Manalyze report for 059bb09924b0d8cb7a8cffb72fd0bb03

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Aug-06 06:21:58
FileDescription	Reduce backup recovery time and costs to reduce user impact
FileVersion	`0.0.0.0`
InternalName	Emeka.exe
LegalCopyright
OriginalFilename	Emeka.exe
ProductName	Reduce backup recovery time and costs to reduce user impact
ProductVersion	`0.0.0.0`
Assembly Version	0.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 49/69 (Scanned on 2019-03-06 04:01:54)	`MicroWorld-eScan: Trojan.GenericKD.30815205` `CAT-QuickHeal: Trojan.IGENERIC` `McAfee: Artemis!059BB09924B0` `Cylance: Unsafe` `K7GW: Trojan ( 0052b34c1 )` `K7AntiVirus: Trojan ( 0052b34c1 )` `Arcabit: Trojan.Generic.D1D633E5` `TrendMicro: TROJ_GEN.R002C0DLE18` `Cyren: W32/Trojan.BJZ.gen!Eldorado` `Symantec: Trojan Horse` `TrendMicro-HouseCall: TROJ_GEN.R002C0DLE18` `Paloalto: generic.ml` `Kaspersky: Trojan.MSIL.Crypt.gsrj` `BitDefender: Trojan.GenericKD.30815205` `NANO-Antivirus: Trojan.Win32.Crypt.fcanek` `ViRobot: Trojan.Win32.Z.Kryptik.481280.S` `Ad-Aware: Trojan.GenericKD.30815205` `Sophos: Troj/Inject-DLN` `Comodo: Malware@#1tk6uspfzdnpn` `F-Secure: Heuristic.HEUR/AGEN.1015993` `DrWeb: Trojan.PWS.Stealer.19347` `Zillya: Trojan.Kryptik.Win32.1423285` `Invincea: heuristic` `McAfee-GW-Edition: BehavesLike.Win32.Generic.gc` `Fortinet: MSIL/Kryptik.OEH!tr` `Trapmine: malicious.high.ml.score` `Emsisoft: Trojan.GenericKD.30815205 (B)` `SentinelOne: static engine - malicious` `F-Prot: W32/Trojan.BJZ.gen!Eldorado` `Jiangmin: Trojan.MSIL.jevl` `Webroot: W32.Trojan.GenKD` `Avira: HEUR/AGEN.1015993` `MAX: malware (ai score=99)` `Antiy-AVL: Trojan/MSIL.Crypt` `Microsoft: Trojan:Win32/Bluteal!rfn` `ZoneAlarm: Trojan.MSIL.Crypt.gsrj` `Acronis: suspicious` `ALYac: Trojan.GenericKD.30815205` `Malwarebytes: Trojan.PasswordStealer.MSIL` `Panda: Trj/GdSda.A` `ESET-NOD32: a variant of MSIL/Kryptik.NJJ` `Tencent: Msil.Trojan.Crypt.Fih` `Ikarus: Trojan.MSIL.Inject` `GData: Trojan.GenericKD.30815205` `AVG: Win32:Malware-gen` `Cybereason: malicious.924b0d` `Avast: Win32:Malware-gen` `CrowdStrike: win/malicious_confidence_100% (W)` `Qihoo-360: HEUR/QVM03.0.3121.Malware.Gen`

Hashes

MD5	`059bb09924b0d8cb7a8cffb72fd0bb03`
SHA1	`87a02be494bc914211d91a45a9ccbf4d47238566`
SHA256	`0abb52b3e0c08d5e3713747746b019692a05c5ab8783fd99b1300f11ea59b1c9`
SHA3	`ec7ac3fc5468fd55def72eedcaa8b8754de3a3a721e6f981a8b0ce415f495279`
SSDeep	`6144:7jsPaZguP9OIuP3af2AdvqXASJpqAbzr+jX45taM/l4RFAwHfTH8zjpT:cPwZ1xuP31YvSqAbOjMl4R98JT`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Aug-06 06:21:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x74e00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00076D7E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7c000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`dfebde2be393626cfbb9c1d63a386d87`
SHA1	`a680ffd23a124f87dafa1e773c2b9a0fc458993b`
SHA256	`e9d5a07d04051d9ff054c9e512f66f502cc466819e5e92d1768b90284c6c5177`
SHA3	`63f59604e28b1a4bc8004989897ae9c9aa2125a9242d4b34d12c9d3454216a34`
VirtualSize	`0x74d84`
VirtualAddress	`0x2000`
SizeOfRawData	`0x74e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.94724`

.rsrc

MD5	`3b9794ccc992acf68cf4302184d5cd26`
SHA1	`ab3378fa4829d226e45b665465ff39a1961c6aed`
SHA256	`763e4cc1947839bfe494be69043967ed039381fb65866f5352b789af93721b69`
SHA3	`54b9098414daffae321c8aee31d205cd0f36c0cf8c3c0b12ec2b619d341c5801`
VirtualSize	`0x5d4`
VirtualAddress	`0x78000`
SizeOfRawData	`0x600`
PointerToRawData	`0x75000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.3599`

.reloc

MD5	`3ec4ab36d5e374ab339a65589cba001c`
SHA1	`45664d7b52836f83bd8273392e7cce09b42c2dc6`
SHA256	`a8c52b87b93840027a29fef7b10250301a8c8b4fb0c6e6fb60aa2266d882ddf0`
SHA3	`eb41af24cd3898ad77e875c6bf263e5587f8b6fc94d6a48cd8e325e282ae41e9`
VirtualSize	`0xc`
VirtualAddress	`0x7a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x75600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x348`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28959`
MD5	`722047a8acc668de4912e56d18612974`
SHA1	`7c43c1f82830535bfa7ccebb8ecfd62c380acf0f`
SHA256	`085471e0728158da8a368275d84b12b599f00c1d3e7a431a063cf30cf7627aed`
SHA3	`46f1074992f47d40b8eefe19adc235933e50aa67f627423d661de9a075988e63`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	Reduce backup recovery time and costs to reduce user impact
FileVersion (#2)	0.0.0.0
InternalName	Emeka.exe
LegalCopyright
OriginalFilename	Emeka.exe
ProductName	Reduce backup recovery time and costs to reduce user impact
ProductVersion (#2)	0.0.0.0
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

059bb09924b0d8cb7a8cffb72fd0bb03

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors