Jump to content
Sign in to follow this  
un_known

ImgBurn.exe from current 2.5.8.0 installer available at "Mirror 7 - Provided by ImgBurn" is not same ImgBurn.exe file from earlier 2.5.8.0 installers

Recommended Posts

Earlier releases of ImgBurn 2.5.8.0 installer contains identical ImgBurn.exe file. This can be checked by extracting the ImgBurn.exe file from the installer (SetupImgBurn_2.5.8.0.exe) and unpacking it with UPX (upx -d -o ImgBurn_unpacked.exe ImgBurn.exe).

 

 

1) ImgBurn 2.5.8.0 installer from "Mirror 7 - Provided By ImgBurn" (available as of 2013-07-07):

archive.org mirror:

http://web.archive.org/web/20130707212117/http://www.imgburn.com:80/index.php?act=download
SetupImgBurn_2.5.8.0.exe
File size: 3469871 bytes
CRC32: 00E8E0B2
MD5: 9685E1B00B7D1B31EDE436BD9B12BE39
SHA-1: 5CA96A0C243390C378DEE1A629684EA261E2CFC4

ImgBurn.exe (UPX packed)
File size: 2747392 bytes
CRC32: 6578C431
MD5: 48B1EAFDFF8DAEC984224041AF5D4388
SHA-1: B60AEB7CF5075297CC7379B0A90D6026EAD1EC78

ImgBurn.exe (unpacked)
File size: 11164672 bytes
CRC32: 6A8F4D26
MD5: 23495C042A68E5B4D4D5674E40B875B9
SHA-1: 2746AD277E0A5F7ADCA439EFE35B420D921B641F
2) ImgBurn 2.5.8.0 installer from "Mirror 7 - Provided By ImgBurn" (available as of 2017-05-13):

archive.org mirror:

http://web.archive.org/web/20170513044051/http://www.imgburn.com/index.php?act=download
SetupImgBurn_2.5.8.0.exe
File size: 3974758 bytes
CRC32: 1895061F
MD5: BAD2829663BD834856262E9AF30FB45B
SHA-1: 49CB5E216F7B17D3955043CD18B1AED0CA3464E5

ImgBurn.exe (UPX packed)
File size: 2747392 bytes
CRC32: D2B59DDE
MD5: 4776C25E4FFDA40783DF8D31217ED085
SHA-1: 8DFEB7DA315EE2F5CCC59B1CBFD9E60B74F17FC3

ImgBurn.exe (unpacked)
File size: 11164672 bytes
CRC32: 6A8F4D26
MD5: 23495C042A68E5B4D4D5674E40B875B9
SHA-1: 2746AD277E0A5F7ADCA439EFE35B420D921B641F
Note that the hashes of unpacked ImgBurn.exe file from installer available as of 2017-05-13 match with the hashes of unpacked ImgBurn.exe file from installer available as of 2013-07-07.

 

 

3) ImgBurn 2.5.8.0 installer from "Mirror 7 - Provided By ImgBurn" (currently available):

Page: h**p://www.imgburn.com/index.php?act=download

SetupImgBurn_2.5.8.0.exe
File size: 3962362 bytes
CRC32: EEEBD354
MD5: 0B4C94F8480F8CD13E160BCEAAAA8B29
SHA-1: 6FC013ED5944B13EFC54648699EA80F304E37AD0

ImgBurn.exe (UPX packed)
File size: 2748416 bytes
CRC32: C4A9D4D6
MD5: FDF88E419DF6A01956BC29A55E2C9C69
SHA-1: F5E606397C894AD365926C54CEBBBB71CEFE2A8F

ImgBurn.exe (unpacked)
File size: 11164672 bytes
CRC32: 61B68E8F
MD5: 40E3206C1B9C3BF466682A9A2E9E63A9
SHA-1: F95A1CBBC6F0636E0838C69EA71CDD2ED7777798
Note that the hashes of unpacked ImgBurn.exe file from current ImgBurn 2.5.8.0 installer do not match with the hashes of unpacked ImgBurn.exe file from earlier ImgBurn 2.5.8.0 installer releases (available as of 2013-07-07 and 2017-05-13).

 

Difference between both unpacked ImgBurn files (the one from current installer vs. the one from 2017-05-13 installer):

cmp -l ImgBurn_20170513_unpacked.exe ImgBurn_20180208_unpacked.exe | wc -l
15105
Both files differ in 15 KB.

 

At first glance, we can think about being in presence of a recompiled ImgBurn.exe binary, but properties of both executables do not differ, even build date is identical (this can be seen by opening - with the "open inside" option - the unpacked binary with 7-zip and selecting the "info" option). Being the unpacked ImgBurn.exe binary not signed, this issue can pass without being noticed as no integrity checks can be done or enforced by the OS on the executable file.

 

CYHD9Q5.pngR4lNdmx.png

Share this post


Link to post
Share on other sites

Yes it is.

 

Original compiled 2.5.8.0 exe...

 

11,164,672 bytes

CRC32: 4B74746A

MD5: 5B1874DED2D60B946F79F6664BC35322

SHA-1: 43981BD4C7FC24AEF89BE6C1F680E8949D38CF17

 

UPX packed exe...

 

2,748,416 bytes

CRC32: C4A9D4D6

MD5: FDF88E419DF6A01956BC29A55E2C9C69

SHA-1: F5E606397C894AD365926C54CEBBBB71CEFE2A8F

 

Unpacked exe...

 

11,164,672 bytes

CRC32: 61B68E8F

MD5: 40E3206C1B9C3BF466682A9A2E9E63A9

SHA-1: F95A1CBBC6F0636E0838C69EA71CDD2ED7777798

 

It is what it is. UPX's decompression isn't lossless afaik.

 

The exe has been repacked with a newer UPX since its original release back in 2013... Back in June 2017 actually, which falls after the date of archive.org's copy of the exe.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.