PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Valid Code

File Structure:
PE chart code: - The executable header is displayed in light blue. - The executable sections are pink. - Non-executable sections are black. - Code added to executables externally to a compiler appears in red. Chart code for other files: - Printable characters are blue. - Non-printable characters (Null Bytes) are black.

Information:

Icon:

Size: 340,50 KB
SHA-256 Hash: E8B583F9B9433502041A8059CC32CF4A463BF5002DED06E4431DAF28A358D3CA
SHA-1 Hash: ECE36E8847B94AC55CC2800C609F8F2D4220A067
MD5 Hash: 301925F7E7D865C271F1532724DB6680
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
CheckSum: 00000000
EntryPoint (rva): 5146
SizeOfHeaders: 200
SizeOfImage: 5A000
ImageBase: 400000
Architecture: x86
ImportTable: 50FC
Characteristics: 102
TimeDateStamp: 67CEA4B8
Date: 10/03/2025 8:37:12
File Type: EXE
Number Of Sections: 3
ASLR: Disabled
Section Names: .text, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info:

Section Name	Flags	ROffset	RSize	VOffset	VSize
.text	60000020 (Executable)	200	3200	2000	314C
.rsrc	40000040	3400	51C00	6000	51ABE
.reloc	42000040	55000	200	58000	C

Description:

InternalName: Aehjhgos.exe
OriginalFilename: Aehjhgos.exe
CompanyName: e-merge GmbH
LegalCopyright: 1997-2007 ACE Compression Software & e-merge GmbH
LegalTrademarks: 1997-2007 ACE Compression Software & e-merge GmbH
ProductName: WinAce Archiver
FileVersion: 2.6.9.0

Entry Point:

The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 3346
Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
• JMP DWORD PTR [0X402000]
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL

Signatures:

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler:

Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
• AnyCPU: False
• Version: v4.0
Detect It Easy (die)
• PE: protector: Smart Assembly(-)[-]
• PE: library: .NET(v4.0.30319)[-]
• PE: linker: Microsoft Linker(8.0)[EXE32]
• Entropy: 2.55273

File Access:

Aehjhgos.exe
mscoree.dll

File Access (UNICODE):

Aehjhgos.exe

Interest's Words:

Decrypt
exec
attrib
ping

Strings/Hex Code Found With The File Rules:

• Rule Text (Ascii): Encryption (CreateDecryptor)
• Rule Text (Ascii): Encryption (CryptoStream)
• Rule Text (Ascii): Encryption (CryptoStreamMode)
• Rule Text (Ascii): Encryption (FromBase64String)
• Rule Text (Ascii): Encryption (ICryptoTransform)
• EP Rules: Microsoft Visual C / Basic .NET
• EP Rules: Microsoft Visual C++ 8
• EP Rules: Microsoft Visual C++ 8.0
• EP Rules: Microsoft Visual C v7.0 / Basic .NET
• EP Rules: Microsoft Visual Studio .NET
• EP Rules: .NET executable

Resources:

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\0	60CC	128	34CC	2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000D0D0D0008078	(....... ........................................x
\ICON\2\0	6218	368	3618	2800000010000000200000000100180000000000400300000000000000000000000000000000000000000016100D473A334B	(....... ...........@.........................G:3K
\ICON\3\0	65A4	468	39A4	280000001000000020000000010020000000000000000000000000000000000000000000000000000000000016100D5B473A	(....... ..... ................................[G:
\ICON\4\0	6A30	2E8	3E30	2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000C8D0E0006058	(... ...@.......................................X
\ICON\5\0	6D3C	CA8	413C	2800000020000000400000000100180000000000800C00000000000000000000000000000000000000000001010100000000	(... ...@.........................................
\ICON\6\0	7A08	10A8	4E08	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000010101040000	(... ...@..... ...................................
\ICON\7\0	8AD4	668	5ED4	2800000030000000600000000100040000000000000600000000000000000000000000000000000000000000D0D8E8006058	(...0..........................................X
\ICON\8\0	9160	1CA8	6560	2800000030000000600000000100180000000000801C00000000000000000000000000000000000000000000000000000000	(...0............................................
\ICON\9\0	AE2C	25A8	822C	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\10\0	D3F8	A68	A7F8	2800000040000000800000000100040000000000000A00000000000000000000000000000000000000000000D0C8C8002060	(...@...........................................
\ICON\11\0	DE84	3228	B284	2800000040000000800000000100180000000000003200000000000000000000000000000000000000000000000000000000	(...@................2............................
\ICON\12\0	110D0	4228	E4D0	2800000040000000800000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...@......... ...................................
\ICON\13\0	1531C	42028	1271C	2800000000010000000200000100200000000000000000000000000000000000000000000000000000000000000000000000	(............. ...................................
\GROUP_ICON\32512\0	57380	BC	54780	000001000D001010100001000400280100000100101000000100180068030000020010100000010020006804000003002020	..............(.............h........... .h.....
\VERSION\1\0	57478	420	54878	200434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000600	.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0	578D4	1EA	54CD4	EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65	...<?xml version="1.0" encoding="UTF-8" standalone

Intelligent String:

• 2.6.9.0
• Aehjhgos.exe
• http://2015.filemail.com/api/file/get?filekey=orVfqhz-uZjl5vVlbV25rNJHknN2FQITiv-ZbnhRmMb9iIgOUts5Bx1c7w&pk_vid=7138c067f80045c41741584988c1eb95

Extra 4n4lysis:

Metric	Value	Percentage
Ascii Code	57555	16,5069%
Null Byte Code	221418	63,5032%

PESCAN.IO - Analysis Report Valid Code