Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Dec-09 16:35:31 |
Debug artifacts |
Navicat_Keygen_Patch_By_DFoX.pdb
|
Comments | Patch_Keygen for Navicat Products |
CompanyName | DeltaFoX |
FileDescription | Navicat_Keygen_Patch_By_DFoX |
FileVersion | 6.3.1.0 |
InternalName | Navicat_Keygen_Patch_By_DFoX.exe |
LegalCopyright | Copyright © 2020 |
LegalTrademarks | DeFconX |
OriginalFilename | Navicat_Keygen_Patch_By_DFoX.exe |
ProductName | Navicat_Keygen_Patch_By_DFoX |
ProductVersion | 6.3.1.0 |
Assembly Version | 6.3.1.0 |
Info | Matching compiler(s): | Microsoft Visual C# v7.0 / Basic .NET |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses constants related to RC5 or RC6 Uses constants related to Twofish Uses constants related to TEA |
Suspicious | Unusual section name found: .sdata | |
Malicious | VirusTotal score: 37/68 (Scanned on 2021-02-27 00:34:52) |
MicroWorld-eScan:
Gen:Heur.MSIL.HackTool.54
CAT-QuickHeal: HackTool.MSIL McAfee: Artemis!9C9762B7FA65 Cylance: Unsafe VIPRE: Trojan.Win32.Generic!BT Sangfor: Trojan.Win32.Save.a Alibaba: HackTool:MSIL/Patcher.e60215b4 Cybereason: malicious.7fa65e Cyren: W32/Trojan.JRIU-1237 Symantec: ML.Attribute.HighConfidence ESET-NOD32: MSIL/HackTool.Patcher.AY potentially unsafe TrendMicro-HouseCall: TROJ_GEN.R002H09LF20 Paloalto: generic.ml BitDefender: Gen:Heur.MSIL.HackTool.54 Avast: FileRepMalware Rising: Malware.Undefined!8.C (CLOUD) Ad-Aware: Gen:Heur.MSIL.HackTool.54 Sophos: Generic PUA HN (PUA) Comodo: ApplicUnwnt@#o8zk3st0e5zo McAfee-GW-Edition: Artemis!PUP FireEye: Generic.mg.9c9762b7fa65efbf Emsisoft: Gen:Heur.MSIL.HackTool.54 (B) Webroot: W32.Adware.Gen MAX: malware (ai score=89) Kingsoft: Win32.HackTool.Undef.(kcloud) Microsoft: PUA:Win32/Puasson.A!ac Gridinsoft: Hack.Win32.Keygen.sd!ni Arcabit: Trojan.MSIL.HackTool.54 ViRobot: Adware.Puasson.8898560 GData: Gen:Heur.MSIL.HackTool.54 AhnLab-V3: PUP/Win32.RL_Generic.R330431 ALYac: Gen:Heur.MSIL.HackTool.54 Malwarebytes: Malware.AI.1132234448 Yandex: Trojan.Igent.bU2AX8.23 Fortinet: Riskware/Patcher AVG: FileRepMalware Panda: Trj/GdSda.A |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2020-Dec-09 16:35:31 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x86cc00 |
SizeOfInitializedData | 0xf800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0086EBDE (Section: .text) |
BaseOfCode | 0x2000 |
BaseOfData | 0x870000 |
ImageBase | 0x400000 |
SectionAlignment | 0x2000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x884000 |
SizeOfHeaders | 0x400 |
Checksum | 0x87fcad |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 15 |
mscoree.dll |
_CorExeMain
|
---|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.3.1.0 |
ProductVersion | 6.3.1.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
Comments | Patch_Keygen for Navicat Products |
CompanyName | DeltaFoX |
FileDescription | Navicat_Keygen_Patch_By_DFoX |
FileVersion (#2) | 6.3.1.0 |
InternalName | Navicat_Keygen_Patch_By_DFoX.exe |
LegalCopyright | Copyright © 2020 |
LegalTrademarks | DeFconX |
OriginalFilename | Navicat_Keygen_Patch_By_DFoX.exe |
ProductName | Navicat_Keygen_Patch_By_DFoX |
ProductVersion (#2) | 6.3.1.0 |
Assembly Version | 6.3.1.0 |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
SizeofData | 57 |
AddressOfRawData | 0x86eb4f |
PointerToRawData | 0x86cf4f |
Referenced File | Navicat_Keygen_Patch_By_DFoX.pdb |