Manalyze report for 7dfa740470d2324213eb2ebd7b27020b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Dec-09 09:19:03
Detected languages	English - United States
Comments	RigModels.com
CompanyName	RigModels.com
FileDescription	RigModels.com
LegalCopyright	RigModels.com
LegalTrademarks	RigModels.com
ProductName	RigModels.com
FileVersion	`1.00`
ProductVersion	`1.00`
InternalName	Sketchfab Ripper v9
OriginalFilename	Sketchfab Ripper v9.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic 5.0` `Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Info	Interesting strings found in the binary:	`Contains domain names: RigModels.com https://media.sketchfab.com https://media.sketchfab.com/models/ https://rigmodels.com https://sketchfab.com media.sketchfab.com rigmodels.com sketchfab.com`
Suspicious	VirusTotal score: 2/70 (Scanned on 2020-12-13 18:04:29)	`Bkav: W32.AIDetectVM.malware1` `APEX: Malicious`

Hashes

MD5	`7dfa740470d2324213eb2ebd7b27020b`
SHA1	`1753bb168554495b99d84a46bf39caeddb01f025`
SHA256	`6545412506d6bb1a97cfda64bc2f96c91494a99f14a9812a3715cea0f9ab21cf`
SHA3	`de276da7ea5b9e0122bd1026832a53e033cc4d562a832280813c32ec44d22854`
SSDeep	`3072:Nzt03hmeB1Xg/65OCWg6ieD2PPbMnoaH:Ehv15OCWXieD2PbMno`
Imports Hash	`0a0c80a4c74018017fee752bf0b120ba`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Dec-09 09:19:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x1a000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002028 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1d000`
SizeOfHeaders	`0x1000`
Checksum	`0x28f27`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`01f1177496df01bb1506e7b3602afe0d`
SHA1	`2bffeb0d872f4c6c18284f695116d79fee65b8a6`
SHA256	`65a6daaf9824da7ca5740fa300936e3717412016a6d02e6a88aafe8620d8c607`
SHA3	`b032741c85732990901fae126565e30c7e0998bb33871ab9f7a0caec9e53ed21`
VirtualSize	`0x19e34`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67421`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0xd34`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`4287fc821dfc546dd29d07e80befe8f7`
SHA1	`6037824f12c66a60d2c4c354bec76e24bf227c0a`
SHA256	`880f4ace11ebf4c1bd5d659d0fcb4ed0048d39bff6adc1a60389d15e731e86b7`
SHA3	`d2c54dfc4463ca0570bee6b89ebbc9e12802a1584f65026c561ec5135bd4e0e7`
VirtualSize	`0xcf8`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.75347`

Imports

MSVBVM60.DLL	`__vbaVarTstGt` `__vbaStrI2` `_CIcos` `_adj_fptan` `__vbaStrI4` `__vbaFreeVar` `__vbaLineInputStr` `__vbaLenBstr` `__vbaStrVarMove` `__vbaFreeVarList` `__vbaEnd` `_adj_fdiv_m64` `__vbaPut4` `__vbaFreeObjList` `#516` `#517` `_adj_fprem1` `__vbaCopyBytes` `__vbaStrCat` `#660` `__vbaSetSystemError` `__vbaHresultCheckObj` `__vbaNameFile` `_adj_fdiv_m32` `__vbaAryVar` `#666` `__vbaAryDestruct` `#593` `#594` `__vbaObjSet` `__vbaOnError` `#595` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `#598` `#520` `__vbaBoolVarNull` `__vbaFpR8` `_CIsin` `__vbaErase` `#632` `__vbaChkstk` `__vbaFileClose` `EVENT_SINK_AddRef` `__vbaGenerateBoundsError` `#528` `#529` `__vbaStrCmp` `__vbaVarTstEq` `__vbaI2I4` `DllFunctionCall` `__vbaVarOr` `_adj_fpatan` `__vbaRedim` `EVENT_SINK_Release` `#600` `__vbaUI1I2` `_CIsqrt` `__vbaVarAnd` `EVENT_SINK_QueryInterface` `__vbaExceptHandler` `#711` `__vbaStrToUnicode` `#712` `__vbaInputFile` `#606` `__vbaR4ErrVar` `_adj_fprem` `_adj_fdivr_m64` `#608` `#530` `__vbaFPException` `__vbaInStrVar` `__vbaUbound` `__vbaStrVarVal` `#644` `_CIlog` `__vbaErrorOverflow` `__vbaFileOpen` `#647` `__vbaR8Str` `__vbaNew2` `#648` `__vbaInStr` `#571` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaStrCopy` `#681` `__vbaVarNot` `__vbaFreeStrList` `#576` `_adj_fdivr_m32` `_adj_fdiv_r` `#685` `#100` `__vbaI4Var` `__vbaVarCmpEq` `__vbaAryLock` `__vbaVarAdd` `__vbaStrComp` `__vbaVarDup` `__vbaStrToAnsi` `#616` `__vbaFpI4` `__vbaR8IntI2` `#617` `_CIatan` `#618` `__vbaAryCopy` `__vbaCastObj` `__vbaStrMove` `#619` `_allmul` `_CItan` `__vbaAryUnlock` `__vbaFPInt` `_CIexp` `__vbaFreeObj` `__vbaFreeStr`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x8a8`
TimeDateStamp	2020-Dec-09 09:19:03
Entropy	`4.51939`
MD5	`a7165564a91339cc4f06d41fe799180f`
SHA1	`750e262623d526d7c90379cf7ee92d89a5309a12`
SHA256	`dc5e731110cdd027a9bf979ec178c558be0ef1a51234c31d009ee79944fcde59`
SHA3	`c24e06b51f252467e1b0cd68194c26edd8fc02b772c52e0bce6902bade06c92d`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x14`
TimeDateStamp	2020-Dec-09 09:19:03
Entropy	`2.22322`
Detected Filetype	Icon file
MD5	`4610e703b0622b2c9fec4ec01e9c9ecc`
SHA1	`1a395734ea2dbcb38430aadb6bf899d5c5e0b93a`
SHA256	`4b5b6cd2cee245f4389b889f8441491157870ddf1a9ec09c3fde3fca1657b220`
SHA3	`c545f87715aabfd3ba01bcac62b42f3758394fbfbd3f3d564fc7aaa285ed5ff1`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x34c`
TimeDateStamp	2020-Dec-09 09:19:03
Entropy	`3.32092`
MD5	`f31896829dc1e13f95ef655a86fddbec`
SHA1	`565507fa46f717ffd9b7821efcc298865fe7afb9`
SHA256	`8df3955778d4ce87c3c01f8a852143c4589e255400c27e5a1e1791290ef1bdb7`
SHA3	`6f105e06810f3febfd6bc99e1c4c813373a0f27c4f76653b16860a864b1ec438`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	RigModels.com
CompanyName	RigModels.com
FileDescription	RigModels.com
LegalCopyright	RigModels.com
LegalTrademarks	RigModels.com
ProductName	RigModels.com
FileVersion (#2)	1.00
ProductVersion (#2)	1.00
InternalName	Sketchfab Ripper v9
OriginalFilename	Sketchfab Ripper v9.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8917a389`
Unmarked objects	`0`
14 (7299)	`1`
9 (8041)	`4`
13 (8169)	`1`

7dfa740470d2324213eb2ebd7b27020b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

Imports

Delayed Imports

30001

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors