×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2011-Dec-30 07:22:28
Comments
行天日日所还十后十人要那好所于能人后个主又
CompanyName
好想而都主这开起天就还个上无小日方开看
FileDescription
这多文箇中
FileVersion
56.12.19.31
InternalName
ReliantClientLEAK.exe
LegalCopyright
方了用而日开这年年得后发拾人然主如国得要来然拾发十
OriginalFilename
ReliantClientLEAK.exe
ProductName
还想如箇上好不开后年开事中天年多行事么
ProductVersion
56.12.19.31
Assembly Version
0.0.0.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
Suspicious
Strings found in the binary may indicate undesirable behavior:
Miscellaneous malware strings:
Suspicious
VirusTotal score: 1/43 (Scanned on 2011-12-30 20:55:47)
NOD32:
a variant of MSIL/Injector.QZ
MD5
1a00fcd6969e3a19664461220a7b3505
SHA1
c3a7fe39c18da35dee0a892e355a3462fec26928
SHA256
c8081cac381aaca081b1fe247e248d230f465c8ac3a8c60bad3eecea116e73fe
SHA3
518102f6adff62ed7b874556cf18cdbf2efd115375a9ad849379a1fc2c877ef8
SSDeep
12288:1PDhlbgaLtZpsWbCOeQClQg7p4FaKzPK4ZBOXpzbWZS:1PDhlbjhZpsWeOolQg7JKWABOXps
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2011-Dec-30 07:22:28
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
8.0
SizeOfCode
0x45000
SizeOfInitializedData
0x42000
SizeOfUninitializedData
0
AddressOfEntryPoint
0x0004692E (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x48000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x1000
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x8c000
SizeOfHeaders
0x1000
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
64508755ac47f7af1375458f4fc5c1cb
SHA1
47a6d69f120a7732ac3f62377ee1a1b006496069
SHA256
db403404e4f443e53116f795fd45c0d11b074780730245706aba790a3494bb6e
SHA3
60db11d1175d7614a9e6686ac66845f325d249d19f1da00501567c81d1865e73
VirtualSize
0x44934
VirtualAddress
0x2000
SizeOfRawData
0x45000
PointerToRawData
0x1000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
7.67213
MD5
64e4e76adf1374dbf271aac7c80793c8
SHA1
35c05d2ef09a9717ff4a414fcd839f686a5dac82
SHA256
6db12c19a3b1d89afed251f12ffa2627dfc85767242a7bfc50f2f1e3c9519584
SHA3
51dbf88077fdb6fe3ac0664dc87494b67da398c899bc9732a30996e08a0dff26
VirtualSize
0x40864
VirtualAddress
0x48000
SizeOfRawData
0x41000
PointerToRawData
0x46000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
7.22379
MD5
5c51fd1b598ed51ce714f72ee51ae0fe
SHA1
98f3d72ea27db8787a44282c28400dd74ec5692b
SHA256
dc5a63a7a48ac1a0ee98b813e80c854c666e1bab5a831111c420e1bdb88d124a
SHA3
36cdf1ede55036e3eab9e0b939c17f339c50d0a31a313206fe38bfe405347efc
VirtualSize
0xc
VirtualAddress
0x8a000
SizeOfRawData
0x1000
PointerToRawData
0x87000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0164085
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x18a2e
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
7.99201
Detected Filetype
PNG graphic file
MD5
e7cbadcf9ad73595c5faa3f4b022310b
SHA1
aa38a0acbe0679f2ebd453c85774dee5cbc0e28a
SHA256
4fcb8fb3ede6bb8509a88d09567c4ce294d1ba75939a7e997eba298a57e00716
SHA3
6446735d3a607b46d452c8f8d7f811e8fcf27e2929a8118fa41f1b4284ee7f65
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x10828
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.015
MD5
17ef87065720be784a1319439576872a
SHA1
00e2c064928bac69c28d13e8c2544f740f41bdbb
SHA256
d4b4c7a805340ea39d8699f59f54b45ba8a0ad05f390625a5f3d7c8ec8bd56ff
SHA3
8379f95b37e4bfdd83797d996f35c901eb32f5a96c4adc4df0b27d3aaa8e07b3
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x94a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.23414
MD5
2771338395c3d6df0c849957dea899ad
SHA1
a88e558e141b13ff64c20a6685e26aeadf49cda0
SHA256
b184321c08b9f8a8ed1745c7d070fc2da7519b0a77a09b0f89836c8adac377e4
SHA3
d9db62b18e943a1a65b53c0bda6c43c5a1042098e4afaaabbb92aac62147d0b6
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x5488
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.23956
MD5
2d82dcb3c43b38ef564571e82219e4b7
SHA1
c7a60ac3ec1afc845e9076c072e3ea1f8d225fb8
SHA256
6e3c1ea1750e7f91e5330714b431907ea1279c5712dbfae1812844e3b2713708
SHA3
0f07d59b7662398cf5b763a1ccc1e366623506122f2bbd63b682e8f3ed0f0cbe
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x4228
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.11604
MD5
484758cbf6dde0f1dbf7763d83833fbc
SHA1
a6ac25ca2f2745ae8524c8c4ad3001275a3ba75a
SHA256
1df20b65312b593d402ce005eee9f50bce1c068ac932cbc301697f64c60813ed
SHA3
bf96bda82d65b20bf7c428f317241caa281b9e1c96166c900481afe665322215
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x25a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.34497
MD5
f78b5e815b7e0db9d5d34c607e9cb1e1
SHA1
ae3a654f9add8badaec1ae1542d65fcd6aa07cc4
SHA256
d652700fdec67e2b700c9a28d3c5b1f93e12d5cda7f78c02280e7680d4c41cb9
SHA3
1a76ff8d79f240ba69cb242ca48f4e72117a5702566282fddb3ce248963c8a28
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.24686
MD5
a4aeb8a43686d6b4e51aa4db0d54c1ce
SHA1
d1b26a161e445d97f7734a0d895f10833c3b0e6d
SHA256
6cf46b483944b019b67494232b0ae1a80e2aeb67ee365dda1070e6f951ab3366
SHA3
d37363b283140db1b44d8433e4d78a67deefa09adc86df72987cafbc4645915b
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x988
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.31385
MD5
b9de459fd84007923cf6ffcf895d93c7
SHA1
54856ef4c521c57261394e802a53eab611afc4fe
SHA256
c9643843b1a7cd7051bbdf17718fd64742e840c0ff6e79f5e48a495019699d42
SHA3
476bfe5a1309d04a97e6cab4fd4923629e9824e671b1c28f54163c6e59e9cc81
Type
RT_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x468
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.04073
MD5
cc4a133d43a6bbfaa6e1350605b19fc9
SHA1
03f630ac0f6e33e75558a94750cfd79b355ba2ae
SHA256
78d3a27651d666cae3e3d53f26867f886718f1ef141fb2228356253e7775095f
SHA3
865869a9eea3bae7f44ff4ce3c1b33b180296d7378a65014758fc18adadc4915
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x84
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.22082
Detected Filetype
Icon file
MD5
1a8143c074b56f44feca67917eaac86c
SHA1
2b53841b97cc9f73a48b2823352ec95fbecbed39
SHA256
6c8b5745a44a521c26ab40e98fd2c29a3723749c70c61f1103b78f5f5b922036
SHA3
e4a8431cd4c73c745109e065f954d8bf24364afcc34226930b90a2744326f67e
Type
RT_VERSION
Language
UNKNOWN
Codepage
Latin 1 / Western European
Size
0x388
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.35675
MD5
33b0bd94a86074a4ac81bef83dbd1a22
SHA1
66c1e52fc6ecf6ec1adb0a8e28f0cff34edbc533
SHA256
e2526cb5c204eba371b2d0ee4e5f5ebd5742ca5e1b122cf12df634ed09b8bc9b
SHA3
64d3deba025277f44b29d6e7ca5b3f4d57c259a02e822fb5d19afe398f39988c
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
56.12.19.31
ProductVersion
56.12.19.31
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
行天日日所还十后十人要那好所于能人后个主又
CompanyName
好想而都主这开起天就还个上无小日方开看
FileDescription
这多文箇中
FileVersion (#2)
56.12.19.31
InternalName
ReliantClientLEAK.exe
LegalCopyright
方了用而日开这年年得后发拾人然主如国得要来然拾发十
OriginalFilename
ReliantClientLEAK.exe
ProductName
还想如箇上好不开后年开事中天年多行事么
ProductVersion (#2)
56.12.19.31
Assembly Version
0.0.0.0