Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Mar-05 12:48:50 |
Detected languages |
English - United States
Russian - Russia |
CompanyName | MAGNiTUDE & m0nkrus |
FileDescription | Autodesk Cracked NLM Installer (MAGNiTUDE method) |
FileVersion | 3.0.0.0 |
InternalName | AdskNLM |
LegalCopyright | Copyright © 2022 MAGNiTUDE & m0nkrus |
OriginalFilename | AdskNLM.exe |
PrivateBuild | April 05, 2022 |
ProductName | Autodesk Cracked NLM |
ProductVersion | 3.0.0.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to security software:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA256
Uses constants related to AES |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Suspicious | The file contains overlay data. |
6179181 bytes of data starting at offset 0x65e00.
The overlay data has an entropy of 7.99997 and is possibly compressed or encrypted. Overlay data amounts for 93.6742% of the executable. |
Suspicious | VirusTotal score: 2/73 (Scanned on 2024-03-10 20:25:25) |
Cynet:
Malicious (score: 100)
Webroot: W32.Hack.Tool |
e_magic | MZ |
---|---|
e_cblp | 0x60 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x60 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 5 |
TimeDateStamp | 2016-Mar-05 12:48:50 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32+ |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x1f600 |
SizeOfInitializedData | 0x46400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000001FE7C (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x6e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x710a0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
#17
|
---|---|
SHELL32.dll |
ShellExecuteW
SHBrowseForFolderW ShellExecuteExW SHGetPathFromIDListW SHGetFileInfoW SHGetSpecialFolderPathW SHGetMalloc |
GDI32.dll |
CreateCompatibleDC
CreateFontIndirectW DeleteObject DeleteDC GetCurrentObject StretchBlt GetDeviceCaps CreateCompatibleBitmap SelectObject SetStretchBltMode GetObjectW |
ADVAPI32.dll |
FreeSid
AllocateAndInitializeSid CheckTokenMembership |
USER32.dll |
EnableMenuItem
IsWindow EnableWindow MessageBeep LoadIconW LoadImageW SetWindowsHookExW PtInRect CallNextHookEx DefWindowProcW CallWindowProcW DrawIconEx DialogBoxIndirectParamW GetWindow ClientToScreen GetDC DrawTextW SystemParametersInfoW GetSystemMetrics SetFocus UnhookWindowsHookEx GetWindowLongPtrW SetWindowLongPtrW GetClientRect GetDlgItem GetKeyState GetSystemMenu DestroyWindow GetSysColor SetWindowTextW GetWindowTextLengthW GetWindowTextW wsprintfA GetClassNameA GetWindowLongW GetMenu GetWindowDC ReleaseDC CopyImage GetParent ScreenToClient CreateWindowExW GetDesktopWindow GetWindowRect SetWindowPos SetTimer GetMessageW CreateWindowExA KillTimer CharUpperW SendMessageW DispatchMessageW ShowWindow BringWindowToTop wsprintfW MessageBoxW wvsprintfW MessageBoxA EndDialog |
ole32.dll |
CreateStreamOnHGlobal
CoInitialize CoCreateInstance |
OLEAUT32.dll |
SysFreeString
VariantClear SysAllocStringLen OleLoadPicture SysAllocString |
KERNEL32.dll |
GetFileInformationByHandle
WaitForMultipleObjects VirtualAlloc SetUnhandledExceptionFilter QueryPerformanceCounter GetTickCount VirtualFree SetEndOfFile SetFileTime ReadFile SetFilePointer GetFileSize LeaveCriticalSection EnterCriticalSection DeleteCriticalSection FormatMessageW lstrcpyW LocalFree IsBadReadPtr SuspendThread TerminateThread GetSystemDirectoryW GetCurrentThreadId InitializeCriticalSection ResetEvent SetEvent CreateEventW GetVersionExW GetModuleFileNameW GetCurrentProcess SetProcessWorkingSetSize SetEnvironmentVariableW GetDriveTypeW CreateFileW LoadLibraryA SetThreadLocale GetSystemTimeAsFileTime ExpandEnvironmentStringsW CompareFileTime WideCharToMultiByte GetTempPathW GetCurrentDirectoryW FindFirstFileW lstrcmpW DeleteFileW FindNextFileW FindClose RemoveDirectoryW SetCurrentDirectoryW GetEnvironmentVariableW lstrcmpiW GetLocaleInfoW MultiByteToWideChar GetUserDefaultUILanguage GetSystemDefaultUILanguage GetSystemDefaultLCID lstrcmpiA GlobalAlloc GlobalFree MulDiv FindResourceExA SizeofResource LoadResource LockResource GetProcAddress GetModuleHandleW GetStdHandle WriteFile lstrlenA CreateDirectoryW GetFileAttributesW lstrlenW GetLocalTime SystemTimeToFileTime CreateThread GetExitCodeThread Sleep ExitProcess lstrcatW AddVectoredExceptionHandler RemoveVectoredExceptionHandler CloseHandle WaitForSingleObject GetExitCodeProcess GetQueuedCompletionStatus ResumeThread SetInformationJobObject CreateIoCompletionPort AssignProcessToJobObject CreateJobObjectW GetLastError CreateProcessW GetStartupInfoW GetCommandLineW SetLastError GetDiskFreeSpaceExW SetFileAttributesW GetCurrentProcessId |
msvcrt.dll |
__CxxFrameHandler
??3@YAXPEAX@Z memset _wtol _purecall memcmp ??2@YAPEAX_K@Z _wcsnicmp memmove memcpy strncpy wcsncpy wcsncmp strncmp ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z _beginthreadex wcscmp _CxxThrowException wcsstr free malloc __C_specific_handler _unlock __dllonexit _lock _onexit ??1type_info@@UEAA@XZ __getmainargs _XcptFilter _exit _ismbblead _cexit exit _acmdln _initterm _amsg_exit __setusermatherr _commode _fmode __set_app_type ?terminate@@YAXXZ |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 3.0.0.0 |
ProductVersion | 3.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | MAGNiTUDE & m0nkrus |
FileDescription | Autodesk Cracked NLM Installer (MAGNiTUDE method) |
FileVersion (#2) | 3.0.0.0 |
InternalName | AdskNLM |
LegalCopyright | Copyright © 2022 MAGNiTUDE & m0nkrus |
OriginalFilename | AdskNLM.exe |
PrivateBuild | April 05, 2022 |
ProductName | Autodesk Cracked NLM |
ProductVersion (#2) | 3.0.0.0 |
Resource LangID | UNKNOWN |
---|