PREMIUM PESCAN.IO - Analysis Report |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 1,11 MB SHA-256 Hash: 68DCB7B0DDB39C45CC340BB52B69961A3865AA533CA8A49C22A7F0E3AD66A51E SHA-1 Hash: EEEBA78EBA7C24ABC1E69C5951DB09D7BA4B4259 MD5 Hash: 343C755FD6FE653B80D16C0AF280F147 Imphash: F877F0FA738B96BD512C2DECA2A6F75B MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 0012CB37 EntryPoint (rva): 1FCCC SizeOfHeaders: 1000 SizeOfImage: 11E000 ImageBase: 11000000 Architecture: x86 ExportTable: F13E0 ImportTable: F0D04 IAT: 1000 Characteristics: 210E TimeDateStamp: 6A12E6A8 Date: 24/05/2026 11:53:12 File Type: DLL Number Of Sections: 4 ASLR: Disabled Section Names: .text, .data, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
1000 | F1000 | 1000 | F04AB |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
F2000 | 1000 | F2000 | 126C |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
F3000 | 1000 | F4000 | A8C |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
F4000 | 29000 | F5000 | 282F6 |
|
|
| Description |
| OriginalFilename: Proyecto1.ocx ProductName: PerfectProject FileVersion: 1.00 ProductVersion: 1.00 Language: Spanish (Spain, Modern Sort) (ID=0xC0A) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 1FCCC Code -> 5A6864320F116868320F1152E9E7FFFFFF000000580000003000000050000000400000003D5978BD0BDE6B46AA78BD04054C Assembler |POP EDX |PUSH 0X110F3264 |PUSH 0X110F3268 |PUSH EDX |JMP 0XFF8 |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], BL |ADD BYTE PTR [EAX], AL |XOR BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |PUSH EAX |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |CMP EAX, 0XBBD7859 |FISUBR WORD PTR [EBX + 0X46] |STOSB BYTE PTR ES:[EDI], AL |JS 0XFEC |ADD AL, 5 |DEC ESP |
| Signatures |
| Rich Signature Analyzer: Code -> F19AA742B5FBC911B5FBC911B5FBC91136E7C711B4FBC911FAD9C011A7FBC91183DDC411B4FBC9114ADBCD11B4FBC91152696368B5FBC911 Footprint md5 Hash -> BD145E184A26286EF362E8CDCEA098E2 • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Visual Basic 6 - (Native Code) Detect It Easy (die) • PE: compiler: Microsoft Visual Basic(6.0)[Native] • PE: linker: Microsoft Linker(6.0)[-] • Entropy: 6.13878 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| MSVBVM60.DLL | DllFunctionCall | It enables calling routines from external DLLs in VB code, integrating external code into Visual Basic projects. |
| KERNEL32.DLL | RtlMoveMemory | Moves a block of memory to another location. |
| KERNEL32.DLL | WriteProcessMemory | Writes data to an area of memory in a specified process. |
| KERNEL32.DLL | ReadProcessMemory | Reads data from an area of memory in a specified process. |
| ADVAPI32.DLL | RegSetValueExA | Sets the data and type of a specified value under a registry key. |
| NtosKrnl.exe | ZwUnmapViewOfSection | Unmaps a mapped view of a section from a process's address space. |
| Windows REG (UNICODE) |
| Software\Microsoft\Windows\CurrentVersion\Run Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| File Access |
| VBDLLDemo.EXE MSVBVM60.DLL ntdll.dll advapi32.dll \Windows\SysWOW64\msvbvm60.dll VBA6.DLL VB5!6&VB6ES.DLL .dat |
| File Access (UNICODE) |
| \Windows\SysWOW64\rundll32.exe \SoftHelp\WINDBVER.EXE \OptimizedDrive\File.dat AppData |
| Interest's Words (UNICODE) |
| rundll32 rundll |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | Stealth (GetThreadContext) |
| Text | Ascii | Stealth (SetThreadContext) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Stealth (ReadProcessMemory) |
| Text | Ascii | Execution (CreateProcessA) |
| Text | Ascii | Execution (ResumeThread) |
| Entry Point | Hex Pattern | Microsoft Visual Basic v6.0 DLL |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \TYPELIB\1\0 | F4340 | 74C | F3340 | 4D53465402000100180000000904000000000000410000001200000002000000020000000000000000000000000000000500 | MSFT................A............................. |
| \_IID_CLASS2\1\0 | F432C | 14 | F332C | 10000000C464C120EF3CE345BAD740E264E7DC72 | .....d. .<.E..@.d..r |
| \VERSION\1\3082 | F4110 | 21C | F3110 | 1C0234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| Intelligent String |
| • MSVBVM60.DLL • C:\Users\Administrator\AppData\L • VB5!6&VB6ES.DLL • VBA6.DLL • c:\windows\syswow64\msvbvm60.dll • advapi32.dll • ntdll.dll • \OptimizedDrive\File.dat • \SoftHelp\WINDBVER.EXE • C:\Windows\SysWOW64\rundll32.exe /sta {0D348B06-08D7-46C0-9FC1-F750CF0B8558} OneWay • C:\Windows\SysWOW64\msdatsrc.tlb • Proyecto1.ocx |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 1FA90 | 11001074 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FA96 | 110010B8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FA9C | 110010C8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAA2 | 11001054 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAA8 | 11001040 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAAE | 110010F4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAB4 | 11001024 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FABA | 11001118 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAC0 | 1100105C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAC6 | 11001110 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FACC | 110010F8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAD2 | 110010C4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAD8 | 11001094 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FADE | 110010C0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAE4 | 1100102C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAEA | 11001004 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAF0 | 11001150 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAF6 | 11001000 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FAFC | 1100116C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB02 | 110010E0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB08 | 11001068 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB0E | 110010AC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB14 | 1100115C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB1A | 11001158 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB20 | 110010E4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB26 | 11001174 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB2C | 11001014 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB32 | 11001108 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB38 | 11001070 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB3E | 11001028 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB44 | 110010DC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB4A | 11001034 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB50 | 11001154 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB56 | 1100101C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB5C | 11001100 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB62 | 11001178 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB68 | 11001148 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB6E | 11001090 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB74 | 1100107C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB7A | 11001088 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB80 | 110010F0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB86 | 11001078 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB8C | 11001140 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB92 | 11001044 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB98 | 110010D0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FB9E | 110010E8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBA4 | 1100100C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBAA | 110010B0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBB0 | 11001104 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBB6 | 11001018 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBBC | 11001020 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBC2 | 11001138 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBC8 | 11001164 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBCE | 11001168 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBD4 | 110010D8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBDA | 11001144 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBE0 | 11001084 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBE6 | 1100104C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBEC | 110010CC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBF2 | 110010EC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBF8 | 11001010 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FBFE | 1100108C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC04 | 11001114 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC0A | 11001048 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC10 | 11001064 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC16 | 11001124 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC1C | 1100106C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC22 | 11001098 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC28 | 110010A8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC2E | 11001008 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC34 | 1100103C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC3A | 1100114C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC40 | 110010BC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC46 | 11001030 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC4C | 1100113C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC52 | 1100109C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC58 | 11001160 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC5E | 11001134 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC64 | 1100110C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC6A | 110010A4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC70 | 110010FC | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC76 | 11001050 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC7C | 11001060 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC82 | 11001038 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC88 | 110010D4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC8E | 11001058 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC94 | 11001170 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FC9A | 110010B4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FCA0 | 11001080 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FCA6 | 110010A0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FCAC | 1100111C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FCB2 | 1100112C | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FCB8 | 11001128 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FCBE | 11001120 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1FCC4 | 11001130 | .text | JMP [static] | Indirect jump to absolute memory address |
| 4720C | 11001130 | .text | CALL [static] | Indirect call to absolute memory address |
| 4D66D | 45C7FFFD | .text | JMP [static] | Indirect jump to absolute memory address |
| 6220C | 45C7FFFD | .text | JMP [static] | Indirect jump to absolute memory address |
| B5621 | 45C7FFFD | .text | CALL [static] | Indirect call to absolute memory address |
| CE66D | 45C7FFF5 | .text | CALL [static] | Indirect call to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 750510 | 64,2912% |
| Null Byte Code | 123658 | 10,593% |
© 2026 All rights reserved.