PESCAN.IO - Analysis Report Valid Code |
|||||
File Structure: | |||||
![]() |
Information: |
Size: 534,50 KB SHA-256 Hash: 76AB8DF709543469D0F7EA393BC3C50B3052B3723702E9444083459A3D407BED SHA-1 Hash: 7C4013FE4393D2489CEB47D336C74A73F7482C97 MD5 Hash: F59D3594A5F206F41CF36AF90DAB6641 Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744 MajorOSVersion: 4 CheckSum: 00000000 EntryPoint (rva): 871CE SizeOfHeaders: 200 SizeOfImage: 8C000 ImageBase: 400000 Architecture: x86 ImportTable: 87180 Characteristics: 22 TimeDateStamp: 1F36AC7B Date: 06/08/1986 1:46:35 File Type: EXE Number Of Sections: 3 ASLR: Disabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI |
Sections Info: |
Section Name | Flags | ROffset | RSize | VOffset | VSize |
---|---|---|---|---|---|
.text | 60000020 (Executable) | 200 | 85200 | 2000 | 851D4 |
.rsrc | 40000040 | 85400 | 400 | 88000 | 3F4 |
.reloc | 42000040 | 85800 | 200 | 8A000 | C |
Description: |
InternalName: xxxx.exe OriginalFilename: xxxx.exe CompanyName: :594GG9:>82F3=;D5AB995=H LegalCopyright: Copyright 2024 :594GG9:>82F3=;D5AB995=H ProductName: BEABBFAG;6=H3J96B78CA FileVersion: 8.12.16.20 |
Entry Point: |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 853CE Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 • JMP DWORD PTR [0X402000] • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL |
Signatures: |
Certificate - Digital Signature Not Found: • The file is not signed |
Packer/Compiler: |
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: False • Version: v4.0 Detect It Easy (die) • PE: library: .NET(v4.0.30319)[-] • PE: compiler: VB.NET(-)[-] • PE: linker: Microsoft Linker(80.0)[EXE32] • Entropy: 7.059 |
Suspicious Functions: |
Library | Function | Description |
---|---|---|
USER32.DLL | GetAsyncKeyState | Retrieves the status of a virtual key asynchronously. |
Windows REG (UNICODE): |
Software\Microsoft\Windows\CurrentVersion\Themes\Personalize |
File Access: |
mscoree.dll user32.dll Temp |
File Access (UNICODE): |
xxxx.exe \WorkflowDiagrams\output.txt schedule.txt )PrioritizedRisks.txt OpenRisksReport.txt yyyyMMdd_HHmmss}.txt %RiskRegisterDB.txt VortexLattice.txt PercolationFlow.txt OrbitalPath.txt ResonatedEnergy.txt VortexSpin.txt WaveletEnergy.txt !EnergyConfig.txt Temp |
Interest's Words: |
Decrypt exec attrib start pause ping replace |
Interest's Words (UNICODE): |
Encrypt <html <head <body <table <title exec start pause ping |
URLs (UNICODE): |
http://studyhub.com/{0}/{1} https://api.calendar/sync https://api.openweathermap.org/data/2.5/weather?q={0}&appid={1} |
IP Addresses: |
11.0.0.0 17.0.0.0 17.12.0.0 |
Strings/Hex Code Found With The File Rules: |
• Rule Text (Ascii): Encryption (CreateDecryptor) • Rule Text (Ascii): Encryption (CryptoStream) • Rule Text (Ascii): Encryption (CryptoStreamMode) • Rule Text (Ascii): Encryption (FromBase64String) • Rule Text (Ascii): Encryption (ICryptoTransform) • Rule Text (Ascii): Encryption (RNGCryptoServiceProvider) • Rule Text (Ascii): Encryption (ToBase64String) • EP Rules: Microsoft Visual C / Basic .NET • EP Rules: Microsoft Visual C v7.0 / Basic .NET • EP Rules: Microsoft Visual Studio .NET • EP Rules: .NET executable |
Resources: |
Path | DataRVA | Size | FileOffset | Code | Text |
---|---|---|---|---|---|
\VERSION\1\0 | 88058 | 39C | 85458 | 9C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000C00 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
Intelligent String: |
• xxxx.exe • 8.12.16.20 • (resources/184839.png • -.EXj • .txt • !EnergyConfig.txt • .csv • EnergyWave.wav • WaveletEnergy.txt • VortexSpin.txt • 'ResonatedEnergy.txt • OrbitalPath.txt • 'PercolationFlow.txt • VortexLattice.txt • %RiskRegisterDB.txt • URiskRegisterBackup_{0:yyyyMMdd_HHmmss}.txt • 'OpenRisksReport.txt • RisksExport.csv • )PrioritizedRisks.txt • schedule.txt • 7study_plan_{0:yyyyMMdd}.ics • https://api.calendar/sync • )resources/184839.png • http://studyhub.com/{0}/{1} • https://api.openweathermap.org/data/2.5/weather?q={0}&appid={1} • C:\WorkflowDiagrams\output.txt • <svg xmlns='http://www.w3.org/2000/svg' width='800' height='600'> • _CorExeMainmscoree.dll • 1.0.0.0 |
Extra 4n4lysis: |
Metric | Value | Percentage |
---|---|---|
Ascii Code | 324218 | 59,2365% |
Null Byte Code | 100952 | 18,4445% |
© 2025 All rights reserved.