Manalyze report for 509e1be225d9271b400b469bd15bb67b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jan-24 14:28:31
Detected languages	English - United States
CompanyName	MIS
ProductName	fnwGeneraBatchIrb
FileVersion	`6400.2019.2301`
ProductVersion	`6400.2019.2301`
InternalName	fnwGeneraBatchNCD
OriginalFilename	fnwGeneraBatchNCD.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Suspicious	PEiD Signature:	`UPolyX V0.1 -> Delikon`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`509e1be225d9271b400b469bd15bb67b`
SHA1	`13b8104a1bd3511919a163d0dcbae8664a3473d8`
SHA256	`9acb5df8abce091011a1bbfb6969b652ff95c6c915797d099274d60eee3f3ab3`
SHA3	`c32677f3b1a3248f338e3254ad6199a05c7bde0990d42a55a0e831724d8e5809`
SSDeep	`3072:XBzmI0Jjl1TE06RB5NkeR8ujY1/uxB1q5Nt6RNjl1TEBBzmI0:X5mIeY06R/OGdUsxXqz6R1YB5mI`
Imports Hash	`301bb0d9b9d88246e474e7b250664238`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Jan-24 14:28:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.2019`
SizeOfCode	`0x75000`
SizeOfInitializedData	`0x74000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000134C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x76000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1900.7E3`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xea000`
SizeOfHeaders	`0x1000`
Checksum	`0xebe52`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a5c4a4c618d5d315a7edca547368a51a`
SHA1	`b330c41e55acb8168a767c34603e2499ddfc74c8`
SHA256	`0a024114afdf7af30f80c3ac105af9455819afd7ba5db1a83dd2bca20bd85866`
SHA3	`dbd75a2862bed3d59cf36d7d34d1186388adc34f5a0393c461da616380894740`
VirtualSize	`0x74ed8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x75000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`2.58716`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x9f0`
VirtualAddress	`0x76000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x76000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`0cac835a0f4cc5e68f471fddda4daa35`
SHA1	`f60ba624c5c74e51fcc705c2e95d6870a305fd01`
SHA256	`217e2ee154e6a20a18df08228eb446d270edc77c7b173b41ee3acca1c98c7227`
SHA3	`17b7ade036a1f431a9fbefd59b3f730301bc2fd57f0965320ba6a0f57525e229`
VirtualSize	`0x72b84`
VirtualAddress	`0x77000`
SizeOfRawData	`0x73000`
PointerToRawData	`0x77000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.4893`

Imports

MSVBVM60.DLL	`__vbaStrI2` `_CIcos` `_adj_fptan` `__vbaVarMove` `__vbaFreeVar` `__vbaStrVarMove` `__vbaFreeVarList` `_adj_fdiv_m64` `__vbaFreeObjList` `__vbaStrErrVarCopy` `_adj_fprem1` `__vbaStrCat` `__vbaHresultCheckObj` `__vbaLenVar` `_adj_fdiv_m32` `__vbaAryDestruct` `__vbaExitProc` `__vbaOnError` `__vbaObjSet` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `#598` `__vbaBoolVarNull` `_CIsin` `#632` `__vbaChkstk` `EVENT_SINK_AddRef` `__vbaGenerateBoundsError` `__vbaStrCmp` `__vbaAryConstruct2` `__vbaDateR8` `__vbaObjVar` `__vbaI2I4` `#670` `_adj_fpatan` `EVENT_SINK_Release` `_CIsqrt` `EVENT_SINK_QueryInterface` `__vbaExceptHandler` `#712` `_adj_fprem` `_adj_fdivr_m64` `#716` `__vbaFPException` `__vbaStrVarVal` `__vbaVarCat` `__vbaDateVar` `__vbaI2Var` `_CIlog` `__vbaErrorOverflow` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaFreeStrList` `__vbaVarNot` `_adj_fdivr_m32` `_adj_fdiv_r` `#685` `#100` `__vbaVarDup` `#613` `__vbaLateMemCallLd` `_CIatan` `__vbaStrMove` `__vbaI2ErrVar` `_allmul` `_CItan` `#546` `_CIexp` `__vbaFreeObj` `__vbaFreeStr`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x668`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`2.94687`
MD5	`7a5f6d20b579f40902c5c97318df2fcc`
SHA1	`0697dd52775d5f370a59a46fea47e11ecfc1ffb6`
SHA256	`f5c2cd372637b752cb5b475b69b2f38a5cca27a602645b784d7fc1ee78420138`
SHA3	`757388e8f27ea7384c4ec7afa2f83ebba715963675fb3ddf4035f4c5c6787eb5`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`3.188`
MD5	`69c49cf40ead7e13602790cff11d7ab0`
SHA1	`931e8d4d3be58fdc125a0a5c53f9cc13999b3323`
SHA256	`7718d846e6b2c59fe023069b204b8884bea073d000b392b98220fec960c3770f`
SHA3	`ab6e3ab2ff78080c5a3d98c6d12f744c88f93cebd802684680a3a06890ccd627`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x1e8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`2.99982`
MD5	`c3a63560c404e581d97ab0a12df819a7`
SHA1	`858171c2a3204d67e8d4c657a93f8339d46cf259`
SHA256	`7203175f1c36f87d7041f8d56d0b2ee28e2e245919e522f79060186f63044414`
SHA3	`444d232f3f58f31826fb3a72ea9f17886081d67a09628b5efd59ad867fe5ec84`

30004

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0xea8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`3.09536`
MD5	`442592f2a12222661c63431e340ac099`
SHA1	`862180f129094f34c2bc89f747dc46375e578fe6`
SHA256	`49766c40a466ac4f65b1b21719d06b0c207ce510fe26823672906df25408057a`
SHA3	`e637bbb6e8e24cf6b0f3e6d3a4cd31d9ec007ab7d694df835c802d2914efba59`

30005

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x8a8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`3.14858`
MD5	`038e514b33bbb6e06b22c7df9aa1c460`
SHA1	`f6ac3d5524d4f8555a50cee9ee9ffaee4da1c404`
SHA256	`39fb48a9645eac62250dc921282217eb71f1b5950c2a13daa8d44bd2f4186168`
SHA3	`ecf411a31e15ff2a0a0336d03e1481c35f403f7800de9fa8fe3b33fcb9891aa8`

30006

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x6c8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`2.67531`
MD5	`31a2309c337fa712f2cfb9f6446592c9`
SHA1	`a1b038007512f3917d6d04a15d76168605ca497d`
SHA256	`379997216c86370e51c94b7e6a79e7dcb0601308bc86e2fef472055a409756d7`
SHA3	`6858d7eac3b0811a241c40408b483293dcb05c27408a029feaf8596d67126966`

30007

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x42028`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`2.12999`
MD5	`8079b970dcd3a6a6bf9ca0837c60b709`
SHA1	`00f13483be9cabc151eaee937d48a57105a7e4a2`
SHA256	`78c61de1111eed7910e2e0391c8342011827400cc2f5d371ea66153b8a779a8c`
SHA3	`d451924f464dd64ad027da9d50e32c73340f3e03a0f0d1f48c95c18325661bb4`

30008

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x10828`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`2.54169`
MD5	`aab9073b3095a45ef15e41151468e2bc`
SHA1	`a2b967ecd411ced55396c1545601be39798ce03e`
SHA256	`568679a11f750b4ce3a30375d9e8b0ac6d6e2dff1a598e9972bc1be4a22338fb`
SHA3	`b014e70461026def348f31c68cd569a0139c03fdb4cca68a40b802b7632105b9`

30009

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x94a8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`2.75173`
MD5	`1c059a777441603df57235e2b886a40f`
SHA1	`ae5dde249dcf09fa751a9e5b16f3bfb1ac810c08`
SHA256	`9e3aa8209796c91564e0d9a9187bc97646b33341dd4cd0bcf160e5e233592a04`
SHA3	`fd2686d63df8ab858b79d61f5ffb9cd8ef4f37c3f7b45c024d7782dec86ea4e8`

30010

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x67e8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`2.84009`
MD5	`610591b1ace7db4c92ff70c19d3ac291`
SHA1	`d16df10ce12e8b4d47fe74e06c50e73c4da1566d`
SHA256	`6f694f1ec93166927d3b54bcb082720c0977ad96a63ba236d903eb41a0ea632e`
SHA3	`8a5318b8995e1a1700e70909254edb5bf0d3aa8f3be663697bf0c6eeecd58384`

30011

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x5488`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`2.91927`
MD5	`0d4174b77e34461309a988d54159f09d`
SHA1	`bb47d7eef8cbf08c3d5d365817e8933e7382512e`
SHA256	`c68ba0fb6962cf7c1ae889fbd01501a36976396aca913b92af4978d3917c08bc`
SHA3	`5f6316d8edbfc3df1374a4c9c05c95d31ec126c30771059b3e56c2e59981dd64`

30012

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x4228`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`3.07042`
MD5	`72bc602b03d83e410487743febfdcf08`
SHA1	`89f1230175663782ae42b326ed6d44aa35566005`
SHA256	`b48ac775021bcd5eaae3faa9d423ef164fac611c9314c24d04de52edfe28a27d`
SHA3	`9d832b8d2e3768a7275d1c98cfe5c3c00c33a1bf639617279fb57989130a0112`

30013

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x25a8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`3.29253`
MD5	`eeffed9c0da724ead4580d56e3f246a3`
SHA1	`238f00c931a340bbe91f3804a43e2c0610b7fe99`
SHA256	`a148f974d8ec035ea39683c1423b71a165905e805449795177ccbb1f77e6824b`
SHA3	`6417f75bbda42d192239234d686e190d968e73f2a7b7f3ae44cf86b6e187443a`

30014

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x10a8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`3.78636`
MD5	`ac25c9e5ba568d835f7e0a57ef096331`
SHA1	`e5a7b48024957bf72d06e0a44325d68adb5600cc`
SHA256	`07e2769dee68cd813d14d624bc21dae3b2378ad387dfddfdaa7b64f56a141b27`
SHA3	`34b9ddeba72061080f3f94b4d3cff5e07dba4f40958a3bc0f24d3631d7908631`

30015

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x988`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`4.01073`
MD5	`41f86131b327ac02944160f510f9da4b`
SHA1	`6a3b90bb5081a2a906f6fcdff9bcf3ff4fd8e614`
SHA256	`30f8705d6a2c537ca75c5209325f4baba34f682c095a16b0670d8b38c320284d`
SHA3	`d4931cb219f2998e641d1c5d6fede700d56b91d1b19f5c38e4818195a5b6d2b7`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0xd8`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`3.66405`
Detected Filetype	Icon file
MD5	`643c2be5739d6f9c1b66cbd5bec9f1d7`
SHA1	`f408c460a111ebb79ed172aa888fca943a7fc449`
SHA256	`f5e3dfe8fd5f9e2b153cfb1a49ca015a7e985fc1238470422dbfe6644a75b730`
SHA3	`f7e22f26c759dca035ed2af9ee7c16015b7908cc0b605a3692fa55ff9898b62b`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x264`
TimeDateStamp	2019-Jan-24 14:28:31
Entropy	`3.41577`
MD5	`ad8f7c26f9975ca1b553df8b4782dc15`
SHA1	`5472a4d2386e79398e00d616d472593070f28d8c`
SHA256	`5d1ff7c184da1202e4c8e5f9a72bcfdf8445ba5620e56abb1240fc014273c243`
SHA3	`4b11dec4255a70bf3e237e4b95f21079b834013040ee2f9c04cb843cfa1af9cb`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6400.2019.0.2301
ProductVersion	6400.2019.0.2301
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	MIS
ProductName	fnwGeneraBatchIrb
FileVersion (#2)	6400.2019.2301
ProductVersion (#2)	6400.2019.2301
InternalName	fnwGeneraBatchNCD
OriginalFilename	fnwGeneraBatchNCD.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8897fe31`
Unmarked objects	`0`
14 (7299)	`1`
9 (8783)	`1`
13 (VS98 SP6 build 8804)	`1`

509e1be225d9271b400b469bd15bb67b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

Imports

Delayed Imports

30001

30002

30003

30004

30005

30006

30007

30008

30009

30010

30011

30012

30013

30014

30015

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors