Manalyze report for 148d4f0922d0d41032054a5411fdd771b2e1008a1c85a52f5cd75f330b18483b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Feb-09 21:57:05
Detected languages	English - United States
Comments	P N Activator 11 & X
CompanyName	P N Activator 11 & X
FileDescription	P N Activator 11 & X
FileVersion	`11.20.16390.0`
InternalName	P N Activator 11 & X
LegalCopyright	Copyright © 2024-2025
LegalTrademarks	trademark of
OriginalFilename	suf_launch.exe
ProductName	P N Activator 11 & X
ProductVersion	`10.34.15849.0`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regsvr32.exe` `May have dropper capabilities: CurrentVersion\Run` `Contains a XORed PE executable: 53 6f 6e 74 27 77 75 68 60 75 66 6a 27 64 66 69 69 68 73 27 ...` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` Contains domain names: comodo.net comodoca.com crl.comodoca.com crl.usertrust.com crt.comodoca.com crt.usertrust.com http://crl.comodoca.com http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r http://crl.usertrust.com http://crl.usertrust.com/AddTrustExternalCARoot.crl05 http://crl.usertrust.com/UTN-USERFirst-Object.crl05 http://crl.usertrust.com/UTN-USERFirst-Object.crl0t http://crt.comodoca.com http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$ http://crt.usertrust.com http://crt.usertrust.com/UTNAddTrustObject_CA.crt0% http://ocsp.comodoca.com0 http://ocsp.usertrust.com0 http://www.indigorose.com http://www.indigorose.com/route.php?pid http://www.usertrust.com1 https://secure.comodo.net https://secure.comodo.net/CPS0A indigorose.com secure.comodo.net usertrust.com www.indigorose.com www.lua.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to Blowfish`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Functions related to the privilege level: OpenProcessToken`
Suspicious	The file contains overlay data.	`11061226 bytes of data starting at offset 0x23000.` `The overlay data has an entropy of 7.42123 and is possibly compressed or encrypted.` `Overlay data amounts for 98.7205% of the executable.`
Malicious	VirusTotal score: 5/72 (Scanned on 2025-02-01 20:08:03)	`Avira: HEUR/AGEN.1366258` `Bkav: W64.AIDetectMalware` `ESET-NOD32: a variant of Win32/Packed.EnigmaProtector.M suspicious` `F-Secure: Heuristic.HEUR/AGEN.1366258` `Ikarus: PUA.EnigmaProtector`

Hashes

MD5	`d1cbc2f30bf95e146ccf7b537d2c0a6a`
SHA1	`b87f6d102ab9cbbfa346b6d2625865c97c2941ed`
SHA256	`148d4f0922d0d41032054a5411fdd771b2e1008a1c85a52f5cd75f330b18483b`
SHA3	`5ab61054b8d1c4e31ebe2eed2e5fca3ee104ab53eafaeab0d5928f58b6d56080`
SSDeep	`196608:x75xACFdOGw+77uTXgzlLUprKdadsbScLF7V9iuQSR/eqcfX:x7rbwVg1UpehScLFrWs/eqcf`
Imports Hash	`357b59ff56f808887438b8bd8ad0eaa6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2015-Feb-09 21:57:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0x6200`
SizeOfInitializedData	`0x1ca00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002D1C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x29000`
SizeOfHeaders	`0x400`
Checksum	`0x1f1be`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`46565b91f365f59e95911f623cd509ca`
SHA1	`61125c135db3eb8362e806c58bfb5593aeccc100`
SHA256	`eb3b110addcd88c20d05e2d2e73b04b1a4242870374b8a258532866a81a63f60`
SHA3	`0ba3a8d256df989be76075e5e9ddca98dc8f43f0d2f64898ddd47c308df9acd9`
VirtualSize	`0x61d3`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.2458`

.rdata

MD5	`9a2a098011201debfdbe2790cfc39397`
SHA1	`11e38a2ec19fd475956d2aa14ea4ba965e3e1688`
SHA256	`3491d431185ae793698cf334de7655744645162920de9a4e24f31b9f1f067ee8`
SHA3	`44d6b7b8292c4d2712c7e0ba648cbf4e34e02fe25b342dbcb92a42c7230a89b0`
VirtualSize	`0x3948`
VirtualAddress	`0x8000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71737`

.data

MD5	`ffa6e0e76a954e6a3fd657281ecc2607`
SHA1	`53b53ac508bbec3a82ddb0dea5f40c52c071330b`
SHA256	`e71c25d9e4814a7caa764ccca215a1ccd49796c506931267b9590340c7d18b51`
SHA3	`b44bf52b72626e288635ee2382188a072aaf0cd37af62d7bf1ae8cee3167a7d0`
VirtualSize	`0x2200`
VirtualAddress	`0xc000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.23269`

.pdata

MD5	`b0c923173cdcf0b82f939c3fafc6e4d7`
SHA1	`40e50e28f863bdee8d5607527fdcce6b3ef60ee3`
SHA256	`95be7ef38b12d9a41f34a504952fabebd9f2fea208476f5861ebf5887c178d28`
SHA3	`8cbbcad8947661214c90d036bf21cb56db97a0e64e19cfdf00a3335184111e8e`
VirtualSize	`0x5d0`
VirtualAddress	`0xf000`
SizeOfRawData	`0x600`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.25287`

.rsrc

MD5	`1caf4db47b7e985093d0f3bc64e5975b`
SHA1	`19fd2b29d2c8bd39999ea9d60796b702c0764021`
SHA256	`9b2719e45a720b1f49abbca59c6866ac2bc5db7739f72fc45e53415d90d5fbc5`
SHA3	`ca136485ebdd141f8697249633deb85c93b6651af39240ccaa29981b9c8cff7b`
VirtualSize	`0x174f8`
VirtualAddress	`0x10000`
SizeOfRawData	`0x17600`
PointerToRawData	`0xb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60511`

.reloc

MD5	`3e80cb8268adc697616a87179e434ae9`
SHA1	`296750f11ac4a0832898f80e5973d62e1b5c80c5`
SHA256	`7a5a69c020bc3ccdc6c3de377b4b4f2e57c4eacc1acdcb16098ad9a5b2961355`
SHA3	`6cd377164f0e6acbcf39eed606dfd0f3af9c96c2bfae6a2b542a336896f7b803`
VirtualSize	`0x3de`
VirtualAddress	`0x28000`
SizeOfRawData	`0x400`
PointerToRawData	`0x22c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.55307`

Imports

KERNEL32.dll	`_lclose` `GetModuleFileNameA` `_lread` `_llseek` `_lopen` `_lwrite` `_lcreat` `CreateDirectoryA` `SetCurrentDirectoryA` `lstrcatA` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `GetDiskFreeSpaceA` `GetFileAttributesA` `RemoveDirectoryA` `DeleteFileA` `lstrlenA` `GetCurrentDirectoryA` `CloseHandle` `GetExitCodeProcess` `GetLastError` `LocalFree` `GetCurrentProcess` `MoveFileExA` `Sleep` `GetStringTypeW` `MultiByteToWideChar` `LCMapStringW` `HeapReAlloc` `HeapSize` `IsValidCodePage` `lstrcpyA` `GetTempPathA` `CompareStringA` `GetOEMCP` `GetACP` `GetModuleHandleW` `ExitProcess` `DecodePointer` `HeapFree` `HeapAlloc` `GetCommandLineA` `GetStartupInfoW` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `EncodePointer` `LoadLibraryW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `TerminateProcess` `FlsGetValue` `FlsSetValue` `FlsFree` `SetLastError` `GetCurrentThreadId` `FlsAlloc` `RtlUnwindEx` `WriteFile` `GetStdHandle` `GetModuleFileNameW` `HeapSetInformation` `GetVersion` `HeapCreate` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `GetCPInfo`
USER32.dll	`TranslateMessage` `DispatchMessageA` `PeekMessageA` `wsprintfA` `LoadCursorA` `SetCursor` `MessageBoxA` `MsgWaitForMultipleObjects`
ADVAPI32.dll	`GetTokenInformation` `OpenProcessToken`
SHELL32.dll	`ShellExecuteExA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93666`
MD5	`531ffec08c0f71b87dc446836df093e7`
SHA1	`a9d06599ee21972fc0a48640d6be3c65a2f3bffe`
SHA256	`13d611c5ee46774d9620cc87fe1eb231612e6cb6faa1ad18e1a4b313c58e053e`
SHA3	`bfd1774ad6ac0fd1dea17ea2f0dbda9fab5ab6178e7016e6b1e4798fe239b28b`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.31421`
MD5	`ceea1f40f26b391da8977d0bc69ce333`
SHA1	`b0cc7faf384a4a9b55661c9dd00afff3bd478469`
SHA256	`1f8d3da0dd89dca26c6bb14ac7be9ed5a01bc929574ad46b87524f251e80e2be`
SHA3	`b2209ce5f96a2132ab957018f921de9955c4e2d755221c41dd1263f681fb7608`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9477`
MD5	`286299765e413961c577250b562a9f6d`
SHA1	`c11066e0b36e102c15530a0a2bcf3ff59a447e38`
SHA256	`06fb164c24b5774aa1cc61dee3855f98998e7d8b80e7370403da6c202f054da8`
SHA3	`78911af57398ed019c2227579f388a129529836767481d8f3a52a82fca9ab835`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.78233`
MD5	`2bfdea3afd1fff1a7b0289c617cfae05`
SHA1	`bc3d4258adec91cf01ff8d841bec5c48dd58000f`
SHA256	`a8af8d3e6282e1efdd38fb2787c9ec42cfbbf9cd1d473f6845590c3e31ea3c11`
SHA3	`f14c0636ff106d35a48416d618b5f71220091567cea7ad6f582412d2e81f1afd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14953`
MD5	`d400262b6638ac150461e04641caf542`
SHA1	`bff6b574a2d8b8597b021e26699da166d7520104`
SHA256	`31e4e1eea0a0e2e6443773d356ddca1fe28d32e74727a13638c85bdbd78281a6`
SHA3	`b007210806cc46ddec9dbe9dcef89d122150393bfd47f2cae5e4419fdbb17ab7`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.83714`
MD5	`b5c47d2978f629cc35ab63e89cabcb2c`
SHA1	`2b979114d1a0832ede92cc14a62be2fe3a5572fd`
SHA256	`7a7ef627be60b3f8f5b2366d513efd6b341eb942f039bfcc9399d82ebd898d0d`
SHA3	`bb2328d1e5c94651d22cf3798eb92a76f9d12a8f9bc237339608787594276d5a`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.64397`
MD5	`6acf27cac1ed0cc79e0b5cf6bbfa35af`
SHA1	`ae882712f338525cbb428dbb0dc5556a858993db`
SHA256	`d8bbb3fb720499a58160e7956e4bd18855b384c6dbd3aa262fea0e121436c6f2`
SHA3	`06441aae6d59e83b9369b36d31536ea17a6ecc34b49ea1958dc0fca25ff89567`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84115`
MD5	`5073c50c3a136934f16481bc0b3df044`
SHA1	`11df1eebfbd55cb5acf95991e7c0169475ef9b8a`
SHA256	`b65d018eb43b3c976a891e6677049eee014093e7c77774ffa1a4d08565891ecd`
SHA3	`89b824ae6dc6f8b6f2e1336885fc0cd021eaf37e1efa48eeafc39a70a171b764`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41049`
MD5	`ca478133475a2622104a5405539831fe`
SHA1	`8f2ad79e45e19b6ad4c3dc6aa273ea53479b67fa`
SHA256	`9df16fabe1cfc3dc3095c7c70f5fa39be14a8ca6a4fdf4aeaa194cde7995127c`
SHA3	`34ec32be9c59ab7710496e0b02eb1c81b11ff5394d1a13e31ade7870126bbc7d`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`dd77aac392ccc09821c5bd800fb2d404`
SHA1	`9b0968b402e80b9a5e39d6189ec1c07aa10bd395`
SHA256	`e1b76116ca5adca3e85ccbd49cdb8f7144236020c8ec4b87fdf209a8d2fd5be7`
SHA3	`4c8ea5b110eb3f70f516517eb11fd46397053ae1e0245e3e2993b74f94087bf3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43232`
MD5	`44b9724848c308b3019bacccd47cbf9b`
SHA1	`1079b3789ba24f5224b70fc0fedcb2066c892e0e`
SHA256	`6487f28fedbe3d8141d7b7af969940a5d1094a8c35e662346e225752f46b552b`
SHA3	`fc88bdebc7c8ad352ebd04bee119a6925078970faa37ed64033fc23085170d9a`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x595`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36541`
MD5	`4dba6453e3ee30e79131f0549bc9a0e4`
SHA1	`ce472cafc21fc7d3251635cd88b07d3aeb5b4aea`
SHA256	`5404a6b1ea5560d68860eed5ae3893815876f358c650f01e47886eafee73c86d`
SHA3	`5b0ce063b6a6c30b757953c7db84ddc3862535d5082fe8d6b09fcbaffa111bc9`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	11.20.16390.0
ProductVersion	10.34.15849.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	P N Activator 11 & X
CompanyName	P N Activator 11 & X
FileDescription	P N Activator 11 & X
FileVersion (#2)	11.20.16390.0
InternalName	P N Activator 11 & X
LegalCopyright	Copyright © 2024-2025
LegalTrademarks	trademark of
OriginalFilename	suf_launch.exe
ProductName	P N Activator 11 & X
ProductVersion (#2)	10.34.15849.0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xa5509656`
Unmarked objects	`0`
C objects (VS2010 SP1 build 40219)	`63`
ASM objects (VS2010 SP1 build 40219)	`9`
Imports (VS2008 SP1 build 30729)	`9`
Total imports	`100`
C++ objects (VS2010 SP1 build 40219)	`25`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

Leave a comment

No comments yet.