c834ac9da8561fa2f1b19b9a26c24136

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2002-Dec-17 13:41:57
Detected languages English - United States
Comments Analyticity
CompanyName Nocht
FileDescription Fiscalize
ProductName Tem
FileVersion 6.03.0003
ProductVersion 6.03.0003
InternalName Diciest
OriginalFilename Diciest.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic v5.0/v6.0
Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual Basic v6.0
Info The PE is digitally signed. Signer: Enclose Gear 18'
Issuer: Enclose Gear 18'
Malicious VirusTotal score: 41/70 (Scanned on 2018-12-03 03:52:55) MicroWorld-eScan: Gen:Variant.Graftor.532843
CAT-QuickHeal: Trojan.Generic
McAfee: Packed-FOL!C834AC9DA856
K7GW: Trojan ( 005425fa1 )
K7AntiVirus: Trojan ( 005425fa1 )
Arcabit: Trojan.Graftor.D8216B
Invincea: heuristic
Symantec: Trojan Horse
TrendMicro-HouseCall: TrojanSpy.Win32.FAREIT.SMAL02.hp
Avast: FileRepMalware
ClamAV: Win.Malware.Generic-6763602-0
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: Gen:Variant.Graftor.532843
NANO-Antivirus: Trojan.Win32.Graftor.fksgwf
ViRobot: Trojan.Win32.Z.Graftor.2049648
Rising: Trojan.Injector!1.B459 (CLOUD)
Ad-Aware: Gen:Variant.Graftor.532843
Emsisoft: Gen:Variant.Graftor.532843 (B)
F-Secure: Gen:Variant.Graftor.532843
TrendMicro: TROJ_FRS.VSN1BK18
McAfee-GW-Edition: Packed-FOL!C834AC9DA856
Trapmine: suspicious.low.ml.score
Sophos: Mal/FareitVB-N
Cyren: W32/Trojan.MSQQ-4009
Avira: TR/Injector.olsbg
Fortinet: W32/GenKryptik.CSFG!tr
Endgame: malicious (high confidence)
Microsoft: VirTool:Win32/VBInject
ZoneAlarm: HEUR:Trojan.Win32.Generic
AhnLab-V3: Win-Trojan/VBKrypt.RP05
ALYac: Gen:Variant.Graftor.532843
MAX: malware (ai score=100)
Cylance: Unsafe
ESET-NOD32: a variant of Win32/Injector.EBXU
Tencent: Win32.Trojan.Falsesign.Sxnw
Ikarus: Trojan.VB.Crypt
GData: Win32.Trojan.Injector.UPWDVI
AVG: FileRepMalware
Panda: Trj/GdSda.A
CrowdStrike: malicious_confidence_60% (W)
Qihoo-360: Win32/Trojan.57f

Hashes

MD5 c834ac9da8561fa2f1b19b9a26c24136
SHA1 5af59c5fc1591b3eee398fe512ccc9ab178638eb
SHA256 aaeb91569230c068dc8fe47a0699612e85e4feddfe3ec3d67408b84ca0d91908
SHA3 04f56b28bb50379ad052c748a8f4e7992551ad49c61d9159790a9f481ab93549
SSDeep 24576:QfULOHzt8HZhRGAR2fCX96CJe3iFN2wiNTrIz4EwmTEetafA6lRJCBatgEmFYe0J:QAOgaRvswo97G
Imports Hash 9f2e38cecfab2b777366ac4134a01e88

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2002-Dec-17 13:41:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.3
SizeOfCode 0x1f0000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000014EC (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1f1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 6.3
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1f3000
SizeOfHeaders 0x1000
Checksum 0x1fa733
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9368d512e40215e7c433ed72701072f7
SHA1 87dcb91c867542f8dc0e8257e73fd291ea5a76f7
SHA256 7409946b93d32f617d714cdc55f82f1238a3d07e4e608b32bf6f2197a6d08428
SHA3 8f519329c9d4f81c97fc2278897755700f3c52d2f3930dfdd9ed8ec3db08e5e5
VirtualSize 0x1efc80
VirtualAddress 0x1000
SizeOfRawData 0x1f0000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.82098

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563
VirtualSize 0xa64
VirtualAddress 0x1f1000
SizeOfRawData 0x1000
PointerToRawData 0x1f1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 d8ed2e58c64b0c20b4367214e4ef9b60
SHA1 6ff0a7b088639117701e00f3dd53ace91761228c
SHA256 171336807729d9a966d7b9751b72c625c0ec7b953d00f2a0a80f95eb2926bd8e
SHA3 201a56c9ffbe594b0c0a83cda53f77b29d727cc6f7cce3deb23340eb1328f09b
VirtualSize 0xe6a
VirtualAddress 0x1f2000
SizeOfRawData 0x1000
PointerToRawData 0x1f2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.92463

Imports

MSVBVM60.DLL __vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
#526
EVENT_SINK_AddRef
#527
__vbaAryConstruct2
__vbaPrintObj
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
#608
__vbaFPException
__vbaInStrVar
__vbaGetOwner3
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
#100
__vbaI4Var
__vbaStrToAnsi
#617
_CIatan
__vbaStrMove
#618
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Delayed Imports

30001

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x748
TimeDateStamp 2002-Dec-17 13:41:57
Entropy 4.19524
MD5 251a073bcac1881022125851f2ef1b7a
SHA1 efc43c7d1ee2982e6154f718fe6e32f38c31873c
SHA256 181bc41ede2f674b2f308dced974deab9f79d566e8f0ee26d44eb009ef06f424
SHA3 426cef917b5607d7cd69adf6ef10238a9f4bccf45555e95cc2aac4a02d845b96

30002

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x368
TimeDateStamp 2002-Dec-17 13:41:57
Entropy 4.09279
MD5 114fed9d7d92c2cebbb41f1c90e84363
SHA1 b7f949ee2adf20872c584c581c87a981b99bcadd
SHA256 e44123ec944f11d5dd5f0c710695c1e5830ca42dfeb1563410d7b99ad6e080cd
SHA3 4b64a8627794d1651c6ac6eae80c34b9b7ec0665eafa638a5a869961f6b47b95

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x22
TimeDateStamp 2002-Dec-17 13:41:57
Entropy 2.71232
Detected Filetype Icon file
MD5 b1268d1342ca313cbf132b3b77759876
SHA1 d03e4a8ff4cde5ee3bc7b41c18b2c60ee1c2dac5
SHA256 27ff70633a6814c84be7f70053695fca3e30a2c19c01513006b01c7311609d57
SHA3 63212b6b2452ec93e88a8db8087c26e4ea707d367c03aa86def9e1f5101e0fb6

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x278
TimeDateStamp 2002-Dec-17 13:41:57
Entropy 3.28757
MD5 77c8a13ba4206ed6e1347108abddf910
SHA1 608b294c726ef867ff4ce6f506002f341d528559
SHA256 59d73ec1c202c2b22cf76a27ef3fa00b7f16b0746b50725c00622103116a2994
SHA3 8d48f3028fe24648c2b14a315dab6469283141eb20f4afc36d88a998a591309d

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.3.0.3
ProductVersion 6.3.0.3
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments Analyticity
CompanyName Nocht
FileDescription Fiscalize
ProductName Tem
FileVersion (#2) 6.03.0003
ProductVersion (#2) 6.03.0003
InternalName Diciest
OriginalFilename Diciest.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x8897fe31
Unmarked objects 0
14 (7299) 1
9 (8783) 1
13 (VS98 SP6 build 8804) 1

Errors

<-- -->