983c6688b197ba00a95570cd13654dbd

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Aug-19 15:09:25
Debug artifacts Navicat_Keygen_Patch_By_DFoX.pdb
Comments Patch_Keygen for Navicat Products
CompanyName DeltaFoX
FileDescription Navicat_Keygen_Patch_By_DFoX
FileVersion 6.1.0.0
InternalName Navicat_Keygen_Patch_By_DFoX.exe
LegalCopyright Copyright © 2020
LegalTrademarks DeFconX
OriginalFilename Navicat_Keygen_Patch_By_DFoX.exe
ProductName Navicat_Keygen_Patch_By_DFoX
ProductVersion 6.1.0.0
Assembly Version 6.1.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
 Contains domain names:
  • J.bcJ.J.de
  • aJ.J.bcJ.J.de
  • bcJ.J.de
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Uses constants related to Blowfish
Uses constants related to RC5 or RC6
Uses constants related to Twofish
Uses constants related to TEA
Suspicious Unusual section name found: .sdata
Malicious VirusTotal score: 33/69 (Scanned on 2021-02-10 12:34:38) FireEye: Generic.mg.983c6688b197ba00
CAT-QuickHeal: HackTool.MSIL
Cylance: Unsafe
AegisLab: Riskware.Win32.Generic.1!c
Sangfor: Trojan.Win32.Save.a
K7AntiVirus: Unwanted-Program ( 005709661 )
BitDefender: Gen:Heur.MSIL.HackTool.54
K7GW: Unwanted-Program ( 005709661 )
Cybereason: malicious.8b197b
Cyren: W32/Trojan.SKWY-3319
Symantec: ML.Attribute.HighConfidence
Avast: Win32:Malware-gen
Alibaba: RiskWare:MSIL/Generic.7f8e15c9
ViRobot: Adware.Vigua.8879104
MicroWorld-eScan: Gen:Heur.MSIL.HackTool.54
Ad-Aware: Gen:Heur.MSIL.HackTool.54
Sophos: Generic PUA NA (PUA)
Comodo: ApplicUnwnt@#1hn9684iynis8
McAfee-GW-Edition: Artemis!Trojan
Emsisoft: Gen:Heur.MSIL.HackTool.54 (B)
APEX: Malicious
Webroot: W32.Adware.Gen
Kingsoft: Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft: Hack.Win32.Keygen.sd!ni
GData: Gen:Heur.MSIL.HackTool.54
AhnLab-V3: PUP/Win32.RL_Generic.R330431
ALYac: Gen:Heur.MSIL.HackTool.54
Malwarebytes: Malware.AI.1132234448
ESET-NOD32: MSIL/Keygen.BU potentially unsafe
Yandex: Trojan.Igent.bULoyO.9
MAX: malware (ai score=99)
MaxSecure: Trojan.Malware.11903493.susgen
AVG: Win32:Malware-gen

Hashes

MD5 983c6688b197ba00a95570cd13654dbd
SHA1 d046699ed21715920f3127be70f331842be4eeea
SHA256 79f1b3581d97575eac52a6229376c50dc00da739951b73550b6c056851106f43
SHA3 858dfda768cb6106bedaa40e9960b758208afd3ce9a40e5b413cc96b53c8151a
SSDeep 196608:WEyWa9luypsPyh8+T42P3nrLjObK683NDKtTCJrEb8I:xMluyps4T42vnXjObKn9TJrEbD
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2020-Aug-19 15:09:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x868000
SizeOfInitializedData 0xf800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00869FEE (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x86a000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x87e000
SizeOfHeaders 0x400
Checksum 0x884286
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 15

.text

MD5 0223d4b5a7563e13e0ea8a532f7062aa
SHA1 9161703405dbde8de108560eb896b2b92ebb3a3a
SHA256 745f6408ca40f10bda60485474c039ea098d0951cc7d67499e8a83c5ab276659
SHA3 315934ef3c21c6d72a7d558c13825be9aab2e6e5205d08c8c22e1c607ee76124
VirtualSize 0x867ff4
VirtualAddress 0x2000
SizeOfRawData 0x868000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.04019

.sdata

MD5 cf73db7cc6fb644c4fb0b5e0d5d5fc60
SHA1 b5c919c7f453c6529a4eea5c0fa01c9c84950878
SHA256 136d531135e50c1c24e07caef705fddc31c4ebcc5321c521994d36805e126a37
SHA3 45111791773a56831b6d56c71e44e5500e32890b3091eca55930e798b60f1040
VirtualSize 0x11b2
VirtualAddress 0x86a000
SizeOfRawData 0x1200
PointerToRawData 0x868400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.93254

.rsrc

MD5 bebdb87278793837bd2ed16ad8b2bf65
SHA1 bdd7822bac87cc3dd7efe767d8e0c82bc7a3eb5f
SHA256 1fd305cd1e8f58f645d20c078c8a44a52ea2f81e4ceec1983d6ace185fd459ef
SHA3 38ce2247f11b994a6f4549e12970c5246105ef28189448258939a04bdca54c2a
VirtualSize 0xe288
VirtualAddress 0x86c000
SizeOfRawData 0xe400
PointerToRawData 0x869600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.18399

.reloc

MD5 aab6d95c1d3578b3908f8e2e93bf69f9
SHA1 1a311c21df0ae2ef6a4f963683944c64465eea52
SHA256 5bd41fd09f8d9c392de4505615c02dd5a49dd1168700f14a9d59cf2cb609d0a6
SHA3 80c24454f3a0c47ef07f0fb90796f6cb39245a0356f38dcd2f0ae8cf02f53410
VirtualSize 0xc
VirtualAddress 0x87c000
SizeOfRawData 0x200
PointerToRawData 0x877a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x941b
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95259
Detected Filetype PNG graphic file
MD5 d6dc84cbd2556d46b8fcbe1268b43e38
SHA1 754d29d1021a863e869dd263fb266db7c6c53950
SHA256 2f9b565b360250b04ad7f036df20e7fdf8680eab2d79d7ce14c1d95058a13bf9
SHA3 cecd9472d6f1e3b976129342bba418054568d278f2dee7a035c7b22cb3ea6035

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.00895
MD5 f4f03cb5f4bc34a724098dd2281283cf
SHA1 c04c0272f7664e7a2e3c9fa0e3b04d3c19c2bb8c
SHA256 146698e9bcf73c3dd14df579f01f140e11ee9eeef07ca80b656576bcace74723
SHA3 2103b9342843681fbfb1cf12a93bc5f0d8e2fb67abb1b35e188f06ffddf4490b

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.39123
MD5 3e6ba9959037a04ad5f32f7c594ccb5b
SHA1 6dae081e905988d1f4ea4e9f43a1676954ebb119
SHA256 fb877971a3ef5aa275a4c68ef3de9ca1fd85ce78c382ff8a16850353a1b63af1
SHA3 1b264e61f9c29c9f81cdfc2232aa541739b7a20ec89ef9f5941a4a4ff5fedaee

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.32309
MD5 54f6f7cb84f585a24ac0edf04a14545b
SHA1 d5973e6bedd4563bb10b2721995fd5f1fc2a01bc
SHA256 d33e8302d63bf66d4ff3324eba1171f86e7b3444290e654f6b65192b2ff4259a
SHA3 116d3973f164a1043d520740b86003c62ff7fd6aad77f4ad722aa9bffcd6deea

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.44608
Detected Filetype Icon file
MD5 e2816aa5fa118807c75fa5d976a74c4a
SHA1 7941b43926bee97d8ed47e1a4b3ca27844e1e528
SHA256 948615b024786f7e6f951b018bccb97af9fb533120e9666cb5cfb3924700a9bb
SHA3 431216dcdbce9695d901dae3936a77abc6abfd5bc7be90fd14ed929c43dbb79d

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x418
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.40022
MD5 3d5caafff28b0ee8542b7ef975690c72
SHA1 b5111b5b3a3e84368fa03605c87e77c8ec7283a8
SHA256 f1f84260f30c343b7430f94dbba6a0e3fdb9d2731f2f6c1d4252f4c287f3d00a
SHA3 a3fd00570d4537ec07ef7a1c95132c453dbd475129525b1bd15fb760a1f3d177

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xd99
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.988
MD5 93ff4f197bc447393c731431512c3d7a
SHA1 c30360c18c0db2caf9134a4a6726e84c4f43c1fe
SHA256 8fc159f1734e1e1c77a62b79763c5901adb63c9de79f474129152d564cd7fca3
SHA3 81d8afeccbea1350e951f927aaaef3edf7259affca9197fd0ead4b0ccfc9ba69

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.1.0.0
ProductVersion 6.1.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Patch_Keygen for Navicat Products
CompanyName DeltaFoX
FileDescription Navicat_Keygen_Patch_By_DFoX
FileVersion (#2) 6.1.0.0
InternalName Navicat_Keygen_Patch_By_DFoX.exe
LegalCopyright Copyright © 2020
LegalTrademarks DeFconX
OriginalFilename Navicat_Keygen_Patch_By_DFoX.exe
ProductName Navicat_Keygen_Patch_By_DFoX
ProductVersion (#2) 6.1.0.0
Assembly Version 6.1.0.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 57
AddressOfRawData 0x869f63
PointerToRawData 0x868363
Referenced File Navicat_Keygen_Patch_By_DFoX.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->