Manalyze report for ae8a48081082b8fe467bf218fa9964e6

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2088-Jan-14 08:51:02
Comments
CompanyName
FileDescription	Certify
FileVersion	`1.0.0.0`
InternalName	Certify.exe
LegalCopyright	Copyright © 2021
LegalTrademarks
OriginalFilename	Certify.exe
ProductName	Certify
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Contains another PE executable: This program cannot be run in DOS mode.`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	VirusTotal score: 53/70 (Scanned on 2024-04-11 09:54:43)	`ALYac: IL:Trojan.MSILMamut.5465` `APEX: Malicious` `AVG: Win32:HacktoolX-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.C4708703` `Alibaba: VirTool:MSIL/CezAbuz.4bbd72b1` `Antiy-AVL: HackTool/MSIL.Agent` `Arcabit: IL:Trojan.MSILMamut.D1559` `Avast: Win32:HacktoolX-gen [Trj]` `Avira: HEUR/AGEN.1309882` `BitDefender: IL:Trojan.MSILMamut.5465` `BitDefenderTheta: Gen:NN.ZemsilCO.36802.km0@aOspF9f` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of MSIL/Riskware.Certify.A` `Elastic: malicious (high confidence)` `Emsisoft: IL:Trojan.MSILMamut.5465 (B)` `F-Secure: Heuristic.HEUR/AGEN.1309882` `FireEye: Generic.mg.ae8a48081082b8fe` `Fortinet: Riskware/Certify` `GData: IL:Trojan.MSILMamut.5465` `Google: Detected` `Ikarus: Trojan.MSIL.Injector` `Jiangmin: HackTool.MSIL.bayi` `K7AntiVirus: Trojan ( 0059c7e41 )` `K7GW: Trojan ( 0059c7e41 )` `Kaspersky: HEUR:HackTool.MSIL.Agent.gen` `Kingsoft: MSIL.HackTool.Agent.gen` `MAX: malware (ai score=100)` `Malwarebytes: Generic.HackTool.RiskWare.DDS` `MaxSecure: Trojan.Malware.73627206.susgen` `McAfee: RDN/Generic PUP.z` `MicroWorld-eScan: IL:Trojan.MSILMamut.5465` `Microsoft: VirTool:MSIL/CezAbuz.A` `Panda: Trj/GdSda.A` `Rising: Hacktool.Certify!8.16DF2 (CLOUD)` `Sangfor: Riskware.Msil.Certify.Vqzk` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.ch` `Sophos: ATK/ADCertify-A` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.13b6f1c2` `TrendMicro: HackTool.MSIL.Certify.C` `TrendMicro-HouseCall: HackTool.MSIL.Certify.C` `VIPRE: IL:Trojan.MSILMamut.5465` `Varist: W32/MSIL_Agent.FIL.gen!Eldorado` `Xcitium: Malware@#10llvm1nh70yx` `Zillya: Tool.Certify.Win32.1` `ZoneAlarm: HEUR:HackTool.MSIL.Agent.gen` `alibabacloud: Hacktool:Win/Certify` `tehtris: Generic.Malware`

Hashes

MD5	`ae8a48081082b8fe467bf218fa9964e6`
SHA1	`0754a7810a72d5e8b99e0a8682b7996c235e479e`
SHA256	`af5c3a5f68323ac68b258dae37c20e48f594118d08479f92a78bd54d26debd9a`
SHA3	`5d5513ea8054a1217d2aba6ad967aa72127d11c598f9248e03e49344f2f222e7`
SSDeep	`3072:4kxK/NUc66+Irs3GuO/Clrp0Edu+fNcM6gM7QMN69M2bx9Bhlrw/kqS1:NxKF5rs3FO/erpF5Nns69M2bxjhl`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2088-Jan-14 08:51:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x29e00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0002BC4E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2c000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x30000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3b9c12db2977c4b1b720b2617e53a5ab`
SHA1	`32fb27d6d4c37e1ee0d6a6dfb5dc6edb4d195b60`
SHA256	`2e6e766f05cb07acfdd5ad32bf4b902b00f775b6d1aa51574545bc482d9e9b42`
SHA3	`fc61f2ef4342cf111fef38bb420d0ea8340cb402d01ec535446970916381f82d`
VirtualSize	`0x29c54`
VirtualAddress	`0x2000`
SizeOfRawData	`0x29e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61046`

.rsrc

MD5	`7326ab2456cbc883a816b512cc9bafe7`
SHA1	`4f2780d7cf2c7b1a236ec0febba637060377ec43`
SHA256	`c6d7e20daaf253a7ac1840f6432a860cbdbe2df10a517c7b86ce652e6e1c484f`
SHA3	`af6c20f6f58bb6d25bad1b507a9cd0cc140f7f31b2907307a55bab846c41dddb`
VirtualSize	`0x596`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.04222`

.reloc

MD5	`f31ddd1c147542f0a7b54d592a8cdf9b`
SHA1	`e20c7aff3cb781b8a1de00091f16ca570fb6434f`
SHA256	`6e9a944a8bef130da0ff41fb87cfdf68ec563fa2ba600b626be690d9e6078761`
SHA3	`2eb3975e3d876ee7016666b3af8a49d5ff1af15635b0f66792a17499dca2a735`
VirtualSize	`0xc`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23755`
MD5	`0f2be79ae84e76c04e71632e6f40189a`
SHA1	`fcd486504c74f5384f10751976ef97949f649548`
SHA256	`3d9a5d600c3726dc00395b848f376b9e1b68310efe0d8bdad04a692e8d35288e`
SHA3	`71c7cfe81f940329241e5eef8cc2fbdd2f0a92bfd37d143aad18a12fbf158de6`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	Certify
FileVersion (#2)	1.0.0.0
InternalName	Certify.exe
LegalCopyright	Copyright © 2021
LegalTrademarks
OriginalFilename	Certify.exe
ProductName	Certify
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

ae8a48081082b8fe467bf218fa9964e6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors