Static Analysis

PE Compile Time

2019-01-19 15:34:56

PE Imphash

5d6cad172c5535e4b6b6bbd246571621

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0002a5c4 0x0002b000 7.57159899264
.data 0x0002c000 0x00000a20 0x00001000 0.0
.rsrc 0x0002d000 0x000479f8 0x00048000 2.46522230145

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002d0e8 0x000476c8 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 256 x 554 x 32, image size 283648
RT_GROUP_ICON 0x000747b0 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000747c4 0x00000234 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaVarMove
0x40100c __vbaFreeVar
0x401010 None
0x401014 __vbaFreeVarList
0x401018 __vbaEnd
0x40101c _adj_fdiv_m64
0x401020 __vbaFreeObjList
0x401024 _adj_fprem1
0x401028 __vbaStrCat
0x40102c __vbaSetSystemError
0x401034 _adj_fdiv_m32
0x401038 __vbaAryDestruct
0x40103c None
0x401040 None
0x401044 __vbaOnError
0x401048 __vbaObjSet
0x40104c _adj_fdiv_m16i
0x401050 _adj_fdivr_m16i
0x401054 _CIsin
0x401058 __vbaChkstk
0x40105c __vbaFileClose
0x401060 EVENT_SINK_AddRef
0x401068 __vbaPutOwner3
0x40106c DllFunctionCall
0x401070 _adj_fpatan
0x401074 __vbaRedim
0x401078 __vbaStrR8
0x40107c EVENT_SINK_Release
0x401080 None
0x401084 __vbaUI1I2
0x401088 _CIsqrt
0x401090 __vbaExceptHandler
0x401094 _adj_fprem
0x401098 _adj_fdivr_m64
0x40109c __vbaFPException
0x4010a0 __vbaGetOwner3
0x4010a4 __vbaUbound
0x4010a8 __vbaStrVarVal
0x4010ac __vbaVarCat
0x4010b0 _CIlog
0x4010b4 __vbaErrorOverflow
0x4010b8 __vbaFileOpen
0x4010bc __vbaNew2
0x4010c0 None
0x4010c4 __vbaR8Str
0x4010c8 _adj_fdiv_m32i
0x4010cc _adj_fdivr_m32i
0x4010d0 __vbaFreeStrList
0x4010d4 _adj_fdivr_m32
0x4010d8 _adj_fdiv_r
0x4010dc None
0x4010e0 __vbaI4Var
0x4010e4 __vbaVarMod
0x4010e8 _CIatan
0x4010ec __vbaStrMove
0x4010f0 _allmul
0x4010f4 _CItan
0x4010f8 __vbaFPInt
0x4010fc __vbaUI1Var
0x401100 _CIexp
0x401104 __vbaFreeStr
0x401108 __vbaFreeObj
!This program cannot be run in DOS mode.
MSVBVM60.DLL
Unicorn
I'm Unicorn
Adobe Photoshop CC 2018 (Windows)
2019:01:07 19:44:27
Adobe_CM
dEU6te
'7GWgw
^FNEmu
T+i&5.<
T{@DiJ
\Photoshop 3.0
printOutput
PstSbool
Inteenum
printSixteenBitbool
printerNameTEXT
printProofSetupObjc
proofSetup
Bltnenum
builtinProof
proofCMYK
printOutputOptions
Cptnbool
Clbrbool
RgsMbool
CntCbool
Lblsbool
Ngtvbool
EmlDbool
Intrbool
BckgObjc
Rd doub@o
Grn doub@o
Bl doub@o
BrdTUntF#Rlt
Bld UntF#Rlt
RsltUntF#Pxl@b
vectorDatabool
PgPsenum
LeftUntF#Rlt
Top UntF#Rlt
Scl UntF#Prc@Y
cropWhenPrintingbool
cropRectBottomlong
cropRectLeftlong
cropRectRightlong
cropRectToplong
boundsObjc
Top long
Leftlong
Btomlong
Rghtlong
slicesVlLs
sliceIDlong
groupIDlong
originenum
ESliceOrigin
autoGenerated
Typeenum
ESliceType
boundsObjc
Top long
Leftlong
Btomlong
Rghtlong
urlTEXT
nullTEXT
MsgeTEXT
altTagTEXT
cellTextIsHTMLbool
cellTextTEXT
horzAlignenum
ESliceHorzAlign
default
vertAlignenum
ESliceVertAlign
default
bgColorTypeenum
ESliceBGColorType
topOutsetlong
leftOutsetlong
bottomOutsetlong
rightOutsetlong
Adobe_CM
dEU6te
'7GWgw
^FNEmu
T+i&5.<
T{@DiJ
zhttp://ns.adobe.com/xap/1.0/
<?xpacket begin="
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xml
s:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/Resou
ceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmp:CreateDate="2018-12-02T15:50:06+08:00" xmp:ModifyDate="2019-01-07T19:44:27+08:00" xmp:M
tadataDate="2019-01-07T
9:44:27+
8:00" dc:format="image/jpeg" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:d5974899-ca88-7f42-9516-8e7635808df3" xmpMM:DocumentID="adobe:docid:photoshop:953273c3-3fa6-8f45-b6a0-9baf393cacbc" xmpMM:OriginalDocumentID="xmp.did:94317eb3-7085-4449-8680-030e5a0890d3"> <xmpMM:History> <rdf:Seq> <rdf:li stEvt:action="created" stEvt:instanceID="xmp.iid:94317eb3-7085-4449-8680-030e5a0890d3" stEvt:when="2018-12-02T15:50:06+08:00" stEvt:softwareAgent="Adobe Photoshop CC 2018 (Windows)"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:bda3dc4b-caee-fd46-b85f-119c665623ef" stEvt:when="2018-12-02T16:02:59+08:00" stEvt:softwareAgent="Adobe Photoshop CC 2018 (Windows)" stEvt:changed="/"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:d9d77401-7124-ed42-8b71-4014b651f934" stEvt:when="2019-01-07T19:44:27+08:00" stEvt:softwareAgent="Adobe Photoshop CC 2018 (Windows)" stEvt:changed="/"/> <rdf:li stEvt:action="converted" stEvt:parameters="from image/png to image/jpeg"/
<?xpacket end="w"?>
XICC_PROFILE
mntrRGB XYZ
acspMSFT
IEC sRGB
Copyright (c) 1998 Hewlett-Packard Company
sRGB IEC61966-2.1
sRGB IEC61966-2.1
IEC http://www.iec.ch
IEC http://www.iec.ch
.IEC 61966-2.1 Default RGB colour space - sRGB
.IEC 61966-2.Y Default RGB colour space - sRGB
,Reference Viewing Condition in IEC61966-2.1
,Reference Viewing Condition in IEC61966-2.1
CRT curv
$$M$|$
DTsEF7Gc(UVW
u*9:HIJXYZghijvwxyz
(GWf8v
*:JZjz
+bTyi'
((jjjp
`sk.D
Q[UCAl
=rSc)jj40
kvr=K
u:6Z
tB1$5ej
oA[=:U
:Ck&/sg
%euWFWGP
tOP}@
]%D3V7
>_+`39
6Oy4R'
UaM'=X
%&snfi
jiqTed
_\[Z!y
{/7Q5c
=`?bqm
-.>O!C*
efR2:Q
/Mt!f+
6?ft~/
^]Vw`u]f
oUb1[7)
'OIZ#^
&qy<u=-
)Nd/$q
(5_=EE
[/3Z-A
I5eOAg
+6~g1A
gxf31`hM
Kekn_{
jd>HUg
EsG>}3*S tI
.\uuL9
YQ$Pb
hzAf2~)&
7PVQll?_
+6a{M=
KOCCGM
U@%fZ]
g]rU}z
Ay7VrF
]*[Z(Z&
%fgpeM$
Cg`;kjCWMW
{uU>cj
ugrCgu
=)g]'=la
MQMT+G
in)Bh|
K[_[U*C
C[<ktE
p8uV_#%
&f<>Fu
PRAEICL)
o^,OF[
kijG?F
%Mjj>X
#~AfL9
v*FH=k
u<q5P7
fRh:qM
5_\n}
ue/|L~
SE~-o~
RKWU4pE
1(P^If
jEhMGE
mnnVXa$z
im:sJ
WUA@z<
+0;oro
05pWb3
7q#wc?
qun{#5v
#g;>co
xt[vDCywF
="bE(z
J{qqz?
{G<^4`
Tl=GI\
uVwh`sT
lnB<]^'+ID
gs8F4'
?~l<nJ
Ew1v4>}(
uD?/7Kg
0cu#?g
]M[%v_g
abn$V'
Mw>]v~O'
Ifw:s^
1{[lR}
bqY,f_2
84?gF.
m`i$>@W
H'#r9a
K<Ydlf_
ycw%.S
'?OO.
7spdBO
!,e^9c
WVll'@a
oi[,=A
.ed4u
mjbF#
ZTf6OC
j7G`Um}
?ea7F2
:TQbh?
wE.wou
0MVs1SK
zSKUL~
b>7v7Xf(
F}hO2jc
_+5=VV
$35MO]
VQPSMY]44tt
MEWOTq
YO[IP?
*)EM-M7
{ggv.Gy
j:;s],O
:}W`A_
A5UU5?
tvz{qNR
)@Qb(w
ldvuUL
<{#{n?<
&S)CAYA
gae!48|G
tXVwT8
V$~Fkn
}9_idR
Tz\TXlF\d
_^?:~|:
<?>=lq
a7m.~}#`
i2E:R:Bo
AMOSMR
m~O)So
{[4x==!
JPP7C?
iUe6?Zm
\:;Kp@
74PC-]%5FN
{E$~H
G=vOgR
+M-6+\
JhuJz/
pAm@9
/S+X&>
{^i:`g
-O0:.51y
O&IAR@
]/h7F:
;_nb01M
P}>_nuV
/mw{Q,
W=#G4J
Asrd5"
Coz2i4#
ll&GFn
oq[1f,NI
OIWM+Rep
Sb7F2,
D3$RG)
LlRUWR
DSejXZ:7
\tiUS$Y
LW)@KE
Q-%}NZ
tI~Icj
'l|9|U
I>'R2]
~R3ol!
"E<2<SC4L
Zn7Ve|)
=-TrD(3
CdsA4~h
zNnley
zmlNrj
C--m<U0;#
v;n$#7
==]%TI,R
PH?eM:
SUMCOQ
Timer2
Timer1
Label1
Unicorn
MS Sans Serif
VB5!6&vb6chs.dll
Kawaii-Unicorn
Kawaii-Unicorn
Unicorn
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Label1
Timer2
Timer1
user32
SetLayeredWindowAttributes
GetWindowLongA
SetWindowLongA
__vbaFreeStrList
VBA6.DLL
__vbaEnd
__vbaR8Str
__vbaStrR8
__vbaFreeVarList
__vbaVarCat
__vbaStrVarVal
__vbaObjSet
__vbaErrorOverflow
__vbaAryDestruct
__vbaPutOwner3
__vbaFreeObj
__vbaFreeStr
__vbaVarMod
__vbaUI1Var
__vbaGenerateBoundsError
__vbaI4Var
__vbaUbound
__vbaFPInt
__vbaVarMove
__vbaFileClose
__vbaGetOwner3
__vbaRedim
__vbaFreeObjList
__vbaNew2
__vbaStrCat
__vbaStrMove
__vbaFileOpen
__vbaFreeVar
__vbaUI1I2
__vbaSetSystemError
__vbaHresultCheckObj
__vbaOnError
}#jPh8
}#jPh8
}#jTh8
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaPutOwner3
DllFunctionCall
_adj_fpatan
__vbaRedim
__vbaStrR8
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaVarMod
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
__vbaUI1Var
_CIexp
__vbaFreeStr
__vbaFreeObj
Proof Setup
Adobe Photoshop
Adobe Photoshop CC 2018
#(-27;@EJOTY^chmrw|
\Unicorn-
cmd /c rename "
.exe"
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
ProductName
Kawaii-Unicorn
FileVersion
ProductVersion
InternalName
Kawaii-Unicorn
OriginalFilename
Kawaii-Unicorn.exe
VarFileInfo
Translation
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Trojan.Win32.FAREIT.SME
Avast Core Security (Linux) Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux) Win.Packed.Generic-9967832-0
Trellix (Linux) GenericRXTC-TT
Sophos Anti-Virus (Linux) Troj/VB-KCP
Bitdefender Antivirus (Linux) Generic.Dacic.94CCEEA9.A.001E7BD4
G Data Antivirus (Windows) Virus: Generic.Dacic.94CCEEA9.A.001E7BD4 (Engine A)
WithSecure (Linux) Trojan.TR/Crypt.XPACK.Gen
ESET Security (Windows) a variant of Win32/VBClone.E trojan
DrWeb Antivirus (Linux) Trojan.Siggen29.56020
ClamAV (Linux) Win.Packed.Generic-9967832-0
eScan Antivirus (Linux) Generic.Dacic.94CCEEA9.A.001E7BD4(DB)
Kaspersky Standard (Windows) Trojan.Win32.VB.dosq
Emsisoft Commandline Scanner (Windows) Generic.Dacic.94CCEEA9.A.001E7BD4 (B)
Cuckoo

We're processing your submission... This could take a few seconds.