Static Analysis

PE Compile Time

2011-02-26 02:49:11

PE Imphash

b55b75fea562da1af1e369dc76d9ea67

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x001b2000 0x001b2000 4.68445677682
UPX1 0x001b3000 0x00048000 0x00047400 4.63037672652
.rsrc 0x001fb000 0x00001000 0x00000c00 3.11804974154
.imports 0x001fc000 0x00001000 0x00000200 2.18633120032

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x001fb5b4 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x001fb5b4 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x001fb5b4 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_GROUP_ICON 0x001fb6e0 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x001fb714 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows COFF PA-RISC object file
RT_MANIFEST 0x001fb9a8 0x00000019 LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library MSVBVM60.DLL:
0x401000 None
0x401004 None
0x401008 MethCallEngine
0x40100c None
0x401010 None
0x401014 None
0x401018 EVENT_SINK_AddRef
0x40101c None
0x401020 DllFunctionCall
0x401024 EVENT_SINK_Release
0x40102c __vbaExceptHandler
0x401030 None
0x401034 None
0x401038 None
0x40103c ProcCallEngine
0x401040 None
0x401044 None
0x401048 None
0x40104c None
!This program cannot be run in DOS mode.
.imports
CYPTONFS
VB5!6&*
bqzmjoi
CYPTONFS
CYPTONFS
TARJPAZXCSR
Z2A5i1M8
CYPTONFS
C:\Documents and Settings\Giang\Desktop\darkeye\Dark EYE\VB6.OLB
lriCWv
Form_Load
C:\WINDOWS\system32\msvbvm60.dll\3
Class_Initialize
eIISlXA
OOWdBlcsul
comdlg32.dll
PrintDlgA
winmm.dll
joyGetNumDev
winspool.drv
DeviceCapabilitiesA
EnumPortsA
ComCtl32.OCX
DllRegisterServer
EndPagePrinter
kernel32.dll
RtlFillMemory
Kernel32
GetExitCodeProcess
EndDocPrinter
RtlZeroMemory
Kernel32
RtlMoveMemory
VBA6.DLL
TARJPAZXCSR
TARJPAZXCSR
TARJPAZXCSR
RQBNZYM
JIVAMGZ
lriCWv
VZLCAKW
ZUNZGFX
XvpNFOSNU
PgtsbqO
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
`.data
@"8s~^
wg>-,\
HaO~^:
[k@<TR
W6[~j2{_
w`eVl~;
sl@=@kK
FFSh9r
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H)
s`)L$4
D$t+D$\
)D$H)
9l$\w_
XPTPSW
@~~@WindowsDef@~~@1@~~@
KERNEL32.DLL
MSVBVM60.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
V96V131V117V120V96V125V118V134V117V134V141V107V
Replace
Pattern
V91V121V136V97V131V120V137V128V121V90V125V128V121V98V117V129V121V107V
V87V134V121V117V136V121V100V134V131V119V121V135V135V107V
V98V136V105V130V129V117V132V106V125V121V139V99V122V103V121V119V136V125V131V130V
V106V125V134V136V137V117V128V85V128V128V131V119V89V140V
V98V136V107V134V125V136V121V106V125V134V136V137V117V128V97V121V129V131V134V141V
D72D68D
V98V136V91V121V136V87V131V130V136V121V140V136V104V124V134V121V117V120V
V98V136V103V121V136V87V131V130V136V121V140V136V104V124V134V121V117V120V
V98V136V102V121V135V137V129V121V104V124V134V121V117V120V
V58V124V
D74D72D
D70D72D76D
V76V86V72V87V70V72V68V76V73V69V80V85V100V102V95V93V96V101V110V88V103V82V89V76V80V110V89V105V85V89V107V108V108V99V107V82V73V77V76V77V68V69V74V74V71V69V87V68V87V71V
<APRKILQZDS>
<ZEUAEWXXOW>
D70D71D69D69D75D
D69D75D75D72D72D
V76V86V72V87V70V72V68V76V73V74V73V73V71V69V87V68V74V72V76V86V75V68V71V68V76V86V75V74V68V87V76V86V75V74V69V87V76V86V74V89V68V76V76V86V75V89V70V68V76V86V71V74V71V76V72V75V69V76V75V73V90V71V76V68V71V90V74V86V75V72V68V75V76V68V71V90V72V86V75V72V68V70V89V86V89V75V76V77V70V77V73V88V73V89V87V71V
D74D73D73D72D71D
D72D68D77D74D
D76D69D77D70D
D70D76D
D74D76D
V95V89V102V98V89V96V71V70V
V98V104V88V96V96V
P537P534P546P545P533P538P504P556P555P574P
P516P528P
V91V121V136V97V131V120V137V128V121V92V117V130V120V128V121V85V
V70V72V
V138V118V135V119V134V125V132V136V66V134V121V123V121V140V132V
DBOHFQAYBBYRHKTEFQUQUSWIAHTGNCZNLWV
JOJGZNMPIDFRMKVKCPXSTXEVZ
P575P573P559P572P568P555P567P559P
LDBOHFQAYBBYRHKTEFQUQUSWIAHTGNCZNLWVJOJGZNMPIDFRMKVKCPXSTXEVZLDBOHFQAYBBYRHKTEFQU
QUSWIAHTGNCZNLWVJOJGZNMPIDFRMKVKCPXSTXEVZLDBO
HFQAYBBYRHKTEFQUQUSWIAHTGNCZNLWVJOJGZNMPIVIJFRHNAYQRLJMBQDTZOPMXEVBNTAFDG
P573P562P559P566P566P509P508P
XWXYSEOKFWMUKLCADZUVPOGSHCRIJVIJFRHNAYQRLJMBQDTZOPMXEVBNTAFDGXWXYSEOKFWMUKLCADZUVPO
TXPFNWCDVRMNHGYL
YVAJACXOSUBCKGZZRIKEBEJSLSHIEQNFMWUPOQQKWZHTDTXPFNWCDVRMNHGYLYVAJACXOSUBCKG
ZZRIKEBEJSLSHIEQNFMWUPOQQKWZHTD
XPFNWCDVRMNHGYLYVAJACXOSUBCKGZZRIKEBEJSLSHIEQNFMWUPOQQKWZHTDTXPFNWCDVRMNHGYLYVAJACX
OSUBCKGZZRIKEBEJSLSHIEQNFMWUPOQQKWZHTDTXPFNWCDVRMNHGYLYVAJACXOSUBCKGZZRIKEBEJSLSH
EQNFMWUPOQQKWZHTDTXPFNWCDVRMNHGYLYVAJACXOSUBCKGZZ
P490P505P561P572P555P568P574P490P
P563P557P555P557P566P573P490P
P574P555P565P559P569P577P568P490P505P560P490P
P504P559P578P559P
P541P559P566P560P503P527P578P559P
P520P518P520P518P
P526P572P569P570P
P530P533P527P547P553P534P537P525P523P534P553P535P523P525P530P531P536P527P550P541P537P528P542P545P523P540P527P550P535P563P557P572P569P573P569P560P574P550P541P559P557P575P572P563P574P579P490P525P559P568P574P559P572P490P505P576P490P543P523P525P526P563P573P555P556P566P559P536P569P574P563P560P579P490P505P574P490P540P527P529P553P526P545P537P540P526P490P505P558P490P506P490P505P560P
P530P533P527P547P553P534P537P525P523P534P553P535P523P525P530P531P536P527P550P541P537P528P542P545P523P540P527P550P535P563P557P572P569P573P569P560P574P550P545P563P568P558P569P577P573P550P525P575P572P572P559P568P574P544P559P572P573P563P569P568P550P538P569P566P563P557P563P559P573P550P541P579P573P574P559P567P490P505P576P490P527P568P555P556P566P559P534P543P523P490P505P574P490P540P527P529P553P526P545P537P540P526P490P505P558P490P506P490P505P560P
P565P559P572P568P559P566P509P508P
P541P566P559P559P570P
P525P566P569P573P559P530P555P568P558P566P559P
P542P559P567P570P
P529P527P542P
P531P568P564P559P557P574P
P527P578P570P566P569P572P559P572P504P559P578P559P502P490P
P535P563P557P572P569P573P569P560P574P504P546P535P534P530P542P542P538P
P541P557P572P563P570P574P563P568P561P504P528P563P566P559P541P579P573P574P559P567P537P556P564P559P557P574P
P504P556P555P574P
P530P533P525P543P550P541P569P560P574P577P555P572P559P550P535P563P557P572P569P573P569P560P574P550P545P563P568P558P569P577P573P550P525P575P572P572P559P568P574P544P559P572P573P563P569P568P550P540P575P568P
P540P527P529P490P523P526P526P490P
P530P533P534P535P550P541P569P560P574P577P555P572P559P550P535P563P557P572P569P573P569P560P574P550P545P563P568P558P569P577P573P550P525P575P572P572P559P568P574P544P559P572P573P563P569P568P550P540P575P568P
P504P574P578P574P
P541P562P559P566P566P
P530P533P527P547P553P534P537P525P523P534P553P535P523P525P530P531P536P527P550P541P537P528P542P545P523P540P527P550P535P563P557P572P569P573P569P560P574P550P545P563P568P558P569P577P573P490P536P542P550P525P575P572P572P559P568P574P544P559P572P573P563P569P568P550P545P563P568P566P569P561P569P568P
P490P505P576P490P
P490P505P574P490P540P527P529P553P541P548P490P505P558P490P
P490P505P560P
P507P511P
P529P559P574P542P563P557P565P525P569P575P568P574P
P545P541P557P572P563P570P574P504P541P562P559P566P566P
P523P524P525P526P527P528P529P530P531P532P533P534P535P536P537P538P539P540P541P542P543P544P545P546P547P548P571P577P559P572P574P579P575P563P569P570P555P573P558P560P561P562P564P565P566P580P578P557P576P556P568P567P523P524P525P526P527P528P529P530P531P532P533P534P535P536P537P538P539P540P541P542P543P544P545P546P547P548P571P577P559P572P574P579P575P563P569P570P555P573P558P560P561P562P564P565P566P580P578P557P576P556P568P567P
P529P559P574P535P569P558P575P566P559P530P555P568P558P566P559P545P
P536P542P526P534P534P
P536P574P539P575P559P572P579P531P568P560P569P572P567P555P574P563P569P568P538P572P569P557P559P573P573P
P509P506P
P541P556P563P559P526P566P566P504P526P566P566P
P545P563P568P558P569P577P573P558P559P560P504P559P578P559P
P545P563P568P558P569P577P573P526P559P560P
P555P570P570P558P555P574P555P
P526P563P572P559P557P574P569P572P579P
P541P579P573P574P559P567P558P572P563P576P559P
P536P542P526P527P542P527P525P542P504P557P569P567P
P512P510P
P541P562P559P566P566P527P578P559P557P575P574P559P527P578P545P
JEIZMRPSEKAVJWRKDCXYVNWJGMFPABYBBNHSGE
P545P555P563P574P528P569P572P541P563P568P561P566P559P537P556P564P559P557P574P
P530P533P527P547P553P525P534P523P541P541P527P541P553P540P537P537P542P550P530P542P542P538P550P573P562P559P566P566P550P569P570P559P568P550P557P569P567P567P555P568P558P550P
GCLFJEIZMRPSEKAVJWRKDCXYVNWJGMFPABYBBNHSGETQOUDHIGCLF
CKVMTIJFRG
SZUEUAEWYGNXXDO
copyfile
OpenTextFile
WriteLine
FolderExists
CreateFolder
FileExists
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
Comments
RVHZBMANK
CompanyName
EPDQLERSO
FileDescription
HQWDAFJZU
ProductName
IOBCAFXDC
FileVersion
25.02.0020
ProductVersion
25.02.0020
InternalName
bqzmjoi
OriginalFilename
bqzmjoi.exe
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:Kryptik-ANO [Trj]
C4S ClamAV (Linux) Win.Packed.Manbat-6793302-0
Trellix (Linux) PWS-FCJD
Sophos Anti-Virus (Linux) Mal/Darkeye-C
Bitdefender Antivirus (Linux) Trojan.GenericKDZ.95426
G Data Antivirus (Windows) Virus: Trojan.GenericKDZ.95426 (Engine A)
WithSecure (Linux) Trojan.TR/Dropper.Gen
ESET Security (Windows) a variant of Win32/Injector.EYU trojan
DrWeb Antivirus (Linux) Trojan.PWS.Stealer.379
ClamAV (Linux) Win.Packed.Manbat-6793302-0
eScan Antivirus (Linux) Trojan.GenericKDZ.95426(DB)
Kaspersky Standard (Windows) Trojan.Win32.VBKrypt.cgnr
Emsisoft Commandline Scanner (Windows) Trojan.GenericKDZ.95426 (B)
Cuckoo

We're processing your submission... This could take a few seconds.