Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Oct-07 12:31:51 |
Detected languages |
English - United States
|
Debug artifacts |
D:\BuildAgent\work\824522dc9b449d33\_bin\Release\x64\VeeamLicense.pdb
|
CompanyName | Veeam Software Group GmbH |
FileDescription | Veeam License Library |
FileVersion | 1.0.0.82 |
InternalName | VeeamLicense.dll |
LegalCopyright | © 2020 Veeam Software Group GmbH. All rights reserved. |
OriginalFilename | VeeamLicense.dll |
ProductName | Veeam License Library |
ProductVersion | 1.0.0.82 |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE's digital signature is invalid. |
Signer: Veeam Software Group GmbH
Issuer: DigiCert EV Code Signing CA (SHA2) The file was modified after it was signed. |
Suspicious | VirusTotal score: 1/66 (Scanned on 2021-11-25 13:55:17) | eGambit: PE.Heur.InvalidSig |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2020-Oct-07 12:31:51 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x65200 |
SizeOfInitializedData | 0x2b800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000003F7E8 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x180000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x97000 |
SizeOfHeaders | 0x400 |
Checksum | 0x97232 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
RPCRT4.dll |
UuidFromStringW
|
---|---|
KERNEL32.dll |
LoadLibraryExW
LoadResource LockResource SizeofResource FindResourceW LocalFree lstrcmpiW MultiByteToWideChar DecodePointer EncodePointer GetThreadLocale GetProcAddress GetSystemTime WideCharToMultiByte CreateFileW GetFileSize ReadFile WriteFile CloseHandle GetACP GetConsoleMode GetConsoleCP GetModuleHandleW GetModuleFileNameW FreeLibrary FindResourceExW DeleteCriticalSection InitializeCriticalSectionAndSpinCount LeaveCriticalSection EnterCriticalSection GetProcessHeap HeapSize HeapFree HeapReAlloc HeapAlloc HeapDestroy GetLastError RaiseException WriteConsoleW SetThreadLocale FlushFileBuffers SetStdHandle SetFilePointerEx SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW IsValidCodePage FindNextFileW FindFirstFileExW FindClose GetTimeZoneInformation GetFileType GetStdHandle GetOEMCP EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetTimeFormatW GetDateFormatW GetModuleHandleExW ExitProcess InterlockedFlushSList RtlUnwindEx RtlPcToFileHeader InitializeSListHead GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter GetStartupInfoW WaitForSingleObjectEx ResetEvent SetEvent IsProcessorFeaturePresent GetCommandLineA IsDebuggerPresent OutputDebugStringW GetStringTypeW SetLastError CreateEventW TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime CompareStringW LCMapStringW GetLocaleInfoW GetCPInfo RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess |
USER32.dll |
CharNextW
|
ADVAPI32.dll |
RegQueryValueExW
CryptVerifySignatureW CryptDestroyHash CryptHashData CryptCreateHash CryptImportKey CryptGetHashParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW RegSetValueExW RegQueryInfoKeyW RegOpenKeyExW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegCloseKey |
ole32.dll |
CoCreateInstance
CoCreateFreeThreadedMarshaler CoTaskMemRealloc StringFromGUID2 OleRun CoTaskMemFree CoTaskMemAlloc |
OLEAUT32.dll |
SafeArrayRedim
SafeArrayUnaccessData SafeArrayAccessData SafeArrayUnlock SafeArrayLock SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElemsize SafeArrayDestroy SafeArrayCreate CreateErrorInfo VariantChangeType VariantCopy VariantInit SystemTimeToVariantTime UnRegisterTypeLib RegisterTypeLib VariantClear SysAllocString GetErrorInfo LoadRegTypeLib LoadTypeLib VarUI4FromStr SysAllocStringByteLen SysStringByteLen SysStringLen SysFreeString SysAllocStringLen VariantCopyInd SetErrorInfo |
Ordinal | 1 |
---|---|
Address | 0x8590 |
Ordinal | 2 |
---|---|
Address | 0x85c0 |
Ordinal | 3 |
---|---|
Address | 0x8730 |
Ordinal | 4 |
---|---|
Address | 0x8850 |
VeeamLicense |
The specified property cannot be found. |
License version is invalid. |
License has expired |
Support period has expired |
Sockets number exceeded |
The license key is corrupted |
Unexpected property type |
License for specified product was not found. |
Can't create MSXML parser. |
The signature is invalid. |
The license specified is too large. |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.82 |
ProductVersion | 1.0.0.82 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Veeam Software Group GmbH |
FileDescription | Veeam License Library |
FileVersion (#2) | 1.0.0.82 |
InternalName | VeeamLicense.dll |
LegalCopyright | © 2020 Veeam Software Group GmbH. All rights reserved. |
OriginalFilename | VeeamLicense.dll |
ProductName | Veeam License Library |
ProductVersion (#2) | 1.0.0.82 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Oct-07 12:31:51 |
Version | 0.0 |
SizeofData | 94 |
AddressOfRawData | 0x7ddd4 |
PointerToRawData | 0x7c3d4 |
Referenced File | D:\BuildAgent\work\824522dc9b449d33\_bin\Release\x64\VeeamLicense.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Oct-07 12:31:51 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x7de34 |
PointerToRawData | 0x7c434 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Oct-07 12:31:51 |
Version | 0.0 |
SizeofData | 968 |
AddressOfRawData | 0x7de48 |
PointerToRawData | 0x7c448 |
StartAddressOfRawData | 0x18007e230 |
---|---|
EndAddressOfRawData | 0x18007e238 |
AddressOfIndex | 0x1800897b8 |
AddressOfCallbacks | 0x1800675c8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x130 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1800861a8 |
XOR Key | 0xce6fa0d8 |
---|---|
Unmarked objects | 0 |
ASM objects (26715) | 10 |
C++ objects (26715) | 154 |
C objects (VS 2015/2017/2019 runtime 28920) | 15 |
ASM objects (VS 2015/2017/2019 runtime 28920) | 10 |
C++ objects (VS 2015/2017/2019 runtime 28920) | 82 |
C objects (26715) | 21 |
Imports (26715) | 13 |
Total imports | 162 |
C++ objects (VS2019 Update 7 (16.7.1) compiler 29111) | 7 |
Exports (VS2019 Update 7 (16.7.1) compiler 29111) | 1 |
Resource objects (VS2019 Update 7 (16.7.1) compiler 29111) | 1 |
151 | 1 |
Linker (VS2019 Update 7 (16.7.1) compiler 29111) | 1 |