a725cc4852090d4b58c4d6b6a94529bbf4f8320a5b1b8e137a343bda7db03ae7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2013-Apr-01 07:08:22
Detected languages English - United States
ProductName Project1
FileVersion 1.00
ProductVersion 1.00
InternalName TJprojMain
OriginalFilename TJprojMain.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual Basic v5.0 - v6.0
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
 Contains domain names:
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/SMI/2005/WindowsSettings
  • microsoft.com
  • schemas.microsoft.com
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Uses constants related to SHA256
Malicious The file headers were tampered with. Section .text is both writable and executable.
Section .rsrc is both writable and executable.
The RICH header checksum is invalid.
Suspicious The file contains overlay data. 2468559 bytes of data starting at offset 0x1e000.
The overlay data has an entropy of 7.9146 and is possibly compressed or encrypted.
Overlay data amounts for 95.2582% of the executable.
Malicious VirusTotal score: 66/70 (Scanned on 2026-05-29 09:42:33) ALYac: Win32.Gosys.B
APEX: Malicious
AVG: Script:SNH-gen [Drp]
Acronis: suspicious
AhnLab-V3: Worm/Win32.Mofksys.R198176
Alibaba: Worm:Win32/Mofksys.384
Antiy-AVL: Trojan/Win32.Agent
Arcabit: Win32.Gosys.B
Avast: Script:SNH-gen [Drp]
Avira: TR/Patched.Ren.Gen
BitDefender: Win32.Gosys.B
Bkav: W32.WatermarkHQc.PE
CAT-QuickHeal: W32.Mofksys.A4
CTX: exe.trojan.mofksys
ClamAV: Win.Trojan.VBGeneric-6735875-0
CrowdStrike: win/malicious_confidence_100% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
DrWeb: Win32.HLLP.Swisyn
ESET-NOD32: Win32/VB.NBI virus
Elastic: Windows.Generic.Threat
Emsisoft: Win32.Gosys.B (B)
F-Secure: Dropper.DR/SNH
Fortinet: W32/VB.QCC!tr.dldr
GData: Win32.Gosys.B
Google: Detected
Gridinsoft: Trojan.Win32.Agent.sa
Ikarus: Worm.Mofksys
Jiangmin: Trojan/Agent.hxgb
K7AntiVirus: Virus ( 00579e181 )
K7GW: P2PWorm ( 004d58c41 )
Kaspersky: Virus.Win32.VB.mz
Kingsoft: Win32.Infected.AutoInfector.a
Lionic: Trojan.Win32.Agent.tnrh
Malwarebytes: Viking.Worm.Autorun.DDS
MaxSecure: Trojan.Malware.121218.susgen
McAfeeD: Real Protect-LS!6BF43656D6BE
MicroWorld-eScan: Win32.Gosys.B
Microsoft: Trojan:Win32/Swisyn!rfn
NANO-Antivirus: Trojan.Win32.Swisyn.flhacn
Paloalto: generic.ml
Panda: Trj/Spy.AT
Rising: Virus.Mofksys!1.10625 (CLASSIC)
Sangfor: Suspicious.Win32.Save.ins
SentinelOne: Static AI - Malicious PE
Skyhigh: W32/Swisyn.b
Sophos: Troj/Agent-ABZF
TACHYON: Worm/W32.VB-Mofksys.Zen
Tencent: Worm.Win32.Wbna.wf
Trapmine: malicious.high.ml.score
TrellixENS: W32/Swisyn.b
TrendMicro: PE_SWISB.A
TrendMicro-HouseCall: PE_SWISB.A
VBA32: TScope.Trojan.VB
VIPRE: Win32.Gosys.B
Varist: W32/Trojan.UEJO-9077
VirIT: Trojan.PS.Agent.JBG
Webroot: W32.Worm.Mofksys
Xcitium: TrojWare.Win32.VB.QOTY@4qfd0g
Zillya: Virus.HLLP.Win32.1
ZoneAlarm: Troj/Agent-ABZF
Zoner: Trojan.Win32.88925
alibabacloud: Worm:Win/Mofksys
huorong: Virus/Viking.e
tehtris: Generic.Malware

Hashes

MD5 6bf43656d6be3892ae46616bb290c06c
SHA1 9b119ce251b35bd936dc0cff2801199af718fe2a
SHA256 a725cc4852090d4b58c4d6b6a94529bbf4f8320a5b1b8e137a343bda7db03ae7
SHA3 ac25615c3391b9a6651267ae7370c1f6cd761a33e6a13cc285ce181a3638be1e
SSDeep 49152:tZrquRsgyhI3nSDqazjvMwU2fy2fxQP4s4clpcWmsgi:3OuRLyhIXSDbzj0wU2DPs4ckWF3
Imports Hash 8c16c795b57934183422be5f6df7d891

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2013-Apr-01 07:08:22
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x1a000
SizeOfInitializedData 0x3000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000290C (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1b000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1f000
SizeOfHeaders 0x1000
Checksum 0x4bf451a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e9a068bc69a6cce92101af62753d223a
SHA1 1c6722abfe42559ea72cdf4ff6884ec50d6eca5e
SHA256 96f2d4f88c34a58510c7b69c0c9a287987407dccb9b00184b53a8802628df653
SHA3 1be964e8388ec6c0a8f5ee0dd8930a9da4438d0cbe5912555815e92b6b40a6ab
VirtualSize 0x191d4
VirtualAddress 0x1000
SizeOfRawData 0x1a000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.7348

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563
VirtualSize 0x180c
VirtualAddress 0x1b000
SizeOfRawData 0x1000
PointerToRawData 0x1b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 9a16d6c7158ed9ae93784cff5cdea061
SHA1 fd43d3921d7172979395e48a57408aab8503509b
SHA256 a75b0a15ab630590bb8c4bb66465049354f264a9eebaa50cdcfa517604881f11
SHA3 12fc20a06188b7e6a3c4d15a41e254dfc8cab98ce62d5144142eb9a420ea6e54
VirtualSize 0x13f0
VirtualAddress 0x1d000
SizeOfRawData 0x2000
PointerToRawData 0x1c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 53
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.39988

Imports

MSVBVM60.DLL EVENT_SINK_GetIDsOfNames
#690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
#516
__vbaStrErrVarCopy
#517
_adj_fprem1
__vbaRecAnsiToUni
#519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
#661
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
#669
#593
__vbaExitProc
#594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
#598
__vbaFpR4
#705
__vbaStrFixstr
_CIsin
#631
#709
#525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
#529
__vbaGet4
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
#600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
#712
__vbaStrToUnicode
#606
_adj_fprem
_adj_fdivr_m64
#714
#609
__vbaFPException
#319
__vbaGetOwner3
__vbaUbound
#535
__vbaFileSeek
#537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
#648
#570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
#572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
#100
__vbaI4Var
#689
__vbaAryLock
__vbaVarAdd
#611
#320
__vbaVarDup
__vbaStrToAnsi
#321
__vbaFpI2
__vbaFpI4
#616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
#618
__vbaCastObj
__vbaR8IntI4
#650
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
#580
#581

Delayed Imports

30001

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0xcd0
TimeDateStamp 2013-Apr-01 07:08:22
Entropy 6.5022
MD5 3771a803c6a3f143dbad147787f3d15f
SHA1 40d5cfe982928411d4b0e323a3c5fc73372f0978
SHA256 54a92541620b577ac5964c1329d3afa58ee6bc8846605b4e4a6833a7d550eebd
SHA3 8f3748191c1dbf0e22f6b77b587c66b03d27ea834e20616e40a0cb9e681e2af1

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x14
TimeDateStamp 2013-Apr-01 07:08:22
Entropy 1.97095
Detected Filetype Icon file
MD5 2438b62bfc804557ec6cb59dca3dad8c
SHA1 8c828afbaa00749b7a7564b1665774b0d9ddf62b
SHA256 849c1d43cc460acc263a31d28e0821a9eb456584f02a249e922c037df60a353e
SHA3 9593914640626d7e51b49c4558ed84fcc005bcffdfd7e796cf04238ee362a4e8

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x1ec
TimeDateStamp 2013-Apr-01 07:08:22
Entropy 3.13718
MD5 36248eae0c0c17c1fbbd52476d5b612d
SHA1 c76b019abb540f0f942c99cb1daf61b202f8bd4a
SHA256 d5afa151e677a98f00aa6af43d6155c0dc5bbb8039c1581f744e3188616a434c
SHA3 142782a145302989fd0404f34e6892589970ec956f1ae364d10822ba360c93a1

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x3e7
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.71018
MD5 2d212c52d195db17de44fc66fc64ec7b
SHA1 0bc303796fc25884f30daa43579f37084aa86551
SHA256 95effec3e13ef3dde1b82a54cce79dc610c686a6b74d5018e8895a2c923dede5
SHA3 733a2075eb69fb272214c25fe350578d31209a61701d4a24bc85046af292c7e0

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
ProductName Project1
FileVersion (#2) 1.00
ProductVersion (#2) 1.00
InternalName TJprojMain
OriginalFilename TJprojMain.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x91a515f9
Unmarked objects 0
14 (7299) 1
9 (8041) 8
13 (8169) 1

Errors

Leave a comment

No comments yet.