Manalyze report for 8ac51c07b67ecf2b1ab489fdb90bf34d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Nov-12 11:10:37
Detected languages	English - United States
CompanyName	Steinberg Media Technologies GmbH
FileDescription	Soft eLicenser
FileVersion	`2, 8, 1, 0`
InternalName	SeLicenser
LegalCopyright	Copyright © 2019, Steinberg Media Technologies GmbH
OriginalFilename	SynsoSeL.dll
ProductName	Soft eLicenser
ProductVersion	`2, 8, 1, 0`

Plugin Output

Suspicious	The PE is packed with mpress	`Unusual section name found: .MPRESS1` `Section .MPRESS1 is both writable and executable.` `Unusual section name found: .MPRESS2` `Section .MPRESS2 is both writable and executable.` `The PE only has 9 import(s).`
Malicious	VirusTotal score: 3/69 (Scanned on 2021-01-11 18:48:00)	`Bkav: W32.AIDetectVM.malware2` `APEX: Malicious` `McAfee-GW-Edition: BehavesLike.Win32.PWSZbot.fc`

Hashes

MD5	`8ac51c07b67ecf2b1ab489fdb90bf34d`
SHA1	`bb98f1aaed4a226ed948cfda799f0d6864a86f23`
SHA256	`c3a9c72fab61424c575db3052e12c6ad6dd7cbf606f76bdc806bce0e73b666e0`
SHA3	`23a7ab08d8e90cdf3bd5497a7c99c6e6773275fc32c9f7cf95e8dd24e4bdc1cc`
SSDeep	`6144:vYIaCi39E7OUegFR3EnzVQSK4dC2lruDMkIV5Ni439Nn+RLOA9GmsCRApnC6yof:0NaPEKSaDTIDNnQ+/VZyoff`
Imports Hash	`2a928ec73148fbfe769070a4104b641d`

DOS Header

e_magic	`MZ`
e_cblp	`0x40`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x2`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0xb400`
e_oeminfo	`0xcd09`
e_lfanew	`0x40`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Nov-12 11:10:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xc6400`
SizeOfInitializedData	`0x76000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00141389 (Section: .MPRESS2)`
BaseOfCode	`0x1000`
BaseOfData	`0xc8000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x143000`
SizeOfHeaders	`0x200`
Checksum	`0x5ff5f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.MPRESS1

MD5	`e15e3535efbab47e257d1f443de86710`
SHA1	`358f36d828ee9fcc423b80d964e0b44e18a378d8`
SHA256	`0bce48ac78ad072d026cc2ce67e44283a1b6e57002eb44e91cfdce433e34e09b`
SHA3	`be9644b96121897679d9a86098da3f425ac1eeb229b1c9be1e4a6c71022e82c4`
VirtualSize	`0x140000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5ce00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99956`

.MPRESS2

MD5	`e60df803ed3e2e2916f077f2c17e53ae`
SHA1	`0574d2bbecf7660a5250d452e5b415b233aa53c2`
SHA256	`4487d827f1b1f773931396fd700bce2592eacc97285673f47dca603e5874288f`
SHA3	`c5be1c12c87cf150883f0fd6192a5dfa13a28a86f13fb95bc779d044059e4515`
VirtualSize	`0xf30`
VirtualAddress	`0x141000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.93483`

.rsrc

MD5	`a0ff1fbeb6989bde47912731a138e5a3`
SHA1	`f853a5c0632bf9902618b6cc1515c4c375aba87f`
SHA256	`668cc76193bb5e1320b6281eec68e55a2eb2151bda5ec75187e819b1b73750f0`
SHA3	`ec8c6068a0411e2c5f312313824ac50831540fe52a9aa671c15be0380bd56579`
VirtualSize	`0x564`
VirtualAddress	`0x142000`
SizeOfRawData	`0x600`
PointerToRawData	`0x5e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.83937`

Imports

KERNEL32.DLL	`GetModuleHandleA` `GetProcAddress`
WINMM.dll	`timeGetTime`
USER32.dll	`PeekMessageA`
ADVAPI32.dll	`GetAce`
SHELL32.dll	`SHGetFolderPathA`
ole32.dll	`CoTaskMemFree`
SETUPAPI.dll	`SetupDiGetClassDevsA`
IPHLPAPI.DLL	`GetAdaptersInfo`

Delayed Imports

Exit_SeLicenser_Object

Ordinal	`1`
Address	`0x5aba0`

Soft_eLicenser_DeleteData

Ordinal	`2`
Address	`0x5ab80`

Soft_eLicenser_ExecuteTask

Ordinal	`3`
Address	`0x5ab10`

Soft_eLicenser_FreeData

Ordinal	`4`
Address	`0x5ab90`

Soft_eLicenser_GetSeLInfo

Ordinal	`5`
Address	`0x5ab30`

Soft_eLicenser_GetSeLStatus

Ordinal	`6`
Address	`0x5ab50`

Soft_eLicenser_create_FromMasterbrain

Ordinal	`7`
Address	`0x5aab0`

Soft_eLicenser_initSeLicenseFile

Ordinal	`8`
Address	`0x5aae0`

Soft_eLicenser_runLocalRepair

Ordinal	`9`
Address	`0x5aa90`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34838`
MD5	`e0ec73015c7e6d415409bacb86e1c7ec`
SHA1	`662eb3a66f0831f69a00683c23244a7352e78a64`
SHA256	`0799a52b0d1770275a9d86751ce559c2b06c491306edafc344b1390af0b48906`
SHA3	`ce1a2789413ce74a617dedfa3b514ad5733150cb7b753eb965988e955163d831`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.8.1.0
ProductVersion	2.8.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
CompanyName	Steinberg Media Technologies GmbH
FileDescription	Soft eLicenser
FileVersion (#2)	2, 8, 1, 0
InternalName	SeLicenser
LegalCopyright	Copyright © 2019, Steinberg Media Technologies GmbH
OriginalFilename	SynsoSeL.dll
ProductName	Soft eLicenser
ProductVersion (#2)	2, 8, 1, 0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.