Manalyze report for 351548b127b8debcb53229b62dbe1929

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Mar-04 10:47:07
Detected languages	English - United States
CompanyName	Sanalika Hacker
ProductName	Project1
FileVersion	`1.00`
ProductVersion	`1.00`
InternalName	Kullanıcı Banlama
OriginalFilename	Kullanıcı Banlama.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic 5.0` `Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Suspicious	VirusTotal score: 1/70 (Scanned on 2019-05-17 07:56:19)	`Trapmine: malicious.moderate.ml.score`

Hashes

MD5	`351548b127b8debcb53229b62dbe1929`
SHA1	`75bf141092bc344dc4b8e945bf7154ce4a6b7556`
SHA256	`ff76dc65008001a63a3c15a94e1e5cd4e69892d4a8d250274a29679e4c799859`
SHA3	`c83081543a0a74fc90c8b882b66534f7f394592f0a7cf184a6ae509ccc689338`
SSDeep	`96:/lxWg+Z2JN9672OqjZw0zyX2NxCmjWT7XtoCE22:/TJg2JKywd2ijE2`
Imports Hash	`b9bacc58d831f33227c4aabd7f70ae6a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2012-Mar-04 10:47:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x2000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000114C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x5000`
SizeOfHeaders	`0x1000`
Checksum	`0xd08c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c6eb19b15d59177f1a1c2d43ae0e626d`
SHA1	`bae133bfc5a49370aaa01bf14196a239ffd5b182`
SHA256	`bd542e32e0ef42435a346277f6f5a6005ff2ffa4f1c47a64b4fffe4fc3a01dfa`
SHA3	`43a5c1c227c7ca345b47a9d21caf8a0a2db8acfd7eb454174e6562f930c20a77`
VirtualSize	`0x11fc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`2.8368`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x9ec`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`ecb3bdc48c47b1925f70162d13ec2e6e`
SHA1	`54d0a603af9d023afba827aa249e84cd3ae08d17`
SHA256	`b7d20936203062c209fcfb2e205c596938d6bd4a34f68d017f0d0347b8e9cf99`
SHA3	`a59ff2beb42b2298125df77088de64bbf61e63c069948c3faf16a932ad8e1ee4`
VirtualSize	`0x904`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.99452`

Imports

MSVBVM60.DLL	`_CIcos` `_adj_fptan` `__vbaFreeVarList` `_adj_fdiv_m64` `_adj_fprem1` `_adj_fdiv_m32` `#595` `_adj_fdiv_m16i` `_adj_fdivr_m16i` `_CIsin` `__vbaChkstk` `EVENT_SINK_AddRef` `_adj_fpatan` `EVENT_SINK_Release` `_CIsqrt` `EVENT_SINK_QueryInterface` `__vbaExceptHandler` `_adj_fprem` `_adj_fdivr_m64` `__vbaFPException` `_CIlog` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `_adj_fdivr_m32` `_adj_fdiv_r` `#100` `__vbaVarDup` `_CIatan` `_allmul` `_CItan` `_CIexp`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x130`
TimeDateStamp	2012-Mar-04 10:47:07
Entropy	`2.57965`
MD5	`a20d09bee9b4207ad5a3b67a78c1dce3`
SHA1	`ca85fbf532389887f3837bbadd1c579040b99c8b`
SHA256	`2d3915cdc82e909357d44c4de1b8890bd753605c28df11b10299e3fd09d930b9`
SHA3	`e3b2b0325b24bb74af126af0863b39a6e63c08820f69cf0ae582a31bfc1052db`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e8`
TimeDateStamp	2012-Mar-04 10:47:07
Entropy	`1.76987`
MD5	`24799ca590d42134e7103b06d46fd960`
SHA1	`4af9a0fe3b7371abc50a18e851f3122fce9a2ffa`
SHA256	`a32e750bc1b0315530097434a7e1d324b843e1f5ffd95238b49d3a8aa8e6fe09`
SHA3	`9a17698629ef5e7a1c567a9669be74aa2c9d8356ecfba40c48811e4dcf5ea875`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2012-Mar-04 10:47:07
Entropy	`2.07177`
MD5	`e6c5053ba1c848d7e16701a2d08fb8c6`
SHA1	`f253482c0fa25197130f6475f2ded060527843bf`
SHA256	`46dc088910439dad6a0d69da5e64227d04a640845fd1c31e90a7d4340c539fe0`
SHA3	`1e6c369197dd1a466ea87357db49ec559ecf82c0c3fa13af1a383445945861e6`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x30`
TimeDateStamp	2012-Mar-04 10:47:07
Entropy	`2.97836`
Detected Filetype	Icon file
MD5	`835a20def9b2661b64b8ac06b4901f36`
SHA1	`70732dac88537f00c89d105f986ef843d3aca818`
SHA256	`cbdcb84268fcf2a25b844c1dca787de835c0376e82c1a2e62814a3c940a26cfb`
SHA3	`9a2de99425a7e2086c65d82719bf44696cfe58b8077ce214e814ceeeb78ba1f4`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x244`
TimeDateStamp	2012-Mar-04 10:47:07
Entropy	`3.21868`
MD5	`3885ed65907353657d51ec4982aa71ea`
SHA1	`56833d05c6ea6952e553ea2012dd89f3e3e450d6`
SHA256	`8fbfdac723675e452c7650e06a29fd865b9820af543809f917b6cf29218cdbd3`
SHA3	`4fade08f73e1b2f85eea5c8c8b2a0088e9d7ea502775cf25906a69e3f1955886`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Sanalika Hacker
ProductName	Project1
FileVersion (#2)	1.00
ProductVersion (#2)	1.00
InternalName	Kullanıcı Banlama
OriginalFilename	Kullanıcı Banlama.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8897ebcb`
Unmarked objects	`0`
14 (7299)	`1`
9 (8041)	`1`
13 (8169)	`1`

351548b127b8debcb53229b62dbe1929

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

Imports

Delayed Imports

30001

30002

30003

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors