f9e8c363c597113916297c23b0a6c47d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Jul-05 12:47:55
Detected languages Chinese - PRC
Comments CCCCCCCCCCCCCCCCCCC
CompanyName Rockstar Games
FileDescription CCCCCCCCCCCCCCCCCCC
LegalCopyright CCCCCCCCCCCCCCCCCCC
LegalTrademarks CCCCCCCCCCCCCCCCCCC
ProductName CCCCCCCCCCCCCCCCCCC
FileVersion 1.09.0005
ProductVersion 1.09.0005
InternalName Dantonesque3
OriginalFilename Dantonesque3.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic 5.0
Microsoft Visual Basic v5.0/v6.0
Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual Basic v6.0
Info The following exploit mitigation techniques have been detected Stack Canary: disabled
SafeSEH: disabled
ASLR: disabled
DEP: disabled
Malicious VirusTotal score: 17/64 (Scanned on 2017-07-07 00:09:18) Bkav: HW32.Packed.3044
CrowdStrike: malicious_confidence_100% (D)
Invincea: heuristic
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9997
Symantec: ML.Attribute.HighConfidence
TrendMicro-HouseCall: Mal_Cerber-VB2b
ClamAV: Win.Trojan.VBPacked-6042739-0
Rising: Trojan.GenKryptik!8.AA55 (cloud:3LyY5VFg5OK)
Sophos: Mal/FareitVB-M
TrendMicro: Mal_Cerber-VB2b
Ikarus: Trojan.VB.Crypt
Endgame: malicious (high confidence)
Cylance: Unsafe
ESET-NOD32: a variant of Win32/GenKryptik.ANNB
Tencent: Win32.Trojan.Inject.Auto
SentinelOne: static engine - malicious
Qihoo-360: HEUR/QVM03.0.4F77.Malware.Gen

Hashes

MD5 f9e8c363c597113916297c23b0a6c47d
SHA1 fc87cb95bd87bbfaf2b307ff57c999f4c777a1a5
SHA256 bd1d5c4a19a63068322b37b920ad862e80b49faee9a69dc4c89a93569ba44349
SHA3 990eac5b3afade147ec157891f2e31de07d9feba7c348065d94f58d4a78d6093
SSDeep 3072:t1M8rAjq4M7C+eiOqhRmYmw8cfDF4yj8e8A5u29:wLq4MW+eivf7TF4yApA5u2
Imports Hash 02df838a5a3a2029a063e01d1d07d591

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Jul-05 12:47:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.9
SizeOfCode 0x25000
SizeOfInitializedData 0x8000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x139c (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x26000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.9
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2e000
SizeOfHeaders 0x1000
Checksum 0x3ac1a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics (EMPTY)
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8d51a37092b52547bd09427c0b94150b
SHA1 acf53573df14ceb6cd3dda2121b1dc2a449c653f
SHA256 c16c870cf4e9dd1b9070f9f3ae2b95934d4baee40393c844a1faf6bc221327eb
SHA3 28b6c92d9236d65d3daa35bfd0556025384c2979d0d326ed217f39391da53a79
VirtualSize 0x248d0
VirtualAddress 0x1000
SizeOfRawData 0x25000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.98165

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a8bae11751799de4dbe638406c5c9642c0e791f2a65e852a05ba4fdf0d88e3e6
VirtualSize 0x37f0
VirtualAddress 0x26000
SizeOfRawData 0x1000
PointerToRawData 0x26000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 5735a1dd34ba9e3168a0c0cb6490f6c4
SHA1 f3d052bcf38a629013a5afea9937518411db344b
SHA256 4ba61663f35173dd74703f8078dd5ee9b6f0751a7a4ad83f40da0f87592dcfda
SHA3 3b166b277074dc34c7c8d07806596e048cd69801d4d229bdbb5d86e0f43f44b2
VirtualSize 0x3fe4
VirtualAddress 0x2a000
SizeOfRawData 0x4000
PointerToRawData 0x27000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.4692

Imports

MSVBVM60.DLL __vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
#695
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
#698
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
#662
#663
_adj_fdiv_m32
__vbaAryDestruct
#593
__vbaVarForInit
#596
_adj_fdiv_m16i
_adj_fdivr_m16i
#521
__vbaFpR8
_CIsin
#631
__vbaChkstk
EVENT_SINK_AddRef
#527
__vbaStrCmp
__vbaVarTstEq
DllFunctionCall
#672
_adj_fpatan
#675
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
#710
__vbaExceptHandler
#712
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
#609
__vbaFPException
__vbaStrVarVal
__vbaDateVar
__vbaI2Var
_CIlog
#539
__vbaNew2
__vbaInStr
#571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
#100
#687
__vbaI4Var
#610
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
__vbaVarMod
_CIatan
__vbaStrMove
#540
__vbaR8IntI4
#650
#543
_allmul
#651
_CItan
#546
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Delayed Imports

1

Type RT_VERSION
Language Chinese - PRC
Codepage Unicode (UTF 16LE)
Size 0x3b4
Entropy 3.14873
MD5 642a1f8ea02d763f561f75c9469919a3
SHA1 aeb9eac5ca2aca8d780d06c160484c9568310bee
SHA256 c5dab46b2956aa8b61dca507aff4c462d5545ef7928bb121bee24cc3ec6117fb
SHA3 b43d5602883718c6da378761ee5c81f1e0b430243f289a57d075392dd7c57fbe

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
Entropy 5.38894
MD5 1f9640b76e3f14d3ea860267d02a5307
SHA1 07ba5b06c0148e3197e9d1ecf0b4df8d4014fcb2
SHA256 d11b767d92076ff0033d9d5bbcb1b9d3f1fce7c66614e49e94cc33fb47c7b02d
SHA3 83304e879e00a67ecd754bdaf6432f42cc35e5fb77f6d7687a20238858d35899

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
Entropy 5.28889
MD5 998502fb8fc3ca258371cff2f9a8f7cf
SHA1 46725f46c05201708b216caeff0ec5d96a8c0800
SHA256 43ef7d5cff1ebc2188a157a5e65e61bfaeda6f5527330cd8988d1d512ea2e845
SHA3 0a2eeaa31767daed9bfe00ea117a41264b15052df58145ceeb526ededa798960

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.09.0005
ProductVersion 1.09.0005
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language Chinese - PRC
Comments CCCCCCCCCCCCCCCCCCC
CompanyName Rockstar Games
FileDescription CCCCCCCCCCCCCCCCCCC
LegalCopyright CCCCCCCCCCCCCCCCCCC
LegalTrademarks CCCCCCCCCCCCCCCCCCC
ProductName CCCCCCCCCCCCCCCCCCC
InternalName Dantonesque3
OriginalFilename Dantonesque3.exe
Resource LangID Chinese - PRC

TLS Callbacks

Load Configuration

Errors