Manalyze report for 2226b8a2ac6e61dd5bc5327d48c74e1c

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2076-Dec-13 15:55:54
Debug artifacts	umXx.pdb
Comments
CompanyName	Microsoft Corporation
FileDescription	Unload PerfMon
FileVersion	`1.0.0.0`
InternalName	umXx.exe
LegalCopyright	Copyright © Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename	umXx.exe
ProductName	Unload PerfMon
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Malicious	VirusTotal score: 58/75 (Scanned on 2024-07-26 18:06:59)	`ALYac: Trojan.GenericKD.73342723` `APEX: Malicious` `AVG: Win32:PWSX-gen [Trj]` `AhnLab-V3: Trojan/Win.PWSX-gen.C5646936` `Alibaba: TrojanPSW:MSIL/Agensla.0c3ce4dd` `Arcabit: Trojan.Generic.D45F1F03` `Avast: Win32:PWSX-gen [Trj]` `Avira: TR/AD.GenSteal.spunn` `BitDefender: Trojan.GenericKD.73342723` `Bkav: W32.AIDetectMalware.CS` `CrowdStrike: win/malicious_confidence_90% (W)` `Cybereason: malicious.2ac6e6` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.PackedNET.2962` `ESET-NOD32: a variant of MSIL/Kryptik.ALWJ` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.73342723 (B)` `F-Secure: Trojan.TR/AD.GenSteal.spunn` `FireEye: Trojan.GenericKD.73342723` `Fortinet: MSIL/Kryptik.AJAP!tr` `GData: Trojan.GenericKD.73342723` `Google: Detected` `Ikarus: Trojan.MSIL.Inject` `K7AntiVirus: Riskware ( 00584baa1 )` `K7GW: Riskware ( 00584baa1 )` `Kaspersky: HEUR:Trojan-PSW.MSIL.Agensla.gen` `Kingsoft: MSIL.Trojan-PSW.Agensla.gen` `Lionic: Trojan.Win32.Agensla.i!c` `MAX: malware (ai score=83)` `Malwarebytes: Trojan.MalPack.PNG.Generic` `MaxSecure: Trojan.Malware.74499699.susgen` `McAfee: Artemis!2226B8A2AC6E` `McAfeeD: ti!72629B026D16` `MicroWorld-eScan: Trojan.GenericKD.73342723` `Microsoft: Trojan:Win32/Leonem` `Paloalto: generic.ml` `Panda: Trj/Chgt.AD` `Rising: Malware.Obfus/MSIL@AI.98 (RDM.MSIL2:L8zbUUM3C5tmTW2rAv0/Lg)` `Sangfor: Trojan.Win32.Save.MSIL_Inject` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win32.Generic.dc` `Sophos: Troj/Krypt-ABH` `Symantec: Trojan.Gen.MBT` `Tencent: Malware.Win32.Gencirc.1412f742` `Trapmine: malicious.moderate.ml.score` `TrendMicro: TrojanSpy.Win32.NEGASTEAL.YXEGCZ` `TrendMicro-HouseCall: TrojanSpy.Win32.NEGASTEAL.YXEGCZ` `VBA32: TScope.Trojan.MSIL` `VIPRE: Trojan.GenericKD.73342723` `Varist: W32/MSIL_Kryptik.KPV.gen!Eldorado` `VirIT: Trojan.Win32.MSIL.GYX` `Xcitium: Malware@#25wjaj257nzao` `Yandex: Trojan.Igent.b2zR5a.7` `Zillya: Trojan.Kryptik.Win32.4826694` `ZoneAlarm: HEUR:Trojan-PSW.MSIL.Agensla.gen` `alibabacloud: Trojan[stealer]:MSIL/Agensla.gyf` `huorong: Trojan/Generic!12391826F0979FC1`

Hashes

MD5	`2226b8a2ac6e61dd5bc5327d48c74e1c`
SHA1	`7b7b425df447fb64abfbf7fe34d336b13d8d8bb0`
SHA256	`72629b026d1626923f7d3280d0dabb7c1a9ee869b7ce9ec2f02c949544c8326f`
SHA3	`6dd34c225d2ad039f2c892b29f9f73580bc89b26236b03364f7e5fec1876d72f`
SSDeep	`24576:cca028CkoVwvyTIv+WSLFhnfksXOQcFez3aqmUY:cb3XwKTIv+TFRfksXvTY`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2076-Dec-13 15:55:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xe3c00`
SizeOfInitializedData	`0x6600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000E5ACE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xe6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xf0000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`83dd652505cd57995e046e0389fedbee`
SHA1	`70d8b5fa29a5d27505801bf5368411eda71e3d79`
SHA256	`dcb9e209beaf80c26c41308e6eba71866207e09945d8055b1baf60ebdf7d867f`
SHA3	`f7c9838188090c2d82b342e7ecb06a2673d580fbde9fba5a3f0db19e0d143994`
VirtualSize	`0xe3ad4`
VirtualAddress	`0x2000`
SizeOfRawData	`0xe3c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97624`

.rsrc

MD5	`3c3c9b21e50bfec32f3090f1b621ae07`
SHA1	`77a25c0c82b6081a224ddb007719022ba2614cd6`
SHA256	`d7d216a56ae19e5335502930cc51cf71936e4d89d88d1cf6979d66125fdb8457`
SHA3	`e4f6df01921cd75b21b9482e44978192a9c949404b1fd25a42ff331e5d271a05`
VirtualSize	`0x6400`
VirtualAddress	`0xe6000`
SizeOfRawData	`0x6400`
PointerToRawData	`0xe3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.14766`

.reloc

MD5	`c60ecbe4e86dc4887abce61a538903b3`
SHA1	`d3f93e6548554e5a20caec2b9c0cc682da005cf3`
SHA256	`5c9c4cd63c18dcad2a73210aa99c170093b40c2e52c29e47f013f2132cd03c9a`
SHA3	`ed6fee133f2b1b1fba03e1ba2295250825830d4687cd28c56b7038b3c531a7f2`
VirtualSize	`0xc`
VirtualAddress	`0xee000`
SizeOfRawData	`0x200`
PointerToRawData	`0xea200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09181`
MD5	`0e2c1733ee76c09ed0cb9d52c68ae5c7`
SHA1	`8642d1d0b8cf575d1de98e167d80b39cbd301a3f`
SHA256	`56a963992dbfcde8a1592ba2fa63a67064ea8876899295beb5c5f55f18f7f513`
SHA3	`eb9e222740f30a933f3786afcf13d2015b04c63f8f21e199e3ff1ba3542c6f12`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18164`
MD5	`563837b4e2cef066f86add51eff00f82`
SHA1	`50e754cc82a82aeffe80503de7df3e51af92e0ad`
SHA256	`05c51a9a5eee512a5cf0f27e5b06d6b960b3b3d5f42404c7dc9e625392afa77f`
SHA3	`8789d37e8ffc65cdd33902a19675b6c45b4ab882b3122a11cbd785305a822216`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52607`
MD5	`3aeed52bd23c40c61abec16ecdb336d1`
SHA1	`1792c8891e4ed738a3c23f0a449919c6036b6ca2`
SHA256	`3c0a91ce3d5904f8fc670be2b6e8b231cdc7c831f23ade7dba17d8fa70fc865b`
SHA3	`cd24305230f04cb4f1b5470be1021e520f8adbbb9d4a598a4151a698aac0c6c2`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.94745`
MD5	`a89fef5fea85277c3eb8e4d179111283`
SHA1	`31cda2a1c7e7a58991d6587911ed955e942f3e2c`
SHA256	`9180d49cb6532e714c590dab09e1189e0b8250cf5814f394d2f29eaf6a30c5b9`
SHA3	`0609b3ce972b8dd5f0f787d93438c08a9dbe468aeb84ea296ad2cf11e6a007ec`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20719`
MD5	`dc6633bd39380994df8b3fc8e3887665`
SHA1	`dbfabe9e4e578295d7efa334870bd53a720c9c06`
SHA256	`f0f4fe0e63dbeedc0912613020c97cf253608857d3912a54cd85e75ae015a841`
SHA3	`9bcdaa4763bab0e672ad83308ecb89f6796a25c06ffff362c156579dbaa48376`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.45315`
MD5	`8d4852ae0ad7b5550ede259befe58782`
SHA1	`7acd5076c11f1a985672f92d7f00d8b3f5f33ace`
SHA256	`2719ca18cdc91d4379df1daa4cd378705e5f556d21ae182b5dcc5996c20ce6da`
SHA3	`ca775ce74818630626bf9ad8161817f7dc3a1c630e0a6b9f8dfbce2d32afa6fb`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67817`
MD5	`9ba88ad03a44a649a68df6bbe3945051`
SHA1	`2263a3836ef41b7963a1f8ae0f0b4219db867b47`
SHA256	`87677bbdb0d3a3bb3d7284abe0a21a9aa0faa16e69a14a4f17169212c0584b30`
SHA3	`8b5c0b7f63df4fb14190aa18a3c38337d7e652e1220b8a45038c0eace591d464`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.82925`
MD5	`25096e6ec12a6e2b908a84a7dfe1b6fb`
SHA1	`c60b4962f39469230a83f39f722d65106e486d20`
SHA256	`5ad32db99e8a27a8db29aed9f431974b89b23bba0775ddae6f400f4085be3753`
SHA3	`803ceaf07e9153d01b2f539e6ebdd5a67d736a110cc0819faf09524ab4174d69`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81158`
Detected Filetype	Icon file
MD5	`c0b3e66fcb80cecddabf09088b3e8188`
SHA1	`f112cc8039776eaebae28f9be81059bbdda5f357`
SHA256	`0f8e66b41e930335fa661b03299b12d6e7d8f04e7e35a117cb6966b9d1258497`
SHA3	`e25f05b084976b3701054e42f311d42d2ef54fe0f7ac69e7ec201d9b4f5959b6`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31212`
MD5	`ca11b0908936b94352e4afb699a9e5b7`
SHA1	`db597efca5511b26796391e60aed87dd4f8bfb99`
SHA256	`44a3c62c0e6464def26aaf367c111c9bdfa86aef70d08cde4f9291a758f29b67`
SHA3	`cd2e904b6dc571ce858265af2f1e57617bdb7bc7e62097415e36a91dd6e16802`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Microsoft Corporation
FileDescription	Unload PerfMon
FileVersion (#2)	1.0.0.0
InternalName	umXx.exe
LegalCopyright	Copyright © Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename	umXx.exe
ProductName	Unload PerfMon
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2090-Sep-27 04:24:11
Version	`256.20557`
SizeofData	`33`
AddressOfRawData	`0xe3dc8`
PointerToRawData	`0xe1fc8`
Referenced File	umXx.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`1.0`
SizeofData	`39`
AddressOfRawData	`0xe3de9`
PointerToRawData	`0xe1fe9`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

UNKNOWN (#3)

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`256.256`
SizeofData	`7273`
AddressOfRawData	`0xe3e10`
PointerToRawData	`0xe2010`

TLS Callbacks

Load Configuration

RICH Header

2226b8a2ac6e61dd5bc5327d48c74e1c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

UNKNOWN

UNKNOWN (#2)

UNKNOWN (#3)

TLS Callbacks

Load Configuration

RICH Header

Errors