PESCAN.IO - Analysis Report Valid Code

File Structure:
Analysis Image
Information:
Size: 534,50 KB
SHA-256 Hash: 76AB8DF709543469D0F7EA393BC3C50B3052B3723702E9444083459A3D407BED
SHA-1 Hash: 7C4013FE4393D2489CEB47D336C74A73F7482C97
MD5 Hash: F59D3594A5F206F41CF36AF90DAB6641
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
CheckSum: 00000000
EntryPoint (rva): 871CE
SizeOfHeaders: 200
SizeOfImage: 8C000
ImageBase: 400000
Architecture: x86
ImportTable: 87180
Characteristics: 22
TimeDateStamp: 1F36AC7B
Date: 06/08/1986 1:46:35
File Type: EXE
Number Of Sections: 3
ASLR: Disabled
Section Names: .text, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI

Sections Info:
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 200 85200 2000 851D4
.rsrc 40000040 85400 400 88000 3F4
.reloc 42000040 85800 200 8A000 C
Description:
InternalName: xxxx.exe
OriginalFilename: xxxx.exe
CompanyName: :594GG9:>82F3=;D5AB995=H
LegalCopyright: Copyright 2024 :594GG9:>82F3=;D5AB995=H
ProductName: BEABBFAG;6=H3J96B78CA
FileVersion: 8.12.16.20

Entry Point:
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 853CE
Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
JMP DWORD PTR [0X402000]
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL

Signatures:
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler:
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
AnyCPU: False
Version: v4.0
Detect It Easy (die)
PE: library: .NET(v4.0.30319)[-]
PE: compiler: VB.NET(-)[-]
PE: linker: Microsoft Linker(80.0)[EXE32]
Entropy: 7.059

Suspicious Functions:
Library Function Description
USER32.DLL GetAsyncKeyState Retrieves the status of a virtual key asynchronously.
Windows REG (UNICODE):
Software\Microsoft\Windows\CurrentVersion\Themes\Personalize

File Access:
mscoree.dll
user32.dll
Temp

File Access (UNICODE):
xxxx.exe
\WorkflowDiagrams\output.txt
schedule.txt
)PrioritizedRisks.txt
OpenRisksReport.txt
yyyyMMdd_HHmmss}.txt
%RiskRegisterDB.txt
VortexLattice.txt
PercolationFlow.txt
OrbitalPath.txt
ResonatedEnergy.txt
VortexSpin.txt
WaveletEnergy.txt
!EnergyConfig.txt
Temp

Interest's Words:
Decrypt
exec
attrib
start
pause
ping
replace

Interest's Words (UNICODE):
Encrypt
<html
<head
<body
<table
<title
exec
start
pause
ping

URLs (UNICODE):
http://studyhub.com/{0}/{1}
https://api.calendar/sync
https://api.openweathermap.org/data/2.5/weather?q={0}&appid={1}

IP Addresses:
11.0.0.0
17.0.0.0
17.12.0.0

Strings/Hex Code Found With The File Rules:
Rule Text (Ascii): Encryption (CreateDecryptor)
Rule Text (Ascii): Encryption (CryptoStream)
Rule Text (Ascii): Encryption (CryptoStreamMode)
Rule Text (Ascii): Encryption (FromBase64String)
Rule Text (Ascii): Encryption (ICryptoTransform)
Rule Text (Ascii): Encryption (RNGCryptoServiceProvider)
Rule Text (Ascii): Encryption (ToBase64String)
EP Rules: Microsoft Visual C / Basic .NET
EP Rules: Microsoft Visual C v7.0 / Basic .NET
EP Rules: Microsoft Visual Studio .NET
EP Rules: .NET executable

Resources:
Path DataRVA Size FileOffset CodeText
\VERSION\1\0 88058 39C 85458 9C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000C00..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
Intelligent String:
• xxxx.exe
• 8.12.16.20
• (resources/184839.png
• -.EXj
• .txt
• !EnergyConfig.txt
• .csv
• EnergyWave.wav
• WaveletEnergy.txt
• VortexSpin.txt
• 'ResonatedEnergy.txt
• OrbitalPath.txt
• 'PercolationFlow.txt
• VortexLattice.txt
• %RiskRegisterDB.txt
• URiskRegisterBackup_{0:yyyyMMdd_HHmmss}.txt
• 'OpenRisksReport.txt
• RisksExport.csv
• )PrioritizedRisks.txt
• schedule.txt
• 7study_plan_{0:yyyyMMdd}.ics
• https://api.calendar/sync
• )resources/184839.png
• http://studyhub.com/{0}/{1}
• https://api.openweathermap.org/data/2.5/weather?q={0}&appid={1}
• C:\WorkflowDiagrams\output.txt
• <svg xmlns='http://www.w3.org/2000/svg' width='800' height='600'>
• _CorExeMainmscoree.dll
• 1.0.0.0

Extra 4n4lysis:
Metric Value Percentage
Ascii Code 324218 59,2365%
Null Byte Code 100952 18,4445%
© 2025 All rights reserved.