Manalyze report for 6a38aef00dff045f1bbb0a78c312289f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Mar-26 22:13:17
Detected languages	English - United States
CompanyName	Finastra
LegalCopyright	©2018 Finastra. All rights reserved.
ProductName	EZStartupENT
FileVersion	`18.01.0007`
ProductVersion	`18.01.0007`
InternalName	EZStartupENT
OriginalFilename	EZStartupENT.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic 5.0` `Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0` `Microsoft Visual Basic v6.0`
Suspicious	PEiD Signature:	`Protect Shareware 1.1 -> eCompserv CMS`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: REGSVR32.EXE`
Malicious	VirusTotal score: 18/65 (Scanned on 2018-10-15 11:05:58)	`MicroWorld-eScan: Trojan.GenericKD.40600645` `CAT-QuickHeal: Trojan.IGENERIC` `McAfee: Artemis!6A38AEF00DFF` `Cylance: Unsafe` `AegisLab: Trojan.Win32.Generic.4!c` `BitDefender: Trojan.GenericKD.40600645` `Cyren: W32/Trojan.YHZG-1812` `TrendMicro-HouseCall: TROJ_GEN.R002H09JD18` `Ad-Aware: Trojan.GenericKD.40600645` `F-Secure: Trojan.GenericKD.40600645` `McAfee-GW-Edition: BehavesLike.Win32.Trojan.ch` `Emsisoft: Trojan.GenericKD.40600645 (B)` `Ikarus: Trojan.Dropper` `Avira: TR/Dropper.Gen` `Microsoft: Trojan:Win32/Zpevdo.A` `Arcabit: Trojan.Generic.D26B8445` `GData: Trojan.GenericKD.40600645` `CrowdStrike: malicious_confidence_70% (D)`

Hashes

MD5	`6a38aef00dff045f1bbb0a78c312289f`
SHA1	`333d4eda1f50b4743812d8b962f9082f9296d57d`
SHA256	`06e8eb10fef21b9d094e40347e2ef38dc7f2a786408338a5fdc791e46d69e280`
SHA3	`27f12ab656d4fd3dc2069463fe23496de1b8367a8400201ba7f73dfcbc77a6fa`
SSDeep	`3072:JvBS8IuVzi+tkbC2+bC2T4RnIxtzNsX5JiEh5WM+rs1S9t1iQUJbjrC2A:v//+bC2+bC2hxtoBJzC2A`
Imports Hash	`9734c962902b776ce18de4a078e4647d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-Mar-26 22:13:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.1`
SizeOfCode	`0x24000`
SizeOfInitializedData	`0xb000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001958 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x25000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`12.1`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x30000`
SizeOfHeaders	`0x1000`
Checksum	`0x351f9`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9e163a4ad248e5ac7e38ce3b292bc968`
SHA1	`0b6c12040fd640a3a6dfa182aaaecb4badd5ea12`
SHA256	`66a2d8b957606e7d8b9590641e5eaadf681bc5b4ce0110674168e4013954bc86`
SHA3	`554902220ded4ecfca4f1310ecb709837e0429194cde9e6be49cd16415d40eb9`
VirtualSize	`0x23df8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x24000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.28268`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x1828`
VirtualAddress	`0x25000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x25000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`411bf2d7b9ebd0aebdd090c34197dd77`
SHA1	`8791b09b0a43a22abae57d439f35eb62ac6f9a03`
SHA256	`e9a70f1f02320ea779614c2c231f28c7f6165c15aa0eab0f4f83c9bd5ac71082`
SHA3	`6fb9dab329e6ef1c2d564428a7790fc5ff48f49d611b0636711e0ccea8f89384`
VirtualSize	`0x8f74`
VirtualAddress	`0x27000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x26000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.13864`

Imports

MSVBVM60.DLL	`__vbaVarTstGt` `__vbaVarSub` `__vbaStrI2` `_CIcos` `_adj_fptan` `__vbaStrI4` `__vbaVarMove` `__vbaVarVargNofree` `__vbaFreeVar` `__vbaLenBstr` `__vbaStrVarMove` `__vbaLineInputStr` `__vbaFreeVarList` `__vbaEnd` `_adj_fdiv_m64` `__vbaFreeObjList` `#516` `__vbaStrErrVarCopy` `_adj_fprem1` `__vbaRecAnsiToUni` `#519` `__vbaCopyBytes` `__vbaStrCat` `__vbaLsetFixstr` `__vbaBoolErrVar` `__vbaSetSystemError` `__vbaRecDestruct` `__vbaHresultCheckObj` `#557` `_adj_fdiv_m32` `__vbaAryVar` `__vbaAryDestruct` `__vbaVarCmpGe` `#669` `#591` `#592` `__vbaExitProc` `__vbaBoolStr` `__vbaStrBool` `#593` `__vbaFileCloseAll` `__vbaOnError` `#595` `__vbaObjSet` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `#598` `__vbaStrFixstr` `#523` `__vbaFpR8` `__vbaBoolVarNull` `_CIsin` `#631` `#525` `#632` `__vbaChkstk` `#526` `__vbaFileClose` `EVENT_SINK_AddRef` `#527` `__vbaGenerateBoundsError` `#528` `__vbaStrCmp` `#529` `__vbaAryConstruct2` `#561` `__vbaI2I4` `__vbaObjVar` `DllFunctionCall` `_adj_fpatan` `__vbaFixstrConstruct` `__vbaRedim` `__vbaRecUniToAnsi` `EVENT_SINK_Release` `#600` `__vbaUI1I2` `_CIsqrt` `__vbaVarAnd` `EVENT_SINK_QueryInterface` `__vbaUI1I4` `__vbaExceptHandler` `#711` `__vbaStrToUnicode` `__vbaInputFile` `__vbaPrintFile` `#606` `__vbaDateStr` `_adj_fprem` `_adj_fdivr_m64` `__vbaI2Str` `#607` `#608` `__vbaVarCmpLe` `#716` `__vbaFPException` `__vbaInStrVar` `__vbaUbound` `__vbaVarCat` `__vbaDateVar` `#537` `#644` `_CIlog` `__vbaErrorOverflow` `__vbaFileOpen` `__vbaNew2` `__vbaR8Str` `__vbaInStr` `#648` `#571` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaStrCopy` `#573` `#681` `__vbaI4Str` `__vbaFreeStrList` `#576` `_adj_fdivr_m32` `#577` `_adj_fdiv_r` `#685` `#100` `#687` `__vbaVarSetVar` `__vbaI4Var` `#610` `__vbaAryLock` `__vbaLateMemCall` `__vbaVarDup` `__vbaStrToAnsi` `__vbaFpI2` `#616` `__vbaVarLateMemCallLd` `__vbaRecDestructAnsi` `#617` `_CIatan` `__vbaStrMove` `#618` `__vbaAryCopy` `#650` `_allmul` `_CItan` `__vbaAryUnlock` `_CIexp` `__vbaFreeStr` `__vbaFreeObj` `#581`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e8`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`3.62172`
MD5	`9515bfb326fa7785c92c266f377507af`
SHA1	`043b4a23e7a755ac5f63b003e01eddf0e7e29def`
SHA256	`8ec31f69314de26673ac298fa551c0885c00a52b2fa7c3de3e85bc2d08570718`
SHA3	`9714b889488fc76b8f778ee15cb42b5b4e8049eb5a2fa727d49d4c75fd2dd2c1`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`4.08707`
MD5	`66b0b9e79615f1a42b091cec6173f85b`
SHA1	`0b5f7417f3bbb6ad52a1f17750d7564e142d7620`
SHA256	`855d1e2b971b360280637366a550878cac0740b277a8ea5a1b44d01ddd2ceb82`
SHA3	`d6bbb8d7a09446b4363e40011fd3753939a758c75f0bdb62519ca69d3c29a5f9`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0xea8`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`3.76189`
MD5	`a603cfa772c600f6999dbcda34c6cefb`
SHA1	`c9b3b4b6f37fa264cd9d9e74e59444bc6eddd769`
SHA256	`c2591e9fbdebf5bc6087edaf891b8abea75bb81ea4bf31e4bc942aeeaeb27522`
SHA3	`95c83a63b73d8083626c50ed137e8680dfa0e8dff3ab86dbc887e8cc332e3c1a`

30004

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x8a8`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`4.58465`
MD5	`cee574fcd56ccdc0a6e94afd22e08876`
SHA1	`d63cf6f0bae42a262115a5ce57dba47f66d85615`
SHA256	`8123c2c2b1ae4a7c9680642c97b3a08c9ec0fa8a6a59274e3b88586ec7246a8d`
SHA3	`6ac1652c3badc598b8966acf336c8f4b4c2cc441ed6a2038c188eaacc2476d81`

30005

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x568`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`4.95347`
MD5	`42799b1c9cefcbc1559c8ca1a35ebce0`
SHA1	`dee277406a1b822442fb5740d488d74e575315ba`
SHA256	`457aad8709ed6345d3a04a5a6eac7d8df4474f67d45e2f8fd2b95ec29801d85a`
SHA3	`133edfe51155dd5e5a6b993e549073de8a4040494f23cc81ce5484648334116e`

30006

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e48`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`7.94457`
Detected Filetype	PNG graphic file
MD5	`182ca6859ec2d9cc3d438127126b7035`
SHA1	`35123919b94c203d388f55dab05aa7d56c990bc5`
SHA256	`2c228d9595f6be7f1e63db22bdf1e00297950c567ecf55ec2b5fe1ed0036b912`
SHA3	`ced222eb119b3b52ec92b79a3049a9a009d290b65fbfedd0107dc18834280b56`

30007

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x25a8`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`3.57666`
MD5	`00f819a08590b88f19c42fe1f93ef829`
SHA1	`8b9a1ac313b8de12839bda2182d71dbd696788f7`
SHA256	`1902785f2c47a4e25f00a36622d56145864572cf3f287e6060c6d58c8e753a22`
SHA3	`c5859baea19ddd6f1454bbce2af75a496a9b0c341ccac010df03e4e63c323123`

30008

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x10a8`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`4.18902`
MD5	`d6994f8917d4389e4f1c68e505156718`
SHA1	`157c681d582a7c2b5b272c328bd1de64ea0a34d9`
SHA256	`b7625945e660206eddbcdb3ee46a8162820eb4ff913c5a9e437cd82b03dd49cc`
SHA3	`81dcf4bc8aa36982712641c9ab172e24f7914a3d9829499b19167db3af49886f`

30009

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x468`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`5.02727`
MD5	`61b026c8c6bf57a440da17a3c29dfacb`
SHA1	`15e92f0c98d280adaa07cc7e1988fd371606e9bc`
SHA256	`911e50ab2ffe363b9a816758773efaae330e8191bc446fee447545acfbe9eaff`
SHA3	`87c07f5ee7d1f2b10a6458a5b32807133a275a61714a202f60995df1c3533b4a`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x84`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`3.44762`
Detected Filetype	Icon file
MD5	`7688e7b19fa3367d5ea7a8eb86273b88`
SHA1	`d4a84ea7907704f229a9fe3c3c64cd63df29ae15`
SHA256	`29a13312fe5194f10087ad758278f6373766a5f57a7a10b8535b691f7f75725e`
SHA3	`a9658307e1af68671f9927eb0de45148d72e0afcc43b819f5b805217f8ae0ca3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x2b8`
TimeDateStamp	2018-Mar-26 22:13:17
Entropy	`3.34851`
MD5	`f375a55105c87c49ee1a43a04ce4549d`
SHA1	`002b27d22852ce852f2ab14a0674bbff10ba2210`
SHA256	`39a38f5afd50ef6d8033a5ae3d0bbfeeddd1bbb87930eee4977152d6850b53b0`
SHA3	`6139a5241b858b725665d83ac8153bab6af3149176fa6eb58cdb650c6505700f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	18.1.0.7
ProductVersion	18.1.0.7
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Finastra
LegalCopyright	©2018 Finastra. All rights reserved.
ProductName	EZStartupENT
FileVersion (#2)	18.01.0007
ProductVersion (#2)	18.01.0007
InternalName	EZStartupENT
OriginalFilename	EZStartupENT.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8917a389`
Unmarked objects	`0`
14 (7299)	`1`
9 (8041)	`4`
13 (8169)	`1`

6a38aef00dff045f1bbb0a78c312289f

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

Imports

Delayed Imports

30001

30002

30003

30004

30005

30006

30007

30008

30009

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors