b9ba6bac46aa10ae4de63cab44e1dcd4567d78d8b2954cf92c2278d97b35b76f

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2000-Nov-07 22:39:22

Plugin Output

Info Matching compiler(s): Installer VISE Custom
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • Programs\StartUp
  • Programs\Startup
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Can access the registry:
  • RegSetValueExA
  • RegCloseKey
  • RegCreateKeyExA
  • RegOpenKeyExA
 Possibly launches other programs:
  • CreateProcessA
Suspicious VirusTotal score: 1/71 (Scanned on 2026-04-01 03:09:08) NANO-Antivirus: Trojan.Win32.Symmi.eixmlw

Hashes

MD5 eeb0e11b20683c0a5a28002b90ac998a
SHA1 93d9c17a8ea6aa8a3d0cad7a6321a0ff1a3713f9
SHA256 b9ba6bac46aa10ae4de63cab44e1dcd4567d78d8b2954cf92c2278d97b35b76f
SHA3 2f9249eeb6b9f7e2d9c46fcc5b51ae8a8c09f67f4822978330322b2341346cda
SSDeep 384:WEsDFszfGw6NUou841uoYeIGfmlnc7oDk9cyy6pJoHxj3qTUyXh6oslrP:VU6zfG6oBYpYelorCcyfkRj3qAoh6os
Imports Hash 7e1782d8dd72de946efdfbc22fd8ae1e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2000-Nov-07 22:39:22
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x5000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001AB5 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ac70cddce827ce8d82b57895aa1f60c0
SHA1 a9457ff8def8d3d48c7b95ab301daaf91e6ef7b9
SHA256 ff91c4351c7f9cd6c96a42c4f22682c454d68918471a1d259e5a6d74c32b25b1
SHA3 b2be5bd67981df2ddbec4cb1fabe463b60f4257e984bc18c7b528dae5335e4b4
VirtualSize 0x43d7
VirtualAddress 0x1000
SizeOfRawData 0x5000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.02957

.rdata

MD5 c9feb0684c03a76beeca6f49d2a3eb2d
SHA1 dfa17cb56b0a15b61cc69994af3a4b5fc2fb128a
SHA256 48065919c014f79ae3d49ec436a9dfe9e3dfa73ba1ce74cc6b98daf94082ae8b
SHA3 0c0e0f2653fa5a5d6a259117b066fd4051e36818cec3e9a73b6eaa15802182ce
VirtualSize 0xa40
VirtualAddress 0x6000
SizeOfRawData 0x1000
PointerToRawData 0x6000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.89992

.data

MD5 81df12c5ca7e95391a1f8aa89bef50d0
SHA1 50b8cae0bfa5f3ba8698ae7b483496306935c1ec
SHA256 5a681ea359d69e929b3c25274f3360c241a6e5165f05df34dae54d3dd7ba3de5
SHA3 89f5b857eb784a7847d79aa4cc7052aa7a0516d82789152b97f1f013ba3bba8a
VirtualSize 0xedc
VirtualAddress 0x7000
SizeOfRawData 0x1000
PointerToRawData 0x7000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.2377

Imports

KERNEL32.dll SetFilePointer
CloseHandle
CreateProcessA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileSize
CreateFileA
GetModuleFileNameA
GetFileType
GetStdHandle
GetLastError
DeleteFileA
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
UnhandledExceptionFilter
SetEndOfFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
CompareStringW
SetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
USER32.dll MessageBoxA
ADVAPI32.dll RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x4208f650
Unmarked objects 0
12 (7291) 2
14 (7299) 14
C objects (VS98 build 8168) 42
19 (8034) 7
Total imports 62
C++ objects (VS98 build 8168) 3

Errors

Leave a comment

No comments yet.