Manalyze report for 12843396cff00c5d94055cbebce10b45

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2014-Jul-11 16:20:00

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious		`Unusual section name found: .sdata`
Malicious	VirusTotal score: 46/65 (Scanned on 2017-07-30 09:25:21)	`MicroWorld-eScan: Gen:Variant.Kazy.107344` `ALYac: Gen:Variant.Kazy.107344` `Cylance: Unsafe` `K7GW: Trojan ( 700000121 )` `K7AntiVirus: Trojan ( 700000121 )` `Arcabit: Trojan.Kazy.D1A350` `Invincea: heuristic` `Baidu: MSIL.Backdoor.Bladabindi.a` `Symantec: Backdoor.Trojan` `TrendMicro-HouseCall: TROJ_GEN.R047C0DCH17` `Avast: Win32:Malware-gen` `ClamAV: Win.Trojan.Jaktinier-1` `Kaspersky: HEUR:Trojan.Win32.Generic` `BitDefender: Gen:Variant.Kazy.107344` `NANO-Antivirus: Trojan.Win32.Bladabindi.deddyj` `Paloalto: generic.ml` `AegisLab: Troj.W32.Generic!c` `Tencent: Win32.Trojan.Generic.Dwtg` `Ad-Aware: Gen:Variant.Kazy.107344` `Emsisoft: Gen:Variant.Kazy.107344 (B)` `Comodo: UnclassifiedMalware` `F-Secure: Gen:Variant.Kazy.107344` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: TROJ_GEN.R047C0DCH17` `McAfee-GW-Edition: BehavesLike.Win32.Trojan.dm` `Sophos: Troj/Bbindi-W` `Webroot: W32.Malware.Gen` `Avira: TR/Dropper.Gen` `Antiy-AVL: Trojan/Win32.AGeneric` `Endgame: malicious (high confidence)` `Microsoft: Trojan:Win32/Anaki.A!gfc` `ZoneAlarm: HEUR:Trojan.Win32.Generic` `GData: Gen:Variant.Kazy.107344` `McAfee: Artemis!12843396CFF0` `AVware: Trojan.Win32.Generic!BT` `MAX: malware (ai score=88)` `WhiteArmor: Malware.HighConfidence` `ESET-NOD32: a variant of MSIL/Bladabindi.AH` `Rising: Trojan.Generic (cloud:BosOZv0hWqG)` `Yandex: Trojan.Agent!g++Hd1PZ/x8` `Ikarus: Trojan.Msil` `Fortinet: W32/Generic.L!tr` `AVG: Win32:Malware-gen` `Panda: Trj/Chgt.D` `CrowdStrike: malicious_confidence_100% (D)` `Qihoo-360: Win32/Trojan.684`

Hashes

MD5	`12843396cff00c5d94055cbebce10b45`
SHA1	`71e069a0d780612a24b193e6a8f3c5dc2adba57e`
SHA256	`9410f837bb707ebdaf4da83ca051216d036a58eb91aa2a6d3fabb0aa1fb637a2`
SHA3	`500ab33f5b7cbff883002ccad2c64dfafd72da29afbd9458eab69aaf3cde4c71`
SSDeep	`3072:A0WC9rj9S9NWap8hfSgz/sPFly0ImOJHgxoIgT04a8Upwv:XTXOLGSSsPFo0BOJH4oIgw4aRpwv`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2014-Jul-11 16:20:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x1c400`
SizeOfInitializedData	`0x23e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001E23E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x20000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x48000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`15`

.text

MD5	`63f9859ab89955960a5a3ece0cabd3cc`
SHA1	`cbe095410e9beadc4106ef22865f4ecf54b9eb1b`
SHA256	`7c959e4f4180fd110a4a2a025f3266716fc0dd040c273480a5ce04d06a4a50cd`
SHA3	`493570088e37fcd660ec8400038f68239ae1b6846e31659c1ef97bbf540f8bf9`
VirtualSize	`0x1c244`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1c400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.8181`

.sdata

MD5	`76a66fb069b10681e411ef36e3d598e3`
SHA1	`c54805c57e8a635874479b8dc7bcbf5151111574`
SHA256	`a15772a0d028c9a99be52ce4f279543033c9f406e239015273de9e0c1c3c72f7`
SHA3	`5a0559754ba5501b2d9d290a47224e0569fdc0884868bae7fc42d8921de79089`
VirtualSize	`0x90`
VirtualAddress	`0x20000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.69335`

.rsrc

MD5	`a0624d48652e9f132ad58428778a8264`
SHA1	`b82c80d86f9439700b822e8c5ffd3fab0d4bfc71`
SHA256	`1eb69961c820b31ca109fa82b4f8730c262aaeb8d9bb4ff1139a27223fa9aefb`
SHA3	`4ee82c6993a7fd05d970c10e6cffdbc09c7fc306c9010ab58cd44f0223f65b2b`
VirtualSize	`0x23970`
VirtualAddress	`0x22000`
SizeOfRawData	`0x23a00`
PointerToRawData	`0x1ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39758`

.reloc

MD5	`6afcaaee6515c1d37f9a75f66cd43cb3`
SHA1	`02f20349fbcee946cff0a5ec1044ec1e357bde23`
SHA256	`888672582e35d4d006bd0895ceaacc4991a71eedc086b74d60d0c4813aa665a7`
SHA3	`896fd3c1084c560ae6d1a970f560c56bb276e29862fd93c17730c9f501894878`
VirtualSize	`0xc`
VirtualAddress	`0x46000`
SizeOfRawData	`0x200`
PointerToRawData	`0x40400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

50

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.605`
MD5	`2732518e2ba3e2b57d35b9cbace2da1e`
SHA1	`bf26dd2c577eb0a3a982c73df0ee23242bbfa9de`
SHA256	`8aa9f14f94fafd97c49d4d81fe0036244bcc9c3ca03b16f1c5498a02c26bae69`
SHA3	`bc7c25059b30fef54dff4fe487e31895df6bb95b0c8b347af21519701945bccb`

51

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43836`
MD5	`12b9f194d2f7a3753644fbefd442ab5a`
SHA1	`c6507f1c41d19f96015e754e987ec616b6a00206`
SHA256	`8e32b3088d3edf0f74381391558a56a1f8d753954ba119de5a4278b1acae304a`
SHA3	`bb215782de4cf6503f3abb089f429f19ebc65ddc74fa3e9b394739c9819830ae`

52

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48283`
MD5	`e8402149df44d25d0c7b87f5c7a7ba21`
SHA1	`e3f4c829aa7810b0eb5b77d6daeb5d6a63b08dcd`
SHA256	`5e7c04afe450d36cf08c1e799021aa32da0f488cce936e14c4eec100c82b3747`
SHA3	`55b5d3e1a67f71af24c03521d22aac6f3082b2f254107f7a3f212b6c62e2ebd1`

53

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.00767`
MD5	`fda86db20294eb237bf5bf98f9d9839e`
SHA1	`2d14a6a1cb83a7e907ee7a2244b4e58b317ba083`
SHA256	`bb5fd4129b9a32b327689d1602816e8f0b96ff260cc62f7f602d05e7865266e4`
SHA3	`cfe20f12b05b28549d6069a8b074630d0e7751abd2a1f7b7da8749fadf1ce6fc`

54

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2f8b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9443`
Detected Filetype	PNG graphic file
MD5	`2852ef678623328722812aea2557e04e`
SHA1	`b2e6c606a6e90c6c6d6b97b555cdd51c66467f3a`
SHA256	`f19963c32044dd3bcbb6d5c00ac22331f4478b937e426dcbd3236c6f2f672050`
SHA3	`a0ce070714a920894f536dc8e34fe08160f62df514de03871614a87fbe04d095`

55

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.62881`
MD5	`1b7dda71d9a8f9194c66fd1651051f7f`
SHA1	`17e210872952e5e62b5ab42dcf6d7238747992a4`
SHA256	`b8192b5ed4074b6c7c0934aeb4c9caa4339926432773182942306fe5a9b59c5a`
SHA3	`10a8372aedaa1e234cd04ef578439106a4e45906ee7d0de1a56f21efb5173039`

56

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74325`
MD5	`880360325a1926d0ab2f537f8068f93e`
SHA1	`a1e59c46e81fca532beaebef5f46cba09860faf1`
SHA256	`55605168fc5369d6ca623f9d8beb749be7d33b2ddb353a033ac6f43bc04127ff`
SHA3	`b5a235af7fe6cd7b79f3013384e3f58ed760ec6f37eecce7dabbb00703699ff4`

57

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93939`
MD5	`087b70024c2686703bfdad98cf0db11a`
SHA1	`d03e27e8390852bf163cdb28d0e1fa658eb1f432`
SHA256	`5c088b13e30db24e6c6ec62528e940e61a2b2e6e760e345162bd40a12cf849f2`
SHA3	`cc75ebc32b729e9e66c601377dc49a2bbb82d0d7c1b371ff610fe6306a453509`

58

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0614`
MD5	`4bf6dd38f2ec77d3604064a8b6b5ad70`
SHA1	`cb535d035a144b1a8ec2e5a31aa786d552d547a0`
SHA256	`f7e3c9a661ddd90e06e19cce10f77bcb433bd04a37f70d0c085a8bbbe7e1fa13`
SHA3	`f4d5164facac00c83f5ac41173a896963c9a435f8034393ad8adc1734d50a913`

59

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.04234`
MD5	`e302e5914521878dfeff8fe21eeec9ed`
SHA1	`ccf4702ffa955fa2571146f8ceac891dc6bbaa7c`
SHA256	`2995245c8ac6478c3d297eedad791d6d9b333819752e3040389eb2c2c99fe539`
SHA3	`a784cf4fff9674abe48e2ac982a41b902fc7496aed0c7096f82f4a5338466bb9`

60

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.14436`
MD5	`cb61547e37103fd39228d791bbc9e75b`
SHA1	`aae4fcac5e8f3a3e5bcb2e13dbe6279b671c65a0`
SHA256	`825339f1bad1c10628d27c919e2d0a0410622d1fd0b71f9a2bdc6231e8d77825`
SHA3	`3e9050bdcb09af9f85937cf2ba23d57d5832b385fdd8847882b200ebdc02ad1c`

50 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60902`
Detected Filetype	Icon file
MD5	`24c9fd34ee84ab8a05372da93da0be2c`
SHA1	`56bc22142ddf800489f5df38185ba6daf0105cae`
SHA256	`73f498facdb4c2ed2b12182c79ab2cb437b2f50696d18e0bb2ecb9fdbd39e341`
SHA3	`bf46006bb5435f8aa9aafdcbbfa2eff45c06f32c703c68de47a6835597e11606`

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

TLS Callbacks

Load Configuration

RICH Header

12843396cff00c5d94055cbebce10b45

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.sdata

.rsrc

.reloc

Imports

Delayed Imports

50

51

52

53

54

55

56

57

58

59

60

50 (#2)

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors