Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2019-May-16 10:43:08 |
Detected languages |
English - United States
|
Debug artifacts |
E:\FNP-11.16.2\tier1\FNP\Service\Build\_release-Windows-NT4-x86_64-main\FNPLicensingService.exe.pdb
|
CompanyName | Flexera |
FileDescription | Activation Licensing Service |
FileVersion | 11.16.2.3 build 249996 |
InternalName | FNPLicensingService64.exe |
LegalCopyright | Copyright (c) 2006-2018, Flexera. All Rights Reserved. |
OriginalFilename | FNPLicensingService64.exe |
ProductName | FlexNet Publisher (64 bit) |
ProductVersion | 11.16.2.3 build 249996 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Looks for VMWare presence:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA1
Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses constants related to Twofish Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. | Unusual section name found: .textidx |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Flexera Software LLC
Issuer: Symantec Class 3 SHA256 Code Signing CA |
Safe | VirusTotal score: 0/67 (Scanned on 2021-08-05 22:19:10) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2019-May-16 10:43:08 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 12.0 |
SizeOfCode | 0xd3200 |
SizeOfInitializedData | 0x9c800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000008D624 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x179000 |
SizeOfHeaders | 0x400 |
Checksum | 0x18085e |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetProcAddress
LoadLibraryA CreateNamedPipeA OpenEventA GetCurrentProcessId ResetEvent GetTempPathA SetLastError MultiByteToWideChar GetModuleHandleA LoadLibraryExA WideCharToMultiByte GetSystemTimeAsFileTime LocalFree GetCurrentThreadId GetLocalTime OpenMutexA FormatMessageA GetModuleFileNameA DeleteFileW GetFileAttributesW GetFileAttributesExW RemoveDirectoryW SetEndOfFile SetFilePointerEx MoveFileExW AreFileApisANSI EncodePointer GetStringTypeW IsDebuggerPresent OutputDebugStringW WriteConsoleW SetStdHandle GetTimeZoneInformation OpenProcess ResumeThread SuspendThread Sleep CreateEventA CreateMutexA WaitForSingleObjectEx WaitForSingleObject ReleaseMutex SetEvent LeaveCriticalSection EnterCriticalSection InitializeCriticalSection GetOverlappedResult DisconnectNamedPipe ConnectNamedPipe OutputDebugStringA DecodePointer FindNextFileA FindFirstFileA FindClose CreateDirectoryA CreateWaitableTimerA CreateThread SetWaitableTimer WaitForMultipleObjectsEx GetDriveTypeA QueryDosDeviceA GetVersionExA GetSystemDirectoryA WriteFile DeviceIoControl CloseHandle SetFilePointer ReadFile CreateFileA DeleteCriticalSection InitializeCriticalSectionAndSpinCount GetProcessHeap HeapSize HeapFree HeapReAlloc HeapAlloc HeapDestroy GetLastError RaiseException CreateFileW ReadConsoleW GetConsoleMode GetConsoleCP FlushFileBuffers FreeEnvironmentStringsW GetEnvironmentStringsW QueryPerformanceCounter GetFileType GetOEMCP GetACP IsValidCodePage GetModuleFileNameW GetStdHandle GetModuleHandleExW ExitProcess EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetLocaleInfoW LCMapStringW CompareStringW GetTimeFormatW GetDateFormatW GetModuleHandleW GetStartupInfoW TlsFree TlsSetValue TlsGetValue TlsAlloc TerminateProcess GetCurrentProcess SetUnhandledExceptionFilter UnhandledExceptionFilter RtlVirtualUnwind RtlCaptureContext RtlPcToFileHeader RtlLookupFunctionEntry RtlUnwindEx IsProcessorFeaturePresent GetCommandLineA LoadLibraryExW GetCPInfo SetEnvironmentVariableA |
---|---|
USER32.dll |
wsprintfA
|
ADVAPI32.dll |
InitializeAcl
CryptGenRandom CryptReleaseContext CryptAcquireContextA SetNamedSecurityInfoA GetNamedSecurityInfoA GetAce EqualSid StartServiceCtrlDispatcherA SetServiceStatus RegisterServiceCtrlHandlerA QueryServiceConfigA OpenServiceA OpenSCManagerA CloseServiceHandle RegEnumKeyExA RegDeleteValueA RegDeleteKeyA ReportEventA RegisterEventSourceA DeregisterEventSource SetSecurityDescriptorDacl MakeSelfRelativeSD MakeAbsoluteSD IsValidSid InitializeSid InitializeSecurityDescriptor GetSidSubAuthority GetSidLengthRequired GetSecurityDescriptorSacl GetSecurityDescriptorOwner GetSecurityDescriptorLength GetSecurityDescriptorGroup GetSecurityDescriptorDacl GetSecurityDescriptorControl GetLengthSid GetAclInformation CopySid AddAce RegSetValueExA RegQueryValueExA RegOpenKeyExA RegCreateKeyExA RegCloseKey |
ole32.dll |
CoUninitialize
CoInitializeEx CoInitializeSecurity CoSetProxyBlanket CoCreateInstance |
SHELL32.dll |
#680
|
OLEAUT32.dll |
SysAllocString
SysAllocStringLen SysFreeString SafeArrayDestroy SafeArrayGetUBound SafeArrayGetLBound SafeArrayAccessData SafeArrayUnaccessData VariantInit VariantClear |
dhcpcsvc.DLL |
DhcpRequestParams
|
WS2_32.dll |
__WSAFDIsSet
closesocket connect recv ioctlsocket send setsockopt socket WSAStartup WSACleanup WSAGetLastError getaddrinfo freeaddrinfo select |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 11.16.2.3 |
ProductVersion | 11.16.2.3 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Flexera |
FileDescription | Activation Licensing Service |
FileVersion (#2) | 11.16.2.3 build 249996 |
InternalName | FNPLicensingService64.exe |
LegalCopyright | Copyright (c) 2006-2018, Flexera. All Rights Reserved. |
OriginalFilename | FNPLicensingService64.exe |
ProductName | FlexNet Publisher (64 bit) |
ProductVersion (#2) | 11.16.2.3 build 249996 |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-May-16 10:43:08 |
Version | 0.0 |
SizeofData | 124 |
AddressOfRawData | 0x1073e0 |
PointerToRawData | 0x1059e0 |
Referenced File | E:\FNP-11.16.2\tier1\FNP\Service\Build\_release-Windows-NT4-x86_64-main\FNPLicensingService.exe.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-May-16 10:43:08 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x10745c |
PointerToRawData | 0x105a5c |
Size | 0x70 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140145c30 |
XOR Key | 0x7e6ae17 |
---|---|
Unmarked objects | 0 |
ASM objects (20806) | 19 |
C objects (65501) | 1 |
C++ objects (20806) | 90 |
C objects (20806) | 225 |
C objects (VS2010 SP1 build 40219) | 94 |
ASM objects (VS2013 UPD5 build 40629) | 1 |
C objects (VS2013 UPD5 build 40629) | 41 |
Imports (65501) | 17 |
Total imports | 233 |
208 (65501) | 1 |
C++ objects (VS2013 UPD5 build 40629) | 92 |
Resource objects (VS2013 build 21005) | 1 |
Linker (VS2013 UPD5 build 40629) | 1 |