Manalyze report for a177b665ada910dad22f2353b61c800d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2000-Nov-06 10:25:13
Detected languages	English - United States
Debug artifacts	Embedded COFF debugging symbols
CompanyName	Mello
ProductName	Project1
FileVersion	`1.00`
ProductVersion	`1.00`
InternalName	Fruit
OriginalFilename	Fruit.exe

Plugin Output

Hashes

MD5	`a177b665ada910dad22f2353b61c800d`
SHA1	`9bbe72d6a7201c07c9942f4d06ec92dcaa0a2cf4`
SHA256	`4f18cb28a7423e75dfbd3a98b7545dbc0806d98edab808e51d9bbd67738731de`
SHA3	`52196c27c1aaab539cc5a030915515a1964d5558d4563e799449dd899dc04acc`
SSDeep	`6144:HXqrVOglXrZQ/blyXV2Ng1+/7owXgxrDkezJYkIxWSzoyA4kR5/hxln2B:arXZ8bAX8Ne+/3gLJexzwpRxl2B`
Imports Hash	`476bc1cbcec4e6dad32b996a8479eefe`

DOS Header

e_magic	`MZ`
e_cblp	`0x40`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x2`
e_minalloc	`0x4`
e_maxalloc	`0xffff`
e_ss	`0x2`
e_sp	`0x40`
e_csum	`0`
e_ip	`0xe`
e_cs	`0`
e_ovno	`0`
e_oemid	`0x2032`
e_oeminfo	`0x6e6f`
e_lfanew	`0x40`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2000-Nov-06 10:25:13
PointerToSymbolTable	`0x726f4c5b`
NumberOfSymbols	`1564823652`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x64000`
SizeOfInitializedData	`0x6000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000014E4 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x65000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6abac`
SizeOfHeaders	`0x200`
Checksum	`0x68525`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`75091ba18ae917e21d7f380990a03c03`
SHA1	`3371821f7a08b2ae5d108aed45f7a8ba1e243cdf`
SHA256	`2c9314d284b1e6bab1f0625992fbb23b85b7ad1d18363814d8d9bebcc027766c`
SHA3	`d1733c25b45c39f32075651596126f0a91a8e312d81963c0e6028f3c40e0a342`
VirtualSize	`0x64000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x63482`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.79451`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0x5000`
VirtualAddress	`0x65000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x63800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`4a1fb5b46c53c64566d5174240696516`
SHA1	`99a0bf42d5e830fd9f034e9ce55b374acd847cf3`
SHA256	`c455dcd401bd98e20edf0abce90b2f83108da883bf499ce66cb0e8a564ef7533`
SHA3	`14e801247165f505e8c9ec5abbfc5bc635afab4f0518cd79b492c04cc3c2604b`
VirtualSize	`0xbac`
VirtualAddress	`0x6a000`
SizeOfRawData	`0xbb0`
PointerToRawData	`0x64800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.42335`

Imports

MSVBVM60.DLL	`_CIcos` `_adj_fptan` `__vbaVarMove` `__vbaVarVargNofree` `__vbaFreeVar` `__vbaLenBstr` `__vbaStrVarMove` `__vbaFreeVarList` `_adj_fdiv_m64` `__vbaFreeObjList` `_adj_fprem1` `__vbaSetSystemError` `__vbaHresultCheckObj` `_adj_fdiv_m32` `#593` `#594` `__vbaFileCloseAll` `__vbaOnError` `__vbaObjSet` `#595` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `__vbaVarTstLt` `_CIsin` `#525` `__vbaChkstk` `__vbaFileClose` `EVENT_SINK_AddRef` `__vbaStrCmp` `#529` `__vbaVarTstEq` `DllFunctionCall` `_adj_fpatan` `__vbaLateIdCallLd` `EVENT_SINK_Release` `_CIsqrt` `EVENT_SINK_QueryInterface` `__vbaExceptHandler` `__vbaStrToUnicode` `__vbaInputFile` `__vbaPrintFile` `_adj_fprem` `_adj_fdivr_m64` `__vbaFPException` `__vbaStrVarVal` `__vbaVarCat` `#535` `#645` `_CIlog` `__vbaFileOpen` `__vbaNew2` `__vbaR8Str` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaStrCopy` `__vbaFreeStrList` `#576` `_adj_fdivr_m32` `_adj_fdiv_r` `#100` `__vbaVarTstNe` `__vbaI4Var` `__vbaVarAdd` `__vbaStrToAnsi` `__vbaVarDup` `#616` `__vbaVarCopy` `#617` `_CIatan` `__vbaStrMove` `_allmul` `_CItan` `__vbaFPInt` `_CIexp` `__vbaFreeStr` `#580` `__vbaFreeObj`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x8a8`
TimeDateStamp	2000-Nov-06 10:25:13
Entropy	`3.14088`
MD5	`b383e1f2491cb014b2ffcf2eca61a17c`
SHA1	`f45faf23fcf875f457814e556a4260d3f9be310e`
SHA256	`89b053d1d1d0dc57bfea7306fa7b591c9858042641f34f8569789885b2f3364b`
SHA3	`3279cb6b326a5b9318e47c4b60440cec26ad676b9b5744ad1bbc348aad034ac4`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x14`
TimeDateStamp	2000-Nov-06 10:25:13
Entropy	`2.22322`
MD5	`4610e703b0622b2c9fec4ec01e9c9ecc`
SHA1	`1a395734ea2dbcb38430aadb6bf899d5c5e0b93a`
SHA256	`4b5b6cd2cee245f4389b889f8441491157870ddf1a9ec09c3fde3fca1657b220`
SHA3	`c545f87715aabfd3ba01bcac62b42f3758394fbfbd3f3d564fc7aaa285ed5ff1`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x200`
TimeDateStamp	2000-Nov-06 10:25:13
Entropy	`3.11617`
MD5	`62ede542c5ce7ab846ce4b57bdf163bc`
SHA1	`e25f7dd18c2051b6b4e05f9832a07579ace1bc18`
SHA256	`a58c86644024358c3f2ea1e2f8d0f8d1a8b60b7fded78a7b6b93639b1cc6bcfe`
SHA3	`2fd3300277fdb3869250ff2f0639ca1bf7f94e01ea4694e1876e4a5a9468636e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Mello
ProductName	Project1
FileVersion (#2)	1.00
ProductVersion (#2)	1.00
InternalName	Fruit
OriginalFilename	Fruit.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read a COFF symbol.
[*] Warning: Please edit the configuration file with your VirusTotal API key.
Could not load company_names.yara!
[!] Error: Could not load yara_rules/bitcoin.yara!
[!] Error: Could not load yara_rules/monero.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!