Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2019-Nov-12 11:10:37
|
Detected languages |
English - United States
|
CompanyName |
Steinberg Media Technologies GmbH
|
FileDescription |
Soft eLicenser
|
FileVersion |
2, 8, 1, 0
|
InternalName |
SeLicenser
|
LegalCopyright |
Copyright © 2019, Steinberg Media Technologies GmbH
|
OriginalFilename |
SynsoSeL.dll
|
ProductName |
Soft eLicenser
|
ProductVersion |
2, 8, 1, 0
|
Suspicious |
The PE is packed with mpress |
Unusual section name found: .MPRESS1
Section .MPRESS1 is both writable and executable.
Unusual section name found: .MPRESS2
Section .MPRESS2 is both writable and executable.
The PE only has 9 import(s).
|
Malicious |
VirusTotal score: 3/69 (Scanned on 2021-01-11 18:48:00) |
Bkav:
W32.AIDetectVM.malware2
APEX:
Malicious
McAfee-GW-Edition:
BehavesLike.Win32.PWSZbot.fc
|
MD5 |
8ac51c07b67ecf2b1ab489fdb90bf34d
|
SHA1 |
bb98f1aaed4a226ed948cfda799f0d6864a86f23
|
SHA256 |
c3a9c72fab61424c575db3052e12c6ad6dd7cbf606f76bdc806bce0e73b666e0
|
SHA3 |
23a7ab08d8e90cdf3bd5497a7c99c6e6773275fc32c9f7cf95e8dd24e4bdc1cc
|
SSDeep |
6144:vYIaCi39E7OUegFR3EnzVQSK4dC2lruDMkIV5Ni439Nn+RLOA9GmsCRApnC6yof:0NaPEKSaDTIDNnQ+/VZyoff
|
Imports Hash |
2a928ec73148fbfe769070a4104b641d
|
e_magic |
MZ
|
e_cblp |
0x40
|
e_cp |
0x1
|
e_crlc |
0
|
e_cparhdr |
0x2
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0xb400
|
e_oeminfo |
0xcd09
|
e_lfanew |
0x40
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
3
|
TimeDateStamp |
2019-Nov-12 11:10:37
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic |
PE32
|
LinkerVersion |
14.0
|
SizeOfCode |
0xc6400
|
SizeOfInitializedData |
0x76000
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x00141389 (Section: .MPRESS2)
|
BaseOfCode |
0x1000
|
BaseOfData |
0xc8000
|
ImageBase |
0x10000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
6.0
|
ImageVersion |
0.0
|
SubsystemVersion |
6.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x143000
|
SizeOfHeaders |
0x200
|
Checksum |
0x5ff5f
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x2000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
e15e3535efbab47e257d1f443de86710
|
SHA1 |
358f36d828ee9fcc423b80d964e0b44e18a378d8
|
SHA256 |
0bce48ac78ad072d026cc2ce67e44283a1b6e57002eb44e91cfdce433e34e09b
|
SHA3 |
be9644b96121897679d9a86098da3f425ac1eeb229b1c9be1e4a6c71022e82c4
|
VirtualSize |
0x140000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x5ce00
|
PointerToRawData |
0x200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.99956
|
MD5 |
e60df803ed3e2e2916f077f2c17e53ae
|
SHA1 |
0574d2bbecf7660a5250d452e5b415b233aa53c2
|
SHA256 |
4487d827f1b1f773931396fd700bce2592eacc97285673f47dca603e5874288f
|
SHA3 |
c5be1c12c87cf150883f0fd6192a5dfa13a28a86f13fb95bc779d044059e4515
|
VirtualSize |
0xf30
|
VirtualAddress |
0x141000
|
SizeOfRawData |
0x1000
|
PointerToRawData |
0x5d000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
5.93483
|
MD5 |
a0ff1fbeb6989bde47912731a138e5a3
|
SHA1 |
f853a5c0632bf9902618b6cc1515c4c375aba87f
|
SHA256 |
668cc76193bb5e1320b6281eec68e55a2eb2151bda5ec75187e819b1b73750f0
|
SHA3 |
ec8c6068a0411e2c5f312313824ac50831540fe52a9aa671c15be0380bd56579
|
VirtualSize |
0x564
|
VirtualAddress |
0x142000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x5e000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.83937
|
KERNEL32.DLL |
GetModuleHandleA
GetProcAddress
|
WINMM.dll |
timeGetTime
|
USER32.dll |
PeekMessageA
|
ADVAPI32.dll |
GetAce
|
SHELL32.dll |
SHGetFolderPathA
|
ole32.dll |
CoTaskMemFree
|
SETUPAPI.dll |
SetupDiGetClassDevsA
|
IPHLPAPI.DLL |
GetAdaptersInfo
|
Ordinal |
1
|
Address |
0x5aba0
|
Ordinal |
2
|
Address |
0x5ab80
|
Ordinal |
3
|
Address |
0x5ab10
|
Ordinal |
4
|
Address |
0x5ab90
|
Ordinal |
5
|
Address |
0x5ab30
|
Ordinal |
6
|
Address |
0x5ab50
|
Ordinal |
7
|
Address |
0x5aab0
|
Ordinal |
8
|
Address |
0x5aae0
|
Ordinal |
9
|
Address |
0x5aa90
|
Type |
RT_VERSION
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x344
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.34838
|
MD5 |
e0ec73015c7e6d415409bacb86e1c7ec
|
SHA1 |
662eb3a66f0831f69a00683c23244a7352e78a64
|
SHA256 |
0799a52b0d1770275a9d86751ce559c2b06c491306edafc344b1390af0b48906
|
SHA3 |
ce1a2789413ce74a617dedfa3b514ad5733150cb7b753eb965988e955163d831
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x17d
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.91161
|
MD5 |
1e4a89b11eae0fcf8bb5fdd5ec3b6f61
|
SHA1 |
4260284ce14278c397aaf6f389c1609b0ab0ce51
|
SHA256 |
4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
|
SHA3 |
4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353
|
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
2.8.1.0
|
ProductVersion |
2.8.1.0
|
FileFlags |
(EMPTY)
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language |
UNKNOWN
|
CompanyName |
Steinberg Media Technologies GmbH
|
FileDescription |
Soft eLicenser
|
FileVersion (#2) |
2, 8, 1, 0
|
InternalName |
SeLicenser
|
LegalCopyright |
Copyright © 2019, Steinberg Media Technologies GmbH
|
OriginalFilename |
SynsoSeL.dll
|
ProductName |
Soft eLicenser
|
ProductVersion (#2) |
2, 8, 1, 0
|
[!] Error: Could not reach the TLS callback table.