Manalyze report for 547307182e70db2d5bec6dd821264fb1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-May-28 19:28:59
Debug artifacts	C:\Users\Craig\Source\Repos\ShowKeyPlusRepo\obj\x64\Release\ShowKeyPlus.pdb
Comments	Windows Product key finder and edition checker
CompanyName	Superfly-Inc.
FileDescription	ShowKeyPlus
FileVersion	`1.1.15.0`
InternalName	ShowKeyPlus.exe
LegalCopyright	© 2021 Superfly-Inc.
LegalTrademarks
OriginalFilename	ShowKeyPlus.exe
ProductName	ShowKeyPlus
ProductVersion	`1.1.15.0`
Assembly Version	1.1.15.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: Resource.de Resource.es Resource.fr Resource.it Resource.nl Resource.ru ShowKeyPlus.Strings.Resource.de ShowKeyPlus.Strings.Resource.es ShowKeyPlus.Strings.Resource.fr ShowKeyPlus.Strings.Resource.it ShowKeyPlus.Strings.Resource.nl ShowKeyPlus.Strings.Resource.ru ShowKeyPlus.de ShowKeyPlus.es ShowKeyPlus.fr ShowKeyPlus.it ShowKeyPlus.nl ShowKeyPlus.ru Strings.Resource.de Strings.Resource.es Strings.Resource.fr Strings.Resource.it Strings.Resource.nl Strings.Resource.ru activation.sls.microsoft.com adobe.com costura.ca costura.de costura.es costura.fr costura.it costura.nl costura.ru costura.uk crl.microsoft.com github.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://ns.adobe.com http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://purl.org http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.modernwpf.com http://schemas.modernwpf.com/2019 http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://schemas.xmlsoap.org http://schemas.xmlsoap.org/soap/envelope/ http://www.microsoft.com http://www.microsoft.com/BatchActivationService http://www.microsoft.com/BatchActivationService/BatchActivate http://www.microsoft.com/DRM/PKEY/Configuration/2.0 http://www.microsoft.com/DRM/SL/BatchActivationRequest/1.0 http://www.microsoft.com/DRM/XrML2/SL/v2 http://www.microsoft.com/DRM/XrML2/TM/v2 http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0 http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a http://www.microsoft.com/windows0 http://www.microsoft.com/xrml/lwc14n http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# http://www.w3.org/2000/09/xmldsig# http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#sha1 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 http://www.w3.org/2001/04/xmlenc# http://www.w3.org/2001/04/xmlenc#aes128-cbc http://www.w3.org/2001/04/xmlenc#aes192-cbc http://www.w3.org/2001/04/xmlenc#aes256-cbc http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p http://www.w3.org/2001/04/xmlenc#sha256 http://www.w3.org/2001/04/xmlenc#sha512 http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2002/03/xkms# https://activation.sls.microsoft.com https://activation.sls.microsoft.com/BatchActivation/BatchActivation.asmx https://github.com microsoft.com modernwpf.com ns.adobe.com openxmlformats.org schemas.microsoft.com schemas.modernwpf.com schemas.openxmlformats.org schemas.xmlsoap.org sls.microsoft.com www.microsoft.com www.w3.org xmlsoap.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Suspicious	VirusTotal score: 2/65 (Scanned on 2023-08-21 03:25:04)	`Bkav: W32.AIDetectMalware.64` `Cynet: Malicious (score: 100)`

Hashes

MD5	`547307182e70db2d5bec6dd821264fb1`
SHA1	`df948537c7756fd82306b1a170ff09cbead3e6ca`
SHA256	`5c79be402e002592d747877826a4bc95cef666e1ddc1177d3c7d3a97b9db87bf`
SHA3	`5d5b1f74f4810549890691109672eb92b05811c02e7db69611f8c25452753dca`
SSDeep	`98304:FxIZRNfNsEiEbWNHXXoYYZWWw78Zjh/ZUgdCmXWSr:vIZRNVVMHXXNz0ZplWu`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2021-May-28 19:28:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`48.0`
SizeOfCode	`0x6f0400`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x6fa000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fa2c92b485451cb3b41446bf16d79a53`
SHA1	`55efda70715f051bd566ab693a0bbf0b6d58c380`
SHA256	`ee5e43167b8382151915f2c0ed2f20656bc9e1cc28bfb2ebbe44ddf68ede0745`
SHA3	`ff82900a0cb8572130d4b39b23e79354446c29b60195d74e641ff3e5752fef40`
VirtualSize	`0x6f0330`
VirtualAddress	`0x2000`
SizeOfRawData	`0x6f0400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.5059`

.rsrc

MD5	`8ebd81894376709a4202e92fa9b888a3`
SHA1	`dc46187e93454532105c0d9d30802974258c4f8e`
SHA256	`140998ba119f3b35d82417faf43771f9bab811b4667c60f5f7475048ecb51a9e`
SHA3	`b2bd8810bb91e32b98427575fa00324659359bd140c29fb2febc8688d57cf0ce`
VirtualSize	`0x4528`
VirtualAddress	`0x6f4000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x6f0600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.07169`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a0c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80055`
Detected Filetype	PNG graphic file
MD5	`2fc3226a969fa354088a3cb36cf696bc`
SHA1	`49e1c5f1516ac15f1fb4e3994334940dcee68cc3`
SHA256	`6de584419e8516633d7dd3ac1bef3042a07893b6be871e7082c469a1d88f7ba0`
SHA3	`a31c9239e65877589fef21e9a6fec31988d92af6ebd0349f5bace50841716ea7`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.61344`
MD5	`56c230f6fdf02cc6a0ca4006bcb5ea65`
SHA1	`2937937b16900d009d9354714ca0892fe4b2894d`
SHA256	`85642c39a16eaf2a70ae00ecaf6b16df7bfa0c3e1c566d12b44c186ce7f92bd5`
SHA3	`edd848b705470d61bea5b79887d61ccb3d4c6c85cc985c60dc64707da2146b04`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.19221`
Detected Filetype	Icon file
MD5	`5b332362fd797aa4e19cb85d92f5bc43`
SHA1	`b5cb9d36d0cc2f5402e5271362c9097b1a0cefe6`
SHA256	`1668ac6dcabb2ab0a6dca5213ef4262b7d77d9778b1c059877c14284e9d0a050`
SHA3	`65fd44885df6b0a984500a1b047e4f0314f88bfac8e05e6b614123d3f2ccfb38`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3b2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42973`
MD5	`7c1baa29419c259925139d24ca34b65a`
SHA1	`e03da202e7cf889d31c236437d451921545b97ca`
SHA256	`a6ff46b3f3655f3063d19605453b3148e090d84f93410c323dd4c41a1cd5a700`
SHA3	`db2c45345a6beeb8d3243ad62239fc5babcecffee5963674d0ea718986d7be2f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.15.0
ProductVersion	1.1.15.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Windows Product key finder and edition checker
CompanyName	Superfly-Inc.
FileDescription	ShowKeyPlus
FileVersion (#2)	1.1.15.0
InternalName	ShowKeyPlus.exe
LegalCopyright	© 2021 Superfly-Inc.
LegalTrademarks
OriginalFilename	ShowKeyPlus.exe
ProductName	ShowKeyPlus
ProductVersion (#2)	1.1.15.0
Assembly Version	1.1.15.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-May-28 19:28:59
Version	`0.0`
SizeofData	`100`
AddressOfRawData	`0x6f22cc`
PointerToRawData	`0x6f04cc`
Referenced File	C:\Users\Craig\Source\Repos\ShowKeyPlusRepo\obj\x64\Release\ShowKeyPlus.pdb

TLS Callbacks

Load Configuration

RICH Header

547307182e70db2d5bec6dd821264fb1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

Imports

Delayed Imports

1

2

32512

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors