Manalyze report for 0ab425c2986ac1c058dea5b68e1d41ded478986c26e764aff565e7b6ccb35cec

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Apr-28 18:59:11
Detected languages	English - United Kingdom
Comments	www.Dr-FarFar.com
CompanyName	Dr.FarFar \| www.Dr-FarFar.com
FileDescription	HCL AppScan Standard Activation Tool (ViP)
FileVersion	`10.0.7.28150`
InternalName	HCL AppScan Standard Activation Tool.exe
LegalCopyright	Copyright © Dr.FarFar
LegalTrademarks	www.Dr-FarFar.com
OriginalFilename	HCL AppScan Standard Activation Tool.exe
ProductName	HCL AppScan Standard Activation Tool (ViP)
ProductVersion	`10.0.7.28150`
Assembly Version	10.0.7.28150

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: Dr-FarFar.com FarFar.com aia.ws.symantec.com crl.ws.symantec.com d.symcb.com s.symcb.com symantec.com symcb.com ts-aia.ws.symantec.com ts-crl.ws.symantec.com ws.symantec.com www.Dr-FarFar.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Section .rsrc is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteA` `Has Internet access capabilities: InternetQueryDataAvailable`
Info	The PE's resources present abnormal characteristics.	`Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.` `Resource 313 is possibly compressed or encrypted.` `Resource SCRIPT is possibly compressed or encrypted.`
Malicious	VirusTotal score: 13/68 (Scanned on 2022-04-30 02:52:21)	`Elastic: malicious (high confidence)` `Cynet: Malicious (score: 99)` `Cylance: Unsafe` `Cybereason: malicious.0173be` `Rising: Backdoor.Agent!8.C5D (TFE:dGZlOgUg0MjW1qFOvQ)` `F-Secure: Heuristic.HEUR/AGEN.1231092` `McAfee-GW-Edition: BehavesLike.Win64.AdwareIMonster.tc` `FireEye: Generic.mg.689b91f25e95868b` `SentinelOne: Static AI - Suspicious PE` `Avira: HEUR/AGEN.1231092` `Microsoft: Trojan:Win32/Sabsik.FL.B!ml` `Ikarus: Trojan.Win64.Enigma` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`689b91f25e95868bc1029694369425cb`
SHA1	`ce00dd00173be34a8fbcc3817999e2422e1eff11`
SHA256	`0ab425c2986ac1c058dea5b68e1d41ded478986c26e764aff565e7b6ccb35cec`
SHA3	`4eaacb127cdeb383ecb96ac6e8928829e2161115922c2a9655149267bf986d89`
SSDeep	`98304:BS0Q5WpgnYLyDnci1D5k7IlSlzJSxSmHSMz/NwMo6S9cYk+zGcrtr:BS0pgMli1D0IlCzJSxryMz/po6SKUrt`
Imports Hash	`9a75d7acdf925bd461b339dcd4b2e5ad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2022-Apr-28 18:59:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0xa8400`
SizeOfInitializedData	`0x1bfe00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000010FD7B0 (Section: )`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x1100000`
SizeOfHeaders	`0x400`
Checksum	`0x271b50`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x800000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x800000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`a58ed2bc633fe2f234d6702398979a3f`
SHA1	`74908fe40d8ad1b6ad56e61d7960013432de795a`
SHA256	`e8b64a48295632adb3f610c987b10e362ef3d1a7b2dbc314c3a0b93b4bc1da75`
SHA3	`6f107b78ba39d4982498f8eaa669bab55e71ff12a27717e41dc40559223dd37a`
VirtualSize	`0xa9000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x54800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99932`

Section_2

MD5	`2ef96cb8deb15b00f721f3cdc19bb7ae`
SHA1	`9fecbcf16e906cf96f220dfe60636e6d97150abd`
SHA256	`b956d0cf2681684cf4576c2db3643acf1480cdc7848a3b65c1edcb96c2dde187`
SHA3	`aaaea1996d2407dcdeb45fb5fb5209106c46d91bb367c89bdbaa999d1ce63eb5`
VirtualSize	`0x32000`
VirtualAddress	`0xaa000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x54c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.9884`

Section_3

MD5	`0a316fd19615e2c73f6b4efb11dba9f3`
SHA1	`6d1a4a1e16bdfa2ffe3a8af79fd3e455582b51f1`
SHA256	`4f1df0fd18617c5b74d5c51c4b20d4c3bffa4c836f83696003054369d31ed208`
SHA3	`102c9cbfe64ea74e87fc8bec0f90b9ece491ce2b1f8d609b079d8bdc5367ffed`
VirtualSize	`0xc000`
VirtualAddress	`0xdc000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x61600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.02267`

Section_4

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7000`
VirtualAddress	`0xe8000`
SizeOfRawData	`0`
PointerToRawData	`0x62000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Section_5

MD5	`64071907af8d1c396dc7c5a06ee594d5`
SHA1	`00b83760939deae4f8ac6c3af258084b124fea84`
SHA256	`efc5468e129f278ef725105fcda1555db08a1bd0a7ab9fdfee12ae522fdf5946`
SHA3	`c1e1f0967d7c645490857616ec3e41d1788860fa29aa0ac6096ac43ce1413367`
VirtualSize	`0x181000`
VirtualAddress	`0xef000`
SizeOfRawData	`0x162000`
PointerToRawData	`0x62000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99985`

Section_6

MD5	`1c52ae8aeec18704d69cf9920d7cc588`
SHA1	`90b80e39e84d2d32925778a9142052bc77f102e6`
SHA256	`b9ff394a2500ff9fd9b0130fa8414d961b90060f74050050c5a155c9c5c24eea`
SHA3	`ab6ff90f46262f43aa279140cb58cd2b0df7da94b682f67731e8d4725be7b38c`
VirtualSize	`0x1000`
VirtualAddress	`0x270000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1c4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.42925`

.rsrc

MD5	`09fa063f2e8f924379f2aca2c7807d39`
SHA1	`a86fdbd91e803e869b7639e8130b3f7c93711266`
SHA256	`b98c166ef4bc9ac6f7f375c7a3c3f5f127ebf6d3943d3e4e1d6d17463c9333cc`
SHA3	`15c4c9532dd07d33c00f4fcda3b3c3b0ca3f0c48edd1b75821ce14f50c51c106`
VirtualSize	`0x3f000`
VirtualAddress	`0x271000`
SizeOfRawData	`0x3e800`
PointerToRawData	`0x1c4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.24561`

Section_8

MD5	`d72c2d3aa81a730a40c8c6cdfb458645`
SHA1	`ebce22fcad99b7809278c81fb4eaa72a55b86c9f`
SHA256	`9aeceacd9df3a71202d39d5e6a3f4d675a54c47299611b8de0b249601686ba0c`
SHA3	`750c92d1dcfebe8849c1886ca30636cabf0995f57e50d5066daffbce1856c2d6`
VirtualSize	`0xb7e000`
VirtualAddress	`0x2b0000`
SizeOfRawData	`0xcf000`
PointerToRawData	`0x203000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99974`

Section_9

MD5	`c907f7d60893680d7f73c2b0b7c3021f`
SHA1	`18475170762fef9c576a544947c81cd90e17c1db`
SHA256	`463ea0e7726a2f9b52dbf4768b9f971d6edc1f8e2259cb868672040129846281`
SHA3	`7fbdf99fa9cf8a05c011aac5ddde5cac3282656345a5f8e41c46e1c51294cbec`
VirtualSize	`0x2d2000`
VirtualAddress	`0xe2e000`
SizeOfRawData	`0x2d1c00`
PointerToRawData	`0x2d2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.95923`

Imports

kernel32.dll	`GetModuleHandleA` `GetProcAddress` `ExitProcess` `LoadLibraryA`
user32.dll	`MessageBoxA`
advapi32.dll	`RegCloseKey`
oleaut32.dll	`SysFreeString`
gdi32.dll	`CreateFontA`
shell32.dll	`ShellExecuteA`
version.dll	`GetFileVersionInfoA`
ole32.dll	`OleInitialize`
WSOCK32.dll	`WSACleanup`
WINMM.dll	`timeGetTime`
COMCTL32.dll	`ImageList_ReplaceIcon`
MPR.dll	`WNetUseConnectionW`
WININET.dll	`InternetQueryDataAvailable`
PSAPI.DLL	`GetProcessMemoryInfo`
IPHLPAPI.DLL	`IcmpCreateFile`
USERENV.dll	`DestroyEnvironmentBlock`
UxTheme.dll	`IsThemeActive`
COMDLG32.dll	`GetOpenFileNameW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66371`
MD5	`d6f27bf763eb666af934477958acf362`
SHA1	`f724ee386cda31b32b5c88e08b9abf562c016a57`
SHA256	`62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5`
SHA3	`6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05883`
MD5	`78f30e363a0499f530d057b4d639d36e`
SHA1	`360bd6476101b0cddc23d2c7eade326c1b16ceaf`
SHA256	`08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e`
SHA3	`001ac9f6e8e52f9c3eb7101189fb953e2f4babfdea5b6e26b23b99173af38de4`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25499`
MD5	`ad424f5f5d5ff4460343686c61e4f75e`
SHA1	`29a1f0faadc42f1b9f9767d8c724fdc58dd165c8`
SHA256	`245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9`
SHA3	`4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x5746`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93002`
Detected Filetype	PNG graphic file
MD5	`b7e975ceba2f43c6f052c8e076ea7806`
SHA1	`72158819a5271a22511e2a8d9f0ccc1b8f4ab2e4`
SHA256	`33c4ed0935dd3e2de1165d7c881b8ed258bc58463ff92a3d42d00b4d1794dd71`
SHA3	`049c57caa166803dde2ab51dfdc195f758cac86e2abaffa77eb3effc507f8a8b`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x114fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99152`
Detected Filetype	PNG graphic file
MD5	`2af98bcf06d2fd3edc3d39782bf48885`
SHA1	`bc00fa77f9d6a0b12f28d09c180421fc3fa288f1`
SHA256	`874f0f7a91829447dbea6b351dab1da67502893a7725bfa285572f976dc69373`
SHA3	`a2bed4d8b7fad0c425266efbf2a330f6b45cac957382f16962b7f563707b6a18`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x162f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99181`
Detected Filetype	PNG graphic file
MD5	`6dc876de33b7b60c446ebae56a061c52`
SHA1	`97640edc94d492f7502b207094a6d79f06165cbe`
SHA256	`5a8fd3a2357823da73067cccb8cfd96f2e277a083cd7e8f6a277b5219396b374`
SHA3	`992f35e6e0ea8dcc57fe7e27ae4951ad3bbebfb6499166606ae202e3f307df65`

7

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.9285`
MD5	`68cca9471217cb5aa21b7bf8e48eb739`
SHA1	`c920053508dcdc9089fdbfaf1e63daca1b0e63a9`
SHA256	`a6fc7446870b06ab17560cb5b5eecbb6a1c629585251bf1b2704cf1f9280c1fb`
SHA3	`5ddf762f83855b10070cc165205b54dbd895a02a13e1a140e21f620761e333a3`

8

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0339`
MD5	`7ccf3256e8124eeb319ac78e92c76e63`
SHA1	`ec5f51287153655c010ed3d24ce161a4ab8a1d65`
SHA256	`531a73bf07cec5dabe1b485d9e7c1ae9d471ab284fbc50ed35dbcf83310f32f0`
SHA3	`31a9bbe9de9d978531ebc462566e46bcc067071d06b0fb80be15794ddabc6027`

9

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36384`
MD5	`cade307471806573abe86e72f7023b60`
SHA1	`bbde03744b83929329a45fd2920bda714e30b7ff`
SHA256	`1890880817038995e6bdffbdf9fa53dddb7cce4aecf8f6441e6830c1305eace6`
SHA3	`1a252c7158a4bfbc14c2cccc87216f5e5d48344c07984142dc16c26f93dfd9f7`

10

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41268`
MD5	`6f11d824bccf63a76296c96d029ca404`
SHA1	`3ee70526542e389bdf00cadba630cb404ac9bb47`
SHA256	`e0053beddeb146a936ab32d45ea86b30bd540933a723080f7c4863e6da864fbe`
SHA3	`4c099751b049c9046a40fc0d0e58a6e8ca42b82b0dd4d258a447c4ba00bcb323`

11

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34364`
MD5	`13c155a9ed3e4bece76bb12cb2bbb87d`
SHA1	`5498e2f8a3b5dc8ef51026815b0bdd8e54392f40`
SHA256	`40b0b44e5c57e9f46966a8076984e063789ef4f647d7670de2e862a0aebd96ad`
SHA3	`56235229b12de2fd5a9f5c7a8e843060f7c3834bfb1887455c785d60cf0355f0`

12

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34738`
MD5	`93acbac9212b60be3127bd3eb6b64df9`
SHA1	`2f83fb2f3233eefc78e7f7aac4775672f44a9b72`
SHA256	`e26d68710841059150ebcf87b0703ee6808565566ec87697f094c740d2bd2d6c`
SHA3	`47ee5ba69e0a815f0ab46830ce0c120a3f7bf1d5f736ba8039ee10b8abb9e527`

13

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0352`
MD5	`0ea130fdc9e4a8341477db2407855b8c`
SHA1	`ebd466c6136c1a891449916341f476ad11ec5482`
SHA256	`918180c427baf921ed4d82443c40d1ee48e230026b8e502356a55843bbbfc635`
SHA3	`e9273081f1e8b2aaf80db02100fc056500bafda79ab7fdca130624a451c351a6`

14

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06122`
MD5	`306ae0b6025293bc7a647fc2ec2a4d8a`
SHA1	`28b28a690179e69450bcf9573f3da71d6acc07ba`
SHA256	`8426f2c17d1e1a3b56bf5259795ba2a1615c721e39e111d9ce34347a89fd3bd6`
SHA3	`9668b8beec73f850d5395a0bcf14b4ebc2fd60a7549816a17ee91cc0d5ce1005`

15

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18874`
MD5	`537a5f4e3ed056ba76cb978bf10f5d97`
SHA1	`4b022ef95453c45a2a1f2caf76f1fd1c39f8763b`
SHA256	`d6ce7d84c14b4c029e5e43f9f39f5789106d96a25f600d4f14da36ece18d8e4f`
SHA3	`88d37a8e1e95d20e9459b365368f901a4fc75a795466aa248673634ab7d14416`

166

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.05306`
MD5	`4d96f2f73b1bd73de83af0d814e87d8e`
SHA1	`52e9afe847c769e09b8e8ad6e09082f34306e17e`
SHA256	`cd670a54ee8dd5aa7e27782aab00950bb9bb0f9019c4e489e9382276175fa073`
SHA3	`5b6aba3f00c272103060759ecf74695f37a827345c81120cccba2065939ca944`

7 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x594`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85193`
MD5	`e334bec369e7c08dbee4d14aec64023c`
SHA1	`975db4c9ce4da7e1e08c0c725f49e22e6caa28fa`
SHA256	`92a6e09c3561d82317029859f8bd591d0526d126e4292296c206540ef1a064e8`
SHA3	`4d2e07209828016fa89251f5bc6a9b0d80851d4417d2d130bb8b133b99646bee`

8 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x68a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89069`
MD5	`8d77389d2d84be3fb08389e96431bf47`
SHA1	`5c4d1c329d64325eac1539fe405beac9eb4924d5`
SHA256	`19671abdec72d584100969c7f1f11b4b4d8e7df01b786363b337b1ce2d6514a3`
SHA3	`ec6240730c3a71144ba5179d35a77ade3b8b41da5b675e9fd424c4ed4f4b90f8`

9 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87067`
MD5	`aadaf2f29187f509c40555c73631a144`
SHA1	`436b93ad812a553a1b207321c89b70fd5917eb52`
SHA256	`b6dbf71a3a0f19e53d8c147c71373e9dd250647a48e9850b0def4905b80ca43c`
SHA3	`1225be01edeba1938c62f213d8901c84b86ac53435abac081e5099fa8aa7f6c2`

10 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x5fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87966`
MD5	`1d60b0dcf57ac89aa0f65078b890741f`
SHA1	`3e4577752096d560d1539ce26eb9a65633f7ee82`
SHA256	`0172e411b582fdcc2ceee00fedcbb0c672a41081b3937421db798b40e564a173`
SHA3	`70103de941affeb7ff8f3692fd5a52ef7029b9a253e6efefdba041ef81951de1`

11 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x65c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88798`
MD5	`dc883a7c538193b18ae3ff5977a1d760`
SHA1	`2ba9eff9ab2e2ba4419d1653a18df4b5f3ab1f41`
SHA256	`db17fc761166b85771c5f1779514141e82e5d415499bd104e13a8e09353224f3`
SHA3	`bf8802cf69a5d8b9b4e174254f1ddf15b98ec179fe074ce7b5c7ba45e098923d`

12 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x466`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.81288`
MD5	`42f8da84881803f314aaa5b64e9a52ae`
SHA1	`7780be77713b0f56cf2b93a0e375c3115b10609f`
SHA256	`7e07c5c3c1f70d16dc9d7c615beb348d2780a0b8881d6d6b3463271b54296f56`
SHA3	`c8f3e582e00a8bb97e9927e2ac98de27852b56f62d90e8013337b73f846b4b29`

313

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.37718`
MD5	`2e09848a2559f06f280c3b96ad921897`
SHA1	`f967913de538f1442d1cc178fb4dc9801f18e686`
SHA256	`b21d0614f112999e4b2100025c3e08770297a23bc0cbfce8dec8d8d11e3a6196`
SHA3	`cbc75d67f86070d97f7c0de45f63ae6bbb2b340acaf9471aa33a0e7099e171e3`

SCRIPT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1405e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99903`
MD5	`d9eb8dc8ae1e7dda777d9212654e76c6`
SHA1	`365413c0890672311d629fc3d5231646b8ea59f3`
SHA256	`248e58965145a0b99c669c025a25163e0ad8d6dd947e38c835ca5f1ef8349a1e`
SHA3	`91c94a100a46b4adc09eabf222d8e1aada6c9093a27abc663649fa20fb7b6782`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99732`
Detected Filetype	Icon file
MD5	`b5a4b49739871d68b458d250564fd8d3`
SHA1	`4b528038b162a05beefbb5b983e2176ae4f2c3b9`
SHA256	`eced60229d9973ae5e0318756c429862f1757e328a13b34e7576e0f5c1265794`
SHA3	`736e6738110e8399b1e0fdd2db99f77f7bd9b5a4b2b71b0a13e9ec82f3ed198e`

162

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

164

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84274`
Detected Filetype	Icon file
MD5	`f64c60b749269fcf6659c450dda98486`
SHA1	`42945c3496bc4e1943a1a05926a9b5ee31d3e450`
SHA256	`ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1`
SHA3	`443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`60f05e3b8ea9e18928923bdbcc112277`
SHA1	`d97726a6e9c326a37507f879feca7e152157839c`
SHA256	`7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a`
SHA3	`390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48008`
MD5	`4e6453ef1d0067f65e3edee0bcacc326`
SHA1	`1b5ff3b7ad7b786a9fb196dc21b9c1a24f881b5b`
SHA256	`fa733cb82e5f773204a4f56bb172e6a329e6c0b22d14c64df1286f52956b59aa`
SHA3	`f5dd5861e72d95cf2a5cf9e2749d6d5090477e0945080a1adbb407f3278ec473`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x65d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33385`
MD5	`f51831972a9ecbd89990e1c18bf7d27b`
SHA1	`69b42e8354620f1cfffadf2d48cf9d66e7d3f7cc`
SHA256	`1376cdd3a45280b187926bbc8391cd6fd84c45cb112be1b3e9ce57c548883ebb`
SHA3	`727b6759d310684f074f276777f7ba79cfb7d44611ec4520a3ee9902af57d60e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.7.28150
ProductVersion	10.0.7.28150
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United Kingdom
Comments	www.Dr-FarFar.com
CompanyName	Dr.FarFar \| www.Dr-FarFar.com
FileDescription	HCL AppScan Standard Activation Tool (ViP)
FileVersion (#2)	10.0.7.28150
InternalName	HCL AppScan Standard Activation Tool.exe
LegalCopyright	Copyright © Dr.FarFar
LegalTrademarks	www.Dr-FarFar.com
OriginalFilename	HCL AppScan Standard Activation Tool.exe
ProductName	HCL AppScan Standard Activation Tool (ViP)
ProductVersion (#2)	10.0.7.28150
Assembly Version	10.0.7.28150

Resource LangID	English - United Kingdom

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x3a0cc232`
Unmarked objects	`0`
199 (41118)	`1`
C objects (20806)	`178`
ASM objects (20806)	`25`
C++ objects (20806)	`55`
C objects (VS2008 SP1 build 30729)	`8`
135 (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`37`
Total imports	`547`
234 (VS2013 UPD5 build 40629)	`80`
ASM objects (VS2013 UPD5 build 40629)	`1`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

Errors

[!] Error: Could not read the exported DLL name.
[*] Warning: Section  has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!

Leave a comment

No comments yet.