Manalyze report for 1bb1432d981a181a3c905353da31c467

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Aug-04 12:29:45
Debug artifacts	C:\Users\boris\documents\visual studio 2017\Projects\VEGAS_PRO_14_INSTALLER\VEGAS_PRO_14_INSTALLER\obj\Debug\VEGAS_PRO_14_INSTALLER.pdb
Comments
CompanyName
FileDescription	VEGAS_PRO_14_INSTALLER
FileVersion	`1.0.0.0`
InternalName	VEGAS_PRO_14_INSTALLER.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	VEGAS_PRO_14_INSTALLER.exe
ProductName	VEGAS_PRO_14_INSTALLER
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: iexplore.exe` `Miscellaneous malware strings: VIRUS` `Contains domain names: download.com`
Malicious	VirusTotal score: 29/71 (Scanned on 2026-02-16 19:59:09)	`APEX: Malicious` `Alibaba: Trojan:MSIL/BadJoke.be2ad934` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: MSIL/BadJoke.TO trojan` `Elastic: malicious (moderate confidence)` `Fortinet: PossibleThreat` `Google: Detected` `Jiangmin: Trojan.Generic.hczgq` `K7AntiVirus: Riskware ( 0040eff71 )` `K7GW: Riskware ( 0040eff71 )` `Kaspersky: HEUR:Trojan.Win32.Generic` `Lionic: Trojan.Win32.Diztakun.4!c` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!196F03EE4D97` `Microsoft: Trojan:Win32/Wacatac.B!ml` `NANO-Antivirus: Trojan.Win32.Diztakun.exsxzy` `Panda: Trj/GdSda.A` `Rising: Trojan.Diztakun!8.FE (CLOUD)` `Sangfor: Trojan.Win32.Badjoke.Vv8k` `Sophos: Mal/Generic-S` `Tencent: Win32.Trojan.Generic.Pjgl` `Trapmine: malicious.moderate.ml.score` `TrellixENS: Artemis!1BB1432D981A` `VBA32: Trojan.Zpevdo` `Yandex: Trojan.Agent!tu3SpaHKYW4` `Zillya: Trojan.TO.Win32.1` `alibabacloud: Trojan:MSIL/BadJoke.TP`

Hashes

MD5	`1bb1432d981a181a3c905353da31c467`
SHA1	`0ec02d8765cd483c7202d4f57336f331e06f10fa`
SHA256	`196f03ee4d97d91d941fec31bbcfbfbbb300ce400660046b11dc3b7d40ec0fa5`
SHA3	`2f5d89f6f4cf26dc8cc304590314fe1cc5eb46fecfbec268c7e32ae150982e09`
SSDeep	`768:PO/FcggzMdibzZHFAk4Yy3CFbU6SdlD3ynA8zIYbw04c3qYgxd:PO/WgYMdibsjYy3MlGzymPYgx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Aug-04 12:29:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`80.0`
SizeOfCode	`0x6800`
SizeOfInitializedData	`0x1400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000087DA (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xa000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xe000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2f69d1ba928072e5700693e459c6f98f`
SHA1	`7b29c7c5989a7ed640bcc852c02f63679eb28f3a`
SHA256	`87406a2e8d347f57d5a455955459ed48541b4ae0507eb5e8ba86d32dafa9f76f`
SHA3	`edd57d43ce5aa0237916f2476fba7874f355b495133180010a1de64e7881536e`
VirtualSize	`0x67e0`
VirtualAddress	`0x2000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.61253`

.rsrc

MD5	`2184f99712b39679028555cd69b12c1a`
SHA1	`fcd2831d702670f0358c27109c2f00e5900eddb2`
SHA256	`014ea77ef870978e39446ef659b271c3d2c2d6f64b79a5b541050202631c7968`
SHA3	`821e2648d7a2fb74571173b8c2d445e8ac337f423f5e2326a53476b3c1eec7ae`
VirtualSize	`0x1160`
VirtualAddress	`0xa000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.04521`

.reloc

MD5	`1a5ff40d4c8520fa7c4c2ddbe2ba5363`
SHA1	`4826bf6a7b12aacc7c2fba82babfa7ddfb8d83c4`
SHA256	`c68a8ad6935898e56f2c716d4439ec4a8dad6f8f7ffbf65ee0d84b0ea6da6b86`
SHA3	`8f3b6e77f80f50ab12450f6d33f6083f85e42b0dbaf36eb83b6e8c45eeee846b`
VirtualSize	`0xc`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37335`
MD5	`837f2090198bd7182064eef718db79a9`
SHA1	`3f4f800987a0c81cccc2e30ad8b0f1eda34305ce`
SHA256	`6ba37b878844d1c3210a5f7d2f09e2f5648466b6cdbd2158a88363680079b738`
SHA3	`71df00ec6f69c863231e86581840b62a7a16ee96cffb2216b504ecfe05efd3d0`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd2d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06532`
MD5	`df50930a5d09f81f1fde242214073879`
SHA1	`e1cb4c5626681d0ff6950037fd16da0c88a88cbb`
SHA256	`b5a9c54db5be59b47057b6f1996f5ec81e15757004789f150ec7c538147d1b3e`
SHA3	`ab93b0abfd276c9ecc7d2aff22773760f8ce7155e8832a18865970207fe82f04`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	VEGAS_PRO_14_INSTALLER
FileVersion (#2)	1.0.0.0
InternalName	VEGAS_PRO_14_INSTALLER.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	VEGAS_PRO_14_INSTALLER.exe
ProductName	VEGAS_PRO_14_INSTALLER
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Aug-04 12:29:45
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x866c`
PointerToRawData	`0x686c`
Referenced File	C:\Users\boris\documents\visual studio 2017\Projects\VEGAS_PRO_14_INSTALLER\VEGAS_PRO_14_INSTALLER\obj\Debug\VEGAS_PRO_14_INSTALLER.pdb

TLS Callbacks

Load Configuration

RICH Header

1bb1432d981a181a3c905353da31c467

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors