Manalyze report for 435370186a4d02bf38a095270519edc5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Feb-18 20:39:11
Detected languages	English - United States
Comments	ubISOFT
CompanyName	ubISOFT
FileDescription	Roverto
ProductName	Enkronersprakv
FileVersion	`1.00`
ProductVersion	`1.00`
InternalName	Kommuni
OriginalFilename	Kommuni.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic 5.0` `Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Malicious	VirusTotal score: 53/71 (Scanned on 2020-03-25 11:22:28)	`DrWeb: Trojan.KillProc2.9319` `MicroWorld-eScan: Trojan.GenericKD.33555708` `CAT-QuickHeal: Trojan.Wacatac` `McAfee: Artemis!435370186A4D` `Cylance: Unsafe` `Zillya: Trojan.Vebzenpak.Win32.1607` `Sangfor: Malware` `K7AntiVirus: Trojan ( 00562d2c1 )` `Alibaba: Trojan:Win32/Vebzenpak.5c618a17` `K7GW: Trojan ( 00562d2c1 )` `Arcabit: Trojan.Generic.D20004FC` `BitDefenderTheta: Gen:NN.ZevbaF.34104.cm0@a4uM7Hki` `F-Prot: W32/Injector.AAM.gen!Eldorado` `ESET-NOD32: a variant of Win32/Injector.ELEF` `APEX: Malicious` `Avast: Win32:Trojan-gen` `Kaspersky: Trojan.Win32.Vebzenpak.ijn` `BitDefender: Trojan.GenericKD.33555708` `NANO-Antivirus: Trojan.Win32.Vebzenpak.hfrxku` `Paloalto: generic.ml` `Rising: Trojan.Kryptik!1.C40D (CLOUD)` `Ad-Aware: Trojan.GenericKD.33555708` `Sophos: Troj/VB-KSU` `F-Secure: Trojan.TR/Injector.iwxjq` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: TROJ_GEN.R002C0DCI20` `McAfee-GW-Edition: RDN/Generic.grp` `Trapmine: malicious.moderate.ml.score` `Emsisoft: Trojan.GenericKD.33555708 (B)` `SentinelOne: DFI - Suspicious PE` `Cyren: W32/Injector.AAM.gen!Eldorado` `Jiangmin: Trojan.Vebzenpak.bji` `Avira: TR/Injector.iwxjq` `Fortinet: W32/GuLoader.VHHS!tr` `Endgame: malicious (moderate confidence)` `Microsoft: Trojan:Win32/Dynamer!rfn` `AegisLab: Trojan.Multi.Generic.4!c` `ZoneAlarm: Trojan.Win32.Vebzenpak.ijn` `AhnLab-V3: Trojan/Win32.VBKrypt.R328950` `VBA32: Trojan.KillProc` `ALYac: Trojan.GenericKD.33555708` `MAX: malware (ai score=86)` `Malwarebytes: Trojan.GuLoader.VB` `TrendMicro-HouseCall: TROJ_GEN.R002C0DCI20` `Tencent: Win32.Trojan.Vebzenpak.Pavj` `Yandex: Trojan.Injector!CxyuF0pwd88` `Ikarus: Trojan.VB.Crypt` `GData: Trojan.GenericKD.33555708` `MaxSecure: Trojan.Malware.79540839.susgen` `AVG: Win32:Trojan-gen` `Panda: Trj/GdSda.A` `CrowdStrike: win/malicious_confidence_100% (W)` `Qihoo-360: Win32/Trojan.c49`

Hashes

MD5	`435370186a4d02bf38a095270519edc5`
SHA1	`7224a1923fd7654d519e8645c82b129a6e254b6e`
SHA256	`b4efdb0724f8698ae56c4584540c1d280a62485b5080398cd76f85202cbe5a27`
SHA3	`0d77d7d9e187fa45be02e19201c93aa3814cb28a4dfeaf9c9111e80bec4ba927`
SSDeep	`384:HGsckt9G479JgK8oCYPSSCNR8T4+X1FXJivaQQqh3RLJW/X4qPU84pi/0Gj9K:HVXM4pJaoCYKx8XbDqhhLvnpS`
Imports Hash	`6c46d64ba48ae46b768648ab3e4b73eb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Feb-18 20:39:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x9000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000109C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x1000`
Checksum	`0xe3d5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`49546360edd30e523ac53dcac7f9f36d`
SHA1	`20a98183e113e524ba8918f8e31b35bbfaf87dac`
SHA256	`1d25fe1ce7f1de24e77221b37dc8158c7f2021a1127dfd6d729bd03b85c46e59`
SHA3	`66450e839ca5b6ccd86d9afa6db48bc1244db132fe12e587a7a70211b3f9d350`
VirtualSize	`0x8f28`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36717`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xbd4`
VirtualAddress	`0xa000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`ddee30c0dc71d561d6a4d23bc6b02f3b`
SHA1	`e7d48dce3b142b96badc4f9c0b850cd1e661b2d3`
SHA256	`8db79c93be8ad94486eb97ede8444ea5359d0041137c0889b9d082652d5a7d3e`
SHA3	`b47092bd01952ea20af7b9944879f314d1188eccd9f034ab17f527a329f3e861`
VirtualSize	`0x938`
VirtualAddress	`0xb000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.99513`

Imports

MSVBVM60.DLL	`#585` `#696` `#629` `#663` `#522` `#523` `EVENT_SINK_AddRef` `#561` `EVENT_SINK_Release` `EVENT_SINK_QueryInterface` `__vbaExceptHandler` `ProcCallEngine` `#571` `#685` `#100`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x130`
TimeDateStamp	2017-Feb-18 20:39:11
Entropy	`2.57965`
MD5	`a20d09bee9b4207ad5a3b67a78c1dce3`
SHA1	`ca85fbf532389887f3837bbadd1c579040b99c8b`
SHA256	`2d3915cdc82e909357d44c4de1b8890bd753605c28df11b10299e3fd09d930b9`
SHA3	`e3b2b0325b24bb74af126af0863b39a6e63c08820f69cf0ae582a31bfc1052db`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e8`
TimeDateStamp	2017-Feb-18 20:39:11
Entropy	`1.76987`
MD5	`24799ca590d42134e7103b06d46fd960`
SHA1	`4af9a0fe3b7371abc50a18e851f3122fce9a2ffa`
SHA256	`a32e750bc1b0315530097434a7e1d324b843e1f5ffd95238b49d3a8aa8e6fe09`
SHA3	`9a17698629ef5e7a1c567a9669be74aa2c9d8356ecfba40c48811e4dcf5ea875`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2017-Feb-18 20:39:11
Entropy	`2.07177`
MD5	`e6c5053ba1c848d7e16701a2d08fb8c6`
SHA1	`f253482c0fa25197130f6475f2ded060527843bf`
SHA256	`46dc088910439dad6a0d69da5e64227d04a640845fd1c31e90a7d4340c539fe0`
SHA3	`1e6c369197dd1a466ea87357db49ec559ecf82c0c3fa13af1a383445945861e6`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x30`
TimeDateStamp	2017-Feb-18 20:39:11
Entropy	`2.97836`
Detected Filetype	Icon file
MD5	`835a20def9b2661b64b8ac06b4901f36`
SHA1	`70732dac88537f00c89d105f986ef843d3aca818`
SHA256	`cbdcb84268fcf2a25b844c1dca787de835c0376e82c1a2e62814a3c940a26cfb`
SHA3	`9a2de99425a7e2086c65d82719bf44696cfe58b8077ce214e814ceeeb78ba1f4`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x278`
TimeDateStamp	2017-Feb-18 20:39:11
Entropy	`3.20873`
MD5	`4f36d66e55272fe6189e8d293aec510b`
SHA1	`be65a27dfebcfa65c51df2461e019fb3a3a199a1`
SHA256	`84d99a8c9ed741f7f9183d7e79e23d6f1dcb2961005ba7a351cf210a7bfbe4b6`
SHA3	`7a64747908ac0b8127f57c31b64cd771d3925fb6a560583f710381bf3f1fcbbe`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	ubISOFT
CompanyName	ubISOFT
FileDescription	Roverto
ProductName	Enkronersprakv
FileVersion (#2)	1.00
ProductVersion (#2)	1.00
InternalName	Kommuni
OriginalFilename	Kommuni.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8869808d`
Unmarked objects	`0`
13 (VS98 SP6 build 8804)	`1`

Errors

[*] Warning: Section .data has a size of 0!