Manalyze report for 122f2baf938ce222f13a37a3c6c45a80

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-Sep-21 20:00:53
Detected languages	English - United States Lithuanian - Lithuania
FileVersion	`3.57.1236`
ProductVersion	`3.57.1236`
InternalName	intrast
OriginalFilename	intrast.exe
CompanyName	Avilda, www.avilda.lt
FileDescription	Programa "INTRASTATAS"
Comments	INTRASTAT ataskaitų ruošimo programa
LegalCopyright	Avilda
LegalTrademarks	"INTRASTATAS" is trademark of Avilda.
ProductName	Programa "INTRASTATAS"

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegQueryValueA RegOpenKeyA RegCloseKey`
Suspicious	The file contains overlay data.	`213873 bytes of data starting at offset 0x5e00.` `The overlay data has an entropy of 7.999 and is possibly compressed or encrypted.` `Overlay data amounts for 89.8864% of the executable.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`122f2baf938ce222f13a37a3c6c45a80`
SHA1	`8aa09819ec8f88b1c416452f61fdfb0acc0997ea`
SHA256	`0b567c8f37219e80a518fcd7cac3bdc9ed3fc3c5a6bdbaadc13f6b95abbf13b4`
SHA3	`62b8bdd8386a5dbdefc8e80acee36ebcc095c47bfd9939e182a97b94d340e36b`
SSDeep	`6144:IDYlMRvVDkBOcHjOZNN6edDGHkJwtujbfkqEUk:iYORIzaJ3SHkJTxk`
Imports Hash	`2fc48abcfc4886d28d2790323d96cffb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2007-Sep-21 20:00:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0xc00`
SizeOfInitializedData	`0x4e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001873 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a9e3c489cf6313c6db49f77eb10fbba7`
SHA1	`ee1ff3262e260355cd8605e5b409abe913c412a6`
SHA256	`c5b82b6f6726c94f9f2907c7e42a41f5aaea36a2368c360d7e0b038c8d6fc044`
SHA3	`08687c01bdda1dbfee73829d4c7f01c63ee1d8a103d60f54c70ca758bf79224f`
VirtualSize	`0xbba`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.10676`

.rdata

MD5	`adc803db213b32e9ecd367864a8b88aa`
SHA1	`792aaa764cfe80254aca5aa7753c8bd6707547f3`
SHA256	`ebbd1c382383dd7d634276bfdac4518d030d1543248f33773a0295bd3bd64d0f`
SHA3	`b90cffd89bc191f896e4e661c5093e9e9ad0209273816c3dff1f07af31d93d6b`
VirtualSize	`0x5b6`
VirtualAddress	`0x2000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.61322`

.data

MD5	`55743481aebf44ec95e86d5d2a35f255`
SHA1	`078415b122ba1807136fa220bb75bd14cc5d0cb6`
SHA256	`ff19c8b2fe345ee6d7f3bee4c026988dfb11dacecec91e157f1b652f5d257bb7`
SHA3	`a7f58ec998894920183fa9042081cb2fee01d2906e3119943f5dc93969fce3a1`
VirtualSize	`0x47c`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.11837`

.rsrc

MD5	`a0a5ed2669398ddd3a1487825590a49e`
SHA1	`d735171c30494d2bff8caf532e7db49dc81a9fa9`
SHA256	`fa1c4137515f2b2db222fce6ab39308bdd9a37a2c38716ab5777b99f023f5d7e`
SHA3	`cfd187a37e6d93300d61766dbf929ac948b1b83c6be5b8a031f1e533fb3a5e35`
VirtualSize	`0x45f0`
VirtualAddress	`0x4000`
SizeOfRawData	`0x4600`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.502`

Imports

MSVCR71.dll	`__p__commode` `__p__fmode` `__set_app_type` `_adjust_fdiv` `__dllonexit` `_onexit` `_controlfp` `__setusermatherr` `_initterm` `__getmainargs` `_amsg_exit` `_acmdln` `exit` `_cexit` `_ismbblead` `_XcptFilter` `_exit` `_c_exit` `_mbschr` `_mbsicmp` `_access` `_mbsrchr` `isspace` `_splitpath` `_except_handler3` `_makepath`
KERNEL32.dll	`GetModuleHandleA` `GetModuleFileNameA` `FreeLibrary` `GetProcAddress` `GetSystemDirectoryA` `lstrcatA` `GetCurrentDirectoryA` `LoadLibraryA` `lstrcpyA` `_lopen` `_lclose` `_llseek` `_lread` `GetStartupInfoA`
USER32.dll	`MessageBoxA` `LoadStringA` `wsprintfA`
ADVAPI32.dll	`RegQueryValueA` `RegOpenKeyA` `RegCloseKey`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17752`
MD5	`7456449de2eeb4105a880cfe97dd0b20`
SHA1	`bcda9be123204b6163e73c3c6ce948ab3874e102`
SHA256	`6378cc058aa08db8068aeddf980603ccb71699ae733f7506d5978536173f4cb4`
SHA3	`b4bf084b3c5e6fc25884a28d814665104755835042ccedf70242ccbe25597f73`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3251`
MD5	`4ab84c3d67fd50d61d0b5a54a67e67c2`
SHA1	`fd4c3eaccb42b345b6770e6418f38c404e6514e5`
SHA256	`9c32dd7fa8a88825ce863e7324510516f7d26465ce0e3a426598a174c089a644`
SHA3	`69be1fadeee81e89deba9a73b0655d890aa102671ad25d11abe214847dce29cd`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x18c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34862`
MD5	`fd20fae35cb8231f6c3fa284d6a3165e`
SHA1	`f554887f5e686c0067b2da36b8b0fa72775dd292`
SHA256	`bcdae1ceb34a6111a0cd9275552139235ce7dcdda29466bfc0f86e26cc7d83d9`
SHA3	`12ce8d033c1ebad1fc8cd984ccac62415dbb45f47ad918513493a130d4afc5f2`

15000

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.97134`
Detected Filetype	Icon file
MD5	`fcd5ebdb4f02cda7ad2924b0234075cb`
SHA1	`6f32300463276bb3138ac559ede4758927b262ea`
SHA256	`d55e2b1a9edf34d5e2ba580b1da6b9dd6bb14c87f5ad7af28dc0698dcbd0eef4`
SHA3	`ef99d0bde3d97f45ef8f8bb8814498e7f9be82b4468cb4c81eed821c72c9a7cd`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53514`
MD5	`6ee77fa1568203ef3ec8ee1a3f46a859`
SHA1	`174ceb1b5ee025fe84e8c831752b438b94331a30`
SHA256	`2d836af823f1acd382acb48d5b03e0deb4b9d04d3d80cfa44a1d44e11640e85e`
SHA3	`ce935d5e21b787370dd27ec2e18baf227111cfee52dff3a463fef8b3216b49e8`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x354`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04169`
MD5	`15c64ead8ca714cd87a1a60fa7b3ede9`
SHA1	`8099c362775693bb710836be73a329b2c834d74e`
SHA256	`e630f54e94f763dbed54418cc3b0bc61de86f7fae39c679ca9c37490fef76d4d`
SHA3	`888f56894de5911b6a9a1fe541c54e15c397c94fbb9783b26bbeaea0fdc2d761`

String Table contents

VFP9.EXE
VFP9R.DLL
VFP9T.DLL
Microsoft Visual FoxPro
Cannot locate the Microsoft Visual FoxPro support library.
The %s file is invalid or damaged.
Cannot run the file %s.

Error code 0xlX.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.57.1236.0
ProductVersion	3.57.1236.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Lithuanian - Lithuania
FileVersion (#2)	3.57.1236
ProductVersion (#2)	3.57.1236
InternalName	intrast
OriginalFilename	intrast.exe
CompanyName	Avilda, www.avilda.lt
FileDescription	Programa "INTRASTATAS"
Comments	INTRASTAT ataskaitų ruošimo programa
LegalCopyright	Avilda
LegalTrademarks	"INTRASTATAS" is trademark of Avilda.
ProductName	Programa "INTRASTATAS"

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x403018`
SEHandlerTable	`0x4021c0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x97cbdd04`
Unmarked objects	`0`
Imports (2067)	`2`
Imports (2179)	`4`
Total imports	`46`
Imports (VS2003 (.NET) build 3077)	`3`
C++ objects (VS2003 (.NET) build 3077)	`1`
ASM objects (VS2003 (.NET) build 3077)	`1`
C objects (VS2003 (.NET) build 3077)	`14`
94 (VS2003 (.NET) build 3077)	`1`
Linker (VS2003 (.NET) build 3077)	`1`

122f2baf938ce222f13a37a3c6c45a80

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

1 (#2)

15000

1 (#3)

1 (#4)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors