f9e8c363c597113916297c23b0a6c47d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Jul-05 12:47:55
Detected languages Chinese - PRC
Comments CCCCCCCCCCCCCCCCCCC
CompanyName Rockstar Games
FileDescription CCCCCCCCCCCCCCCCCCC
LegalCopyright CCCCCCCCCCCCCCCCCCC
LegalTrademarks CCCCCCCCCCCCCCCCCCC
ProductName CCCCCCCCCCCCCCCCCCC
FileVersion 1.09.0005
ProductVersion 1.09.0005
InternalName Dantonesque3
OriginalFilename Dantonesque3.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic 5.0
Microsoft Visual Basic v5.0/v6.0
Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual Basic v6.0
Malicious VirusTotal score: 17/64 (Scanned on 2017-07-07 00:09:18) Bkav: HW32.Packed.3044
CrowdStrike: malicious_confidence_100% (D)
Invincea: heuristic
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9997
Symantec: ML.Attribute.HighConfidence
TrendMicro-HouseCall: Mal_Cerber-VB2b
ClamAV: Win.Trojan.VBPacked-6042739-0
Rising: Trojan.GenKryptik!8.AA55 (cloud:3LyY5VFg5OK)
Sophos: Mal/FareitVB-M
TrendMicro: Mal_Cerber-VB2b
Ikarus: Trojan.VB.Crypt
Endgame: malicious (high confidence)
Cylance: Unsafe
ESET-NOD32: a variant of Win32/GenKryptik.ANNB
Tencent: Win32.Trojan.Inject.Auto
SentinelOne: static engine - malicious
Qihoo-360: HEUR/QVM03.0.4F77.Malware.Gen

Hashes

MD5 f9e8c363c597113916297c23b0a6c47d
SHA1 fc87cb95bd87bbfaf2b307ff57c999f4c777a1a5
SHA256 bd1d5c4a19a63068322b37b920ad862e80b49faee9a69dc4c89a93569ba44349
SHA3 b2f5dc6fae80c7e09fd4f9a45e2b7e814a2aab8c8c58011a63eb3fc14e3c2cc0
SSDeep 3072:t1M8rAjq4M7C+eiOqhRmYmw8cfDF4yj8e8A5u29:wLq4MW+eivf7TF4yApA5u2
Imports Hash 02df838a5a3a2029a063e01d1d07d591

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Jul-05 12:47:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.9
SizeOfCode 0x25000
SizeOfInitializedData 0x8000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000139C (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x26000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.9
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2e000
SizeOfHeaders 0x1000
Checksum 0x3ac1a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8d51a37092b52547bd09427c0b94150b
SHA1 acf53573df14ceb6cd3dda2121b1dc2a449c653f
SHA256 c16c870cf4e9dd1b9070f9f3ae2b95934d4baee40393c844a1faf6bc221327eb
SHA3 ae4255e8bb43e5db460860ffc58caf4953cb01916929a4221757c6ac5faa4c5d
VirtualSize 0x248d0
VirtualAddress 0x1000
SizeOfRawData 0x25000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.98165

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563
VirtualSize 0x37f0
VirtualAddress 0x26000
SizeOfRawData 0x1000
PointerToRawData 0x26000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 5735a1dd34ba9e3168a0c0cb6490f6c4
SHA1 f3d052bcf38a629013a5afea9937518411db344b
SHA256 4ba61663f35173dd74703f8078dd5ee9b6f0751a7a4ad83f40da0f87592dcfda
SHA3 df980ef5e576f922047df837a22b62e3bc1caf56f558141bf81d5ad89b9c7328
VirtualSize 0x3fe4
VirtualAddress 0x2a000
SizeOfRawData 0x4000
PointerToRawData 0x27000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.4692

Imports

MSVBVM60.DLL __vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
#695
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
#698
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
#662
#663
_adj_fdiv_m32
__vbaAryDestruct
#593
__vbaVarForInit
#596
_adj_fdiv_m16i
_adj_fdivr_m16i
#521
__vbaFpR8
_CIsin
#631
__vbaChkstk
EVENT_SINK_AddRef
#527
__vbaStrCmp
__vbaVarTstEq
DllFunctionCall
#672
_adj_fpatan
#675
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
#710
__vbaExceptHandler
#712
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
#609
__vbaFPException
__vbaStrVarVal
__vbaDateVar
__vbaI2Var
_CIlog
#539
__vbaNew2
__vbaInStr
#571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
#100
#687
__vbaI4Var
#610
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
__vbaVarMod
_CIatan
__vbaStrMove
#540
__vbaR8IntI4
#650
#543
_allmul
#651
_CItan
#546
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 2017-Jul-05 12:47:55
Entropy 5.388
MD5 7ccee8d305bbbb9bc0545a19d81fe79a
SHA1 77998e698330c39168103187754786fd2cc61670
SHA256 19c97938055c8e71f093e5e9e9748b6b2b7cf97fc630e2b2bcee3bd4383869d5
SHA3 140c139ee74b1884b9f6d45d574ddeef84e548e83c8d3ae4ce3cb060ad82a412

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 2017-Jul-05 12:47:55
Entropy 5.38894
MD5 1f9640b76e3f14d3ea860267d02a5307
SHA1 07ba5b06c0148e3197e9d1ecf0b4df8d4014fcb2
SHA256 d11b767d92076ff0033d9d5bbcb1b9d3f1fce7c66614e49e94cc33fb47c7b02d
SHA3 16d6df781b179b2a7a88c51e168bf3497a703dd8651c19225557bb454bd11fce

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 2017-Jul-05 12:47:55
Entropy 5.28889
MD5 998502fb8fc3ca258371cff2f9a8f7cf
SHA1 46725f46c05201708b216caeff0ec5d96a8c0800
SHA256 43ef7d5cff1ebc2188a157a5e65e61bfaeda6f5527330cd8988d1d512ea2e845
SHA3 ef36547b60db89c9076207ff452fc97e3c864cefd9ba835e5b82e44437ad3f29

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x30
TimeDateStamp 2017-Jul-05 12:47:55
Entropy 2.45849
Detected Filetype Icon file
MD5 409e1724611e0bc39356e2f58888db55
SHA1 c06c0e66cc2f7956256e2f018aa0294bfa914960
SHA256 6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210
SHA3 315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9

1 (#3)

Type RT_VERSION
Language Chinese - PRC
Codepage Unicode (UTF 16LE)
Size 0x3b4
TimeDateStamp 2017-Jul-05 12:47:55
Entropy 3.14873
MD5 642a1f8ea02d763f561f75c9469919a3
SHA1 aeb9eac5ca2aca8d780d06c160484c9568310bee
SHA256 c5dab46b2956aa8b61dca507aff4c462d5545ef7928bb121bee24cc3ec6117fb
SHA3 323af9d4f78b05ff2ce8b8cba361f7357feb2d2d4e03e5bedaf95a843ae633e3

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.9.0.5
ProductVersion 1.9.0.5
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language Chinese - PRC
Comments CCCCCCCCCCCCCCCCCCC
CompanyName Rockstar Games
FileDescription CCCCCCCCCCCCCCCCCCC
LegalCopyright CCCCCCCCCCCCCCCCCCC
LegalTrademarks CCCCCCCCCCCCCCCCCCC
ProductName CCCCCCCCCCCCCCCCCCC
FileVersion (#2) 1.09.0005
ProductVersion (#2) 1.09.0005
InternalName Dantonesque3
OriginalFilename Dantonesque3.exe
Resource LangID Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x8d16e113
Unmarked objects 0
14 (7299) 1
9 (8783) 7
13 (VS98 SP6 build 8804) 1

Errors

<-- -->