PESCAN.IO - Analysis Report Valid Code |
|||||
File Structure: | |||||
![]() |
Information: |
Icon: Size: 1,68 MBSHA-256 Hash: A2706B773B93AEF6FED4F0937F9B2D790C17575779DF7DC5221322FB8979E2FB SHA-1 Hash: 98E33DFAA9F6CB93168E665076491131717261D8 MD5 Hash: A16940D8C3A85D6583AA5428B3210852 Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744 MajorOSVersion: 4 CheckSum: 00000000 EntryPoint (rva): 16D22E SizeOfHeaders: 200 SizeOfImage: 1B4000 ImageBase: 400000 Architecture: x86 ImportTable: 16D1E0 Characteristics: 10E TimeDateStamp: 67C05859 Date: 27/02/2025 12:19:37 File Type: EXE Number Of Sections: 3 ASLR: Disabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
Sections Info: |
Section Name | Flags | ROffset | RSize | VOffset | VSize |
---|---|---|---|---|---|
.text | 60000020 (Executable) | 200 | 16B400 | 2000 | 16B234 |
.rsrc | C0000040 (Writeable) | 16B600 | 43000 | 16E000 | 42E78 |
.reloc | 42000040 | 1AE600 | 200 | 1B2000 | C |
Description: |
InternalName: palm pc.exe OriginalFilename: palm pc.exe LegalCopyright: Copyright 2025 ProductName: palm pc FileVersion: 1.0.0.0 |
Entry Point: |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 16B42E Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 • JMP DWORD PTR [0X402000] • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL |
Signatures: |
Certificate - Digital Signature Not Found: • The file is not signed |
Packer/Compiler: |
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: False • Version: v2.0 --------> Agile .NET Obfuscator Compiler: Microsoft Visual Studio Detect It Easy (die) • PE: Protector: Eziriz .NET Reactor(6.x.x.x)[By Dr.FarFar] • PE: library: .NET(v2.0.50727)[-] • PE: compiler: VB.NET(-)[-] • PE: linker: Microsoft Linker(6.0)[EXE32] • Entropy: 7.81077 |
Suspicious Functions: |
Library | Function | Description |
---|---|---|
KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
File Access: |
palm pc.exe mscoree.dll OUWnblDhZm8JYpFuEf.vbs Temp |
File Access (UNICODE): |
32.dll palm pc.exe KOUWnblDhZm8JYpFuEf.vbs |
Interest's Words: |
Encrypt Decrypt exec attrib start cipher replace |
IP Addresses: |
10.0.0.0 10.0.0.0 |
Strings/Hex Code Found With The File Rules: |
• Rule Text (Unicode): Encryption (AesCryptoServiceProvider) • Rule Text (Ascii): Encryption (CipherMode) • Rule Text (Ascii): Encryption (CreateDecryptor) • Rule Text (Ascii): Encryption (CryptoStream) • Rule Text (Ascii): Encryption (CryptoStreamMode) • Rule Text (Ascii): Encryption (FromBase64String) • Rule Text (Ascii): Encryption (ICryptoTransform) • Rule Text (Ascii): Encryption (MD5CryptoServiceProvider) • Rule Text (Ascii): Encryption (Rijndael) • Rule Text (Ascii): Encryption (RijndaelManaged) • Rule Text (Ascii): Encryption (ToBase64String) • Rule Text (Ascii): Keyboard Key (Scroll) • Rule Text (Ascii): Technique used to make malicious code harder to analyze (Obfuscation) • Rule Text (Ascii): Malware that monitors and collects user data (Spy) • EP Rules: Microsoft Visual C / Basic .NET • EP Rules: Microsoft Visual C++ 8 • EP Rules: Microsoft Visual C++ 8.0 • EP Rules: Microsoft Visual C v7.0 / Basic .NET • EP Rules: Microsoft Visual Studio .NET • EP Rules: .NET executable • EP Rules: TrueVision Targa Graphics format |
Resources: |
Path | DataRVA | Size | FileOffset | Code | Text |
---|---|---|---|---|---|
\ICON\2\0 | 16E2B0 | 1AEF6 | 16B8B0 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000000097048597300000EC300000EC301 | .PNG........IHDR.............\r.f....pHYs......... |
\ICON\3\0 | 1891A8 | 10828 | 1867A8 | 2800000080000000000100000100200000000000000001000000000000000000000000000000000000000000000000000000 | (............. ................................... |
\ICON\4\0 | 1999D0 | 94A8 | 196FD0 | 2800000060000000C00000000100200000000000009000000000000000000000000000000000000000000000000000000000 | (............ ................................... |
\ICON\5\0 | 1A2E78 | 5488 | 1A0478 | 2800000048000000900000000100200000000000605400000000000000000000000000000000000000000000000000000000 | (...H......... .....T............................ |
\ICON\6\0 | 1A8300 | 4228 | 1A5900 | 2800000040000000800000000100200000000000004000000000000000000000000000000000000000000000000000000000 | (...@......... ......@............................ |
\ICON\7\0 | 1AC528 | 25A8 | 1A9B28 | 2800000030000000600000000100200000000000002400000000000000000000000000000000000000000000000000000000 | (...0........ ......$............................ |
\ICON\8\0 | 1AEAD0 | 10A8 | 1AC0D0 | 2800000020000000400000000100200000000000001000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
\ICON\9\0 | 1AFB78 | 988 | 1AD178 | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
\ICON\10\0 | 1B0500 | 468 | 1ADB00 | 2800000010000000200000000100200000000000000400000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
\GROUP_ICON\32512\0 | 1B0968 | 84 | 1ADF68 | 0000010009000000000001002000F6AE0100020080800000010020002808010003006060000001002000A894000004004848 | ............ ............. .(......... .......HH |
\VERSION\1\0 | 1B09EC | 2A0 | 1ADFEC | A00234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
\24\1\0 | 1B0C8C | 1EA | 1AE28C | EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65 | ...<?xml version="1.0" encoding="UTF-8" standalone |
Intelligent String: |
• 1.0.0.0 • palm pc.exe • 32.dll • $.Uly • palm pc.pdb • _CorExeMainmscoree.dll |
Extra 4n4lysis: |
Metric | Value | Percentage |
---|---|---|
Ascii Code | 1140943 | 64,704% |
Null Byte Code | 95372 | 5,4086% |
© 2025 All rights reserved.