PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report

File Structure:
PE chart code: - The executable header is displayed in light blue. - The executable sections are pink. - Non-executable sections are black. - Code added to executables externally to a compiler appears in red. Chart code for other files: - Printable characters are blue. - Non-printable characters (Null Bytes) are black.

Information:

Icon:

Size: 16,00 KB
SHA-256 Hash: DF7413D31B495235ACD2C212C7EEB3E33E373433C1DCE0A9D9E933118E8D56B8
SHA-1 Hash: B058521E1AA49632B1927797BBEE80374F5B8365
MD5 Hash: 9DED2F3B2BF46D8AD13BCF295E53187C
Imphash: 5C4D602843F54570889588B32F7AF650
MajorOSVersion: 4
CheckSum: 00012E60
EntryPoint (rva): 1128
SizeOfHeaders: 1000
SizeOfImage: 4000
ImageBase: 400000
Architecture: x86
ImportTable: 1894
Characteristics: 10F
TimeDateStamp: 5F2A022A
Date: 05/08/2020 0:49:46
File Type: EXE
Number Of Sections: 3
ASLR: Disabled
Section Names: .text, .data, .rsrc
Number Of Executable Sections: 1
Subsystem: Windows GUI

Sections Info:

Section Name	Flags	ROffset	RSize	VOffset	VSize
.text	60000020 (Executable)	1000	1000	1000	AE0
.data	C0000040 (Writeable)	2000	1000	2000	9DC
.rsrc	40000040	3000	1000	3000	8A4

Description:

OriginalFilename: Project1.exe
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point:

The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 1128
Code -> 6878124000E8F0FFFFFF00000000000030000000400000000000000050425CAC8A94844A832F729400770AEA000000000000
• PUSH 0X401278
• CALL 0XFFA
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• XOR BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• INC EAX
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX + 0X42], DL
• POP ESP
• LODSB AL, BYTE PTR [ESI]
• MOV DL, BYTE PTR [ESP + EAX*4 + 0X722F834A]
• XCHG EAX, ESP
• ADD BYTE PTR [EDI + 0XA], DH
• LJMP 0:0

Signatures:

Rich Signature Analyzer:
Code -> 2199F9DB65F8978865F8978865F89788E6E4998864F897880CE79E8864F8978853DE9A8864F897885269636865F89788
Footprint md5 Hash -> EA87097EAE3994C680391974B26819EE
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler:

Compiler: Visual Basic 6 - (Native Code)
Detect It Easy (die)
• PE: compiler: Microsoft Visual Basic(6.0)[Native]
• PE: linker: Microsoft Linker(6.0*)[EXE32]
• Entropy: 1.60532

File Access:

MSVBVM60.DLL

File Access (UNICODE):

Project1.exe

Strings/Hex Code Found With The File Rules:

• EP Rules: Microsoft Visual Basic 5.0
• EP Rules: Microsoft Visual Basic v5.0
• EP Rules: Microsoft Visual Basic v5.0 - v6.0
• EP Rules: Microsoft Visual Basic v5.0

Resources:

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\30001\0	3774	130	3774	2800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFFFF00FFFF	(... ...@.........................................
\ICON\30002\0	348C	2E8	348C	2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000000080000080	(... ...@.........................................
\ICON\30003\0	3364	128	3364	2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000000080000080	(....... .........................................
\GROUP_ICON\1\0	3334	30	3334	00000100030020200200010001003001000031752020100001000400E802000032751010100001000400280100003375	...... ......0...1u ..........2u........(...3u
\VERSION\1\1033	3150	1E4	3150	E40134000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............

Intelligent String:

• MSVBVM60.DLL
• C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLBVB
• Project1.exe

Extra 4n4lysis:

Metric	Value	Percentage
Ascii Code	1734	10,5835%
Null Byte Code	13833	84,4299%