ea3102755b05b82c16031c13fbd53bf62fd2', u'EXE:ImageVersion': 6.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 6.1, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2023:02:15 14:54:16+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u' ', u'EXE:LinkerVersion': 2.25, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/1/5/2/0', u'EXE:FileDescription': u'MCA Selector Setup ', u'EXE:EntryPoint': u'0xb5eec', u'EXE:SubsystemVersion': 6.1, u'EXE:CodeSize': 741888, u'EXE:Comments': u'This installation was built with Inno Setup.', u'File:FileInodeChangeDate': u'2023:06:26 19:25:23+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'0.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | e569e6f445d32ba23766ad67d1e3787f |
| File Path on Client | Seen Count |
|---|---|
| 1520ea3102755b05b82c16031c13fbd53bf62fd2 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xb39e4 | 0xb3a00 | 6.35763504999 | 43af0a9476ca224d8e8461f1e22c94da |
| .itext | 0xb5000 | 0x1688 | 0x1800 | 5.97142542844 | 185e04b9a1f554e31f7f848515dc890c |
| .data | 0xb7000 | 0x37a4 | 0x3800 | 5.04864859437 | cab2107c933b696aa5cf0cc6c3fd3980 |
| .bss | 0xbb000 | 0x6de8 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .idata | 0xc2000 | 0xfdc | 0x1000 | 5.0290874811 | e7d1635e2624b124cfdce6c360ac21cd |
| .didata | 0xc3000 | 0x1a4 | 0x200 | 2.7509822286 | 8ced971d8a7705c98b173e255d8c9aa7 |
| .edata | 0xc4000 | 0x9a | 0x200 | 1.8771629545 | 8d4e1e508031afe235bf121c80fd7d5f |
| .tls | 0xc5000 | 0x18 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .rdata | 0xc6000 | 0x5d | 0x200 | 1.38389437522 | 8f2f090acd9622c88a6a852e72f94e96 |
| .rsrc | 0xc7000 | 0x3948 | 0x3a00 | 4.11066575214 | c77ef98f85af9a0d65b48ae43b445448 |
-
kernel32.dll
- GetACP
- GetExitCodeProcess
- LocalFree
- CloseHandle
- SizeofResource
- VirtualProtect
- VirtualFree
- GetFullPathNameW
- ExitProcess
- HeapAlloc
- GetCPInfoExW
- RtlUnwind
- GetCPInfo
- GetStdHandle
- GetModuleHandleW
- FreeLibrary
- HeapDestroy
- ReadFile
- CreateProcessW
- GetLastError
- GetModuleFileNameW
- SetLastError
- FindResourceW
- CreateThread
- CompareStringW
- LoadLibraryA
- ResetEvent
- GetVersion
- RaiseException
- FormatMessageW
- SwitchToThread
- GetExitCodeThread
- GetCurrentThread
- LoadLibraryExW
- LockResource
- GetCurrentThreadId
- UnhandledExceptionFilter
- VirtualQuery
- VirtualQueryEx
- Sleep
- EnterCriticalSection
- SetFilePointer
- LoadResource
- SuspendThread
- GetTickCount
- GetFileSize
- GetStartupInfoW
- GetFileAttributesW
- InitializeCriticalSection
- GetSystemWindowsDirectoryW
- GetThreadPriority
- SetThreadPriority
- GetCurrentProcess
- VirtualAlloc
- GetSystemInfo
- GetCommandLineW
- LeaveCriticalSection
- GetProcAddress
- ResumeThread
- GetVersionExW
- VerifyVersionInfoW
- HeapCreate
- GetWindowsDirectoryW
- VerSetConditionMask
- GetDiskFreeSpaceW
- FindFirstFileW
- GetUserDefaultUILanguage
- lstrlenW
- QueryPerformanceCounter
- SetEndOfFile
- HeapFree
- WideCharToMultiByte
- FindClose
- MultiByteToWideChar
- LoadLibraryW
- SetEvent
- CreateFileW
- GetLocaleInfoW
- GetSystemDirectoryW
- DeleteFileW
- GetLocalTime
- GetEnvironmentVariableW
- WaitForSingleObject
- WriteFile
- ExitThread
- DeleteCriticalSection
- TlsGetValue
- GetDateFormatW
- SetErrorMode
- IsValidLocale
- TlsSetValue
- CreateDirectoryW
- GetSystemDefaultUILanguage
- EnumCalendarInfoW
- LocalAlloc
- GetUserDefaultLangID
- RemoveDirectoryW
- CreateEventW
- SetThreadLocale
- GetThreadLocale
-
comctl32.dll
- InitCommonControls
-
version.dll
- GetFileVersionInfoSizeW
- VerQueryValueW
- GetFileVersionInfoW
-
user32.dll
- CreateWindowExW
- TranslateMessage
- CharLowerBuffW
- CallWindowProcW
- CharUpperW
- PeekMessageW
- GetSystemMetrics
- SetWindowLongW
- MessageBoxW
- DestroyWindow
- CharUpperBuffW
- CharNextW
- MsgWaitForMultipleObjects
- LoadStringW
- ExitWindowsEx
- DispatchMessageW
-
oleaut32.dll
- SysAllocStringLen
- SafeArrayPtrOfIndex
- VariantCopy
- SafeArrayGetLBound
- SafeArrayGetUBound
- VariantInit
- VariantClear
- SysFreeString
- SysReAllocStringLen
- VariantChangeType
- SafeArrayCreate
-
netapi32.dll
- NetWkstaGetInfo
- NetApiBufferFree
-
advapi32.dll
- ConvertStringSecurityDescriptorToSecurityDescriptorW
- RegQueryValueExW
- AdjustTokenPrivileges
- GetTokenInformation
- ConvertSidToStringSidW
- LookupPrivilegeValueW
- RegCloseKey
- OpenProcessToken
- RegOpenKeyExW
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 816184, u'sha256': u'3b7f15001c0b4d5f6949dbb34eac8279cea3c163bb0b56f440d53db7630b100f', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 817568, u'sha256': u'bb650ee3d30d21f22fc7853936b06be7cbfd05b4d88ed105d3e53774dae7f21f', u'type': u'data', u'size': 864}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 818432, u'sha256': u'0852b5fce0c5b7ff53fe4c4163983daf8a2057d5481911c24253f330bfd65d9a', u'type': u'data', u'size': 608}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 819040, u'sha256': u'4be11ded6c924c3181c0b2a17cbf6f017fbf2b074adadaae213a330711e22cd1', u'type': u'data', u'size': 1116}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 820156, u'sha256': u'99b7194bf59ac43cbbdc441ab7ca14ab0330449accd33730281da09bb96bcbe3', u'type': u'data', u'size': 1036}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 821192, u'sha256': u'51209c8034cd5c2127a7b877a3280699d6bad965bcc102e830420c836f535c97', u'type': u'data', u'size': 724}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 821916, u'sha256': u'22296669c2c50d3fdfee9de9f7730d0a5cc498b7cc54cd2aa8ded74d7e69f654', u'type': u'data', u'size': 184}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 822100, u'sha256': u'3c45c82b39b3c90c9c22342a8f6be98073faf1dcd26dbc578b3a6fa9a499cb46', u'type': u'data', u'size': 156}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 822256, u'sha256': u'2e6d8102640132ccabd2fa3c3a61c77c2b41a80d7f60013cf7149819c2b5c9d2', u'type': u'data', u'size': 884}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 823140, u'sha256': u'b33f156b0a8ce96c7182dfb6afa9f6a7020433a6e16ca21f6092ba03695bdd12', u'type': u'data', u'size': 920}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 824060, u'sha256': u'734b698aafc2cfabfd0750c88498022d650f6ee025250dc8795de56a6e122445', u'type': u'data', u'size': 872}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_STRING', u'offset': 824932, u'sha256': u'351e7d3c756242cde2e4a2bef16d636d5e073e0cf3e9cfa2b1da1efccd7806ae', u'type': u'data', u'size': 676}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 825608, u'sha256': u'e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5', u'type': u'data', u'size': 16}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 825624, u'sha256': u'19151c084fcd30aed2f27deed3ec77351f27a94fd9618da56258ea03bbcbc7f3', u'type': u'data', u'size': 708}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 826332, u'sha256': u'2e88df5acd4524a7526e9fc9dd0f88efd974b3e388fa054a286ed9e8a41d0d6a', u'type': u'data', u'size': 44}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 826376, u'sha256': u'57e783046cbebeacb9d674bec1e8222c099c50ba9eb4c555ade05952b09b6b7e', u'type': u'MS Windows icon resource - 1 icon, 16x16', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 826396, u'sha256': u'b42076634080b9790616677766c58f636816e06f83c7279937f0a0ee5a94cd01', u'type': u'data', u'size': 1412}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 827808, u'sha256': u'75bb01fe4bafdef22d879aaea5b85d1165a30ec0e558536e1b4c6002c4730d5d', u'type': u'XML 1.0 document, ASCII text, with CRLF line terminators', u'size': 1960}