Manalyze report for 0e8c2b978c489acf5b780f473bd74e47

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2095-Aug-30 13:13:15
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows Shell Branding Resource Dll
FileVersion	`6.3.9600.16384 (winblue_rtm.130821-1623)`
InternalName	SHELLBRD
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SHELLBRD.DLL
ProductName	Microsoft® Windows® Operating System
ProductVersion	`6.3.9600.16384`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Malicious	VirusTotal score: 39/67 (Scanned on 2021-06-10 14:39:57)	`Elastic: malicious (high confidence)` `MicroWorld-eScan: Trojan.GenericKDZ.75685` `FireEye: Generic.mg.0e8c2b978c489acf` `CAT-QuickHeal: Trojan.Agent` `McAfee: Artemis!0E8C2B978C48` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Save.a` `K7AntiVirus: Trojan-Downloader ( 0057d8a21 )` `Alibaba: TrojanDownloader:MSIL/Seraph.18a57a3c` `K7GW: Trojan-Downloader ( 0057d8a21 )` `Cybereason: malicious.1df425` `BitDefenderTheta: Gen:NN.ZemsilF.34738.Am0@aCIk8@ei` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of MSIL/TrojanDownloader.Agent.IAG` `TrendMicro-HouseCall: TROJ_GEN.R002C0WF921` `Paloalto: generic.ml` `Kaspersky: HEUR:Trojan-Downloader.MSIL.Seraph.gen` `BitDefender: Trojan.GenericKDZ.75685` `Avast: Win32:DropperX-gen [Drp]` `Ad-Aware: Trojan.GenericKDZ.75685` `Emsisoft: Trojan.GenericKDZ.75685 (B)` `DrWeb: Trojan.PWS.Siggen2.65479` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: TROJ_GEN.R002C0WF921` `McAfee-GW-Edition: BehavesLike.Win32.Generic.gm` `Sophos: Mal/Generic-S` `APEX: Malicious` `Avira: TR/Dldr.Agent.nsbtb` `MAX: malware (ai score=81)` `Microsoft: Trojan:MSIL/TrojanDownloader.IAG!MTB` `ZoneAlarm: HEUR:Trojan-Downloader.MSIL.Seraph.gen` `GData: Trojan.GenericKDZ.75685` `Cynet: Malicious (score: 100)` `AhnLab-V3: Trojan/Win.Generic.C4516136` `Ikarus: Win32.Outbreak` `SentinelOne: Static AI - Suspicious PE` `Fortinet: MSIL/Agent.IAG!tr.dldr` `AVG: Win32:DropperX-gen [Drp]` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`0e8c2b978c489acf5b780f473bd74e47`
SHA1	`4352e051df425bd42fee810cf683415ab0ff0f3a`
SHA256	`b38276257c15d7c08d18479f37681b9a5bdc720d1e767010b82bebb0fb00038d`
SHA3	`bcb8395151bd4f01f8a408c1214a163baac2677b9dad2d097e5afb10437e601b`
SSDeep	`6144:OGvo5n8jPyNb1kEBv57vJeU+R544mJLyl4vjsskHzXT:gR3Bv5Ml544mJLyl4vQTXT`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2095-Aug-30 13:13:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x6a600`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0006C41E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6e000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x72000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`15`

.text

MD5	`3955700410af8f72d53a4298589122b3`
SHA1	`27d7ee6daee83ab4f77b6b0875b628415c625870`
SHA256	`71adb7a4ee762a6ea99b3b29d5e140f9cef4b526b4c8646e5da31ad6427965f8`
SHA3	`3e0984e60752eb64a361f177aff7ff97d633ce4a819ef87d0cc978d97c6f1297`
VirtualSize	`0x6a424`
VirtualAddress	`0x2000`
SizeOfRawData	`0x6a600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.87067`

.rsrc

MD5	`0477d1b9b7df9c02a262c7802c43cfb9`
SHA1	`70d4473a29addeebe36bd7e4cf46859c4ad04fde`
SHA256	`bfc0cefed1471af58795169923cb10b8286808ff3937dce97ce09b074482bdef`
SHA3	`dac860d1fb9ee48491a75ff8bdfcebebd49ea7817ab68ab983a9c9878853a6ef`
VirtualSize	`0x40c`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.08647`

.reloc

MD5	`8e0fc20b9728a9d81540bafe510bb7ed`
SHA1	`9e651bdfa26306d3fd6a4559d79b0fabecf7ee06`
SHA256	`03797d1753692fd263145df4f8c42330d4cdcd6314a8b0150842c904abd7ae64`
SHA3	`2f9cc4855abaf4b85305fe55b57ba569f123d2e196d6d471282f9ee603c312b4`
VirtualSize	`0xc`
VirtualAddress	`0x70000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56583`
MD5	`49fbe5efd98d8f4102c13fef7206d9cf`
SHA1	`1eedda6bfe325fc9fd720d6454b2a9791e78ecb5`
SHA256	`7fb56da579c0cf8c4939ff0d14d553accfb2025ba33fd8c56a1738c70474b52d`
SHA3	`d55df5063cccc69fff8fab0a948252bbb477bbd9d7a636d2ad054d07444b2aed`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.3.9600.16384
ProductVersion	6.3.9600.16384
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows Shell Branding Resource Dll
FileVersion (#2)	6.3.9600.16384 (winblue_rtm.130821-1623)
InternalName	SHELLBRD
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SHELLBRD.DLL
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	6.3.9600.16384

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

0e8c2b978c489acf5b780f473bd74e47

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors