Manalyze report for 2df08e97287ace8340e0a1ba886c6bd1

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2096-May-21 02:23:19
Debug artifacts	D:\PROJELER\Biten Projeler\EASYSOFT - Diyarbakır\YEDEKLEME\easycloud\easycloud\BoysisBackup\obj\Debug\easycloud.pdb
Comments
CompanyName
FileDescription	easycloud
FileVersion	`1.0.0.0`
InternalName	easycloud.exe
LegalCopyright	Copyright © 2023
LegalTrademarks
OriginalFilename	easycloud.exe
ProductName	easycloud
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` `Contains domain names: cihanoz.com easysoft.com hotmail.com http://icanhazip.com http://www.easysoft.com.tr http://www.easysoft.com.tr' https://easysoft.com.tr https://easysoft.com.tr/ https://www.iletimerkezi.com https://www.iletimerkezi.com/panel/auth/signup/ icanhazip.com iletimerkezi.com inkscape.org smslogin.nac.com smtp.yandex.com www.easysoft.com www.iletimerkezi.com www.inkscape.org yandex.com`
Malicious	VirusTotal score: 3/72 (Scanned on 2024-10-01 19:33:04)	`CrowdStrike: win/malicious_confidence_60% (D)` `MaxSecure: Trojan.Malware.300983.susgen` `VirIT: Trojan.Win32.MSIL_Heur.A`

Hashes

MD5	`2df08e97287ace8340e0a1ba886c6bd1`
SHA1	`4c80afd5efba50bd3038f89f01dd1208e1919271`
SHA256	`926b719379c304373ef3334f49a8f97886a168a5a1d975fd7411f4c9f8fc8793`
SHA3	`720077f99006057af2017b51721a293595b0a02de22918262940f63311829310`
SSDeep	`12288:5Bp/Aw7F2igSB4E5lgBp/Aw7F28KeeFugSB4E0Bp/Aw7F2MBp/Aw7F2tf7p/Aw7:5LX9BHgL5mu9BwL9LsZ`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2096-May-21 02:23:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x9d400`
SizeOfInitializedData	`0xf800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0009F28E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xa0000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb2000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a1f6416bcdd183bd155f93821d928e29`
SHA1	`5f16859926f5a3272f785a444e4d6a3ea0eb460f`
SHA256	`f3c3b8e09c4576803a7696ddb158b8823b254a5d9c70ef2f815e4c73bc5ea952`
SHA3	`0a60d2a6d6d245630c98303576fbfe0210abfe859b49f37c03bff14ae6d98204`
VirtualSize	`0x9d294`
VirtualAddress	`0x2000`
SizeOfRawData	`0x9d400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.38344`

.rsrc

MD5	`5dd4705c65fc9d9a3b8b53ab56ad7f39`
SHA1	`1a35fbba2079a10e7e9cfff58272552167ad3aab`
SHA256	`b29e00a4bf80e8a7225b3af3ed36e0abe682d8e8a8c0fbd91d4d9e70df101952`
SHA3	`5282bbdaca0f68fe160746f59923011d9c2571b8130fb6156d35ddcec7e60fc9`
VirtualSize	`0xf4ac`
VirtualAddress	`0xa0000`
SizeOfRawData	`0xf600`
PointerToRawData	`0x9d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.17423`

.reloc

MD5	`73c6358bdf9cbacd89e74168c6e9216a`
SHA1	`2cd1dbebdb0a4e20f1c84bf205c7de41d41fe328`
SHA256	`d4d256d442316a58b270b53b583c34fbd23bcd771f9fee6d79a8a73e6969c2dd`
SHA3	`4131348db2bc2ec16a6f0675b60e953d855043dce2c9f703c85919f87dfee988`
VirtualSize	`0xc`
VirtualAddress	`0xb0000`
SizeOfRawData	`0x200`
PointerToRawData	`0xacc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04376`
MD5	`8af8b0fa71ae36a7e3e99a8b65caeef3`
SHA1	`4a722af2c8801da428e903ac4baaabbbdcce5909`
SHA256	`6bff5073bbc9752e22ad8653e02f3317f3e66ecb17f033820ee5e6f3434ed314`
SHA3	`b10209482f35a2318e596bd019b751442934b39ba13a920f2386e218abbcd21f`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.66671`
MD5	`05cb999385859c91607f53bced311202`
SHA1	`6b985cdc16b04a22c76442fbeed91daff4f890c8`
SHA256	`a824e1faadffd65b8ca7b7872cc7f054fc7d92f215531df33c89401897a2110f`
SHA3	`9c1b9de5056aa31b25452cdda9dae78d7ee2cc84507cf83ba9ee62704bf93a49`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21572`
MD5	`abd932086576c6508e8126b593554fdc`
SHA1	`4d18bc3c4b491cb5218e10c7c859417c047481cf`
SHA256	`8a786e438d8e9726ad2f46368a6d3850d66a6914223d90b275a85be254baadb8`
SHA3	`f31d78e4d7a650ffaf6e74b6237646ef68080399d409a16475b2deb1ae5f00a3`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.7621`
MD5	`ede3a59d10b11b71ba25b25f147addb9`
SHA1	`d1c2fc21ca72b688307852b344f34ca4e2e7ad89`
SHA256	`2bc69c6962e063409964540499bf7b4ca14947d09fdfdd3619f655daaf81d21a`
SHA3	`33e051028536b0406d552e1f1626e6ee4e7dd42d7d217c4feba8e40fbdfcf310`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xa923`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97597`
Detected Filetype	PNG graphic file
MD5	`9c77e7128557b5455699522f306d2edf`
SHA1	`01c4849d50f6767f7bb6f3d7767ba9c6f6d02aa6`
SHA256	`be1119362bd39446f6da2fd1c806a52a1a2ae777d336abb07a8fbd7f9344d489`
SHA3	`51f774313ea502627901dc88a00be0617ca75ba842061b0b3da6fed4b3980873`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64638`
Detected Filetype	Icon file
MD5	`062ec743133720c91dec67803467e7e3`
SHA1	`52bf91085cb63d45ec299d44fb39865158906082`
SHA256	`386dacabd8c26b08ecd00af27558bfa357002a0663ca82be269fb6d73ea2bd6b`
SHA3	`4a2bfec568f0d02fb6941f3940cf466c0766ddd9805e3101a4e19878a9065f2f`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27573`
MD5	`ebd142515ec133d7aa837cc2b934e1dc`
SHA1	`592f5c12334a15788b29b24a1a530f27ffc0e971`
SHA256	`11f4faf0cfb2100ed97a6d6e881ec29600e994808c547f47fcb75df0b6bd80d4`
SHA3	`1ac1359b4530a508d1452def5f64bee35c50057b1226acf276742e9750670349`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	easycloud
FileVersion (#2)	1.0.0.0
InternalName	easycloud.exe
LegalCopyright	Copyright © 2023
LegalTrademarks
OriginalFilename	easycloud.exe
ProductName	easycloud
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2061-Jun-22 05:04:55
Version	`0.0`
SizeofData	`141`
AddressOfRawData	`0x9f1ac`
PointerToRawData	`0x9d3ac`
Referenced File	D:\PROJELER\Biten Projeler\EASYSOFT - Diyarbakır\YEDEKLEME\easycloud\easycloud\BoysisBackup\obj\Debug\easycloud.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

2df08e97287ace8340e0a1ba886c6bd1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors