Manalyze report for 41a098e7e331f2ce7e54190233cf78a1e04d0a345466eb3a07a988683aff2f3d

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-09 09:33:04
FileDescription
FileVersion	`0.0.0.0`
InternalName	ClientSetup.exe
LegalCopyright
OriginalFilename	ClientSetup.exe
ProductVersion	`0.0.0.0`
Assembly Version	0.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 52/71 (Scanned on 2026-04-29 03:23:49)	`ALYac: Gen:Variant.Ransom.Loki.5934` `APEX: Malicious` `AVG: Win32:MalwareX-gen [Rat]` `AhnLab-V3: Trojan/Win.Generic.C5144844` `Alibaba: TrojanDropper:MSIL/AsyncRAT.56dd7f7b` `Antiy-AVL: Trojan/MSIL.GenKryptik` `Arcabit: Trojan.Ransom.Loki.D172E` `Avast: Win32:MalwareX-gen [Rat]` `Avira: TR/Dropper.Gen` `BitDefender: Gen:Variant.Ransom.Loki.5934` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.Generic.TRFH465` `CTX: exe.trojan.msil` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.PackedNET.2595` `ESET-NOD32: MSIL/Kryptik.ANLM trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Ransom.Loki.5934 (B)` `F-Secure: Trojan.TR/Dropper.Gen` `Fortinet: MSIL/GenKryptik.FVDD!tr` `GData: Gen:Variant.Ransom.Loki.5934` `Google: Detected` `Gridinsoft: Ransom.Win32.AzorUlt.sa` `Ikarus: Trojan.MSIL.CoinMiner` `K7AntiVirus: Trojan ( 700000201 )` `K7GW: Trojan ( 700000201 )` `Kaspersky: HEUR:Trojan-Dropper.MSIL.Dapato.gen` `Lionic: Trojan.Win32.AsyncRAT.b!c` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Real Protect-LS!E601412BFB97` `MicroWorld-eScan: Gen:Variant.Ransom.Loki.5934` `Microsoft: Trojan:MSIL/AsyncRAT.Z!MTB` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:ME6VtioQKzYCz8rpbxKMdQ)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: Artemis` `Sophos: Troj/MDrop-JWW` `Symantec: ML.Attribute.HighConfidence` `Tencent: Trojan.Msil.Dapato.ca` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!E601412BFB97` `TrendMicro: TrojanSpy.Win32.SALATSTEALER.YXGD1Z` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9z` `VIPRE: Gen:Variant.Ransom.Loki.5934` `Varist: W32/Azorult.D.gen!Eldorado` `ZoneAlarm: Troj/MDrop-JWW` `alibabacloud: Trojan[dropper]:MSIL/AsyncRAT.Z9OKG` `huorong: TrojanDropper/MSIL.Agent.kf`

Hashes

MD5	`e601412bfb97b7e30396295526b45ed1`
SHA1	`b6f5bb702e6ce6a9829ba136820f84df1e3e153d`
SHA256	`41a098e7e331f2ce7e54190233cf78a1e04d0a345466eb3a07a988683aff2f3d`
SHA3	`64f887421f304ef0a6435ac27fb0df9d90cc14c05f9736ee8d3804c9e89d9173`
SSDeep	`393216:/T1xs6NXd0tVrDhmIx5py5Wfj5z8+uo3jFAeGxjnGZlu+AWz8jB:L1xNNto1mIjVfjR8nYFAeOncMtjB`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2026-Apr-09 09:33:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x1061600`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x010634FE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x1064000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1068000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7c6cd7e65c0f81662f140277cb15e9ec`
SHA1	`cfa67217bbd3ffef107c80ad60c4f9d317eb25a7`
SHA256	`9de02b7d68e7f8e9c3ba9808217d1614578e9ebc18e8d41d04eecf2deba1b053`
SHA3	`8c7faa1fc143cab8a4012f68f0920b394c5205d9bf4a43a881407ee87ab2950c`
VirtualSize	`0x1061504`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1061600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99999`

.rsrc

MD5	`9da948c98eca31f82c46126dbfee82f1`
SHA1	`fcf4cfc6fbe10d9e0a25743ffedc0873a7d8646e`
SHA256	`221fcb354da7fbf205876e3ff089f7e96b7a0fad39372aad8d0c23d365d21894`
SHA3	`10303e1b85e60f8d9fc14b204a87c1e3b2289f850ca4afbba90813941f65deb8`
VirtualSize	`0x590`
VirtualAddress	`0x1064000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1061800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.26375`

.reloc

MD5	`0ac6436e42c376326e527afc77faf07a`
SHA1	`20499ccb87e8d9bd3a300fe48d20858b9e5c9b33`
SHA256	`d2441a88a50b459b7b5f48b1649d08a4a5ab88bb63ed1b1fbf9ae234dd993d53`
SHA3	`9b44b79d6d1570dca4fc3de6acdc54d9fa7d83755cb6c4163c5e1459dc2ce9e4`
VirtualSize	`0xc`
VirtualAddress	`0x1066000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1061e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x254`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17441`
MD5	`4b7c61b4a74ee60df5e056dace361aac`
SHA1	`69eddf0fd3f3b972f8028d3b79a279a7edd35169`
SHA256	`c958904d3f1741be6c3b448c605b730b3503ab3f662b9aa9731c3501648dde90`
SHA3	`2b8b10a5917b73f6341f38db42bb25255f50b9ee8a9a0246440f771a190af71a`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x295`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87881`
MD5	`423f6147c85ae25f5fd8df208f3c4118`
SHA1	`68472cff8666f85173417d0a070ef9fd6bdcea24`
SHA256	`9d5a9c610ad11b51ba434d22e575f4b58f34ec3a9ceff45ca8709c570af54343`
SHA3	`77602546026d448bd76105ceeaae5082fbfd3c43825f3bd23fbd0a5b2d457016`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	0.0.0.0
InternalName	ClientSetup.exe
LegalCopyright
OriginalFilename	ClientSetup.exe
ProductVersion (#2)	0.0.0.0
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.