PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Valid Code

File Structure:
PE chart code: - The executable header is displayed in light blue. - The executable sections are pink. - Non-executable sections are black. - Code added to executables externally to a compiler appears in red. Chart code for other files: - Printable characters are blue. - Non-printable characters (Null Bytes) are black.

Information:

Size: 701,00 KB
SHA-256 Hash: 30D423BBAB46B1B8630AE8166760D5983722D12ACA75BBA62AC924A0C2BEA116
SHA-1 Hash: E785412ADA10E4B2BBB9B78ED5915E41323A5621
MD5 Hash: 3F3C2455A49423A5AA97F0AEC6611BCC
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
CheckSum: 00000000
EntryPoint (rva): B08D6
SizeOfHeaders: 200
SizeOfImage: B6000
ImageBase: 400000
Architecture: x86
ImportTable: B0884
Characteristics: 102
TimeDateStamp: 67FCABCE
Date: 14/04/2025 6:31:42
File Type: EXE
Number Of Sections: 3
ASLR: Enabled
Section Names: .text, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info:

Section Name	Flags	ROffset	RSize	VOffset	VSize
.text	60000020 (Executable)	200	AEA00	2000	AE904
.rsrc	40000040	AEC00	600	B2000	594
.reloc	42000040	AF200	200	B4000	C

Description:

InternalName: TtwH.exe
OriginalFilename: TtwH.exe
LegalCopyright: Copyright 2018
ProductName: Permits
FileVersion: 1.0.0.0

Entry Point:

The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - AEAD6
Code -> FF25002040000000000000001040000000000000204000000000000028400200000008000000050000000000000000000000
• JMP DWORD PTR [0X402000]
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADC BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AH
• INC EAX
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• SUB BYTE PTR [EAX + 2], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], CL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [0], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL

Signatures:

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler:

Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
• AnyCPU: False
• Version: v4.0
Detect It Easy (die)
• PE: library: .NET(v4.0.30319)[-]
• PE: compiler: VB.NET(-)[-]
• PE: linker: Microsoft Linker(48.0)[EXE32]
• Entropy: 7.63911

File Access:

TtwH.exe
mscoree.dll
Temp

File Access (UNICODE):

TtwH.exe

SQL Queries:

Select * FROM PermitsQ
Select * FROM CLIENTSError;INSERT INTO CLIENTS VALUES ('', '', , ');)Insert successfully!Q
Select * FROM CLIENT_VISITSEINSERT INTO CLIENT_VISITS VALUES (');e
Select * FROM CLIENT_VISITS WHERE client_visit_id=KUPDATE CLIENT_VISITS SET [client_id]=!, [visit_time]='1' WHERE client_visit_id=WDELETE CLIENT_VISITS WHERE client_visit_id=Client ID:=Visit Time (DD-MM-YYYY HH:MM):!FormClientVisitsClient Visits-
Select * FROM COURIERS=INSERT INTO COURIERS VALUES ('U
Select * FROM COURIERS WHERE [courier_id]=IUPDATE COURIERS SET [courier_name]='-', [courier_address]='!', [phone_num]='', [email]='+' WHERE [courier_id]=GDELETE COURIERS WHERE [courier_id]=Name:Address:FormCouriersCouriers5
Select * FROM DAILY_REPORTEINSERT INTO DAILY_REPORT VALUES (', ]
Select * FROM DAILY_REPORT WHERE [balance_id]=QUPDATE DAILY_REPORT SET [balance_date]='', [expense]=, [profit]=) WHERE [balance_id]=ODELETE DAILY_REPORT WHERE [balance_id]=Balance Date:Expense:Profit:FormDailyReportDaily Report1
Select * FROM DELIVERIES?INSERT INTO DELIVERIES VALUES ([
Select * FROM DELIVERIES WHERE [delivery_id]=GUPDATE DELIVERIES SET [courier_id]=', [delivery_date]='', [price]=+ WHERE [delivery_id]=MDELETE DELIVERIES WHERE [delivery_id]=Courier ID:Delivery Date:Price:FormDeliveriesDeliveries/
Select * FROM EMPLOYEES?INSERT INTO EMPLOYEES VALUES ('Y
Select * FROM EMPLOYEES WHERE [employee_id]=GUPDATE EMPLOYEES SET [first_name]='!', [last_name]='+', [first_work_day]='-', [work_schedule_id]=', [monthly_salary]=+ WHERE [employee_id]=KDELETE EMPLOYEES WHERE [employee_id]=9First Work Day (DD-MM-YYYY):Work Schedule ID:Monthly Salary:FormEmployeesEmployees/
Select * FROM EQUIPMENT?INSERT INTO EQUIPMENT VALUES ('[
Select * FROM EQUIPMENT WHERE [equipment_id]=]UPDATE EQUIPMENT SET [equipment_description]='', [amount]=!, [delivery_id]=, [repair_count]=+, [warranty_period]='5', [date_of_replacement]='-', [individual_price]=- WHERE [equipment_id]=MDELETE EQUIPMENT WHERE [equipment_id]=-Equipment Description:Amount:Delivery ID:Repair Count:)Date of Replacement:Individual Price:!Warranty Period:FormEquipmentEquipment+
Select * FROM PAYOUTS9INSERT INTO PAYOUTS VALUES (Q
Select * FROM PAYOUTS WHERE [payout_id]=CUPDATE PAYOUTS SET [employee_id]=, [payout_date]='' WHERE [payout_id]=CDELETE PAYOUTS WHERE [payout_id]=Employee ID:3Payout Date (DD-MM-YYYY):AmountFormPayoutsPayouts9
Select * FROM PRODUCT_GROUPSIINSERT INTO PRODUCT_GROUPS VALUES (']
Select * FROM PRODUCT_GROUPS WHERE [group_id]=QUPDATE PRODUCT_GROUPS SET [group_name]=''' WHERE [group_id]=ODELETE PRODUCT_GROUPS WHERE [group_id]=Group Name:FormProductGroupsProduct Groups-
Select * FROM PRODUCTS=INSERT INTO PRODUCTS VALUES ('U
Select * FROM PRODUCTS WHERE [product_id]=9UPDATE PRODUCTS SET [name]=', [barcode]='', [group_id]=) WHERE [product_id]=GDELETE PRODUCTS WHERE [product_id]=Barcode:Group ID:FormProductsProductsA
Select * FROM SUBSCRIPTION_TYPESQINSERT INTO SUBSCRIPTION_TYPES VALUES ('k
Select * FROM SUBSCRIPTION_TYPES WHERE [sub_type_id]=_UPDATE SUBSCRIPTION_TYPES SET [sub_type_name]='), [duration_months]=- WHERE[sub_type_id] = ]DELETE SUBSCRIPTION_TYPES WHERE [sub_type_id]=/Subscription Type Name:%Duration (Months):+FormSubscriptionTypes%Subscription Types9
Select * FROM WORK_SCHEDULESIINSERT INTO WORK_SCHEDULES VALUES ('m
Select e.first_name, e.last_name, p.payout_date, p.amount FROM Employees e JOIN Payouts p ON e.employee_id = p.employee_id ORDER BY e.last_name, p.payout_date;gA list of all employees and their salaries by month+QueryEmployeeSalaries'EXEC SalaryLowHigh;gThe lowest and highest salaries in the past 5 years=QueryFiveLowestHighestSalariesOQueryLowestHighestSalariesPastFiveYears
Select FORMAT(V.VISIT_TIME, 'yyyy-MM') AS Month, COUNT(V.CLIENT_VISIT_ID) AS Total_Visits FROM Client_Visits V JOIN Clients C ON V.CLIENT_ID = C.CLIENT_ID GROUP BY FORMAT(V.VISIT_TIME, 'yyyy-MM') ORDER BY Month;
Select CONVERT(DATE, V.VISIT_TIME) AS Visit_Date, COUNT(V.CLIENT_VISIT_ID) AS Daily_Visits FROM Client_Visits V JOIN Clients C ON V.CLIENT_ID = C.CLIENT_ID GROUP BY CONVERT(DATE, V.VISIT_TIME) ORDER BY Visit_Date;QA monthly and daily report of gym visitsradioButton1MonthlyradioButton2Daily9QueryMonthlyDailyVisitReport
Select YEAR(balance_date) AS Year, MONTH(balance_date) AS Month, SUM(profit) AS TotalIncome, SUM(expense) AS TotalExpense FROM Daily_Report GROUP BY YEAR(balance_date), MONTH(balance_date) ORDER BY Year, Month;QA monthly report of profits and expenses%QueryMonthlyReport9
Select * FROM DATABASE_USERSmINSERT INTO DATABASE_USERS VALUES(@username,@password)[
Insert into CLIENT_VISITS VALUES (');eSELECT * FROM CLIENT_VISITS WHERE client_visit_id=KUPDATE CLIENT_VISITS SET [client_id]=!, [visit_time]='1' WHERE client_visit_id=WDELETE CLIENT_VISITS WHERE client_visit_id=Client ID:=Visit Time (DD-MM-YYYY HH:MM):!FormClientVisitsClient Visits-SELECT * FROM COURIERS=
Insert into COURIERS VALUES ('USELECT * FROM COURIERS WHERE [courier_id]=IUPDATE COURIERS SET [courier_name]='-', [courier_address]='!', [phone_num]='', [email]='+' WHERE [courier_id]=GDELETE COURIERS WHERE [courier_id]=Name:Address:FormCouriersCouriers5SELECT * FROM DAILY_REPORTE
Insert into DAILY_REPORT VALUES (', ]SELECT * FROM DAILY_REPORT WHERE [balance_id]=QUPDATE DAILY_REPORT SET [balance_date]='', [expense]=, [profit]=) WHERE [balance_id]=ODELETE DAILY_REPORT WHERE [balance_id]=Balance Date:Expense:Profit:FormDailyReportDaily Report1SELECT * FROM DELIVERIES?
Insert into DELIVERIES VALUES ([SELECT * FROM DELIVERIES WHERE [delivery_id]=GUPDATE DELIVERIES SET [courier_id]=', [delivery_date]='', [price]=+ WHERE [delivery_id]=MDELETE DELIVERIES WHERE [delivery_id]=Courier ID:Delivery Date:Price:FormDeliveriesDeliveries/SELECT * FROM EMPLOYEES?
Insert into EMPLOYEES VALUES ('YSELECT * FROM EMPLOYEES WHERE [employee_id]=GUPDATE EMPLOYEES SET [first_name]='!', [last_name]='+', [first_work_day]='-', [work_schedule_id]=', [monthly_salary]=+ WHERE [employee_id]=KDELETE EMPLOYEES WHERE [employee_id]=9First Work Day (DD-MM-YYYY):Work Schedule ID:Monthly Salary:FormEmployeesEmployees/SELECT * FROM EQUIPMENT?
Insert into EQUIPMENT VALUES ('[SELECT * FROM EQUIPMENT WHERE [equipment_id]=]UPDATE EQUIPMENT SET [equipment_description]='', [amount]=!, [delivery_id]=, [repair_count]=+, [warranty_period]='5', [date_of_replacement]='-', [individual_price]=- WHERE [equipment_id]=MDELETE EQUIPMENT WHERE [equipment_id]=-Equipment Description:Amount:Delivery ID:Repair Count:)Date of Replacement:Individual Price:!Warranty Period:FormEquipmentEquipment+SELECT * FROM PAYOUTS9
Insert into PAYOUTS VALUES (QSELECT * FROM PAYOUTS WHERE [payout_id]=CUPDATE PAYOUTS SET [employee_id]=, [payout_date]='' WHERE [payout_id]=CDELETE PAYOUTS WHERE [payout_id]=Employee ID:3Payout Date (DD-MM-YYYY):AmountFormPayoutsPayouts9SELECT * FROM PRODUCT_GROUPSI
Insert into PRODUCT_GROUPS VALUES (']SELECT * FROM PRODUCT_GROUPS WHERE [group_id]=QUPDATE PRODUCT_GROUPS SET [group_name]=''' WHERE [group_id]=ODELETE PRODUCT_GROUPS WHERE [group_id]=Group Name:FormProductGroupsProduct Groups-SELECT * FROM PRODUCTS=
Insert into PRODUCTS VALUES ('USELECT * FROM PRODUCTS WHERE [product_id]=9UPDATE PRODUCTS SET [name]=', [barcode]='', [group_id]=) WHERE [product_id]=GDELETE PRODUCTS WHERE [product_id]=Barcode:Group ID:FormProductsProductsASELECT * FROM SUBSCRIPTION_TYPESQ
Insert into SUBSCRIPTION_TYPES VALUES ('kSELECT * FROM SUBSCRIPTION_TYPES WHERE [sub_type_id]=_UPDATE SUBSCRIPTION_TYPES SET [sub_type_name]='), [duration_months]=- WHERE[sub_type_id] = ]DELETE SUBSCRIPTION_TYPES WHERE [sub_type_id]=/Subscription Type Name:%Duration (Months):+FormSubscriptionTypes%Subscription Types9SELECT * FROM WORK_SCHEDULESI

Interest's Words:

JFIF
PassWord
exec
attrib
start

Interest's Words (UNICODE):

PassWord
exec
start
replace

IP Addresses:

16.0.0.0
16.10.0.0

Strings/Hex Code Found With The File Rules:

• Rule Text (Ascii): WinAPI Sockets (send)
• EP Rules: Microsoft Visual C++ 8
• EP Rules: Microsoft Visual C++ 8.0

Resources:

Path	DataRVA	Size	FileOffset	Code	Text
\VERSION\1\0	B2090	304	AEC90	040334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0	B23A4	1EA	AEFA4	EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65	...<?xml version="1.0" encoding="UTF-8" standalone

Intelligent String:

• 1.0.0.0
• TtwH.exe
• Login Denied
• Login
• \LAB\Project\Files\bar - Copy.png
• Login user
• _CorExeMainmscoree.dll

Extra 4n4lysis:

Metric	Value	Percentage
Ascii Code	456464	63,59%
Null Byte Code	58670	8,1733%

PESCAN.IO - Analysis Report Valid Code