Manalyze report for 2ff995e3894c38f8788bbd4512cd3cd8833afa753d234efd6618bd74b58ed1d1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-06 20:00:31
Detected languages	English - United Kingdom English - United States
FileVersion	`1.5.4.25`
Comments	EMRE U -NCAFE
FileDescription	AcrobatProFileAssoc
ProductName	AcrobatProFileAssoc
ProductVersion	`1.5.4.25`
CompanyName	EMRE U -NCAFE
LegalCopyright	EMRE U -NCAFE
LegalTradeMarks	EMRE U -NCAFE

Plugin Output

Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Info	The PE's resources present abnormal characteristics.	`Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.` `Resource 313 is possibly compressed or encrypted.` `Resource SCRIPT is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`77fc9f5fad462f3fa0467a95dd9720f9`
SHA1	`2055e68d469f89ac8fed2f7b81b3041293ccdf9f`
SHA256	`2ff995e3894c38f8788bbd4512cd3cd8833afa753d234efd6618bd74b58ed1d1`
SHA3	`eea8cb542d00131562851d69277a349174c690e919c9a8dc4de0d94ed0bbdd40`
SSDeep	`12288:oQEfwsGf+8IJs7+y+hADxgIsIn7hp01ieSz:oQEYN+8ZqnhxIOi`
Imports Hash	`45f0b404d197612cc9f21f62dfcd882b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2026-May-06 20:00:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x6b000`
SizeOfInitializedData	`0x5000`
SizeOfUninitializedData	`0xa4000`
AddressOfEntryPoint	`0x000000000010FA70 (Section: UPX1)`
BaseOfCode	`0xa5000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x115000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x400000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa4000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`08195e74a314a935cd3014dcc919f814`
SHA1	`b5c6036c042bbff9531a0850337811095cb9b1e3`
SHA256	`9917f97314ace3518c200276978a9a7c775c7f71aafae20cdc83a4fe57e4fc69`
SHA3	`2580984456e6199ca1f246499505d386d66c05a1b17d4c2462b30cbac0c6541b`
VirtualSize	`0x6b000`
VirtualAddress	`0xa5000`
SizeOfRawData	`0x6b000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.94361`

.rsrc

MD5	`1d2df9da11d96d1ffda0391ef0101d9c`
SHA1	`18fd1663c9f48b1367e3e7a2165d09d82f853f70`
SHA256	`cc0ba926ed5f21738b89b5e20baf6ce007e1bc1b64c9311e710a641db2c4dcfe`
SHA3	`d36a876a03fe146716b52cf8f71acb7ac04915a239efa5befca6a56a1bcbb383`
VirtualSize	`0x5000`
VirtualAddress	`0x110000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x6b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.6019`

Imports

ADVAPI32.dll	`GetAce`
COMCTL32.dll	`ImageList_Remove`
COMDLG32.dll	`GetSaveFileNameW`
GDI32.dll	`LineTo`
IPHLPAPI.DLL	`IcmpSendEcho`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
MPR.dll	`WNetGetConnectionW`
ole32.dll	`CoGetObject`
OLEAUT32.dll	`SysReAllocString`
PSAPI.DLL	`GetProcessMemoryInfo`
SHELL32.dll	`DragFinish`
USER32.dll	`GetDC`
USERENV.dll	`LoadUserProfileW`
UxTheme.dll	`IsThemeActive`
VERSION.dll	`VerQueryValueW`
WININET.dll	`FtpOpenFileW`
WINMM.dll	`timeGetTime`
WSOCK32.dll	`connect`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.85603`
MD5	`a5226e82b3f4a1a0ddfcb2b6ec24afe5`
SHA1	`b01a32f957949a8f88b47c72fb7f41412d474c22`
SHA256	`59ad54696b2b2aeb290aa846628e71e230884962840b945d0c260e6872e2f6c6`
SHA3	`dbea80e57d8dd791f87f74aa0022f50b698ee185723eee3c3dd5e43bcb191598`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3c41`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95832`
Detected Filetype	PNG graphic file
MD5	`0e4040f5fcd0576a612256e4f69917b4`
SHA1	`fa0637b92243ba7dbb977fc96e3262f96d23982b`
SHA256	`14b79a13527fd651672952fba7a5df0c9975e511059463ff365f34c4e5a72e1f`
SHA3	`190dac25abdb599d3f6467c787655f85658a49580e4d43e300a7da0198151182`

7

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x594`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.57369`
MD5	`e3414127fc914e4a01c15f132b9024b0`
SHA1	`010facee0d8746d222a78b990924b910bc6201c0`
SHA256	`13205ed7cef6020136b5931b9a21c90459efe3331453b8a5d0bb307265593124`
SHA3	`143afee11d1b2f7dcfec675e85675728b001afdac7458e852345ab66c92d3531`

8

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x68a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.55788`
MD5	`8214598780b2c735eede7ea29609e312`
SHA1	`193a916cee3512f16ca506dc07e94fa8b5851984`
SHA256	`9ec634f244275a08e38b945f243a40d6ceca0c304221b6bd335f1930d82209b5`
SHA3	`22efc33380d3db725ca74a1d4dcc8f56766adeffe8c7912549b5aff8f3825e8b`

9

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x490`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.58154`
MD5	`f9037fd7ba3179e19a8dedc34d45a129`
SHA1	`d475ebc52e860df49def7cde037668db61159903`
SHA256	`9af328a5cd302f49efd2e1f9ef88a3f586eaddba5905084d90ce5bebb970ef98`
SHA3	`82ee1a581d17421b45149a78170c1c3086296e496e56dd7f9b8cd65cd1545e59`

10

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x5fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.69783`
MD5	`5c44601d7e79841c923aa74e882b0a68`
SHA1	`48d16b9950db66d1689ce099927627fb03d0926b`
SHA256	`dcea2d70bdbdc3c5a7473446d57e87f63f070a13c951ff47dc97eb867c7f1f7f`
SHA3	`a75f34a90b5559bf930233b9a615a770fbb9472ec3e6702d3f8ddfd7bf2c4e4e`

11

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x65c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.62584`
MD5	`5d042b4741e2fc18caa17b554310b7e9`
SHA1	`60781908a554bd7c1c1d7623475a09cab2e8b587`
SHA256	`176be8723b83ded253a077b164e6ecaff12883f331981c46f94a1c1598adf4ae`
SHA3	`fe470b05adab03fb5f8540de483fb3b52012f72b1145563e4449b3d5d0d89aee`

12

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x466`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.49663`
MD5	`ccd3720e3e6c50e86c8b99adfaa2a26a`
SHA1	`6ae80b491643f368b57b15ce99041621e4ef69de`
SHA256	`fd872ca8351867e9e801cbe9185f3a7baa59fa0d71ee1320e78a934e2411b5a2`
SHA3	`308229bd5bc2a7660b61b337a0e217ef79f3e0c7bf6f789663b3c79c22f35339`

313

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.28804`
MD5	`6731b356befd9d2c6b5beac739d738c9`
SHA1	`98a0e92cf7bf806348be8d8f31e0d297c3402dc1`
SHA256	`37d0808d89b08c4e4676b3bdb82565100a68c5f8cd9eeda51f0739c8ca195f8e`
SHA3	`126f04507dcc633d3c7cf1983514f314ad750d289027b7f894aabbf20537d305`

SCRIPT

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xaf4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.71895`
MD5	`035cc3f3acb541c5a5e268a16669d8ef`
SHA1	`e11ed5a155a8e87a044bf9e7ac2ece59eae7a84b`
SHA256	`833264c5f891119d0b351087a00f150e8aa1d68fe1139be5aa289d19cc0c267a`
SHA3	`962e7cbd4430a64990d1d6b1a3e629aab0e2caeed6555f93421b8461bdeb1afd`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.6789`
Detected Filetype	Icon file
MD5	`808c63cf7bd537ebb1d64872beb3a196`
SHA1	`b0a5c46a1e9c7789f473257356bca68b14e25c0e`
SHA256	`79d416d2682ffaa40f6fa0b7a68182432c4ab464e90905d907defbba42013033`
SHA3	`d5dc0173e9e31b112041469dc0af922d85a9d9104c476ae948d87b23a4ca0604`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32193`
MD5	`354071ce7f01554a977a68b65bcfa072`
SHA1	`a41df0808ab0938947e0337ce55b16208db33361`
SHA256	`07135e7d235a8018a61e401cdbac1c0d448a9510915b5fc0e5cd615990f9ce58`
SHA3	`4efd90c89e9a70331aa0cc687c368febac32b60d7ed668be5e358fdfb434b930`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43769`
MD5	`87fdf1f87fcf18095f6b4869b3f9fcc1`
SHA1	`95fed8549fedd3a2fdaf7463cdfa561cc7934156`
SHA256	`132bdde321566f2e746cf1dc12fe6557f2646b395f51cb7d30aaffb12d90629d`
SHA3	`5adee94908e0499e0258bed938b9048a0b5f0d1175c20b56e9c241b831f35519`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39264`
MD5	`79ff2b6cfbaed20d0761e88f8b47dc80`
SHA1	`7ef2897a5a54be6eb3e82c3a936d070dc001e537`
SHA256	`2fb51dac382441e19215b5016eddd256a4fdf99d325fe691d77a6e450988ecbe`
SHA3	`02bda12ac26ccf7986d96ff43cdceb70ea576bb4a29fba484a5200fb71103412`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.5.4.25
ProductVersion	1.5.4.25
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileVersion (#2)	1.5.4.25
Comments	EMRE U -NCAFE
FileDescription	AcrobatProFileAssoc
ProductName	AcrobatProFileAssoc
ProductVersion (#2)	1.5.4.25
CompanyName	EMRE U -NCAFE
LegalCopyright	EMRE U -NCAFE
LegalTradeMarks	EMRE U -NCAFE

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400f0040`

RICH Header

XOR Key	`0xdc68d7f0`
Unmarked objects	`0`
C++ objects (33140)	`177`
ASM objects (33140)	`22`
253 (35207)	`1`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`49`
C objects (33140)	`42`
C objects (CVTCIL) (33140)	`1`
Imports (33140)	`37`
Total imports	`562`
C++ objects (POGO O) (35211)	`80`
ASM objects (35211)	`1`
Resource objects (35211)	`1`
151	`1`
Linker (35211)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[!] Error: The number of ICON_DIRECTORY_ENTRIES is bigger than the number of resources in the file.
[*] Warning: Resource 169 is empty!

Leave a comment

No comments yet.