WinDjView-2.1-Setup.exe
This report is generated from a file or URL submitted to this webservice on April 4th 2016 14:06:30 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v3.41 © Hybrid Analysis
Attention: this analysis ran with the legacy Usermode Monitor. It is highly recommended to use the Kernelmode Monitor.
Incident Response
Risk Assessment
- Fingerprint
- Reads the active computer name
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 4
-
Installation/Persistance
-
Allocates virtual memory in foreign process
- details
- "<Input Sample>" allocated 00000088 bytes of memory in "WinDjView.exe" (Protection: "read/write")
- source
- API Call
- relevance
- 7/10
-
Writes a PE file header to disc
- details
-
"<Input Sample>" wrote 11264 bytes starting with PE header signature to file "\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion": 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000e00000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000 ...
"<Input Sample>" wrote 16384 bytes starting with PE header signature to file "%TEMP%\nsw1D44.tmp\UAC.dll": 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000d80000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000 ...
"<Input Sample>" wrote 5632 bytes starting with PE header signature to file "%TEMP%\nsw1D44.tmp\UAC.dll": 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000c80000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000 ...
"<Input Sample>" wrote 9728 bytes starting with PE header signature to file "%TEMP%\nsw1D44.tmp\modern-header.bmp": 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000d80000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000 ...
"<Input Sample>" wrote 16384 bytes starting with PE header signature to file "\Device\Mup\192.168.56.1\VM12\VxStream\": 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000080100000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000 ...
"<Input Sample>" wrote 16384 bytes starting with PE header signature to file "\Device\Mup\192.168.56.1\VM12\VxStream\": 4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000d80000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000 ... - source
- API Call
- relevance
- 1/10
-
Writes data to a remote process
- details
-
"<Input Sample>" wrote 32 bytes to a foreign process "WinDjView.exe" (PID: 00002392)
"<Input Sample>" wrote 52 bytes to a foreign process "WinDjView.exe" (PID: 00002392)
"<Input Sample>" wrote 4 bytes to a foreign process "WinDjView.exe" (PID: 00002392) - source
- API Call
- relevance
- 6/10
-
Allocates virtual memory in foreign process
-
Unusual Characteristics
-
Contains ability to reboot/shutdown the operating system
- details
-
ExitWindowsEx@USER32.DLL from WinDjView_2.1_Setup.exe (PID: 3748) (Show Stream)
ExitWindowsEx@USER32.DLL from WinDjView_2.1_Setup.exe (PID: 3748) (Show Stream) - source
- StaticStream (Disassembly)
- relevance
- 5/10
-
Contains ability to reboot/shutdown the operating system
-
Suspicious Indicators 17
-
Anti-Detection/Stealthyness
-
Sets the process error mode to suppress error box
- details
- "<Input Sample>" set its error mode to SEM_NOOPENFILEERRORBOX
- source
- API Call
- relevance
- 8/10
-
Sets the process error mode to suppress error box
-
Environment Awareness
-
Contains ability to query the machine version
- details
-
GetVersion@KERNEL32.DLL from WinDjView_2.1_Setup.exe (PID: 3748) (Show Stream)
GetVersion@KERNEL32.DLL from WinDjView_2.1_Setup.exe (PID: 3748) (Show Stream) - source
- StaticStream (Disassembly)
- relevance
- 1/10
-
Possibly tries to detect the presence of a debugger
- details
- GetProcessHeap@KERNEL32.dll at 64384-10237-0063293C
- source
- StaticStream (Disassembly)
- relevance
- 1/10
-
Possibly tries to implement anti-virtualization techniques
- details
-
"VMEQEMuQuEPWRMEMEtMEhME\MEPCjEQMEMQWPMEjjaK]ujjBQjpE^JtjjBSP$Md" (Indicator: "qemu")
"ntp3}WPh FgsYYlPv|PSuuxQ}t%}us@e~jjhs\exVPjs\ee|Pp8}G}; h4gsWh4grYYYjjhlw |e3pME0E@MQPhw |eu9Ph FgrYYt}toxQ}t%}us@e~jjhs\exVPjs\ee|P8El@E;p<zlP|P9Qu_9Et$us@e~jjhs\exPVPjs\ee8|P:8uxEIEhSPFu"th g)qYYP}FjIW7Ph#gpYYtl4ut_PMMQEMuiVPjs\euR|PTE0MIejW|ejtw?A7PhnDpuYYtPMMQEMuVPjs\eu|PE0MIttt6s@e~jjhs\ejs\eML9dU
n3EES]VW}EESuE8ejeftee6jWhn oYYMPuuVt'uuSuuWS e#ut4xt.xt(WhnnYYPhgnYY3Qjjj5 nuuPPhn~nEYYtdOtYnVnt!WVRnuYYP4wuuuSuuWNEPEPuu" (Indicator: "qemu")
"VPM3E}5|eWjhCjPhQEMuE`ETjQhNXsPM]BEVt" (Indicator: "qemu")
"`))9ut{EuPs uuu5xe3EEEEEPEp EPEPPeEP}E+EujPE+EPuujV3EuPp)SOtMtjPS{S)j&M_^3[N]h[euE3h@#hP]]_<PM#uEEuh\#hPEMh#7ShSEEPdmdQEPdsdEnM8MU7tP3EEPPMEsuPtSWh#hP(EWYMEtjPME6MI_MITE;MGn_MGn_m_UQS]VWS$)"C(o)o(o)o)o)to39(tPGtPS9)tZ`)VBoX)EsEPT)0hPgeYYjPS@}u@S3C)3V)8()Pm)Pm(PmEPmE))Pkm)P]m9(t"VGtPS$)Pj9)EuPmEE~OV`jPSE>EMuP`MjPQT)Mu9`)~\)phPgYYV$)PjmS)9)j" (Indicator: "vbox"), "GPeEtLtHPet=M%uF@uFFjhFPFF@F EotXG=]3joYUQQSVWhn3S3fnWe5<Eontf9>uEPEPWWVc]?sKE=sAX;r6Q+Yt)EPEPPWV EH=nn3_^[]UQQEMUS]VuW3;tuE Ej"Xf9u3j"Xtffftuf;Etf;Eut3fB}3]f9f;Etf;Euf9tuEuj\EXCf9tj"Xf9j\Xu;u%tj"_f9y}u" (Indicator: "qemu") - source
- String
- relevance
- 4/10
-
Contains ability to query the machine version
-
General
-
Contains ability to find and load resources of a specific module
- details
- FindResourceW@KERNEL32.dll at 64384-9842-00535E47
- source
- StaticStream (Disassembly)
- relevance
- 1/10
-
Contains ability to find and load resources of a specific module
-
Installation/Persistance
-
Creates/touches files in windows directory
- details
-
"<Input Sample>" created file "%WINDIR%\Fonts\staticcache.dat"
"<Input Sample>" created file "C:\Windows\system32\imageres.dll"
"<Input Sample>" created file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu"
"<Input Sample>" created file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs"
"<Input Sample>" created file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinDjView"
"<Input Sample>" created file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinDjView\WinDjView.lnk"
"<Input Sample>" created file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinDjView\WinDjView Website.url"
"<Input Sample>" created file "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinDjView\Uninstall WinDjView.lnk" - source
- API Call
- relevance
- 7/10
-
Drops executable files
- details
-
"System.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"UAC.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"LangDLL.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"nsDialogs.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"WinDjView.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"uninstall.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows Nullsoft Installer self-extracting archive" - source
- Dropped File
- relevance
- 10/10
-
Creates/touches files in windows directory
-
Spyware/Information Retrieval
-
Contains ability to open the clipboard
- details
-
OpenClipboard@USER32.DLL from WinDjView_2.1_Setup.exe (PID: 3748) (Show Stream)
OpenClipboard@USER32.DLL from WinDjView_2.1_Setup.exe (PID: 3748) (Show Stream) - source
- StaticStream (Disassembly)
- relevance
- 10/10
-
Contains ability to open the clipboard
-
Unusual Characteristics
-
CRC value set in PE header does not match actual value
- details
- "UAC.dll" claimed CRC 32265 while the actual is CRC 41597
- source
- Static Parser
- relevance
- 10/10
-
Contains embedded string with suspicious keywords
- details
-
Found suspicious keyword "Shell" which indicates: "May run an executable file or a system command"
Found suspicious keyword "Windows" which indicates: "May enumerate application windows (if combined with Shell.Application object)"
Found suspicious keyword "ShowWindow" which indicates: "May hide the application"
Found suspicious keyword "Put" which indicates: "May write to a file (if combined with Open)"
Found suspicious keyword "Open" which indicates: "May open a file"
Found suspicious keyword "SW_HIDE" which indicates: "May hide the application"
Found suspicious keyword "Lib" which indicates: "May run code from a DLL" - source
- String
- relevance
- 10/10
-
Imports suspicious APIs
- details
-
GetFileAttributesA
CreateDirectoryA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
CopyFileA
GetTempPathA
GetCommandLineA
LoadLibraryA
CreateThread
CreateProcessA
GetTempFileNameA
GetModuleHandleA
LoadLibraryExA
GetProcAddress
WriteFile
FindNextFileA
FindFirstFileA
DeleteFileA
FindWindowExA
ShellExecuteA
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
VirtualAlloc
VirtualProtect
GetVersionExA
OpenProcess
SetWindowsHookExA
GetLastActivePopup
GetWindowThreadProcessId
OpenProcessToken
ShellExecuteExA
GetModuleHandleExW
GetDriveTypeW
GetStartupInfoW
UnhandledExceptionFilter
TerminateProcess
GetCommandLineW
OutputDebugStringW
LockResource
FindResourceW
ExitThread
CopyFileW
FindFirstFileW
FindNextFileW
GetTempPathW
GetTempFileNameW
CreateFileW
CreateFileMappingW
GetVersionExW
LoadLibraryW
FindResourceExW
GetFileSizeEx
GetFileAttributesExW
IsDebuggerPresent
GetModuleHandleW
DeleteFileW
LoadLibraryExW
OutputDebugStringA
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
GetUpdateRect
SetWindowsHookExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
ShellExecuteW
ShellExecuteExW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
InternetQueryOptionW
InternetCrackUrlW - source
- Static Parser
- relevance
- 1/10
-
Reads information about supported languages
- details
-
"<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
"WinDjView.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EN")
"WinDjView.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EN") - source
- Registry Access
- relevance
- 3/10
-
CRC value set in PE header does not match actual value
-
Hiding 5 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 9
-
Environment Awareness
-
Contains ability to query volume size
- details
-
GetDiskFreeSpaceExA@KERNEL32.DLL at 00133890-00003748-77BD228D-233877
GetDiskFreeSpaceExA@KERNEL32.DLL at 00133890-00003748-77BD228D-236767
GetDiskFreeSpaceA@KERNEL32.DLL from WinDjView_2.1_Setup.exe (PID: 3748) (Show Stream)
GetDiskFreeSpaceA@KERNEL32.DLL from WinDjView_2.1_Setup.exe (PID: 3748) (Show Stream) - source
- StaticStream (Disassembly)
- relevance
- 3/10
-
Contains ability to query volume size
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
-
0/56 Antivirus vendors marked sample as malicious (0% detection rate)
0/43 Antivirus vendors marked sample as malicious (0% detection rate) - source
- Anti-Virus Test Result
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Creates a writable file in a temporary directory
- details
-
"<Input Sample>" created file "%TEMP%\nsw1D44.tmp\modern-header.bmp"
"<Input Sample>" created file "%TEMP%\nsw1D44.tmp\modern-wizard.bmp"
"<Input Sample>" created file "%TEMP%\nsw1D44.tmp\System.dll"
"<Input Sample>" created file "%TEMP%\nsw1D44.tmp\nsDialogs.dll" - source
- API Call
- relevance
- 1/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "System.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "UAC.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "LangDLL.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "nsDialogs.dll" as clean (type is "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "WinDjView.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows"), Antivirus vendors marked dropped file "uninstall.exe" as clean (type is "PE32 executable (GUI) Intel 80386 for MS Windows Nullsoft Installer self-extracting archive")
- source
- Dropped File
- relevance
- 10/10
-
Loads modules at runtime
- details
-
"<Input Sample>" loaded module "COMCTL32.DLL" at base 74B90000
"<Input Sample>" loaded module "UXTHEME.DLL" at base 74A30000
"<Input Sample>" loaded module "C:\WINDOWS\SYSTEM32\OLE32.DLL" at base 77A10000
"<Input Sample>" loaded module "%TEMP%\NSW1D44.TMP\NSDIALOGS.DLL" at base 2D0000
"<Input Sample>" loaded module "ADVAPI32.DLL" at base 77700000
"<Input Sample>" loaded module "IMM32.DLL" at base 77CE0000
"<Input Sample>" loaded module "C:\WINDOWS\SYSTEM32\SHELL32.DLL" at base 761C0000
"<Input Sample>" loaded module "%COMMONPROGRAMFILES%\MICROSOFT SHARED\INK\TIPTSF.DLL" at base 70A40000 - source
- API Call
- relevance
- 1/10
-
Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)
- details
-
"DwmIsCompositionEnabled@dwmapi.dll"
"Call@System.dll"
"Create@UAC.dll"
"SetRTL@UAC.dll"
"CreateControl@UAC.dll"
"Free@System.dll"
"OnClick@UAC.dll" - source
- API Call
- relevance
- 1/10
-
Creates a writable file in a temporary directory
-
Installation/Persistance
-
Dropped files
- details
-
"nsw1CF5.tmp" has type "data"
"System.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"UAC.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"LangDLL.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"modern-header.bmp" has type "PC bitmap Windows 3.x format 150 x 57 x 8"
"modern-wizard.bmp" has type "PC bitmap Windows 3.x format 164 x 314 x 24"
"nsDialogs.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
"WinDjView.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"uninstall.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows Nullsoft Installer self-extracting archive"
"WinDjView.lnk" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Has Working directory Archive ctime=Mon Feb 23 15:15:56 2015 mtime=Tue Apr 5 02:10:49 2016 atime=Mon Feb 23 15:15:56 2015 length=3398656 window=hide"
"WinDjView Website.url" has type "MS Windows 95 Internet shortcut text (URL=< >) "
"Uninstall WinDjView.lnk" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Has Working directory Archive ctime=Tue Feb 17 16:45:54 2015 mtime=Tue Apr 5 02:10:56 2016 atime=Tue Feb 17 16:45:54 2015 length=82797 window=hide" - source
- Dropped File
- relevance
- 3/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://nsis.sf.net/NSIS_Error"
Pattern match: "http://windjview.sourceforge.net"
Heuristic match: "jview.sourceforge.net"
Heuristic match: "tp://windjview.sourceforge.net"
Heuristic match: "urceforge.net"
Pattern match: "http://windjview.sourceforge.net/ru/http://windjview.sourceforge.net-"
Pattern match: "soft.yandex.ru/distribution/http://soft.yandex.ru/distributionhttp://legal.yandex.ru/desktop_software_agreement/http://legal.yandex.ru/desktop_software_agreement/?lang=en.Yandex.Browser"
Pattern match: "HW.KZ/M\09"
Pattern match: "tHG.EAG/ED"
Heuristic match: "RPF;t$2$$tB;$t.BI"
Pattern match: "t.LuBt/u^3^Vtq"
Pattern match: "0IE-JE.LE/tME0NE1LPE2yQE3j$SE4[TE5LhZhJZjSUE6P"
Heuristic match: "($XhHl{xpetZOM9.sM"
Heuristic match: "^PZ@NN`Z@PZ@bR]RNRZRrRB^RpD)_RhR`RFRnRfReR.sR"
Pattern match: "KP-K.Kp/KP0K1K1K2Kp3K@4KIH5K05K05K5K5K*@*@pD"
Heuristic match: "#td.td"
Pattern match: "http://windjview.sourceforge.netPr7http://djvu.sourceforge.netP"
Pattern match: "http://windjview.sourceforge.net/version.txt"
Pattern match: "http://nsis.sf.net/NSIS_ErrorError" - source
- String
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
- "You can support further development of this program by donating through PayPal" (Indicator: "paypal")
- source
- String
- relevance
- 7/10
-
Found a reference to a known community page
File Details
WinDjView-2.1-Setup.exe
- Filename
- WinDjView-2.1-Setup.exe
- Size
- 2.8MiB (2933474 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
- Architecture
- WINDOWS
- SHA256
- 91cde668b1f700b64677199e9b534f8da4ae45aef014f5439cefdc8c532418bf
- MD5
- be7854e8f7d922c2269fabd448d82f9e
- SHA1
- bbf32f86dc8db03a73c1331a04d73b41bc80c52b
- ssdeep
- 49152:xjC1vb8qGFy7ZwrqttiLv7Abel1hWT6Wa+H2bI2PHm74UuGD5Tmue08jZi0:UKFyQEEv7COhX00U1TqC0
- imphash
- 099c0646ea7282d232219f8807883be0
- authentihash
- 89065148b4dfa03e69565101b7421b9cfdb5567d283dd872ec5121630d0750da
Version Info
- LegalCopyright
- Copyright (C) 2004-2015 Andrew Zhezherun
- FileVersion
- 2.1
- CompanyName
- Andrew Zhezherun
- ProductName
- WinDjView Setup
- ProductVersion
- 2.1
- FileDescription
- WinDjView Setup
- CompanyWebsite
- http://windjview.sourceforge.net
- Translation
- 0x0409 0x0000
Classification (TrID)
- 94.8% (.EXE) NSIS - Nullsoft Scriptable Install System
- 3.4% (.EXE) Win32 Executable MS Visual C++ (generic)
- 0.7% (.DLL) Win32 Dynamic Link Library (generic)
- 0.5% (.EXE) Win32 Executable (generic)
- 0.2% (.EXE) Generic Win/DOS Executable
File Sections
Details | ||||||
---|---|---|---|---|---|---|
File Imports
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 2 processes in total (System Resource Monitor).
-
WinDjView_2.1_Setup.exe
(PID: 3748)
- WinDjView.exe /RegisterFileTypes (PID: 2392)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Memory Forensics
String | Context | Stream UID |
---|---|---|
http://nsis.sf.net/nsis_error | Domain/IP reference | 00133890-00003748-2593-55-00402C72 |
Extracted Strings
Extracted Files
-
Clean 6
-
-
WinDjView.exe
- Size
- 3.2MiB (3398656 bytes)
- Type
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/80
- MD5
- 201a419662c5beb89f48a2480c027c83
- SHA1
- 3b7845487a538093d2f43df60e9f7707297e8b9f
- SHA256
- 5798cb9af710e99058620cb813913f8dd0d73e8fc52d29ce5024da9de4837d0b
-
uninstall.exe
- Size
- 81KiB (82797 bytes)
- Type
- PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
- AV Scan Result
- 0/80
- MD5
- ced559b56e9edcbbe1ec6d0a1e8b1251
- SHA1
- ca14eab173cac02d68b13b1551b6e8991b19cbd4
- SHA256
- a8baf99098e0d173a384a3798db83e437b52887dcb784e4c522aa465261737c0
-
LangDLL.dll
- Size
- 5.5KiB (5632 bytes)
- Type
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/80
- MD5
- 9384f4007c492d4fa040924f31c00166
- SHA1
- aba37faef30d7c445584c688a0b5638f5db31c7b
- SHA256
- 60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
-
System.dll
- Size
- 11KiB (11264 bytes)
- Type
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/80
- MD5
- c17103ae9072a06da581dec998343fc1
- SHA1
- b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
- dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
UAC.dll
- Size
- 17KiB (17408 bytes)
- Type
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/79
- MD5
- 88ad3fd90fc52ac3ee0441a38400a384
- SHA1
- 08bc9e1f5951b54126b5c3c769e3eaed42f3d10b
- SHA256
- e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42
-
nsDialogs.dll
- Size
- 9.5KiB (9728 bytes)
- Type
- PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
- AV Scan Result
- 0/80
- MD5
- c10e04dd4ad4277d5adc951bb331c777
- SHA1
- b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
- e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
-
-
Informative 6
-
-
Uninstall WinDjView.lnk
- Size
- 1KiB (1071 bytes)
- Type
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Feb 17 16:45:54 2015, mtime=Tue Apr 5 02:10:56 2016, atime=Tue Feb 17 16:45:54 2015, length=82797, window=hide
- MD5
- 68f7412f1d99e86cd67eddef23c871dc
- SHA256
- 8b2c7bc0604a65db28f0dbdc3e8096c6175e99235ce66e730f10ffb565f50840
-
WinDjView Website.url
- Size
- 58B (58 bytes)
- Type
- MS Windows 95 Internet shortcut text (URL=< >),
- MD5
- 0e959bdc951aa9be23d50bef5457542d
- SHA256
- 7d13fe8dd20cd55a88e986bcbb6f99dd3b3aa4c3d55b85e3c0b7c5b4667ef604
-
WinDjView.lnk
- Size
- 1KiB (1071 bytes)
- Type
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Feb 23 15:15:56 2015, mtime=Tue Apr 5 02:10:49 2016, atime=Mon Feb 23 15:15:56 2015, length=3398656, window=hide
- MD5
- e41b49dc2885b17b24789dd84d37d2ee
- SHA256
- 256d38f580d391492d0f45937572acf201686cb33d4342057827b4d40931916f
-
nsw1CF5.tmp
- Size
- 4.1MiB (4340831 bytes)
- Type
- data
- MD5
- 800e6d0390050f54347493393f0b4274
- SHA1
- 1ef2960304a474c1eaadaf56453a8cd6342afbda
- SHA256
- bc8e697c9575437c17446acd9df367d769389a5f5bbdf85363fdf14db6e5e0f8
-
modern-header.bmp
- Size
- 9.5KiB (9744 bytes)
- Type
- PC bitmap, Windows 3.x format, 150 x 57 x 8
- MD5
- 852b07c25e75b8a5356931c91c834efc
- SHA1
- e81cb08e5358523acd95cf483c74b650de3f3178
- SHA256
- bd146e39af28cec251d63da453cb8f04b74904a643f4c3dab52ef2b5bcb4bb3a
-
modern-wizard.bmp
- Size
- 302KiB (309088 bytes)
- Type
- PC bitmap, Windows 3.x format, 164 x 314 x 24
- MD5
- c02a8cbf6aafa9deffe891e65341e8e7
- SHA1
- 0e6cb0332f0cf8ab7e9a6c2dda098be108fa4578
- SHA256
- 5ae63344e187fa23e67207b29c14f3d152f426e2624e394cbc953d7c2dc29da6
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Not all sources for signature ID "api-4" are available in the report
- Not all sources for signature ID "api-7" are available in the report
- Not all sources for signature ID "api-8" are available in the report
- Not all sources for signature ID "string-21" are available in the report
- Not all sources for signature ID "string-3" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)