47b2f11d80f862705a50556e08b476b6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Jun-29 02:18:25
Detected languages English - United States
CompanyName SafeNet, Inc.
FileDescription License Manager
FileVersion 21.1.1.80248
InternalName hasplms.exe
LegalTrademarks Sentinel(r) is a registered trademark of SafeNet, Inc.
LegalCopyright (c) 2018 SafeNet, Inc. All rights reserved.
OriginalFilename hasplms.exe
ProductName Sentinel LDK
ProductVersion 7.8

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Looks for VirtualPC presence:
  • 0f 3f 07 0b
 Looks for Qemu presence:
  • QEMU
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Suspicious The PE is possibly packed. Unusual section name found: .sect0
Section .sect0 is both writable and executable.
Unusual section name found: .protext
Section .protext is both writable and executable.
Unusual section name found: .prodata
Section .prodata is both writable and executable.
The PE only has 6 import(s).
Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegCloseKey
Malicious The PE's digital signature is invalid. Signer: SafeNet Canada
Issuer: DigiCert EV Code Signing CA (SHA2)
The file was modified after it was signed.
Malicious VirusTotal score: 3/70 (Scanned on 2020-01-13 07:22:12) Cylance: Unsafe
Trapmine: malicious.high.ml.score
eGambit: PE.Heur.InvalidSig

Hashes

MD5 47b2f11d80f862705a50556e08b476b6
SHA1 0ffd9dd361c6dab4a1675fbc4279d6d1c515b0fa
SHA256 274a2dff8133bd9036038159c1c67289f973d6eabf64dd95a02f5bec8111aad3
SHA3 e7f5a62ef3bac8e928891064887a0e2966d48315ae31a336498e46ad7deb67ee
SSDeep 49152:himtHlNgDVZWmBX8UFYUV/hHAFhB4Tk0V+86aITfkoGXBiF+EyETQ:MmllW8UPVkhKQ0Ux9fqB0Cb
Imports Hash 884ccd5e31b67c2c83a36a087cc831bf

DOS Header

e_magic MZ
e_cblp 0
e_cp 0x26
e_crlc 0
e_cparhdr 0x140
e_minalloc 0x400
e_maxalloc 0x400
e_ss 0x330
e_sp 0x100
e_csum 0
e_ip 0x2a
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2018-Jun-29 02:18:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x595000
SizeOfInitializedData 0xd8c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x006B2000 (Section: .protext)
BaseOfCode 0x1000
BaseOfData 0x64b000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xa061c5
SizeOfHeaders 0x400
Checksum 0x35cc69
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x20000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.sect0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x6af007
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc

MD5 b8457d20bd9a181c5c2c823547ceac4a
SHA1 a698442da037ff6c471aee7058b7eff196f2e6c9
SHA256 823ec2880578e200f648bed7b338c0ea4f683d460c7d9d13c35229ee4d440ef4
SHA3 4efef024a7e2d5f6e99573b140b90210839150f8a567a0ff76b06736e6d2258c
VirtualSize 0x67c
VirtualAddress 0x6b1000
SizeOfRawData 0x4600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.59873

.protext

MD5 4f093c83a2736928a4282f253238a87f
SHA1 33e3a062daf07d6cbb8139138c561cead79d1dd7
SHA256 9b05f320f851e21804515608b7fc25fefcc83d79f6ff1dcc7d7b3a63d4864b5f
SHA3 81eb64013697fe7be2b4a114a42b5c89d20a2caaee558b782907dac4e3b89395
VirtualSize 0x529c
VirtualAddress 0x6b2000
SizeOfRawData 0x5400
PointerToRawData 0x4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.957

.prodata

MD5 55b9944f79740d63bd8eb40b02be8eb6
SHA1 479d44ab3ad1c2af80c6d96e232263aea8953d38
SHA256 ce1454d3ef4b541b8eafad58371d1227528b28b2a70ba14c2a81b1d1feb7fb95
SHA3 b020b16d14f0eef0a613aea6903bf3828b6ce371b4471598600d8bdac1efce60
VirtualSize 0x34e1c5
VirtualAddress 0x6b8000
SizeOfRawData 0x349000
PointerToRawData 0x9e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.58029

Imports

ADVAPI32.dll RegCloseKey
WSOCK32.dll #151
USER32.dll RegisterDeviceNotificationA
VERSION.dll VerQueryValueA
dbghelp.dll GetTimestampForLoadedLibrary
KERNEL32.dll Sleep

Delayed Imports

1

Type RT_MESSAGETABLE
Language English - United States
Codepage Latin 1 / Western European
Size 0x74
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.15055
MD5 b7521278485c834d5d1e7f63f36cdd68
SHA1 2eaf909c5c2b45ae3e03dd133a76d4816eeab139
SHA256 5e396d1b4bb49bf39648a3d91c98c15929e713b81d25b3f060e95214398ed1ab
SHA3 f7e862787bfec5380879ea480506f377cb71367827e97ec873587f132512f46e

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x390
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48567
MD5 0f0023a04f519e9380274ec4d4bdcc79
SHA1 e9bbc2301c3fb515e76b90002b6c403a961bf2d2
SHA256 056007334187a3007f01dac49217e912bab8137742b37af3e46b2fcd1497aa26
SHA3 0fb96f7d3ce17e2892bc1491ed72a70f184073ff687889a391086a2e779ff5b2

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x18e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.88183
MD5 ac7ad0698e4ab6cf7320ecf4cafc5101
SHA1 34918e9beb2932e19ae74f67f5fbc3d7c22aa8a6
SHA256 7076f473bc4362db3fb35e5531d475481dfd3a6bd38707ae3f5b9cf728c8e823
SHA3 bd8b80f6f44c4b3251d6f9aa803dadc39b9e98e5179f35984373adad73acafe6

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 21.1.20248.60000
ProductVersion 7.8.20248.60000
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName SafeNet, Inc.
FileDescription License Manager
FileVersion (#2) 21.1.1.80248
InternalName hasplms.exe
LegalTrademarks Sentinel(r) is a registered trademark of SafeNet, Inc.
LegalCopyright (c) 2018 SafeNet, Inc. All rights reserved.
OriginalFilename hasplms.exe
ProductName Sentinel LDK
ProductVersion (#2) 7.8
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .sect0 has a size of 0!
<-- -->