PESCAN.IO - Analysis Report Valid Code |
|||||
File Structure: | |||||
![]() |
Information: |
Size: 701,00 KB SHA-256 Hash: 30D423BBAB46B1B8630AE8166760D5983722D12ACA75BBA62AC924A0C2BEA116 SHA-1 Hash: E785412ADA10E4B2BBB9B78ED5915E41323A5621 MD5 Hash: 3F3C2455A49423A5AA97F0AEC6611BCC Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744 MajorOSVersion: 4 CheckSum: 00000000 EntryPoint (rva): B08D6 SizeOfHeaders: 200 SizeOfImage: B6000 ImageBase: 400000 Architecture: x86 ImportTable: B0884 Characteristics: 102 TimeDateStamp: 67FCABCE Date: 14/04/2025 6:31:42 File Type: EXE Number Of Sections: 3 ASLR: Enabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
Sections Info: |
Section Name | Flags | ROffset | RSize | VOffset | VSize |
---|---|---|---|---|---|
.text | 60000020 (Executable) | 200 | AEA00 | 2000 | AE904 |
.rsrc | 40000040 | AEC00 | 600 | B2000 | 594 |
.reloc | 42000040 | AF200 | 200 | B4000 | C |
Description: |
InternalName: TtwH.exe OriginalFilename: TtwH.exe LegalCopyright: Copyright 2018 ProductName: Permits FileVersion: 1.0.0.0 |
Entry Point: |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - AEAD6 Code -> FF25002040000000000000001040000000000000204000000000000028400200000008000000050000000000000000000000 • JMP DWORD PTR [0X402000] • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADC BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AH • INC EAX • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • SUB BYTE PTR [EAX + 2], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], CL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [0], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL |
Signatures: |
Certificate - Digital Signature Not Found: • The file is not signed |
Packer/Compiler: |
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: False • Version: v4.0 Detect It Easy (die) • PE: library: .NET(v4.0.30319)[-] • PE: compiler: VB.NET(-)[-] • PE: linker: Microsoft Linker(48.0)[EXE32] • Entropy: 7.63911 |
File Access: |
TtwH.exe mscoree.dll Temp |
File Access (UNICODE): |
TtwH.exe |
SQL Queries: |
Select * FROM PermitsQ Select * FROM CLIENTSError;INSERT INTO CLIENTS VALUES ('', '', , ');)Insert successfully!Q Select * FROM CLIENT_VISITSEINSERT INTO CLIENT_VISITS VALUES (');e Select * FROM CLIENT_VISITS WHERE client_visit_id=KUPDATE CLIENT_VISITS SET [client_id]=!, [visit_time]='1' WHERE client_visit_id=WDELETE CLIENT_VISITS WHERE client_visit_id=Client ID:=Visit Time (DD-MM-YYYY HH:MM):!FormClientVisitsClient Visits- Select * FROM COURIERS=INSERT INTO COURIERS VALUES ('U Select * FROM COURIERS WHERE [courier_id]=IUPDATE COURIERS SET [courier_name]='-', [courier_address]='!', [phone_num]='', [email]='+' WHERE [courier_id]=GDELETE COURIERS WHERE [courier_id]=Name:Address:FormCouriersCouriers5 Select * FROM DAILY_REPORTEINSERT INTO DAILY_REPORT VALUES (', ] Select * FROM DAILY_REPORT WHERE [balance_id]=QUPDATE DAILY_REPORT SET [balance_date]='', [expense]=, [profit]=) WHERE [balance_id]=ODELETE DAILY_REPORT WHERE [balance_id]=Balance Date:Expense:Profit:FormDailyReportDaily Report1 Select * FROM DELIVERIES?INSERT INTO DELIVERIES VALUES ([ Select * FROM DELIVERIES WHERE [delivery_id]=GUPDATE DELIVERIES SET [courier_id]=', [delivery_date]='', [price]=+ WHERE [delivery_id]=MDELETE DELIVERIES WHERE [delivery_id]=Courier ID:Delivery Date:Price:FormDeliveriesDeliveries/ Select * FROM EMPLOYEES?INSERT INTO EMPLOYEES VALUES ('Y Select * FROM EMPLOYEES WHERE [employee_id]=GUPDATE EMPLOYEES SET [first_name]='!', [last_name]='+', [first_work_day]='-', [work_schedule_id]=', [monthly_salary]=+ WHERE [employee_id]=KDELETE EMPLOYEES WHERE [employee_id]=9First Work Day (DD-MM-YYYY):Work Schedule ID:Monthly Salary:FormEmployeesEmployees/ Select * FROM EQUIPMENT?INSERT INTO EQUIPMENT VALUES ('[ Select * FROM EQUIPMENT WHERE [equipment_id]=]UPDATE EQUIPMENT SET [equipment_description]='', [amount]=!, [delivery_id]=, [repair_count]=+, [warranty_period]='5', [date_of_replacement]='-', [individual_price]=- WHERE [equipment_id]=MDELETE EQUIPMENT WHERE [equipment_id]=-Equipment Description:Amount:Delivery ID:Repair Count:)Date of Replacement:Individual Price:!Warranty Period:FormEquipmentEquipment+ Select * FROM PAYOUTS9INSERT INTO PAYOUTS VALUES (Q Select * FROM PAYOUTS WHERE [payout_id]=CUPDATE PAYOUTS SET [employee_id]=, [payout_date]='' WHERE [payout_id]=CDELETE PAYOUTS WHERE [payout_id]=Employee ID:3Payout Date (DD-MM-YYYY):AmountFormPayoutsPayouts9 Select * FROM PRODUCT_GROUPSIINSERT INTO PRODUCT_GROUPS VALUES ('] Select * FROM PRODUCT_GROUPS WHERE [group_id]=QUPDATE PRODUCT_GROUPS SET [group_name]=''' WHERE [group_id]=ODELETE PRODUCT_GROUPS WHERE [group_id]=Group Name:FormProductGroupsProduct Groups- Select * FROM PRODUCTS=INSERT INTO PRODUCTS VALUES ('U Select * FROM PRODUCTS WHERE [product_id]=9UPDATE PRODUCTS SET [name]=', [barcode]='', [group_id]=) WHERE [product_id]=GDELETE PRODUCTS WHERE [product_id]=Barcode:Group ID:FormProductsProductsA Select * FROM SUBSCRIPTION_TYPESQINSERT INTO SUBSCRIPTION_TYPES VALUES ('k Select * FROM SUBSCRIPTION_TYPES WHERE [sub_type_id]=_UPDATE SUBSCRIPTION_TYPES SET [sub_type_name]='), [duration_months]=- WHERE[sub_type_id] = ]DELETE SUBSCRIPTION_TYPES WHERE [sub_type_id]=/Subscription Type Name:%Duration (Months):+FormSubscriptionTypes%Subscription Types9 Select * FROM WORK_SCHEDULESIINSERT INTO WORK_SCHEDULES VALUES ('m Select e.first_name, e.last_name, p.payout_date, p.amount FROM Employees e JOIN Payouts p ON e.employee_id = p.employee_id ORDER BY e.last_name, p.payout_date;gA list of all employees and their salaries by month+QueryEmployeeSalaries'EXEC SalaryLowHigh;gThe lowest and highest salaries in the past 5 years=QueryFiveLowestHighestSalariesOQueryLowestHighestSalariesPastFiveYears Select FORMAT(V.VISIT_TIME, 'yyyy-MM') AS Month, COUNT(V.CLIENT_VISIT_ID) AS Total_Visits FROM Client_Visits V JOIN Clients C ON V.CLIENT_ID = C.CLIENT_ID GROUP BY FORMAT(V.VISIT_TIME, 'yyyy-MM') ORDER BY Month; Select CONVERT(DATE, V.VISIT_TIME) AS Visit_Date, COUNT(V.CLIENT_VISIT_ID) AS Daily_Visits FROM Client_Visits V JOIN Clients C ON V.CLIENT_ID = C.CLIENT_ID GROUP BY CONVERT(DATE, V.VISIT_TIME) ORDER BY Visit_Date;QA monthly and daily report of gym visitsradioButton1MonthlyradioButton2Daily9QueryMonthlyDailyVisitReport Select YEAR(balance_date) AS Year, MONTH(balance_date) AS Month, SUM(profit) AS TotalIncome, SUM(expense) AS TotalExpense FROM Daily_Report GROUP BY YEAR(balance_date), MONTH(balance_date) ORDER BY Year, Month;QA monthly report of profits and expenses%QueryMonthlyReport9 Select * FROM DATABASE_USERSmINSERT INTO DATABASE_USERS VALUES(@username,@password)[ Insert into CLIENT_VISITS VALUES (');eSELECT * FROM CLIENT_VISITS WHERE client_visit_id=KUPDATE CLIENT_VISITS SET [client_id]=!, [visit_time]='1' WHERE client_visit_id=WDELETE CLIENT_VISITS WHERE client_visit_id=Client ID:=Visit Time (DD-MM-YYYY HH:MM):!FormClientVisitsClient Visits-SELECT * FROM COURIERS= Insert into COURIERS VALUES ('USELECT * FROM COURIERS WHERE [courier_id]=IUPDATE COURIERS SET [courier_name]='-', [courier_address]='!', [phone_num]='', [email]='+' WHERE [courier_id]=GDELETE COURIERS WHERE [courier_id]=Name:Address:FormCouriersCouriers5SELECT * FROM DAILY_REPORTE Insert into DAILY_REPORT VALUES (', ]SELECT * FROM DAILY_REPORT WHERE [balance_id]=QUPDATE DAILY_REPORT SET [balance_date]='', [expense]=, [profit]=) WHERE [balance_id]=ODELETE DAILY_REPORT WHERE [balance_id]=Balance Date:Expense:Profit:FormDailyReportDaily Report1SELECT * FROM DELIVERIES? Insert into DELIVERIES VALUES ([SELECT * FROM DELIVERIES WHERE [delivery_id]=GUPDATE DELIVERIES SET [courier_id]=', [delivery_date]='', [price]=+ WHERE [delivery_id]=MDELETE DELIVERIES WHERE [delivery_id]=Courier ID:Delivery Date:Price:FormDeliveriesDeliveries/SELECT * FROM EMPLOYEES? Insert into EMPLOYEES VALUES ('YSELECT * FROM EMPLOYEES WHERE [employee_id]=GUPDATE EMPLOYEES SET [first_name]='!', [last_name]='+', [first_work_day]='-', [work_schedule_id]=', [monthly_salary]=+ WHERE [employee_id]=KDELETE EMPLOYEES WHERE [employee_id]=9First Work Day (DD-MM-YYYY):Work Schedule ID:Monthly Salary:FormEmployeesEmployees/SELECT * FROM EQUIPMENT? Insert into EQUIPMENT VALUES ('[SELECT * FROM EQUIPMENT WHERE [equipment_id]=]UPDATE EQUIPMENT SET [equipment_description]='', [amount]=!, [delivery_id]=, [repair_count]=+, [warranty_period]='5', [date_of_replacement]='-', [individual_price]=- WHERE [equipment_id]=MDELETE EQUIPMENT WHERE [equipment_id]=-Equipment Description:Amount:Delivery ID:Repair Count:)Date of Replacement:Individual Price:!Warranty Period:FormEquipmentEquipment+SELECT * FROM PAYOUTS9 Insert into PAYOUTS VALUES (QSELECT * FROM PAYOUTS WHERE [payout_id]=CUPDATE PAYOUTS SET [employee_id]=, [payout_date]='' WHERE [payout_id]=CDELETE PAYOUTS WHERE [payout_id]=Employee ID:3Payout Date (DD-MM-YYYY):AmountFormPayoutsPayouts9SELECT * FROM PRODUCT_GROUPSI Insert into PRODUCT_GROUPS VALUES (']SELECT * FROM PRODUCT_GROUPS WHERE [group_id]=QUPDATE PRODUCT_GROUPS SET [group_name]=''' WHERE [group_id]=ODELETE PRODUCT_GROUPS WHERE [group_id]=Group Name:FormProductGroupsProduct Groups-SELECT * FROM PRODUCTS= Insert into PRODUCTS VALUES ('USELECT * FROM PRODUCTS WHERE [product_id]=9UPDATE PRODUCTS SET [name]=', [barcode]='', [group_id]=) WHERE [product_id]=GDELETE PRODUCTS WHERE [product_id]=Barcode:Group ID:FormProductsProductsASELECT * FROM SUBSCRIPTION_TYPESQ Insert into SUBSCRIPTION_TYPES VALUES ('kSELECT * FROM SUBSCRIPTION_TYPES WHERE [sub_type_id]=_UPDATE SUBSCRIPTION_TYPES SET [sub_type_name]='), [duration_months]=- WHERE[sub_type_id] = ]DELETE SUBSCRIPTION_TYPES WHERE [sub_type_id]=/Subscription Type Name:%Duration (Months):+FormSubscriptionTypes%Subscription Types9SELECT * FROM WORK_SCHEDULESI |
Interest's Words: |
JFIF PassWord exec attrib start |
Interest's Words (UNICODE): |
PassWord exec start replace |
IP Addresses: |
16.0.0.0 16.10.0.0 |
Strings/Hex Code Found With The File Rules: |
• Rule Text (Ascii): WinAPI Sockets (send) • EP Rules: Microsoft Visual C++ 8 • EP Rules: Microsoft Visual C++ 8.0 |
Resources: |
Path | DataRVA | Size | FileOffset | Code | Text |
---|---|---|---|---|---|
\VERSION\1\0 | B2090 | 304 | AEC90 | 040334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
\24\1\0 | B23A4 | 1EA | AEFA4 | EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65 | ...<?xml version="1.0" encoding="UTF-8" standalone |
Intelligent String: |
• 1.0.0.0 • TtwH.exe • Login Denied • Login • \LAB\Project\Files\bar - Copy.png • Login user • _CorExeMainmscoree.dll |
Extra 4n4lysis: |
Metric | Value | Percentage |
---|---|---|
Ascii Code | 456464 | 63,59% |
Null Byte Code | 58670 | 8,1733% |
© 2025 All rights reserved.