Manalyze report for 2b33840f5eb39f47ed89d9fda8583112a885a29d114a243097516a47b53cdf15

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Oct-22 09:44:53
Detected languages	English - United States
CompanyName	teknodinamik
ProductName	cekme6x6
FileVersion	`1.00`
ProductVersion	`1.00`
InternalName	cekme6x6
OriginalFilename	cekme6x6.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic 5.0` `Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0` `Microsoft Visual Basic v6.0`
Safe	VirusTotal score: 0/72 (Scanned on 2024-10-22 00:22:29)	`All the AVs think this file is safe.`

Hashes

MD5	`e6a1b3f5e7601fce029b4732194aa8e8`
SHA1	`b9e6e256bd18cc012a0eded4466e4f6ef41c76c2`
SHA256	`2b33840f5eb39f47ed89d9fda8583112a885a29d114a243097516a47b53cdf15`
SHA3	`fa96d8f66fd1424bbdf0c1ae65dd4b1cbeffe4d04c0d9ca66f5b7bfdc9cd1ca1`
SSDeep	`12288:PeOswfbsudtyieVMlEgDxjwuY4YzB7wHapg2KldEyEwXa0:25wzeVbB7wAVwXa0`
Imports Hash	`a0aa479fafac32cc31f492b548e1d950`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2012-Oct-22 09:44:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xfb000`
SizeOfInitializedData	`0xb000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002564 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xfc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x107000`
SizeOfHeaders	`0x1000`
Checksum	`0x108337`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`66eb5e16f2c838e87c5b16035402e0e5`
SHA1	`de6ed788436600b5813449994eab9b1c5bfa5f09`
SHA256	`52aac556655f89b11ad251aef6c48ad4fc653c77a30405f6920d7d562c76e57f`
SHA3	`2c76ab4785edc460c0a05025a4fe31f3ccc846f2f30ce95a90fe0227e0534f27`
VirtualSize	`0xfad60`
VirtualAddress	`0x1000`
SizeOfRawData	`0xfb000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.40024`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x9854`
VirtualAddress	`0xfc000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xfc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`daff93b3ebc1021adfadbd2ead325902`
SHA1	`30782ab9f9fcd96faa5e02fd80bc9e1fd7adbe61`
SHA256	`b056c01c9d1a1c77b9c2a9a149d1694e804c7f1d72a1acd1980e14c480558135`
SHA3	`417724f970e9220401591299028ce513edd34a8e74744d89ba0a0d3d795fe5c9`
VirtualSize	`0x8e0`
VirtualAddress	`0x106000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xfd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.95519`

Imports

MSVBVM60.DLL	`__vbaVarTstGt` `__vbaVarSub` `__vbaStrI2` `_CIcos` `_adj_fptan` `__vbaStrI4` `__vbaVarMove` `__vbaVarVargNofree` `__vbaFreeVar` `#588` `__vbaLenBstr` `__vbaStrVarMove` `__vbaLateIdCall` `__vbaFreeVarList` `__vbaEnd` `_adj_fdiv_m64` `__vbaFreeObjList` `#516` `_adj_fprem1` `__vbaStrCat` `__vbaVarCmpNe` `#660` `__vbaHresultCheckObj` `__vbaLenVar` `_adj_fdiv_m32` `__vbaVarTstLe` `__vbaVarCmpGe` `__vbaVarForInit` `__vbaExitProc` `__vbaVarPow` `__vbaFileCloseAll` `__vbaObjSet` `#595` `__vbaOnError` `#596` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `#598` `#520` `__vbaFpR8` `__vbaBoolVarNull` `__vbaVarTstLt` `_CIsin` `#631` `#632` `__vbaVarCmpGt` `__vbaChkstk` `__vbaFileClose` `EVENT_SINK_AddRef` `__vbaGenerateBoundsError` `#528` `__vbaVarAbs` `#529` `__vbaStrCmp` `__vbaVarTstEq` `__vbaPrintObj` `__vbaVarLateMemSt` `__vbaVarOr` `__vbaCastObjVar` `_adj_fpatan` `__vbaR4Var` `__vbaLateIdCallLd` `__vbaStrR8` `EVENT_SINK_Release` `_CIsqrt` `__vbaLateIdCallSt` `__vbaVarAnd` `EVENT_SINK_QueryInterface` `__vbaVarMul` `__vbaExceptHandler` `__vbaPrintFile` `__vbaInputFile` `_adj_fprem` `_adj_fdivr_m64` `__vbaVarDiv` `#531` `__vbaVarCmpLe` `__vbaFPException` `__vbaInStrVar` `__vbaStrVarVal` `#535` `#536` `__vbaI2Var` `#537` `#645` `_CIlog` `__vbaErrorOverflow` `__vbaFileOpen` `__vbaNew2` `__vbaR8Str` `#571` `__vbaVarInt` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `#573` `__vbaStrCopy` `__vbaI4Str` `__vbaFreeStrList` `__vbaVarCmpLt` `_adj_fdivr_m32` `__vbaPowerR8` `__vbaR8Var` `_adj_fdiv_r` `#100` `__vbaVarTstNe` `__vbaI4Var` `__vbaVarCmpEq` `#610` `__vbaVarAdd` `__vbaVarDup` `#614` `__vbaFpI2` `__vbaVarMod` `__vbaVarCopy` `__vbaVarTstGe` `__vbaFpI4` `__vbaVarLateMemCallLd` `#616` `_CIatan` `__vbaStrMove` `#618` `__vbaStrVarCopy` `__vbaVarNeg` `_allmul` `__vbaLateIdSt` `_CItan` `#546` `__vbaFPInt` `__vbaVarForNext` `_CIexp` `__vbaFreeObj` `__vbaFreeStr` `#581`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x130`
TimeDateStamp	2012-Oct-22 09:44:52
Entropy	`2.57965`
MD5	`a20d09bee9b4207ad5a3b67a78c1dce3`
SHA1	`ca85fbf532389887f3837bbadd1c579040b99c8b`
SHA256	`2d3915cdc82e909357d44c4de1b8890bd753605c28df11b10299e3fd09d930b9`
SHA3	`e3b2b0325b24bb74af126af0863b39a6e63c08820f69cf0ae582a31bfc1052db`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e8`
TimeDateStamp	2012-Oct-22 09:44:52
Entropy	`1.76987`
MD5	`24799ca590d42134e7103b06d46fd960`
SHA1	`4af9a0fe3b7371abc50a18e851f3122fce9a2ffa`
SHA256	`a32e750bc1b0315530097434a7e1d324b843e1f5ffd95238b49d3a8aa8e6fe09`
SHA3	`9a17698629ef5e7a1c567a9669be74aa2c9d8356ecfba40c48811e4dcf5ea875`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2012-Oct-22 09:44:52
Entropy	`2.07177`
MD5	`e6c5053ba1c848d7e16701a2d08fb8c6`
SHA1	`f253482c0fa25197130f6475f2ded060527843bf`
SHA256	`46dc088910439dad6a0d69da5e64227d04a640845fd1c31e90a7d4340c539fe0`
SHA3	`1e6c369197dd1a466ea87357db49ec559ecf82c0c3fa13af1a383445945861e6`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x30`
TimeDateStamp	2012-Oct-22 09:44:52
Entropy	`2.97836`
Detected Filetype	Icon file
MD5	`835a20def9b2661b64b8ac06b4901f36`
SHA1	`70732dac88537f00c89d105f986ef843d3aca818`
SHA256	`cbdcb84268fcf2a25b844c1dca787de835c0376e82c1a2e62814a3c940a26cfb`
SHA3	`9a2de99425a7e2086c65d82719bf44696cfe58b8077ce214e814ceeeb78ba1f4`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x220`
TimeDateStamp	2012-Oct-22 09:44:52
Entropy	`3.13744`
MD5	`e824f701ebfec4769a92af55fcda184b`
SHA1	`5e631ed6518323c9f8d135f412d2e5c7cb1ee297`
SHA256	`92266541dd37cefbd2aa187d6f37b7fc2e694ebf6eb2b783461ca41292626b67`
SHA3	`490bab60e91f1811127e02bf5ee505e08535393741ba85f67fa91803b2c6a818`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	teknodinamik
ProductName	cekme6x6
FileVersion (#2)	1.00
ProductVersion (#2)	1.00
InternalName	cekme6x6
OriginalFilename	cekme6x6.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x629ad1d`
Unmarked objects	`0`
14 (7299)	`1`
9 (8041)	`18`
13 (8169)	`1`

Errors

Leave a comment

No comments yet.