Manalyze report for 20999d5e9251f38e53d8ba61447bc044

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Oct-07 16:22:41
Debug artifacts	c:\Users\admin\AppData\Local\Temp\bin_copy\obj\Debug\Obfuscated Name.pdb
FileDescription
FileVersion	`1.0.0.0`
InternalName	Obfuscated Name.exe
LegalCopyright
OriginalFilename	Obfuscated Name.exe
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Looks for VMWare presence: vmware` `Looks for Sandboxie presence: SbieDll.dll` `May have dropper capabilities: CurrentControlSet\Services CurrentVersion\Run Programs\Startup` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` `Contains domain names: costura.discord.net discord.net`
Malicious	VirusTotal score: 42/68 (Scanned on 2021-10-07 16:28:59)	`Elastic: malicious (high confidence)` `MicroWorld-eScan: Gen:Variant.Cerbu.106686` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `McAfee: PUP-XOI-DO` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Save.a` `CrowdStrike: win/malicious_confidence_60% (D)` `K7GW: Trojan ( 0057a8ee1 )` `K7AntiVirus: Trojan ( 0057bd891 )` `Cyren: W32/Trojan.FRR.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of MSIL/Agent.UKY` `APEX: Malicious` `ClamAV: Win.Packed.Bulz-9853289-0` `Kaspersky: Trojan-PSW.Win32.Disco.q` `BitDefender: Gen:Variant.Cerbu.106686` `Avast: Win32:RATX-gen [Trj]` `Ad-Aware: Gen:Variant.Cerbu.106686` `Sophos: Mal/MSIL-UO` `DrWeb: BAT.Disabler.24` `McAfee-GW-Edition: BehavesLike.Win32.Generic.vc` `FireEye: Generic.mg.20999d5e9251f38e` `Emsisoft: Gen:Variant.Cerbu.106686 (B)` `Ikarus: PWS.MSIL.Dcstl` `GData: MSIL.Trojan.PSE.1FJLXVF` `MaxSecure: Trojan.Malware.121218.susgen` `Avira: TR/Spy.Agent.vqkxt` `Arcabit: Trojan.Cerbu.D1A0BE` `ZoneAlarm: HEUR:Trojan.MSIL.Bingoml.gen` `Microsoft: Trojan:MSIL/Agent.UKY!MTB` `Cynet: Malicious (score: 100)` `AhnLab-V3: Trojan/Win.Tiny.C4537481` `BitDefenderTheta: Gen:NN.ZemsilF.34170.1o0@a8OvRIf` `ALYac: Gen:Variant.Cerbu.106686` `MAX: malware (ai score=88)` `VBA32: TScope.Trojan.MSIL` `Malwarebytes: RiskWare.Dropper` `Tencent: Trojan.Win32.Disco.wa` `SentinelOne: Static AI - Malicious PE` `eGambit: Unsafe.AI_Score_78%` `Fortinet: MSIL/Agent.F0B7!tr` `AVG: Win32:RATX-gen [Trj]`

Hashes

MD5	`20999d5e9251f38e53d8ba61447bc044`
SHA1	`d54659f04d8a6f365f99e625a2f153e8b2e07241`
SHA256	`bc91fdad85c2e503dd2b21466af613f1bb5ed56f385131c97f15de03e34de141`
SHA3	`b931fe903af0771d365d6bf5fd04b51099d41c5a04e875698d5e2a9fbdf2014f`
SSDeep	`49152:xsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gx:nqXpy05Q0N1rsYSZ6BoXh1kkypSH3Oh`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2021-Oct-07 16:22:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x2d6800`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002D873E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2da000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2de000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4299a38e580b13a4f756a6ffc952990a`
SHA1	`5c098ade05e0376fe568295c6873d6a62aa074bf`
SHA256	`2d76e09a9b1ffd756697cae853a8b83a73e6fcfef495de5b93ed0efd2fb7e866`
SHA3	`b33c6e813291e0b14830d7ac01e7c67b4e15cb1a9e2035ec1f10f8a5e6c49837`
VirtualSize	`0x2d6744`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2d6800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99852`

.rsrc

MD5	`342f46fb1f68e0db5107edda8bd7fd09`
SHA1	`f44aae38a8c892f7b1622a9eebaebc42cb6fbb69`
SHA256	`4c5f4988f8758ed30c617d9e821465e1c8ef221ab64dcc7d0e61b8beb0104f48`
SHA3	`f1db9b67a7c56b8a24e1ca0ba33c284cbb63bc7f1bcbb10cda48fb819df3a6b1`
VirtualSize	`0x4f8`
VirtualAddress	`0x2da000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2d6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.77692`

.reloc

MD5	`eb94a336f7849ac06b6399e8b0d013be`
SHA1	`ceeac26ae6bf0c93b79fad0bfb719418c6f6900d`
SHA256	`fd46b2a4ff53d4bd4240839637fe5c76b4b6496cfa2444a55d0b21c76a85479e`
SHA3	`9c2a28dcbec53e3ad33639177594bfdd29c0b14fa3dbc1f6cfb125d2eb04d6c3`
VirtualSize	`0xc`
VirtualAddress	`0x2dc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2d7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x264`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23784`
MD5	`c1462341bce0bfd2c066fd8e3f4df0d4`
SHA1	`7e1fdce1c4534eff1411a97cd73ff35b93d2a5d1`
SHA256	`cb4aa4f363c5d583c132ad2f8758b41ea0673393ab0922fc817e65a64e4c044a`
SHA3	`53ab77d00f646162635a0dea6d1d052bfb532466a12eea417044d30710f81179`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	Obfuscated Name.exe
LegalCopyright
OriginalFilename	Obfuscated Name.exe
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Oct-07 16:22:41
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x2d85d4`
PointerToRawData	`0x2d67d4`
Referenced File	c:\Users\admin\AppData\Local\Temp\bin_copy\obj\Debug\Obfuscated Name.pdb

TLS Callbacks

Load Configuration

RICH Header

20999d5e9251f38e53d8ba61447bc044

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors