Manalyze report for 542940003a9588b49a44b252fd2a5320

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2011-Mar-08 15:20:37
Detected languages	English - United States
Comments	FlipperVA
CompanyName	FlipperVA
FileDescription	FlipperVA
LegalCopyright	FlipperVA
LegalTrademarks	FlipperVA
ProductName	FlipperVA
FileVersion	`4.04.0001`
ProductVersion	`4.04.0001`
InternalName	Diplacanthus
OriginalFilename	Diplacanthus.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Malicious	VirusTotal score: 25/70 (Scanned on 2021-07-28 18:09:52)	`Bkav: W32.AIDetect.malware2` `Elastic: malicious (high confidence)` `MicroWorld-eScan: Gen:Variant.Razy.897973` `FireEye: Gen:Variant.Razy.897973` `ALYac: Gen:Variant.Razy.897973` `Cybereason: malicious.3b7f7e` `ESET-NOD32: a variant of Win32/GenKryptik.FIBC` `APEX: Malicious` `Kaspersky: UDS:DangerousObject.Multi.Generic` `BitDefender: Gen:Variant.Razy.897973` `Avast: Win32:Trojan-gen` `Ad-Aware: Gen:Variant.Razy.897973` `McAfee-GW-Edition: BehavesLike.Win32.Trojan.mm` `Emsisoft: Gen:Variant.Razy.897973 (B)` `GData: Gen:Variant.Razy.897973` `eGambit: Unsafe.AI_Score_62%` `MAX: malware (ai score=82)` `Kingsoft: Win32.Troj.Generic_a.a.(kcloud)` `Arcabit: Trojan.Razy.DDB3B5` `Microsoft: Trojan:Win32/Wacatac.B!ml` `McAfee: Artemis!542940003A95` `Fortinet: W32/Kryptik.FHVV!tr` `BitDefenderTheta: Gen:NN.ZevbaF.34050.fm0@a4VXRWii` `AVG: Win32:Trojan-gen` `CrowdStrike: win/malicious_confidence_90% (W)`

Hashes

MD5	`542940003a9588b49a44b252fd2a5320`
SHA1	`65613c53b7f7e1a4f346d9270ee891d2a0e72263`
SHA256	`ae98329a85df13c2051e0090dc455032f1202eb36da3df3c17ac36f94d0b95e0`
SHA3	`5743b9bc03a2a37a8cd58e9b58bbe50cc558370bb9f1caa8a2d4381417c5fcf7`
SSDeep	`768:teD+o16icaZa+s3cqosvwRJfw+VJ76gP7HylfHOFJboZfb7OU:teDb0/+s30vw+PugjSp0pebz`
Imports Hash	`7be5ce563aba0a332d6ee101ce2ee420`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2011-Mar-08 15:20:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.4`
SizeOfCode	`0x11000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001324 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x12000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`4.4`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x14000`
SizeOfHeaders	`0x1000`
Checksum	`0x2173a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`55817c2b44842af02256d191bf15184f`
SHA1	`d44617fd0351a06ab942c2b508763e9905579392`
SHA256	`53824f5afa23e513e06963bbe6b9d024bff2d29a68d598d6e167a2ff24785931`
SHA3	`9eafb02db0eb063ef937fd08d4e8ac4df7ff926734ef467153d04413d8cf1f24`
VirtualSize	`0x10824`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.16522`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0xd1c`
VirtualAddress	`0x12000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x12000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`b2b1e9dfe51fcd88e023a3b8a10e9841`
SHA1	`cb1883b5ae58a1d7fa9d7a33575c7b4b5e65bafd`
SHA256	`9010855a6c028c589151cabee258eea0b7039dafef7d626aae0428b1556da9d4`
SHA3	`0b416eb636a0fd72cec54a1832c8cd994c1db5ae82dcfedcfa7be0f0f17a004a`
VirtualSize	`0x558`
VirtualAddress	`0x13000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.44921`

Imports

MSVBVM60.DLL	`_CIcos` `_adj_fptan` `__vbaFreeVar` `__vbaStrVarMove` `__vbaFreeVarList` `__vbaEnd` `_adj_fdiv_m64` `#514` `__vbaFreeObjList` `_adj_fprem1` `__vbaSetSystemError` `__vbaHresultCheckObj` `_adj_fdiv_m32` `__vbaObjSet` `__vbaCyAdd` `#595` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `#705` `_CIsin` `__vbaChkstk` `EVENT_SINK_AddRef` `__vbaStrCmp` `__vbaVarTstEq` `DllFunctionCall` `_adj_fpatan` `__vbaLateIdCallLd` `EVENT_SINK_Release` `_CIsqrt` `EVENT_SINK_QueryInterface` `__vbaFpCmpCy` `__vbaExceptHandler` `_adj_fprem` `_adj_fdivr_m64` `#531` `#716` `__vbaFPException` `#717` `_CIlog` `#647` `__vbaFileOpen` `__vbaNew2` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaStrCopy` `__vbaFreeStrList` `_adj_fdivr_m32` `_adj_fdiv_r` `#685` `#100` `__vbaVarTstNe` `__vbaI4Var` `__vbaLateMemCall` `__vbaVarDup` `__vbaStrToAnsi` `_CIatan` `__vbaStrMove` `__vbaUI1Str` `#541` `_allmul` `__vbaLateIdSt` `_CItan` `_CIexp` `#580` `__vbaFreeStr` `__vbaFreeObj`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2011-Mar-08 15:20:37
Entropy	`2.90896`
MD5	`829512a0fcdf3d4a7892504751b0b435`
SHA1	`6dbf26543fd3ce74b5a24bde66fbd2345494e552`
SHA256	`b6bc0af147919c02e5c9adba548e3536acee2a4d68470233401452b53cd6fc85`
SHA3	`e2e4eaaf8d709c7dd791d7896181a6fbcf9f659f6b11b58e62fb0b200f20e39b`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x14`
TimeDateStamp	2011-Mar-08 15:20:37
Entropy	`2.25772`
Detected Filetype	Icon file
MD5	`791c51c977eb395cf47d1cf0a36cc458`
SHA1	`149cd043fa7e95ffc3828bce01ea5d424fe57907`
SHA256	`6b50a88f2d9901ebf48799084ebd0a534ca27cd097c21c90deb439ab844698eb`
SHA3	`5a5899fed526ae3758e2b687ff0a34f1e8d00b2d28a5359d6d8106c53dab70bc`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x32c`
TimeDateStamp	2011-Mar-08 15:20:37
Entropy	`3.26161`
MD5	`7e6e2eb3a127a7ef597c2b67dc6642d3`
SHA1	`37803c9b6c6118fcb4391244da318f209464afe8`
SHA256	`e78d1d3375b31184cf39e49c77fe3d21dbebc81a3dd5760a22d4919866ed482c`
SHA3	`337b30faf2ca1328e77f7c7f46bf0c56bda7778d98f9224e3bea073ef805eb67`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.4.0.1
ProductVersion	4.4.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	FlipperVA
CompanyName	FlipperVA
FileDescription	FlipperVA
LegalCopyright	FlipperVA
LegalTrademarks	FlipperVA
ProductName	FlipperVA
FileVersion (#2)	4.04.0001
ProductVersion (#2)	4.04.0001
InternalName	Diplacanthus
OriginalFilename	Diplacanthus.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x91a80893`
Unmarked objects	`0`
14 (7299)	`1`
9 (8783)	`8`
13 (VS98 SP6 build 8804)	`1`

542940003a9588b49a44b252fd2a5320

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

Imports

Delayed Imports

30001

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors