Manalyze report for f0520cae22714f4cc9e1945ef5118ba8

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Mar-05 12:48:50
Detected languages	English - United States Russian - Russia
CompanyName	MAGNiTUDE & m0nkrus
FileDescription	Autodesk Cracked NLM Installer (MAGNiTUDE method)
FileVersion	`3.0.0.0`
InternalName	AdskNLM
LegalCopyright	Copyright © 2022 MAGNiTUDE & m0nkrus
OriginalFilename	AdskNLM.exe
PrivateBuild	April 05, 2022
ProductName	Autodesk Cracked NLM
ProductVersion	`3.0.0.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: rshell.exe` `May have dropper capabilities: %Temp%`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to AES`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: ShellExecuteW CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: CheckTokenMembership` `Enumerates local disk drives: GetDriveTypeW` `Can take screenshots: CreateCompatibleDC GetDC`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2028-Mar-31 04:39:04`
Suspicious	The file contains overlay data.	`6179181 bytes of data starting at offset 0x65e00.` `The overlay data has an entropy of 7.99997 and is possibly compressed or encrypted.` `Overlay data amounts for 93.6742% of the executable.`
Suspicious	VirusTotal score: 2/73 (Scanned on 2024-03-10 20:25:25)	`Cynet: Malicious (score: 100)` `Webroot: W32.Hack.Tool`

Hashes

MD5	`f0520cae22714f4cc9e1945ef5118ba8`
SHA1	`d192c3fdf3f740682bc06bbe1f9f980c3dfb6665`
SHA256	`02fc64a9392e6142efa2ec8d18ddbc4fe55a611757ec873d3e192169d4a711d6`
SHA3	`7d9d38fbaf165ab2dc028eaf8077a7373a06daa5a2af146a86787afc8b9bc52e`
SSDeep	`98304:6aKFIMdUltQYodSRsCYW4QkfMm0W9XLN4/hrK9vauib6Bf5oT/tKr2al/S+F7:6IbQaHYIk90W9XBUVCkTH65B`
Imports Hash	`d3bbfd624fcfeb095c7bf0242b723cee`

DOS Header

e_magic	`MZ`
e_cblp	`0x60`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x60`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2016-Mar-05 12:48:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0x1f600`
SizeOfInitializedData	`0x46400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001FE7C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x6e000`
SizeOfHeaders	`0x400`
Checksum	`0x710a0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7bbc0a60df0e6a027c3e174c8b743d5d`
SHA1	`6c140054b73a0187571a0a9205b679703a424752`
SHA256	`1085f8705cd80c95bfbf21125e7acfc68b1155007b70141fadceac02f53986e5`
SHA3	`1b4944f96be224647a6fdd9a19e4dd982b5d6f19234e2724be616bfbe0a468ca`
VirtualSize	`0x1f5c8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1f600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36085`

.rdata

MD5	`2d3711b98c2bbeda3f7d3263ca458842`
SHA1	`af8c95d6226c3d3bd15a74d5e26641f511305e05`
SHA256	`7186065e5ee2624d737700edfc5dad55e8a926f8e1c4148c247e853519fec165`
SHA3	`67b9c66ef8c012105d75c23719cf55073e69ff4b9f882c5e07f5b3fc87cfbda5`
VirtualSize	`0x62c8`
VirtualAddress	`0x21000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x1fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16283`

.data

MD5	`b9dc6739a9755411e5ed470cd931ee39`
SHA1	`fd7ba5f3dfab3b1ac83bf1823bcbd5af0e2689ec`
SHA256	`50570cc5974fd78d8584292ed7060568bdedd5782987f3c0f98c6e8f325fc2a5`
SHA3	`6bc4706e52e393b25357e0eaef309ad2fb625ab90bd3457660c0bcbd6b730bde`
VirtualSize	`0x5090`
VirtualAddress	`0x28000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x25e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.82028`

.pdata

MD5	`1f13f6936a2419fbc491439aea8665ec`
SHA1	`56db9c6b3c2ae9d047ca04938fe49733b9e90869`
SHA256	`5144ebbc95d50dfe9a7c757f8cd983cab6924ea6050dfee302096c9d9e2710ff`
SHA3	`9e52a808cd9059fb016b898fe3a3c645a6f1bd6e55cfdcd84d2c1b1b36e91490`
VirtualSize	`0x1b0c`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x26a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10814`

.rsrc

MD5	`76618e4be82e915acf66ccfb687fb23e`
SHA1	`20ea4a23cd1ac49504731be15d384aac56d813f9`
SHA256	`e1806322467cbe4ce9d1f9139e1fa149bc53f0b0ba60d08209cb65467971b262`
SHA3	`78d9e298f24927ae5e74e4593a9491ea51b519bb35bf24fefadfb2eb242fa41f`
VirtualSize	`0x3d61e`
VirtualAddress	`0x30000`
SizeOfRawData	`0x3d800`
PointerToRawData	`0x28600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.26802`

Imports

COMCTL32.dll	`#17`
SHELL32.dll	`ShellExecuteW` `SHBrowseForFolderW` `ShellExecuteExW` `SHGetPathFromIDListW` `SHGetFileInfoW` `SHGetSpecialFolderPathW` `SHGetMalloc`
GDI32.dll	`CreateCompatibleDC` `CreateFontIndirectW` `DeleteObject` `DeleteDC` `GetCurrentObject` `StretchBlt` `GetDeviceCaps` `CreateCompatibleBitmap` `SelectObject` `SetStretchBltMode` `GetObjectW`
ADVAPI32.dll	`FreeSid` `AllocateAndInitializeSid` `CheckTokenMembership`
USER32.dll	`EnableMenuItem` `IsWindow` `EnableWindow` `MessageBeep` `LoadIconW` `LoadImageW` `SetWindowsHookExW` `PtInRect` `CallNextHookEx` `DefWindowProcW` `CallWindowProcW` `DrawIconEx` `DialogBoxIndirectParamW` `GetWindow` `ClientToScreen` `GetDC` `DrawTextW` `SystemParametersInfoW` `GetSystemMetrics` `SetFocus` `UnhookWindowsHookEx` `GetWindowLongPtrW` `SetWindowLongPtrW` `GetClientRect` `GetDlgItem` `GetKeyState` `GetSystemMenu` `DestroyWindow` `GetSysColor` `SetWindowTextW` `GetWindowTextLengthW` `GetWindowTextW` `wsprintfA` `GetClassNameA` `GetWindowLongW` `GetMenu` `GetWindowDC` `ReleaseDC` `CopyImage` `GetParent` `ScreenToClient` `CreateWindowExW` `GetDesktopWindow` `GetWindowRect` `SetWindowPos` `SetTimer` `GetMessageW` `CreateWindowExA` `KillTimer` `CharUpperW` `SendMessageW` `DispatchMessageW` `ShowWindow` `BringWindowToTop` `wsprintfW` `MessageBoxW` `wvsprintfW` `MessageBoxA` `EndDialog`
ole32.dll	`CreateStreamOnHGlobal` `CoInitialize` `CoCreateInstance`
OLEAUT32.dll	`SysFreeString` `VariantClear` `SysAllocStringLen` `OleLoadPicture` `SysAllocString`
KERNEL32.dll	`GetFileInformationByHandle` `WaitForMultipleObjects` `VirtualAlloc` `SetUnhandledExceptionFilter` `QueryPerformanceCounter` `GetTickCount` `VirtualFree` `SetEndOfFile` `SetFileTime` `ReadFile` `SetFilePointer` `GetFileSize` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `FormatMessageW` `lstrcpyW` `LocalFree` `IsBadReadPtr` `SuspendThread` `TerminateThread` `GetSystemDirectoryW` `GetCurrentThreadId` `InitializeCriticalSection` `ResetEvent` `SetEvent` `CreateEventW` `GetVersionExW` `GetModuleFileNameW` `GetCurrentProcess` `SetProcessWorkingSetSize` `SetEnvironmentVariableW` `GetDriveTypeW` `CreateFileW` `LoadLibraryA` `SetThreadLocale` `GetSystemTimeAsFileTime` `ExpandEnvironmentStringsW` `CompareFileTime` `WideCharToMultiByte` `GetTempPathW` `GetCurrentDirectoryW` `FindFirstFileW` `lstrcmpW` `DeleteFileW` `FindNextFileW` `FindClose` `RemoveDirectoryW` `SetCurrentDirectoryW` `GetEnvironmentVariableW` `lstrcmpiW` `GetLocaleInfoW` `MultiByteToWideChar` `GetUserDefaultUILanguage` `GetSystemDefaultUILanguage` `GetSystemDefaultLCID` `lstrcmpiA` `GlobalAlloc` `GlobalFree` `MulDiv` `FindResourceExA` `SizeofResource` `LoadResource` `LockResource` `GetProcAddress` `GetModuleHandleW` `GetStdHandle` `WriteFile` `lstrlenA` `CreateDirectoryW` `GetFileAttributesW` `lstrlenW` `GetLocalTime` `SystemTimeToFileTime` `CreateThread` `GetExitCodeThread` `Sleep` `ExitProcess` `lstrcatW` `AddVectoredExceptionHandler` `RemoveVectoredExceptionHandler` `CloseHandle` `WaitForSingleObject` `GetExitCodeProcess` `GetQueuedCompletionStatus` `ResumeThread` `SetInformationJobObject` `CreateIoCompletionPort` `AssignProcessToJobObject` `CreateJobObjectW` `GetLastError` `CreateProcessW` `GetStartupInfoW` `GetCommandLineW` `SetLastError` `GetDiskFreeSpaceExW` `SetFileAttributesW` `GetCurrentProcessId`
msvcrt.dll	`__CxxFrameHandler` `??3@YAXPEAX@Z` `memset` `_wtol` `_purecall` `memcmp` `??2@YAPEAX_K@Z` `_wcsnicmp` `memmove` `memcpy` `strncpy` `wcsncpy` `wcsncmp` `strncmp` `?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z` `_beginthreadex` `wcscmp` `_CxxThrowException` `wcsstr` `free` `malloc` `__C_specific_handler` `_unlock` `__dllonexit` `_lock` `_onexit` `??1type_info@@UEAA@XZ` `__getmainargs` `_XcptFilter` `_exit` `_ismbblead` `_cexit` `exit` `_acmdln` `_initterm` `_amsg_exit` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `?terminate@@YAXXZ`

Delayed Imports

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x2868`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35298`
MD5	`8234358a87e8c2bc66d8c4002d2c8d28`
SHA1	`0d93e947bf9f0d1d8698d4cb0843fba51235fc3a`
SHA256	`15af2fabd58fa4072d72ecba2754008234f8c0739e7c4adb20ee05ca3f90485d`
SHA3	`2b844e5f484363d7811bc4068308954ea7047fbeff6454d0610c848754567482`

2

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x16e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40163`
MD5	`5ccf9051a616c7fe061d169f8b966c96`
SHA1	`53edf84bcac89f5397d4dfa4df9ba4bd33cf3236`
SHA256	`a3f73f64107d043c1c52e590b3ff4bfaab33b82953ad17d9623dceacf30dd32b`
SHA3	`173e65ffcfeb5778bb4883412e38e97eafcc92acc5bb05dcd2513ef47d0adcb2`

3

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76628`
MD5	`b02fe39ccb5226a1430aa1375a196fbb`
SHA1	`a0503b94cf2efa416ac8b6c629aee0386759ab54`
SHA256	`a6fe1a6938b52d2110fd5b212a422fb262a4ce402504ede3bd203d3705cd311d`
SHA3	`2d8e17ef4c668161ba6db53da743e40fa72595e30add47af0a31896f11d70f6e`

4

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79487`
MD5	`44a2f92296254427d5916318cbf07673`
SHA1	`7773688309d436b9d1b8dcf8ae969673295de23d`
SHA256	`94bf43ef6f54ba5a28d44a227dcbab0bea064d19ad77a32243f545843de64dc3`
SHA3	`6789130fad1d64213ddbe91deb9b7b60f5c619a42a93080eff0ceaa4e4844492`

5

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.31213`
MD5	`e16924cb664efd9fe70239d6a3f1817f`
SHA1	`df3444aa0f871b4e2f54d7f777094ea2c315acfa`
SHA256	`fbdada19d92744421e0902f7094dbd0d7d608966c7a29314a93d58df32eb9371`
SHA3	`7e17283246e49ae2377dcd65ff336136263f562b3a2e7bc078761b2fd49cb8c8`

6

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.72758`
MD5	`35b20ceb03eb2ed9957e004f95195e65`
SHA1	`9420b401bf155914b9d26a7c2c91cf22c8b7bcd4`
SHA256	`8df7f8ee6d368776706220be87f99d1c6b8979425d4509bb097c4f0a4b33f6c1`
SHA3	`1c122902f8ec56486b48632c34254f610e6213204684bbb916bfebb87026bfff`

7

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.13528`
MD5	`f944584d8572a6fa9917aec187c4bba5`
SHA1	`0d5c5259031f27c33897b73b6c7580860a8bc004`
SHA256	`0d745ccb1d6af38056f36dc51a9d3d75bf5050f97e27d57702d50533ecc4331d`
SHA3	`51532acffab2d0e5952cabfea27ea089277dab8b543af3e4bb977f1ed8ab4865`

8

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x4a6d`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`7.89004`
Detected Filetype	PNG graphic file
MD5	`cc0c8fa40bd6f8863aabb252724ba1fd`
SHA1	`4b10d887e3761c0d1e0389524e9dde516794229d`
SHA256	`3fdc3ba77cb2491869d14a7f1a8be24ed8d65fbd9dc31abe5a51c9587695f2fc`
SHA3	`48a2315b2979c0bc3f4773babef98f52d1bd76e729c28d7ba344aecc4fd4f672`

9

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x4c28`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.41789`
MD5	`536c17624c50a46efbedd892248d6fcf`
SHA1	`86ed272a74024c0cb7fa6a24566af20c58af23b4`
SHA256	`97ce49d81fa9fa2aaf189e6dc696b81b76c7fbcbec1d625be7f118bb6b2a29a7`
SHA3	`d4e39512f0dcd98971db1ff4bb0109d301e8447ec791220c52ed19d94dfd82dc`

10

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2ca8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.70144`
MD5	`ce0a648e9f4a16ae8091d0c551ba23e0`
SHA1	`b8644e63b8e82d9cb97cbd44447c1a600e902b78`
SHA256	`5cdbbcdf8ba696a020d9a0bc11389cbc720490991a60a0e644cc57431ca53abe`
SHA3	`036707fecb5c89062e0c19da28293f7c3d6c2eaff29ec37b823d015f1494b5de`

11

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x1628`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.94754`
MD5	`2ee40b5a60ecf4f20faa560442a30420`
SHA1	`6eda2983e78ea20d6dd3a96d330139efad106081`
SHA256	`de758b1533883240dd302f332ebde850e4761c1ecd2ac56b0f6487b6f67989fb`
SHA3	`58c2c43dac7534589fe05387db7de76a72b6ee817632190cd5a059a38cf833b8`

12

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`5.18631`
MD5	`526b2e3ea5439d9209cc08d18959e9d3`
SHA1	`b6f002bb315b8f78f77dc0aa72a801dc8ead020d`
SHA256	`86f65a6a6615ab6302e882348d4e0b232eae2a64b4a14d1fb3acf23ce681b6fa`
SHA3	`af61ae8aa6f23934de9e323b5c3f6c535cd14dee41037cb574e2831c2bf0a9ca`

13

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`5.63617`
MD5	`4594afc7e185b4612959648052a6d4c6`
SHA1	`40d7edfc23e46f03e2227900f522e5fef74ce062`
SHA256	`df11181597ff96e33d0c48c40a1fa3ff6e48ec764aa30e6ab133599178482b26`
SHA3	`fd945f7f3b22baa218d2a70fa1cbd32506a456231e50409c96541bf52b18142c`

14

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`5.98397`
MD5	`0882d2d8dfb9b702b43781f3d722c01e`
SHA1	`c750c2c3f285373da0cfb4b4fe3358911eee2b23`
SHA256	`e484883fba3917c53234d6e9f2ca4a669df9e76af7365464032d9b306a4e3c14`
SHA3	`3bae57aaf3adb331e249cc34ef16d8426d73e8d2c3a26f7abeea0af7fc20596e`

15

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`3.48517`
MD5	`319d307d2f01f27faa4ac31d6407aef1`
SHA1	`24b5173a64a5dbc6db78096e2c04b79f702b53dc`
SHA256	`6318042cbe919483f7f38dd9941647eb10ec998ef79095a443ae07131522dfb4`
SHA3	`dbd1b68109b9f56524ac3e0ee26faa0022fc3cb0a2fb266e693df9dd2c27ff31`

16

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x5286`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`7.94093`
Detected Filetype	PNG graphic file
MD5	`4edcfccb649023560053e6c42caad062`
SHA1	`61d25e066833c02f204717f573d06b05c57dfaf2`
SHA256	`7ba118baf8be4bebf690097df0ef933c63918e780c6f0c013170b74b993faac8`
SHA3	`366c16ae04fbc41934c0c457a5dd2814e5ccab52b5271fa96b9cd3fa730362f9`

17

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.09921`
MD5	`5f2ba7d45673e636c4c595a4aa6245d8`
SHA1	`733b9c2f5606d53009a7aa6f3e202e0592f7db64`
SHA256	`49a54b546fa02bab3e1494a92ba61a449dc18939c76f1e398057a596e7bc7498`
SHA3	`0328460a1df34737740f629d7485db917b57b1350ec32eaca04638a14027ff12`

18

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.28568`
MD5	`713ef0f2b221c2bd3bd2e52d6ed8a400`
SHA1	`8b483aa1d50516efb158b3cbfd444e878ae53785`
SHA256	`0551dd146196a3e7e9c69998b7ea2be5a163301d49fbfc55df55cc97014e56a0`
SHA3	`d30732644e61a785e86133e228660b4934b92f48e1b6b5e0bd89111ac0e92e0d`

19

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.40625`
MD5	`9adab454f0f1a2039263d69c082d5ec7`
SHA1	`1a03266bb747ed3bc0056b3c87748bb9cf2cfc7d`
SHA256	`3679aef5964e15f06809238363ac7214b5408463b4ee6146bc77601632c762f1`
SHA3	`da74afa6d5c907e577c9af168ab6cef9e37e2af0ecadf6cf1f3cbf4a53bfa7c0`

20

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.51591`
MD5	`b4e72a1228088d8382fd81c8469c107e`
SHA1	`4858549850250532a827a405d40ddb293495576b`
SHA256	`975c470e90232b90923e20acc758ff224fe94aedce028c425c0f42a92cfc71cb`
SHA3	`d67ff4fe9905d06374afef60dda177c9bedfe796f86f2d66c303653afca6e7a1`

21

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.67427`
MD5	`4514ab9046eea732257900860df492c0`
SHA1	`b52a02f170b0912a04de8513fb087a68032d9e8f`
SHA256	`056f4d89c49cd5a0645f7697abc1819e606a5522ec7869b06d261cf7c81b8b4a`
SHA3	`ae213c19c113a2fb65f88cc6f1c5e6598169a2bd31fb5fafd3010422fa9e2fdf`

22

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`5.06641`
MD5	`24f49f7222f58c797ad920b9e8a4378e`
SHA1	`9a97c1b7e1bac15b42d2e91f58ad09f619c90667`
SHA256	`156a75f4a29018ea2b5a40f6cf7406b839e75768948008adf253200e0f99fb37`
SHA3	`9a4144b87bac9f815987c72ac6805130092b216fbbd0d49b001be697676c785b`

23

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2028-Mar-31 04:39:04
Entropy	`4.25694`
MD5	`a6634460d8227637414d101403221dd5`
SHA1	`b1ec86805cdf382c6d26da91de271bd40bab0444`
SHA256	`29bcdd4a237bcd845d4eaa292e40e5a6327f5288a74a028c273d8a127a01c014`
SHA3	`abb3bbbd08a7535481e1041f17a58944f697ed547fa954bb9053cadf40b1cc71`

101

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x148`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34198`
Detected Filetype	Icon file
MD5	`7d114ae068dfd6c207b49a2583fe1478`
SHA1	`de7df3f30d4a649bd5f1861f0fa5059d0209bc79`
SHA256	`3b26a3b461ac7b825177855b960ac0590549360b5e19d45ac006ba0ee55e40ce`
SHA3	`7892eb508f140fdc88abe0ccf62be8d04ec0a28ba99a0789aaa41c6a7269f9ec`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x380`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4515`
MD5	`5724a63ba30071a052fb3f14024ab54f`
SHA1	`d476c96ef8c5022a3f21f19e68dfb432d49a2309`
SHA256	`8722ac1eef3e99f440ce1b206eda3f574a78efb1c8cf00c8097ff01fefed6fff`
SHA3	`3902ae720b02fdc2356d0ac76e24f5f1c35a9c4d4bdbf86075329078482cbeea`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x346`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22372`
MD5	`0b2fd8f9011444e5c34ca95cb1c36ded`
SHA1	`92991750d17431810eb198a1cb074ce064b7eafd`
SHA256	`b3a6e1cf5563445d35aafffeca2198cae928a332f6effd20f15151486cca05fd`
SHA3	`96ae303f537aa66b863d413ffb0f4d7975c6c1ee24ec5614af7a73762dce153c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.0.0
ProductVersion	3.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	MAGNiTUDE & m0nkrus
FileDescription	Autodesk Cracked NLM Installer (MAGNiTUDE method)
FileVersion (#2)	3.0.0.0
InternalName	AdskNLM
LegalCopyright	Copyright © 2022 MAGNiTUDE & m0nkrus
OriginalFilename	AdskNLM.exe
PrivateBuild	April 05, 2022
ProductName	Autodesk Cracked NLM
ProductVersion (#2)	3.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

f0520cae22714f4cc9e1945ef5118ba8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

101

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors