4db61bb0507db84cbcee7ca0f15db06b

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Nov-12 11:12:49
Detected languages English - United States
German - Germany
Process Default Language
Comments English / French / German Version
CompanyName Steinberg Media Technologies GmbH
FileDescription Protected Object Server
FileVersion 2, 19, 2, 0
InternalName SYNSOPOS
LegalCopyright Copyright � 2019, Steinberg Media Technologies GmbH
OriginalFilename SYNSOPOS.exe
PrivateBuild Build 1
ProductName eLicenser Control
ProductVersion 2, 19, 2, 0
Soft-eLicenser Version 2, 2, 5, 5

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • eLicenser.net
  • http://www.eLicenser.net
  • http://www.eLicenser.net'.
  • www.eLicenser.net
Suspicious The PE is packed with mpress Unusual section name found: .MPRESS1
Section .MPRESS1 is both writable and executable.
Unusual section name found: .MPRESS2
Section .MPRESS2 is both writable and executable.
Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegCloseKey
Malicious VirusTotal score: 44/69 (Scanned on 2020-12-23 15:06:36) Bkav: W32.AIDetectVM.malware1
Elastic: malicious (high confidence)
MicroWorld-eScan: Trojan.GenericKD.35465977
FireEye: Trojan.GenericKD.35465977
CAT-QuickHeal: Trojan.Generic
McAfee: RDN/Generic.grp
Cylance: Unsafe
K7AntiVirus: Riskware ( 0040eff71 )
Alibaba: Trojan:Application/Generic.c098cfa1
K7GW: Riskware ( 0040eff71 )
Cybereason: malicious.0507db
Cyren: W32/Trojan.BXGQ-8135
APEX: Malicious
BitDefender: Trojan.GenericKD.35465977
Paloalto: generic.ml
Ad-Aware: Trojan.GenericKD.35465977
Emsisoft: Trojan.GenericKD.35465977 (B)
Comodo: Malware@#2320aagbdv5nl
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: TROJ_GEN.R066C0PJR20
McAfee-GW-Edition: RDN/Generic.grp
Sophos: Mal/Generic-S
SentinelOne: Static AI - Suspicious PE
GData: Trojan.GenericKD.35465977
Jiangmin: Trojan.Generic.ekgsp
Webroot: W32.Trojan.GenKD
Antiy-AVL: Trojan/Win32.Occamy
Kingsoft: Win32.Heur.KVMH008.a.(kcloud)
Gridinsoft: Trojan.Win32.Agent.oa
Arcabit: Trojan.Generic.D21D2AF9
AegisLab: Trojan.Win32.Swisyn.lISn
AhnLab-V3: Unwanted/Win32.Cracked.C3411029
BitDefenderTheta: Gen:NN.ZexaCO.34700.Imuaae@bKXqO
ALYac: Trojan.GenericKD.35465977
MAX: malware (ai score=80)
VBA32: Trojan.Wacatac
ESET-NOD32: a variant of Generik.BSZQABH
TrendMicro-HouseCall: TROJ_GEN.R066C0PJR20
Rising: Trojan.Tiggre!8.ED98 (TFE:5:3LxdtBEOcKH)
Yandex: Trojan.GenAsa!naXC58XT8cQ
Ikarus: Trojan.Dropper
MaxSecure: Trojan.Malware.7164915.susgen
Fortinet: W32/Generic!tr
CrowdStrike: win/malicious_confidence_100% (W)

Hashes

MD5 4db61bb0507db84cbcee7ca0f15db06b
SHA1 eb0a82fb7e04bd797d7ae58f692e34b4ce81a2e0
SHA256 4d588214071c9670efff3faecee074d9e9a5f90a3826569759f0828270a72b46
SHA3 072d2afdd89255d1d2cf5b8067b25f67a03145169af0e0f2147e1b472284c6ca
SSDeep 12288:mzoQ4g7GpEC/iLTZiZamzQlCS1tDcnRaxQqubZxeIMDiWE+3Sqi5D2QBFEy2F4jj:mcI7GpEC/+iA9/1t7xQqf6WE+3Sqi5Dn
Imports Hash 2e67fae158d8ee073bbf292f5135cdfe

DOS Header

e_magic MZ
e_cblp 0x40
e_cp 0x1
e_crlc 0
e_cparhdr 0x2
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0xb400
e_oeminfo 0xcd09
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2019-Nov-12 11:12:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x166a00
SizeOfInitializedData 0xa3c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0020E25D (Section: .MPRESS2)
BaseOfCode 0x1000
BaseOfData 0x168000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x224000
SizeOfHeaders 0x200
Checksum 0x8d22f
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.MPRESS1

MD5 ffc0927609126ef9babf89132371f24a
SHA1 34eca5579312b7d0d77410f2b3479f8b765b9162
SHA256 dc4a8375d59c328ca20f6140781128ebd6c2afaef17c421174e3351d74eb0d3c
SHA3 6b2d38747bf7a8eba30b396cb69d786aaca1f0f43a59d61c82b3540de8fd9eb9
VirtualSize 0x20d000
VirtualAddress 0x1000
SizeOfRawData 0x75a00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99959

.MPRESS2

MD5 a71dfb31387a776a03b915248dcfcd12
SHA1 2f2d77c8b5a7911e3fdaf6cc525ec869a671a9c0
SHA256 89b7c42f85477ba576f06624779b3dfc93c8b6e91c50645fa112d3ff1e700a35
SHA3 a4334ca1db3ce76d19bc4013943225fe6e0997eea12d5b3a380f5de648919696
VirtualSize 0xde8
VirtualAddress 0x20e000
SizeOfRawData 0xe00
PointerToRawData 0x75c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.04938

.rsrc

MD5 d51f8374bfc85e303041c5496ca9b472
SHA1 aee44b0dba87cb706462fc97f42c315bc9dd1593
SHA256 8c834e85b7affc4db8e4a98da23244437c562639049821066795b3b6cd4c90d5
SHA3 b59ffd6cfbe7d43a9ac2f08e4eed14091bd6fe30dae3a0dd69846de99397230f
VirtualSize 0x14c00
VirtualAddress 0x20f000
SizeOfRawData 0x14c00
PointerToRawData 0x76a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.33739

Imports

KERNEL32.DLL GetModuleHandleA
GetProcAddress
WINMM.dll timeGetTime
USER32.dll wsprintfA
ADVAPI32.dll RegCloseKey
SHELL32.dll SHGetFolderPathA
ole32.dll StringFromIID
OLEAUT32.dll #186
VERSION.dll VerQueryValueA
SETUPAPI.dll SetupDiGetClassDevsA
IPHLPAPI.DLL GetAdaptersInfo

Delayed Imports

32000

Type LANGUAGES
Language German - Germany
Codepage UNKNOWN
Size 0x13e67
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.22324
MD5 8381a14b738500050ba932c9aa4c15d2
SHA1 5dc079f67c10980764a82fa833c6692ffc3b0ef6
SHA256 60aabf0bd561196004994cf242679eca167183a879da6c4b07076294002c1def
SHA3 b76fa81f1e6c09a2a13e0c2081ea3a30c433b4426ae671fcd939877d515a8667

1

Type TYPELIB
Language Process Default Language
Codepage UNKNOWN
Size 0x694
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.91644
MD5 e921f8a5d20e26b5d34b14d8ece3f8d1
SHA1 aaba2cc69c6f2d7fca112df9b0ecddf9bb7d5d77
SHA256 86503b7ecd90196ae568fe46f0bf8aca2d55bcc0edc3d0650fb31085b5eb3c2a
SHA3 d372b7e4ff2ee9dfc7ca8bf1a99aabf3b8994dbe858279472951a0005ded7395

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x430
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.45761
MD5 b4921768093551bce538d978294df9ee
SHA1 05e2f39f7136527a79e23d99f04d462048b67655
SHA256 d31eb3394a77256604942b13950e9a37519ff97ec10500036e627f62c0cd01ac
SHA3 31dd40c8d9936a993578d6d275848776f895beaecba9617504158043ac42ebd7

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.19.2.0
ProductVersion 2.19.2.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments English / French / German Version
CompanyName Steinberg Media Technologies GmbH
FileDescription Protected Object Server
FileVersion (#2) 2, 19, 2, 0
InternalName SYNSOPOS
LegalCopyright Copyright � 2019, Steinberg Media Technologies GmbH
OriginalFilename SYNSOPOS.exe
PrivateBuild Build 1
ProductName eLicenser Control
ProductVersion (#2) 2, 19, 2, 0
Soft-eLicenser Version 2, 2, 5, 5
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table. [*] Warning: Could not read a WIN_CERTIFICATE's header.