Manalyze report for 75bc329144222b84f8723f5af0cd0c7f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`UNKNOWN`
Compilation Date	1999-Sep-10 16:25:09

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0` `Microsoft Visual Basic v6.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run`
Suspicious	The PE is possibly packed.	`Unusual section name found: .\x03\x01\xff\xffu` `Unusual section name found: .\x03\x01\xff\xffu` `Unusual section name found: .\x03\x01\xff\xffu` `Unusual section name found: .\x03\x01\xff\xffu` `Unusual section name found: .\x03\x01\xff\xffu` `Unusual section name found: .fs` `The PE only has 0 import(s).`
Malicious	VirusTotal score: 4/41 (Scanned on 2012-09-15 07:36:34)	`Kaspersky: Backdoor.Win32.RE2K` `Comodo: UnclassifiedMalware` `Jiangmin: Backdoor/RE2K` `VBA32: suspected of Malware.VB.14`

Hashes

MD5	`75bc329144222b84f8723f5af0cd0c7f`
SHA1	`c9dd1e287a25de11e295ae0e464dbf71402245ab`
SHA256	`ff3fd4e2cdc31bac25d3009f5b66efd0f58397c6217ffb8a544bb599819635ed`
SHA3	`9ed21919976d92748c922cb8d204cb2f86710569933d578645ba47eebc3cd142`
SSDeep	`768:4xvVuIKPdBE7djtGdd7mdDLKuydSbTGd3hjOdDCdAhLrMdlkwbdaTJA+Uu1TQ90:4ZVj1BW+Uu1TQ9056dMw7`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	1999-Sep-10 16:25:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`4.0`
SizeOfCode	`0x6c6ca400`
SizeOfInitializedData	`0x386c`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000016AC (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`UNKNOWN`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_LIBRARY_PROCESS_INIT` `IMAGE_LIBRARY_PROCESS_TERM` `IMAGE_LIBRARY_THREAD_TERM`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`66a60def86cf69835701f30ca0ca2ed0`
SHA1	`100e9c556f9013d0c5a85946c3d1848a80e173db`
SHA256	`7e390378f7963959ec9755b375d76463ed60c2273aac7f3da54f250d2d16cef8`
SHA3	`8bcfb90d0dfb0d28e128b18f044185d237e07f93f184e0d3849c132be97a4c6e`
VirtualSize	`0xc000`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.0847`

.\x03\x01\xff\xffu

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x1000`
VirtualAddress	`0xd000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.\x03\x01\xff\xffu (#2)

MD5	`6f48f6863398323991fc890522dc8893`
SHA1	`8ed7ef069dbca259189826acd33e873eb0d3ae58`
SHA256	`027807d468bf350fc0994b9aa0341de92b77de68d94cbe03fc7d3c2824b81f2c`
SHA3	`77a7c250a4ec78d2826b887c191cf391ecbf2d0dcc3aa13a4a983c2fc84b0bd9`
VirtualSize	`0x2000`
VirtualAddress	`0xe000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.74394`

.\x03\x01\xff\xffu (#3)

MD5	`0829f71740aab1ab98b33eae21dee122`
SHA1	`0631457264ff7f8d5fb1edc2c0211992a67c73e6`
SHA256	`9f1dcbc35c350d6027f98be0f5c8b43b42ca52b7604459c0c42be3aa88913d47`
SHA3	`f681764da64aad321f365155d0cf743275005f05c67517a0d3751c26c4ef5fa1`
VirtualSize	`0x2000`
VirtualAddress	`0x10000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.\x03\x01\xff\xffu (#4)

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x1000`
VirtualAddress	`0x12000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x12000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.\x03\x01\xff\xffu (#5)

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x1000`
VirtualAddress	`0x13000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.fs

MD5	`d7f84b800fb6295d23de49e7d87f1513`
SHA1	`9e3318de2601f637511a033a80489d2689da17b8`
SHA256	`bf40b504457cb2e90c2434a7027a26bcfceff5d7af2b77255092d3147b8f047b`
SHA3	`71c3c1ffaee13e7223c79b5a0e468f921d94975724402343bfc2ed1db48d2389`
VirtualSize	`0x1000`
VirtualAddress	`0x14000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.24547`

Imports

msvbvm50.dll	`(EMPTY)`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Ignored an invalid IMAGE_RESOURCE_DIRECTORY_ENTRY.
[*] Warning: Ignored an invalid IMAGE_RESOURCE_DIRECTORY_ENTRY.
[*] Warning: Ignored an invalid IMAGE_RESOURCE_DIRECTORY_ENTRY.