Manalyze report for cee3e2be53a32823e7bc03652076dfdef99003fd7336619c1f878d7dd6ae7527

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-May-26 08:47:21
Detected languages	Spanish - Spain (International sort)
Comments	LENA Road Sign Design Software
CompanyName	MOST Enginyers, S.L.
FileDescription	LENA
LegalCopyright	Â© 2024 by MOST Enginyers, S.L.
LegalTrademarks	LENAÂ®
ProductName	LENA
FileVersion	`2.24.0004`
ProductVersion	`2.24.0004`
InternalName	Lena
OriginalFilename	Lena.exe

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: crl.globalsign.com crl.globalsign.net globalsign.com globalsign.net http://crl.globalsign.com http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0 http://crl.globalsign.com/gsextendcodesignsha2g3.crl0 http://crl.globalsign.com/root-r3.crl0b http://crl.globalsign.net http://crl.globalsign.net/root-r3.crl0 http://ocsp2.globalsign.com http://ocsp2.globalsign.com/gsextendcodesignsha2g30U http://ocsp2.globalsign.com/gstimestampingsha2g20 http://ocsp2.globalsign.com/rootr306 http://secure.globalsign.com http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0 http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0 https://www.globalsign.com https://www.globalsign.com/repository/0 https://www.globalsign.com/repository/06 ocsp2.globalsign.com secure.globalsign.com www.globalsign.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256`
Suspicious	The PE is possibly packed.	`Section .text is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: CreateProcessA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Enumerates local disk drives: GetDriveTypeA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`30cba890d84484bef64fb6b823e54100`
SHA1	`d53b447ab65b33fac131fc10205a1837a39fe1ce`
SHA256	`cee3e2be53a32823e7bc03652076dfdef99003fd7336619c1f878d7dd6ae7527`
SHA3	`35860fecfaed4905af1416665ab37815e4349189b1ef1c880ea7f4edb973512a`
SSDeep	`98304:fAPZpxSyniz7XHM90PTtUsdip4ptwOoKeHEk:fAPnYPXUUJtf0Ek`
Imports Hash	`66827239a8b583771eaa150c46da7463`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2024-May-26 08:47:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.24`
SizeOfCode	`0x376000`
SizeOfInitializedData	`0x18000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00386F10 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x33a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`2.18`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x38f000`
SizeOfHeaders	`0x1000`
Checksum	`0x380b09`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`603da548abd643b78b055323d4ec5b05`
SHA1	`0a5598f8b06bbd274841a105546f857b5b0f4c80`
SHA256	`cc9137bc50a3304cea731797e97681a110d4c45c84dd3b7baaa41add71738e48`
SHA3	`c2f0304ff2d87f1c30141ec5b4a28835f3ef1cc2b95866eac43824ee71e53c49`
VirtualSize	`0x3389bc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x339000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99991`

.data

MD5	`ac0e78fb330b36957923498a0c0f88ac`
SHA1	`775db338f66cc7a34d28d5245201a8e85979c5f4`
SHA256	`4870abc2fab93c74b47f3b96f71b8a7373dd9eed770ad492a8fde47be36a00fa`
SHA3	`9ae6f4ec54b55c2d4c94c9f441ee9be97d2a9a978ae8a5b1caf95bf81dd38b6c`
VirtualSize	`0x10b74`
VirtualAddress	`0x33a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x33a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.95912`

.rsrc

MD5	`457d1bb1a8979534e483ef46996b518a`
SHA1	`3e4cf78879d4d51980b913d2cb0ba7ab4c7ead06`
SHA256	`0f96ed511caa3ccbd157cd3900b3183bad510b96f60c39a0accac6e3544fecd5`
SHA3	`34af2cd2e01abe48547a0c725ddc3b89758c57a6d2e8cd71174f928dd64ae41c`
VirtualSize	`0x4ef0`
VirtualAddress	`0x34b000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x33b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.54097`

.text (#2)

MD5	`9a7717b5043f81356bbb997b5c15196f`
SHA1	`fe4f6bff2703a4ad31b5f04047dd28537fb05d35`
SHA256	`6bf9682f7ee1e11769a0bc51a855660969f4cd3abc81514b2d4d8909ea74794d`
SHA3	`dcb50bc1d7ecd7c13f549d5951cbaa2b48965b3dc55244d040d3ce36104f3bd4`
VirtualSize	`0x3c176`
VirtualAddress	`0x350000`
SizeOfRawData	`0x3d000`
PointerToRawData	`0x340000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.08765`

.idata

MD5	`1a44c915b2aa32d4e890265f81d2c603`
SHA1	`49014797ad4aba0af08605508a9650eac3f2446c`
SHA256	`aa4f177dd72eaaf4799ae7fee323648bc6afc84822ab5b11a75fe8bda7144110`
SHA3	`bd6f5550ffcd194d0a821353a80b505ce1ae3cba912a7cf81ad64751a72bc073`
VirtualSize	`0x14de`
VirtualAddress	`0x38d000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x37d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.85707`

Imports

MSVBVM60.DLL	`__vbaVarTstGt` `__vbaVarSub` `#582` `#690` `#583` `__vbaStrI2` `__vbaR8ForNextCheck` `#584` `_CIcos` `_adj_fptan` `#585` `__vbaVarMove` `__vbaStrI4` `#586` `__vbaRedimPreserveVar` `__vbaVarVargNofree` `__vbaAryMove` `#587` `__vbaFreeVar` `__vbaLineInputStr` `__vbaLenBstr` `__vbaStrVarMove` `__vbaLateIdCall` `__vbaVarIdiv` `__vbaFreeVarList` `__vbaPut3` `__vbaEnd` `_adj_fdiv_m64` `__vbaAryRecMove` `__vbaVarIndexStore` `#621` `__vbaGetFxStr3` `__vbaFreeObjList` `#516` `__vbaR8Sgn` `__vbaVarFix` `__vbaVarTextTstLt` `__vbaStrErrVarCopy` `_adj_fprem1` `__vbaRecAnsiToUni` `#518` `#626` `__vbaVarTextCmpGt` `__vbaI2Abs` `__vbaResume` `__vbaForEachCollAd` `__vbaStrCat` `__vbaLsetFixstr` `#553` `#660` `__vbaVarTextTstEq` `__vbaSetSystemError` `__vbaRecDestruct` `__vbaNameFile` `#662` `__vbaHresultCheckObj` `#556` `__vbaLenVar` `_adj_fdiv_m32` `__vbaAryVar` `#666` `__vbaAryDestruct` `__vbaVarIndexLoadRefLock` `__vbaLateMemSt` `#593` `__vbaStrBool` `__vbaForEachCollObj` `__vbaBoolStr` `__vbaExitProc` `#594` `__vbaI4Abs` `__vbaObjSet` `#595` `__vbaOnError` `#596` `_adj_fdiv_m16i` `#597` `__vbaObjSetAddref` `_adj_fdivr_m16i` `#598` `__vbaVarIndexLoad` `__vbaFpR4` `__vbaStrFixstr` `#520` `__vbaBoolVar` `__vbaFPFix` `__vbaStrTextCmp` `__vbaEraseKeepData` `__vbaVarTstLt` `__vbaRefVarAry` `__vbaFpR8` `__vbaBoolVarNull` `_CIsin` `__vbaErase` `#709` `__vbaVarCmpGt` `__vbaVargVarMove` `#632` `__vbaNextEachCollObj` `__vbaChkstk` `__vbaCyVar` `#526` `__vbaFileClose` `EVENT_SINK_AddRef` `__vbaVarAbs` `#528` `__vbaGenerateBoundsError` `__vbaGet3` `__vbaStrCmp` `#529` `__vbaAryConstruct2` `__vbaVarTstEq` `__vbaPutOwner3` `#560` `__vbaR4Str` `__vbaObjVar` `#561` `__vbaI2I4` `__vbaPrintObj` `DllFunctionCall` `__vbaVarLateMemSt` `#670` `__vbaVarOr` `__vbaFpUI1` `__vbaCastObjVar` `__vbaRedimPreserve` `__vbaStrR4` `_adj_fpatan` `__vbaR4Var` `__vbaR4Cy` `__vbaVarTextCmpLt` `__vbaLateIdCallLd` `__vbaR8Cy` `__vbaRedim` `__vbaStrR8` `__vbaRecUniToAnsi` `EVENT_SINK_Release` `__vbaNew` `__vbaVarTextTstNe` `#600` `__vbaUI1I2` `_CIsqrt` `__vbaRedimVar` `__vbaLateIdCallSt` `__vbaVarAnd` `EVENT_SINK_QueryInterface` `#710` `__vbaStrUI1` `__vbaUI1I4` `__vbaVarTextCmpEq` `__vbaVarMul` `__vbaExceptHandler` `#711` `__vbaPrintFile` `__vbaStrToUnicode` `#712` `_adj_fprem` `_adj_fdivr_m64` `#607` `__vbaLateIdStAd` `__vbaI2Str` `__vbaVarDiv` `#714` `#530` `#608` `__vbaFPException` `__vbaInStrVar` `__vbaGetOwner3` `__vbaStrVarVal` `__vbaUbound` `__vbaVarCat` `__vbaDateVar` `__vbaLsetFixstrFree` `__vbaI2Var` `#644` `#645` `_CIlog` `__vbaErrorOverflow` `__vbaFileOpen` `#570` `__vbaVarLateMemCallLdRf` `__vbaNew2` `__vbaR8Str` `#648` `__vbaInStr` `#571` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `#573` `__vbaStrCopy` `__vbaI4Str` `#681` `__vbaVarNot` `__vbaVarCmpLt` `__vbaFreeStrList` `#576` `__vbaVarTextTstGt` `_adj_fdivr_m32` `#577` `__vbaR8Var` `__vbaPowerR8` `_adj_fdiv_r` `#578` `#685` `#100` `__vbaVarTstNe` `__vbaI4Var` `#689` `__vbaVarCmpEq` `#610` `__vbaLateMemCall` `__vbaAryLock` `__vbaVarAdd` `__vbaStrToAnsi` `__vbaVarDup` `__vbaVerifyVarObj` `__vbaFpI2` `#614` `__vbaVarMod` `__vbaVarCopy` `__vbaFpI4` `__vbaRecDestructAnsi` `__vbaR8IntI2` `#617` `__vbaLateMemCallLd` `_CIatan` `__vbaAryCopy` `__vbaStrMove` `__vbaCastObj` `__vbaPutFxStr3` `__vbaR8IntI4` `__vbaStrVarCopy` `#619` `__vbaVarNeg` `_allmul` `__vbaLateIdSt` `__vbaLateMemCallSt` `__vbaAryRecCopy` `__vbaVarTextCmpNe` `_CItan` `__vbaNextEachCollAd` `#546` `__vbaFPInt` `__vbaUI1Var` `__vbaAryUnlock` `_CIexp` `__vbaRecAssign` `__vbaFreeObj` `__vbaFreeStr` `#581`
KERNEL32.dll	`FreeLibrary` `GetLastError` `GetWindowsDirectoryA` `GetVersionExA` `LocalFree` `LocalAlloc` `GetTickCount` `GetSystemTime` `CreateFileA` `ReadFile` `WriteFile` `GetFileSize` `SetFilePointer` `CloseHandle` `DeleteFileA` `SetFileAttributesA` `RemoveDirectoryA` `FindNextFileA` `FindFirstFileA` `GetFileAttributesA` `CreateDirectoryA` `ReleaseMutex` `WaitForSingleObject` `CreateMutexA` `GetEnvironmentVariableA` `GetCurrentThreadId` `GlobalFree` `GlobalAlloc` `VirtualProtect` `GetSystemInfo` `GetModuleFileNameA` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `GetComputerNameA` `LoadLibraryA` `GetLogicalDrives` `GetDriveTypeA` `FileTimeToSystemTime` `MultiByteToWideChar` `GetModuleHandleA` `ResumeThread` `GetUserDefaultLangID` `GetCurrentProcess` `TlsSetValue` `LeaveCriticalSection` `EnterCriticalSection` `TlsGetValue` `GetExitCodeProcess` `CreateProcessA` `GetCurrentProcessId` `Sleep` `RaiseException` `TlsAlloc` `InitializeCriticalSection` `SuspendThread` `WaitForMultipleObjects` `DuplicateHandle` `GetCurrentThread` `WideCharToMultiByte` `SetLastError` `GetFileInformationByHandle` `VirtualQuery` `VirtualAlloc` `VirtualFree` `ExitProcess` `CreateEventA` `TlsFree` `SetEvent` `GetProcAddress` `HeapFree` `HeapReAlloc` `GetProcessHeap` `DeviceIoControl` `HeapAlloc`
USER32.dll	`GetUserObjectInformationA` `MessageBoxW` `GetProcessWindowStation`
ADVAPI32.dll	`InitializeSecurityDescriptor` `FreeSid` `AllocateAndInitializeSid` `GetUserNameA` `SetSecurityDescriptorDacl`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x568`
TimeDateStamp	2024-May-26 08:47:20
Entropy	`1.99128`
MD5	`5347b8c978501a448d8896dc9ccdc884`
SHA1	`3b1017f6012261be2fe992a9b17aeb002530858f`
SHA256	`6cfe6600d7be7698e53dba13c0bef4b058e33e5c7ec882af16a8572d4aa2dbfe`
SHA3	`2aa52aa838363316b0193b7c7f4ce1d84bd1983c3563a7350819b090f406eaf5`

30002

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x25a8`
TimeDateStamp	2024-May-26 08:47:20
Entropy	`3.43244`
MD5	`26d6bdb5aa085b120b950b270e5cc81e`
SHA1	`efacc15289f17458b2aab403870c3607a53d2598`
SHA256	`fba57b5912a1a45bde3b3f6cac7b234cfd1c359634534dce15bc690a4bd02752`
SHA3	`49b60b4d5426244fd185d90796f6eba4804c5d1e7059add4932eb4131feb449b`

30003

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x10a8`
TimeDateStamp	2024-May-26 08:47:20
Entropy	`3.50822`
MD5	`e450c7d6f5536e4861650c81554c4563`
SHA1	`7d557419ea0bc8b95407fa8ba05435baff3694e5`
SHA256	`2902eb5b93109ca389a11d2dae70b0446ee1b15f02319ed9c2755eb0d364a55c`
SHA3	`9e801b59fdb258bd002bf4625454bc0950b18c201d1b70b0414cefb53703daa4`

30004

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x988`
TimeDateStamp	2024-May-26 08:47:20
Entropy	`3.74137`
MD5	`9bd41a675dd7bcc5cfeec08b6d061a5e`
SHA1	`92d02d678a2ecfd4641b69999caa9b109adff515`
SHA256	`91dd13bb80256f105fd89f4d004e437150a18b545fc796a6722abfac96efd6df`
SHA3	`d3774648839baf2ed5df367a0a87efca2d55f3b5fcea70f361c993d0cb86d735`

30005

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x468`
TimeDateStamp	2024-May-26 08:47:20
Entropy	`3.8692`
MD5	`2c460240bc5e7d23f980ee2ca9ec5aa4`
SHA1	`359eb35f555e9f2311d143f0bf256e5c7816a391`
SHA256	`a6ed8ef12f580a1e11fc744212813f9fc354bd9017fc2132cb9674024ae78dfe`
SHA3	`1f6987ff087b28a4a051aa3f9f6b865294973216d7a7714eb37a1fd0fb2f5349`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x4c`
TimeDateStamp	2024-May-26 08:47:20
Entropy	`3.12671`
Detected Filetype	Icon file
MD5	`20bc57c0c0ee907def3499c914ab7b65`
SHA1	`6ceab286d4c66cc2d621a6c15b3321200c1f7ce2`
SHA256	`8b4c4258a144d6a944ac70a242b8c982c63a741a7ef411b31bc17452c071ff84`
SHA3	`5729c1b6a413b76ff61cb81a808d05d99d9f9c514d872555d9f7f94ddb354221`

1 (#2)

Type	`RT_VERSION`
Language	Spanish - Spain (International sort)
Codepage	Unicode (UTF 16LE)
Size	`0x34c`
TimeDateStamp	2024-May-26 08:47:20
Entropy	`3.37363`
MD5	`f3a07e307e384ed0312dedf123947182`
SHA1	`b5dbb64250faa21e4550c729216daa0f954077e8`
SHA256	`8d00553b1332847e3e4ee2383c995c9fba187f90c2a6584f45ac7d8b921a38bb`
SHA3	`ce83675319717c82103a1c8d12e8af0b2a87edc3141a3cb28d441ee85e2630de`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.24.0.4
ProductVersion	2.24.0.4
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Spanish - Spain (International sort)
Comments	LENA Road Sign Design Software
CompanyName	MOST Enginyers, S.L.
FileDescription	LENA
LegalCopyright	Â© 2024 by MOST Enginyers, S.L.
LegalTrademarks	LENAÂ®
ProductName	LENA
FileVersion (#2)	2.24.0004
ProductVersion (#2)	2.24.0004
InternalName	Lena
OriginalFilename	Lena.exe

Resource LangID	Spanish - Spain (International sort)

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xb005be24`
Unmarked objects	`0`
14 (7299)	`1`
9 (8783)	`55`
13 (VS98 SP6 build 8804)	`1`

Errors

Leave a comment

No comments yet.