9167dec1ded11ed4fc012c2262e5af8f

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Sep-17 14:49:15
Detected languages English - United States
CompanyName Milona
ProductName REMUABLE
FileVersion 1.05.0002
ProductVersion 1.05.0002
InternalName Grillroom7
OriginalFilename Grillroom7.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic 5.0
Microsoft Visual Basic v5.0/v6.0
Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual Basic v6.0
Malicious VirusTotal score: 11/71 (Scanned on 2019-05-13 21:51:22) Bkav: HW32.Packed.
Cylance: Unsafe
Rising: Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgXwPx9gZY0M8w)
Endgame: malicious (high confidence)
Invincea: heuristic
Trapmine: malicious.high.ml.score
Microsoft: Trojan:Win32/Fuerboos.E!cl
Acronis: suspicious
SentinelOne: DFI - Malicious PE
Cybereason: malicious.ce0437
CrowdStrike: win/malicious_confidence_100% (D)

Hashes

MD5 9167dec1ded11ed4fc012c2262e5af8f
SHA1 58b1d92ce0437d6e9c308a12455bb19a1b7a3470
SHA256 747c978f6c0c12e9f96dcdabb5952b0a9a69d3700944d89af8e879c753cfaea7
SHA3 2e236c4b33cc2d5b13d3d43fbb8487ea92fdbd8c549dff6c1d631e458d1c8cc9
SSDeep 6144:pwfuGjKB9kE6+AXEBS0Bngd/ZRjtY8oBx3OdUT3hZ+wCER63T1i+7xsEThY:pwu5Br6dXC1aRR7QedUST13tq
Imports Hash 7714ace6d8ca9fdc66cdda0e4d817b85

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2016-Sep-17 14:49:15
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.5
SizeOfCode 0x67000
SizeOfInitializedData 0x4000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000010B0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x68000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.5
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6c000
SizeOfHeaders 0x1000
Checksum 0x75e51
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 23c11adaa02cc3a44acf7ce738610d14
SHA1 4f2183afb48819ae82c6495d3a15fb804536a953
SHA256 ed7e5bb0d1d900b3c400f4ff5b97d927391dad8f8ed1b535b88ee0203a3fe372
SHA3 9f0d25d559bb1f9cb1b86d3a00626eb5625a61911712c6414e06e0bc1389c0b5
VirtualSize 0x6664c
VirtualAddress 0x1000
SizeOfRawData 0x67000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.3491

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x27a4
VirtualAddress 0x68000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc

MD5 c72420cda7eedfc9e639a8a5c1a53da6
SHA1 1efa6d80f63dc8cb103215e0c7028c5e56d5102f
SHA256 871f7c375661c8a92d31d1495c92af23a147a252869988370350cce7dcc24909
SHA3 8b0c33f93c249f1a2962137e381164bcdb6130d472a5a586c349d5f980a84e9f
VirtualSize 0xbd8
VirtualAddress 0x6b000
SizeOfRawData 0x1000
PointerToRawData 0x68000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.09188

Imports

MSVBVM60.DLL #694
#589
MethCallEngine
#595
#521
#523
EVENT_SINK_AddRef
#527
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
#647
#574
#575
#685
#100

Delayed Imports

30001

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x8a8
TimeDateStamp 2016-Sep-17 14:49:15
Entropy 5.38557
MD5 b877ca47b0b22edbe2f2bd16f5c7475d
SHA1 e4024812a19f04ef6f549a062b83b216b09f039c
SHA256 7cd4bcf620b0a5ffa4ecfe215286ed2b427a62a230c49a875998e3e3be948d89
SHA3 45bc5dba41a18bb353afca6ce3979f774bb6c8b7efb8bd66adf71bd645758aa0

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x14
TimeDateStamp 2016-Sep-17 14:49:15
Entropy 2.22322
Detected Filetype Icon file
MD5 4610e703b0622b2c9fec4ec01e9c9ecc
SHA1 1a395734ea2dbcb38430aadb6bf899d5c5e0b93a
SHA256 4b5b6cd2cee245f4389b889f8441491157870ddf1a9ec09c3fde3fca1657b220
SHA3 c545f87715aabfd3ba01bcac62b42f3758394fbfbd3f3d564fc7aaa285ed5ff1

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x22c
TimeDateStamp 2016-Sep-17 14:49:15
Entropy 3.27619
MD5 abab835251638da0277d2ffe79cc5f0a
SHA1 aa65dd031c0bf97c5e6264711665e5a1c8371163
SHA256 546c64ac9843e80143354d1e64f9d821101109cf6369c23a36d01e1393258b32
SHA3 f325ce3c4811ca0c9e30905175a0241e0ece05a88183a3f649231e757beb4483

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.5.0.2
ProductVersion 1.5.0.2
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Milona
ProductName REMUABLE
FileVersion (#2) 1.05.0002
ProductVersion (#2) 1.05.0002
InternalName Grillroom7
OriginalFilename Grillroom7.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x8869808d
Unmarked objects 0
13 (VS98 SP6 build 8804) 1

Errors

[*] Warning: Section .data has a size of 0!