Manalyze report for 27dc704e4e985569824077eaf8666193

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Dec-09 18:58:13
Comments
CompanyName
FileDescription	EncWare
FileVersion	`1.0.0.0`
InternalName	EncWare.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	EncWare.exe
ProductName	EncWare
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	`Contains domain names: inkscape.org www.inkscape.org`
Suspicious	The file contains overlay data.	`46782 bytes of data starting at offset 0x5800.` `The overlay data has an entropy of 7.81882 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 18/73 (Scanned on 2024-10-28 11:18:29)	`APEX: Malicious` `Bkav: W32.AIDetectMalware.CS` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_60% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.27dc704e4e985569` `Fortinet: PossibleThreat` `Google: Detected` `Kingsoft: malware.kb.c.1000` `Lionic: Trojan.Win32.Generic.4!c` `McAfee: Artemis!27DC704E4E98` `SentinelOne: Static AI - Malicious PE` `Sophos: Generic ML PUA (PUA)` `Trapmine: malicious.high.ml.score` `Varist: W32/ABApplication.PRAY-7060` `VirIT: Trojan.Win32.MSIL_Heur.A`

Hashes

MD5	`27dc704e4e985569824077eaf8666193`
SHA1	`a8d60c8da96fc87f335f4f5d9d53c4d0a876eecb`
SHA256	`9dfbda6a704fa4590b45f8170e66c7239a996d860dff5532dd99725b273074be`
SHA3	`74d45edebf9d248613465df4f4b9cd9f63069a92a11306e0a934588f185461a6`
SSDeep	`1536:A65/d5F+n5V8RATFrB6zfWOmkPnifHhTgvPyxSr:zl5E5aRA5rB6zqvfHhTgvPyxSr`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x40`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x2`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0xb400`
e_oeminfo	`0xcd09`
e_lfanew	`0x40`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2010-Dec-09 18:58:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002E5E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`32631ad5861abbf0626d6e7d49ffef05`
SHA1	`c9c6bdfab85a2aae30e591c2f16c4dd350ab6597`
SHA256	`a164a375296627b9a08bc5a55c61d543b88ab0e93e2e0b3f1ed355a9c07f8bac`
SHA3	`8f33fcea6e104ff31cddb6933df450ec4faf18e871f49393392b58f1c0f6365a`
VirtualSize	`0xe64`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.26155`

.rsrc

MD5	`082eefd2989e1aca6842738986f3aeb4`
SHA1	`07f2eb17d72cfb5a24c91425b240994649086382`
SHA256	`b6f3f78dcc1bcedb830446682fc6fa161b2a8848f3312a5d652138ee4d90ea03`
SHA3	`7eb5e813182affcbff6d1dd434ef0e26cd120782614ce321098a6fbdeb0c45d4`
VirtualSize	`0x42b4`
VirtualAddress	`0x4000`
SizeOfRawData	`0x4400`
PointerToRawData	`0x1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0687`

.reloc

MD5	`a12de9f32117a9f74185ea1fb0eb5cfe`
SHA1	`075ef48fc2f3e2f84c725a2e93ff8a6f16a31fd6`
SHA256	`6bdb8bfd9a5d19c93d5492d469684ca1e496d93257b6b184ba6787b698cba043`
SHA3	`5ff7675e42b6003426c73df0233436a5123e565f925feb3d060bd1e9abde2b12`
VirtualSize	`0xc`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35477`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77826`
MD5	`61846c8834831094be5378c572bb79a3`
SHA1	`e5c72e93f133ba6e852e096fe88455390ca48b69`
SHA256	`20c3b0ceac6f34c0dbda418532c8f518b7e90d70f4155444b2912911a8857e1c`
SHA3	`1469b3c6be6832cec79f6a8b4efc10f398c28425bdb01ed99cdcbc2b08b136f8`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.07593`
MD5	`a8306e74f9a9d8625a73a644be63e518`
SHA1	`7a13c8d3a506e19f1a267dbaea034f270fc1da5d`
SHA256	`3f9734b791f7d9e17f16f437f91e30092aabeea24bed48890073547a82605970`
SHA3	`3b9f0cac88ec9ec0cddfd5bd68802cf08233fd33fb3f1ed3e14b0887b6bef69c`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.16421`
MD5	`4f7a52dbb3886f9d314984bce2acb445`
SHA1	`0fff59aefc97e1f3a7c324cfde9b001c816f986e`
SHA256	`36fbfc80a0fa03e502c1d8aae0b5fe387c992d8d44f6f42ba08af96d309e7bb0`
SHA3	`568aacff44c83aa99ec3520918ad84335909f54a6b4d5ab3d65df9fe373561f0`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51589`
Detected Filetype	Icon file
MD5	`298232997883411f1ee110d990f9551c`
SHA1	`4ffeb8f324718a55a88d60510e45437add99e956`
SHA256	`d688200ab02f6fe049104a3e63ed160087c953b6d812e469db2aa2275e366cec`
SHA3	`9da59cc538741e621778c8be995153688357f472f6c6a9c481d5f33ff19c500a`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24928`
MD5	`ec03623ed361d497b1ee4cc79ca9b226`
SHA1	`407b922fe128fe2c0463f7ad8fa9093cee8cef15`
SHA256	`aa6fee19cbf78132a9ad6184b98b501467e03800f5a1c1964ee963f9240abb63`
SHA3	`b5eb37175d380beb060ade8e2abf108f44334dd292d3628733dfa25f4b0f8741`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	EncWare
FileVersion (#2)	1.0.0.0
InternalName	EncWare.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	EncWare.exe
ProductName	EncWare
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

27dc704e4e985569824077eaf8666193

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors