PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 29,50 KB SHA-256 Hash: 0046AF85765F8F513FDE39B06B19F8520074224EE4E2FDE4AA438229A96779F2 SHA-1 Hash: 7395763E27C09ECAE7F296E8A969A53A544DF2B0 MD5 Hash: 265F524FF9C0FC9E16A8BFDA199D150F Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744 MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 8BAE SizeOfHeaders: 200 SizeOfImage: E000 ImageBase: 400000 Architecture: x86 ImportTable: 8B54 IAT: 2000 Characteristics: 22 TimeDateStamp: 3842CFCF Date: 29/11/1999 19:11:11 File Type: EXE Number Of Sections: 3 ASLR: Enabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000020 (Code, Executable, Readable) | 200 | 6C00 | 2000 | 6BB4 | 5,7335 | 547873,00 |
| .rsrc | 40000040 (Initialized Data, Readable) | 6E00 | 600 | A000 | 5AE | 4,0926 | 78258,33 |
| .reloc | 42000040 (Initialized Data, GP-Relative, Readable) | 7400 | 200 | C000 | C | 0,0815 | 128522,00 |
| Description |
| OriginalFilename: SslReq.exe LegalCopyright: Copyright 2020 ProductName: SslReq FileVersion: 1.0.0.3 FileDescription: SslReq Application ProductVersion: 1.0.0.3 Language: Unknown (ID=0x0) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 6DAE Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 • JMP DWORD PTR [0X402000] • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: True • Version: v4.0 Detect It Easy (die) • PE: library: .NET(v4.0.30319)[-] • PE: linker: Microsoft Linker(48.0)[-] • Entropy: 5.57934 |
| Windows REG (UNICODE) |
| Rebuilt string - SOFTWARE\Policies\Microsoft\Windows\System |
| File Access |
| SslReq.exe mscoree.dll kernel32.dll |
| File Access (UNICODE) |
| SslReq.exe \Windows\System32\cmd.exe !/c rundll32.exe |
| Interest's Words |
| exec attrib start pause hostname systeminfo rundll expand replace |
| Interest's Words (UNICODE) |
| cscript exec powershell hostname ipconfig rundll32 systeminfo rundll |
| IP Addresses |
| 14.0.0.0 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | Encryption (FromBase64String) |
| Text | Ascii | Encryption (ToBase64String) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Malicious rerouting of traffic to an attacker-controlled site (Redirect) |
| Entry Point | Hex Pattern | Microsoft Visual C / Basic .NET |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C v7.0 / Basic .NET |
| Entry Point | Hex Pattern | Microsoft Visual Studio .NET |
| Entry Point | Hex Pattern | .NET executable |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \VERSION\1\0 | A0A0 | 324 | 6EA0 | 240334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | $.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\0 | A3C4 | 1EA | 71C4 | EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65 | ...<?xml version="1.0" encoding="UTF-8" standalone |
| Intelligent String |
| • 1.0.0.3 • SslReq.exe • .lnk • .exe • C:\Windows\System32\cscript • !/c rundll32.exe • 9/c timeout 5 && echo del /f • 7/c timeout 5 && echo del /f • C:\Windows\System32\cmd.exe • _CorExeMainmscoree.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 6DAE | 402000 | .text | JMP [static] | Indirect jump to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 17511 | 57,9681% |
| Null Byte Code | 9020 | 29,8596% |
© 2026 All rights reserved.