Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Aug-19 15:09:25 |
Debug artifacts |
Navicat_Keygen_Patch_By_DFoX.pdb
|
Comments | Patch_Keygen for Navicat Products |
CompanyName | DeltaFoX |
FileDescription | Navicat_Keygen_Patch_By_DFoX |
FileVersion | 6.1.0.0 |
InternalName | Navicat_Keygen_Patch_By_DFoX.exe |
LegalCopyright | Copyright © 2020 |
LegalTrademarks | DeFconX |
OriginalFilename | Navicat_Keygen_Patch_By_DFoX.exe |
ProductName | Navicat_Keygen_Patch_By_DFoX |
ProductVersion | 6.1.0.0 |
Assembly Version | 6.1.0.0 |
Info | Matching compiler(s): | Microsoft Visual C# v7.0 / Basic .NET |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses constants related to RC5 or RC6 Uses constants related to Twofish Uses constants related to TEA |
Suspicious | Unusual section name found: .sdata | |
Malicious | VirusTotal score: 33/69 (Scanned on 2021-02-10 12:34:38) |
FireEye:
Generic.mg.983c6688b197ba00
CAT-QuickHeal: HackTool.MSIL Cylance: Unsafe AegisLab: Riskware.Win32.Generic.1!c Sangfor: Trojan.Win32.Save.a K7AntiVirus: Unwanted-Program ( 005709661 ) BitDefender: Gen:Heur.MSIL.HackTool.54 K7GW: Unwanted-Program ( 005709661 ) Cybereason: malicious.8b197b Cyren: W32/Trojan.SKWY-3319 Symantec: ML.Attribute.HighConfidence Avast: Win32:Malware-gen Alibaba: RiskWare:MSIL/Generic.7f8e15c9 ViRobot: Adware.Vigua.8879104 MicroWorld-eScan: Gen:Heur.MSIL.HackTool.54 Ad-Aware: Gen:Heur.MSIL.HackTool.54 Sophos: Generic PUA NA (PUA) Comodo: ApplicUnwnt@#1hn9684iynis8 McAfee-GW-Edition: Artemis!Trojan Emsisoft: Gen:Heur.MSIL.HackTool.54 (B) APEX: Malicious Webroot: W32.Adware.Gen Kingsoft: Win32.Troj.Generic_a.a.(kcloud) Gridinsoft: Hack.Win32.Keygen.sd!ni GData: Gen:Heur.MSIL.HackTool.54 AhnLab-V3: PUP/Win32.RL_Generic.R330431 ALYac: Gen:Heur.MSIL.HackTool.54 Malwarebytes: Malware.AI.1132234448 ESET-NOD32: MSIL/Keygen.BU potentially unsafe Yandex: Trojan.Igent.bULoyO.9 MAX: malware (ai score=99) MaxSecure: Trojan.Malware.11903493.susgen AVG: Win32:Malware-gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2020-Aug-19 15:09:25 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x868000 |
SizeOfInitializedData | 0xf800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00869FEE (Section: .text) |
BaseOfCode | 0x2000 |
BaseOfData | 0x86a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x2000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x87e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x884286 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 15 |
mscoree.dll |
_CorExeMain
|
---|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.1.0.0 |
ProductVersion | 6.1.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
Comments | Patch_Keygen for Navicat Products |
CompanyName | DeltaFoX |
FileDescription | Navicat_Keygen_Patch_By_DFoX |
FileVersion (#2) | 6.1.0.0 |
InternalName | Navicat_Keygen_Patch_By_DFoX.exe |
LegalCopyright | Copyright © 2020 |
LegalTrademarks | DeFconX |
OriginalFilename | Navicat_Keygen_Patch_By_DFoX.exe |
ProductName | Navicat_Keygen_Patch_By_DFoX |
ProductVersion (#2) | 6.1.0.0 |
Assembly Version | 6.1.0.0 |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
SizeofData | 57 |
AddressOfRawData | 0x869f63 |
PointerToRawData | 0x868363 |
Referenced File | Navicat_Keygen_Patch_By_DFoX.pdb |