Manalyze report for 26b3db3ac5bd9dcfcb485c9e0c200a80

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Jun-03 19:43:00
Debug artifacts	C:\Users\Monument\Desktop\newwar33\BitcoinBlackmailer\BitcoinBlackmailer\bin\Release\BitcoinBlackmailer.pdb
Comments	VirtuMalks
CompanyName	VirtuMalks Corporation
FileDescription	VirtuMalks
FileVersion	`3.5.00.16`
InternalName	BitcoinBlackmailer.exe
LegalCopyright	Copyright (C) 2010-2016 VirtuMalks Corp. All rights reserved.
LegalTrademarks	Copyright (C) 2010-2016 VirtualMaller Corporation. All rights reserved.
OriginalFilename	BitcoinBlackmailer.exe
ProductName	VirtuMalks
ProductVersion	`3.5.00.16`
Assembly Version	2.4.5.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	This program contains valid cryptocurrency addresses.	`Contains a valid Bitcoin address: 183y8kxJ4h2Gb2zwVX2o7TVezt7BcB5oPy 18sn8Q5L1T3LbZuvz5hqHu2aFXgU5T9fu4 1DkNJXaKgv6zJkxkAs8m8fdJC9y7TeJucC 1EjYc872qnXMgS1EG8xoSp5urM8WygGAjA 1HxkJ3vz2tvpcHgdt9yyY4XivdY9jKkcZH`
Malicious	VirusTotal score: 50/61 (Scanned on 2017-04-25 08:52:49)	`Bkav: W32.Clode5a.Trojan.4df5` `MicroWorld-eScan: Generic.MSIL.Ransomware.Jigsaw.65F4BA28` `CAT-QuickHeal: Ransom.JigsawLocker` `McAfee: RDN/Ransom` `Malwarebytes: Ransom.Jigsaw` `Zillya: Trojan.Scar.Win32.100151` `K7GW: Trojan ( 700000121 )` `K7AntiVirus: Trojan ( 700000121 )` `TrendMicro: TROJ_FORUCON.BME` `Symantec: Ransom.TeslaCrypt` `ESET-NOD32: a variant of MSIL/Filecoder.Jigsaw.B` `TrendMicro-HouseCall: TROJ_FORUCON.BME` `Paloalto: generic.ml` `ClamAV: Win.Trojan.Agent570299944/CRDF-1` `Kaspersky: Trojan.Win32.Scar.oenx` `BitDefender: Generic.MSIL.Ransomware.Jigsaw.65F4BA28` `NANO-Antivirus: Trojan.Win32.Ransom.edgdne` `ViRobot: Trojan.Win32.S.Ransom.534528[h]` `Avast: Win32:Trojan-gen` `Tencent: Win32.Trojan.Scar.Hsit` `Ad-Aware: Generic.MSIL.Ransomware.Jigsaw.65F4BA28` `Sophos: Troj/Ransom-DFT` `Comodo: UnclassifiedMalware` `F-Secure: Generic.MSIL.Ransomware.Jigsaw.65F4BA28` `DrWeb: Trojan.Encoder.4786` `VIPRE: Trojan.Win32.Generic!BT` `Invincea: virtool.win32.obfuscator.mft` `McAfee-GW-Edition: RDN/Ransom` `Emsisoft: Generic.MSIL.Ransomware.Jigsaw.65F4BA28 (B)` `SentinelOne: static engine - malicious` `Cyren: W32/Trojan.BNUU-1312` `Jiangmin: Trojan.Scar.ghv` `Webroot: W32.Trojan.Genkd` `Avira: TR/Ransom.zquk` `Microsoft: Ransom:MSIL/JigsawLocker.A` `Endgame: malicious (high confidence)` `Arcabit: Generic.MSIL.Ransomware.Jigsaw.65F4BA28` `AegisLab: Troj.W32.Scar!c` `ZoneAlarm: Trojan.Win32.Scar.oenx` `GData: Generic.MSIL.Ransomware.Jigsaw.65F4BA28` `ALYac: Generic.MSIL.Ransomware.Jigsaw.65F4BA28` `AVware: Trojan.Win32.Generic!BT` `VBA32: Trojan.Scar` `Yandex: Trojan.Scar!waBJyxaPvNo` `Ikarus: Trojan-Ransom.JigSaw` `Fortinet: MSIL/Generic.DN.17A29D!tr` `AVG: FileCryptor.LRG` `Panda: Trj/GdSda.A` `CrowdStrike: malicious_confidence_93% (W)` `Qihoo-360: HEUR/QVM03.0.Malware.Gen`

Hashes

MD5	`26b3db3ac5bd9dcfcb485c9e0c200a80`
SHA1	`ddc3a547711fe0a4cd3affb3924beeba87b9f60b`
SHA256	`0b164fc0270c83f0d5c3ac554421cfbccd0404ae7c79f700aa485fdf86912ef4`
SHA3	`9acf0d87b0f0dc02fde7e95230d096fd0eb1df9ccd612ef5009c53d8b7deedb8`
SSDeep	`12288:SlM0k4H7DEUhNfHXQn+yR/3RHzsmP+agVznWqZa/Cr78:MjMUh1HXQL/BHzsmGTGK`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2016-Jun-03 19:43:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x81c00`
SizeOfInitializedData	`0x82400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00083B72 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x84000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x88000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bb429b8a866779420890fc6a2d126241`
SHA1	`71068e3551100fdfb55c110e36f4a73bc809a2cc`
SHA256	`116c7a0c750b8f85583d9d42ffe4f43ce619942a0444105bf3d5f45aa921a735`
SHA3	`ab40c5e697a0088e476c1bcb5583916c5a0e2ae7828713e75f52d2de9b2fe5f5`
VirtualSize	`0x81b78`
VirtualAddress	`0x2000`
SizeOfRawData	`0x81c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.82567`

.reloc

MD5	`2a99eed29d2a9f3b45776a9b5f023e7d`
SHA1	`ae83c41e6a6a73f867a9e6b113842cbb6522be32`
SHA256	`cc3f1b3e218a5e903d897ad6b215d37de9fa4a656b0edbd5753bd9c2b5ddd60b`
SHA3	`e762d0cd223bb5aac625f2a8292f6ccc563b7b2dfcd62ea010280bafaee5daad`
VirtualSize	`0xc`
VirtualAddress	`0x84000`
SizeOfRawData	`0x200`
PointerToRawData	`0x81e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

.rsrc

MD5	`313792d140075244e07ff48e32d287ab`
SHA1	`c8a46c3dca9ecf727a27cdc1fdab1c9686290121`
SHA256	`577c51ef48bdb8b63eded82ed221c3891747cfcdc26e235b2ba25b4e50a3422e`
SHA3	`a2db7faa7748f7fa1dd158ab276647a6eda5ea7be334ab31c7c0ccee5f5d9486`
VirtualSize	`0x704`
VirtualAddress	`0x86000`
SizeOfRawData	`0x800`
PointerToRawData	`0x82000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.79731`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x478`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43493`
MD5	`b1c96aa353c6d00370c53004d71c2b97`
SHA1	`6412618fa829e495e7d14674697a85282764f4c9`
SHA256	`9e0bb65b4fab346ff766632abc394ea1b317c8efe5f5cdef0bf48eae96025152`
SHA3	`3b10689d823f6dfdcc663d57d8300ea1bd1fc789a038d1fc2bea8b126a9b911f`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.5.0.16
ProductVersion	3.5.0.16
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	VirtuMalks
CompanyName	VirtuMalks Corporation
FileDescription	VirtuMalks
FileVersion (#2)	3.5.00.16
InternalName	BitcoinBlackmailer.exe
LegalCopyright	Copyright (C) 2010-2016 VirtuMalks Corp. All rights reserved.
LegalTrademarks	Copyright (C) 2010-2016 VirtualMaller Corporation. All rights reserved.
OriginalFilename	BitcoinBlackmailer.exe
ProductName	VirtuMalks
ProductVersion (#2)	3.5.00.16
Assembly Version	2.4.5.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-Jun-03 19:43:00
Version	`0.0`
SizeofData	`132`
AddressOfRawData	`0x731c0`
PointerToRawData	`0x713c0`
Referenced File	C:\Users\Monument\Desktop\newwar33\BitcoinBlackmailer\BitcoinBlackmailer\bin\Release\BitcoinBlackmailer.pdb

TLS Callbacks

Load Configuration

RICH Header

26b3db3ac5bd9dcfcb485c9e0c200a80

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.reloc

.rsrc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors