| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | virussign.com_a058d507dde0318fe934d17da0b30356.vir |
| File Type: | MS-DOS executable, MZ for MS-DOS |
| SHA1: | 099c2206d38ee33c9e52a27c6e2f006712a576b1 |
| MD5: | a058d507dde0318fe934d17da0b30356 |
| First Seen Date: | 2024-07-13 13:16:10.021037 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2024-07-13 13:16:57.505133 ( ) |
| Human Expert Analysis Date: | 2024-07-15 14:14:49.617473 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 21 |
| file type enum | 10 |
| debug artifacts | [] |
| number of sections | 3 |
| trid | [[52.9, u'Win32 Executable (generic)'], [23.5, u'Generic Win/DOS Executable'], [23.5, u'DOS Executable Generic']] |
| compilation time stamp | 0x51593266 [Mon Apr 1 07:08:22 2013 UTC] |
| Translation | 0x0409 0x04b0 |
| ProductVersion | 1.00 |
| InternalName | TJprojMain |
| FileVersion | 1.00 |
| OriginalFilename | TJprojMain.exe |
| ProductName | Project1 |
| entry point | 0x40290c (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 333797 |
| ssdeep | 6144:UsLqdufVUNDaHzltSL4t4nTAjuVAWxR6bOJNC4kH1:PFUNDaHx8s4nTiuVJH6yNC4kH1 |
| sha256 | 9b6cd0f686dce2f2ff8f8d969829a39352ddf12fd9caf7fac9355d159510f41d |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/0/9/9/c/099c2206d38ee33c9e52a27c6e2f006712a576b1', u'EXE:OriginalFileName': u'TJprojMain.exe', u'EXE:ProductName': u'Project1', u'EXE:InternalName': u'TJprojMain', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:07:13 13:15:59+00:00', u'EXE:InitializedDataSize': 12288, u'File:FileModifyDate': u'2024:07:13 13:15:57+00:00', u'EXE:FileVersionNumber': u'1.0.0.0', u'EXE:FileVersion': 1.0, u'File:FileSize': u'326 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': 1.0, u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:UninitializedDataSize': 0, u'File:FileName': u'099c2206d38ee33c9e52a27c6e2f006712a576b1', u'EXE:ImageVersion': 1.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2013:04:01 07:08:22+00:00', u'EXE:FileFlagsMask': u'0x0000', u'EXE:LinkerVersion': 6.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/0/9/9/c', u'EXE:EntryPoint': u'0x290c', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 106496, u'File:FileInodeChangeDate': u'2024:07:13 13:15:59+00:00', u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | 8c16c795b57934183422be5f6df7d891 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x191d4 | 0x1a000 | 5.73479931211 | e9a068bc69a6cce92101af62753d223a |
| .data | 0x1b000 | 0x180c | 0x1000 | 0.0 | 620f0b67a91f7f74151bc5be745b7110 |
| .rsrc | 0x1d000 | 0x13f0 | 0x2000 | 1.6947377925 | b4e85108ec2a21a0db97eb63b63f9351 |
-
MSVBVM60.DLL
- EVENT_SINK_GetIDsOfNames
- None
- _CIcos
- _adj_fptan
- __vbaStrI4
- __vbaVarVargNofree
- __vbaFreeVar
- __vbaLenBstr
- __vbaLateIdCall
- __vbaPut3
- __vbaEnd
- __vbaFreeVarList
- _adj_fdiv_m64
- EVENT_SINK_Invoke
- __vbaRaiseEvent
- __vbaFreeObjList
- None
- __vbaStrErrVarCopy
- None
- _adj_fprem1
- __vbaRecAnsiToUni
- None
- __vbaCopyBytes
- __vbaStrCat
- __vbaLsetFixstr
- __vbaRecDestruct
- __vbaSetSystemError
- None
- __vbaHresultCheckObj
- __vbaNameFile
- _adj_fdiv_m32
- Zombie_GetTypeInfo
- __vbaAryDestruct
- None
- None
- __vbaExitProc
- None
- __vbaOnError
- __vbaObjSet
- _adj_fdiv_m16i
- __vbaObjSetAddref
- _adj_fdivr_m16i
- None
- __vbaFpR4
- None
- __vbaStrFixstr
- _CIsin
- None
- None
- None
- __vbaChkstk
- __vbaFileClose
- EVENT_SINK_AddRef
- __vbaGenerateBoundsError
- __vbaGet3
- __vbaStrCmp
- None
- __vbaGet4
- __vbaPutOwner3
- __vbaAryConstruct2
- __vbaVarTstEq
- __vbaI2I4
- DllFunctionCall
- __vbaFpUI1
- __vbaRedimPreserve
- __vbaStrR4
- _adj_fpatan
- __vbaLateIdCallLd
- Zombie_GetTypeInfoCount
- __vbaRedim
- __vbaRecUniToAnsi
- EVENT_SINK_Release
- __vbaNew
- None
- __vbaUI1I2
- _CIsqrt
- EVENT_SINK_QueryInterface
- __vbaExceptHandler
- None
- __vbaStrToUnicode
- None
- _adj_fprem
- _adj_fdivr_m64
- None
- None
- __vbaFPException
- None
- __vbaGetOwner3
- __vbaUbound
- None
- __vbaFileSeek
- None
- _CIlog
- __vbaErrorOverflow
- __vbaFileOpen
- None
- None
- __vbaNew2
- __vbaInStr
- _adj_fdiv_m32i
- None
- _adj_fdivr_m32i
- __vbaStrCopy
- __vbaI4Str
- __vbaFreeStrList
- _adj_fdivr_m32
- _adj_fdiv_r
- None
- __vbaI4Var
- None
- __vbaAryLock
- __vbaVarAdd
- None
- None
- __vbaVarDup
- __vbaStrToAnsi
- None
- __vbaFpI2
- __vbaFpI4
- None
- __vbaLateMemCallLd
- _CIatan
- __vbaStrMove
- None
- __vbaCastObj
- __vbaR8IntI4
- None
- _allmul
- _CItan
- __vbaAryUnlock
- _CIexp
- __vbaFreeObj
- __vbaFreeStr
- None
- None
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 119088, u'sha256': u'06ae30f9a22566650f6d3a106cc0ce24c3d42b16356f1edc8cb83f4919945de2', u'type': u'dBase IV DBT of @.DBF, block length 3072, next free block index 40, next free block 0, next used block 0', u'size': 3280}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 122368, u'sha256': u'849c1d43cc460acc263a31d28e0821a9eb456584f02a249e922c037df60a353e', u'type': u'MS Windows icon resource - 1 icon, 32x32', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 122388, u'sha256': u'd5afa151e677a98f00aa6af43d6155c0dc5bbb8039c1581f744e3188616a434c', u'type': u'data', u'size': 492}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 122880, u'sha256': u'95effec3e13ef3dde1b82a54cce79dc610c686a6b74d5018e8895a2c923dede5', u'type': u'XML 1.0 document, ASCII text, with CRLF line terminators', u'size': 999}