PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Valid Code

File Structure:
PE chart code: - The executable header is displayed in light blue. - The executable sections are pink. - Non-executable sections are black. - Code added to executables externally to a compiler appears in red. Chart code for other files: - Printable characters are blue. - Non-printable characters (Null Bytes) are black.

Information:

Size: 641,50 KB
SHA-256 Hash: 853B49C1E4FC2C040164CE927B7EB619FEEF66BB61D16B223EC352673A336E12
SHA-1 Hash: DC4E21FA02DE3253B6EED68CBC76B57D9BB78E34
MD5 Hash: A396D84CF0C4D102D78851459A0E471A
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
CheckSum: 00000000
EntryPoint (rva): A18C6
SizeOfHeaders: 200
SizeOfImage: A6000
ImageBase: 400000
Architecture: x86
ImportTable: A1874
Characteristics: 102
TimeDateStamp: D8808FD8
Date: 06/02/2085 13:21:28
File Type: EXE
Number Of Sections: 3
ASLR: Enabled
Section Names: .text, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info:

Section Name	Flags	ROffset	RSize	VOffset	VSize
.text	60000020 (Executable)	200	9FA00	2000	9F8CC
.rsrc	40000040	9FC00	800	A2000	618
.reloc	42000040	A0400	200	A4000	C

Description:

InternalName: kYii.exe
OriginalFilename: kYii.exe
CompanyName: Microsoft Corporation
LegalCopyright: Copyright Microsoft Corporation. All rights reserved.
ProductName: Edu Portal
FileVersion: 1.0.0.0

Entry Point:

The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 9FAC6
Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
• JMP DWORD PTR [0X402000]
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL
• ADD BYTE PTR [EAX], AL

Signatures:

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler:

Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
• AnyCPU: False
• Version: v4.0
Detect It Easy (die)
• PE: library: .NET(v4.0.30319)[-]
• PE: compiler: VB.NET(-)[-]
• PE: linker: Microsoft Linker(48.0)[EXE32]
• Entropy: 7.50692

File Access:

kYii.exe
mscoree.dll
Temp

File Access (UNICODE):

kYii.exe
Data_12.txt
Data_11.txt

SQL Queries:

Select * FROM WHERE Registration_Number = @RegistrationNumber AND Password = @Password@Password'@RegistrationNumberPassword!Teaching_Subject/Teacher_Personal_Inform+
Select COUNT(*) FROM a WHERE Registration_Number = @RegistrationNumber!validation_errorGrade_INSERT INTO (Student_Name, Registration_Number) VALUES (@Name, @Registration_Number)@Name)@Registration_Number (Name, Email, Registration_Number, Password, Grade) VALUES (@Name, @Email, @Registration_Number, @Password, @Grade)@Email@GradeUPDATE Teacher_Personal_Inform SET Teaching_Subject = @Teaching_Subject WHERE Registration_Number = @Registration_Number@Teaching_SubjectOK-Connection_Error_1 {0})
Select * FROM Grade__Final_Mark_Total_Mark_Assignments_Mark_Midterm_MarkMNo data found for registration number .U
Select Teacher_Name, Grade, Materials_Link, Subject_Name FROM Materials_Table WHERE Grade = U

Interest's Words:

PassWord
exec
attrib
start
dism

Interest's Words (UNICODE):

PassWord

IP Addresses:

16.0.0.0
16.10.0.0

Strings/Hex Code Found With The File Rules:

• Rule Text (Ascii): WinAPI Sockets (send)
• EP Rules: Microsoft Visual C / Basic .NET
• EP Rules: Microsoft Visual C++ 8
• EP Rules: Microsoft Visual C++ 8.0
• EP Rules: Microsoft Visual C v7.0 / Basic .NET
• EP Rules: Microsoft Visual Studio .NET
• EP Rules: .NET executable

Resources:

Path	DataRVA	Size	FileOffset	Code	Text
\VERSION\1\0	A2090	388	9FC90	880334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0	A2428	1EA	A0028	EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65	...<?xml version="1.0" encoding="UTF-8" standalone

Intelligent String:

• 1.0.0.0
• kYii.exe
• Data_11.txt
• Data_12.txt
• Login
• %registration_login
• password_login
• LoginPage
• _CorExeMainmscoree.dll

Extra 4n4lysis:

Metric	Value	Percentage
Ascii Code	405439	61,7204%
Null Byte Code	63363	9,6458%

PESCAN.IO - Analysis Report Valid Code