Manalyze report for 15a3534676d742c0949e3c0f9e7e2fe4cf34fcbe599fb83b17bafd6db7fbf256

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Feb-01 05:49:17
Comments
CompanyName
FileDescription	DevXUnityRun
FileVersion	`1.0.0.0`
InternalName	DevXUnityUnpackerRun.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	DevXUnityUnpackerRun.exe
ProductName	DevXUnityRun
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 49/72 (Scanned on 2025-01-22 11:33:21)	`ALYac: Gen:Variant.Tedy.216341` `APEX: Malicious` `AVG: Win32:TrojanX-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.C5297586` `Alibaba: Trojan:Win32/Malgent.941592f2` `Antiy-AVL: Trojan/Win32.Generic` `Arcabit: Trojan.Tedy.D34D15` `Avast: Win32:TrojanX-gen [Trj]` `BitDefender: Gen:Variant.Tedy.216341` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.Ghanarava.1732708841f8ebcf` `CTX: exe.trojan.malgent` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Generik.GUDOJXI` `Emsisoft: Gen:Variant.Tedy.216341 (B)` `FireEye: Gen:Variant.Tedy.216341` `Fortinet: PossibleThreat` `GData: Gen:Variant.Tedy.216341` `Google: Detected` `Ikarus: Trojan.Win32.Malgent` `Jiangmin: Trojan.Generic.hnfsg` `K7AntiVirus: Riskware ( 00584baa1 )` `K7GW: Riskware ( 00584baa1 )` `Kaspersky: HEUR:Trojan.Win32.Generic` `Kingsoft: Win32.Trojan.Generic.a` `Lionic: Trojan.Win32.Malgent.4!c` `Malwarebytes: Malware.AI.1726347954` `MaxSecure: Trojan.Malware.196612858.susgen` `McAfee: Artemis!259CB8E025DE` `McAfeeD: ti!15A3534676D7` `MicroWorld-eScan: Gen:Variant.Tedy.216341` `Microsoft: Trojan:Win32/Malgent` `NANO-Antivirus: Trojan.Win32.Tedy.ktkfox` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Trojan.Generic!8.C3 (CLOUD)` `Sangfor: Trojan.Win32.Malgent.V0i3` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/Generic-R` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.14160556` `Trapmine: suspicious.low.ml.score` `TrendMicro: TROJ_GEN.R002C0DAH25` `TrendMicro-HouseCall: TROJ_GEN.R002C0DAH25` `VIPRE: Gen:Variant.Tedy.216341` `Varist: W32/Risk.OJXP-1614` `Zillya: Trojan.Generic.Win32.1668614`

Hashes

MD5	`259cb8e025de76534570beefb6f8ebcf`
SHA1	`42f1c04bb58895b79383fd6d30ffe168c30821d9`
SHA256	`15a3534676d742c0949e3c0f9e7e2fe4cf34fcbe599fb83b17bafd6db7fbf256`
SHA3	`39d17a6dbdca5a7d4ec940e311213c7ddbcf09bea553ebb42a0f54030e4204d9`
SSDeep	`192:zxBekzSv9ZAOnIj6FtgYx7b1hq9oVf/tislA/UyYUUFQeaivgUQN3C:LJGvcqhq89isbVf1o3`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-Feb-01 05:49:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xc00`
SizeOfInitializedData	`0x3600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002B4E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`79fa3208120b70fd5487441fd77f73da`
SHA1	`95e860e472db961019d96bcb5c8efdfbf098ca43`
SHA256	`4877481526ad4287ab252a1454e1c7aa73ea9d1d4f9daaeea0291bb197e39fdb`
SHA3	`3041ea3ad44b352ab8796b2446af102cac130c815c7a59077b3bdde20725e758`
VirtualSize	`0xb54`
VirtualAddress	`0x2000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.2011`

.rsrc

MD5	`2f899cbf462f10fb638eebf4222bd0fa`
SHA1	`934fc0a78689b5fe7d0ee91245f0fe676c693567`
SHA256	`039e04c65a305bfc978b2cb980334bc1044e6ae03a7bef5c157c6710a6cf132d`
SHA3	`da68c0ad3fb6ec5a85ca389b4bbca15cfe168ad63946460c1ad02caacb7dbce9`
VirtualSize	`0x33be`
VirtualAddress	`0x4000`
SizeOfRawData	`0x3400`
PointerToRawData	`0xe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.15231`

.reloc

MD5	`a38d015677f55baea7932898d3b9f06c`
SHA1	`230d6375025b0e5c027e1bb3cdf143edf86d22e2`
SHA256	`9d41dc08ab7b25d44ee145d51b4fa4c93bcd27b36ccc3e20a7efa649e9a70ed9`
SHA3	`8e154fbbd24f76d458b491dbba32504365161e2e7a51a75b113a8637b2a42cb9`
VirtualSize	`0xc`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.59359`
MD5	`c3ebba8bc69fa0367b050278c7787599`
SHA1	`e9397ddf939b639f0d33ebefdbf27d94c3cc33ce`
SHA256	`2afb4eee27d95d6b187fa280a5991294582604e5f704debcc9b29d9021dd7b68`
SHA3	`94dba7e5fab9161753079ab0df1535cb2c00ecdd11f0b76d40c523aa22961714`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.73176`
MD5	`652ae9b6cef74fed41b2949564a9a144`
SHA1	`79698d6fa9fc89ce6f7e6afe208af1e3c1e50229`
SHA256	`5714fb9c84b3e37a54c76973aca6b66ef86a940ab56ddace30f1d4ec2efaa01c`
SHA3	`b4ef29d05324f5236052a5c18c26aaea9efbbafb02c7a4ad49f0b8ad068e255e`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.48126`
MD5	`43b4cc85a0d8873ed75f5488cb87420b`
SHA1	`1a5476b1fdc55e3e32e0cf14f83275bd2b0a072f`
SHA256	`78c45008f2ca0f14d3d305ab04cc48714a45e400dc4be41cb1bfba803e8d13c0`
SHA3	`6cd94a623b93e3be227ac77db0bccbd1c733a56480fa045e78154908791ba781`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55963`
Detected Filetype	Icon file
MD5	`a7afcb598757fec4f3825cbf028723ef`
SHA1	`0c41bb05323522532535e5ae4bb95638d42e37ac`
SHA256	`11946d62f17a509fe05c87f566777ed30984e123395f432532a4d6da59de5687`
SHA3	`e6ee897283b679a84f521068509d31e1a3e6913e0cc5c3818731cc884f9ee042`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31983`
MD5	`7add84b5318777f858503178fbfe9f7d`
SHA1	`e0bf10f45eb2c3886cab53754c6b3ae7cb7924d9`
SHA256	`bd326582b3ee2e3ae3e92eb06e64a93a0a25c28267d265087c1d8b85a661038d`
SHA3	`32d7e5988b5b8a1c04b703b9d740d3b3f2c7c234534d27e0aebfde4d9e0fd621`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	DevXUnityRun
FileVersion (#2)	1.0.0.0
InternalName	DevXUnityUnpackerRun.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	DevXUnityUnpackerRun.exe
ProductName	DevXUnityRun
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.