Manalyze report for 2f9f5e938daa77e41128ce3c6bb33b80

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jan-08 09:39:28
Detected languages	English - United States
Debug artifacts	D:\ActivationTool\x64\Release\ActivationTool.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: files.kichhoat24h.com http://jimmac.musichall.cz http://www.gimp.orgg http://www.microsoft.com http://www.microsoft.com/whdc/ddk/debugging/ https://files.kichhoat24h.com https://files.kichhoat24h.com/download/Tools https://kichhoat24h.com https://paypal.me inkscape.org kichhoat24h.com microsoft.com www.inkscape.org www.microsoft.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegisterHotKey RegSetValueExW RegQueryValueExW RegOpenKeyExW RegEnumValueW RegCloseKey RegCreateKeyExW RegDeleteKeyW RegDeleteValueW RegEnumKeyW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Uses functions commonly found in keyloggers: CallNextHookEx MapVirtualKeyW GetAsyncKeyState` `Has Internet access capabilities: WinHttpSendRequest WinHttpWriteData WinHttpGetProxyForUrl WinHttpGetIEProxyConfigForCurrentUser WinHttpCloseHandle WinHttpConnect WinHttpOpenRequest WinHttpReadData WinHttpQueryHeaders WinHttpAddRequestHeaders WinHttpOpen WinHttpReceiveResponse WinHttpSetTimeouts WinHttpQueryDataAvailable WinHttpSetOption WinHttpCrackUrl` `Enumerates local disk drives: GetDriveTypeW GetLogicalDriveStringsW` `Can take screenshots: GetDC CreateCompatibleDC BitBlt`
Suspicious	VirusTotal score: 1/70 (Scanned on 2021-02-27 09:20:03)	`AhnLab-V3: HackTool/Win64.Activator.C4319446`

Hashes

MD5	`2f9f5e938daa77e41128ce3c6bb33b80`
SHA1	`7f6aaa3691feff7768b82fecdab37560f92cd6c4`
SHA256	`be6cd00a54433d6ef040b265f76888815953ab759f70284036806ed9af89d9d0`
SHA3	`b2804ed7ee116126c91784bb16edf23de13f4c79a5bdd3fe6a50e9f984c61a03`
SSDeep	`49152:m/FCS2Vl86gldGEg5/DaefRaz9QE+arxu8e7MiW0aWpTRZkw54nMn87Hho3XIB8:EWlJqGEghWZ8z/KkuvH2n+gjKz84`
Imports Hash	`92b9b57d9a8889cacbc1794720fd5c70`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Jan-08 09:39:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x324c00`
SizeOfInitializedData	`0x203800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000002A1EC0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x52c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4a52fbdf69eb9fb04d0fa30055abd7ce`
SHA1	`352b31e9bba3b85163ae2ac08a81f9476639e8ee`
SHA256	`71c158e5a8c1e50529b99428890d163d85392c6eaae1005f00b879a5028284d0`
SHA3	`bcc356551422b621954a1a0d181c3c027076cc7baedadca164e49c838c73b0b3`
VirtualSize	`0x324a0e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x324c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44938`

.rdata

MD5	`1b4418e98ce268522aa09ca8041196a6`
SHA1	`a2231ffeb57badfc5ee5250aef47e52f5deb3f90`
SHA256	`206da0f0ab0948ef94f69a05f61e676743c26c215c948c8c72ead7af7fb619c9`
SHA3	`09bcf8ed58b45a31607d9874b4ec5f2705d2aa4fb6275f83adfdde1768158acf`
VirtualSize	`0x12a4c6`
VirtualAddress	`0x326000`
SizeOfRawData	`0x12a600`
PointerToRawData	`0x325000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.44745`

.data

MD5	`ca066668b3707e2daedb244d8204ddf9`
SHA1	`2ee9c06cd88093850081e1d4b17783d248abae20`
SHA256	`12bd7bf8b1e219b2b2b8e252d3277ee57bd2d099a434bd3d56547061688e691c`
SHA3	`1a681609c74e638021968e4de979886805b112a568a7a998c853b7d994f82957`
VirtualSize	`0x42d7c`
VirtualAddress	`0x451000`
SizeOfRawData	`0x13000`
PointerToRawData	`0x44f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.14307`

.pdata

MD5	`679c49d0e5dc85342950046c9474012c`
SHA1	`739c72883ba0450bceddf21d86c00197ac2ccf90`
SHA256	`a1732e3795cae082145aba32893813dcc36b962fb040b3c9ca59290215678965`
SHA3	`c97c6b1d894fa35ba9484791b3d7d0be3fd45295a66868a58c24af718cb4931c`
VirtualSize	`0x1eed0`
VirtualAddress	`0x494000`
SizeOfRawData	`0x1f000`
PointerToRawData	`0x462600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.18334`

_RDATA

MD5	`8b894ea1529d4097b06d458b9e511f2a`
SHA1	`b95543df9c15d751e6c9141741645fcbea53a25d`
SHA256	`3950c8eec9a810e6f8282e130e46044ec2bbc470fdc7b2810cb1c071969a8f7f`
SHA3	`b1d687bf0d0f986a199a1d0e204ad6d57967bed8a54e56b7f3021ca8f34941d4`
VirtualSize	`0x94`
VirtualAddress	`0x4b3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x481600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.45376`

.rsrc

MD5	`60bb04be95a3eb1cfcfe318c4a5fd6ce`
SHA1	`9ae31e5faf99cf9538d57fcb4ec167fb8ce8307a`
SHA256	`be984b613df5ceeabbbefe6369a923764926f176815203f3be5a3675c66f2425`
SHA3	`44ce9c6017b34955dd50b70b5fd1f1049fb5e4b09d753611245ea7f87b9aa171`
VirtualSize	`0x639d8`
VirtualAddress	`0x4b4000`
SizeOfRawData	`0x63a00`
PointerToRawData	`0x481800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.73603`

.reloc

MD5	`b5af1fd1b78791895cf4b07e25a43c85`
SHA1	`0ebb58f21159ee36c5630be704c243d8937c9800`
SHA256	`4cfa086ea24e854aa1fa66f0c19b50f973d4554d4e627a36b76ac8d76c71ad95`
SHA3	`5a802eea2b82ccc868bcc7c555f2212a0b09edce216f66c0848a91e8d79d0fff`
VirtualSize	`0x1371c`
VirtualAddress	`0x518000`
SizeOfRawData	`0x13800`
PointerToRawData	`0x4e5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4503`

Imports

KERNEL32.dll	`GetEnvironmentVariableW` `GetCurrentProcessId` `TerminateProcess` `GetVersionExW` `GetModuleFileNameW` `LoadResource` `LockResource` `SizeofResource` `FindResourceW` `IsValidCodePage` `RtlCaptureContext` `GetCurrentThread` `SetCurrentDirectoryW` `GetFileType` `CopyFileW` `FindNextFileW` `FreeLibrary` `LoadLibraryW` `GetCommandLineW` `WriteFile` `SetEvent` `WaitForMultipleObjects` `IsBadReadPtr` `IsBadStringPtrA` `ExpandEnvironmentStringsW` `MulDiv` `GetStdHandle` `FreeConsole` `AttachConsole` `WriteConsoleA` `WriteConsoleW` `FillConsoleOutputCharacterW` `GetConsoleScreenBufferInfo` `SetConsoleCursorPosition` `ReadConsoleOutputCharacterA` `GlobalAlloc` `GlobalUnlock` `GlobalLock` `GlobalSize` `ResetEvent` `WaitForSingleObjectEx` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetStartupInfoW` `QueryPerformanceCounter` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RtlUnwind` `LoadLibraryExW` `GetModuleHandleExW` `SetStdHandle` `DeleteFileW` `FlushFileBuffers` `GetConsoleMode` `ReadConsoleW` `GetConsoleCP` `SetFilePointerEx` `GetDriveTypeW` `GetFullPathNameW` `MoveFileExW` `GetTimeZoneInformation` `GetFileSizeEx` `GetDateFormatW` `GetTimeFormatW` `EnumSystemLocalesW` `SetEndOfFile` `GetOEMCP` `SetEnvironmentVariableW` `GetCurrentDirectoryW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `FindFirstFileExW` `GetCommandLineA` `GetCurrentThreadId` `ExitProcess` `GetCurrentProcess` `InitializeCriticalSection` `GetUserDefaultLCID` `IsValidLocale` `GetACP` `GetTempPathW` `GetTempFileNameW` `GetLongPathNameW` `GetFileTime` `GetFileAttributesW` `FindFirstFileW` `FindClose` `CreateFileW` `FormatMessageW` `SetErrorMode` `OutputDebugStringW` `IsDebuggerPresent` `GetCPInfo` `GetStringTypeW` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `EncodePointer` `LocalFree` `GetProcAddress` `GetModuleHandleW` `GetSystemTimeAsFileTime` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `SwitchToThread` `CreateEventW` `InitializeCriticalSectionAndSpinCount` `SetLastError` `LeaveCriticalSection` `EnterCriticalSection` `WideCharToMultiByte` `QueryPerformanceFrequency` `GetLogicalDriveStringsW` `CreateProcessW` `GetProcessHeap` `DeleteCriticalSection` `HeapDestroy` `DecodePointer` `HeapAlloc` `RaiseException` `CloseHandle` `HeapReAlloc` `GlobalFree` `GetLastError` `MultiByteToWideChar` `HeapSize` `WaitForSingleObject` `InitializeCriticalSectionEx` `PeekNamedPipe` `CreatePipe` `HeapFree` `ReadFile`
USER32.dll	`PtInRect` `GetParent` `SetParent` `GetWindow` `SetWindowsHookExW` `UnhookWindowsHookEx` `CallNextHookEx` `IsDialogMessageW` `SetScrollInfo` `GetScrollInfo` `SystemParametersInfoW` `CreateDialogParamW` `GetDlgItem` `DestroyCursor` `CreateIconIndirect` `IsMenu` `keybd_event` `GetWindowTextLengthW` `HideCaret` `DrawTextW` `DrawFocusRect` `DrawStateW` `SetRectEmpty` `CopyRect` `OffsetRect` `SetWindowRgn` `GetProcessDefaultLayout` `DestroyIcon` `GetComboBoxInfo` `FindWindowExW` `GetClassInfoW` `IsRectEmpty` `DrawIconEx` `GetWindowTextW` `MessageBeep` `SetRect` `GetClassNameW` `CreateAcceleratorTableW` `DestroyAcceleratorTable` `TranslateAcceleratorW` `GetDoubleClickTime` `GetCaretBlinkTime` `ValidateRgn` `GetMenuState` `CreateMenu` `CreatePopupMenu` `DestroyMenu` `GetSubMenu` `InsertMenuW` `AppendMenuW` `ModifyMenuW` `RemoveMenu` `SetMenuInfo` `InsertMenuItemW` `SetMenuItemInfoW` `GetMessageW` `ValidateRect` `GetWindowDC` `BeginPaint` `EndPaint` `UnionRect` `GetDesktopWindow` `ChildWindowFromPoint` `DrawEdge` `DrawFrameControl` `CheckMenuItem` `GetMenuItemID` `GetSysColorBrush` `CheckMenuRadioItem` `RegisterClipboardFormatW` `GetClipboardFormatNameW` `wsprintfW` `ChangeDisplaySettingsExW` `EnumDisplaySettingsW` `MonitorFromPoint` `MonitorFromWindow` `GetMonitorInfoW` `EnumDisplayMonitors` `IsClipboardFormatAvailable` `FillRect` `GetSysColor` `ChildWindowFromPointEx` `WindowFromPoint` `MapWindowPoints` `ScreenToClient` `ClientToScreen` `GetCursorPos` `SetCursorPos` `GetClientRect` `EnableScrollBar` `ScrollWindow` `RedrawWindow` `InvalidateRect` `GetUpdateRgn` `ReleaseDC` `GetDC` `UpdateWindow` `GetMenuItemInfoW` `TrackPopupMenu` `GetMenuItemCount` `GetSystemMetrics` `IsWindowEnabled` `EnableWindow` `ReleaseCapture` `SetCapture` `GetCapture` `MapVirtualKeyW` `VkKeyScanW` `GetAsyncKeyState` `GetFocus` `GetActiveWindow` `SetFocus` `IsWindowVisible` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `AnimateWindow` `IsWindow` `CallWindowProcW` `PostQuitMessage` `GetMessageTime` `GetMessagePos` `UnregisterHotKey` `RegisterHotKey` `TranslateMessage` `GetWindowRect` `SetMenu` `SetWindowLongW` `SetWindowTextW` `SetForegroundWindow` `EnableMenuItem` `GetSystemMenu` `DrawMenuBar` `GetDialogBaseUnits` `CreateDialogIndirectParamW` `IsZoomed` `IsIconic` `GetWindowPlacement` `SetWindowPos` `MoveWindow` `FlashWindowEx` `SetLayeredWindowAttributes` `ShowWindow` `GetIconInfo` `LoadImageW` `LoadIconW` `LoadBitmapW` `SetWindowLongPtrW` `GetWindowLongPtrW` `GetWindowLongW` `GetKeyState` `DdeFreeStringHandle` `DdeQueryStringW` `DdeCreateStringHandleW` `DdeGetLastError` `DdeFreeDataHandle` `DdeGetData` `DdeCreateDataHandle` `DdeClientTransaction` `DdeNameService` `DdePostAdvise` `DdeDisconnect` `DdeConnect` `DdeUninitialize` `DdeInitializeW` `LoadCursorW` `SetCursor` `KillTimer` `SetTimer` `MsgWaitForMultipleObjects` `DispatchMessageW` `DestroyWindow` `DefWindowProcW` `SendMessageW` `PeekMessageW` `BringWindowToTop` `CreateWindowExW` `RegisterClassW` `PostMessageW` `PostThreadMessageW` `MessageBoxW` `UnregisterClassW` `InflateRect` `RegisterWindowMessageW`
COMCTL32.dll	`ImageList_GetIconSize` `ImageList_GetImageInfo` `ImageList_Replace` `ImageList_Draw` `#17` `#16` `ImageList_Create` `ImageList_Destroy` `ImageList_GetImageCount` `ImageList_Add` `ImageList_SetBkColor`
RPCRT4.dll	`UuidToStringW` `RpcStringFreeW`
UxTheme.dll	`OpenThemeData` `CloseThemeData` `DrawThemeBackground` `GetThemeBackgroundContentRect` `IsThemeBackgroundPartiallyTransparent` `GetThemeColor` `DrawThemeParentBackground` `GetThemeFont` `GetThemeMargins` `GetThemeBackgroundExtent` `SetWindowTheme` `GetCurrentThemeName` `IsThemeActive` `IsAppThemed` `GetThemePartSize` `GetThemeInt` `GetThemeSysColor` `GetThemeSysFont` `IsThemePartDefined`
WINHTTP.dll	`WinHttpSendRequest` `WinHttpWriteData` `WinHttpGetProxyForUrl` `WinHttpGetIEProxyConfigForCurrentUser` `WinHttpCloseHandle` `WinHttpConnect` `WinHttpOpenRequest` `WinHttpReadData` `WinHttpQueryHeaders` `WinHttpAddRequestHeaders` `WinHttpOpen` `WinHttpReceiveResponse` `WinHttpSetTimeouts` `WinHttpQueryDataAvailable` `WinHttpSetOption` `WinHttpCrackUrl`
MSIMG32.dll	`AlphaBlend` `GradientFill`
GDI32.dll	`ExcludeClipRect` `CreateRectRgn` `RealizePalette` `SelectObject` `SelectPalette` `Rectangle` `GetTextMetricsW` `SetBrushOrgEx` `GdiFlush` `CreateCompatibleDC` `DeleteDC` `StretchBlt` `CombineRgn` `CreateFontIndirectW` `CreateRectRgnIndirect` `OffsetRgn` `RectInRegion` `SelectClipRgn` `SetTextColor` `SetBkColor` `GetObjectW` `Pie` `MaskBlt` `GetStockObject` `GetPixel` `GetObjectType` `GetClipBox` `Ellipse` `Arc` `ExtFloodFill` `CreatePatternBrush` `GetRegionData` `ExtCreateRegion` `GetWindowExtEx` `GetViewportExtEx` `PolyPolygon` `GetGraphicsMode` `CreateSolidBrush` `GetOutlineTextMetricsW` `GetDeviceCaps` `DeleteObject` `RoundRect` `GetSystemPaletteEntries` `EndPage` `StartPage` `SetBkMode` `BitBlt` `CreateBitmap` `CreateBitmapIndirect` `ExtSelectClipRgn` `SetGraphicsMode` `SetMapMode` `SetLayout` `GetLayout` `SetPixel` `SetPolyFillMode` `StretchDIBits` `SetROP2` `SetStretchBltMode` `GetWorldTransform` `SetWorldTransform` `ModifyWorldTransform` `ExtTextOutW` `Polygon` `Polyline` `PolyBezier` `SetViewportExtEx` `SetViewportOrgEx` `SetWindowExtEx` `SetWindowOrgEx` `GetBkColor` `LineTo` `MoveToEx` `EqualRgn` `GetRgnBox` `PtInRegion` `CreatePalette` `GetNearestPaletteIndex` `GetPaletteEntries` `GetTextExtentPoint32W` `CreateHatchBrush` `CreateDIBitmap` `GetDIBits` `CreateDIBSection` `GetDIBColorTable` `CreatePen` `ExtCreatePen` `GetCharABCWidthsW` `GetTextExtentExPointW` `CreateICW` `CreateDCW` `EnumFontFamiliesExW` `CloseEnhMetaFile` `CreateEnhMetaFileW` `DeleteEnhMetaFile` `GetEnhMetaFileW` `GetEnhMetaFileHeader` `PlayEnhMetaFile` `SetAbortProc` `StartDocW` `EndDoc` `CreateCompatibleBitmap`
WINSPOOL.DRV	`DocumentPropertiesW` `ClosePrinter` `OpenPrinterW`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW` `PageSetupDlgW` `PrintDlgW` `ChooseFontW` `CommDlgExtendedError`
ADVAPI32.dll	`RegSetValueExW` `RegQueryValueExW` `RegOpenKeyExW` `RegEnumValueW` `GetUserNameW` `RegCloseKey` `RegCreateKeyExW` `RegDeleteKeyW` `RegDeleteValueW` `RegEnumKeyW`
SHELL32.dll	`DragQueryPoint` `ExtractIconExW` `DragAcceptFiles` `ShellExecuteExW` `SHGetFileInfoW` `#6` `ExtractIconW` `DragQueryFileW` `SHGetFolderPathW` `CommandLineToArgvW` `DragFinish`
ole32.dll	`CoLockObjectExternal` `RegisterDragDrop` `RevokeDragDrop` `OleSetClipboard` `OleGetClipboard` `OleFlushClipboard` `OleIsCurrentClipboard` `CoTaskMemAlloc` `CoTaskMemFree` `OleUninitialize` `ReleaseStgMedium` `OleInitialize` `CoCreateInstance`
SHLWAPI.dll	`SHAutoComplete`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2adc0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37898`
MD5	`02a3fb2fd7df380564c9f106cd731d0d`
SHA1	`fc364d50d5e1f6d0748d941e738b5ebe2af3f634`
SHA256	`7051598ce66cf5431cfd6f7dff880a2f1786610a7613c81743a6749f3fc1187e`
SHA3	`3cbbbf077e789853e35b944ed693040163b39c4661f330b1ddb11185cf56e218`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d49`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94363`
Detected Filetype	PNG graphic file
MD5	`d851c4444aeb0449b8e6d7b6d7e9eb8b`
SHA1	`9975325f2c84cf05497fefc67bde1a626da0715a`
SHA256	`0cd4937b15f02a7cb2b7bdc36062f81d996a4a290ef9f18c0d3b41ebc274782a`
SHA3	`cdba25b640c475df42d1f212154c499625886f19bcb4cb4e11ae9a22ed102fe7`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.04267`
MD5	`e5c5c7a9395bc54016a7757b9d0530b2`
SHA1	`64fab43a63f25752617e4b914a253f89ec779e90`
SHA256	`d8cbe6788f81abd9372a58095b4a74b7a8ace3d3f7c4cbf7b13c9faf1ec2f113`
SHA3	`43fcc502d0812529a191488ab81491f985cfe3a1e41147dc633a0dbcd087616c`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.31891`
MD5	`0e81e630a952f5d41769bc39834466bd`
SHA1	`c5460d5f1b9d1eb1ff5d8bd736f565f7f2274157`
SHA256	`a3ca4daf3ca5582b2ace0900b968c5588250820cead95475c4b02f1954c6680e`
SHA3	`95f8a375a5c9aa7df959d6f77e9f48269fe85dbe9b179059f10faf4ac2707dee`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.48849`
MD5	`58d9dd5a7fa1920f74bce4aa0f76e040`
SHA1	`7798dbbafd0455e45d3d049ac7cfbc85a97a0251`
SHA256	`7b7df593b34b9e0b7499d9bffe7e8771a1c2eab18c4f1394e5784dfa8f295293`
SHA3	`fe91440da3e8cf85698fd0f7684723afa622d219167da6795dd0ed470b42ca9d`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75157`
MD5	`ae28f49f5855e6e6af0df52e54d7a941`
SHA1	`8889ce09cb8906cdebc5527358fdcc2bc02a9405`
SHA256	`5ac4a0f43c0165c7a985366fa22a24196d6fb1a9b9777a216469c78e85287741`
SHA3	`da32d5c786d982904985151f7c93f3320539f0eb28026dd01cc7f050c2b59386`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17621`
MD5	`e819c80318d5fbf4bfba1dce711d7de2`
SHA1	`2a0e5c094ed4b31b7c6ce1f8b1c9a9cda201b839`
SHA256	`d363b05c0ad1c1b23348a05e0bdeb03c07d2eab4897d823c4845ce21c718ed34`
SHA3	`fdb703c6054bfe2bd6985a223459fa996539cf7a1a1d760d16e2613982913062`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d49`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94363`
Detected Filetype	PNG graphic file
MD5	`d851c4444aeb0449b8e6d7b6d7e9eb8b`
SHA1	`9975325f2c84cf05497fefc67bde1a626da0715a`
SHA256	`0cd4937b15f02a7cb2b7bdc36062f81d996a4a290ef9f18c0d3b41ebc274782a`
SHA3	`cdba25b640c475df42d1f212154c499625886f19bcb4cb4e11ae9a22ed102fe7`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.04267`
MD5	`e5c5c7a9395bc54016a7757b9d0530b2`
SHA1	`64fab43a63f25752617e4b914a253f89ec779e90`
SHA256	`d8cbe6788f81abd9372a58095b4a74b7a8ace3d3f7c4cbf7b13c9faf1ec2f113`
SHA3	`43fcc502d0812529a191488ab81491f985cfe3a1e41147dc633a0dbcd087616c`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.31891`
MD5	`0e81e630a952f5d41769bc39834466bd`
SHA1	`c5460d5f1b9d1eb1ff5d8bd736f565f7f2274157`
SHA256	`a3ca4daf3ca5582b2ace0900b968c5588250820cead95475c4b02f1954c6680e`
SHA3	`95f8a375a5c9aa7df959d6f77e9f48269fe85dbe9b179059f10faf4ac2707dee`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.48849`
MD5	`58d9dd5a7fa1920f74bce4aa0f76e040`
SHA1	`7798dbbafd0455e45d3d049ac7cfbc85a97a0251`
SHA256	`7b7df593b34b9e0b7499d9bffe7e8771a1c2eab18c4f1394e5784dfa8f295293`
SHA3	`fe91440da3e8cf85698fd0f7684723afa622d219167da6795dd0ed470b42ca9d`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75157`
MD5	`ae28f49f5855e6e6af0df52e54d7a941`
SHA1	`8889ce09cb8906cdebc5527358fdcc2bc02a9405`
SHA256	`5ac4a0f43c0165c7a985366fa22a24196d6fb1a9b9777a216469c78e85287741`
SHA3	`da32d5c786d982904985151f7c93f3320539f0eb28026dd01cc7f050c2b59386`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17621`
MD5	`e819c80318d5fbf4bfba1dce711d7de2`
SHA1	`2a0e5c094ed4b31b7c6ce1f8b1c9a9cda201b839`
SHA256	`d363b05c0ad1c1b23348a05e0bdeb03c07d2eab4897d823c4845ce21c718ed34`
SHA3	`fdb703c6054bfe2bd6985a223459fa996539cf7a1a1d760d16e2613982913062`

APPICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99969`
Detected Filetype	Icon file
MD5	`47768cba17c533701c493a504b5e0b7e`
SHA1	`8df41e2554e7f533672ef47bb2e198f6317a6027`
SHA256	`ae8ac3c7bf775b90a31a777823c96b18cf3fae1472b90d870f41615956620c11`
SHA3	`f6da8d8ceae0ac9f59eb2c86c8282ad74987376dc9071a8fbd3b9ed8f2a96d9b`

LOGINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`cdcf21d3ed9a799ffcd3980b95014820`
SHA1	`5bbec099a55b20d28733a065bfae5d2f7edbee2e`
SHA256	`f35f5b88a9b24663233273d28037436a6d2e1af07355818e4e9ce785b04fbe2b`
SHA3	`0fb82fda549b0b7f4a5c2a1532178454a1d245d580cf041e08c4e83b9244a49f`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98586`
Detected Filetype	Icon file
MD5	`b92698de5345d04e098070c493a6be7a`
SHA1	`447fb8015c49bf7d942545fea66bfbd3fdf90264`
SHA256	`6f1f28097475d17d7422343145d568c9988f361421997d1b73200d833da0a96c`
SHA3	`395f13522d5ed00af4bd010037760c482309a160d68ec5c554e328ca9d68fdb8`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2dd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80502`
MD5	`a014f2f27d7fe6bbce642acc2d979f34`
SHA1	`78614434bd30e2c9ed5e6328a0459642d8512da6`
SHA256	`d7844fee1ab25f1f3f5f4677703fda678532988d60500c5dcfdc06324f897b37`
SHA3	`e86ac2edb55c063f2fad0ff29dbe7e86eb37716d8aef480fd8032595ee6d8a54`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Jan-08 09:39:28
Version	`0.0`
SizeofData	`73`
AddressOfRawData	`0x402ee4`
PointerToRawData	`0x401ee4`
Referenced File	D:\ActivationTool\x64\Release\ActivationTool.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Jan-08 09:39:28
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x402f30`
PointerToRawData	`0x401f30`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Jan-08 09:39:28
Version	`0.0`
SizeofData	`964`
AddressOfRawData	`0x402f44`
PointerToRawData	`0x401f44`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Jan-08 09:39:28
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140403338`
EndAddressOfRawData	`0x14040334c`
AddressOfIndex	`0x140492198`
AddressOfCallbacks	`0x1403288e8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1404568d0`

RICH Header

XOR Key	`0x61b219b6`
Unmarked objects	`0`
ASM objects (26715)	`19`
C++ objects (26715)	`212`
199 (41118)	`1`
C objects (VS 2015/2017/2019 runtime 28619)	`19`
ASM objects (VS 2015/2017/2019 runtime 28619)	`12`
C objects (VS2019 Update 6 (16.6.1-5) compiler 28806)	`23`
C++ objects (VS2019 Update 6 (16.6.1-5) compiler 28806)	`295`
C++ objects (VS 2015/2017/2019 runtime 28619)	`96`
C objects (26715)	`33`
262 (26715)	`1`
Imports (26715)	`31`
Total imports	`600`
265 (VS2019 Update 6 (16.6.1-5) compiler 28806)	`8`
Resource objects (VS2019 Update 6 (16.6.1-5) compiler 28806)	`1`
151	`1`
Linker (VS2019 Update 6 (16.6.1-5) compiler 28806)	`1`

2f9f5e938daa77e41128ce3c6bb33b80

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

APPICON

LOGINICON

101

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors