EDRW v13 Activator v2 1 De! exe PUP AI File Malware Analysis: 284182f0388fe891ed6b6a1da5b4196e

EDRW v13 Activator v2.1 - De!.exe PUP AI Analysis

Updated 0 second ago

Checked by Malaware Check

EDRW v13 Activator v2.1 - De!.exe

Hash Type	Value	Action
MD5	284182f0388fe891ed6b6a1da5b4196e
SHA1	ee4ffea0eb3ceef561c7b02fbcc11f14a8775027
SHA256	10badd3b49c88ac87ce720c47ccd79f0db4f8125d63b52d328e554fb549c44a8
SHA512	6797010284372abade5b8ad4c7c84bfedc9d40be56f6a159f4e804933038c57954e5b99915230db41f5b4bb0a975352257629bb2963616e7e41fa0346e1befea
ImpHash	3ea9c77da2c70a9af0f1ffdeaa76427e

Hash Type

Value

Action

MD5

284182f0388fe891ed6b6a1da5b4196e

SHA1

ee4ffea0eb3ceef561c7b02fbcc11f14a8775027

SHA256

10badd3b49c88ac87ce720c47ccd79f0db4f8125d63b52d328e554fb549c44a8

SHA512

6797010284372abade5b8ad4c7c84bfedc9d40be56f6a159f4e804933038c57954e5b99915230db41f5b4bb0a975352257629bb2963616e7e41fa0346e1befea

ImpHash

3ea9c77da2c70a9af0f1ffdeaa76427e

PE Analysis

Basic Information

▼

Icon	Hash: 42a22710013d2940131883c110de4bd1 Fuzzy: bfef0d6c79d6edce3c059fe040d432fa dHash: 9669e896b2b2d480
Image Base	`0x00400000`
Entry Point	`0x006305f4`
Compilation Time	2020-04-22 21:21:05
Checksum	0x0038cbc4 (Actual: 0x0038cbc4)
OS Version	5.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	11 libraries
Exports	3 functions
Resources	53 Resources
Sections	11 Sections

Version Information

▼

FileVersion	2.0.0.0
ProductVersion	1.0.0.0
ProgramID	com.embarcadero.EaseUS_DRW
FileDescription	EaseUS_DRW
ProductName	EaseUS_DRW
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	2,281,952 bytes	2,281,984 bytes	6.48 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`12259156EB1F0700AC8540564B25AEC7`
`.itext`	`0x0022f000`	5,704 bytes	6,144 bytes	6.09 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`428DBD02B48BCC62DE2734A5866CE7D6`
`.data`	`0x00231000`	37,016 bytes	37,376 bytes	6.75 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`7688BF05365D691FAF37AA8AD213D008`
`.bss`	`0x0023b000`	26,628 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x00242000`	12,614 bytes	12,800 bytes	5.12 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`A75268841D2276C894B693A1A08C4908`
`.didata`	`0x00246000`	2,924 bytes	3,072 bytes	4.10 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`6041A3A577A4BAD0208C6F60BFDF459F`
`.edata`	`0x00247000`	156 bytes	512 bytes	1.93 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`75C0B5D43524DB85A6C7B24266C6873C`
`.tls`	`0x00248000`	72 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x00249000`	93 bytes	512 bytes	1.37 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`597C567CA004669128FD0786F81DD70C`
`.reloc`	`0x0024a000`	206,028 bytes	206,336 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`B050C170017B7FC0D3C4797706A0B776`
`.rsrc`	`0x0027d000`	1,155,808 bytes	1,156,096 bytes	2.64 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`9AD868D4296B227D29B4CB0427729D3F`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 53 (1,152,935 bytes)

Resource Type	Count	Total Size	Percentage
RT_CURSOR	7	2,156 bytes	0.2%
RT_ICON	9	562,568 bytes	48.8%
RT_STRING	23	18,568 bytes	1.6%
RT_RCDATA	4	567,011 bytes	49.2%
RT_GROUP_CURSOR	7	140 bytes	0%
RT_GROUP_ICON	1	132 bytes	0%
RT_VERSION	1	524 bytes	0%
RT_MANIFEST	1	1,836 bytes	0.2%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	EDRW v13 Activator v2.1 - De!.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version	1.0.217.174
Database Version	2025-06-06 18:00:24 UTC

EDRW v13 Activator v2.1 - De!.exe PUP AI Analysis

Technical Analysis

PUP.Win32.AI.ns

Scan Another File

File Identification