Manalyze report for 0cfa5f7c008e3dc2df275a99aef9cbbb

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Aug-01 22:16:12
Comments	SSH, Telnet, Rlogin, and SUPDUP client
CompanyName	Simon Tatham
FileDescription	SSH, Telnet, Rlogin, and SUPDUP client
FileVersion	`0.77.0.0`
InternalName	1.exe
LegalCopyright	Copyright © 1997-2022 Simon Tatham.
LegalTrademarks
OriginalFilename	1.exe
ProductName	PuTTY suite
ProductVersion	`0.77.0.0`
Assembly Version	0.77.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 8.0` `.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	`Contains domain names: https://www.youtube.com https://www.youtube.com/ www.youtube.com youtube.com`
Malicious	VirusTotal score: 57/72 (Scanned on 2022-10-16 16:19:03)	`Bkav: W32.AIDetectNet.01` `Lionic: Trojan.MSIL.Seraph.a!c` `DrWeb: Trojan.Inject4.39224` `MicroWorld-eScan: IL:Trojan.MSILZilla.22406` `ALYac: Trojan.Downloader.MSIL.Seraph` `Cylance: Unsafe` `Zillya: Downloader.Agent.Win32.484169` `Sangfor: Downloader.Msil.Nanocore.Vk9x` `K7AntiVirus: Trojan-Downloader ( 005967611 )` `Alibaba: TrojanDownloader:MSIL/NanoCore.0b98bfd7` `K7GW: Trojan-Downloader ( 005967611 )` `Cybereason: malicious.8a8227` `BitDefenderTheta: Gen:NN.ZemsilF.34726.Qm0@a4CmeRn` `Cyren: W32/MSIL_Agent.DRO.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `ESET-NOD32: a variant of MSIL/TrojanDownloader.Agent.MVU` `APEX: Malicious` `TrendMicro-HouseCall: Backdoor.Win32.ASYNCRAT.YXCINZ` `Paloalto: generic.ml` `Kaspersky: HEUR:Trojan-Downloader.MSIL.Seraph.gen` `BitDefender: IL:Trojan.MSILZilla.22406` `NANO-Antivirus: Trojan.Win32.Seraph.jqywpa` `Avast: Win32:DropperX-gen [Drp]` `Rising: Trojan.Generic/MSIL@AI.94 (RDM.MSIL:ihz3dLq2mpiECoWUXQqwYg)` `Ad-Aware: IL:Trojan.MSILZilla.22406` `Emsisoft: IL:Trojan.MSILZilla.22406 (B)` `VIPRE: IL:Trojan.MSILZilla.22406` `TrendMicro: Backdoor.Win32.ASYNCRAT.YXCINZ` `McAfee-GW-Edition: BehavesLike.Win32.Packed.jh` `FireEye: Generic.mg.0cfa5f7c008e3dc2` `Sophos: Mal/Generic-S` `Ikarus: Trojan.MSIL.Inject` `GData: IL:Trojan.MSILZilla.22406` `Jiangmin: TrojanDownloader.MSIL.amdp` `Webroot: W32.Trojan.Gen` `Google: Detected` `Avira: TR/Dldr.Agent.lyszs` `Antiy-AVL: Trojan/Generic.ASMalwS.6FC2` `Gridinsoft: Ransom.Win32.Sabsik.sa` `Arcabit: IL:Trojan.MSILZilla.D5786` `ZoneAlarm: HEUR:Trojan-Downloader.MSIL.Seraph.gen` `Microsoft: TrojanDownloader:MSIL/NanoCore.D!MTB` `Cynet: Malicious (score: 100)` `AhnLab-V3: Trojan/Win.Leonem.C5218555` `Acronis: suspicious` `McAfee: RDN/Generic Downloader.x` `MAX: malware (ai score=100)` `VBA32: TScope.Trojan.MSIL` `Malwarebytes: Trojan.Downloader` `Tencent: Msil.Trojan-Downloader.Ader.Qsmw` `SentinelOne: Static AI - Malicious PE` `MaxSecure: Trojan.Malware.74570710.susgen` `Fortinet: MSIL/Small.CWH!tr` `AVG: Win32:DropperX-gen [Drp]` `Panda: Trj/Chgt.AD` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`0cfa5f7c008e3dc2df275a99aef9cbbb`
SHA1	`51ebdbc8a8227667b20b5cb40f17ff1bb8550098`
SHA256	`e4f59660bf5047db2ed2539ef9a3e81724909809dc17c4f513debe261e1774e1`
SHA3	`2115b26f9099c2f787ae2a5b27532ac35a26938c1bfb38cba5c26649294487cd`
SSDeep	`12288:C3c6vReZYEe4Wp0ZtExFUH17EjGh1aoNRtwamePvNVtQe:C3c6vAZYd4jKoiIFRmePvNVtn`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-Aug-01 22:16:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x6cc00`
SizeOfInitializedData	`0x3d800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0006EAFE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb0000`
SizeOfHeaders	`0x200`
Checksum	`0xb7484`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`422e3b62c1273c2a871380f954938760`
SHA1	`e900e80773c4aacaaf0a76029da5ad5404678a01`
SHA256	`3d72881667d5731beca45ba4001bd066adb09c7b2d97c40716bdfeb41ec7770b`
SHA3	`2552a2986d4e0980ead11a517961586b0a846042f176a398234ef10f4172da1e`
VirtualSize	`0x6cb04`
VirtualAddress	`0x2000`
SizeOfRawData	`0x6cc00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.63259`

.rsrc

MD5	`d4cb98a7cf57a3eb05996456ebc62198`
SHA1	`4721a217b77797bca6cfab0fa2aca5fbafc49904`
SHA256	`1df7cf648526c8bd2519c817339a5b9a2305889cf03a3346d7431caa95f84c46`
SHA3	`36d2d8c3a060497f424cb5677284f04b5fd00b2c1f119719ebfbf59f821e8d75`
VirtualSize	`0x3d4a6`
VirtualAddress	`0x70000`
SizeOfRawData	`0x3d600`
PointerToRawData	`0x6ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.91424`

.reloc

MD5	`57cb148643906e840e489d6e00baf774`
SHA1	`2fe59aa9cfa7bd8824e1f579d628e4806e1e5724`
SHA256	`916f6d2ea934916bb21e54eddba4aee5ae473e315fde9c241c2aed8edbc79b9b`
SHA3	`efe4934a8de902b6770917f27664a6ddb9e3fa428a5a0359068184e1424c3a03`
VirtualSize	`0xc`
VirtualAddress	`0xae000`
SizeOfRawData	`0x200`
PointerToRawData	`0xaa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3cda8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89599`
MD5	`e5cdc15deb632cf04a3ce5726325a8b8`
SHA1	`52a43d9b7eada53057e5c2c661d10e93f421bd36`
SHA256	`60efa6fd34a8f271ac6560fe532c38720b17534e25b77b637c8aece84cf24c4e`
SHA3	`815ef0c4ec02fcb58f65bdff48bc98b24880d336c887e4bb635e8aa04a26139d`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`1c8381cf8d025faeaffd6907c7f78778`
SHA1	`154ef36f9074276f6dc5bf2490adfe5e809088f1`
SHA256	`1ba280c0b67d2c3a7f86f2e5bf25ff9dea3389cdca795c9e33779bd0e92fc54e`
SHA3	`2d80c98f7a10b6646aabb2e3b3d68dd09f55a6de860ce6e1b557ad94cac35779`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39006`
MD5	`930df7aa349cd868da727967ccc4e7cc`
SHA1	`16e5802b5db12beb9bd90e1a11c7502a8afe90f9`
SHA256	`3a0ebcbfc230747af4da7166a8dc32197fbee6997fdd71a69b3803781c16cb8b`
SHA3	`24aa1576f95142f30087a9a9f4e119915919612d6fa1f830aadce47f02f08efc`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.77.0.0
ProductVersion	0.77.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	SSH, Telnet, Rlogin, and SUPDUP client
CompanyName	Simon Tatham
FileDescription	SSH, Telnet, Rlogin, and SUPDUP client
FileVersion (#2)	0.77.0.0
InternalName	1.exe
LegalCopyright	Copyright © 1997-2022 Simon Tatham.
LegalTrademarks
OriginalFilename	1.exe
ProductName	PuTTY suite
ProductVersion (#2)	0.77.0.0
Assembly Version	0.77.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

0cfa5f7c008e3dc2df275a99aef9cbbb

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors