Manalyze report for 36965deab3ff915de62da6384870848f2e476f7652d90ed98809cd53cf8734f7

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Aug-04 00:49:07
CompanyName	uProxy Tool 2.1
FileDescription	uProxy Tool 2.1
FileVersion	`2.1.0`
InternalName	applied.exe
LegalCopyright	© uProxy Tool 2.1
OriginalFilename	applied.exe
ProductName	uProxy Tool 2.1
ProductVersion	`2.1.0`
Assembly Version	2.1.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe` `Looks for Qemu presence: qEMU` `Accesses the WMI: root\CIMV2` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: azenv.net duckdns.org githubusercontent.com http://azenv.net httpbin.org https://api.ip.sb https://api.ip.sb/geoip%USERPEnvironmentROFILE%\AppDEnvironmentata\RoaEnvironmentmingAppData\Local\ProtonVPN https://api.ipify.orgcookies https://api.ipify.orgcookies//settinString.Removeg https://httpbin.org https://ipinfo.io https://raw.githubusercontent.com https://raw.githubusercontent.com/abhay991/uProxy/master/version.json mentalis.org raw.githubusercontent.com termsiya.duckdns.org www.mentalis.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Malicious	VirusTotal score: 40/71 (Scanned on 2022-08-09 18:31:13)	`Cynet: Malicious (score: 99)` `McAfee: Packed-PM!DCBCB5FE501F` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Save.a` `BitDefender: Gen:Variant.Razy.490172` `Cybereason: malicious.e501f3` `Arcabit: Trojan.Razy.D77ABC` `Cyren: W32/MSIL_Kryptik.CRY.gen!Eldorado` `Symantec: Scr.Malcode!gdn33` `Elastic: malicious (high confidence)` `ESET-NOD32: a variant of MSIL/TrojanDropper.Agent.FKI` `APEX: Malicious` `ClamAV: Win.Trojan.Redline-9938775-1` `Kaspersky: HEUR:Trojan.MSIL.Fileless.gen` `MicroWorld-eScan: Gen:Variant.Razy.490172` `Rising: Stealer.Agent!1.DC63 (CLASSIC)` `Ad-Aware: Gen:Variant.Razy.490172` `Emsisoft: Gen:Variant.Razy.490172 (B)` `Comodo: TrojWare.MSIL.Boilod.MFC@7j93d6` `DrWeb: BackDoor.Quasar.1` `VIPRE: Gen:Variant.Razy.490172` `McAfee-GW-Edition: Packed-PM!DCBCB5FE501F` `Trapmine: malicious.moderate.ml.score` `FireEye: Generic.mg.dcbcb5fe501f35aa` `Sophos: Troj/Reflekt-B` `Ikarus: Trojan.MSIL.Krypt` `Avira: TR/Dropper.MSIL.Gen` `Microsoft: Trojan:MSIL/Remcos.PH!MTB` `GData: Gen:Variant.Razy.490172` `Acronis: suspicious` `BitDefenderTheta: Gen:NN.ZemsilF.34582.@p0@aCHsROh` `ALYac: Gen:Variant.Razy.490172` `MAX: malware (ai score=82)` `Malwarebytes: Malware.AI.4149371037` `SentinelOne: Static AI - Malicious PE` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: MSIL/CoinMiner.DTL!tr` `AVG: Win32:PWSX-gen [Trj]` `Avast: Win32:PWSX-gen [Trj]` `CrowdStrike: win/malicious_confidence_70% (D)`

Hashes

MD5	`dcbcb5fe501f35aaa9c71664993655b4`
SHA1	`5f184a65c7b195bd5e97e395588f00fd102a87cd`
SHA256	`36965deab3ff915de62da6384870848f2e476f7652d90ed98809cd53cf8734f7`
SHA3	`af85b47df3681d4919c75eaabb3d55b24f7b42e477adc8a487b55639decbb990`
SSDeep	`98304:9IJ0tgk7dWjBKUoLIKyb5P0gMxx/cmnsORncumEJ1cCQ351rlB6+T/tIst+XJyT:RtgkRGiLIKyyg2czM2Prt/6s9`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-Aug-04 00:49:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x62ba00`
SizeOfInitializedData	`0x6000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0062D98E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x62e000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x636000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1ded21f0ccab044e62ff28a5f7e1d536`
SHA1	`b6876e9cbd1e7b1d70b6dcb29aa2475596339668`
SHA256	`2a6e6ae6ee38deb25615406e05d1d70bc80a03691fe893c1768630cb457f18b3`
SHA3	`e09a24d99edd6f599853c7ebbb29ce9d102293804fbf8253b05a7fb792e5d788`
VirtualSize	`0x62b994`
VirtualAddress	`0x2000`
SizeOfRawData	`0x62ba00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.89098`

.rsrc

MD5	`a0a88753e0a508bb170aecb24fbc01f6`
SHA1	`34733faee985f6eee9dc4e41849e427bd1fb7c01`
SHA256	`74e36c7e2e5a1cf6e45b8f4c0f38938790ac48848b33886c99fc27b3286b71af`
SHA3	`cc191ce3356bb324eba2f7750623423e64a50d3181c998d0a5612bfc3be458ba`
VirtualSize	`0x5d00`
VirtualAddress	`0x62e000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x62bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.14986`

.reloc

MD5	`60a0ad4ecf34cbc8b24ab140fdedf1eb`
SHA1	`28b0d17eecf3c72e8769fa931e100f0c0b33bae9`
SHA256	`92158f0bcec33b6e0c27dcb4dae760bdfb7cb890bec2351b3aba6d9545736dec`
SHA3	`00c1130550e2cf03ea414ff41097526ec21765a5de05185456b285e7530e6c85`
VirtualSize	`0xc`
VirtualAddress	`0x634000`
SizeOfRawData	`0x200`
PointerToRawData	`0x631a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.55255`
MD5	`211ea36b8abb5cad33f4d87f7633bf61`
SHA1	`4b4fd445fce33dc7c6116cba4a92a591c449f696`
SHA256	`253b5dda84a2ac83dde1d8108bc37aa9ea66bc171836c832bd5b0ef3e4f7c3ec`
SHA3	`aa42a027ccb97e30155a56001d30a01dc58ee3c40d685619f370f1e983e79ad6`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8936`
MD5	`de9331cb96e05fdd76d8814aedd57a7b`
SHA1	`c712e41981233fe1f096b70aa6bdb3cb7a0a2a02`
SHA256	`b337d682e3fe7ed80b9ab36a4ae62f30056fc89d6821961f9ccecd38a80579d6`
SHA3	`10fcb5db0b3dbeed2b28ff2b1c893965dc77cc8a414886435cdaa4a29de9ebd7`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93544`
MD5	`c09562d022599daefa4edd92b113f14d`
SHA1	`a03816c1a2412b60ce57238a466fb76f64b0d40c`
SHA256	`737260c2fb2e0b625daaffc50fc0b8658214ad3e07ab3c91c2c61f8106161130`
SHA3	`f45b9e8735811a2a09f5237a85b2f85fa55bf5dc205a8a586d769ba3652c91b6`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1c54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.65832`
Detected Filetype	PNG graphic file
MD5	`c3e13907b2acf3f1dfebef2c0b4b84ab`
SHA1	`2aab93c1282353fb29bf9ea3d6018e1fbed23df6`
SHA256	`69cac9d4434149b4b78833ad2e44e66907cb27077a3e276dd5acdd09f294c68a`
SHA3	`95cae8cd4cf5570f6b4d2ba9792234ac04702ecb0f5133261038831c6fcda78c`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55342`
Detected Filetype	Icon file
MD5	`3a97fe7cacefd31150b1d48099918ca1`
SHA1	`5666a0794e1c208c7d7e46f8a52ac40cc3b4d4c0`
SHA256	`0508a6a0bf2927427ba915df843ddd9e9e216140dfd1e99aa9ab694af1c0e47c`
SHA3	`bfdfb04388ca58b84736e2a5f41af34bef62969834f221b92e0b94e44202d6f8`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34177`
MD5	`ffda187a59bb847451081f802dba27f8`
SHA1	`2825d575a88ef8c16f41ca53e7dc5682d81f138f`
SHA256	`06e2c26370a6af7962e9d29a9ce6c1bb1f099d973da4741094e2e71499b7f65a`
SHA3	`37a148985a14f47a51d81025b61540c8c100d8bd0894f0cff470980ed81bf041`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.1.0.0
ProductVersion	2.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	uProxy Tool 2.1
FileDescription	uProxy Tool 2.1
FileVersion (#2)	2.1.0
InternalName	applied.exe
LegalCopyright	© uProxy Tool 2.1
OriginalFilename	applied.exe
ProductName	uProxy Tool 2.1
ProductVersion (#2)	2.1.0
Assembly Version	2.1.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.