b9cd43e6af1c020e2899cf449db63da6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2013-Apr-01 07:08:22
Detected languages English - United States
ProductName Project1
FileVersion 1.00
ProductVersion 1.00
InternalName TJprojMain
OriginalFilename TJprojMain.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic v5.0 - v6.0
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
 Contains domain names:
  • egyfixlab.com
  • http://www.w3.org
  • http://www.w3.org/2001/XMLSchema-instance
  • www.egyfixlab.com
  • www.w3.org
Malicious The file headers were tampered with. Section .text is both writable and executable.
Section .rsrc is both writable and executable.
The RICH header checksum is invalid.
Suspicious The file contains overlay data. 13996639 bytes of data starting at offset 0x5b000.
The overlay data has an entropy of 7.9364 and is possibly compressed or encrypted.
Overlay data amounts for 97.406% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b9cd43e6af1c020e2899cf449db63da6
SHA1 0aa0b2e80b306c57f19c040b81e776856deac2a9
SHA256 ba2d1ae42bcad3481d9a8d12f76b7c0bd099d066cfe344a1b1c99cc7f2d3c4ec
SHA3 d67ca369890a09cf4b74a6032df741377c41c151d4cab62530bdc4e812e49970
SSDeep 393216:fevKnzEkz3Tgicznz/3Dim43+cY7VG/w/DOP:WRkzP03qOlxG/aDQ
Imports Hash 8c16c795b57934183422be5f6df7d891

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2013-Apr-01 07:08:22
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x1a000
SizeOfInitializedData 0x40000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000290C (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1b000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x5c000
SizeOfHeaders 0x1000
Checksum 0x10707af
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e9a068bc69a6cce92101af62753d223a
SHA1 1c6722abfe42559ea72cdf4ff6884ec50d6eca5e
SHA256 96f2d4f88c34a58510c7b69c0c9a287987407dccb9b00184b53a8802628df653
SHA3 1be964e8388ec6c0a8f5ee0dd8930a9da4438d0cbe5912555815e92b6b40a6ab
VirtualSize 0x191d4
VirtualAddress 0x1000
SizeOfRawData 0x1a000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.7348

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563
VirtualSize 0x180c
VirtualAddress 0x1b000
SizeOfRawData 0x1000
PointerToRawData 0x1b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 66ac651467bf281fbe8331c1ffcd0e63
SHA1 0b61c6fb71d29adc372755783325ebd99f414246
SHA256 1abeff7abdf2ef523b5f42f43c9958c200a8756af85f9e8326f956a8674a2c8b
SHA3 21af0d34b61327f43da8a9d511dd8cd325fd6016de265301aefa4223bb1a4c78
VirtualSize 0x3e95f
VirtualAddress 0x1d000
SizeOfRawData 0x3f000
PointerToRawData 0x1c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 53
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.32363

Imports

MSVBVM60.DLL EVENT_SINK_GetIDsOfNames
#690
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
#516
__vbaStrErrVarCopy
#517
_adj_fprem1
__vbaRecAnsiToUni
#519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
#661
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
#669
#593
__vbaExitProc
#594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
#598
__vbaFpR4
#705
__vbaStrFixstr
_CIsin
#631
#709
#525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
#529
__vbaGet4
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
#600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
#712
__vbaStrToUnicode
#606
_adj_fprem
_adj_fdivr_m64
#714
#609
__vbaFPException
#319
__vbaGetOwner3
__vbaUbound
#535
__vbaFileSeek
#537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
#648
#570
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
#572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
#100
__vbaI4Var
#689
__vbaAryLock
__vbaVarAdd
#611
#320
__vbaVarDup
__vbaStrToAnsi
#321
__vbaFpI2
__vbaFpI4
#616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
#618
__vbaCastObj
__vbaR8IntI4
#650
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
#580
#581

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xcd0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.55048
MD5 ae18605e0a36460c0ff688c6b26df1d3
SHA1 89b3268191f1235509fe4a063ddfcd10d7b6c7d6
SHA256 17ff10e6223a68e1564118d6c5d2225c5ccbf0f52fd21c5438053a1dddc6dff9
SHA3 e7e01b3370ff478b2c61b1048082e262b175756624b26fefb57ba0396c86f21b

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x14
TimeDateStamp 2013-Apr-01 07:08:22
Entropy 1.5789
Detected Filetype Icon file
MD5 96368a1d01b9b3ad7ba32197a2f5ab9b
SHA1 8fe4086815852f396a60e076cf81470be5d0736f
SHA256 917277758ec26a2ac726258b0330a530d9e69918ef94104faeff9a418f932244
SHA3 3a10cdd2ad4c78ab863d5cceae110eb3061f61d55f5bd2a8817d958d67a0fb2d

1 (#3)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x1ec
TimeDateStamp 2013-Apr-01 07:08:22
Entropy 3.13718
MD5 36248eae0c0c17c1fbbd52476d5b612d
SHA1 c76b019abb540f0f942c99cb1daf61b202f8bd4a
SHA256 d5afa151e677a98f00aa6af43d6155c0dc5bbb8039c1581f744e3188616a434c
SHA3 142782a145302989fd0404f34e6892589970ec956f1ae364d10822ba360c93a1

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x3e7
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.71018
MD5 2d212c52d195db17de44fc66fc64ec7b
SHA1 0bc303796fc25884f30daa43579f37084aa86551
SHA256 95effec3e13ef3dde1b82a54cce79dc610c686a6b74d5018e8895a2c923dede5
SHA3 733a2075eb69fb272214c25fe350578d31209a61701d4a24bc85046af292c7e0

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
ProductName Project1
FileVersion (#2) 1.00
ProductVersion (#2) 1.00
InternalName TJprojMain
OriginalFilename TJprojMain.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x91a515f9
Unmarked objects 0
14 (7299) 1
9 (8041) 8
13 (8169) 1

Errors

<-- -->