Manalyze report for 1a00fcd6969e3a19664461220a7b3505

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2011-Dec-30 07:22:28
Comments	行天日日所还十后十人要那好所于能人后个主又
CompanyName	好想而都主这开起天就还个上无小日方开看
FileDescription	这多文箇中
FileVersion	`56.12.19.31`
InternalName	ReliantClientLEAK.exe
LegalCopyright	方了用而日开这年年得后发拾人然主如国得要来然拾发十
OriginalFilename	ReliantClientLEAK.exe
ProductName	还想如箇上好不开后年开事中天年多行事么
ProductVersion	`56.12.19.31`
Assembly Version	0.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Suspicious	VirusTotal score: 1/43 (Scanned on 2011-12-30 20:55:47)	`NOD32: a variant of MSIL/Injector.QZ`

Hashes

MD5	`1a00fcd6969e3a19664461220a7b3505`
SHA1	`c3a7fe39c18da35dee0a892e355a3462fec26928`
SHA256	`c8081cac381aaca081b1fe247e248d230f465c8ac3a8c60bad3eecea116e73fe`
SHA3	`518102f6adff62ed7b874556cf18cdbf2efd115375a9ad849379a1fc2c877ef8`
SSDeep	`12288:1PDhlbgaLtZpsWbCOeQClQg7p4FaKzPK4ZBOXpzbWZS:1PDhlbjhZpsWeOolQg7JKWABOXps`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2011-Dec-30 07:22:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x45000`
SizeOfInitializedData	`0x42000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0004692E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x48000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x8c000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`64508755ac47f7af1375458f4fc5c1cb`
SHA1	`47a6d69f120a7732ac3f62377ee1a1b006496069`
SHA256	`db403404e4f443e53116f795fd45c0d11b074780730245706aba790a3494bb6e`
SHA3	`60db11d1175d7614a9e6686ac66845f325d249d19f1da00501567c81d1865e73`
VirtualSize	`0x44934`
VirtualAddress	`0x2000`
SizeOfRawData	`0x45000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.67213`

.rsrc

MD5	`64e4e76adf1374dbf271aac7c80793c8`
SHA1	`35c05d2ef09a9717ff4a414fcd839f686a5dac82`
SHA256	`6db12c19a3b1d89afed251f12ffa2627dfc85767242a7bfc50f2f1e3c9519584`
SHA3	`51dbf88077fdb6fe3ac0664dc87494b67da398c899bc9732a30996e08a0dff26`
VirtualSize	`0x40864`
VirtualAddress	`0x48000`
SizeOfRawData	`0x41000`
PointerToRawData	`0x46000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.22379`

.reloc

MD5	`5c51fd1b598ed51ce714f72ee51ae0fe`
SHA1	`98f3d72ea27db8787a44282c28400dd74ec5692b`
SHA256	`dc5a63a7a48ac1a0ee98b813e80c854c666e1bab5a831111c420e1bdb88d124a`
SHA3	`36cdf1ede55036e3eab9e0b939c17f339c50d0a31a313206fe38bfe405347efc`
VirtualSize	`0xc`
VirtualAddress	`0x8a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x87000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0164085`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x18a2e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99201`
Detected Filetype	PNG graphic file
MD5	`e7cbadcf9ad73595c5faa3f4b022310b`
SHA1	`aa38a0acbe0679f2ebd453c85774dee5cbc0e28a`
SHA256	`4fcb8fb3ede6bb8509a88d09567c4ce294d1ba75939a7e997eba298a57e00716`
SHA3	`6446735d3a607b46d452c8f8d7f811e8fcf27e2929a8118fa41f1b4284ee7f65`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.015`
MD5	`17ef87065720be784a1319439576872a`
SHA1	`00e2c064928bac69c28d13e8c2544f740f41bdbb`
SHA256	`d4b4c7a805340ea39d8699f59f54b45ba8a0ad05f390625a5f3d7c8ec8bd56ff`
SHA3	`8379f95b37e4bfdd83797d996f35c901eb32f5a96c4adc4df0b27d3aaa8e07b3`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.23414`
MD5	`2771338395c3d6df0c849957dea899ad`
SHA1	`a88e558e141b13ff64c20a6685e26aeadf49cda0`
SHA256	`b184321c08b9f8a8ed1745c7d070fc2da7519b0a77a09b0f89836c8adac377e4`
SHA3	`d9db62b18e943a1a65b53c0bda6c43c5a1042098e4afaaabbb92aac62147d0b6`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.23956`
MD5	`2d82dcb3c43b38ef564571e82219e4b7`
SHA1	`c7a60ac3ec1afc845e9076c072e3ea1f8d225fb8`
SHA256	`6e3c1ea1750e7f91e5330714b431907ea1279c5712dbfae1812844e3b2713708`
SHA3	`0f07d59b7662398cf5b763a1ccc1e366623506122f2bbd63b682e8f3ed0f0cbe`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.11604`
MD5	`484758cbf6dde0f1dbf7763d83833fbc`
SHA1	`a6ac25ca2f2745ae8524c8c4ad3001275a3ba75a`
SHA256	`1df20b65312b593d402ce005eee9f50bce1c068ac932cbc301697f64c60813ed`
SHA3	`bf96bda82d65b20bf7c428f317241caa281b9e1c96166c900481afe665322215`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34497`
MD5	`f78b5e815b7e0db9d5d34c607e9cb1e1`
SHA1	`ae3a654f9add8badaec1ae1542d65fcd6aa07cc4`
SHA256	`d652700fdec67e2b700c9a28d3c5b1f93e12d5cda7f78c02280e7680d4c41cb9`
SHA3	`1a76ff8d79f240ba69cb242ca48f4e72117a5702566282fddb3ce248963c8a28`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.24686`
MD5	`a4aeb8a43686d6b4e51aa4db0d54c1ce`
SHA1	`d1b26a161e445d97f7734a0d895f10833c3b0e6d`
SHA256	`6cf46b483944b019b67494232b0ae1a80e2aeb67ee365dda1070e6f951ab3366`
SHA3	`d37363b283140db1b44d8433e4d78a67deefa09adc86df72987cafbc4645915b`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31385`
MD5	`b9de459fd84007923cf6ffcf895d93c7`
SHA1	`54856ef4c521c57261394e802a53eab611afc4fe`
SHA256	`c9643843b1a7cd7051bbdf17718fd64742e840c0ff6e79f5e48a495019699d42`
SHA3	`476bfe5a1309d04a97e6cab4fd4923629e9824e671b1c28f54163c6e59e9cc81`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.04073`
MD5	`cc4a133d43a6bbfaa6e1350605b19fc9`
SHA1	`03f630ac0f6e33e75558a94750cfd79b355ba2ae`
SHA256	`78d3a27651d666cae3e3d53f26867f886718f1ef141fb2228356253e7775095f`
SHA3	`865869a9eea3bae7f44ff4ce3c1b33b180296d7378a65014758fc18adadc4915`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22082`
Detected Filetype	Icon file
MD5	`1a8143c074b56f44feca67917eaac86c`
SHA1	`2b53841b97cc9f73a48b2823352ec95fbecbed39`
SHA256	`6c8b5745a44a521c26ab40e98fd2c29a3723749c70c61f1103b78f5f5b922036`
SHA3	`e4a8431cd4c73c745109e065f954d8bf24364afcc34226930b90a2744326f67e`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x388`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.35675`
MD5	`33b0bd94a86074a4ac81bef83dbd1a22`
SHA1	`66c1e52fc6ecf6ec1adb0a8e28f0cff34edbc533`
SHA256	`e2526cb5c204eba371b2d0ee4e5f5ebd5742ca5e1b122cf12df634ed09b8bc9b`
SHA3	`64d3deba025277f44b29d6e7ca5b3f4d57c259a02e822fb5d19afe398f39988c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	56.12.19.31
ProductVersion	56.12.19.31
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	行天日日所还十后十人要那好所于能人后个主又
CompanyName	好想而都主这开起天就还个上无小日方开看
FileDescription	这多文箇中
FileVersion (#2)	56.12.19.31
InternalName	ReliantClientLEAK.exe
LegalCopyright	方了用而日开这年年得后发拾人然主如国得要来然拾发十
OriginalFilename	ReliantClientLEAK.exe
ProductName	还想如箇上好不开后年开事中天年多行事么
ProductVersion (#2)	56.12.19.31
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

1a00fcd6969e3a19664461220a7b3505

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors