Manalyze report for 98103ff3f7ac475b6d51384c82613633683101fc7b189649b7be72c9b47201ed

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-16 08:29:33
Detected languages	English - United States
Debug artifacts	C:\BUILD\work\5352ccc9d6f46610\Bootstrapper\Bootstrapper.Presetup\bin\Release\Avira.Spotlight.Bootstrapper.Presetup.pdb
CompanyName	Avira Operations GmbH
FileDescription	Avira Security
FileVersion	`1.0.55.984`
InternalName	avira.exe
LegalCopyright	Copyright Â© 2026 Avira Operations GmbH and its Licensors
OriginalFilename	avira.exe
ProductName	Avira Security
ProductVersion	`1.0.55.984`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: control.exe sc.exe schtask` `Contains references to internet browsers: IExplore.exe` `Contains references to security software: rshell.exe` `May have dropper capabilities: %temp% CurrentControlSet\Services CurrentVersion\Run` `Accesses the WMI: root\Security` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: Virus` Contains domain names: 100.fakeserver.build.avira.org 2-aia.verisign.com 2-crl.verisign.com 2004-aia.verisign.com 2004-crl.verisign.com 2009-2-aia.verisign.com 2009-2-crl.verisign.com 7www.entrust.net Avira.Spotlight.Bootstrapper.Properties.Resources.de Avira.Spotlight.Bootstrapper.Properties.Resources.es Avira.Spotlight.Bootstrapper.Properties.Resources.fr Avira.Spotlight.Bootstrapper.Properties.Resources.it Avira.Spotlight.Bootstrapper.Properties.Resources.nl Avira.Spotlight.Bootstrapper.Properties.Resources.ru Bootstrapper.Properties.Resources.de Bootstrapper.Properties.Resources.es Bootstrapper.Properties.Resources.fr Bootstrapper.Properties.Resources.it Bootstrapper.Properties.Resources.nl Bootstrapper.Properties.Resources.ru CSC3-2004-aia.verisign.com CSC3-2004-crl.verisign.com Entrust.net Properties.Resources.de Properties.Resources.es Properties.Resources.fr Properties.Resources.it Properties.Resources.nl Properties.Resources.ru Resources.de Resources.es Resources.fr Resources.it Resources.nl Resources.ru Spotlight.Bootstrapper.Properties.Resources.de Spotlight.Bootstrapper.Properties.Resources.es Spotlight.Bootstrapper.Properties.Resources.fr Spotlight.Bootstrapper.Properties.Resources.it Spotlight.Bootstrapper.Properties.Resources.nl Spotlight.Bootstrapper.Properties.Resources.ru aia.verisign.com aia.ws.symantec.com analytics.com api.mixpanel.com api.my.avira.com api.oeacc.avira.com avira-update.com avira.com avira.net avira.org beta.avira.com bridge.avira.net build.avira.org cdn-download.securebrowser.com clients2.google.com comodoca.com crl.comodoca.com crl.sectigo.com crl.thawte.com crl.usertrust.com crl.verisign.com crl.ws.symantec.com crt.sectigo.com csc3-2009-2-aia.verisign.com csc3-2009-2-crl.verisign.com dispatch.avira-update.com dotnet.microsoft.com download.avira.com download.securebrowser.com edge.microsoft.com entrust.net fakeserver.build.avira.org fontfont.com getsentry.com go.microsoft.com google-analytics.com google.com http://CSC3-2004-aia.verisign.com http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0 http://CSC3-2004-crl.verisign.com http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D http://crl.comodoca.com http://crl.comodoca.com/AAACertificateServices.crl04 http://crl.sectigo.com http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0 http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0 http://crl.thawte.com http://crl.thawte.com/ThawteTimestampingCA.crl0 http://crl.usertrust.com http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl05 http://crl.verisign.com http://crl.verisign.com/ThawteTimestampingCA.crl0 http://crl.verisign.com/pca3.crl0 http://crl.verisign.com/tss-ca.crl0 http://crt.sectigo.com http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0# http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0# http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0# http://csc3-2009-2-aia.verisign.com http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0 http://csc3-2009-2-crl.verisign.com http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D http://james.newtonking.com http://james.newtonking.com/projects/json http://logo.verisign.com http://logo.verisign.com/vslogo.gif0 http://msdn.microsoft.com http://msdn.microsoft.com/en-us/library/windows/desktop/aa384138 http://ocsp.comodoca.com0 http://ocsp.sectigo.com0 http://ocsp.thawte.com0 http://ocsp.usertrust.com0 http://ocsp.verisign.com0 http://ocsp.verisign.com01 http://ocsp.verisign.com0? http://oneocsp.microsoft.com http://oneocsp.microsoft.com/ocsp0 http://oneocsp.microsoft.com/ocsp0f http://schemas.microsoft.com http://schemas.microsoft.com/SMI/2005/WindowsSettings http://schemas.microsoft.com/SMI/2016/WindowsSettings http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/windows/2004/02/mit/task http://schemas.microsoft.com/windows/2004/02/mit/taskT http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.microsoft.com/winfx/2006/xaml/presentation/shell http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://sentry-dsn.invalid http://ts-aia.ws.symantec.com http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 http://ts-crl.ws.symantec.com http://ts-crl.ws.symantec.com/tss-ca-g2.crl0 http://ts-ocsp.ws.symantec.com07 http://www.fontfont.com http://www.fontfont.com/eula/license.html http://www.fontfont.com/eula/license.htmlKievit http://www.fontfont.com/licensing-web http://www.fontfont.comhttp http://www.microsoft.com http://www.microsoft.com/pkiops/Docs/Repository.htm0 http://www.microsoft.com/pkiops/certs/Microsoft%20ID%20Verified%20CS%20AOC%20CA%2001.crt0- http://www.microsoft.com/pkiops/certs/Microsoft%20ID%20Verified%20Code%20Signing%20PCA%202021.crt0- http://www.microsoft.com/pkiops/certs/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crt0 http://www.microsoft.com/pkiops/certs/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crt0- http://www.microsoft.com/pkiops/certs/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crt0 http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20CS%20AOC%20CA%2001.crl0 http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20Code%20Signing%20PCA%202021.crl0 http://www.microsoft.com/pkiops/crl/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crl0 http://www.microsoft.com/pkiops/crl/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crl0y http://www.w3.org http://www.w3.org/2000/xmlns/ https://api.mixpanel.com https://api.mixpanel.com/ https://api.my.avira.com https://api.oeacc.avira.com https://cdn-download.securebrowser.com https://cdn-download.securebrowser.com/avira/avira_secure_browser_setup.exe https://clients2.google.com https://clients2.google.com/service/update2/crx https://dispatch.avira-update.com https://dispatch.avira-update.com/ https://dotnet.microsoft.com https://dotnet.microsoft.com/download/dotnet-framework/thank-you/net462-web-installer https://dotnet.microsoft.com/download/dotnet-framework/thank-you/net48-web-installer https://edge.microsoft.com https://edge.microsoft.com/extensionwebstorebase/v1/crx https://go.microsoft.com https://go.microsoft.com/fwlink/?linkId https://go.microsoft.com/fwlink/?linkid https://sectigo.com https://support.avira.com https://support.avira.com/hc/de/articles/360003162153-Deinstallation-von-Avira-f https://support.avira.com/hc/de/articles/360003958298-Issues-with-the-installation- https://support.avira.com/hc/de/sections/360003574777-Installation-Konfiguration-Windows https://support.avira.com/hc/en-us https://support.avira.com/hc/en-us/articles/360003077114-How-do-I-remove-an-Avira-browser-extension- https://support.avira.com/hc/en-us/articles/360003162153-Uninstallation-of-Avira-for-Windows https://support.avira.com/hc/en-us/articles/360003958298-Issues-with-the-installation- https://support.avira.com/hc/en-us/sections/360003574777-Installation-Configuration-Windows https://support.avira.com/hc/fr/articles/360003162153-D https://support.avira.com/hc/fr/sections/360003574777-Installation-et-configuration-Windows https://support.avira.com/hc/it/articles/360003162153-Disinstallazione-di-Avira-per-Windows https://support.avira.com/hc/it/sections/360003574777-Installazione-e-configurazione-Windows https://testing.update-bridge.avira.net https://www.avira.com https://www.avira.com/de/end-user-license-agreement-terms-of-use https://www.avira.com/de/general-privacy https://www.avira.com/de/legal-terms https://www.avira.com/de/support-for-home-knowledgebase-detail/kbid/1766 https://www.avira.com/en/end-user-license-agreement-terms-of-use https://www.avira.com/en/general-privacy https://www.avira.com/en/legal-terms https://www.avira.com/es/end-user-license-agreement-terms-of-use https://www.avira.com/es/general-privacy https://www.avira.com/es/legal-terms https://www.avira.com/fr/end-user-license-agreement-terms-of-use https://www.avira.com/fr/general-privacy https://www.avira.com/fr/legal-terms https://www.avira.com/it/end-user-license-agreement-terms-of-use https://www.avira.com/it/general-privacy https://www.avira.com/it/legal-terms https://www.avira.com/ja/end-user-license-agreement-terms-of-use https://www.avira.com/ja/general-privacy https://www.avira.com/ja/legal-terms https://www.avira.com/nl/end-user-license-agreement-terms-of-use https://www.avira.com/nl/general-privacy https://www.avira.com/nl/legal-terms https://www.avira.com/pt-br/end-user-license-agreement-terms-of-use https://www.avira.com/pt-br/general-privacy https://www.avira.com/pt-br/legal-terms https://www.avira.com/ru/end-user-license-agreement-terms-of-use https://www.avira.com/ru/general-privacy https://www.avira.com/ru/legal-terms https://www.avira.com/tr/end-user-license-agreement-terms-of-use https://www.avira.com/tr/general-privacy https://www.avira.com/tr/legal-terms https://www.avira.com/zh-cn/end-user-license-agreement-terms-of-use https://www.avira.com/zh-cn/general-privacy https://www.avira.com/zh-cn/legal-terms https://www.avira.com/zh-tw/end-user-license-agreement-terms-of-use https://www.avira.com/zh-tw/general-privacy https://www.avira.com/zh-tw/legal-terms https://www.getsentry.com https://www.google-analytics.com https://www.google-analytics.com/ https://www.google-analytics.com/mp/collect?api_secret https://www.newtonsoft.com https://www.newtonsoft.com/jsonschema https://www.nortonlifelock.com https://www.nortonlifelock.com/ https://www.nuget.org https://www.nuget.org/packages/Newtonsoft.Json.Bson https://www.verisign.com https://www.verisign.com/cps0 https://www.verisign.com/rpa https://www.verisign.com/rpa0 https://www.verisign.com/rpa01 james.newtonking.com logo.verisign.com microsoft.com mixpanel.com msdn.microsoft.com my.avira.com newtonking.com newtonsoft.com nortonlifelock.com nuget.org oeacc.avira.com oneocsp.microsoft.com openxmlformats.org package.avira.com public-beta.avira.com schemas.microsoft.com schemas.openxmlformats.org sectigo.com securebrowser.com sentry.avira.net support.avira.com symantec.com testing.update-bridge.avira.net thawte.com ts-aia.ws.symantec.com ts-crl.ws.symantec.com update-bridge.avira.net update.com usertrust.com verisign.com ws.symantec.com www.avira.com www.fontfont.com www.getsentry.com www.google-analytics.com www.microsoft.com www.newtonsoft.com www.nortonlifelock.com www.nuget.org www.verisign.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA LoadLibraryExW` `Can access the registry: RegSetValueExW RegCreateKeyExW RegDeleteKeyW RegCloseKey RegQueryValueExW RegDeleteValueW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The PE is possibly a dropper.	`Resource ACSSIGNEDIC.EXE detected as a PE Executable.` `Resource AVIRA.COMMON.GUARDS.DLL detected as a PE Executable.` `Resource AVIRA.COMMON.MIXPANEL.DLL detected as a PE Executable.` `Resource AVIRA.FILEDOWNLOADER.DLL detected as a PE Executable.` `Resource AVIRA.FUNCTIONAL.DLL detected as a PE Executable.` `Resource AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL detected as a PE Executable.` `Resource AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL detected as a PE Executable.` `Resource AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE detected as a PE Executable.` `Resource AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL detected as a PE Executable.` `Resource AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL detected as a PE Executable.` `Resource AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE detected as a PE Executable.` `Resource AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE detected as a PE Executable.` `Resource DE-DE\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource DRYIOC.DLL detected as a PE Executable.` `Resource DRYIOC.MEFATTRIBUTEDMODEL.DLL detected as a PE Executable.` `Resource DRYIOCATTRIBUTES.DLL detected as a PE Executable.` `Resource EN-US\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource ENDPOINTPROTECTIONSDK.LIC is possibly compressed or encrypted.` `Resource ES-ES\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource FR-FR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource IT-IT\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource JA-JP\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource MICROSOFT.WIN32.TASKSCHEDULER.DLL detected as a PE Executable.` `Resource MICROSOFT.WINDOWS.SHELL.DLL detected as a PE Executable.` `Resource NEWTONSOFT.JSON.DLL detected as a PE Executable.` `Resource NL-NL\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource PRODUCTLABEL.COMMON.DLL detected as a PE Executable.` `Resource PRODUCTLABEL.DLL detected as a PE Executable.` `Resource PT-BR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource RU-RU\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource SHARPRAVEN.DLL detected as a PE Executable.` `Resource TR-TR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource ZH-CN\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resource ZH-TW\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL detected as a PE Executable.` `Resources amount for 93.6885% of the executable.`
Info	The PE is digitally signed.	`Signer: Avira Operations GmbH` `Issuer: Sectigo Public Code Signing CA EV R36`
Safe	VirusTotal score: 0/70 (Scanned on 2026-05-17 12:30:26)	`All the AVs think this file is safe.`

Hashes

MD5	`1a71c6475ddc7cad44daeb1bf1919e57`
SHA1	`8ef222e327015f7a4ff9e9617aec97eae4980f07`
SHA256	`98103ff3f7ac475b6d51384c82613633683101fc7b189649b7be72c9b47201ed`
SHA3	`af1139bc0213f77f9d171c08250304e765f09618db259f1b283a3bdf194ab924`
SSDeep	`49152:2nPx+BHMXXpDYALLRENU9Qd+bukLFOEQSOaxBHxjCJdJdLcQeBQAzK0pL/UjeXQH:2PisXWU9w6ZLYJAPHEvfMmPJ`
Imports Hash	`c9c550991441657f8ace9e30ad8c68f9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2026-Apr-16 08:29:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x3ae00`
SizeOfInitializedData	`0x631600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001A8F0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x671000`
SizeOfHeaders	`0x400`
Checksum	`0x67e717`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a55cbda5ad032bf3261b529a5ceac625`
SHA1	`6409fb0acce85042bbdf497997b5905e4cc20508`
SHA256	`ab9132c773ee8c4c4e4837dbe59d1e0ca3bec325c2b29b482c575b127a941915`
SHA3	`ecc50a7eee8cfd7f507fe238b7d11e6381395d064f7e76ab4305cef58a7eec62`
VirtualSize	`0x3ac5a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3ae00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60944`

.rdata

MD5	`ee84ec5cd960a3aa6cafba56f329ef22`
SHA1	`b56f0bf3d10ea1a9221a8780d53063d34a31a4bf`
SHA256	`993f96961cc3f09ed559655e69f81f9ec989716895ee55988acc82ce50c94b56`
SHA3	`db5d737378115070cd4bff7b9d60c462c8f7e49f068958eab553065b2516bdf0`
VirtualSize	`0x15c88`
VirtualAddress	`0x3c000`
SizeOfRawData	`0x15e00`
PointerToRawData	`0x3b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.18365`

.data

MD5	`61187dbe6e921ceb96fc66bc0a08f1cd`
SHA1	`6c8d2f01d06f5cc16d16b9a9a0ae4a9f750eb2b0`
SHA256	`1a01738d2b0457f694e05d7a806a5b6341946832a8bb9a58a304f56cbfb1cc58`
SHA3	`557c5155d3095d65e2c747de96d4e00fea13f3889b432a0e7fbc100c8971ac19`
VirtualSize	`0x2768`
VirtualAddress	`0x52000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x51000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.74726`

.didat

MD5	`23c46b484d507930b94e0914b5eb5948`
SHA1	`f371d25942ec5448f74351ec0a859ad79fac4c5b`
SHA256	`9943bc3fa2e5367954ff9c5f112408354033c879c6cec266e61931db72964e5f`
SHA3	`8fb1226b657f46f79c3dddc95246f92e574f8ecb212c81bd17ec1509da458e68`
VirtualSize	`0x10`
VirtualAddress	`0x55000`
SizeOfRawData	`0x200`
PointerToRawData	`0x52800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.164765`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x80`
VirtualAddress	`0x56000`
SizeOfRawData	`0x200`
PointerToRawData	`0x52a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`d2d84c50a45e84d0e4d1afff0824faee`
SHA1	`b7745e29f9bc2e85911d2d7e24216944f9049ad1`
SHA256	`7cabb4b5f2a67f0e5d73129370d5b823a0cefc68959c04cb4b535c7ce6eeb13b`
SHA3	`e370fe8806d89004a6cb3e9dcc478ef2b1f134a325d9fbb2078679f9ce727f49`
VirtualSize	`0x6156e0`
VirtualAddress	`0x57000`
SizeOfRawData	`0x615800`
PointerToRawData	`0x52c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.17775`

.reloc

MD5	`16bd269c876c8b0ba908e4cc82bfa5d0`
SHA1	`95b1d9f113a35a2856423146f64728e459f706cf`
SHA256	`02f3e6ee03ed7f594c14b049d3f21af762a10a961e32b5f10ebb850e11b203ea`
SHA3	`216fe172f4828f74ebac2089062fa04e097d8bc99d7138e35588c303b7808136`
VirtualSize	`0x33d8`
VirtualAddress	`0x66d000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x668400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61006`

Imports

ADVAPI32.dll	`InitializeSecurityDescriptor` `FreeSid` `SetEntriesInAclW` `AllocateAndInitializeSid` `SetSecurityDescriptorDacl` `RegSetValueExW` `RegCreateKeyExW` `RegDeleteKeyW` `RegCloseKey` `StartServiceCtrlDispatcherW` `RegisterServiceCtrlHandlerW` `SetServiceStatus` `OpenProcessToken` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `RegQueryValueExW` `RegDeleteValueW` `RegOpenKeyExW`
ole32.dll	`CoTaskMemFree`
SHELL32.dll	`SHGetKnownFolderPath`
USER32.dll	`ExitWindowsEx`
KERNEL32.dll	`HeapSize` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `LocalAlloc` `GetLastError` `LocalFree` `GetModuleFileNameW` `DeviceIoControl` `CreateFileW` `GetCurrentThreadId` `CloseHandle` `GetCurrentProcessId` `CreateDirectoryW` `GetLongPathNameW` `GetTempPathW` `MultiByteToWideChar` `GetLocalTime` `GetSystemTimeAsFileTime` `TerminateProcess` `WaitForSingleObject` `CreateProcessW` `GetExitCodeProcess` `SizeofResource` `EnumResourceNamesW` `UnmapViewOfFile` `LockResource` `LoadResource` `FindResourceW` `WideCharToMultiByte` `CreateFileMappingW` `MapViewOfFile` `GetWindowsDirectoryW` `GetCurrentProcess` `GetSystemDefaultUILanguage` `GetVersionExW` `LCIDToLocaleName` `GetProcAddress` `GetModuleHandleW` `CreateEventW` `SetEvent` `WaitForMultipleObjects` `CreateMutexW` `ReleaseMutex` `lstrcmpiW` `MoveFileExW` `GetSystemDirectoryW` `RaiseException` `GetSystemInfo` `VirtualProtect` `VirtualQuery` `FreeLibrary` `LoadLibraryExA` `FormatMessageA` `GetStringTypeW` `FindClose` `FindFirstFileExW` `FindNextFileW` `GetFileAttributesW` `GetFileAttributesExW` `GetFileInformationByHandle` `GetFinalPathNameByHandleW` `SetEndOfFile` `SetFileInformationByHandle` `SetFilePointerEx` `AreFileApisANSI` `CopyFileW` `CreateHardLinkW` `GetFileInformationByHandleEx` `CreateSymbolicLinkW` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `TryEnterCriticalSection` `DeleteCriticalSection` `QueryPerformanceCounter` `QueryPerformanceFrequency` `WaitForSingleObjectEx` `Sleep` `EncodePointer` `DecodePointer` `LCMapStringEx` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `GetCPInfo` `InitializeCriticalSectionAndSpinCount` `ResetEvent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `GetEnvironmentStringsW` `RtlUnwind` `SetLastError` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `GetModuleHandleExW` `ExitProcess` `GetStdHandle` `WriteFile` `HeapAlloc` `HeapFree` `GetFileType` `GetFileSizeEx` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `ReadFile` `ReadConsoleW` `HeapReAlloc` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `WriteConsoleW`
VERSION.dll (delay-loaded)	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`

Delayed Imports

Attributes	`0x1`
Name	`VERSION.dll`
ModuleHandle	`0x536c0`
DelayImportAddressTable	`0x55000`
DelayImportNameTable	`0x50da8`
BoundDelayImportTable	`0x50dfc`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

ACSSIGNEDIC.EXE

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32910`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3083`
Detected Filetype	PE Executable
MD5	`8c4622622a1044250d32b3f75dff1308`
SHA1	`8eef39eda2043c3f2fb680b5ecba9dc399b70f10`
SHA256	`7fbac7f635533ed207d3479cb8a4e5e96fefae5c1ddbdd5f52780ce6c3ddc6c2`
SHA3	`35302ae7fc4ca1ae8a2321e921986138dbdd8bcc8d3809ee1a8f5d2b9ddf7e60`

ANTIVIRUSSETUP.INF

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x246`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51336`
MD5	`e43a313b4903bf816e25dc6ba6dd9edd`
SHA1	`e30c37cd06aadb297567f64fafb1deeb564f8ffb`
SHA256	`c4f1f7430ed581ab30b35107c058c7338971c1928f3091d1309cfd843bd3fc1c`
SHA3	`2ddd0920f526bacf1882775efbdca783c486f9f8fd76ee233b601bb97d8ba80b`

AVIRA.COMMON.GUARDS.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4800`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.81792`
Detected Filetype	PE Executable
MD5	`1006b6a8e847a67cb54500a24611ecc6`
SHA1	`badc3a3fa75d387cb2c1330efe49a6b3216048c5`
SHA256	`d198614b14efe53a30632926d1147c820ba3d621069e5376be7ceea1cfc4656f`
SHA3	`abb4582e0458e2eafb447444500a5469913b393bd79303d5fc384620292c4dfe`

AVIRA.COMMON.MIXPANEL.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11bd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24963`
Detected Filetype	PE Executable
MD5	`6dfb25684af95cf07a8eb8532ef3d66d`
SHA1	`1c72f3a6a54d6bf616a7b58282d3e50e236e4070`
SHA256	`ea184ddc1c0b538fc623ba441b92d0e971c6f8837c82331acc96ea193ddd3775`
SHA3	`8e4c87429240b858d52c97e908d083283191364209214d4421ffb1908a8c0922`

AVIRA.FILEDOWNLOADER.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc728`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.16313`
Detected Filetype	PE Executable
MD5	`284a62064b53ae0290b76de2269c573d`
SHA1	`30e117e880fcbe5db4ef6aea4323f4fc19f3f096`
SHA256	`723ec149a22a48b60d156809ff2712c34ff3a715f09e2afff8c646452beba81d`
SHA3	`e15d0bac4fb3d8d1256d8d2ef9da4162c3c29ff13a06895476eca880823a27c9`

AVIRA.FUNCTIONAL.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7a70`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.49883`
Detected Filetype	PE Executable
MD5	`0e152de1a947413b8ac8be34f4b6ada5`
SHA1	`46ea17b0bb711f560ed6f31ada525c630ceccda0`
SHA256	`1e76393947abbed9a3124aa5a28298e565516f60a4150062457eea4d7658ed81`
SHA3	`03deddad09e8271e32bda964a69c97930369b69396e032d2cf95d159b1e7ebbc`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c280`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82046`
Detected Filetype	PE Executable
MD5	`fc0a70ccb6a41a915ab01693e7037949`
SHA1	`1019e977252b59dd4fd8a392d99ef056acc23b71`
SHA256	`86e4b48f2c0445a842e5b2d5e28e320b4919e7ac7d00191ce3f6bde8ca7a7c8f`
SHA3	`661965674c50122fe4ac7b14dde374628dbcc1b219adce7dcb34e48f805895d9`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5d668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6985`
Detected Filetype	PE Executable
MD5	`31cae64083eb192c1cdef22f4f8875ee`
SHA1	`8119cafbebe4fbdeec877ede235dea6cb687478f`
SHA256	`9c43170724c34412dc22980b87d10002e811a2056ee99ed100ceb665089e15dc`
SHA3	`319a04385209f68899c446fee357ee2d5b5856bed73b928e93b501ca0044ce65`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x193f20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.37753`
Detected Filetype	PE Executable
MD5	`772ffdcb69f04699e2385037ac7e98e0`
SHA1	`dbdf5d05940eecd96eccf1dfd51b24b923868303`
SHA256	`a3958c615d1093345eedf5737f7531b09969145d8b5efa957c61a695c09f5a0b`
SHA3	`b54c6178bdd6fcf443bfd861ab68ea72098c21c6d2a2b0aee567a37258ff2952`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE.CONFIG

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x433`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02294`
MD5	`9db200fc1c74c87c0d4df8cf6720b998`
SHA1	`5915bcb30a40ac4c70b19acf63ea7f20e3f02049`
SHA256	`8e2322416e3dffd716db2f4198e3235dc7108ab945deca9829ab648b89d3d651`
SHA3	`c6d768b7c728415f94740031a204406d5e854e9b840e6e6806d86a47ba4e3589`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93575`
Detected Filetype	PE Executable
MD5	`22aee298b87d6889b17bb76acfe84640`
SHA1	`771285b88e611f43e6a90a4938e92fb82d2446f7`
SHA256	`f380f15932eef8470b3f64d3c8762e664cffb7b80f6c6de70a7dcc9b78444e6b`
SHA3	`fadb8af65fb313b8285c5952fe8a816e8c0694c62430b1bc1ba9a64a331ce491`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x340a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65791`
Detected Filetype	PE Executable
MD5	`bff4e6de8bc201ae531013a780161784`
SHA1	`0a54d850ed15ffa7800176af3159fdc5ad17db96`
SHA256	`5b86d342b8360e6bd31c5a3a8cfc2a92bb6c0de6efa36c795bf26ce5c84ec771`
SHA3	`e43496df88cb30c4fa8d617ac395dd603014aab2416d90a8443ed4d0774bbd17`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2cd10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19879`
Detected Filetype	PE Executable
MD5	`13b93f8d6db07bc4b0e680d89069cfca`
SHA1	`aff90dd39b9338b38de765bcde092bbf6f76a8f6`
SHA256	`7e1b668eb6e9fb86f0e060093dcac1cb9e9404537e2657c2ee4d6c3952b80f9a`
SHA3	`22a1cf0a61d4756aafef54dd5ad0a9e59e9455480573b3d2f4e35ea6772a4601`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE.CONFIG

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15975`
MD5	`8725b217edc8d0a02426ee674caea48b`
SHA1	`e069709ba82ec6129ce982d877b586ffa9914064`
SHA256	`e59b19a9b6e600888a50f3e9bf78f48a229d9403bd7b3d8c977fcb5eb76d83ed`
SHA3	`22c616eca3fbca96e6a2defefb7b8c27a9c3b03c294376c1f388897085d5cfcd`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2cf10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20722`
Detected Filetype	PE Executable
MD5	`b8d1d2cea4a1b4e698ddb13afc08060e`
SHA1	`a0ddea9306c53661b7bd07cb9ef18df3bc47fef0`
SHA256	`6ea9d61e1de1ae565afa330d7cccd8bbde5e87e88282d17b96fbc5c4ebc52eb2`
SHA3	`1f10a3f0d2e598302173452f4f72f90d73557ce63aaba5009977cc0576dba0c6`

AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE.CONFIG

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x180`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04739`
MD5	`58410f4f50391a09970644ac99dc692c`
SHA1	`822879513b91b5bd84fc6dcb0b537f92f6a621eb`
SHA256	`cddc4ed76e18d72d144809a86cade27f7b5aa1833b7900e40739b59852999245`
SHA3	`fd2e21ec9da2e9809f9702709901119b00bf396b4b95c22ccca57f465b2fc118`

DE-DE\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb098`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99921`
Detected Filetype	PE Executable
MD5	`481bc75e8b06746b7b36e5cf7e6cb784`
SHA1	`5e008a7a96c55d08c60db0f109f48145f94b7783`
SHA256	`77791a8ff9902a5bedc4d91ca17e9716383c65538a40dcb5bb99867cbcda7559`
SHA3	`81546969af51b158931e2139eda2f145e7c88c68d6603e000ec70dc8cc346c8c`

DRYIOC.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6e4c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.58134`
Detected Filetype	PE Executable
MD5	`97dc7df4c9a37eecf68dc413f2b8ded6`
SHA1	`1e520cc43a003ca01d7f84b9b4e6a64ce8bf9722`
SHA256	`e11f58cad4c16d6fa8f062b51bf4905d10b0660c58a716e8c087bd0ea3c75391`
SHA3	`6b3d936d23af8793345fb243135b3c21b1b044322dad013cd3753ffe16aa3771`

DRYIOC.MEFATTRIBUTEDMODEL.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11e00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.59726`
Detected Filetype	PE Executable
MD5	`e15eda51960c7d29424082146ddbd0c0`
SHA1	`cd5250fe70d55c0a4bc92d4679ef32509618cc8b`
SHA256	`b0f668fadcc77f5f9849c595b4c4e4723aafc1238d7bc4fc74e78e1c04e3de31`
SHA3	`1e8461f44d7b8320f52ad6ebb1cb4e0be9760a422bafd34a78edc6940847a72c`

DRYIOCATTRIBUTES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.69115`
Detected Filetype	PE Executable
MD5	`60b2bdd57181e8cd08629c75ce1e4f56`
SHA1	`f559cd2ddb588ebbcde96b7ddf267228eaa9099b`
SHA256	`397e43ac08876c20073ce86d684fb316ee1c287a2c3c7aa0804c00147e164e03`
SHA3	`51efec2c35246044492e7a0a7a4fdecd57b8bc51f5bc89b4164ec97dcd7a8cd3`

EN-US\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7c98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.20459`
Detected Filetype	PE Executable
MD5	`9e40920d746679a1196d6f7ea9aa294f`
SHA1	`ad43043114a9e5d84dfcb5ef80f1c70817796e3e`
SHA256	`647aa508add95bc195cf9d7791c1556d4ed794a47f75b0e515b3970a414e251e`
SHA3	`f4bfaa990506969eaba46e24e830c7227b0507c135a08cb70091b902e839a37b`

ENDPOINTPROTECTIONSDK.LIC

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x72e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82136`
MD5	`6e30c09e21dc5d0fd494170b4d052ae9`
SHA1	`295a1d389eef5901bb59bb8293d4e7983dcc7cf1`
SHA256	`72b465ac81fa1877df99ffe853c01ab3c6a90e7f721baa3b93a30c6bd818e85a`
SHA3	`16647901ee8af021a8195f14a53c2682f2f5992d7492bea740dbef2416a07bd1`

ES-ES\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7e98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24107`
Detected Filetype	PE Executable
MD5	`d5bd58edb23644cf0e37b2b258c55421`
SHA1	`627ab9134f0ced0fc5c65155aa85bcbad59d9100`
SHA256	`d29dfefb430b9581bcba157cd7325315f907bd9c194f8be9828d40bd8120e0ec`
SHA3	`b2e2c660a7907a41f3f139f0dda8d984c967c5a6ee7379ff3aace0a75527a3ca`

FR-FR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb098`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02091`
Detected Filetype	PE Executable
MD5	`20ba7ab1adb7a2f46fa982101e7bdde9`
SHA1	`af09c1836a783442d018604a08748735c2bc1c66`
SHA256	`0d7f82f168c27eb4e735135d1b1496fa83c0f163e1ef67f0fb2f5e414555188c`
SHA3	`f99630baf828655b232a7ea22bc55add5737607bfd569f3c79246171616851fd`

IT-IT\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7e98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.2237`
Detected Filetype	PE Executable
MD5	`87e8288c2b09934d5fd11ad17e9887ee`
SHA1	`5e37d3455cc225be6711fde74f2a2c9b236e3d5d`
SHA256	`eb860dfc1652d5fa0ab40bda84afe1a917e47f3b30e94189f74a81aecf6aaa1d`
SHA3	`ac26d9d64f9c03e3184aef6359bad273e36484e54504962b86af9e5be8b56916`

JA-JP\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb098`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39955`
Detected Filetype	PE Executable
MD5	`3bb52467795ba86ee09ae1bc474c9d71`
SHA1	`edb1f6534c62174120c402e75ab64836de7c7994`
SHA256	`dabe8c550a2e45b0798fbc68a9bbe490bc4da32ecac3053e33def80213d28fbd`
SHA3	`706827ab6d46a52f4703352ab44f4bb168411cf3ffe2b57bfbf2cd3a4769a6c8`

MICROSOFT.WIN32.TASKSCHEDULER.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x53d20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.18527`
Detected Filetype	PE Executable
MD5	`7f56ca479cee0d2ae7bd43c80504bb6b`
SHA1	`860ae5bdebc26ceb78755a9f0860fbd028e6da62`
SHA256	`5f988adcd4381887f6ad582fc0c12ef0c0f25ddca59e806c868a805e1642bb59`
SHA3	`7c9e7f66cd1a6a8a23ef959c76e512a3c74390ce515ce8a8cc462682999219c4`

MICROSOFT.WINDOWS.SHELL.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28b18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.36182`
Detected Filetype	PE Executable
MD5	`dac573dd1c814dc7b4ea5a2e4b137a81`
SHA1	`5efc65790bf2661fe32dde4289bddbcce3e982fc`
SHA256	`f83541c793345f6d656355e91f87c66353f80e6932a720367da915b4e41f4f02`
SHA3	`3030e7e00f80fad7b19a07f1a23b46cdb5d1253b57ae987171a0635547bd98f4`

NEWTONSOFT.JSON.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7f130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.10827`
Detected Filetype	PE Executable
MD5	`40c6a233d4b32dfadd50c5c4be6e7dbf`
SHA1	`908119ed3e42b52d36286908ec58600cb03acafa`
SHA256	`590dbce35ef8d141fb992f47ab3404d39d48e48c9c8d4b2380ad280e126fb8dd`
SHA3	`21f8b060aaf7ea74442b08203462b7537068698247b57eb21d6261affff3a418`

NL-NL\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7e98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.19912`
Detected Filetype	PE Executable
MD5	`1c1e42373b0ac0cbf2db342d49fd969f`
SHA1	`2fd165763ecaae24308fe82a1d14e7e400e43a73`
SHA256	`3a3f7bc4d4207be6f897f217856f357b3b86a3da4127bb2456878d03a1665aa6`
SHA3	`1a261265cddd1e59dbae4cfd0b7c28a38490e5dff1536e6c0e76344dc987fefe`

PRODUCTLABEL.COMMON.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2dbc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16049`
Detected Filetype	PE Executable
MD5	`626d8faf61059fc8c7ebd4d0248263e5`
SHA1	`cfb52bcec1521b7cb1370f3561e66e39c993d3b2`
SHA256	`d1fae6cbd78bbda91707df719364a23eb01b87d17935e53e67f88710655f7e3f`
SHA3	`573a812ca98cb9c00ea476eed9bf9669e268e693f83d4251af10d15406477d40`

PRODUCTLABEL.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x40878`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79963`
Detected Filetype	PE Executable
MD5	`06f560a245336b43641ce7844653966c`
SHA1	`1e76a0520b2197755af59b682764d28a3eef1d93`
SHA256	`70865023c6788ba95ad85149f2bc8d06340d15b48a31391bb2f4be459d7755b1`
SHA3	`132200ca2803205c521d571d36fbf800ba04f2c7177353294393bbdf800447d5`

PT-BR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7e98`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.2428`
Detected Filetype	PE Executable
MD5	`cb6e22c1a9ee56088be1cfc2e7ba150a`
SHA1	`c2f767924e01a11b636b9d6cbfa8251b8ffbbb5f`
SHA256	`ea3f2fa77ed0263f613964e6d2c9bc6764b4aa67354bbac821cb6c1393c91935`
SHA3	`620d9e15f46c015b81bfbb5ad43f7472c84e8b3c09440e9c0b11afe33f24d5a2`

RU-RU\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc0b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21437`
Detected Filetype	PE Executable
MD5	`998576fdfbb7780f7aca20f5239ce1f3`
SHA1	`b7c0bef0f3b0d8ce1c2f8db99eefcf973f3cd8e3`
SHA256	`daff491749967e31abe0fc0df302dc5813570b151b9272911bd87da8ff380f5b`
SHA3	`9abb14d64f96d9c3f0dbe61903aa87a47e919c990bf3d667ff81267d6dc13733`

SETTINGS.JSON

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x41`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.49839`
MD5	`4b0db252fea721335288fc2dabab9638`
SHA1	`79ea89f32a2e3f915339228b12c25966e3f92565`
SHA256	`2326f85fd4d3f4365f3440b4aec89212df1067250ee75722a170fd1fdfb5dd30`
SHA3	`c4bc62553541e19e5a575ead231e68353e324554453e0af4f8b6d5a109238f3b`

SHARPRAVEN.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x15468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34361`
Detected Filetype	PE Executable
MD5	`8cc121e4e8083b9ac08c16b377069181`
SHA1	`3b356fc5c98aca3c23eec5f3680d4134e3419347`
SHA256	`0d64e4cf29637678606a4a96aebbfcf6205a2ce2deaba32f5f0f3c07ba7430c0`
SHA3	`595e2374d28e3ae6f0600503f0055ab4ba1ed09b0484367107e402cebfc274d1`

TR-TR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb098`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0046`
Detected Filetype	PE Executable
MD5	`5dd515984e3c4aa66bcfdcef58ddf7f9`
SHA1	`9fb540c4afab32d18128acd626e45d7adb9771f0`
SHA256	`2ee39a5398438365358799da4e58e50e69e28cbbf96336b3838d70208ba822a3`
SHA3	`30ff9b248abbdae0e9cc636c96e76b09461c1a8d330092de06b0cd4e5c058be8`

ZH-CN\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa070`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37069`
Detected Filetype	PE Executable
MD5	`a45c2dd677563588642e78712055b633`
SHA1	`c4fa0aff29fa07f28fd4cd0f8ae8553af7ad0ea8`
SHA256	`1fb4dd5a9f665e1b762c963e1b739cd375e3c1db24b33f9f45562fe4939e0c11`
SHA3	`470d58e97676147fbdb2b29667d63d5891b2bf7c9244179c4b94645e7f3c51c0`

ZH-TW\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Type	`BIN`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa070`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40913`
Detected Filetype	PE Executable
MD5	`d360f798bcd6e4372358be7e33735e05`
SHA1	`927f499f30dd21e5bca56e1ae5d00f5f752a8cc7`
SHA256	`196b6403a4f0546490763a40f0a48b1472d455927fee697e62aa91c2e8f7628a`
SHA3	`803460be1011da277d4a029967682b1896841fba47beb4b1985aaa97d00a2181`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f73`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89595`
Detected Filetype	PNG graphic file
MD5	`cf4fec95f59c4a7043d3fa763212303d`
SHA1	`055a1e3cdfa13aaace1fa5f98ecae47cce1c5682`
SHA256	`9f2a95fd26987380f6241d71ba254d5331c321c33e9b89fe5d6cd929d6250033`
SHA3	`8563d29039df3bc2093a0f1025a51aff829b5be1858395f555a9abe7adeb14a2`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.39986`
MD5	`3f17112a9a8787fc1fdfb1e9e6209261`
SHA1	`6791944a1ad148a7d62f1f7e7eda1a83acfd836d`
SHA256	`54821e85195eba9604a16e643fef9ae5df8abfd626cab5dbef7e6fd0cd6f146f`
SHA3	`33bea95e34bc34f698474bd54936fc4bfc1d4452e56d447b29b84f2dc031dfdf`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.49457`
MD5	`dfdd06d82eeafd11cdb4f0c4ba0b45de`
SHA1	`9fdb41a851c1a8fc7f8e0aa6fa58bfd7de6ffc32`
SHA256	`ddd5d4805838e09a38fc9745b5bc1bb80e02a540b2e91416e4d398b18d0e1848`
SHA3	`8995fa024149b30c343b741024fc9648f6e6348158b89961e2ada43d7d5c1d5d`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.65675`
MD5	`7519dbe2ae4af56b51fc7ea0f9a729a3`
SHA1	`0417cf20136d4ed123a3b19e8c7e757ace9e0058`
SHA256	`1eb8ccba0594da3f1f2a5a022c72c0ec9998a782bee0ae5954e6a7609292f41b`
SHA3	`9ecd89b944cc2bb4cd2f816a02d59bdb3ac62f2148e96ebf42fa60c4a41343ab`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80124`
MD5	`deeb765661bf1d4fe1e71d62f1ddc51c`
SHA1	`fcee33c7269e9e605367699c5171a3f11a6313a1`
SHA256	`b0c3feb9d69b0296bf33e6d8d02ba1d90c548c38f5e20b2fcddff8b91e41e424`
SHA3	`33a598a6958384b8565eff7b88e2a797a926aa0e1a980e5d3f6a19d5263998fb`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07284`
MD5	`56d5b3cb1e53dab36ca5c5cf6fba29cb`
SHA1	`e9eeda64295591a357ac76408467c28a39728514`
SHA256	`ccaf297eab3b9d9e1edf6729c3b34564dfdf55663191a6d86634abd504e78888`
SHA3	`8fc2c9410bdb51d3585eb0e787d9dfc72f840488ca3ac2f7bd8e1efaf2b9fb57`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46786`
MD5	`452c4c4ef6ac8daef119f18e61539052`
SHA1	`cab7014e90732f686b2472e76f462c122c44a93b`
SHA256	`76c7c597cbf31bd56547bfe5e380ad5cd2c52d8a78d1d626c79ebe65115e307e`
SHA3	`a96b3a0d3b2e2ce83f9605cfd4b13fe7b3c3e0f6f4b9bd08faa937dfb6392649`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.88962`
MD5	`973e9586dc55a4d12804fcc2621a745a`
SHA1	`42e52c8a4933b1a673c2724c259fa6fd674ce4f1`
SHA256	`0ca46a9d6bf1e75c105c2badb694817200521079abec4a3b8ac828537a5e6bbf`
SHA3	`214e981978761abe0bbf43b416eba395923ed12d76800d49c70494f7c303b778`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97321`
Detected Filetype	Icon file
MD5	`a99b874ce28dd242669999ffca179f36`
SHA1	`02174754db18cc53fb714ce0d81fc1143d48b89e`
SHA256	`5f83275205c9b306047e26faa25376cb19eeb645a2212d67de2007e676bff778`
SHA3	`d483decd60ba97059d6ee43edcc8f439744d46cb62aba5a50021f7759b335cf7`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42829`
MD5	`086eba313d71486419bfdbd5e610790d`
SHA1	`bf264b671565815e02d36cccccbba7f37e4ff962`
SHA256	`5acda29caab0aa26f13126928cb8ad678a4342aa6e17ea1f1b1b314ab48e7a86`
SHA3	`ad45d6304116a6e5dab8cd411f477e8566362f156bb6b5ad67a9c5fc9d493dc8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x760`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15776`
MD5	`e099a599a078cb97bfd85f90ac991862`
SHA1	`c63be1c51c45f2f4583d4059d1558a598a6ec22e`
SHA256	`4882a8f6d1c3a80133005deb83df3f8d087221f864bd3426e4c3f1d2ca7fdc1e`
SHA3	`86d96f879fc0077937a174fd13015f892a9f555dbfafa61440c01c14c19bd4ba`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.55.984
ProductVersion	1.0.55.984
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Avira Operations GmbH
FileDescription	Avira Security
FileVersion (#2)	1.0.55.984
InternalName	avira.exe
LegalCopyright	Copyright Â© 2026 Avira Operations GmbH and its Licensors
OriginalFilename	avira.exe
ProductName	Avira Security
ProductVersion (#2)	1.0.55.984

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-16 08:29:33
Version	`0.0`
SizeofData	`144`
AddressOfRawData	`0x4cefc`
PointerToRawData	`0x4c0fc`
Referenced File	C:\BUILD\work\5352ccc9d6f46610\Bootstrapper\Bootstrapper.Presetup\bin\Release\Avira.Spotlight.Bootstrapper.Presetup.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Apr-16 08:29:33
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x4cf8c`
PointerToRawData	`0x4c18c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Apr-16 08:29:33
Version	`0.0`
SizeofData	`1136`
AddressOfRawData	`0x4cfa0`
PointerToRawData	`0x4c1a0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Apr-16 08:29:33
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2026-Apr-16 08:29:33
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x4d410`
PointerToRawData	`0x4c610`

TLS Callbacks

StartAddressOfRawData	`0x44d424`
EndAddressOfRawData	`0x44d42c`
AddressOfIndex	`0x453e90`
AddressOfCallbacks	`0x43c2d0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x452054`
SEHandlerTable	`0x44c8d8`
SEHandlerCount	`185`
GuardCFCheckFunctionPointer	`4440692`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xfbd287fe`
Unmarked objects	`0`
ASM objects (33140)	`14`
C++ objects (33140)	`178`
C objects (33140)	`20`
C objects (30034)	`18`
ASM objects (30034)	`23`
C++ objects (30034)	`95`
C objects (CVTCIL) (33140)	`1`
Imports (33140)	`11`
Total imports	`208`
C++ objects (LTCG) (30152)	`23`
Resource objects (30152)	`1`
151	`1`
Linker (30152)	`1`

Errors

Leave a comment

No comments yet.