Manalyzer :: e3ffdba4c06b0c3bd090be5658f7b3c613918fc99501ab99d998211bb2c64f24

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Apr-29 10:03:52
Detected languages	English - United States
ProductName	ÐÑÐ¾ÐµÐºÑ1
FileVersion	`1.00`
ProductVersion	`1.00`
InternalName	Ð¿ÑÐ°ÐºÑÐ¸ÐºÐ° ÐÐ¾Ð¼Ð¿ÑÑÑÐµÑ
OriginalFilename	Ð¿ÑÐ°ÐºÑÐ¸ÐºÐ° ÐÐ¾Ð¼Ð¿ÑÑÑÐµÑ.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Suspicious	VirusTotal score: 2/71 (Scanned on 2026-05-25 08:19:53)	`APEX: Malicious` `Trapmine: malicious.high.ml.score`

Hashes

MD5	`ba0b9cf43b7e4326669610ed67b3a962`
SHA1	`89ec3b208da7b80e80edba0789c96f883997e274`
SHA256	`e3ffdba4c06b0c3bd090be5658f7b3c613918fc99501ab99d998211bb2c64f24`
SHA3	`17b3f50b189a9eb75fb81133d37d461e26e6e8f07b062a075de0d39ff9849716`
SSDeep	`6144:iDOxZMP9O9DMcO9MDBJxBfQ1js3cqG0npJvcR/E0Np91:iDOG956dftcjs3hnpJvcS0Nf`
Imports Hash	`256dd494161a999e26bac82ceff0f13b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Apr-29 10:03:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xaf000`
SizeOfInitializedData	`0x12000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001C64 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb0000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc2000`
SizeOfHeaders	`0x1000`
Checksum	`0xb32c3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`70ada3c95aa1f9162331eed0ffe3f6db`
SHA1	`45adeeac33b53bac315e53aaf82f6076b7c82c6b`
SHA256	`149e4a6da532fb4696032ba96ff310aa37dd73b4d87b3162924673fb3977446b`
SHA3	`eab42b12f05dd4082a7104c2971694e9744e681b2eacdbb586cbf7d24a2d96a0`
VirtualSize	`0xae9a4`
VirtualAddress	`0x1000`
SizeOfRawData	`0xaf000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.77956`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x101dc`
VirtualAddress	`0xb0000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`4f953ebc4e275e08a733a20f36d8ab22`
SHA1	`32f43168918c688133c9af9163c8d0501110280c`
SHA256	`c8cad17572f5b41abfee4a2901b9fa29ea8d700d0892bcdcb00b0e8959009caf`
SHA3	`a03e4383fc086c9a6ea6489a92f26b6965246b2da5b79617c02c4251660a9472`
VirtualSize	`0x75c`
VirtualAddress	`0xc1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.95816`

Imports

MSVBVM60.DLL	`__vbaVarSub` `__vbaStrI2` `_CIcos` `_adj_fptan` `__vbaVarMove` `__vbaFreeVar` `__vbaStrVarMove` `__vbaLenBstr` `#588` `__vbaFreeVarList` `_adj_fdiv_m64` `__vbaFreeObjList` `_adj_fprem1` `__vbaStrCat` `__vbaHresultCheckObj` `_adj_fdiv_m32` `__vbaLateMemSt` `__vbaVarForInit` `__vbaObjSet` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `__vbaBoolVarNull` `_CIsin` `#632` `__vbaChkstk` `EVENT_SINK_AddRef` `__vbaGenerateBoundsError` `__vbaStrCmp` `__vbaVarTstEq` `__vbaVarOr` `__vbaStrR4` `_adj_fpatan` `__vbaLateIdCallLd` `EVENT_SINK_Release` `_CIsqrt` `EVENT_SINK_QueryInterface` `__vbaExceptHandler` `_adj_fprem` `_adj_fdivr_m64` `__vbaFPException` `__vbaStrVarVal` `__vbaVarCat` `__vbaI2Var` `#537` `_CIlog` `__vbaErrorOverflow` `__vbaNew2` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaStrCopy` `__vbaFreeStrList` `_adj_fdivr_m32` `_adj_fdiv_r` `#100` `__vbaI4Var` `__vbaVarCmpEq` `__vbaVarAdd` `__vbaLateMemCallLd` `_CIatan` `__vbaStrMove` `_allmul` `_CItan` `__vbaVarForNext` `_CIexp` `__vbaFreeObj` `__vbaFreeStr`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e8`
TimeDateStamp	2017-Apr-29 10:03:51
Entropy	`2.71807`
MD5	`4df772309dec42371db6533b4faa19cf`
SHA1	`c00083aff58ca120b7b979d2e6de30df4abfdeac`
SHA256	`c2a35d4453a652b96bd3f17279dda4545bbdbeffc9abf0b6b944eeb37280067c`
SHA3	`70a552baf6abde0d9479fc228202cf08b24b030eed4f76c11467bcb440585d98`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2017-Apr-29 10:03:51
Entropy	`2.56919`
MD5	`8b7bd10210db4fbee6724b418f7bf85c`
SHA1	`619791a7cc924f713d75bff809e36e741c135f53`
SHA256	`f95de8ee66f48e32c2f9cae39984f531ec7464eac6822553209b0df1c55605a2`
SHA3	`1d5f2eecccbc6dbf16be53ca701165c402cdb2529c9b985fddee746834b42500`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x24`
TimeDateStamp	2017-Apr-29 10:03:51
Entropy	`2.72548`
Detected Filetype	Icon file
MD5	`c4f48133dbcc07ceefc04d3ce27ffb83`
SHA1	`c2516993f0770e709032ff32cff190ea04ab57d3`
SHA256	`36ffc54b2f83526d52a67d16d4575b1b8907f31af12c3eadf55e9900927bbd72`
SHA3	`82f5c982a8e7ae483e576b47e1fe1745da177665ba5ca8d783ca8d48d8e15abe`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x208`
TimeDateStamp	2017-Apr-29 10:03:51
Entropy	`3.55671`
MD5	`54f297ef36897d558df94571f6df238d`
SHA1	`68c0bff147b226ca01f365fe2e7b02ec9de08e01`
SHA256	`fa0355f999575344e48dbbee4119ae2dc9738b56a001b8b21a62b2606d4fd786`
SHA3	`d2bbfe669984a3a134dacc0e6a8b17049a80c2a1ebb8848d2292d4a37c651719`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
ProductName	ÐÑÐ¾ÐµÐºÑ1
FileVersion (#2)	1.00
ProductVersion (#2)	1.00
InternalName	Ð¿ÑÐ°ÐºÑÐ¸ÐºÐ° ÐÐ¾Ð¼Ð¿ÑÑÑÐµÑ
OriginalFilename	Ð¿ÑÐ°ÐºÑÐ¸ÐºÐ° ÐÐ¾Ð¼Ð¿ÑÑÑÐµÑ.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x88ceaacd`
Unmarked objects	`0`
14 (7299)	`1`
9 (8041)	`35`
13 (8495)	`1`

Errors

Leave a comment

No comments yet.