9c9762b7fa65efbf502fb1d39dcc5a75

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Dec-09 16:35:31
Debug artifacts Navicat_Keygen_Patch_By_DFoX.pdb
Comments Patch_Keygen for Navicat Products
CompanyName DeltaFoX
FileDescription Navicat_Keygen_Patch_By_DFoX
FileVersion 6.3.1.0
InternalName Navicat_Keygen_Patch_By_DFoX.exe
LegalCopyright Copyright © 2020
LegalTrademarks DeFconX
OriginalFilename Navicat_Keygen_Patch_By_DFoX.exe
ProductName Navicat_Keygen_Patch_By_DFoX
ProductVersion 6.3.1.0
Assembly Version 6.3.1.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
 Contains domain names:
  • J.bcJ.J.de
  • aJ.J.bcJ.J.de
  • bcJ.J.de
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Uses constants related to Blowfish
Uses constants related to RC5 or RC6
Uses constants related to Twofish
Uses constants related to TEA
Suspicious Unusual section name found: .sdata
Malicious VirusTotal score: 37/68 (Scanned on 2021-02-27 00:34:52) MicroWorld-eScan: Gen:Heur.MSIL.HackTool.54
CAT-QuickHeal: HackTool.MSIL
McAfee: Artemis!9C9762B7FA65
Cylance: Unsafe
VIPRE: Trojan.Win32.Generic!BT
Sangfor: Trojan.Win32.Save.a
Alibaba: HackTool:MSIL/Patcher.e60215b4
Cybereason: malicious.7fa65e
Cyren: W32/Trojan.JRIU-1237
Symantec: ML.Attribute.HighConfidence
ESET-NOD32: MSIL/HackTool.Patcher.AY potentially unsafe
TrendMicro-HouseCall: TROJ_GEN.R002H09LF20
Paloalto: generic.ml
BitDefender: Gen:Heur.MSIL.HackTool.54
Avast: FileRepMalware
Rising: Malware.Undefined!8.C (CLOUD)
Ad-Aware: Gen:Heur.MSIL.HackTool.54
Sophos: Generic PUA HN (PUA)
Comodo: ApplicUnwnt@#o8zk3st0e5zo
McAfee-GW-Edition: Artemis!PUP
FireEye: Generic.mg.9c9762b7fa65efbf
Emsisoft: Gen:Heur.MSIL.HackTool.54 (B)
Webroot: W32.Adware.Gen
MAX: malware (ai score=89)
Kingsoft: Win32.HackTool.Undef.(kcloud)
Microsoft: PUA:Win32/Puasson.A!ac
Gridinsoft: Hack.Win32.Keygen.sd!ni
Arcabit: Trojan.MSIL.HackTool.54
ViRobot: Adware.Puasson.8898560
GData: Gen:Heur.MSIL.HackTool.54
AhnLab-V3: PUP/Win32.RL_Generic.R330431
ALYac: Gen:Heur.MSIL.HackTool.54
Malwarebytes: Malware.AI.1132234448
Yandex: Trojan.Igent.bU2AX8.23
Fortinet: Riskware/Patcher
AVG: FileRepMalware
Panda: Trj/GdSda.A

Hashes

MD5 9c9762b7fa65efbf502fb1d39dcc5a75
SHA1 7dd410478f6fe3ce8ca6682c187f306bf99998c2
SHA256 3c2ee123815ed1082ca54a56185eb65f32be91bb30a194df71c1086ce1bde815
SHA3 789b1de922cf283022ff164a1e4baeed74ed02e772d0aceb19ef4d0a1fb9006f
SSDeep 196608:ul6Lr0uypsPyh8+T42P3nrLjObK683NDKtTCJrEb8I:UKwuyps4T42vnXjObKn9TJrEbD
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2020-Dec-09 16:35:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x86cc00
SizeOfInitializedData 0xf800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0086EBDE (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x870000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x884000
SizeOfHeaders 0x400
Checksum 0x87fcad
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 15

.text

MD5 a4df32affa25d2222712de6680e4ce62
SHA1 87922a8df8a60c6afd2a9b756bdb5208954f8511
SHA256 6b400049d48f27e521bd88a87019b083ad4ed1bc41dd80c7d5911113cee7ca33
SHA3 41e45e7bec1e04d87ae20423d19b72964c7766c20c42b62c792ed7c29ad0d46d
VirtualSize 0x86cbe4
VirtualAddress 0x2000
SizeOfRawData 0x86cc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.0385

.sdata

MD5 ff38a23103000a5b90acb88931391f36
SHA1 30ca19ad95703df1ef2d684389d96c7c5ef56ba8
SHA256 033a8e886277bd51cf051394c713e6f5a6d44a5556beb77fd472a6e1735db42f
SHA3 e43f99545530fb276757a67884c2ebaa9a4996df7c897280f27e50b77c532b0a
VirtualSize 0x11b2
VirtualAddress 0x870000
SizeOfRawData 0x1200
PointerToRawData 0x86d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.9324

.rsrc

MD5 68be446dacb6c811b6d37709acedf3b4
SHA1 104e03490902cbc0ef5e288a6790ac5474b14826
SHA256 f12949ef82b5163126aa08c8106fef97312e8633cc2d2c77dc56bbf3eea67be2
SHA3 d0f4ce907ebaa7babfe53c385d15606f3a9118ddc48c0839c1e63b6b598705e9
VirtualSize 0xe288
VirtualAddress 0x872000
SizeOfRawData 0xe400
PointerToRawData 0x86e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.18415

.reloc

MD5 c81070a8424de890d01ed7a880c4b956
SHA1 8048941cb72ecead44f1e2f0d3326c1498a2ef6e
SHA256 864c5b37ad995c49a30514dc3f10fb4f6d61a7ac3531b2304d5f4a3bad41d854
SHA3 efab2eed803c2fc63f2013e7fbc19a5677b20c01f956ed33e9966bd302590c13
VirtualSize 0xc
VirtualAddress 0x882000
SizeOfRawData 0x200
PointerToRawData 0x87c600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0980042

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x941b
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95259
Detected Filetype PNG graphic file
MD5 d6dc84cbd2556d46b8fcbe1268b43e38
SHA1 754d29d1021a863e869dd263fb266db7c6c53950
SHA256 2f9b565b360250b04ad7f036df20e7fdf8680eab2d79d7ce14c1d95058a13bf9
SHA3 cecd9472d6f1e3b976129342bba418054568d278f2dee7a035c7b22cb3ea6035

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.00895
MD5 f4f03cb5f4bc34a724098dd2281283cf
SHA1 c04c0272f7664e7a2e3c9fa0e3b04d3c19c2bb8c
SHA256 146698e9bcf73c3dd14df579f01f140e11ee9eeef07ca80b656576bcace74723
SHA3 2103b9342843681fbfb1cf12a93bc5f0d8e2fb67abb1b35e188f06ffddf4490b

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.39123
MD5 3e6ba9959037a04ad5f32f7c594ccb5b
SHA1 6dae081e905988d1f4ea4e9f43a1676954ebb119
SHA256 fb877971a3ef5aa275a4c68ef3de9ca1fd85ce78c382ff8a16850353a1b63af1
SHA3 1b264e61f9c29c9f81cdfc2232aa541739b7a20ec89ef9f5941a4a4ff5fedaee

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.32309
MD5 54f6f7cb84f585a24ac0edf04a14545b
SHA1 d5973e6bedd4563bb10b2721995fd5f1fc2a01bc
SHA256 d33e8302d63bf66d4ff3324eba1171f86e7b3444290e654f6b65192b2ff4259a
SHA3 116d3973f164a1043d520740b86003c62ff7fd6aad77f4ad722aa9bffcd6deea

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.44608
Detected Filetype Icon file
MD5 e2816aa5fa118807c75fa5d976a74c4a
SHA1 7941b43926bee97d8ed47e1a4b3ca27844e1e528
SHA256 948615b024786f7e6f951b018bccb97af9fb533120e9666cb5cfb3924700a9bb
SHA3 431216dcdbce9695d901dae3936a77abc6abfd5bc7be90fd14ed929c43dbb79d

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x418
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.4251
MD5 0bc62fc7c4bb9dbe38080562a5a84df0
SHA1 57eaf1d80bfc28318308e65eb1cee83bd7bda437
SHA256 2ad0b427cb357acc42c7245ba3e8c947e5b4cafd9d14f695d3672b0799c8c1d4
SHA3 333d9090361400cf2725882cdc3ad7006428bd2c99f870257f986a69e019280f

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xd99
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.988
MD5 93ff4f197bc447393c731431512c3d7a
SHA1 c30360c18c0db2caf9134a4a6726e84c4f43c1fe
SHA256 8fc159f1734e1e1c77a62b79763c5901adb63c9de79f474129152d564cd7fca3
SHA3 81d8afeccbea1350e951f927aaaef3edf7259affca9197fd0ead4b0ccfc9ba69

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.3.1.0
ProductVersion 6.3.1.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Patch_Keygen for Navicat Products
CompanyName DeltaFoX
FileDescription Navicat_Keygen_Patch_By_DFoX
FileVersion (#2) 6.3.1.0
InternalName Navicat_Keygen_Patch_By_DFoX.exe
LegalCopyright Copyright © 2020
LegalTrademarks DeFconX
OriginalFilename Navicat_Keygen_Patch_By_DFoX.exe
ProductName Navicat_Keygen_Patch_By_DFoX
ProductVersion (#2) 6.3.1.0
Assembly Version 6.3.1.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 57
AddressOfRawData 0x86eb4f
PointerToRawData 0x86cf4f
Referenced File Navicat_Keygen_Patch_By_DFoX.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->