7dfa740470d2324213eb2ebd7b27020b

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Dec-09 09:19:03
Detected languages English - United States
Comments RigModels.com
CompanyName RigModels.com
FileDescription RigModels.com
LegalCopyright RigModels.com
LegalTrademarks RigModels.com
ProductName RigModels.com
FileVersion 1.00
ProductVersion 1.00
InternalName Sketchfab Ripper v9
OriginalFilename Sketchfab Ripper v9.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic 5.0
Microsoft Visual Basic v5.0/v6.0
Microsoft Visual Basic v5.0 - v6.0
Info Interesting strings found in the binary: Contains domain names:
  • RigModels.com
  • https://media.sketchfab.com
  • https://media.sketchfab.com/models/
  • https://rigmodels.com
  • https://sketchfab.com
  • media.sketchfab.com
  • rigmodels.com
  • sketchfab.com
Suspicious VirusTotal score: 2/70 (Scanned on 2020-12-13 18:04:29) Bkav: W32.AIDetectVM.malware1
APEX: Malicious

Hashes

MD5 7dfa740470d2324213eb2ebd7b27020b
SHA1 1753bb168554495b99d84a46bf39caeddb01f025
SHA256 6545412506d6bb1a97cfda64bc2f96c91494a99f14a9812a3715cea0f9ab21cf
SHA3 de276da7ea5b9e0122bd1026832a53e033cc4d562a832280813c32ec44d22854
SSDeep 3072:Nzt03hmeB1Xg/65OCWg6ieD2PPbMnoaH:Ehv15OCWXieD2PbMno
Imports Hash 0a0c80a4c74018017fee752bf0b120ba

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Dec-09 09:19:03
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x1a000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00002028 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1b000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x1000
Checksum 0x28f27
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 01f1177496df01bb1506e7b3602afe0d
SHA1 2bffeb0d872f4c6c18284f695116d79fee65b8a6
SHA256 65a6daaf9824da7ca5740fa300936e3717412016a6d02e6a88aafe8620d8c607
SHA3 b032741c85732990901fae126565e30c7e0998bb33871ab9f7a0caec9e53ed21
VirtualSize 0x19e34
VirtualAddress 0x1000
SizeOfRawData 0x1a000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.67421

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563
VirtualSize 0xd34
VirtualAddress 0x1b000
SizeOfRawData 0x1000
PointerToRawData 0x1b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 4287fc821dfc546dd29d07e80befe8f7
SHA1 6037824f12c66a60d2c4c354bec76e24bf227c0a
SHA256 880f4ace11ebf4c1bd5d659d0fcb4ed0048d39bff6adc1a60389d15e731e86b7
SHA3 d2c54dfc4463ca0570bee6b89ebbc9e12802a1584f65026c561ec5135bd4e0e7
VirtualSize 0xcf8
VirtualAddress 0x1c000
SizeOfRawData 0x1000
PointerToRawData 0x1c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.75347

Imports

MSVBVM60.DLL __vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaPut4
__vbaFreeObjList
#516
#517
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
#660
__vbaSetSystemError
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
__vbaAryVar
#666
__vbaAryDestruct
#593
#594
__vbaObjSet
__vbaOnError
#595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
#598
#520
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
#632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
#528
#529
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
#600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
#711
__vbaStrToUnicode
#712
__vbaInputFile
#606
__vbaR4ErrVar
_adj_fprem
_adj_fdivr_m64
#608
#530
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
#644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
#647
__vbaR8Str
__vbaNew2
#648
__vbaInStr
#571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
#681
__vbaVarNot
__vbaFreeStrList
#576
_adj_fdivr_m32
_adj_fdiv_r
#685
#100
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
#616
__vbaFpI4
__vbaR8IntI2
#617
_CIatan
#618
__vbaAryCopy
__vbaCastObj
__vbaStrMove
#619
_allmul
_CItan
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Delayed Imports

30001

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x8a8
TimeDateStamp 2020-Dec-09 09:19:03
Entropy 4.51939
MD5 a7165564a91339cc4f06d41fe799180f
SHA1 750e262623d526d7c90379cf7ee92d89a5309a12
SHA256 dc5e731110cdd027a9bf979ec178c558be0ef1a51234c31d009ee79944fcde59
SHA3 c24e06b51f252467e1b0cd68194c26edd8fc02b772c52e0bce6902bade06c92d

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x14
TimeDateStamp 2020-Dec-09 09:19:03
Entropy 2.22322
Detected Filetype Icon file
MD5 4610e703b0622b2c9fec4ec01e9c9ecc
SHA1 1a395734ea2dbcb38430aadb6bf899d5c5e0b93a
SHA256 4b5b6cd2cee245f4389b889f8441491157870ddf1a9ec09c3fde3fca1657b220
SHA3 c545f87715aabfd3ba01bcac62b42f3758394fbfbd3f3d564fc7aaa285ed5ff1

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x34c
TimeDateStamp 2020-Dec-09 09:19:03
Entropy 3.32092
MD5 f31896829dc1e13f95ef655a86fddbec
SHA1 565507fa46f717ffd9b7821efcc298865fe7afb9
SHA256 8df3955778d4ce87c3c01f8a852143c4589e255400c27e5a1e1791290ef1bdb7
SHA3 6f105e06810f3febfd6bc99e1c4c813373a0f27c4f76653b16860a864b1ec438

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments RigModels.com
CompanyName RigModels.com
FileDescription RigModels.com
LegalCopyright RigModels.com
LegalTrademarks RigModels.com
ProductName RigModels.com
FileVersion (#2) 1.00
ProductVersion (#2) 1.00
InternalName Sketchfab Ripper v9
OriginalFilename Sketchfab Ripper v9.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x8917a389
Unmarked objects 0
14 (7299) 1
9 (8041) 4
13 (8169) 1

Errors

<-- -->