Manalyze report for 24894c64659e916393ab4b754b262697

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-May-05 11:54:08
Debug artifacts	Ketabrah.pdb
Comments
CompanyName
FileDescription	Ketabrah
FileVersion	`10.0.0.0`
InternalName	Ketabrah.exe
LegalCopyright	Copyright © 2020
LegalTrademarks
OriginalFilename	Ketabrah.exe
ProductName	Ketabrah
ProductVersion	`10.0.0.0`
Assembly Version	10.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious		`Unusual section name found: .sdata`
Suspicious	VirusTotal score: 2/72 (Scanned on 2020-06-08 16:17:53)	`APEX: Malicious` `CrowdStrike: win/malicious_confidence_60% (W)`

Hashes

MD5	`24894c64659e916393ab4b754b262697`
SHA1	`fcb56907c58238ae9b4ccc71074c36f4371d8ed1`
SHA256	`2fefc742c1023df504e6c4e7801c4a6e8a48e827eff1fac7b31ecb1116f42087`
SHA3	`98eee168de1e678e3e3fc3449f3bf8cce2b359ea171c6be479d7e592f6393269`
SSDeep	`12288:quJKU+bx5jySJpDDfjHLmlqtaNwe/GZMmtYDX6K9ScFB5h6h0k2j:quwd5jNpDDfnml0aNwEGZPtYr97Cr2`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2020-May-05 11:54:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xa9c00`
SizeOfInitializedData	`0x5000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000ABA7E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xac000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb6000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`15`

.text

MD5	`d08fc918c4bd332b6361511b9b1a7419`
SHA1	`03ee6914da4870553636202b6cae35bfd61cbe7c`
SHA256	`f351b1cfe702ce70e902f51b06d6dc1863a3f0b38309a9caf02cdfe2bd2ea23f`
SHA3	`7873a92f1408b66799f08dff29775f65b773f9f4d62c60e3e66e8574065a52e4`
VirtualSize	`0xa9a84`
VirtualAddress	`0x2000`
SizeOfRawData	`0xa9c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.67698`

.sdata

MD5	`88639858af92eda5b8f30cba4a59ae53`
SHA1	`ceb6cc2ab51aa0583b223ea89826a78738477cd8`
SHA256	`8f19a6880c51001b227de539bac1b8ede58a712381313d1700a3718b1972cfba`
SHA3	`821198978832086d03f8e832cb776e141df60f1b862fb50c0184a97a5ccc7954`
VirtualSize	`0x22e`
VirtualAddress	`0xac000`
SizeOfRawData	`0x400`
PointerToRawData	`0xaa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.21802`

.rsrc

MD5	`498b38e5d876fbbfad8326482ad70bac`
SHA1	`d1eb26ca2fa9799a3815f79e068b0151542e7381`
SHA256	`b39f5f1d488f15095c361a764f32f6eef0660cb332a782c3852ffcc4f14b5ce9`
SHA3	`e8661aa1734913b3d2267dba990bea5da02c950c47fb088102920cd208882d9c`
VirtualSize	`0x4920`
VirtualAddress	`0xae000`
SizeOfRawData	`0x4a00`
PointerToRawData	`0xaa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.70154`

.reloc

MD5	`5025973bf7c49291cb651d38033f7861`
SHA1	`fa969579cb5a1ebe5ceeee7f10b76f28da03eab6`
SHA256	`3e8db7e5187f8bdb3a8d93a48a9257de4912c7c0d2e8d2166f1f048c70109439`
SHA3	`eeabb51f301ca220fb1878b05c266ab28d253b1d680174b48ad5149fae24feee`
VirtualSize	`0xc`
VirtualAddress	`0xb4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xaee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17243`
MD5	`9fe199e1837c28ffa0cedbeac7f1f9bb`
SHA1	`91bdc8054b25b13ece2be9b7bb98d4f2ef261359`
SHA256	`0a695742a6c579a9e5359dee0041aac8379e5605b7c15f8790207e5678b4ea06`
SHA3	`2a44421f897458d5bf4542440f2bd0d769196855bcc29aaad08e690d98d2712d`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70705`
MD5	`641263e6a039e7089418ad515711a5ef`
SHA1	`148d74f509c53031e08481573f26db7a7e194dd0`
SHA256	`fad8b03e82bbf99157ddf96fa4c9ae87457e2806670b3e4a63e5ae6e03901f18`
SHA3	`3ed97c67e0f16fd619742a235a9547363fb4dcff698a87f421a30795373164ce`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19297`
MD5	`507a43dbcb49c2422f81f3caab0df844`
SHA1	`b7fedcadf972d4387d229383b556a64570f26822`
SHA256	`da67d8ccb7a9851eb48ba68a57348ba5384797127a29008758be9505afba29b6`
SHA3	`adf8de223af125d8eb155dcbfae48265264790ea382e9c8ee1a9d4c47939ae38`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40726`
MD5	`e12d8577a5f559dd8e0a76b290e27941`
SHA1	`b5c33e7d9647c8d4570351b9ce4fbb2fe1610d67`
SHA256	`380bc82ab594fc2a292c8d8c3e5216d8cfb4b1308bcf133ae36970ff7222ba73`
SHA3	`970e37a1b407e6f184c0d5605c276fcbe9d748dd77ed612f7af9f4025c266440`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62308`
Detected Filetype	Icon file
MD5	`5c84b5099ac46312565be1aa2e21eff0`
SHA1	`25f00759b0e6641f9b423e6a52556c2e4e2796c3`
SHA256	`816cc8c77a0adb35a7432b2bac047e9834bfd21b0ef96c612e5f8bc4f0986620`
SHA3	`17e6deff600599725f4cf3c95b7472cf6ca993cdc40907ae04b6209f5619547f`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x326`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22413`
MD5	`e6c881e9eae50cac62ac511ee03f3c00`
SHA1	`70cee8544f01217059743adff77f45660fdbc1bc`
SHA256	`c5ee74f2a30610ce37ba71cb695c4551f995967d36a0955dcd4d9b38d492f37f`
SHA3	`90f7e1ef2c6673c9a587acae3968d07cb1c9b6862f5b5ff936e2b3230b4059eb`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.0.0
ProductVersion	10.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	Ketabrah
FileVersion (#2)	10.0.0.0
InternalName	Ketabrah.exe
LegalCopyright	Copyright © 2020
LegalTrademarks
OriginalFilename	Ketabrah.exe
ProductName	Ketabrah
ProductVersion (#2)	10.0.0.0
Assembly Version	10.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`37`
AddressOfRawData	`0xaba02`
PointerToRawData	`0xa9e02`
Referenced File	Ketabrah.pdb

TLS Callbacks

Load Configuration

RICH Header

24894c64659e916393ab4b754b262697

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.sdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

32512

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors