Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
- This program cannot be run in DOS mode.
Contains domain names:
- Resource.de
- Resource.es
- Resource.fr
- Resource.it
- Resource.nl
- Resource.ru
- ShowKeyPlus.Strings.Resource.de
- ShowKeyPlus.Strings.Resource.es
- ShowKeyPlus.Strings.Resource.fr
- ShowKeyPlus.Strings.Resource.it
- ShowKeyPlus.Strings.Resource.nl
- ShowKeyPlus.Strings.Resource.ru
- ShowKeyPlus.de
- ShowKeyPlus.es
- ShowKeyPlus.fr
- ShowKeyPlus.it
- ShowKeyPlus.nl
- ShowKeyPlus.ru
- Strings.Resource.de
- Strings.Resource.es
- Strings.Resource.fr
- Strings.Resource.it
- Strings.Resource.nl
- Strings.Resource.ru
- activation.sls.microsoft.com
- adobe.com
- costura.ca
- costura.de
- costura.es
- costura.fr
- costura.it
- costura.nl
- costura.ru
- costura.uk
- crl.microsoft.com
- github.com
- http://crl.microsoft.com
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
- http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
- http://ns.adobe.com
- http://ns.adobe.com/exif/1.0/
- http://ns.adobe.com/photoshop/1.0/
- http://ns.adobe.com/tiff/1.0/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
- http://purl.org
- http://schemas.microsoft.com
- http://schemas.microsoft.com/expression/blend/2008
- http://schemas.microsoft.com/winfx/2006/xaml
- http://schemas.microsoft.com/winfx/2006/xaml/presentation
- http://schemas.modernwpf.com
- http://schemas.modernwpf.com/2019
- http://schemas.openxmlformats.org
- http://schemas.openxmlformats.org/markup-compatibility/2006
- http://schemas.xmlsoap.org
- http://schemas.xmlsoap.org/soap/envelope/
- http://www.microsoft.com
- http://www.microsoft.com/BatchActivationService
- http://www.microsoft.com/BatchActivationService/BatchActivate
- http://www.microsoft.com/DRM/PKEY/Configuration/2.0
- http://www.microsoft.com/DRM/SL/BatchActivationRequest/1.0
- http://www.microsoft.com/DRM/XrML2/SL/v2
- http://www.microsoft.com/DRM/XrML2/TM/v2
- http://www.microsoft.com/PKI/docs/CPS/default.htm0
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
- http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
- http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0
- http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a
- http://www.microsoft.com/windows0
- http://www.microsoft.com/xrml/lwc14n
- http://www.w3.org
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://www.w3.org/2000/09/xmldsig#
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2000/09/xmldsig#sha1
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
- http://www.w3.org/2001/04/xmlenc#
- http://www.w3.org/2001/04/xmlenc#aes128-cbc
- http://www.w3.org/2001/04/xmlenc#aes192-cbc
- http://www.w3.org/2001/04/xmlenc#aes256-cbc
- http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
- http://www.w3.org/2001/04/xmlenc#sha256
- http://www.w3.org/2001/04/xmlenc#sha512
- http://www.w3.org/2001/XMLSchema
- http://www.w3.org/2001/XMLSchema-instance
- http://www.w3.org/2002/03/xkms#
- https://activation.sls.microsoft.com
- https://activation.sls.microsoft.com/BatchActivation/BatchActivation.asmx
- https://github.com
- microsoft.com
- modernwpf.com
- ns.adobe.com
- openxmlformats.org
- schemas.microsoft.com
- schemas.modernwpf.com
- schemas.openxmlformats.org
- schemas.xmlsoap.org
- sls.microsoft.com
- www.microsoft.com
- www.w3.org
- xmlsoap.org
|
Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to SHA1
Uses constants related to SHA256
|
Suspicious |
The PE is possibly packed. |
The PE only has 0 import(s).
|
Suspicious |
VirusTotal score: 2/65 (Scanned on 2023-08-21 03:25:04) |
Bkav:
W32.AIDetectMalware.64
Cynet:
Malicious (score: 100)
|