Manalyze report for 3b3c3b67e2729f042614c0dcf4f17919179175f2880bca673b37333832a0a341

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Mar-05 14:28:33
Comments	Automotive Diagnostics Software
CompanyName	RenOLink
FileDescription	RenOLink
FileVersion	`1.99.0.0`
InternalName	RenOLink.exe
LegalCopyright	Gabriel Gafu (gabigafu@hotmail.com)
LegalTrademarks
OriginalFilename	RenOLink.exe
ProductName	RenOLink
ProductVersion	`1.99.0.0`
Assembly Version	1.99.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: apache.org hotmail.com http://www.apache.org http://www.apache.org/ http://www.apache.org/licenses/ http://www.apache.org/licenses/LICENSE-2.0 www.apache.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to AES` `Uses constants related to TEA`
Malicious	VirusTotal score: 7/72 (Scanned on 2024-11-04 09:58:43)	`Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `CrowdStrike: win/malicious_confidence_60% (W)` `MaxSecure: Trojan.Malware.300983.susgen` `McAfee: Artemis!301999C190AE` `McAfeeD: ti!3B3C3B67E272` `VBA32: Trojan.MSIL.zgRAT.Heur`

Hashes

MD5	`301999c190ae66414566c1c2c51b6820`
SHA1	`9c2795096fdf1eb7d62111dbdfa7445e57968e15`
SHA256	`3b3c3b67e2729f042614c0dcf4f17919179175f2880bca673b37333832a0a341`
SHA3	`a3f5fc6bd6be70000f4653e2120337f91d1e1c903602a8e0066adea2c5932461`
SSDeep	`24576:5anHbaTSvR/a8dQuQtl4Fm2zZbGakbjAUdaGBXfy:InHba+vR/dF+mogUdF5y`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-Mar-05 14:28:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x24e400`
SizeOfInitializedData	`0x4400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0025036E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x252000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x25a000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`15`

.text

MD5	`7200a28ff460fd1a092c118599229fda`
SHA1	`8e8564ede65f569e86f25ca17cd8eba9a4721596`
SHA256	`8ffc47cdf793d98fb1b5b75311fd222d9b7e0f6ac047fe3402a57a7eacf005ad`
SHA3	`d14057b9392623fcae28bad2d7363b3bb472e9fe82836a0edda0866165cebb38`
VirtualSize	`0x24e374`
VirtualAddress	`0x2000`
SizeOfRawData	`0x24e400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42854`

.rsrc

MD5	`cdb5b971cd0b374a844824c5368e5a61`
SHA1	`778c361c87d5572350275671d46a918ef27b1a24`
SHA256	`1fee3d362e2c92aa484d9516287ff6305d64e45523e2b770659cf6c80cff749b`
SHA3	`762c8a0f8a71636df2de5cd72a291d72adca634efbb63bdf2f73978e888de79e`
VirtualSize	`0x41c4`
VirtualAddress	`0x252000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x24e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.67647`

.reloc

MD5	`f5b471ad49874375cccd5976686cd072`
SHA1	`4aafb8432e33a4487fd5a8f285544d7b47795dcc`
SHA256	`5a2ed6a3dc6c0a1b299eaaa21ff6ce4c1fb174967653dd85b5e3dedad20d5ef6`
SHA3	`d02b1edda0faf4f352709bbb0e1898ea3dba3f09b7b68aec80bbbfe42c2e3c27`
VirtualSize	`0xc`
VirtualAddress	`0x258000`
SizeOfRawData	`0x200`
PointerToRawData	`0x252800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77624`
MD5	`8ba4e38ae569e020478333615ad0c5d7`
SHA1	`c82545c1f9ca601cec2aa10becb13d1a33df372e`
SHA256	`9eb91d27d32227714fbcabc86f9244dd5eaf8e24f891b7d3496a632d0e8ec075`
SHA3	`e47c4140ebe82f543c705590ac48ae7ac8419a31e00b96dee0ffecde56d4ce9f`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6972`
MD5	`2a8da9f9561f30e3499fddaefc4029bc`
SHA1	`2eb0a74b4d9cc01ddb65d7fcd435787596fd8e27`
SHA256	`caf94fbca74edda3ef7db0b5fd55fbea915e4715efd809ebb4db32cd11ad0968`
SHA3	`aa367bbdf214c7562fa09178104536d3bc15f80ac3b70f90f82ff7ce97228305`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53565`
MD5	`66489f9eea14ab39e3a0b9009c1a5d98`
SHA1	`65814e43cd50bdcd362caa39798cf3161f90d352`
SHA256	`ff5fac190dd84c732ad9d4027903ea50ba07b31e32e0073bbf21a47af1593bc2`
SHA3	`710bc825257ed45b01a401f1fc87d40a24744da828be7e0053cf196aa6edba4f`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x396`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.333`
MD5	`6a93edf0ca70e4b967c111f1b4a207ee`
SHA1	`a7f2e902472476545001193cfc7e54da3959eb2f`
SHA256	`80a39e3bbbca02a7d0049d273201cebeb0b5a3b2ed3efa9d786c94529d87da46`
SHA3	`890fd1751908fd8abb70943d9c0fc89ac97d405e651ee7c80f2c67e38c7b645c`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94168`
MD5	`fd46cae204161f624089374d1892677e`
SHA1	`c2844e969091e2abc3ededb9792e7c129c050e1c`
SHA256	`6a2cf379aa950dde3136a3e3ff80047923faaf69dc65c7c5af21350f6d6a2a08`
SHA3	`d93222de0f263dba4af4e11ddf7a21aa1a3e1c2dfcab0c130be294ac7bb409d1`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.99.0.0
ProductVersion	1.99.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Automotive Diagnostics Software
CompanyName	RenOLink
FileDescription	RenOLink
FileVersion (#2)	1.99.0.0
InternalName	RenOLink.exe
LegalCopyright	Gabriel Gafu (gabigafu@hotmail.com)
LegalTrademarks
OriginalFilename	RenOLink.exe
ProductName	RenOLink
ProductVersion (#2)	1.99.0.0
Assembly Version	1.99.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.