Manalyze report for 3e6299d4927f8e67cf958b1a892455cc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Nov-18 01:27:26
Detected languages	English - United States
CompanyName	BAE Systems
FileDescription	JMPS - JMPS
ProductName	JMPS-Framework
FileVersion	`1.03.0005`
ProductVersion	`1.03.0005`
InternalName	JMPS
OriginalFilename	JMPS.exe
OLESelfRegister

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic v5.0 - v6.0` `Microsoft Visual Basic v6.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %TEMP%`
Malicious	VirusTotal score: 9/67 (Scanned on 2018-08-16 23:33:27)	`MicroWorld-eScan: Gen:Variant.Babar.1912` `Arcabit: Trojan.Babar.D778` `BitDefender: Gen:Variant.Babar.1912` `Ad-Aware: Gen:Variant.Babar.1912` `Emsisoft: Gen:Variant.Babar.1912 (B)` `F-Secure: Gen:Variant.Babar.1912` `GData: Gen:Variant.Babar.1912` `ALYac: Gen:Variant.Babar.1912` `MAX: malware (ai score=81)`

Hashes

MD5	`3e6299d4927f8e67cf958b1a892455cc`
SHA1	`6eecbdc73ecc6179fbcb3362ac3955f638fedfff`
SHA256	`17029e5e6031c9a8146f8d336b16293cc15bd5f4aa4cf94b45e3e15b63706313`
SHA3	`d980a1af0c6718ed5350915d84740a866b8b0cccfd8bbab49878304b4c2c1fe5`
SSDeep	`12288:UdoZ/hbV7K6KgeRZp6uHurt8JPwbdsHfUlS/Ishh4CXp9Hc1m2RgdDqGjZJ88bb:Ud0/2rRZp6uHurt8JPwbdsHfUlS/Ish`
Imports Hash	`64330bb23b0ad3ba41d74808f1545537`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2015-Nov-18 01:27:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.3`
SizeOfCode	`0x6e000`
SizeOfInitializedData	`0x13000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005904 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6f000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.3`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x82000`
SizeOfHeaders	`0x1000`
Checksum	`0x8a75d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`13adaa4c524923aefb671bf3f9ac85a3`
SHA1	`e44546c8f200786a13b840e28833754312b08719`
SHA256	`dbdbc2f22820f8f52e8dea1a38186b4ea028e600ae94a3425abcdde64ce38b80`
SHA3	`0c9f74aebbedcdc212131a18643cd3e44f363a0231a5eb84837a0bdaf833e0c7`
VirtualSize	`0x6de6c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6e000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.04691`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x718c`
VirtualAddress	`0x6f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`3022a595fec777fc9b17a298964ce3e4`
SHA1	`80783d8a34b90bf49f372fcb4479dd826d7a9895`
SHA256	`64e3f11d52a0ec7b48702b379cd900bfac9b941972cd79878060e374271b3dd9`
SHA3	`f6793f33272522a3f54478b8ae8fbbf5c229a447647b6b0c0bcc111773c0ad1c`
VirtualSize	`0x2428`
VirtualAddress	`0x77000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x70000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.40773`

.reloc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7674`
VirtualAddress	`0x7a000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x73000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

MSVBVM60.DLL	`EVENT_SINK_GetIDsOfNames` `__vbaVarTstGt` `__vbaVarSub` `_CIcos` `_adj_fptan` `__vbaStrI4` `__vbaVarMove` `__vbaVarVargNofree` `__vbaFreeVar` `__vbaAryMove` `__vbaLateIdCall` `__vbaLenBstr` `__vbaStrVarMove` `__vbaFreeVarList` `_adj_fdiv_m64` `#698` `EVENT_SINK_Invoke` `__vbaNextEachVar` `__vbaFreeObjList` `__vbaStrErrVarCopy` `_adj_fprem1` `__vbaRecAnsiToUni` `#519` `__vbaResume` `__vbaCopyBytes` `__vbaVarCmpNe` `__vbaStrCat` `__vbaWriteFile` `__vbaLsetFixstr` `#660` `__vbaRecDestruct` `__vbaSetSystemError` `__vbaLenBstrB` `__vbaHresultCheckObj` `#556` `#558` `__vbaLenVar` `__vbaVargVarCopy` `_adj_fdiv_m32` `__vbaAryVar` `#666` `Zombie_GetTypeInfo` `__vbaAryDestruct` `EVENT_SINK2_Release` `__vbaVarForInit` `__vbaExitProc` `__vbaForEachCollObj` `#300` `__vbaOnError` `__vbaObjSet` `#595` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `#598` `__vbaVarIndexLoad` `__vbaFpR4` `#306` `__vbaBoolVar` `#520` `__vbaStrFixstr` `__vbaVarTstLt` `__vbaFpR8` `__vbaBoolVarNull` `__vbaRefVarAry` `_CIsin` `__vbaErase` `#709` `__vbaVarZero` `__vbaVargVarMove` `#632` `#525` `__vbaNextEachCollObj` `__vbaChkstk` `#526` `__vbaFileClose` `EVENT_SINK_AddRef` `#528` `__vbaGenerateBoundsError` `__vbaExitEachColl` `__vbaStrCmp` `__vbaVarTstEq` `__vbaAryConstruct2` `#560` `#561` `__vbaPrintObj` `__vbaObjVar` `__vbaI2I4` `#562` `DllFunctionCall` `__vbaVarOr` `__vbaCastObjVar` `__vbaLbound` `_adj_fpatan` `__vbaAryRebase1Var` `__vbaR4Var` `__vbaFixstrConstruct` `__vbaLateIdCallLd` `Zombie_GetTypeInfoCount` `__vbaRedim` `__vbaRecUniToAnsi` `EVENT_SINK_Release` `__vbaNew` `#601` `_CIsqrt` `__vbaVarAnd` `__vbaObjIs` `EVENT_SINK_QueryInterface` `__vbaExceptHandler` `__vbaInputFile` `__vbaStrToUnicode` `__vbaDateStr` `#606` `_adj_fprem` `_adj_fdivr_m64` `__vbaFailedFriend` `#716` `__vbaFPException` `__vbaUbound` `__vbaVarCat` `__vbaCheckType` `__vbaDateVar` `__vbaI2Var` `#537` `#644` `__vbaExitEachVar` `_CIlog` `__vbaErrorOverflow` `__vbaFileOpen` `__vbaInStr` `__vbaNew2` `#571` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaStrCopy` `EVENT_SINK2_AddRef` `__vbaI4Str` `__vbaVarNot` `__vbaFreeStrList` `__vbaDerefAry1` `_adj_fdivr_m32` `__vbaR8Var` `_adj_fdiv_r` `#685` `#100` `__vbaVarTstNe` `__vbaI4Var` `__vbaVarCmpEq` `__vbaAryLock` `__vbaVarAdd` `__vbaLateMemCall` `__vbaStrToAnsi` `__vbaVarDup` `__vbaFpI2` `__vbaCheckTypeVar` `__vbaUnkVar` `__vbaFpI4` `#616` `__vbaVarCopy` `__vbaVarSetObjAddref` `__vbaLateMemCallLd` `__vbaRecDestructAnsi` `#617` `_CIatan` `__vbaI2ErrVar` `__vbaAryCopy` `#618` `__vbaStrMove` `__vbaCastObj` `__vbaStrVarCopy` `__vbaForEachVar` `#619` `_allmul` `__vbaLateIdSt` `_CItan` `#546` `__vbaAryUnlock` `__vbaVarForNext` `_CIexp` `#656` `__vbaFreeStr` `__vbaFreeObj`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x230`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`3.58629`
MD5	`09d367c1c1791148e71429f701568ea1`
SHA1	`aa6f816799be99e6766c767ea0bfb02965aad962`
SHA256	`da0d4ceebbc688f6d6d8fdb44b4679d0a9fffacdeb64ea76589d3936c9394bab`
SHA3	`c19df09a50407a31ec2ecb5464873f3e23c7073569ecc8760c6d44d3d33833c9`

1 (#2)

Type	`TYPELIB`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0xe7c`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`3.79855`
MD5	`7d75f9bd700a73f924b09edd6c9f046d`
SHA1	`86135219d56f887ab114c19fb76b515dba57a6e7`
SHA256	`73a09fc111623bc04f86cbab6749e4bb04ac1d47a734c746cbaa535beafb4989`
SHA3	`18a81f37aa3554f53f499d1de0863a68349355cb86d4a4b54d26ad3529d5e4a8`

1 (#3)

Type	`_IID_CFRAMEWORK`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x14`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`2.01924`
MD5	`3c3e4f84ba2502cdb009fc481a1793a2`
SHA1	`85453d3b30f0544637062eef20b3fbd12a0b38f4`
SHA256	`088640c1f1f61d480f96b434dd3070cfd1420a04ef8c2844e971bdb33f7d4397`
SHA3	`bdf3a0caae0d04aafdc6706e1580d0e2489b995f1ae24cb7505d7936b71ad638`

1 (#4)

Type	`_IID_CNOTIFIER`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x14`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`0.847585`
MD5	`e327aa5d1e758c3d018cdb06c457e2c5`
SHA1	`20c8b80f13cedfea681caa6a18d1baf6f3a5d13d`
SHA256	`4c115d2e6877767347de5cf50220d7221c0975f82316254812c6b75bd0e7f7ab`
SHA3	`7f26af3546b3529271292e4eac65f14020b3c298aad89c0e82f4f45c6381f063`

1 (#5)

Type	`_IID_JMPSAPPLICATION`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x14`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`1.14115`
Detected Filetype	Icon file
MD5	`65f434d7c41870a1dbb0b77ed30ca49a`
SHA1	`9fd46838f5ab5ded9ce85c2da8b68ca6049e42ce`
SHA256	`196af1611d6320e25673fd28f5ab118dd193358164544c9bf950395df5b44e9e`
SHA3	`b3800605745446b3068216db0ee918d29679bdff57aa4129edd2bf3fc596be60`

1 (#6)

Type	`_IID_TEXTDIALOG`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x14`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`0.286397`
MD5	`6ce423b4c03d5f82f43c4dfddf1c668a`
SHA1	`85b3a1aa0b26a91cec158ec2a17e7b4fc5bc3ab1`
SHA256	`107a141ee276b77233a58e75fe52f2c46cad82ec17e37fcaad6c1153a0596645`
SHA3	`27b9e27f7546f4659eb44fd9a979ac7492954116853835925416c74081ddca7f`

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e8`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`2.68566`
MD5	`8436afd82eec4a80c48203abc4087449`
SHA1	`0f0eeec6aa02ebd7234f1ad513bd5291e01a07b4`
SHA256	`5375d5f89b711c7b25b3184fb43b10c18f8846ae3e19fce18ccf1211ad0b237f`
SHA3	`960bbe3d0ce0e992369e5d846aeec49f0dea9a5232531569d2abbf99e1732fa0`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`2.08865`
MD5	`0cca8d857e7496780d331202a0c8aa2e`
SHA1	`5c814ff635725cbc93e968aef209960ae46edb75`
SHA256	`8590829c092de011dfa45569814e076a2fcc03fb830817afc4127ccf52ec3850`
SHA3	`ecfc8f7c19b1f13496dd66ed9dd155f05ce1b150a1d7565c55e81b5efdecbb79`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x8a8`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`2.96972`
MD5	`193257070e8b9cbc967cc28ae48e4ffa`
SHA1	`a8bef88a073648f0bdddc4d4eadeeb99939ade0f`
SHA256	`8d7b53987c6ca0c87663350cd3b248abc1f887e52cfd2abf4ac4293c31211462`
SHA3	`c8f26c727550049e58920972f1a35bbf4f5ce12a992d2c0e68c408c6bac1a20b`

1 (#7)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x30`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`3.02656`
Detected Filetype	Icon file
MD5	`b352a786861854706833c1818676162d`
SHA1	`b5a0e9575a4817a1ada5dbc62857cdc8067a4dc9`
SHA256	`6e9ebd2af0f2189e58bcd6eee4ceeb34cb0fb3ffcb3a85c2e6de79b7840cd628`
SHA3	`4af7dcd0eceed6a37d38ec703c1f3d90c35668e75ffed16ee801df314a2a568a`

1 (#8)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x294`
TimeDateStamp	2015-Nov-18 01:27:26
Entropy	`3.35698`
MD5	`75e49852b5119dece6a75e99e215fe67`
SHA1	`6a236af5b3ae7f7c3420c2fa1187dc06a9c508fd`
SHA256	`d397ca91cfbd03bb0684a280aab100ae1f22c33165eb8df4894cda0b8adecd23`
SHA3	`13bd464141019b83be708a219f8cd85d1cd2225f5be731e12fb662a5aa7428e9`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.0.5
ProductVersion	1.3.0.5
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	BAE Systems
FileDescription	JMPS - JMPS
ProductName	JMPS-Framework
FileVersion (#2)	1.03.0005
ProductVersion (#2)	1.03.0005
InternalName	JMPS
OriginalFilename	JMPS.exe
OLESelfRegister

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Section .reloc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!