010bfad99dae063453a7c2e1917173a1610bba88b55cd45e4650c78e89991bb7

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2023-Dec-19 07:10:15

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .grd0005
Unusual section name found: .grd0006
Unusual section name found: .grd0007
Unusual section name found: .grd0008
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Info The PE is digitally signed. Signer: Aktiv-Soft Joint-Stock Company
Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020
Suspicious VirusTotal score: 1/71 (Scanned on 2024-05-31 09:58:39) Cylance: Unsafe

Hashes

MD5 8b2759a48853b4088abf4965430ff2fb
SHA1 4729cc282d3b1de6c9f45195f476fe5ff6f9009b
SHA256 010bfad99dae063453a7c2e1917173a1610bba88b55cd45e4650c78e89991bb7
SHA3 4ea9aac7edf82073c7b873a7bd517c241fa25c7d099c6561b80dfa4cb597fceb
SSDeep 98304:RhAE4TMPOn2td1qEIiMfbiX3UvPRWHDtlWhvdkt1:gEo87ztcIsWL82T
Imports Hash 27544985e6788419d07cdbc8a56bf956

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 2023-Dec-19 07:10:15
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2c5400
SizeOfInitializedData 0x67200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000035C000 (Section: .grd0008)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x6b0000
SizeOfHeaders 0x400
Checksum 0x35fc25
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2c5230
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1dfe8
VirtualAddress 0x2c7000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x43ec0
VirtualAddress 0x2e5000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x453c
VirtualAddress 0x329000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grd0005

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xb30
VirtualAddress 0x32e000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grd0006

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x400
VirtualAddress 0x32f000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.grd0007

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2b120
VirtualAddress 0x330000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.grd0008

MD5 e102a12a2ad13507ebe78770331cfc7e
SHA1 4182d2fc69a60b2417d471fefe9bfd5d4c837bd6
SHA256 1f669de0c0687a6d9e483315f7bbb7e7fec9ab1c7a12b70f27f914112267b85b
SHA3 90e3f827ddfb9e1434df300f30eeab9d5683bb30a5b05cfce47344827c2957e7
VirtualSize 0x3525fa
VirtualAddress 0x35c000
SizeOfRawData 0x352600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.99165

.reloc

MD5 13727fefbc07c0fa1ef2856bb0f405bc
SHA1 9b4dc8bceb08f74f45f8522c9e9accbea5505f36
SHA256 feffc51bf3a873895a5f334b558ce8e39b573f6f6e107e1f85ca808b1229a396
SHA3 11873da254b7e4d5871a2ece0c56295c6143bbcf5f1b9341b60479131b9f8d10
VirtualSize 0x14
VirtualAddress 0x6af000
SizeOfRawData 0x200
PointerToRawData 0x352a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

KERNEL32.DLL GetModuleHandleA
GetProcAddress
LoadLibraryA
VirtualProtect

Delayed Imports

GrdDongleSetLicense

Ordinal 1
Address 0x4810

GrdFeatureCheck

Ordinal 2
Address 0x4980

GrdFeatureCryptAndCount

Ordinal 3
Address 0x4ae0

GrdFeatureDecrypt

Ordinal 4
Address 0x4c50

GrdFeatureEncrypt

Ordinal 5
Address 0x4da0

GrdFeatureGetInfo

Ordinal 6
Address 0x4ef0

GrdFeatureGetMaxConcurrentResource

Ordinal 7
Address 0x50a0

GrdFeatureGetRunCounter

Ordinal 8
Address 0x5190

GrdFeatureGetTimeLimit

Ordinal 9
Address 0x5250

GrdFeatureLogin

Ordinal 10
Address 0x5310

GrdFeatureLogout

Ordinal 11
Address 0x56f0

GrdFeatureSign

Ordinal 12
Address 0x5720

GrdFree

Ordinal 13
Address 0x5830

GrdGetApiVersion

Ordinal 14
Address 0x5870

GrdGetErrorMessage

Ordinal 15
Address 0x5990

GrdGetHostFingerprint

Ordinal 16
Address 0x5a40

GrdGetLicenseInfo

Ordinal 17
Address 0x6030

GrdGetRealTime

Ordinal 18
Address 0x63e0

GrdLedBlink

Ordinal 19
Address 0x6740

GrdLicenseActivate

Ordinal 20
Address 0x6830

GrdLicenseCheckIsNotBanned

Ordinal 21
Address 0x6990

GrdLicenseCheckSerialNumberFormat

Ordinal 22
Address 0x6a20

GrdLicenseCheckUpdateIsAvailable

Ordinal 23
Address 0x6a60

GrdLicenseCreateActivationRequest

Ordinal 24
Address 0x6d70

GrdLicenseCreateUpdateRequest

Ordinal 25
Address 0x6e10

GrdLicenseDetach

Ordinal 26
Address 0x70d0

GrdLicenseExtractForRehost

Ordinal 27
Address 0x7460

GrdLicenseInstall

Ordinal 28
Address 0x7500

GrdLicenseInstallRemotely

Ordinal 29
Address 0x7650

GrdLicenseRehost

Ordinal 30
Address 0x78d0

GrdLicenseRemove

Ordinal 31
Address 0x7990

GrdLicenseReturnToPool

Ordinal 32
Address 0x79f0

GrdLicenseSendActivationRequest

Ordinal 33
Address 0x7aa0

GrdLicenseSendRehostRequest

Ordinal 34
Address 0x7c40

GrdLicenseSendUpdateRequest

Ordinal 35
Address 0x7de0

GrdLicenseUpdate

Ordinal 36
Address 0x7f70

GrdMemoryGetSize

Ordinal 37
Address 0x8120

GrdMemoryRead

Ordinal 38
Address 0x81f0

GrdMemoryWrite

Ordinal 39
Address 0x8300

GrdSetDriverType

Ordinal 40
Address 0x8410

GrdVerifyDigest

Ordinal 41
Address 0x8550

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x72f6ef2d
Unmarked objects 0
C objects (VS2015/2017 runtime 25711) 10
ASM objects (VS2015/2017 runtime 25711) 5
C++ objects (VS2015/2017 runtime 25711) 137
ASM objects (VS 2015/2017 runtime 26706) 8
C++ objects (VS 2015/2017 runtime 26706) 30
C objects (VS 2015/2017 runtime 26706) 14
Imports (VS2015/2017 runtime 25711) 3
Total imports 83
C objects (VS2017 v15.8.5-8 compiler 26730) 2
Exports (VS2017 v15.8.5-8 compiler 26730) 1
Linker (VS2017 v15.8.5-8 compiler 26730) 1

Errors

[*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .pdata has a size of 0! [*] Warning: Section .grd0005 has a size of 0! [*] Warning: Section .grd0006 has a size of 0! [*] Warning: Section .grd0007 has a size of 0!
Leave a comment

No comments yet.