Manalyze report for 40478e3d7d6d78d80b16bc9f20b982d0

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Nov-05 02:33:39
Detected languages	English - United States
CompanyName	by TurboCCC
ProductName	RGN_Tool
FileVersion	`0.09.0004`
ProductVersion	`0.09.0004`
InternalName	RGN_Tool
OriginalFilename	RGN_Tool.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic 5.0` `Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Suspicious	VirusTotal score: 2/67 (Scanned on 2018-10-15 12:08:47)	`Cylance: Unsafe` `Ikarus: Trojan-Dropper.Win32.VB`

Hashes

MD5	`40478e3d7d6d78d80b16bc9f20b982d0`
SHA1	`cdd8d5883e775a39e950da83750b5dbef144cffe`
SHA256	`f4c423a1f36022c5db17c3de06e63fdcdb72f491c0d29360379e617a0b015b5a`
SHA3	`76c13e7ea3544c00c2030e6243139cea0b97c26087d1f48b99963964b227689e`
SSDeep	`3072:5jvZR0w61TcplUhiXxlwOg2ZBviOVGJQYovI:laYGLDAN4G`
Imports Hash	`9a0ee258bdcff817a6239dddda158be0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Nov-05 02:33:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.9`
SizeOfCode	`0x31000`
SizeOfInitializedData	`0x7000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001E60 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x32000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.9`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x39000`
SizeOfHeaders	`0x1000`
Checksum	`0x437b4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0e0fbcd8896b7b6cb16966e2d2474e64`
SHA1	`01e7668f27cfb33ceb3cfbad25fbd5deb626eecf`
SHA256	`4a5c81bbf33c4cc4885485247c05cd533c693d72800f9cc9d38e243f01cb9a30`
SHA3	`d70bd8b159a0fc20185f1fe40539fd0635655a6bf0e90e0d7fcfaa5b53654fbb`
VirtualSize	`0x301d0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x31000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.75379`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x1b34`
VirtualAddress	`0x32000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x32000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`11673de4b99b9e42d5da580446bdccba`
SHA1	`6edb501758038c976c35607d43ddad04945b26c9`
SHA256	`19a22733fa5eeb7ccf398094e57111af06d1a9ec7c0aef79a2e2a0371ec4150b`
SHA3	`2783d8dcc4239f7ff9217451dc3946ce254f7f688b82198d6bbd8020efafc990`
VirtualSize	`0x4a65`
VirtualAddress	`0x34000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x33000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.49159`

Imports

MSVBVM60.DLL	`_CIcos` `_adj_fptan` `__vbaVarMove` `__vbaStrI4` `__vbaVarVargNofree` `__vbaFreeVar` `__vbaAryMove` `__vbaLenBstr` `__vbaStrVarMove` `#588` `__vbaFreeVarList` `_adj_fdiv_m64` `__vbaFreeObjList` `#516` `#517` `_adj_fprem1` `__vbaRecAnsiToUni` `#519` `__vbaStrCat` `__vbaVarCmpNe` `__vbaSetSystemError` `__vbaRecDestruct` `__vbaHresultCheckObj` `__vbaLenVar` `_adj_fdiv_m32` `__vbaAryVar` `__vbaVarTstLe` `__vbaAryDestruct` `__vbaLateMemSt` `#592` `__vbaVarForInit` `__vbaObjSet` `#595` `__vbaOnError` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `__vbaVarIndexLoad` `#598` `#521` `#522` `__vbaVarTstLt` `__vbaBoolVarNull` `__vbaFpR8` `_CIsin` `#631` `#709` `#525` `__vbaVargVarMove` `#632` `__vbaChkstk` `__vbaFileClose` `EVENT_SINK_AddRef` `__vbaGenerateBoundsError` `__vbaStrCmp` `#529` `__vbaPutOwner3` `__vbaVarTstEq` `__vbaAryConstruct2` `__vbaObjVar` `__vbaI2I4` `DllFunctionCall` `#670` `__vbaFpUI1` `__vbaRedimPreserve` `_adj_fpatan` `__vbaLateIdCallLd` `__vbaRedim` `__vbaRecUniToAnsi` `EVENT_SINK_Release` `#600` `__vbaUI1I2` `_CIsqrt` `__vbaVarAnd` `EVENT_SINK_QueryInterface` `__vbaUI1I4` `__vbaExceptHandler` `#711` `#712` `__vbaPrintFile` `_adj_fprem` `_adj_fdivr_m64` `#530` `#608` `#716` `__vbaFPException` `#717` `__vbaUbound` `__vbaStrVarVal` `#533` `__vbaGetOwner3` `__vbaVarCat` `#536` `#537` `#645` `_CIlog` `__vbaErrorOverflow` `__vbaFileOpen` `#647` `__vbaInStr` `__vbaNew2` `#570` `__vbaVar2Vec` `_adj_fdiv_m32i` `#572` `_adj_fdivr_m32i` `__vbaStrCopy` `__vbaI4Str` `__vbaFreeStrList` `__vbaVarNot` `__vbaDerefAry1` `_adj_fdivr_m32` `_adj_fdiv_r` `#100` `__vbaVarTstNe` `__vbaI4Var` `__vbaLateMemCall` `__vbaVarAdd` `__vbaAryLock` `__vbaVarDup` `#613` `__vbaFpI2` `#616` `__vbaFpI4` `__vbaVarCopy` `__vbaRecDestructAnsi` `#617` `_CIatan` `__vbaStrMove` `#618` `__vbaAryCopy` `__vbaCastObj` `__vbaStrVarCopy` `_allmul` `_CItan` `__vbaAryUnlock` `__vbaVarForNext` `_CIexp` `__vbaFreeStr` `__vbaFreeObj` `#581`

Delayed Imports

101

Type	`CUSTOM`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x3c`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`4.30286`
MD5	`24846d37c8ac49780469bcafdecc50cd`
SHA1	`dbbd0e8ccc5a6ddbb7af994941ebffe32630d34c`
SHA256	`70761444834869aa283b849414f965f0ea96e5ac94dede0d5a295a09780302b3`
SHA3	`42ed4ce2da86302dd13746537ca36d96f70c66b08176ca0b75ae7fada40777a7`

102

Type	`CUSTOM`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0xf`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`2.04022`
MD5	`6f8eaba559c3fd464ca17851b05a1df8`
SHA1	`d3818384fed0083005247b2b1761772c24191288`
SHA256	`f58c44d80f82c668d286564fdfc815089678789e33a3ec7ded873e4bc1027dd7`
SHA3	`6712f00a24bc2bdd13e0a23a915d0b1b2d0aba6adcbf885e0e0f795156672eb0`

103

Type	`CUSTOM`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x1000`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`0.259603`
MD5	`da2904268a89822bb2ef0b50811d1155`
SHA1	`2c5f279796e773c592b66d971a6f0292a4c240b5`
SHA256	`b420e07d13827297bdd9fcfd0fb4a43dd07ee8971d7d5492c8c5449349241fd3`
SHA3	`b7b112ba448d0e1adb6669a487bc100042513d84a8f3c57ba78caf16847bb2cf`

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x568`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`3.63774`
MD5	`e959cd87dd5574e056f21f8283ffedea`
SHA1	`9c1e2e5ac72b15358591c81af412b5682e0ae395`
SHA256	`3b35a91f49c1e66fb8593d3022bc86778196a2c1515de4dfd9727e3d2162dd5b`
SHA3	`ae335074c3586d9a5519cb90d0dcde7317801fd2b847275ee4b8a1953d2f55f3`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x6c8`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`5.44401`
MD5	`415d9a70812caa5e9cfeeafe1567c54f`
SHA1	`c412f2c9a98a0d380c0c7e8bcb718cc046a2f155`
SHA256	`3058c4d75a5baf4ca7487f3efc41a27902268a7cde7303cc5fd78a7f3d5f78cd`
SHA3	`0036e70723a2b9604792eed137d2a53cd34df7b193f13a70136df6a58d063969`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0xca8`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`4.07026`
MD5	`5a37a58dde17fc651ddf08a1cc60ac4b`
SHA1	`820d04bd2757f4452c27f195d44c99ba9270794b`
SHA256	`faffc5683f5c601892bb50d9d4b87cc7f30d848ce02ce18cf6e87c00b61d01f3`
SHA3	`d6b78eb616650253d0fdd2dddc9aec7b2b234e6d02698687c3d5363fb4776ccd`

30004

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x1ca8`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`4.08184`
MD5	`cc77d17571f9a93982e52029c81f38a1`
SHA1	`64921f0023360f80e832cf386ada8239d87daf4d`
SHA256	`631c75f743e5faa55fb99699f8408bc589f533922e77c31d6094a2b62111db3a`
SHA3	`86c813be07daac6b22f381d5678e50b3e6e15b5dedfd02d370db5cbbb8ca52e3`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x3e`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`3.17653`
Detected Filetype	Icon file
MD5	`3bcdd39442cf1b22782c21f59f346fe1`
SHA1	`e22755449ee301ec6cbdd94bdea28240faf45afd`
SHA256	`eeb7df3d28c83afb062d638170c96e6cfbfb41312c9f977bd25471a8618c437b`
SHA3	`64786eaa1df47a06939a7a263147c6488509794651f3d332fc3388430f89df68`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x22c`
TimeDateStamp	2017-Nov-05 02:33:39
Entropy	`3.23089`
MD5	`59071965fde0f40186a0a02ebcf02292`
SHA1	`2f733cb60cd6c393ffd1f07b8174dcf5fa69c00a`
SHA256	`026707b034306a32dc2a3fa08f3735cf8f07cc3319a618f423e1d013ff3d2604`
SHA3	`0a4bee34810975dd1eca1ab57b5884dcc0dc1e2100169e29acf5512e52353490`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.9.0.4
ProductVersion	0.9.0.4
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	by TurboCCC
ProductName	RGN_Tool
FileVersion (#2)	0.09.0004
ProductVersion (#2)	0.09.0004
InternalName	RGN_Tool
OriginalFilename	RGN_Tool.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8917de83`
Unmarked objects	`0`
14 (7299)	`1`
9 (8783)	`4`
13 (VS98 SP6 build 8804)	`1`

40478e3d7d6d78d80b16bc9f20b982d0

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

Imports

Delayed Imports

101

102

103

30001

30002

30003

30004

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors