c5dc660b8acecaa9f5cffef60dd74df8

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2003-Jan-07 23:34:33
Detected languages English - United States
Comments Broacher4
CompanyName neil9
FileDescription Radiothermy3
LegalCopyright TIMOLEON6
LegalTrademarks eringos
ProductName Raznix
FileVersion 1.01.0003
ProductVersion 1.01.0003
InternalName jicaltepec10
OriginalFilename jicaltepec10.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic 5.0
Microsoft Visual Basic v5.0/v6.0
Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual Basic v6.0
Info The PE is digitally signed. Signer: Oriental software express
Issuer: Oriental software express
Malicious VirusTotal score: 7/65 (Scanned on 2019-04-09 09:42:38) FireEye: Generic.mg.c5dc660b8acecaa9
McAfee: Packed-FSK!C5DC660B8ACE
Endgame: malicious (high confidence)
Invincea: heuristic
Rising: Trojan.Injector!1.B459 (CLASSIC)
Cybereason: malicious.7d4411
CrowdStrike: win/malicious_confidence_90% (D)

Hashes

MD5 c5dc660b8acecaa9f5cffef60dd74df8
SHA1 07fca707d4411ac8c27c101bc496ee1bd841902b
SHA256 13c8281d3987e5855f289026ab16e6a2b2585902cd4f77ec046e9f819f8b08f5
SHA3 3a1b3705c6b3b5199c4577520b2d8ab2ce5fa528ac2c6cf8ccbcef08cec5dc55
SSDeep 3072:QVBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBO:QjsJbMaC2WuNSki+s4XYfBG5oi
Imports Hash 179d842166d439e879ac27611e4911e7

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2003-Jan-07 23:34:33
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.1
SizeOfCode 0xd7000
SizeOfInitializedData 0x4000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000160C (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xd8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.1
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xdc000
SizeOfHeaders 0x1000
Checksum 0xe9e2a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 21987f6ef185ea24a4064a620805666f
SHA1 879093efa6d64335574b9b720ba3aef41a3aeb9c
SHA256 9ac05e803960ce43111c8e7af222e0e228a9265fac5153d220e22dfd918bf569
SHA3 4f9b3ddc3cf9d721c3368de62d850d83eda965e07ad2ec5c5a87b9d64cd1cf17
VirtualSize 0xd6b70
VirtualAddress 0x1000
SizeOfRawData 0xd7000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 2.68668

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563
VirtualSize 0xa98
VirtualAddress 0xd8000
SizeOfRawData 0x1000
PointerToRawData 0xd8000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 214b9c09f02809909c746c363fc2e532
SHA1 83eaab4edf47b821aca6f6ab8b59e21fbb110fe7
SHA256 ef545e2eef1fc686a41ffd4813460037941b2a21449eb10271caf906928c1362
SHA3 8bfec3bedb261ad084018bf1fd862f96c81e7f127b0ba7ddeabcb23e4703b6a8
VirtualSize 0x2c76
VirtualAddress 0xd9000
SizeOfRawData 0x3000
PointerToRawData 0xd9000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.62232

Imports

MSVBVM60.DLL #582
__vbaVarTstGt
__vbaVarSub
#583
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
#695
__vbaStrVarMove
__vbaFreeVarList
#697
_adj_fdiv_m64
#698
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
#660
__vbaInStrVarB
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
#666
__vbaAryDestruct
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
#598
#521
__vbaFpR8
_CIsin
#631
#525
__vbaChkstk
__vbaFileClose
#526
EVENT_SINK_AddRef
#527
__vbaStrCmp
__vbaGet3
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
#670
#672
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaUbound
#537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
#647
__vbaNew2
#570
#648
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
#685
#100
__vbaVarTstNe
__vbaI4Var
#610
__vbaFpCy
__vbaInStrB
__vbaLateMemCall
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
#613
__vbaFpI2
#617
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
#546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
#581

Delayed Imports

30001

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x2e8
TimeDateStamp 2003-Jan-07 23:34:33
Entropy 3.27942
MD5 a0896dc5fa31f56471c9528d394936b4
SHA1 9fd8c3e9c3cfceb870a27430792ce8cafa275ce8
SHA256 1d198ffc9911f0fcd13e1a1e60afcb4474f0f7eea016edbb0f3c33f199ca48a3
SHA3 2090ae3b131c6a1a20a09becf7bfe1a11d46b177447e97d3084a103220b0b680

30002

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x128
TimeDateStamp 2003-Jan-07 23:34:33
Entropy 3.18121
MD5 44ab3dcc8fa668c0367fefc82653a5a0
SHA1 f917a71a3bc1233ea9a75a15b400641892f8b26a
SHA256 c4ca13ccc624f5de2ec3980082dd8b5868723ebcfbaf9c815e00b6a116c21c6f
SHA3 1d5e5a933938ac59a1b8d19b14de38fe492a830aecfd6ba77d6d822b7ae9212d

30003

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x8a8
TimeDateStamp 2003-Jan-07 23:34:33
Entropy 5.65977
MD5 a03c873f89d10065b469cd56bb5fdac5
SHA1 b5fe061a87cc0394d468b35c1630c9aae52878e2
SHA256 f6572d87414816bca074ce679f0ed2b73451a05f754101d83978d6bf196d2940
SHA3 b5bcd0819fa57116aafb09b8c2f23b8c0df995f89bf97b4a867f2ceb2bfecf10

30004

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x568
TimeDateStamp 2003-Jan-07 23:34:33
Entropy 3.06525
MD5 d97e4ba5a2f6d8d5f703fdd24b461f19
SHA1 9eae039ddf0da18bfaca695b575d36a8ff17a1eb
SHA256 0461b4db8c9d1a96c96efd579c60aee0409d685830be4db6329c6f757786c740
SHA3 f7f512b1708d7b05457ed43e38928beccbe438f4888cd2471f3178b7fcd8ee60

30005

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x10a8
TimeDateStamp 2003-Jan-07 23:34:33
Entropy 5.25267
MD5 d58f1813e00f654398aa4d6e0c602dfa
SHA1 11a238a5b7564211a74be693ad989ca62fd27a16
SHA256 17f5c6e478d9985bf0f7616f9d31ded6ea48eb7afec1cf63944625ce51cd743d
SHA3 a531f5bb0117ef9a05441cf61eb15103f42b67d51b021a47301ade6933f126e3

30006

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x468
TimeDateStamp 2003-Jan-07 23:34:33
Entropy 4.20967
MD5 943c1f0f6545f31c38ff729d0119f0dd
SHA1 3b21107a46e0afd87dbb8aa6c824707d744f6acd
SHA256 a38aa44daf7821ea7f0b56705026717c22835e6b41c16b2efabf074581cba69a
SHA3 723e9da46687581d30d51cf22f352f9104af3f6d5b033de71923ded96be12acc

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x5a
TimeDateStamp 2003-Jan-07 23:34:33
Entropy 3.1033
Detected Filetype Icon file
MD5 665d936c8a43eed574d044a20874649d
SHA1 3ca821a77f3a261d8969c786300143f99edb1bc3
SHA256 28a50cec6e3a46b85751ff60e16398acfeb2f3951c1a415be55b56952baf5edd
SHA3 fac7a2dce4891c35d3adfb5bcf33cbe148dad9f3713145131cead22a18acdd83

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x30c
TimeDateStamp 2003-Jan-07 23:34:33
Entropy 3.32042
MD5 b9e07895072551187f7613dde55135ef
SHA1 d6aeb67088f6aabf4ddcf00a4bba339a6cfa9942
SHA256 b73af42b726143098036323cdc1327a9ea786aac6da421133cf2307b3b22ad7b
SHA3 f7f6c516b88b1bdd42902011be999c298b584eb1a1be18e9b80d3274acb90099

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.1.0.3
ProductVersion 1.1.0.3
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments Broacher4
CompanyName neil9
FileDescription Radiothermy3
LegalCopyright TIMOLEON6
LegalTrademarks eringos
ProductName Raznix
FileVersion (#2) 1.01.0003
ProductVersion (#2) 1.01.0003
InternalName jicaltepec10
OriginalFilename jicaltepec10.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x88aa42cf
Unmarked objects 0
14 (7299) 1
9 (8783) 2
13 (VS98 SP6 build 8804) 1

Errors

<-- -->