Manalyze report for 128679511d59df57fec2a53162e034d9

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Mar-07 12:31:35
Comments	Spoofer for FiveM and All EAC, BE AC games
FileDescription	Spoofer
FileVersion	`1.0`
InternalName	Spoofer.exe
LegalCopyright	@MultiSpoofer
OriginalFilename	Spoofer.exe
ProductName	MultiSpoof
ProductVersion	`1.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Looks for VMWare presence: vmware` `Looks for Sandboxie presence: SbieDll.dll` `May have dropper capabilities: CurrentControlSet\Services CurrentVersion\Run Programs\Startup` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` `Contains domain names: costura.discord.net discord.net`
Suspicious		`Unusual section name found: \x144+'\x14R\x1dI` `Section \x144+'\x14R\x1dI is both writable and executable.` `Unusual section name found:`
Malicious	VirusTotal score: 52/68 (Scanned on 2022-05-15 19:01:07)	`Bkav: W32.AIDetectNet.01` `Lionic: Trojan.Win32.Disco.trV4` `Elastic: malicious (high confidence)` `DrWeb: BAT.Disabler.24` `MicroWorld-eScan: Gen:Variant.Razy.974900` `FireEye: Generic.mg.128679511d59df57` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `McAfee: AgentTesla-FDEQ!128679511D59` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Save.a` `K7AntiVirus: Trojan ( 0057cf4d1 )` `Alibaba: TrojanPSW:MSIL/Disco.dcf069ec` `K7GW: Trojan ( 0057cf4d1 )` `CrowdStrike: win/malicious_confidence_100% (W)` `Arcabit: Trojan.Razy.DEE034` `BitDefenderTheta: Gen:NN.ZemsilF.34666.8w0@aiNtdYm` `Cyren: W32/MSIL_Troj.APW.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of MSIL/TrojanDropper.Agent.FFS` `Zoner: Probably Heur.ExeHeaderL` `TrendMicro-HouseCall: TROJ_GEN.R002C0DC722` `Paloalto: generic.ml` `ClamAV: Win.Packed.Bulz-9853289-0` `Kaspersky: Trojan-PSW.Win32.Disco.q` `BitDefender: Gen:Variant.Razy.974900` `NANO-Antivirus: Trojan.Win32.Disco.jmuepr` `Avast: Win32:TrojanX-gen [Trj]` `Ad-Aware: Gen:Variant.Razy.974900` `Sophos: Mal/Generic-S + Mal/MSIL-UO` `TrendMicro: TROJ_GEN.R002C0DC722` `McAfee-GW-Edition: BehavesLike.Win32.Generic.vc` `Emsisoft: Gen:Variant.Razy.974900 (B)` `SentinelOne: Static AI - Malicious PE` `Jiangmin: Trojan.PSW.Disco.evm` `Avira: TR/Spy.Agent.vqkyu` `Gridinsoft: Trojan.Heur!.03012281` `Microsoft: VirTool:MSIL/Perseus.AB!MTB` `GData: MSIL.Trojan.PSE.16XR4E9` `Cynet: Malicious (score: 100)` `AhnLab-V3: Trojan/Win.Dcstl.C4414565` `Acronis: suspicious` `VBA32: TScope.Trojan.MSIL` `ALYac: Gen:Variant.Razy.974900` `MAX: malware (ai score=80)` `Malwarebytes: Trojan.Crypt.MSIL` `APEX: Malicious` `Tencent: Trojan.Win32.Disco.wb` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: MSIL/Neshta.367E!tr` `AVG: Win32:TrojanX-gen [Trj]` `Cybereason: malicious.710524` `Panda: Trj/GdSda.A`

Hashes

MD5	`128679511d59df57fec2a53162e034d9`
SHA1	`6243e847105243527875aa41fc46a3f81f70b86c`
SHA256	`226b511c67ded50250bf0f2a6fc253e70874b24accb82614d645e80b99be2814`
SHA3	`25a8d0f5143100126a6fb965c0462b814bff0d519899f0d76aa50ab91ef9f8a7`
SSDeep	`49152:msmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxj:MqXpy05Q0N1rsYSZ6BoXh1kkypSH3OhO`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2022-Mar-07 12:31:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x2f1000`
SizeOfInitializedData	`0x2800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002FA00A (Section: )`
BaseOfCode	`0x4000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2fc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x144+'\x14R\x1dI

MD5	`93d9e848290f44012d20daebc1c56db4`
SHA1	`eb126cd49ff38c7c4011a320aa4d0098939afa16`
SHA256	`d067345e388ac04511f2232f4fbf9dff383d1c7915498e057b4d36b7ee84faeb`
SHA3	`02dd267dea6f453b19a8eccfbeed429d0fb216cde5421497aafa482a560fa007`
VirtualSize	`0x1f80`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.97521`

.text

MD5	`a6b72ed9ea327abceb155faa790615e5`
SHA1	`b9c60aa3cf0999304cd41cbc7d4e377f288bf990`
SHA256	`d4657723b7d344e073a5d1fac2ed1bccbc2ff4a9602cbed5d69e0e0ca4731a04`
SHA3	`4c08c2a36668abb95ff6c9c9165db9f71eebee31f500c681ce9f77f85cba9ba0`
VirtualSize	`0x2f0de8`
VirtualAddress	`0x4000`
SizeOfRawData	`0x2f0e00`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98889`

.rsrc

MD5	`a342619b70f370a4d05475b8f5455474`
SHA1	`d19c14d1d7a8c99b9617c97aa4ac492954a42a4d`
SHA256	`e287024dfb00ab9295d15215d84d69b18315c2e3e6938d577ccc4a0d36d21f11`
SHA3	`ffda5e9b8f62fcb2c07f160d441de2c401877324f9d1f894263373a5a6f5493e`
VirtualSize	`0x590`
VirtualAddress	`0x2f6000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2f3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.03571`

.reloc

MD5	`0dab5515487ee6f6ff4f56da6d80e401`
SHA1	`eac79212223e9a5dd90229873a663483485d56c2`
SHA256	`ce0c6c4f067e738b838e27eaed1b4880f2d74a531dc5cc57700e4eb7b7a12800`
SHA3	`1e0359853573387f8791b81ba8075117be75c53ab622bfadd5e9ff7476e33b47`
VirtualSize	`0xc`
VirtualAddress	`0x2f8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2f3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0980042`

Section_5

MD5	`0c892cc1279748f356ecc06b03e340d0`
SHA1	`1955340475c776c00e3f91b0560e1e48a90e8e6e`
SHA256	`fffdf12807246e20056ab825fdd51c2687661e68c0a6431f299d5a4d7c199263`
SHA3	`de225d93ce9e42083a639937342ec2369407542c8340d411dbaa3929b1c88206`
VirtualSize	`0x10`
VirtualAddress	`0x2fa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2f3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.698402`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29927`
MD5	`66ed68ea9a09d682d3e16e3e04d3c32c`
SHA1	`4207ac624347bdeb7c36604bcb16b1834d7f3d96`
SHA256	`29cd3116fdd1df5e133105602d5043754a68a564ab956cb0d5232bb2c770b0be`
SHA3	`7d9802318cde28301694140cc53fcf8441c17ab286055631e2d733954640e1cc`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Spoofer for FiveM and All EAC, BE AC games
FileDescription	Spoofer
FileVersion (#2)	1.0
InternalName	Spoofer.exe
LegalCopyright	@MultiSpoofer
OriginalFilename	Spoofer.exe
ProductName	MultiSpoof
ProductVersion (#2)	1.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

128679511d59df57fec2a53162e034d9

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

\x144+'\x14R\x1dI

.text

.rsrc

.reloc

Section_5

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors