3739d09c6ae40f1791526c281e7c4bea3c6925bc396d56e8dbeb6002417fd0c0
This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2025-Dec-13 22:43:15 |
| FileDescription | |
| FileVersion | 0.0.0.0 |
| InternalName | GPMPatcher.exe |
| LegalCopyright | |
| OriginalFilename | GPMPatcher.exe |
| ProductVersion | 0.0.0.0 |
| Assembly Version | 0.0.0.0 |
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft |
| Suspicious | The PE is possibly a dropper. | Resources amount for 91.528% of the executable. |
| Malicious | VirusTotal score: 30/59 (Scanned on 2026-02-08 05:14:54) |
APEX:
Malicious
Antiy-AVL: Trojan[Miner]/MSIL.CoinMiner Arcabit: Trojan.Generic.D4A8927A Bkav: W32.AIDetectMalware.CS CTX: exe.trojan.msil CrowdStrike: win/malicious_confidence_90% (W) Cylance: Unsafe DeepInstinct: MALICIOUS DrWeb: Trojan.Siggen32.16527 Elastic: malicious (high confidence) Emsisoft: Trojan.GenericKD.78156410 (B) Fortinet: PossibleThreat GData: Trojan.GenericKD.78156410 Google: Detected Kingsoft: MSIL.Trojan.CoinMiner.gen Lionic: Trojan.Win32.CoinMiner.4!c Malwarebytes: Generic.Malware/Suspicious McAfeeD: Real Protect-LS!E67DD5DE721F MicroWorld-eScan: Trojan.GenericKD.78156410 Microsoft: Trojan:Win32/Wacatac.B!ml Paloalto: generic.ml Sangfor: Trojan.Win32.Save.a SentinelOne: Static AI - Suspicious PE Sophos: Mal/Generic-S Symantec: ML.Attribute.HighConfidence Trapmine: suspicious.low.ml.score TrellixENS: Artemis!E67DD5DE721F VIPRE: Trojan.GenericKD.78156410 Varist: W32/ABTrojan.EMVC-2119 alibabacloud: Trojan:MSIL/CoinMiner.gyf |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x80 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 3 |
| TimeDateStamp | 2025-Dec-13 22:43:15 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 11.0 |
| SizeOfCode | 0x1e00 |
| SizeOfInitializedData | 0x18e00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00003DCE (Section: .text) |
| BaseOfCode | 0x2000 |
| BaseOfData | 0x4000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x2000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x20000 |
| SizeOfHeaders | 0x200 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rsrc
.reloc
Imports
| mscoree.dll |
_CorExeMain
|
|---|
Delayed Imports
2
3
4
5
6
32512
1
1 (#2)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 0.0.0.0 |
| ProductVersion | 0.0.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| FileDescription | |
| FileVersion (#2) | 0.0.0.0 |
| InternalName | GPMPatcher.exe |
| LegalCopyright | |
| OriginalFilename | GPMPatcher.exe |
| ProductVersion (#2) | 0.0.0.0 |
| Assembly Version | 0.0.0.0 |
| Resource LangID | UNKNOWN |
|---|
TLS Callbacks
Load Configuration
RICH Header
Errors
Leave a comment
No comments yet.