The Sim EKB Install 2023 11 24 Run as Admin exe (Simatic key help) plcforum uz ua File Malware Analysis

The Sim_EKB_Install_2023_11_24_Run_as_Admin.exe (Simatic key help) File Analysis

Updated 8 months ago

Checked by Malware Check

Sim_EKB_Install_2023_11_24_Run_as_Admin.exe

Hash Type	Value	Action
MD5	677bb6ae9a94f1ee9d214619c297daa2
SHA1	9314c4ea30c57ab5f5ef363f3133260db29bce68
SHA256	f190c58516ea4bf4e0ee4cd28ff5501e3d0444834d8c818e23ab7f1884f14ee7
SHA512	1f7d60997cb8c39449f2628c3c8425031aaf051acf7a58258839cfa162be35903d9bca1e75b6a53f2b45fd37cef69149d901c3d60084d300dc24a59e165a14de
ImpHash	c7100093c950983a36d798935de261a4

Hash Type

Value

Action

MD5

677bb6ae9a94f1ee9d214619c297daa2

SHA1

9314c4ea30c57ab5f5ef363f3133260db29bce68

SHA256

f190c58516ea4bf4e0ee4cd28ff5501e3d0444834d8c818e23ab7f1884f14ee7

SHA512

1f7d60997cb8c39449f2628c3c8425031aaf051acf7a58258839cfa162be35903d9bca1e75b6a53f2b45fd37cef69149d901c3d60084d300dc24a59e165a14de

ImpHash

c7100093c950983a36d798935de261a4

PE Analysis

Basic Information

▼

Icon	Hash: 3b7f343f7bbbf2ed2927bb32a5a0c57c Fuzzy: f556f203c4aa374525e74e601a0880cf dHash: 3e9698b86464a4a4
Image Base	`0x00400000`
Entry Point	`0x0075e3f8`
Compilation Time	2023-11-24 11:27:19
Checksum	0x00000000 (Actual: 0x004260b4)
OS Version	6.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	The PE file does not contain a certificate table.
Imports	12 libraries
Exports	2 functions
Resources	92 Resources
Sections	11 Sections

Version Information

▼

CompanyName	plcforum.uz.ua
FileDescription	Simatic key help
FileVersion	2015.03.29
ProductVersion	2015.03.29
ProgramID	com.embarcadero.Sim_EKB_Install_prj
ProductName	Sim_EKB_Install_prj
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	3,515,700 bytes	3,515,904 bytes	6.11 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`5A8897BF97FCEB993FAE085DAC668A36`
`.itext`	`0x0035c000`	9,360 bytes	9,728 bytes	6.24 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`C4E024C58A2F5B7AD4C75CD3B45370A3`
`.data`	`0x0035f000`	167,812 bytes	167,936 bytes	5.44 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`8BE2565DD564BC3F1270EE5C8EDF7E54`
`.bss`	`0x00388000`	5,466,708 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x008bf000`	14,006 bytes	14,336 bytes	5.22 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`36F27C8F812BF2683923DEDE37A2842D`
`.didata`	`0x008c3000`	3,216 bytes	3,584 bytes	4.06 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`05EE4A1ACBCA767506A9452388DF7480`
`.edata`	`0x008c4000`	124 bytes	512 bytes	1.52 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`EF5111B96FC164C1EEC91FD4FD0F1F3F`
`.tls`	`0x008c5000`	84 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x008c6000`	93 bytes	512 bytes	1.39 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`04DBDD38754724C0D50E9E4D866F59CA`
`.reloc`	`0x008c7000`	304,020 bytes	304,128 bytes	6.65 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`303CC6B9BF0E081957506187B0FC238F`
`.rsrc`	`0x00912000`	290,304 bytes	290,304 bytes	6.88 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`A0512DDE97E88782F21478949017C690`

Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 92 (284,308 bytes)

Resource Type	Count	Total Size	Percentage
RT_CURSOR	7	2,156 bytes	0.8%
RT_BITMAP	16	3,384 bytes	1.2%
RT_ICON	1	744 bytes	0.3%
RT_STRING	28	22,632 bytes	8%
RT_RCDATA	30	253,089 bytes	89%
RT_GROUP_CURSOR	7	140 bytes	0%
RT_GROUP_ICON	1	20 bytes	0%
RT_VERSION	1	648 bytes	0.2%
RT_MANIFEST	1	1,495 bytes	0.5%

Certificate Chain Analysis

▼

Certificate Information

Product	Sim_EKB_Install_prj
Description	Simatic key help
File Version	2015.03.29

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	Sim_EKB_Install_2023_11_24_Run_as_Admin.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version	1.0.193.174
Database Version	2024-10-17 16:00:33 UTC

The Sim_EKB_Install_2023_11_24_Run_as_Admin.exe (Simatic key help) File Analysis

Technical Analysis

Clean File

Scan Another File

File Identification