Manalyze report for 260c3d3d511b421a4aa53feab0e554ca

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Oct-14 10:53:12
Detected languages	English - United Kingdom English - United States
CompanyName	ASUS
FileDescription	@VIBE
FileVersion	`3.0.0.0`
InternalName	@VIBE
LegalCopyright	ASUSTeK Computer Inc.
LegalTrademarks	ASUSTeK Computer Inc., Copyright © 2
OriginalFilename	ASUS Splash
ProductName	@VIBE
ProductVersion	`1.0`

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Interesting strings found in the binary:	`Contains domain names: .Oforge.net Oforge.net macromedia.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE's resources are bigger than it is.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegFlushKey` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Suspicious	The PE is possibly a dropper.	`Resource 135 is possibly compressed or encrypted.` `Resource 137 is possibly compressed or encrypted.` `Resource 140 is possibly compressed or encrypted.` `Resource 151 is possibly compressed or encrypted.` `Resources amount for 107.659% of the executable.`
Suspicious	The file contains overlay data.	`797327 bytes of data starting at offset 0x2ff800.` `The overlay data has an entropy of 7.99934 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 3/72 (Scanned on 2023-10-05 23:30:37)	`Rising: Trojan.Generic@AI.100 (RDML:6zDus46EsFhh3sFIaH5gUQ)` `VBA32: Worm.Agent` `Zillya: Worm.Nimda.Win32.377`

Hashes

MD5	`260c3d3d511b421a4aa53feab0e554ca`
SHA1	`7dbdd6f2222dbdad424c50dcf0ff0d38d3cff823`
SHA256	`6de9d8d8fa29e139e4b863ae67e495cfb29dc6f90ab1f50737bf6fd92ac80442`
SHA3	`9475d72b765e8e448b6324017b17d0d12402140b6de86de057c359d3e78f8fd7`
SSDeep	`98304:Ksk9fKa/2IuJyiBILaolEMpG7sLwj2GoZU7kn+GzUWh+dy+:7yKUukxLBpG7sLwj2GF/LWQb`
Imports Hash	`2ca8eb616ec3021c58331321a43787a0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2008-Oct-14 10:53:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x29f000`
SizeOfInitializedData	`0x61000`
SizeOfUninitializedData	`0x218000`
AddressOfEntryPoint	`0x004B7A70 (Section: UPX1)`
BaseOfCode	`0x219000`
BaseOfData	`0x4b8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x519000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x218000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`baa526ef28ce98702bd63b54dc8ac566`
SHA1	`b60ba200e16af3071ca76bdfcbeb66be827c5c42`
SHA256	`cba9c875e00f050cdccc152f604b4e134a1158f1e53ad35559ef45363c94a7b5`
SHA3	`56ef887f159db8be5fd05d0352b5fbe213777a1ddea087d634afa5bad8a85a8b`
VirtualSize	`0x29f000`
VirtualAddress	`0x219000`
SizeOfRawData	`0x29ee00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.74009`

.rsrc

MD5	`91575b1b03de42cc4878e81fe3b1e4cf`
SHA1	`8e766b3a13f18b6a2b82ca6825fcfcb44968c128`
SHA256	`286cff977b14408c2b39eba35feb116c7338ea74c65538d9b487e4ab62599495`
SHA3	`8fdafe068d400ae232d59aa9efcce01f19c58cb172ce69d5c1bdfd26e1018be2`
VirtualSize	`0x61000`
VirtualAddress	`0x4b8000`
SizeOfRawData	`0x60600`
PointerToRawData	`0x29f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.23523`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
ADVAPI32.dll	`RegFlushKey`
COMCTL32.dll	`#17`
comdlg32.dll	`PrintDlgW`
DDRAW.dll	`DirectDrawCreate`
GDI32.dll	`EndDoc`
ole32.dll	`CoInitialize`
OLEAUT32.dll	`SysStringLen`
SHELL32.dll	`DragFinish`
USER32.dll	`GetDC`
WINMM.dll	`timeGetTime`

Delayed Imports

135

Type	`BIN`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x39d3a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.6076`
MD5	`feb1cc07cab3ffaeb4e64c50eff99082`
SHA1	`29f993a804951adca5a3f594fa8d9586139fa107`
SHA256	`bcc5b9e0914589b0a107ea00cb02795b4b4d46a5a4c8261166f19f80b7d4f979`
SHA3	`8e808508e732a7dc627357c9462c76f284c802bd018a3ba8a8675d294173793a`

137

Type	`BIN`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x4a84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.30893`
MD5	`d49381f3bc3e744c388fb2572cfda0dc`
SHA1	`e2717954341dd18336b742f8a54f13f1475a02d2`
SHA256	`e3bf8eb102f953a120cca486593b9bb48bb64949fea6836ddb2138d2ac6fde85`
SHA3	`f5b100373ae76587b7833d1a7a2581babbf156a0893e17e64171fc6671e3add1`

140

Type	`BIN`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x9c00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73227`
MD5	`253ac94e9c19e12198ac7abca6ae0303`
SHA1	`b23c9c2e678b4776ef6454ddcacf0a8e22d31659`
SHA256	`7b30edfc0988a1ebaf277c50a31f62bcebd738d1b058373c0bdf6707bc991153`
SHA3	`2e065647651e33b77bf06cb2b371d13d6376c10e2cdaded85a232b05af17ff70`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16738`
MD5	`1544f0cc778b2d5b75097ff9d7638a8a`
SHA1	`74fdf4077e9e507e1942307ad45b62d779593156`
SHA256	`5183409fc2e8efa5c8772cd7126bd734ecf9e77f2d25b744138132a0ae7c5db1`
SHA3	`0184e012c896c695e70b09fee404030ef3ee4cefefa3641151a4eaea01928fdb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.25956`
MD5	`e2863f8b8cb32529e971f5ac6f65f95c`
SHA1	`6a2963e81b116046ca10d2b1536a42607a5e2fc9`
SHA256	`3ed4cac3023b090ffb231cfb84c04f9be68df98192cd98cdd39a1230d748a470`
SHA3	`a9bbb49c260e2677f63911107a487c0b3e3c8b217b545b852c1b365f2e3e21a9`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33168`
MD5	`86b9532cef123d3c2c1190aa57048942`
SHA1	`7a39e41350cb985375309612aa5593bf4aa17998`
SHA256	`3eae0ca479b6b1295ad0e85442f58d57bae75bd6eae38f22a242eb02b2ebda31`
SHA3	`257ef4c751a6b003542c625e500be5440fca79e07016ca5fb8265341189863c1`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46488`
MD5	`511ba43b13872dc66043d216d06c021b`
SHA1	`1bc5dd9324f50c88ad5971964218b36a2140bc05`
SHA256	`593610da1ab429c1fe9f25d4ae3790c120e239ddfa6119e38d13711d8babdbd5`
SHA3	`059222c2305636f68269de88e682ecb0aa773cd9363b6ec5bf4a9d64ed7ce494`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75507`
MD5	`e17883d72f0a5390abe89a4835fc5555`
SHA1	`7856cb321e8dd6a05dd3572c5534b3d24a27f1c3`
SHA256	`2274dffdf5b5ab7feafccd6ceca71a985f3abed2bb967278fdc3f8bd7f9f7c22`
SHA3	`8984fd5962689723a53c1940ae4d60037772e971e3e60be773180199901f76ef`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87275`
MD5	`3fabce1c5e52fcb50846ecbb439f3eb3`
SHA1	`1c1133f724cc7c5e3249b308bcb080e7edb29b4f`
SHA256	`251c6cabbee63e7add6f159a5b43cec01b918346a6aab2eb04c98f270e83a26b`
SHA3	`ddc584a958e75019e1e3d9d37eafe635b1a85d143e699e642de7009a8af01a75`

143

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77356`
MD5	`c1c56d9098c667850543893a91a5ed23`
SHA1	`7f65112da7ba3140973e87e14b8f7bc997b05805`
SHA256	`4dc3880696cb41e65b02b350ca2e9f7857d69fd13226a5d802ef59c090208d1f`
SHA3	`2930077a7b07783d691f8b51e6c7cbfe1b763dc155c478fbc292b8d6f585cdd2`

145

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x1e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70689`
MD5	`cc0fec00e63153e83a675d92baeb052f`
SHA1	`9128ee658b92d17b07220dfd81c3a412be366ef5`
SHA256	`1876665961e906764c42858cc773cc27078d922f8508edd9e7451e0ee6b31697`
SHA3	`b8d2688c71983671081be010d533fe40d051ed2347c0ac29b14787f8a3901f2d`

150

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.5673`
MD5	`bf912daad812f4921d826375d993e682`
SHA1	`1acfb2e46b73e49e68bd7f1148113f4a08af4c5d`
SHA256	`e1e01b605a3ea85ca3ffb2522c2967d118e1f4605479b3d9f2d876d6f537da8e`
SHA3	`48197b8b696c39cd942e7c111532b9e23df70f0cf4589ddd2f4bc9151dc24c7c`

151

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x22c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.25834`
MD5	`ae2679b6ea498eec4f9520300d881811`
SHA1	`765581d0be54765797609f609a777d921eec021b`
SHA256	`798a1c94562b55da9a9184289133ff41c5b5169d7a3733df5533c3790f9d91d1`
SHA3	`853d960701b302fa7a4b8f7c7e4532c150fa2af66a674566319a141acfdd65ce`

2003

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.6125`
MD5	`76e9d0c44cb09788f9c8cd0436cba4c5`
SHA1	`def3defe301efe57c652b78077a03681198b4d3c`
SHA256	`989383dde025fab1785d2a40bf10ab573ae5340d90ec13aa38abe784f19826e7`
SHA3	`f8871ecaf7ce6b50a9dd948a6d3ec9e909d9c7b7eedcd12695283a59e387b4e8`

1 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.97184`
MD5	`bafcf19f9551e0a4d56afe10a6edbe66`
SHA1	`4c2da409d12efbfacf54a7a2efd91f8b4fd327b1`
SHA256	`5b677a54dfa7400c4e437ce0fa75ad8e9e1d114e85fe1206aa9b98b3a6f5eabc`
SHA3	`f4b59e1354a19a5b1ce0d6e7d7da20e372885fa6f08d24707b43e466aa8ed636`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76511`
Detected Filetype	Icon file
MD5	`209f3fea9e56f90810a68af729ac31f6`
SHA1	`6e1ef4700339033f61c0ebf77791fe77faf8ab48`
SHA256	`b62d8ed95f25402de2bb96b16f49329a6ad244dc5737c002bdbf8b938af32443`
SHA3	`165703c8c7cfb99fdac101fad16c995c21b4c25a71abbf093f0bb173ea1dd91a`

1 (#3)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x460`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98767`
MD5	`a387cc19cd07110a8a0c5fa548095eca`
SHA1	`f3b8c2405bc212bf4977af0a11a3ccd6ad77a7c1`
SHA256	`27e90fc0869ae14d72cd15bd178087280dcbf9c894a1ed7cbba2ea9c73c24a82`
SHA3	`afa4743466bbefd4e629f1132470f844827352341b3a27158b76f94bff1f195b`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x28a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03081`
MD5	`479906104f77d1cec07bf8e226ef6d04`
SHA1	`84588bd81f631bb6948472db20f4ab75e6dd8af8`
SHA256	`67e109facefea7d74c504d1f338c1bb86e14b63f9d795710a9c635aa43251ed7`
SHA3	`90bbf746041d78ff8895dbc1dc826e4001558e715b65de27a74b4dd42c119302`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.0.0
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United Kingdom
CompanyName	ASUS
FileDescription	@VIBE
FileVersion (#2)	3.0.0.0
InternalName	@VIBE
LegalCopyright	ASUSTeK Computer Inc.
LegalTrademarks	ASUSTeK Computer Inc., Copyright © 2
OriginalFilename	ASUS Splash
ProductName	@VIBE
ProductVersion (#2)	1.0

Resource LangID	English - United Kingdom

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xc36f554f`
Unmarked objects	`0`
105 (2067)	`3`
ASM objects (VS2003 (.NET) SP1 build 6030)	`45`
C objects (2179)	`7`
Imports (2067)	`2`
C objects (VS2003 (.NET) SP1 build 6030)	`208`
Imports (2179)	`14`
Imports (9210)	`4`
Total imports	`322`
Unmarked objects (#2)	`5`
C objects (9178)	`1`
C++ objects (VS2003 (.NET) SP1 build 6030)	`119`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) SP1 build 6030)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!