Manalyze report for 85660e87ce872c7986e1dd1a3ee66109

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-May-16 10:43:08
Detected languages	English - United States
Debug artifacts	E:\FNP-11.16.2\tier1\FNP\Service\Build\_release-Windows-NT4-x86_64-main\FNPLicensingService.exe.pdb
CompanyName	Flexera
FileDescription	Activation Licensing Service
FileVersion	`11.16.2.3 build 249996`
InternalName	FNPLicensingService64.exe
LegalCopyright	Copyright (c) 2006-2018, Flexera. All Rights Reserved.
OriginalFilename	FNPLicensingService64.exe
ProductName	FlexNet Publisher (64 bit)
ProductVersion	`11.16.2.3 build 249996`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMWARE VMWare VMware` `Looks for Qemu presence: QEMU Qemu` `Accesses the WMI: ROOT\CIMV2`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to Twofish` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .textidx`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA LoadLibraryExW` `Can access the registry: RegEnumKeyExA RegDeleteValueA RegDeleteKeyA RegSetValueExA RegQueryValueExA RegOpenKeyExA RegCreateKeyExA RegCloseKey` `Uses Microsoft's cryptographic API: CryptGenRandom CryptReleaseContext CryptAcquireContextA` `Can create temporary files: GetTempPathA CreateFileA CreateFileW` `Leverages the raw socket API to access the Internet: __WSAFDIsSet closesocket connect recv ioctlsocket send setsockopt socket WSAStartup WSACleanup WSAGetLastError getaddrinfo freeaddrinfo select` `Interacts with services: QueryServiceConfigA OpenServiceA OpenSCManagerA` `Enumerates local disk drives: GetDriveTypeA` `Manipulates other processes: OpenProcess` `Changes object ACLs: SetNamedSecurityInfoA`
Info	The PE is digitally signed.	`Signer: Flexera Software LLC` `Issuer: Symantec Class 3 SHA256 Code Signing CA`
Safe	VirusTotal score: 0/67 (Scanned on 2021-08-05 22:19:10)	`All the AVs think this file is safe.`

Hashes

MD5	`85660e87ce872c7986e1dd1a3ee66109`
SHA1	`41ff9db1ccd5040d7cd2478bdb6f9afa84b0029a`
SHA256	`7e25dc9a5d312689c74611dad83038e5ff68291866a00cd14e8a5dc26a6696b8`
SHA3	`1a18ee76662fe8de80c36624280e34ec0aa2bce4c84e4fa4f81034f4c4999361`
SSDeep	`24576:CgpMQ1/7AquygInweUSEs2ASFl1P/QOEDaDlNhPQNP:CuMQrufAweUSEs2fFl2uNhk`
Imports Hash	`dd33592260cda05120fe0ae8e57e7e19`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2019-May-16 10:43:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0xd3200`
SizeOfInitializedData	`0x9c800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000008D624 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x179000`
SizeOfHeaders	`0x400`
Checksum	`0x18085e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`510e42e0889e914f4e716adafd491355`
SHA1	`618c89dbbb36c1819a9eacfa2cc6af18e4b3849b`
SHA256	`415b34b0a55237f418ecc4682cafac0ab1e7c8422b06eadaa29734862ad725d2`
SHA3	`93e342784af7d24570019c9bda883b5fd1a187827738d1257b778b5d3f32bd30`
VirtualSize	`0xb95bc`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb9600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.38665`

.textidx

MD5	`ed83c43f073a2fa1427ada0845d45094`
SHA1	`f026572132de2ff78f1161ff638d5dda9e357173`
SHA256	`1a81803bf98295acc6f082ae8502ffc57448c0933f27213d6231e6b919042912`
SHA3	`17921c392159167194b053639069f91dc3038d92246fa217c3b13f7e34b9b71b`
VirtualSize	`0x19ab9`
VirtualAddress	`0xbb000`
SizeOfRawData	`0x19c00`
PointerToRawData	`0xb9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.34464`

.rdata

MD5	`d7b24b54cc64f22366ff34ad172b44d8`
SHA1	`fc71a7fa7e449609e4cbf64d59ea71acb3fd1bc7`
SHA256	`c0cbec5df976e0533561e59237b8443db2ee6f45e5090021734bbfbf1d9524c3`
SHA3	`57a8b1462d3b2d20ff8c16004f13117a4ed75991c840f43c4861c6fc9e44bf4b`
VirtualSize	`0x6f19e`
VirtualAddress	`0xd5000`
SizeOfRawData	`0x6f200`
PointerToRawData	`0xd3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.06893`

.data

MD5	`b54f840a891a1f5c1204ec456b9c67c6`
SHA1	`88c81e55dac82a88170e24e6ff9a8e7727c912ac`
SHA256	`877bfa19d883fe796a34f9ff453d411ca38c3a7331df9d3cc0ede1cddd2e001a`
SHA3	`98f6dd0e6cf3d72f3ae150f14b6309c0f89ace6f9ba5482535038f20fe93d996`
VirtualSize	`0x1ace8`
VirtualAddress	`0x145000`
SizeOfRawData	`0x16400`
PointerToRawData	`0x142800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.88438`

.pdata

MD5	`260c80fc9f92e3aeb00f82440de78b9b`
SHA1	`7f66618b7506ade873367ff28059bde35a220f54`
SHA256	`bb98e0dcab8510179f7385ad6584bf3eea6cc3cddcff15fb3f7d4f71b7baf406`
SHA3	`cc6b3cd6c358b8b416ff8981feaf7036ebab51fe2b1c9d4fb7c08c0f55eb5a0d`
VirtualSize	`0xa410`
VirtualAddress	`0x160000`
SizeOfRawData	`0xa600`
PointerToRawData	`0x158c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96864`

.rsrc

MD5	`4ee35aaa5a0f878faedf873cd878a5e8`
SHA1	`bddb85bee1aabfb9bd448b86dc4636b936cb02c1`
SHA256	`f433b9874acda84ecc1572f311fde421e7d0518bac771cdc94a11f2a9c26ac99`
SHA3	`f7cd7813740bfb6628557ce19be28ca36ff6d3d4e066526c6251171b67479b88`
VirtualSize	`0x9854`
VirtualAddress	`0x16b000`
SizeOfRawData	`0x9a00`
PointerToRawData	`0x163200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47298`

.reloc

MD5	`3ae6620e507bc03899011c4af4c3ea3b`
SHA1	`a42a16f0bf50dbf064d3cafc4d38756fc8a52621`
SHA256	`9345404aa372f430758887e7460c5be43e61bde4fd2f5ec1660d44b618587547`
SHA3	`fe625f0fac80edeb4a06009bae543a49f5b53a22f2c714fc1e6a178ebe6ddc88`
VirtualSize	`0x3114`
VirtualAddress	`0x175000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x16cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.41022`

Imports

KERNEL32.dll	`GetProcAddress` `LoadLibraryA` `CreateNamedPipeA` `OpenEventA` `GetCurrentProcessId` `ResetEvent` `GetTempPathA` `SetLastError` `MultiByteToWideChar` `GetModuleHandleA` `LoadLibraryExA` `WideCharToMultiByte` `GetSystemTimeAsFileTime` `LocalFree` `GetCurrentThreadId` `GetLocalTime` `OpenMutexA` `FormatMessageA` `GetModuleFileNameA` `DeleteFileW` `GetFileAttributesW` `GetFileAttributesExW` `RemoveDirectoryW` `SetEndOfFile` `SetFilePointerEx` `MoveFileExW` `AreFileApisANSI` `EncodePointer` `GetStringTypeW` `IsDebuggerPresent` `OutputDebugStringW` `WriteConsoleW` `SetStdHandle` `GetTimeZoneInformation` `OpenProcess` `ResumeThread` `SuspendThread` `Sleep` `CreateEventA` `CreateMutexA` `WaitForSingleObjectEx` `WaitForSingleObject` `ReleaseMutex` `SetEvent` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `GetOverlappedResult` `DisconnectNamedPipe` `ConnectNamedPipe` `OutputDebugStringA` `DecodePointer` `FindNextFileA` `FindFirstFileA` `FindClose` `CreateDirectoryA` `CreateWaitableTimerA` `CreateThread` `SetWaitableTimer` `WaitForMultipleObjectsEx` `GetDriveTypeA` `QueryDosDeviceA` `GetVersionExA` `GetSystemDirectoryA` `WriteFile` `DeviceIoControl` `CloseHandle` `SetFilePointer` `ReadFile` `CreateFileA` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `GetLastError` `RaiseException` `CreateFileW` `ReadConsoleW` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `QueryPerformanceCounter` `GetFileType` `GetOEMCP` `GetACP` `IsValidCodePage` `GetModuleFileNameW` `GetStdHandle` `GetModuleHandleExW` `ExitProcess` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `GetModuleHandleW` `GetStartupInfoW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlCaptureContext` `RtlPcToFileHeader` `RtlLookupFunctionEntry` `RtlUnwindEx` `IsProcessorFeaturePresent` `GetCommandLineA` `LoadLibraryExW` `GetCPInfo` `SetEnvironmentVariableA`
USER32.dll	`wsprintfA`
ADVAPI32.dll	`InitializeAcl` `CryptGenRandom` `CryptReleaseContext` `CryptAcquireContextA` `SetNamedSecurityInfoA` `GetNamedSecurityInfoA` `GetAce` `EqualSid` `StartServiceCtrlDispatcherA` `SetServiceStatus` `RegisterServiceCtrlHandlerA` `QueryServiceConfigA` `OpenServiceA` `OpenSCManagerA` `CloseServiceHandle` `RegEnumKeyExA` `RegDeleteValueA` `RegDeleteKeyA` `ReportEventA` `RegisterEventSourceA` `DeregisterEventSource` `SetSecurityDescriptorDacl` `MakeSelfRelativeSD` `MakeAbsoluteSD` `IsValidSid` `InitializeSid` `InitializeSecurityDescriptor` `GetSidSubAuthority` `GetSidLengthRequired` `GetSecurityDescriptorSacl` `GetSecurityDescriptorOwner` `GetSecurityDescriptorLength` `GetSecurityDescriptorGroup` `GetSecurityDescriptorDacl` `GetSecurityDescriptorControl` `GetLengthSid` `GetAclInformation` `CopySid` `AddAce` `RegSetValueExA` `RegQueryValueExA` `RegOpenKeyExA` `RegCreateKeyExA` `RegCloseKey`
ole32.dll	`CoUninitialize` `CoInitializeEx` `CoInitializeSecurity` `CoSetProxyBlanket` `CoCreateInstance`
SHELL32.dll	`#680`
OLEAUT32.dll	`SysAllocString` `SysAllocStringLen` `SysFreeString` `SafeArrayDestroy` `SafeArrayGetUBound` `SafeArrayGetLBound` `SafeArrayAccessData` `SafeArrayUnaccessData` `VariantInit` `VariantClear`
dhcpcsvc.DLL	`DhcpRequestParams`
WS2_32.dll	`__WSAFDIsSet` `closesocket` `connect` `recv` `ioctlsocket` `send` `setsockopt` `socket` `WSAStartup` `WSACleanup` `WSAGetLastError` `getaddrinfo` `freeaddrinfo` `select`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7149`
MD5	`75cdcdc6d19b8ba87d15de5bf51934c0`
SHA1	`7085afa37d09db331bce072498c50aa97616587c`
SHA256	`4f52ee16f6d96b777347ebbeb78e8d66fb84ac4241623ae72b67bf9e9ac02be2`
SHA3	`a34f045d39b8d2449f42be9ce4d9e30f4c5137a4a6ad1655f455fa325c4bc5a7`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17806`
MD5	`58f9879bf211944bcf782ca08933009e`
SHA1	`419a64f483a6cad5e17a8e78dd9bad9fcc7d935f`
SHA256	`c42f9dcf416095f42246b27466aac0002ded21a35f685004fe4b699526d23daf`
SHA3	`03df0039034d18dc5974aeb0e4485fc23d475fdc695156cd64b1962a1a68b249`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06689`
MD5	`8d779125f7fadf5b474472a2773d7403`
SHA1	`b8afdaa19ef189b6588806fac43fd8f50e8e31fc`
SHA256	`3370567581357b97bfe48a2391413fad8449639ae7f11eb00cab59683ec8c444`
SHA3	`da7dbb6ceac2ae8b519682e278b650720cadb2c0f559fa0115ecfefebd1756d1`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21917`
MD5	`3017264cb08706a97f7f3907347c58b1`
SHA1	`948545736e32019d06812830f304ffddb8600c2a`
SHA256	`ff358103c842c4314ef3fedd03a19639805b0bea35180751767def6041373a16`
SHA3	`848d94361408480d3cade7959ea25178e7f430d917e2e0a34834e62af52cdb0f`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26644`
MD5	`970e4b428a8bc4f1b26a946ae5e8f595`
SHA1	`c6c72ed249ab6e37082ec8e86b29a6773028161b`
SHA256	`7cb74fa4636f43f16645872917ec9190eab8d855d414d4b152369c704cb76280`
SHA3	`896fcb3bcfbad38eeed66e1fd5da7aeb6cb8cd89a9dbeda8a4a98f85259edca2`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89449`
MD5	`acc411355229df4b0549947261b9e390`
SHA1	`6e00d4ea0737b307b73ae2efb47f14938f5c6bea`
SHA256	`10e33603ad1922f7437280eae0ebcaebb626730bea275f74481e1c6730264443`
SHA3	`8613bbaee34ed71e542137b50c767df8ca96b7a7ec0846a4b99a901aadc0af70`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.84067`
MD5	`38032faac43f7170b5adf7379cf8f362`
SHA1	`a02c03898a32c3fdb82b8c678c183cfa39a7703b`
SHA256	`80eb709eb0d91b0bb2849d12194021ef75c690eb7db2a41a71406dd84b559245`
SHA3	`375957e3aa112bbcd7b46abb6024b36501c9e68e3594619cf0bcea5523deb7ef`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7982`
MD5	`3d302eb3d3abd572f3e119ce9227f776`
SHA1	`0adff3e8fefd65a1da5ea5d281cab84cd04da6b6`
SHA256	`8de9f70a3bab1d299a8452f40243b983e7acde07186d66226971c0abacd87be5`
SHA3	`aa81b5d760dca842119793b7e5d9b96e08012a882d64a97b99897b4e17f349b8`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65391`
MD5	`3a8c0d87286e33283c9bce4a65b75e64`
SHA1	`1ba5c53f251984b13c1dcdc1b72f0bff42e4e700`
SHA256	`350969f8d2e65da41eb57d58ceb8c83f36f2be2efa75a3453516b9a7d5e64e82`
SHA3	`f983a507fce262ac706417ed751abef3fd0a1d8a6c52014c4f2cd7a3770d86d1`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46208`
MD5	`ea0e1154a16fb4de1788f383ad6ec6c5`
SHA1	`d138c136ce367f9a6210bbbf8812af1fc0df762d`
SHA256	`27dadee57c50a20378c67748e621ba2167ec71cec9820efeac4b35b023835ede`
SHA3	`5a1cb509f20e179a6ceda00253b35bd39591adceaf0670959fafd71a61cdf10e`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.72757`
MD5	`67a0e3a29871a264362ee20aac4ca02a`
SHA1	`e913067810fe25276a3c5ba3086e27e88af8d062`
SHA256	`4613f207352e396b4a6d8ab35421c15f77f18b86fc90fa1edc54da779de122c0`
SHA3	`545a61603f347fd8e3f95ff3266f5114c32a7b65f8a4fed92c1833738a027680`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33243`
MD5	`af9acf8ecfae1b19a5564c231ee9476c`
SHA1	`4c7e827aa7e386e4fcd9ea5e3dbb678b0f255de5`
SHA256	`347b64b2d2070b2ca8bd1b1b7a32c7673546b1e38b29b34696ed83e129019a92`
SHA3	`18abcf82b9e8393dca5a2f616be804a9148d129df2058d5f0be89de2503efda0`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00206`
Detected Filetype	Icon file
MD5	`2b7e3a3dd28cbbeb5c620a605b09a3da`
SHA1	`147555075cdb410aeea79f5feeaaac5805d5cfe7`
SHA256	`2ab0fbcffc472443882590a6aaf5d96452801876e9cf2d037cf15fb8060b7841`
SHA3	`87d3716a0cd87928e4f7b30013db427841f2a665c4b1058c67653262557a8caf`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51563`
MD5	`1d3839e3d4b88c43b3706d303edb30c4`
SHA1	`04688b83df8c6a12c33b9d6b0f0df1bde6bb0039`
SHA256	`415a0e09cc0cbe399141ec2cbf747a41e0c4ec58faa8cc2253a2c3edc8bdc2d8`
SHA3	`363b6bb0d229ab96ef8047afd0df452591c0b2ecf4f58763f341d37525d73cb5`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x212`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86028`
MD5	`9c143bdf30d9592bc57493824d999885`
SHA1	`eafb2aef2199d5e40337d3684a10f7c31fae6d3e`
SHA256	`1f36026f745792ef669243b7416692640cb42c72c05a1dcbf634437d4df18ced`
SHA3	`b4c5464ba21e6b32ac451024a2a8ed059b83202297741480b1dd1dd7f2f8ce1e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	11.16.2.3
ProductVersion	11.16.2.3
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Flexera
FileDescription	Activation Licensing Service
FileVersion (#2)	11.16.2.3 build 249996
InternalName	FNPLicensingService64.exe
LegalCopyright	Copyright (c) 2006-2018, Flexera. All Rights Reserved.
OriginalFilename	FNPLicensingService64.exe
ProductName	FlexNet Publisher (64 bit)
ProductVersion (#2)	11.16.2.3 build 249996

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-May-16 10:43:08
Version	`0.0`
SizeofData	`124`
AddressOfRawData	`0x1073e0`
PointerToRawData	`0x1059e0`
Referenced File	E:\FNP-11.16.2\tier1\FNP\Service\Build\_release-Windows-NT4-x86_64-main\FNPLicensingService.exe.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-May-16 10:43:08
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x10745c`
PointerToRawData	`0x105a5c`

TLS Callbacks

Load Configuration

Size	`0x70`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140145c30`

RICH Header

XOR Key	`0x7e6ae17`
Unmarked objects	`0`
ASM objects (20806)	`19`
C objects (65501)	`1`
C++ objects (20806)	`90`
C objects (20806)	`225`
C objects (VS2010 SP1 build 40219)	`94`
ASM objects (VS2013 UPD5 build 40629)	`1`
C objects (VS2013 UPD5 build 40629)	`41`
Imports (65501)	`17`
Total imports	`233`
208 (65501)	`1`
C++ objects (VS2013 UPD5 build 40629)	`92`
Resource objects (VS2013 build 21005)	`1`
Linker (VS2013 UPD5 build 40629)	`1`

85660e87ce872c7986e1dd1a3ee66109

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.textidx

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors