Manalyze report for f6cb85c3971b02e9ab05594d32601e39ac8535270a9b8b67712a08530134a897

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2081-Sep-23 12:17:32
Comments	XHP Booster
CompanyName
FileDescription	XHP
FileVersion	`12.9.1.22`
InternalName	Steanings.exe
LegalCopyright	XHP Corporation Copyright © 2021
LegalTrademarks
OriginalFilename	Steanings.exe
ProductName	XHP booster
ProductVersion	`12.9.1.22`
Assembly Version	1.1.21.1

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe` `Accesses the WMI: ROOT\Security` `Contains domain names: https://api.ip.sb https://api.ip.sb/ip`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Malicious	VirusTotal score: 62/72 (Scanned on 2025-09-03 14:48:23)	`ALYac: Gen:Variant.Jalapeno.421` `APEX: Malicious` `AVG: Win32:MalwareX-gen [Pws]` `AhnLab-V3: Trojan/Win.Dacic.R641638` `Alibaba: TrojanSpy:MSIL/RedLineStealz.0fff5ee9` `Arcabit: Trojan.Jalapeno.421` `Avast: Win32:MalwareX-gen [Pws]` `Avira: HEUR/AGEN.1376350` `BitDefender: Gen:Variant.Jalapeno.421` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.Generic.TRFH1229` `CTX: exe.trojan.msil` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.PWS.Stealer.38294` `ESET-NOD32: a variant of MSIL/Spy.RedLine.A` `Elastic: Windows.Generic.Threat` `Emsisoft: Gen:Variant.Jalapeno.421 (B)` `F-Secure: Heuristic.HEUR/AGEN.1376350` `Fortinet: MSIL/RedLine.A!tr.spy` `GData: MSIL.Trojan-Stealer.Redline.G` `Google: Detected` `Gridinsoft: Trojan.Win32.RedLine.mz!n` `Ikarus: Trojan-Spy.MSIL.Redline` `Jiangmin: TrojanSpy.MSIL.ddcb` `K7AntiVirus: Spyware ( 0059955a1 )` `K7GW: Spyware ( 0059955a1 )` `Kaspersky: HEUR:Trojan-Spy.MSIL.Stealer.gen` `Lionic: Trojan.Win32.RedLine.l!c` `Malwarebytes: Trojan.MalPack.MSIL` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!F6CB85C3971B` `MicroWorld-eScan: Gen:Variant.Jalapeno.421` `Microsoft: Trojan:MSIL/RedLineStealz.A!MTB` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Stealer.RedLine!1.11745 (CLASSIC)` `SUPERAntiSpyware: Trojan.Agent/Gen-SpyStealer` `Sangfor: Virus.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Infected.fm` `Sophos: Troj/Redline-D` `Symantec: ML.Attribute.HighConfidence` `TACHYON: Trojan-Spy/W32.DN-InfoStealer.307712.D` `Tencent: Trojan-Spy.Msil.Redline.16001319` `Trapmine: suspicious.low.ml.score` `TrellixENS: ACL/Infostealer RedLine` `TrendMicro: TrojanSpy.Win32.METASTEALER.YXFIBZ` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9j` `VBA32: Trojan.MSIL.InfoStealer.gen.U` `VIPRE: Gen:Variant.Jalapeno.421` `Varist: W32/MSIL_Kryptik.KFT.gen!Eldorado` `ViRobot: Trojan.Win.Z.Redline.307712.QK` `VirIT: Trojan.Win32.MSIL_Heur.A` `Webroot: W32.Trojan.Gen` `Yandex: TrojanSpy.RedLine!EfZ9EzHb3Bk` `Zillya: Trojan.RedLine.Win32.12513` `ZoneAlarm: Troj/Redline-D` `alibabacloud: Trojan[downloader]:MSIL/Redline.GD!MTB` `huorong: TrojanSpy/RedLine.q` `tehtris: Generic.Malware`

Hashes

MD5	`3a79b9689b4d6dbe98b30ec02aa0dd4c`
SHA1	`4bdd300c7618a07866eb06da9023435ccdf06766`
SHA256	`f6cb85c3971b02e9ab05594d32601e39ac8535270a9b8b67712a08530134a897`
SHA3	`bcb7eee6baa627e49069b7c21940b317d4abf30ec04f4c1ae111c405453142b8`
SSDeep	`3072:acZqf7D34xp/0+mA+kyI7BQwg02+B1fA0PuTVAtkxzC3RMeqiOL2bBOA:acZqf7DIjnfmcB1fA0GTV8k80L`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2081-Sep-23 12:17:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x2e400`
SizeOfInitializedData	`0x1cc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0003028E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x32000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x52000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5075f2d8b755beb4447e3074cd57a44a`
SHA1	`eeb15d12dc369b35280017aa73e6fed6719ccd83`
SHA256	`ef55806f3c5a0941680297aea438dd6e00695e45824c81a4b8a53e92b8f911f2`
SHA3	`061592a524c0febe0c2043fbb39f67cbedb1896ae14e4f63983c200ac4d69b24`
VirtualSize	`0x2e294`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2e400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18612`

.rsrc

MD5	`a8cf3f8ff27a4a736ba8fb433d91107f`
SHA1	`afd1b72a88391e7774fb483dc23e29c6bcb14449`
SHA256	`84bc6867d7d116e8bc8735f7d3e6bcf806855814574629bf9ee1fbac4875977c`
SHA3	`a2852d89865c6bbfe6e9e3c98a95f76a39cd9f73957e88ebf32034242fb36488`
VirtualSize	`0x1c9c6`
VirtualAddress	`0x32000`
SizeOfRawData	`0x1ca00`
PointerToRawData	`0x2e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.61503`

.reloc

MD5	`21472a05bd31cf3b960b3bcc0808216b`
SHA1	`1e6ee06e96e8f15bb5b7cc6e4ea19c7f4adb76ed`
SHA256	`e731b91343feb014a947c36716ad9bca5d2728ddbc8b9aa1bf24f3499673522d`
SHA3	`f87dc3f0bc6411d5ddf0aa05d0b8848a6b45f6d2daac106f9f5cc048259377cb`
VirtualSize	`0xc`
VirtualAddress	`0x50000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3d04`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95336`
Detected Filetype	PNG graphic file
MD5	`22be5d333d0399a77cb54f4996462f5a`
SHA1	`04dfabe96c2cd026fe2a089bfb54ee7588217b35`
SHA256	`cd249be4ec0fc4350f8969b3dc01ea0ec3856fd2e8351da22b0adb4fa64d8ee8`
SHA3	`82d8250ed759dc403ef6199f650c1978453745ff3280aee662f726413b6b35ed`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.07528`
MD5	`eeb7ed4b87a558846ce1113ec672757c`
SHA1	`5935177d8f6ee18dd7c32516d73068fc7c20ceb5`
SHA256	`b464649c128a23b6cbd07afc310d2a0e236ce10eeaeb58722037d337172ddd9c`
SHA3	`0eb237f1b960c9d8c28f4ab187d1085fed520c839db5a9b245d047055aaa73cd`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.39754`
MD5	`4109542d3f100e2e68610b94150b3de6`
SHA1	`b3b774cae588fd36001db0e50712f70b5b3bc5e2`
SHA256	`979216f540a9c34caca43d65b64b926b7e1acde6dbd9a788ba4edee0522f1c08`
SHA3	`6150ac9249ec53aa883be2338eeb4d991f81560ea08ed5c70d64e6f8a1f01d7d`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.5647`
MD5	`aab4427f10609cf9e42087c10671c6b4`
SHA1	`dbae758d205585f375e401ab3ede0f59e63b85ea`
SHA256	`4ef0c4573c05937eaa7b6e7efe8aac7ecef6694800894d712540ca9f96566db8`
SHA3	`db8f92a7718318f1c026c3fb023f5ec3467201a60774455ac11dfbb67b9b903c`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.72847`
MD5	`2d24731469485358d49ca8bec5d0dd94`
SHA1	`ce17bb8a7405af4056e49dc3d3c5fc6e4670fb87`
SHA256	`a286ca443a25d00e74dd8ddba019cdb03034371689b8cc37e60eb986345d6b80`
SHA3	`12d3338e92020fb9dafe81413cd3e971e6b4ff8e06cb2dbb701336329bf8c514`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.71871`
MD5	`1eb49cab0f0b80cd0f7bbf6fdb9fbc79`
SHA1	`29f3ffdcbd158db4d04c026e261c916a6fc7ee65`
SHA256	`e83c77dfcf381de433dca18fe4cab9d70f13f0642ef68f95cd290a4d32ac0a58`
SHA3	`1d8684860c0598b6435c6e161a18f547bd6dcdf9be49902f42060092d5332f2e`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76847`
Detected Filetype	Icon file
MD5	`635e84d1f4907c23467a291436a7a589`
SHA1	`01bc12f3c28c1a5b0d5a7c00a9a115f7575babaf`
SHA256	`b5b54f68cbb4b0b77e612a16642d77683c4e6832ace5b2012cfb53e27db0617c`
SHA3	`fe68f22452d7a8a81560aca1dec077a5df553612c50a76e89f38cd1613b02c3a`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x352`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39517`
MD5	`3721e7ab8062698b7a99efbfba9e7182`
SHA1	`df3ac92bd5c291119f0ef408a80d95523ea1de8e`
SHA256	`a55bcf73b9ae9ab85327ea23d3ea34c9b90bd2d4d9bce5be04d7593d0aebcbb5`
SHA3	`8653c1e6446faaea9f21c46cbba0d9a3601ff89aaa396614603a8cb9ee7bbbae`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	12.9.1.22
ProductVersion	12.9.1.22
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	XHP Booster
CompanyName
FileDescription	XHP
FileVersion (#2)	12.9.1.22
InternalName	Steanings.exe
LegalCopyright	XHP Corporation Copyright © 2021
LegalTrademarks
OriginalFilename	Steanings.exe
ProductName	XHP booster
ProductVersion (#2)	12.9.1.22
Assembly Version	1.1.21.1

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.