Manalyze report for ce815741ec9d9adaa323c013a7311041

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Nov-24 21:04:20
Detected languages	English - United States
CompanyName	reFX Audio Software Inc.
LegalCopyright	reFX Audio Software Inc.
FileDescription	Nexus
FileVersion	`3.3.9`
ProductName	Nexus
ProductVersion	`3.3.9`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: crl.symauth.com http://pki-crl.symauth.com http://pki-crl.symauth.com/ca_d409a5cb737dc0768fd08ed5256f3633/LatestCRL.crl07 http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0 http://pki-ocsp.symauth.com0 pki-crl.symauth.com symauth.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA256`
Suspicious	The PE is possibly packed.	`Unusual section name found: \x00` `Section \x00 is both writable and executable.` `Unusual section name found: .idata` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found: rkibuzfw` `Section rkibuzfw is both writable and executable.` `Unusual section name found: voymuvns` `Section voymuvns is both writable and executable.` `Unusual section name found: .pdata\x00I` `Unusual section name found: .taggant` `Section .taggant is both writable and executable.` `The PE only has 2 import(s).`
Malicious	VirusTotal score: 34/69 (Scanned on 2021-06-07 00:12:28)	`MicroWorld-eScan: Trojan.GenericKD.36588317` `FireEye: Generic.mg.ce815741ec9d9ada` `McAfee: GenericRXAA-AA!CE815741EC9D` `Cylance: Unsafe` `Zillya: Trojan.Themida.Win64.2438` `Sangfor: Trojan.Win32.Ymacco.AADF` `K7AntiVirus: Trojan ( 0052f6d81 )` `K7GW: Trojan ( 0052f6d81 )` `CrowdStrike: win/malicious_confidence_60% (W)` `Cyren: W64/Trojan.BABQ-2284` `Symantec: Trojan.Gen.2` `ESET-NOD32: a variant of Win64/Packed.Themida.CK` `Avast: Win64:Trojan-gen` `BitDefender: Trojan.GenericKD.36588317` `Paloalto: generic.ml` `Ad-Aware: Trojan.GenericKD.36588317` `Emsisoft: Trojan.GenericKD.36588317 (B)` `VIPRE: Trojan.Win32.Generic!BT` `McAfee-GW-Edition: BehavesLike.Win64.PUPXBX.wc` `Sophos: Mal/Generic-S` `Ikarus: Trojan.Win64.Themida` `GData: Trojan.GenericKD.36588317` `Antiy-AVL: Trojan/Generic.ASMalwS.324C1C5` `Gridinsoft: Trojan.Win64.Packed.ns` `Microsoft: Trojan:Win32/Ymacco.AADF` `AhnLab-V3: Trojan/Win.Generic.R414560` `ALYac: Trojan.GenericKD.36588317` `MAX: malware (ai score=84)` `Malwarebytes: Malware.AI.3993113432` `TrendMicro-HouseCall: TROJ_GEN.R002H09CT21` `MaxSecure: Trojan.Malware.116754436.susgen` `Fortinet: PossibleThreat.PALLAS.H` `AVG: Win64:Trojan-gen` `Panda: Trj/CI.A`

Hashes

MD5	`ce815741ec9d9adaa323c013a7311041`
SHA1	`3977659302848f5aa0bf489fae071399fd70921e`
SHA256	`df8e614ec0509cf55610d12f313d1721ab00e54bf37144da64ef7657bb3ac7dc`
SHA3	`bedfc980f8e9253c40b816be1e87ddbc8dc7b2c17f6271212b26237c2be4f6d4`
SSDeep	`196608:BSFFiGy5BjbXH5/0PmDLreMepbJS/atGbEsAsGRa:BSal5ZzZ/gsfeXbs/jHAsG8`
Imports Hash	`baa93d47220682c04d92f7797d9224ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x148`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2020-Nov-24 21:04:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x5cba00`
SizeOfInitializedData	`0x427600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000001394000 (Section: .taggant)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1397000`
SizeOfHeaders	`0x400`
Checksum	`0x800566`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x00

MD5	`b8ecc4591aaa3b7f1519ae61c7e23131`
SHA1	`307794f0e5b6b1cf347e4066f5f2e9cacdfbdb9f`
SHA256	`0e36d304c79f324e287ab495d8b789992f6f65d0e5e8da0ffdf3ddd81382f4c6`
SHA3	`ec7c9cce6379a1a57f498e0a087a9c7bad62add18f6f515a2201db23200d6a91`
VirtualSize	`0x9d5000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x46e800`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.92761`

.rsrc

MD5	`64d0ee56e69e71d844fd37c439040805`
SHA1	`a61c4ba7f7d36e6bbffa883a3e88d3d537a7e8e6`
SHA256	`8c81a3a50cdf30d2e0eb6b09cdc66c001db3533d1c913ca6133b3be4eb6d9afd`
SHA3	`20b338fa8d566ba8a13b5c5a906f9ce60146debbf1b00fe38266d27f825c70f9`
VirtualSize	`0x7a48`
VirtualAddress	`0x9d6000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x46f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.30961`

.idata

MD5	`77bcb9c86f0fa9a5876ef84e4bce9900`
SHA1	`4245d3ba6cab7d61a3d96e5cac747ef147fa5907`
SHA256	`4fc7bdb350d58f94da5fa02d82c71fb89dbaf17848aeebb705ea7dd9ab7f1baf`
SHA3	`02a823d168b59a68cbb38d6d8a230cc179e9be3926ac8ff2c9e91d215646e7c1`
VirtualSize	`0x1000`
VirtualAddress	`0x9de000`
SizeOfRawData	`0x200`
PointerToRawData	`0x470600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.297`

MD5	`d4c1adb0eef51eb9500affc12a40932a`
SHA1	`a3de116f2ac16c2dae2a8e2eef65d817607df218`
SHA256	`ccaa0fae325d53c17e390c7f2c03542dcb14d336ae45a45c15c1d4f144958297`
SHA3	`6dc3f51fecc89f6a0f4d2a645c2f3d9b49d9e39505fc15e3842aed1d40ee9161`
VirtualSize	`0x629000`
VirtualAddress	`0x9df000`
SizeOfRawData	`0x200`
PointerToRawData	`0x470800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.231158`

rkibuzfw

MD5	`acabd38f6b2e0ab18f2642bd7e6fcfba`
SHA1	`13403727ce6d77f6d10ad750cbcfec067d8847b0`
SHA256	`2960478b9d41b0c0b93c2eaf4f6fbe8c02eaf8c706d7b1711cab1a9788c75c80`
SHA3	`a1c2c09947cfbb60a1eeca38531d55079d6904cab14c3d9d1a1be46917326f31`
VirtualSize	`0x359000`
VirtualAddress	`0x1008000`
SizeOfRawData	`0x358e00`
PointerToRawData	`0x470a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.95977`

voymuvns

MD5	`3e01e404ab4b6fe1ecfb323795324cac`
SHA1	`ab07eb06481593a5b7e3cfc22c8fa2599443028e`
SHA256	`6c615fd2a576cc93601b9801b1867a90e021d8d615ee7a19feaea07d6c9a37c3`
SHA3	`d046ea4bd34bc0ecb90a8c67d45768fb27b106938371de86bb00da6facda229d`
VirtualSize	`0x1000`
VirtualAddress	`0x1361000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7c9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.57887`

.pdata\x00I

MD5	`a090dcc10a2b4586796725b9dd674b33`
SHA1	`9eb544cb3182e88f62dc5a6a1cb4ac7ca13febe5`
SHA256	`acce6a59a6193be05a26ceae67e6aa5d44af065acf5861d201606ad9115e6c7a`
SHA3	`594b403af9a794e09ac1b319f35db2b3f2168d4275f0fcf545a4f104c1c1d04c`
VirtualSize	`0x32000`
VirtualAddress	`0x1362000`
SizeOfRawData	`0x31e00`
PointerToRawData	`0x7c9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.45391`

.taggant

MD5	`147dc26348ba19421d461b8acb21290e`
SHA1	`f29c175250ae9e32f4ee8518f854e47ea1c21f81`
SHA256	`ee7b25b374ef27c6a0f26e2201833b709c912634141a30c392ccc2eccb606ba4`
SHA3	`48b271b5b69e2539eba0b2824d67f127f41f4e25973b0adc401397d4e9810348`
VirtualSize	`0x3000`
VirtualAddress	`0x1394000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x7fb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.68316`

Imports

kernel32.dll	`lstrcpy`
comctl32.dll	`InitCommonControls`

Delayed Imports

VSTPluginMain

Ordinal	`1`
Address	`0xf8d60`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57926`
MD5	`d4031f055c12aa857fb74702a7719114`
SHA1	`a0a3739bf3bee71014c39d90b28d94275e2b8033`
SHA256	`61c05485c7c39a993b394f809954c79c2f9105566eb5b6d56e3b9107f069fca9`
SHA3	`68cd0fc127d67d19c1730f6664cf2dc843080fdaa71211002617acec11b60706`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96116`
MD5	`b44a6b3b4dc271c437693d2890d7ac86`
SHA1	`f80f3db29000e537a35a6727d4b837901a4488a8`
SHA256	`574e3eb0a5299c53e182512c67ee77d24fbbca8f9c0ca9cee168c0d478b61d13`
SHA3	`54ae48f471b7f842ff05a5d7ca1093dbd84b7711f00d0feb3d2feb6415a1497f`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93399`
MD5	`aaa8633a3af52e839e62a02135327d96`
SHA1	`7cd35ee609f793a55c39e20e778eaa98c5af4745`
SHA256	`073ed5a968924cad2bff6c98c6df5bfcde94ce479418fb744b1d0f1b4be0e95a`
SHA3	`b0bbd34a00104d3827cd34208a44bda4bb5a3dba2d84eb77b4b9ef391164af1e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.57926`
MD5	`d4031f055c12aa857fb74702a7719114`
SHA1	`a0a3739bf3bee71014c39d90b28d94275e2b8033`
SHA256	`61c05485c7c39a993b394f809954c79c2f9105566eb5b6d56e3b9107f069fca9`
SHA3	`68cd0fc127d67d19c1730f6664cf2dc843080fdaa71211002617acec11b60706`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96116`
MD5	`b44a6b3b4dc271c437693d2890d7ac86`
SHA1	`f80f3db29000e537a35a6727d4b837901a4488a8`
SHA256	`574e3eb0a5299c53e182512c67ee77d24fbbca8f9c0ca9cee168c0d478b61d13`
SHA3	`54ae48f471b7f842ff05a5d7ca1093dbd84b7711f00d0feb3d2feb6415a1497f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93399`
MD5	`aaa8633a3af52e839e62a02135327d96`
SHA1	`7cd35ee609f793a55c39e20e778eaa98c5af4745`
SHA256	`073ed5a968924cad2bff6c98c6df5bfcde94ce479418fb744b1d0f1b4be0e95a`
SHA3	`b0bbd34a00104d3827cd34208a44bda4bb5a3dba2d84eb77b4b9ef391164af1e`

IDI_ICON1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

IDI_ICON2

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53369`
Detected Filetype	Icon file
MD5	`e77c63dd7f1918f5fe22fbd65f4617bc`
SHA1	`308a866ea2e309aa8b640941ab2c506b2458b852`
SHA256	`785b3833a45052d75d4ef78564ab0bd446d40b0dd2d54e18fe687840b2df75b3`
SHA3	`8f1a46ca4d86f0b699798df33d8e912ee7eb38978c9e1e01ec20104dc9c44765`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x244`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27024`
MD5	`10ea25712608b2f9db1258f1dda78bf7`
SHA1	`bf324cf55f82c5cf34c7fbbe18bf6d3c6d416ba0`
SHA256	`fdf2d116209775a27ce90eed761d4ba61c3df2e8ac566ad2073a275c9c101aac`
SHA3	`c81bcd2eaa057188c617de4187fe7243042cd2d203bc9167ff8fb242093ee971`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.3.9.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_UNKNOWN`
Language	English - United States
CompanyName	reFX Audio Software Inc.
LegalCopyright	reFX Audio Software Inc.
FileDescription	Nexus
FileVersion (#2)	3.3.9
ProductName	Nexus
ProductVersion (#2)	3.3.9

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x1808a8168`
EndAddressOfRawData	`0x1808a8170`
AddressOfIndex	`0x181359480`
AddressOfCallbacks	`0x181359490`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

XOR Key	`0x57f840fc`
Unmarked objects	`0`
ASM objects (26715)	`34`
C++ objects (26715)	`211`
C objects (VS2019 Update 8 (16.8.0-1) compiler 29333)	`18`
264 (VS2019 Update 8 (16.8.2) compiler 29334)	`6`
C objects (VS2019 Update 6 (16.6.1-5) compiler 28806)	`35`
C objects (VS2019 Update 7 (16.7.1) compiler 29111)	`73`
199 (41118)	`7`
C objects (VS 2015/2017/2019 runtime 29118)	`17`
ASM objects (VS 2015/2017/2019 runtime 29118)	`27`
C++ objects (VS 2015/2017/2019 runtime 29118)	`151`
263 (26715)	`1`
C objects (26715)	`57`
C objects (VS2019 Update 8 (16.8.2) compiler 29334)	`9`
Unmarked objects (#2)	`2`
Imports (26715)	`43`
Total imports	`533`
C++ objects (VS2019 Update 8 (16.8.2) compiler 29334)	`135`
Exports (VS2019 Update 8 (16.8.2) compiler 29334)	`1`
Resource objects (VS2019 Update 8 (16.8.2) compiler 29334)	`1`
Linker (VS2019 Update 8 (16.8.2) compiler 29334)	`1`

ce815741ec9d9adaa323c013a7311041

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

\x00

.rsrc

.idata

rkibuzfw

voymuvns

.pdata\x00I

.taggant

Imports

Delayed Imports

VSTPluginMain

1

2

3

4

5

6

IDI_ICON1

IDI_ICON2

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors