PESCAN.IO - Analysis Report
File Structure:
Analysis Image
Information:
Icon: Icon
Size: 372,00 KB
SHA-256 Hash: D85DEEFA11AD8A4549965FAE741A813179BD29F6402F419C7B0193873E79EA67
SHA-1 Hash: 017B61C38A670A261823D54CEBE66C265FCED3F8
MD5 Hash: D26BDDBBED0816F0AE9DE325CE8FBB49
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
CheckSum: 00000000
EntryPoint (rva): 3D2E
SizeOfHeaders: 200
SizeOfImage: 62000
ImageBase: 400000
Architecture: x86
ImportTable: 3CD4
Characteristics: 102
TimeDateStamp: 686277EB
Date: 30/06/2025 11:41:31
File Type: EXE
Number Of Sections: 3
ASLR: Disabled
Section Names: .text, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker
Sections Info:
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 200 1E00 2000 1D34
.rsrc 40000040 2000 5AE00 4000 5AD36
.reloc 42000040 5CE00 200 60000 C
Description:
InternalName: Document1.exe
OriginalFilename: Document1.exe
CompanyName: MailEnable Pty Ltd
LegalCopyright: MailEnable Pty Ltd
FileVersion: 10.53.0.0
Entry Point:
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 1F2E
Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
JMP DWORD PTR [0X402000]
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
Signatures:
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler:
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
AnyCPU: False
Version: v4.0
Detect It Easy (die)
PE: library: .NET(v4.0.30319)[-]
PE: linker: Microsoft Linker(8.0)[EXE32]
Entropy: 5.94053
File Access:
Document1.exe
mscoree.dll
Temp
File Access (UNICODE):
Document1.exe
Interest's Words:
<title
exec
attrib
start
URLs (UNICODE):
http://45.141.233.27/upload/Ivzxtgz.wav
IP Addresses:
10.53.0.0
45.141.233.27
10.53.0.0
Strings/Hex Code Found With The File Rules:
Rule Text (Ascii): Stealer malware focused on obtaining CVV codes to conduct unauthorized transactions (CVV)
EP Rules: Microsoft Visual C / Basic .NET
EP Rules: Microsoft Visual C++ 8
EP Rules: Microsoft Visual C++ 8.0
EP Rules: Microsoft Visual C v7.0 / Basic .NET
EP Rules: Microsoft Visual Studio .NET
EP Rules: .NET executable
EP Rules: TrueVision Targa Graphics format
Resources:
Path DataRVA Size FileOffset CodeText
\ICON\1\0 4220 42028 2220 2800000000010000000200000100200000000000000004000000000000000000000000000000000000000000000000000000(............. ...................................
\ICON\2\0 46248 10828 44248 2800000080000000000100000100200000000000000001000000000000000000000000000000000000000000000000000000(............. ...................................
\ICON\3\0 56A70 4228 54A70 2800000040000000800000000100200000000000004000000000000000000000000000000000000000000000000000000000(...@......... ......@............................
\ICON\4\0 5AC98 25A8 58C98 2800000030000000600000000100200000000000002400000000000000000000000000000000000000000000000000000000(...0........ ......$............................
\ICON\5\0 5D240 10A8 5B240 2800000020000000400000000100200000000000001000000000000000000000000000000000000000000000000000000000(... ...@..... ...................................
\ICON\6\0 5E2E8 468 5C2E8 2800000010000000200000000100200000000000000400000000000000000000000000000000000000000000000000000000(....... ..... ...................................
\GROUP_ICON\32512\0 5E750 5A 5C750 0000010006000000000001002000282004000100808000000100200028080100020040400000010020002842000003003030000001002000A825000004002020000001002000A810000005001010000001002000680400000600............ .( .......... .(.....@@.... .(B....00.... ..%.... .... ............. .h.....
\VERSION\1\0 5E7AC 3A0 5C7AC A00334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001003500..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............5.
\24\1\0 5EB4C 1EA 5CB4C EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65...<?xml version="1.0" encoding="UTF-8" standalone
Intelligent String:
• 10.53.0.0
• Document1.exe
• http://45.141.233.27/upload/Ivzxtgz.wav
• _CorExeMainmscoree.dll
Extra 4n4lysis:
Metric Value Percentage
Ascii Code 168315 44,1855%
Null Byte Code 83860 22,0147%
© 2025 All rights reserved.