Manalyze report for 8e9d7feb3b955e6def8365fd83007080

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2002-Feb-14 20:29:09
Detected languages	English - United States
CompanyName
ProductName	Zimmer
FileVersion	`1.00.0004`
ProductVersion	`1.00.0004`
InternalName	1
OriginalFilename	1.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run`
Malicious	VirusTotal score: 56/67 (Scanned on 2017-12-22 04:41:42)	`K7AntiVirus: Trojan ( 004e77e71 )` `TotalDefense: Win32/Bezilom` `MicroWorld-eScan: Gen:Trojan.Heur.bm0@sDbu1hjif` `CMC: Generic.Win32.8e9d7feb3b!MD` `CAT-QuickHeal: W32.Bezilion.28672` `ALYac: Trojan.Vir.HLL` `Zillya: Virus.Bezilom.Win32.2` `SUPERAntiSpyware: Trojan.Agent/Gen-Vbject` `TheHacker: Trojan/Bezilom.a` `K7GW: Trojan ( 004e77e71 )` `Cybereason: malicious.1b8fb7` `Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9950` `Cyren: W32/Bezilion.28672` `Symantec: W32.Bezilom.Worm` `ESET-NOD32: Win32/Bezilom.A` `TrendMicro-HouseCall: WORM_BEZILOM.A1` `Paloalto: generic.ml` `Kaspersky: Virus.Win32.HLLW.Bezilom` `BitDefender: Gen:Trojan.Heur.bm0@sDbu1hjif` `NANO-Antivirus: Virus.Win32.HLLW.ghdb` `AegisLab: W32.HLLW.Bezilom!c` `Avast: Win32:Bezilom` `Tencent: Win32.Virus.Hllw.Eehx` `Ad-Aware: Gen:Trojan.Heur.bm0@sDbu1hjif` `Sophos: W32/Bezilom-A` `Comodo: Worm.Win32.Bezilom.A` `F-Secure: Gen:Trojan.Heur.bm0@sDbu1hjif` `DrWeb: Win32.HLLM.Generic.39` `VIPRE: Trojan.Win32.Generic!BT` `McAfee-GW-Edition: W32/Bezilom.worm` `Emsisoft: Gen:Trojan.Heur.bm0@sDbu1hjif (B)` `Ikarus: Worm.Win32.Bezilom` `F-Prot: W32/Bezilion.28672` `Jiangmin: Win32/HLLW.Bezilom` `Webroot: Worm:Win32/Bezil.A@mm` `Avira: W32/HLLW.Bezilom` `Fortinet: W32/Bezilion.28672` `Antiy-AVL: Trojan/Win32.Vilsel.gic` `Endgame: malicious (high confidence)` `Arcabit: Trojan.Heur.EDAFD0` `ViRobot: I-Worm.Win32.Bezilom.28672` `ZoneAlarm: Virus.Win32.HLLW.Bezilom` `Microsoft: Worm:Win32/Bezil.A@mm` `AhnLab-V3: Win32/Bezilom.worm.28672` `McAfee: W32/Bezilom.worm` `AVware: Trojan.Win32.Generic!BT` `MAX: malware (ai score=80)` `VBA32: Trojan.Worm.Bezilom` `Cylance: Unsafe` `Rising: Trojan.Bezilom.1063 (CLASSIC)` `Yandex: I-Worm.Bezilom.A` `eGambit: Unsafe.AI_Score_91%` `GData: Gen:Trojan.Heur.bm0@sDbu1hjif` `AVG: Win32:Bezilom` `Panda: W32/Bezilom.worm` `Qihoo-360: Win32/Trojan.HLLW.a84`

Hashes

MD5	`8e9d7feb3b955e6def8365fd83007080`
SHA1	`df7522e270506b1a2c874700a9beeb9d3d233e23`
SHA256	`94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022`
SHA3	`10e61c0945e942016f9cd7ae2259ce55ddc8445a6f0d3728580fae80ecca2143`
SSDeep	`384:1gc4XlUUWiY1SN6oHN64iKZz+ZBEKTzEv819YSHOuSsAR/+eR4517wNwEb:1nREWEFsI+wAJw2E`
Imports Hash	`af3a9167f8717604f11c2312b35ebf20`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2002-Feb-14 20:29:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001108 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x1000`
Checksum	`0x981c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`65d58df46c0040d534067cc11e6c46d8`
SHA1	`af0b3f79dab17aed38fa7e02f5d71b0dd92ada6c`
SHA256	`8f7bc3c87d2a7721349ffc06c258d67c981feb7834af6e57fc199148f47e764a`
SHA3	`60c8b29ebe86a04d39c594028a764fcf785d79e5c91c5bf20643400bc2122a91`
VirtualSize	`0x4f54`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.01231`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xc20`
VirtualAddress	`0x6000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`14d5dedb71452e94fda00eca493c71a5`
SHA1	`85247a46e18c5cf39bf3266490c686ca0cf423f8`
SHA256	`000a65634270be3d164f255728ebda5cc8d78d5d7f7dd95998eb5d9aeb4687b9`
SHA3	`ad1c33d6c22754197af30f5d2f48d0495586e20e110746c90212fa592662e217`
VirtualSize	`0x748`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.00811`

Imports

MSVBVM60.DLL	`MethCallEngine` `#518` `#519` `#593` `#594` `#598` `#520` `#526` `EVENT_SINK_AddRef` `#528` `DllFunctionCall` `EVENT_SINK_Release` `EVENT_SINK_QueryInterface` `__vbaExceptHandler` `#607` `#608` `#716` `ProcCallEngine` `#537` `#576` `#100` `#616` `#617` `#619` `#580`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2002-Feb-14 20:28:57
Entropy	`3.76485`
MD5	`6e04c9556c06039346bb982fb68bed58`
SHA1	`bed9f5a5d6daacd96ae24f29e57ea3074707c103`
SHA256	`c2e82ac4b7aed3331e4ff61ec6d655d00c07c1d0cb91cab060506a302afbdbf4`
SHA3	`55351e15df431c3306cad4cdcb422cdd4727b5f6200db9d34eaa242e157fe550`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x2e8`
TimeDateStamp	2002-Feb-14 20:28:57
Entropy	`2.95474`
MD5	`ad941f2a1c4aaa80c8aff4386bd7d3d2`
SHA1	`3069066a1cebb1512dd0ac5bd9e8389bee199257`
SHA256	`22ff7b3eda2ca7f760362fabf04fc430b60b7822e03395bb66aa1a1e040ed4a3`
SHA3	`f48a0b303cfc95ae9f6905abe8ba480edb4353dadc3f9b7cf5f2624365218a21`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x24`
TimeDateStamp	2002-Feb-14 20:28:57
Entropy	`2.72548`
Detected Filetype	Icon file
MD5	`9e02cd2a6c5d4942b010b43799e66979`
SHA1	`81512cf2ca5f2979c86717763cf24223716b22ee`
SHA256	`75f98605c48e4ec6da0d020f8e865a646b72054eeeb141d494a0276f6db1519f`
SHA3	`dba3ca32d8980ce32dcb6a29cfabc9b7823b121130bd8cbc443f9cb5c566366e`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x1f4`
TimeDateStamp	2002-Feb-14 20:28:57
Entropy	`3.12228`
MD5	`ae6b963f97182813bee9136d685d15c3`
SHA1	`b1eb554868834ef71c273fa498cf3a4e9c416fa1`
SHA256	`f4cea553f28af1aad1839dcb26bb72b79340ecd566b5239961c34a4ae92b0054`
SHA3	`8903207f747ef17349aef8de3e71d68d0a519832520d921d5f6b568a50f10945`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.4
ProductVersion	1.0.0.4
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName
ProductName	Zimmer
FileVersion (#2)	1.00.0004
ProductVersion (#2)	1.00.0004
InternalName	1
OriginalFilename	1.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x886973f3`
Unmarked objects	`0`
13 (8169)	`1`

Errors

[*] Warning: Section .data has a size of 0!