Manalyze report for 8e2b95dff6b5dac4e711ccb866ba4ca1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Apr-08 13:50:35
Detected languages	English - United Kingdom English - United States
Comments	www.Dr-FarFar.com
CompanyName	Dr.FarFar \| www.Dr-FarFar.com
FileDescription	Acunetix Premium Activation Tool (ViP)
FileVersion	`15.5.230326230`
InternalName	Acunetix Premium Activation Tool.exe
LegalCopyright	Copyright © Dr.FarFar
LegalTrademarks	www.Dr-FarFar.com
OriginalFilename	Acunetix Premium Activation Tool.exe
ProductName	Acunetix Premium Activation Tool (ViP)
ProductVersion	`15.5.230326230`
Assembly Version	15.5.230326230

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: Dr-FarFar.com FarFar.com crl.symauth.com http://pki-crl.symauth.com http://pki-crl.symauth.com/ca_d409a5cb737dc0768fd08ed5256f3633/LatestCRL.crl07 http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0 http://pki-ocsp.symauth.com0 pki-crl.symauth.com symauth.com www.Dr-FarFar.com`
Suspicious	This PE is packed with Themida	`Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found: .imports` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot` `Unusual section name found: .taggant`
Malicious	VirusTotal score: 51/71 (Scanned on 2023-05-25 19:36:34)	`Lionic: Trojan.Win64.Agentb.trtl` `tehtris: Generic.Malware` `McAfee: Artemis!8E2B95DFF6B5` `Malwarebytes: Generic.Malware/Suspicious` `VIPRE: Gen:Variant.Barys.410861` `Sangfor: Adware.Win32.Drfarfar.V4kr` `K7AntiVirus: Trojan ( 005786ed1 )` `BitDefender: Gen:Variant.Barys.410861` `K7GW: Trojan ( 005786ed1 )` `Cybereason: malicious.3ca475` `Cyren: W64/ABRisk.QEFK-2577` `Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `ESET-NOD32: a variant of Win64/Packed.Themida.KX` `APEX: Malicious` `Cynet: Malicious (score: 100)` `Kaspersky: not-a-virus:AdWare.Win32.DrFarfar.hs` `Alibaba: AdWare:Win32/DrFarfar.defbaddb` `MicroWorld-eScan: Gen:Variant.Barys.410861` `Avast: Win64:Adware-gen [Adw]` `Tencent: Win32.AdWare.Drfarfar.Pnkl` `Emsisoft: Gen:Variant.Barys.410861 (B)` `F-Secure: Heuristic.HEUR/AGEN.1309096` `DrWeb: Trojan.Hosts.51234` `Zillya: Trojan.Themida.Win64.7673` `TrendMicro: Trojan.Win64.DRFARFAR.VSNW12E23` `McAfee-GW-Edition: BehavesLike.Win64.PUP.vc` `FireEye: Generic.mg.8e2b95dff6b5dac4` `Sophos: Generic Reputation PUA (PUA)` `SentinelOne: Static AI - Suspicious PE` `Avira: HEUR/AGEN.1309096` `MAX: malware (ai score=85)` `Antiy-AVL: Trojan[Packed]/Win64.Themida` `Microsoft: Program:Win32/Wacapew.C!ml` `Gridinsoft: Trojan.Heur!.03212423` `Arcabit: Trojan.Barys.D644ED` `ZoneAlarm: not-a-virus:AdWare.Win32.DrFarfar.hs` `GData: Gen:Variant.Barys.410861` `Google: Detected` `Acronis: suspicious` `ALYac: Gen:Variant.Barys.410861` `Cylance: unsafe` `Zoner: Probably Heur.ExeHeaderL` `TrendMicro-HouseCall: Trojan.Win64.DRFARFAR.VSNW12E23` `Rising: Adware.DrFarfar!8.12B1A (CLOUD)` `Ikarus: Trojan.Win64.Themida` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: Riskware/Application` `AVG: Win64:Adware-gen [Adw]` `DeepInstinct: MALICIOUS` `CrowdStrike: win/malicious_confidence_90% (W)`

Hashes

MD5	`8e2b95dff6b5dac4e711ccb866ba4ca1`
SHA1	`e1bdd0d3ca475ece7928f432a7d9979816b3bf40`
SHA256	`9afd3f4a092e16ff2cd09ec60f4706ed42b37a914233000e7dab8a287811271f`
SHA3	`19f7d81089d8b18a9504d1bcd1d8a239f1fb93b937a85aeca1913edbc07338a8`
SSDeep	`393216:bRdWMZxDxZaOv8V5MLK0W114JIkiT04BuWu/MU+9Njdd:bj9ZxoMLaSN6J1z99H`
Imports Hash	`1cd069a1d0a6220306935daaf0c539a1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`13`
TimeDateStamp	2023-Apr-08 13:50:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xb3400`
SizeOfInitializedData	`0x821400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000019C1000 (Section: .taggant)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x19c4000`
SizeOfHeaders	`0x600`
Checksum	`0xeec184`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x400000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`3d6bcba5f8d94c0a9fc79cd418fe5bbf`
SHA1	`4d4171243b2373b7f449651f223cafc96bfaad8a`
SHA256	`ff5b3472d9a4903774fc38987bb19c198fa79b3312c33f4aa8f0590215b1836c`
SHA3	`9fb59af7fbce1d9f870c31413ca157083ab60525aa9d1109ded8864c09179acc`
VirtualSize	`0xb3328`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5f9a2`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98674`

(#2)

MD5	`88010cb159d419fedb134dfdb1f4a0fe`
SHA1	`99582b133e5ac3d8698644b6e1d22d0e4d57ea48`
SHA256	`c6bc76b8e1b609efc288e8432cd02a649a1bfa9896f43a9a2fe644a77df752d5`
SHA3	`1680f3c42e805532026fda729f6b5bc87e2cfaf48dfc13f5d2e8d09570f58b28`
VirtualSize	`0x34204`
VirtualAddress	`0xb5000`
SizeOfRawData	`0xedc7`
PointerToRawData	`0x60000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.95556`

(#3)

MD5	`dff961f4bb0b1c16b8dd511ab7fb15f8`
SHA1	`a82998a33d4f64e77d365ba07d49ff4addab9d80`
SHA256	`752ce18fe38cab8e0acba565ba5d5e5389d7983e5544a38521f0f68e74e8822c`
SHA3	`b198a6cd45ef3746bbfc59c0b7366f84027fda57799a5d74460752aa86c8f2b9`
VirtualSize	`0x9120`
VirtualAddress	`0xea000`
SizeOfRawData	`0x2f9`
PointerToRawData	`0x6ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.71564`

(#4)

MD5	`f39bd7f9c79531a3b54bcbf4c202b0dc`
SHA1	`17a07ff7c96902ce20248e3fbe28d6849e1e7d30`
SHA256	`3b69bbfecd37fa912bd70b6af81aa06b12711d51383d7dd0ac6249a61c6cab18`
SHA3	`71b7eb067b9e454c6f82fe05c2a06e73759291f9c8f5a116d6df9420be431c7c`
VirtualSize	`0x6f48`
VirtualAddress	`0xf4000`
SizeOfRawData	`0x4186`
PointerToRawData	`0x6f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.76009`

(#5)

MD5	`c2f97b6481fce75adcc1166e802005f3`
SHA1	`842fc875d0bd0496cb5a0aa44977aec22115f583`
SHA256	`17f2a75b169c5bf19184233c15726e308f23c6386842ea97fecaac173f3ee142`
SHA3	`04623fd6aded52f174abe716dd1150ad2f890136fbe2949671a0d5678e6e2eb6`
VirtualSize	`0x7e0338`
VirtualAddress	`0xfb000`
SizeOfRawData	`0x7e0400`
PointerToRawData	`0x73400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99863`

(#6)

MD5	`06e166b9237d9b80ab48f2146a1ba495`
SHA1	`c436ce60807c6993079e3039c9da7a9450fa7566`
SHA256	`c2ac5cbf884e46bac45ecd33f0e70d0e5aa576985547581951978eebd246474f`
SHA3	`2917635b9c67c552279056eb0e7e9e2716d2dbdecb8622494cc0cc96199dadb2`
VirtualSize	`0xa74`
VirtualAddress	`0x8dc000`
SizeOfRawData	`0x703`
PointerToRawData	`0x853800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.67408`

.imports

MD5	`8f78eb6e6feb80d61d23213f2ddc11ca`
SHA1	`e6ca9551c394b06a29a4613236a91167a263d805`
SHA256	`957889cea5c16101439f6e566962b16b0bdfd3ad06bf5c324facd15d181ad64c`
SHA3	`801e856584d74cd7f9991984c8efa96e8526770cec779f6b74707fa87c3164f9`
VirtualSize	`0x1000`
VirtualAddress	`0x8dd000`
SizeOfRawData	`0x600`
PointerToRawData	`0x854000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.07739`

.tls

MD5	`e1a9e20d329cc2a4cdb770658853eb88`
SHA1	`04361703e59fe1e5c5601296bd0a7a3b40df1f85`
SHA256	`6507a82d66d750d84097dce50b5b39c9ae032f0a3e20635ae1be5fdece610bf9`
SHA3	`faa9c0ebdb88be9aab5f6ca86ac7e8285874e1e1f5626c27a2854372ecf4fe29`
VirtualSize	`0x1000`
VirtualAddress	`0x8de000`
SizeOfRawData	`0x200`
PointerToRawData	`0x854600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.284569`

.rsrc

MD5	`6c0c65fa099bd26629262b054b821909`
SHA1	`7d58b0bca194c1f90f3e23f8134b00c7f1ebf347`
SHA256	`bc30acb41dc7c916e25260428efe898f22a04f14cc179b0b46b572db8e19455e`
SHA3	`ed7ce9d24022967ef2d75dcacc1659872c50bcf32e1cc569c092b42215dd5e4f`
VirtualSize	`0x3e000`
VirtualAddress	`0x8df000`
SizeOfRawData	`0x3e000`
PointerToRawData	`0x854800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.26962`

.themida

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa5a000`
VirtualAddress	`0x91d000`
SizeOfRawData	`0`
PointerToRawData	`0x892800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.boot

MD5	`f7a50fadaa0fb49b112fec3741ab27af`
SHA1	`e0d31e32ac4a5f72d0d7b1cac8e405369dbb5434`
SHA256	`1308a724e8b395ffdb2d8c1ced7cb4c406279e2657d6a27055ad84bc6293b906`
SHA3	`d37564479e8e89e524dd649c61422906f16353664fadaeea7e4bc220b61a1d00`
VirtualSize	`0x648c00`
VirtualAddress	`0x1377000`
SizeOfRawData	`0x648c00`
PointerToRawData	`0x892800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.9562`

.reloc

MD5	`205e3f8862e9cf07f18891149c1afd8c`
SHA1	`2699156ed9054c47ee3d268494ef24f598ae1763`
SHA256	`58ac6f41a5fe56cf8bd543d8bf84c6868f758b2bd7ffe6152edf004cc50fa725`
SHA3	`3987eed27119ba4c7d397adff5f209d4583b2e351b0beea90a15a9e0e053647f`
VirtualSize	`0x1000`
VirtualAddress	`0x19c0000`
SizeOfRawData	`0x200`
PointerToRawData	`0xedb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`0.174052`

.taggant

MD5	`a995e52dd5fa027ced26b5c68c430680`
SHA1	`bc490a797e00ee334b116e046567ef6ad124ad8e`
SHA256	`85fa388d09e9a473680a1fe2531496266d21545b2fe5170d22fb2cbc8bcc5b67`
SHA3	`0accb344da76268c726655cc434a9849e1dbaa5607ae9dd89222a76f8474e342`
VirtualSize	`0x2200`
VirtualAddress	`0x19c1000`
SizeOfRawData	`0x2014`
PointerToRawData	`0xedb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.88543`

Imports

kernel32.dll	`GetModuleHandleA`
WSOCK32.dll	`gethostbyname`
VERSION.dll	`GetFileVersionInfoW`
WINMM.dll	`timeGetTime`
COMCTL32.dll	`ImageList_ReplaceIcon`
MPR.dll	`WNetGetConnectionW`
WININET.dll	`HttpOpenRequestW`
PSAPI.DLL	`GetProcessMemoryInfo`
IPHLPAPI.DLL	`IcmpSendEcho`
USERENV.dll	`DestroyEnvironmentBlock`
UxTheme.dll	`IsThemeActive`
USER32.dll	`GetMenuStringW`
GDI32.dll	`EndPath`
COMDLG32.dll	`GetSaveFileNameW`
ADVAPI32.dll	`GetAce`
SHELL32.dll	`DragFinish`
ole32.dll	`CoTaskMemAlloc`
OLEAUT32.dll	`VariantChangeType`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x5746`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93002`
Detected Filetype	PNG graphic file
MD5	`b7e975ceba2f43c6f052c8e076ea7806`
SHA1	`72158819a5271a22511e2a8d9f0ccc1b8f4ab2e4`
SHA256	`33c4ed0935dd3e2de1165d7c881b8ed258bc58463ff92a3d42d00b4d1794dd71`
SHA3	`049c57caa166803dde2ab51dfdc195f758cac86e2abaffa77eb3effc507f8a8b`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0352`
MD5	`0ea130fdc9e4a8341477db2407855b8c`
SHA1	`ebd466c6136c1a891449916341f476ad11ec5482`
SHA256	`918180c427baf921ed4d82443c40d1ee48e230026b8e502356a55843bbbfc635`
SHA3	`e9273081f1e8b2aaf80db02100fc056500bafda79ab7fdca130624a451c351a6`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06122`
MD5	`306ae0b6025293bc7a647fc2ec2a4d8a`
SHA1	`28b28a690179e69450bcf9573f3da71d6acc07ba`
SHA256	`8426f2c17d1e1a3b56bf5259795ba2a1615c721e39e111d9ce34347a89fd3bd6`
SHA3	`9668b8beec73f850d5395a0bcf14b4ebc2fd60a7549816a17ee91cc0d5ce1005`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18874`
MD5	`537a5f4e3ed056ba76cb978bf10f5d97`
SHA1	`4b022ef95453c45a2a1f2caf76f1fd1c39f8763b`
SHA256	`d6ce7d84c14b4c029e5e43f9f39f5789106d96a25f600d4f14da36ece18d8e4f`
SHA3	`88d37a8e1e95d20e9459b365368f901a4fc75a795466aa248673634ab7d14416`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x114fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99152`
Detected Filetype	PNG graphic file
MD5	`2af98bcf06d2fd3edc3d39782bf48885`
SHA1	`bc00fa77f9d6a0b12f28d09c180421fc3fa288f1`
SHA256	`874f0f7a91829447dbea6b351dab1da67502893a7725bfa285572f976dc69373`
SHA3	`a2bed4d8b7fad0c425266efbf2a330f6b45cac957382f16962b7f563707b6a18`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41268`
MD5	`6f11d824bccf63a76296c96d029ca404`
SHA1	`3ee70526542e389bdf00cadba630cb404ac9bb47`
SHA256	`e0053beddeb146a936ab32d45ea86b30bd540933a723080f7c4863e6da864fbe`
SHA3	`4c099751b049c9046a40fc0d0e58a6e8ca42b82b0dd4d258a447c4ba00bcb323`

7

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34364`
MD5	`13c155a9ed3e4bece76bb12cb2bbb87d`
SHA1	`5498e2f8a3b5dc8ef51026815b0bdd8e54392f40`
SHA256	`40b0b44e5c57e9f46966a8076984e063789ef4f647d7670de2e862a0aebd96ad`
SHA3	`56235229b12de2fd5a9f5c7a8e843060f7c3834bfb1887455c785d60cf0355f0`

8

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34738`
MD5	`93acbac9212b60be3127bd3eb6b64df9`
SHA1	`2f83fb2f3233eefc78e7f7aac4775672f44a9b72`
SHA256	`e26d68710841059150ebcf87b0703ee6808565566ec87697f094c740d2bd2d6c`
SHA3	`47ee5ba69e0a815f0ab46830ce0c120a3f7bf1d5f736ba8039ee10b8abb9e527`

9

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x162f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99181`
Detected Filetype	PNG graphic file
MD5	`6dc876de33b7b60c446ebae56a061c52`
SHA1	`97640edc94d492f7502b207094a6d79f06165cbe`
SHA256	`5a8fd3a2357823da73067cccb8cfd96f2e277a083cd7e8f6a277b5219396b374`
SHA3	`992f35e6e0ea8dcc57fe7e27ae4951ad3bbebfb6499166606ae202e3f307df65`

10

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.9285`
MD5	`68cca9471217cb5aa21b7bf8e48eb739`
SHA1	`c920053508dcdc9089fdbfaf1e63daca1b0e63a9`
SHA256	`a6fc7446870b06ab17560cb5b5eecbb6a1c629585251bf1b2704cf1f9280c1fb`
SHA3	`5ddf762f83855b10070cc165205b54dbd895a02a13e1a140e21f620761e333a3`

11

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0339`
MD5	`7ccf3256e8124eeb319ac78e92c76e63`
SHA1	`ec5f51287153655c010ed3d24ce161a4ab8a1d65`
SHA256	`531a73bf07cec5dabe1b485d9e7c1ae9d471ab284fbc50ed35dbcf83310f32f0`
SHA3	`31a9bbe9de9d978531ebc462566e46bcc067071d06b0fb80be15794ddabc6027`

12

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36384`
MD5	`cade307471806573abe86e72f7023b60`
SHA1	`bbde03744b83929329a45fd2920bda714e30b7ff`
SHA256	`1890880817038995e6bdffbdf9fa53dddb7cce4aecf8f6441e6830c1305eace6`
SHA3	`1a252c7158a4bfbc14c2cccc87216f5e5d48344c07984142dc16c26f93dfd9f7`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97779`
Detected Filetype	Icon file
MD5	`5f7c4d317c40a4c5fc3bdf9ea031ad5a`
SHA1	`9386d8243ccefda055bef4ce0f1ece3eb9122cf7`
SHA256	`1e029e8360baa2fc7c7169551d9814238bc44574443560b6c124bfced52553f2`
SHA3	`42e5d60d013ee895221f8f8ed22ce7c6d3d152d6376e51e1f9a8c382b6b92ed9`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x4a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50751`
MD5	`725169452f71be08e2dc75014a4a724f`
SHA1	`8a9d8b15cddb4c05765f22e1d986cb2c4f1e01a4`
SHA256	`b79659aa89f249e47d863f8239a2319d440289c3f6c490df760391b1ccb63bbb`
SHA3	`fa49fe334ed1fea8049ddf224f8ba054442d0027f672785d82ee5aba4e8ad36d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x65d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33385`
MD5	`f51831972a9ecbd89990e1c18bf7d27b`
SHA1	`69b42e8354620f1cfffadf2d48cf9d66e7d3f7cc`
SHA256	`1376cdd3a45280b187926bbc8391cd6fd84c45cb112be1b3e9ce57c548883ebb`
SHA3	`727b6759d310684f074f276777f7ba79cfb7d44611ec4520a3ee9902af57d60e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	15.5.23032.6230
ProductVersion	15.5.23032.6230
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United Kingdom
Comments	www.Dr-FarFar.com
CompanyName	Dr.FarFar \| www.Dr-FarFar.com
FileDescription	Acunetix Premium Activation Tool (ViP)
FileVersion (#2)	15.5.230326230
InternalName	Acunetix Premium Activation Tool.exe
LegalCopyright	Copyright © Dr.FarFar
LegalTrademarks	www.Dr-FarFar.com
OriginalFilename	Acunetix Premium Activation Tool.exe
ProductName	Acunetix Premium Activation Tool (ViP)
ProductVersion (#2)	15.5.230326230
Assembly Version	15.5.230326230

Resource LangID	English - United Kingdom

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xb847502b`
Unmarked objects	`0`
241 (40116)	`21`
243 (40116)	`156`
242 (40116)	`33`
199 (41118)	`1`
C++ objects (VS 2015/2017 runtime 26706)	`46`
C objects (VS 2015/2017 runtime 26706)	`17`
ASM objects (VS 2015/2017 runtime 26706)	`8`
C objects (VS2008 SP1 build 30729)	`8`
135 (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`37`
Total imports	`557`
C++ objects (POGO O) (27045)	`80`
ASM objects (27045)	`1`
Resource objects (27045)	`1`
151	`1`
Linker (27045)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!