Manalyze report for 2c9f15a4395b897406b98c621d6df79d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2051-Jul-05 11:43:57
Debug artifacts	C:\Users\aless\source\repos\CeleryCracked\CeleryCracked\obj\Debug\CeleryCracked.pdb
Comments
CompanyName
FileDescription	CeleryCracked
FileVersion	`1.0.0.0`
InternalName	CeleryCracked.dll
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	CeleryCracked.dll
ProductName	CeleryCracked
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET DLL -> Microsoft`
Suspicious	The PE is possibly packed.	`The PE only has 1 import(s).`
Malicious	VirusTotal score: 3/74 (Scanned on 2024-07-03 19:07:07)	`CrowdStrike: win/malicious_confidence_70% (D)` `DeepInstinct: MALICIOUS` `Google: Detected`

Hashes

MD5	`2c9f15a4395b897406b98c621d6df79d`
SHA1	`2a4b60d4332ec8b942fdcde38efc98a55727d42e`
SHA256	`e114d358e9a298573f7b89ecc526c292d0a504e1a1626233d1f01cc62cfd07fa`
SHA3	`623a1b01a66a222ee213cd6092a087dc7a2d94d0211991184d152c49d33bfc21`
SSDeep	`384:f0eaQPSlVBK+ginIR9PEjqn1wei+oEBtB3P4bPYZu9TzksoS5nVDS:8eoVBK99T1wL+VNPCD35n1S`
Imports Hash	`dae02f32a21e03ce65412f6e56942daa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2051-Jul-05 11:43:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00007F2A (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x8000`
ImageBase	`0x10000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6e8cc9728363f6cf47fe5b9e55702ffc`
SHA1	`892630da4f7ae41d120074d1750cfcb8114a403f`
SHA256	`162184ffb1d19c0eb480d37d12359e07ac092e872fe149c26c92d28c7c85addd`
SHA3	`ee4857e9661e116c0b4610f167fa048c5d6737a73a582c93670f3661fa43d4a9`
VirtualSize	`0x5f30`
VirtualAddress	`0x2000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.66358`

.rsrc

MD5	`ebb66870be879c634d74746430371a68`
SHA1	`62186960e61e99e97c5652eae5d37276a532628f`
SHA256	`db6f58169496487a5386b7571754895d28237696597ad740b8f1dd5454b13910`
SHA3	`0de36bfa937b6bffdbae36e70ab9ac91da29fb3f95197eabe70a7bbd181406a4`
VirtualSize	`0x398`
VirtualAddress	`0x8000`
SizeOfRawData	`0x400`
PointerToRawData	`0x6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.88129`

.reloc

MD5	`8f60c4d12d8ce1a32dc71f95a307472b`
SHA1	`e45725154362d3221364bc80080e68c2a0125192`
SHA256	`8fd25394e6335c70787fab80afae899f31cad0036fdce988e38fd2d7c1301a81`
SHA3	`36a2f7bca42137fbc5508d635b9d37974ee4383afc22e47f7a3bbb0fec91ee97`
VirtualSize	`0xc`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorDllMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x33c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26176`
MD5	`d2b910aae3e573770e5fda6b31afc966`
SHA1	`be773cab0391d6ed0c7dd1ed5b5e47a2601fe599`
SHA256	`40b0e60d028e0d5c882627b60ac1a4c177942d35f87c30de30d178da6cff6d1f`
SHA3	`d7d0df13dfe1aa6bf545ed2f54285925985c096998e2015ebc39e1ff30496516`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments
CompanyName
FileDescription	CeleryCracked
FileVersion (#2)	1.0.0.0
InternalName	CeleryCracked.dll
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	CeleryCracked.dll
ProductName	CeleryCracked
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2097-Feb-10 20:41:06
Version	`0.0`
SizeofData	`108`
AddressOfRawData	`0x7e6c`
PointerToRawData	`0x606c`
Referenced File	C:\Users\aless\source\repos\CeleryCracked\CeleryCracked\obj\Debug\CeleryCracked.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

2c9f15a4395b897406b98c621d6df79d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors