PREMIUM PESCAN.IO - Analysis Report |
|||||
| File Structure |
|
| Information |
Icon: Size: 340,50 KBSHA-256 Hash: E8B583F9B9433502041A8059CC32CF4A463BF5002DED06E4431DAF28A358D3CA SHA-1 Hash: ECE36E8847B94AC55CC2800C609F8F2D4220A067 MD5 Hash: 301925F7E7D865C271F1532724DB6680 Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744 MajorOSVersion: 4 CheckSum: 00000000 EntryPoint (rva): 5146 SizeOfHeaders: 200 SizeOfImage: 5A000 ImageBase: 400000 Architecture: x86 ImportTable: 50FC Characteristics: 102 TimeDateStamp: 67CEA4B8 Date: 10/03/2025 8:37:12 File Type: EXE Number Of Sections: 3 ASLR: Disabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize |
|---|---|---|---|---|---|
| .text | 60000020 (Executable) | 200 | 3200 | 2000 | 314C |
| .rsrc | 40000040 | 3400 | 51C00 | 6000 | 51ABE |
| .reloc | 42000040 | 55000 | 200 | 58000 | C |
| Description |
| InternalName: Aehjhgos.exe OriginalFilename: Aehjhgos.exe CompanyName: e-merge GmbH LegalCopyright: 1997-2007 ACE Compression Software & e-merge GmbH LegalTrademarks: 1997-2007 ACE Compression Software & e-merge GmbH ProductName: WinAce Archiver FileVersion: 2.6.9.0 |
| Entry Point |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 3346 Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 • JMP DWORD PTR [0X402000] • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: False • Version: v4.0 Detect It Easy (die) • PE: protector: Smart Assembly(-)[-] • PE: library: .NET(v4.0.30319)[-] • PE: linker: Microsoft Linker(8.0)[EXE32] • Entropy: 2.55273 |
| File Access |
| Aehjhgos.exe mscoree.dll |
| File Access (UNICODE) |
| Aehjhgos.exe |
| Interest's Words |
| Decrypt exec attrib ping |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Encryption (CreateDecryptor) |
| Text | Ascii | Encryption (CryptoStream) |
| Text | Ascii | Encryption (CryptoStreamMode) |
| Text | Ascii | Encryption (FromBase64String) |
| Text | Ascii | Encryption (ICryptoTransform) |
| Entry Point | Hex Pattern | Microsoft Visual C / Basic .NET |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 |
| Entry Point | Hex Pattern | Microsoft Visual C v7.0 / Basic .NET |
| Entry Point | Hex Pattern | Microsoft Visual Studio .NET |
| Entry Point | Hex Pattern | .NET executable |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\0 | 60CC | 128 | 34CC | 2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000D0D0D0008078 | (....... ........................................x |
| \ICON\2\0 | 6218 | 368 | 3618 | 2800000010000000200000000100180000000000400300000000000000000000000000000000000000000016100D473A334B | (....... ...........@.........................G:3K |
| \ICON\3\0 | 65A4 | 468 | 39A4 | 280000001000000020000000010020000000000000000000000000000000000000000000000000000000000016100D5B473A | (....... ..... ................................[G: |
| \ICON\4\0 | 6A30 | 2E8 | 3E30 | 2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000C8D0E0006058 | (... ...@.......................................X |
| \ICON\5\0 | 6D3C | CA8 | 413C | 2800000020000000400000000100180000000000800C00000000000000000000000000000000000000000001010100000000 | (... ...@......................................... |
| \ICON\6\0 | 7A08 | 10A8 | 4E08 | 2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000010101040000 | (... ...@..... ................................... |
| \ICON\7\0 | 8AD4 | 668 | 5ED4 | 2800000030000000600000000100040000000000000600000000000000000000000000000000000000000000D0D8E8006058 | (...0..........................................X |
| \ICON\8\0 | 9160 | 1CA8 | 6560 | 2800000030000000600000000100180000000000801C00000000000000000000000000000000000000000000000000000000 | (...0............................................ |
| \ICON\9\0 | AE2C | 25A8 | 822C | 2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (...0........ ................................... |
| \ICON\10\0 | D3F8 | A68 | A7F8 | 2800000040000000800000000100040000000000000A00000000000000000000000000000000000000000000D0C8C8002060 | (...@........................................... |
| \ICON\11\0 | DE84 | 3228 | B284 | 2800000040000000800000000100180000000000003200000000000000000000000000000000000000000000000000000000 | (...@................2............................ |
| \ICON\12\0 | 110D0 | 4228 | E4D0 | 2800000040000000800000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (...@......... ................................... |
| \ICON\13\0 | 1531C | 42028 | 1271C | 2800000000010000000200000100200000000000000000000000000000000000000000000000000000000000000000000000 | (............. ................................... |
| \GROUP_ICON\32512\0 | 57380 | BC | 54780 | 000001000D001010100001000400280100000100101000000100180068030000020010100000010020006804000003002020 | ..............(.............h........... .h..... |
| \VERSION\1\0 | 57478 | 420 | 54878 | 200434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000600 | .4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\0 | 578D4 | 1EA | 54CD4 | EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65 | ...<?xml version="1.0" encoding="UTF-8" standalone |
| Intelligent String |
| • 2.6.9.0 • Aehjhgos.exe • http://2015.filemail.com/api/file/get?filekey=orVfqhz-uZjl5vVlbV25rNJHknN2FQITiv-ZbnhRmMb9iIgOUts5Bx1c7w&pk_vid=7138c067f80045c41741584988c1eb95 |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 57555 | 16,5069% |
| Null Byte Code | 221418 | 63,5032% |
© 2025 All rights reserved.