c1bbf6b835acc758c311931afcad53bf

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2013-Oct-18 09:26:29
Detected languages English - United States
FileVersion 2, 0, 0, 0
ProductVersion 2, 0, 0, 0
LegalCopyright Copyright (C) 2021
FileDescription FSScanConfig v2.0
ProductName FSScanConfig

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryW
  • LoadLibraryA
  • GetProcAddress
 Can access the registry:
  • RegSetValueExW
  • RegEnumKeyW
  • RegDeleteKeyW
  • RegQueryValueW
  • RegOpenKeyW
  • RegCreateKeyExW
  • RegCloseKey
  • RegQueryValueExW
  • RegEnumKeyExW
  • RegOpenKeyExW
 Possibly launches other programs:
  • CreateProcessWithLogonW
 Uses functions commonly found in keyloggers:
  • CallNextHookEx
  • GetForegroundWindow
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Enumerates local disk drives:
  • GetVolumeInformationW
Info The PE's resources present abnormal characteristics. Resource 129 is possibly compressed or encrypted.
Info The PE is digitally signed. Signer: Freshworks Inc
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Malicious VirusTotal score: 3/74 (Scanned on 2024-07-16 03:23:40) Jiangmin: Worm.VBS.adn
VirIT: Trojan.Win32.DownLoader17.DNGL
Xcitium: TrojWare.Win32.TrojanDropper.Dexel.A@6k1yft

Hashes

MD5 c1bbf6b835acc758c311931afcad53bf
SHA1 36324408bb7b7248fd883ffde9159abc11bb7745
SHA256 40a4b8a33993141f32c3e237be3d52c12d71b906e952f164101c56a9f6b64a27
SHA3 6c3b9075d4c46f1a6f925d869402958ffca1a348d21f584224c7a826d2d5fb06
SSDeep 6144:1hVO0GcX+JsQ8IFwoadCWU8L0Hn9XZL9OH8q6Lv:1IJ1FwoadCWU8k9XOcq6Lv
Imports Hash 6bdc64139991f7b5c604b26991377055

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2013-Oct-18 09:26:29
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x2b200
SizeOfInitializedData 0x30400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001A388 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2d000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x63000
SizeOfHeaders 0x400
Checksum 0x6609e
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0788b85fff7592926ad4c9dfa3a8aefe
SHA1 dad2f0d76d95225a662d7b03694146e5690f6429
SHA256 e910dfec7d77e1260ceeaf734fbb2d2730d258216b2a1cc53233ad5e758c62fd
SHA3 e4085090e366765eba2b5d75070c3be9dbf3af8182dd5f0370bef4a74906be19
VirtualSize 0x2b09b
VirtualAddress 0x1000
SizeOfRawData 0x2b200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.58849

.rdata

MD5 3a4301a4b5cfc89272739d8f66097746
SHA1 1fe4e6b9b123bb8923ed20214722f50d7d88f124
SHA256 f01d8d23b52c4d4a615e259550934f2107782168cd9f6d15d9d2e9f0e56faf61
SHA3 58c9c4b6d9716d5aa2cd7384d02e51d9e3273ee9ef6f5839235873efcc8c49a9
VirtualSize 0xac74
VirtualAddress 0x2d000
SizeOfRawData 0xae00
PointerToRawData 0x2b600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71362

.data

MD5 d39bff07ed543b8f43c4fec2a43af49e
SHA1 9ae8b09c579797c7de072cf6932c931293dff3c9
SHA256 7e4acdbf263b1ed884fc1225f2e46cc2db9777694851fd7c9896dc40b43fbe27
SHA3 aade657308b8443598c1bbfaccdbd61bf18c835e556532c3f5566bd54de26ec9
VirtualSize 0x60fc
VirtualAddress 0x38000
SizeOfRawData 0x2400
PointerToRawData 0x36400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.04135

.rsrc

MD5 985aa841a3a352ba4fd138c4ca9215b1
SHA1 3f0c362f0c160da91c8c0a0689e2383d1522bcb2
SHA256 937217c83ee97fd7b6f01f9f3f21684787bbbcea918c5b127e03669382bc9373
SHA3 30689b8cc9a06cff554cdc9f5c135d36126513ef9d32ace20fcd5a3f6d5b9162
VirtualSize 0x1b770
VirtualAddress 0x3f000
SizeOfRawData 0x1b800
PointerToRawData 0x38800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.52267

.reloc

MD5 dff85594ac34dfcc06ce54194cc03fce
SHA1 c7a2f9979c3e1c818b27c05646f170d6ec7004a2
SHA256 c3e576edeaefe0825bc548ce4032408f69b6dc1c6c1d0d9259d0f84b7a1fe5f5
SHA3 9bfe7946946f95f0dbb3be3c73df36a1cacf7d7c3c52bcac1b741c2e765f00b0
VirtualSize 0x7940
VirtualAddress 0x5b000
SizeOfRawData 0x7a00
PointerToRawData 0x54000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.34666

Imports

KERNEL32.dll FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
FreeEnvironmentStringsW
CreateFileW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
WritePrivateProfileStringW
GetModuleHandleA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
GetCurrentProcessId
SetErrorMode
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
lstrlenA
lstrcmpA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
GetProcAddress
GetVersionExA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
SetFilePointer
ReadFile
WriteFile
SetConsoleOutputCP
GetConsoleOutputCP
WideCharToMultiByte
GetFileType
FlushFileBuffers
ExpandEnvironmentStringsW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameW
ExitProcess
LocalFree
GetLastError
FormatMessageW
GetStdHandle
CreateThread
Sleep
GetModuleHandleW
GetCommandLineW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
GetEnvironmentStringsW
SizeofResource
USER32.dll CharUpperW
SetCursor
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
DestroyMenu
ShowWindow
SetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
GetWindowThreadProcessId
IsWindowEnabled
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
GetMessageW
GetCursorPos
ValidateRect
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
GetActiveWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
EnableWindow
SetForegroundWindow
IsWindowVisible
GetClientRect
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
LoadBitmapW
DispatchMessageW
CharToOemBuffW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongW
GetWindowLongW
GetMenu
PtInRect
CopyRect
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
GetDlgCtrlID
SendMessageW
DefWindowProcW
CallWindowProcW
CheckMenuItem
GDI32.dll DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
PtVisible
COMDLG32.dll GetFileTitleW
WINSPOOL.DRV DocumentPropertiesW
OpenPrinterW
ClosePrinter
ADVAPI32.dll RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
CreateProcessWithLogonW
SHLWAPI.dll PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
ole32.dll CoDisconnectObject
StringFromGUID2
CoGetObject
CoCreateInstance
CLSIDFromProgID
CoInitialize
OLEAUT32.dll SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocStringLen
VariantChangeType
LoadTypeLibEx
LoadRegTypeLib
SysAllocString
SysStringLen
LoadTypeLib
OLEACC.dll (delay-loaded) LresultFromObject
CreateStdAccessibleObject

Delayed Imports

Attributes 0x1
Name OLEACC.dll
ModuleHandle 0x3ced0
DelayImportAddressTable 0x3a3ec
DelayImportNameTable 0x36454
BoundDelayImportTable 0x36490
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

129

Type RT_BITMAP
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2c0c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95787
MD5 9ffd454de11313050e8257da12b21210
SHA1 fb86a68b2e820e570347633c1c59c127525bd520
SHA256 d92810aae15bedc4ff585dcb7996e9d614cc04ecd6ce1e636bd313a67ce41f80
SHA3 f889cac2e65ce5ea56c473b3185d6a074651e8124b632672fc0e975b9540cc2a
Preview

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.93426
MD5 a5d9d05c16b5c0d420a274a49b3fe928
SHA1 8ffc748ad3aa00b4c1d678c72baa27f5b44786ce
SHA256 e3fa75d2fffd80b634a8e7d0c2f5b68c632c0c9061429b2e411bded37b6fcec2
SHA3 cdb239f1b8b5f7c107aca2069a388357e0773b0d03cda4bfa4c571d66f37c29f

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.35073
MD5 06d7ccd7773049cc7f35f2ba2f548eb9
SHA1 35277640d69ba0470075722da9506ca6b6410a75
SHA256 73d3f4cb8a64c039fe5f02879fd47568b812e215ad9f99187a32a5d83c171d34
SHA3 64de0ae1731b50b3c2f60be6d22a6294571b86eaab5ffaea84734647d68e16e3

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.16542
MD5 6f29ff146f83ebf8579e2778c17e2db6
SHA1 79ffe4b89e9dc54a78a5ad8c0b279712f452eb2d
SHA256 bfc7347830c6f689020f4703e672fce541a7db1ed8aac4b451a7a63cd3779da1
SHA3 90449a8bbb48f8bc98c0d230b58b3ea070112fdff5c627e6ecdbe694d72f6057

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.93921
MD5 d42c4756e42bcb170384afc9fbf9a3df
SHA1 99bb910d6d0376c83c74022d3d042b29c8ac064e
SHA256 4225ddc4b5983a6f9f5d023291afca87b799e8016ba1b0dd84eef9e923a0c729
SHA3 d989267d2e61a1ced91ed459c2b42cf4e7dcb5dda949c523ab2da29b1380ecfa

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.76846
MD5 1844be0a8196eead6fe49c89b9cc9d75
SHA1 2ae6e7c7d4a3d284883ab5f59f8f7a6e6209eff7
SHA256 44fb02a00bc7f8f666eda208beeeacfa0787071c38d692e7a4af2ea1eecdf6fe
SHA3 ac38111bab25e46c237c28e082347ed7dd672b7b8607f6b0a1008c4e0d2e6ebe

7

Type RT_STRING
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x32
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.34631
MD5 d7427cb04032d50a841bb7c5c680962d
SHA1 51bd209ad7979344174165dc524ca687d59e8000
SHA256 6554cb12afbaf7283a3cdd5043d0cad6ab527d295f1d2c43ca5315b6e2d8bece
SHA3 864d3d8a1913b5d59d53f58ad237d946c190a93208ef81b68123dfc2f7805d2a

131

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.60989
Detected Filetype Icon file
MD5 5bc94db1418308989abd06b59fe50c51
SHA1 3a65ad4296230691da11a7d5824e6d486010e776
SHA256 f4764d2d9673399ab75524314a3ba694597cc6a3e13c945cd64c9e9377ba0b86
SHA3 bfe41d0d41787b42332259d688832dcd7f2721f203a850236109ee5a49e008f4

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x224
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.6162
MD5 3dcf7dacf1b7dc85c9f2a8a16ddafc7c
SHA1 a107589eccf042a68661c431c3d10e8314f65203
SHA256 2f0702e0625f0e14618a86628badc9fdc0e9836833a16173ab4888c497f6c2fe
SHA3 6c631ea5471721ac8cdf6c016e7f67660105ac7a2d52c504ddd3e9b9df0dc267

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x135
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.73611
MD5 92f3a9f02d0131665dfbf43178074163
SHA1 ba06eef437b8e0f863845b97c4520049dc15600f
SHA256 3eabe5c61601019c882f1ed98db32940c81f7902450446faf8f464dd0e44e23c
SHA3 814014b5834bcd20ed640de2d917542f64c17ceccb8c1586ef2c35ee53fa43d5

String Table contents

mycscript

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.0.0.0
ProductVersion 2.0.0.0
FileFlags VS_FF_DEBUG
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
FileVersion (#2) 2, 0, 0, 0
ProductVersion (#2) 2, 0, 0, 0
LegalCopyright Copyright (C) 2021
FileDescription FSScanConfig v2.0
ProductName FSScanConfig
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x438dd4
SEHandlerTable 0x433e70
SEHandlerCount 115

RICH Header

XOR Key 0x632ec4c9
Unmarked objects 0
C objects (VS2012 build 50727 / VS2005 build 50727) 8
Imports (VS2012 build 50727 / VS2005 build 50727) 21
Total imports 520
ASM objects (VS2008 SP1 build 30729) 25
C objects (VS2008 SP1 build 30729) 150
C++ objects (VS2008 SP1 build 30729) 130
C++ objects (VS2008 build 21022) 3
138 (VS2008 SP1 build 30729) 8
Linker (VS2008 build 21022) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors