Manalyze report for 46d1995f95bb1dbc0cf3de793387c01c

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2089-Jun-02 08:48:53
Debug artifacts	gfhhdrty.pdb
Comments	fghbgnhh dyyyte yj
CompanyName	samefoob
FileDescription	hkjhanscuaua
FileVersion	`3.6.4222.18`
InternalName	gfhhdrty.exe
LegalCopyright	2022
LegalTrademarks	gfhthh454ty
OriginalFilename	gfhhdrty.exe
ProductName
ProductVersion	`3.6.4222.18`
Assembly Version	3.6.4222.18

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: backdoor` `Contains domain names: http://james.newtonking.com http://james.newtonking.com/projects/json http://www.newtonsoft.com http://www.newtonsoft.com/jsonschema http://www.w3.org http://www.w3.org/2000/xmlns/ https://urn.to https://www.nuget.org https://www.nuget.org/packages/Newtonsoft.Json.Bson james.newtonking.com newtonking.com newtonsoft.com nuget.org www.newtonsoft.com www.nuget.org www.w3.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to RC5 or RC6` `Uses constants related to Twofish` `Uses constants related to TEA`
Suspicious		`Unusual section name found: .sdata`
Malicious	VirusTotal score: 38/69 (Scanned on 2024-01-12 17:48:17)	`APEX: Malicious` `AVG: Win32:DropperX-gen [Drp]` `AhnLab-V3: Trojan/Win.MSILZilla.C5565811` `Antiy-AVL: Trojan[PSW]/MSIL.Stealer` `Avast: Win32:DropperX-gen [Drp]` `Avira: HEUR/AGEN.1353914` `BitDefenderTheta: Gen:NN.ZemsilF.36680.@t0@aai3q0l` `Bkav: W32.AIDetectMalware.CS` `CrowdStrike: win/malicious_confidence_70% (D)` `Cylance: unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `F-Secure: Heuristic.HEUR/AGEN.1353914` `Fortinet: PossibleThreat` `GData: Win32.Trojan.Agent.UCP3N3` `Google: Detected` `Gridinsoft: Trojan.Win32.Agent.sa` `Kaspersky: HEUR:Trojan-PSW.MSIL.Stealer.gen` `Kingsoft: MSIL.Trojan-PSW.Stealer.gen` `Lionic: Trojan.Win32.Stealer.12!c` `Malwarebytes: Generic.Malware/Suspicious` `MaxSecure: Trojan.Malware.74396735.susgen` `McAfee: Artemis!46D1995F95BB` `Microsoft: Program:Win32/Wacapew.C!ml` `Panda: Trj/Chgt.AD` `Rising: Stealer.Agent!8.C2 (CLOUD)` `Sangfor: Infostealer.Win32.Agent.Vy97` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: Artemis!Trojan` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.13faa394` `TrendMicro-HouseCall: TROJ_GEN.R023H0CLQ23` `Varist: W32/ABRisk.DNHG-8457` `ViRobot: Trojan.Win.Z.Stealer.4336128` `Zillya: Trojan.Stealer.Win32.168185` `ZoneAlarm: HEUR:Trojan-PSW.MSIL.Stealer.gen`

Hashes

MD5	`46d1995f95bb1dbc0cf3de793387c01c`
SHA1	`41da1e59e5c0f01769f9f0bba8f67d128ffed537`
SHA256	`bcf446de6d49b511ee558dfd6c3a3cefdc85665ef44793eac2b1a4208bf22aaf`
SHA3	`a6fa4ffc6a54a2ebd7da5f2ca29631d8725625683be843daf1bcb01ad56d97a0`
SSDeep	`98304:1HeEnCGriOWjWQLg+ndL2Wwwf5OSTseDUsexyvgM4q:FnFmOWjWYg+ndL2Wwwf5OSTseDUsexl`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2089-Jun-02 08:48:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x3d1400`
SizeOfInitializedData	`0x51200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x003D32AE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x3d4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x428000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`15`

.text

MD5	`5937c69d978468de4bfdaf4da70d376a`
SHA1	`a9b478f41d2f7fbde2a88a35d70f8f82cd5de520`
SHA256	`962d85171e0a41a6ef0e37da39fedad28f26ffe445f7eb367f96e54abbe59ed2`
SHA3	`28041bc46fac2da6fa2923e0a7537a129422d41e59c1a09473135e665f650198`
VirtualSize	`0x3d12b4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x3d1400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18285`

.sdata

MD5	`b678caff96797f5dba5b019fedfbda98`
SHA1	`1ccecc6a7017f93f79c3c4568e73a0c21ca6a73d`
SHA256	`f19c434a55a7b35542c2f6e03ea92197d45d5511fd971f0a7320fc8ea8893d7b`
SHA3	`eaf3a7dd9e3d08334253387d809982cf15cc84dbd978d1a294756b8ca6ad5106`
VirtualSize	`0x1fea3`
VirtualAddress	`0x3d4000`
SizeOfRawData	`0x20000`
PointerToRawData	`0x3d1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.06619`

.rsrc

MD5	`bce62f4520072e866bc27891757492e1`
SHA1	`f5d66486c1d92dd48039a6032ff9b0926b1bddfe`
SHA256	`f1d08bd7e2f7c1d8e011c5e8d166b326e1be090fe458c9dbed07019189239ed9`
SHA3	`ba84b1b203f3e1615de624e201b28ff9337478739e27b488d3a2a23a078c4332`
VirtualSize	`0x30fbc`
VirtualAddress	`0x3f4000`
SizeOfRawData	`0x31000`
PointerToRawData	`0x3f1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.7112`

.reloc

MD5	`d1f42d50eaeb9ae17e65fc75fb530543`
SHA1	`3225f3d4ebff3c3d00550e8e16917efcd3fff260`
SHA256	`ff905c41c3708a35623f66860b709ac3d56cb9a8e2f98d18968f112f2e69ecbb`
SHA3	`43393fcb38021cd4ccc9394071626df0c7abd0d7a160b4ec94b23451fbff1e34`
VirtualSize	`0xc`
VirtualAddress	`0x426000`
SizeOfRawData	`0x200`
PointerToRawData	`0x422800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8f7f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97189`
Detected Filetype	PNG graphic file
MD5	`67ebb2d103422e374c08c33620cb07df`
SHA1	`6787f310112600aa318ffaf916a62a7ef36728a1`
SHA256	`8c6128dc2beaab0ce4ec5e2db42551dde8fedeb8d7eaa87f75473491ff65d447`
SHA3	`d7f25ee9517194f2df367c0134c46de5575ed0b9b7f9abb5adcd78e6fc89f3a5`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70973`
MD5	`db1156eba7b93d4e6b018d4bb3659222`
SHA1	`57f2677d353290bc5c9d6ae92d37b77fd22501d8`
SHA256	`aad644abdf05af932987e39340ff5fff4f624f07073f396d89e01d28bb2542f9`
SHA3	`c4318091d33d7a57279280c5694939e4e836fc2e3970a9c7cac703c2ee0ed567`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.90005`
MD5	`8632f36dc8f0dcf71e13415acfb22349`
SHA1	`a815b95693b57108c3ce51f117dc04026ce1925b`
SHA256	`9624d160daa6142b318440d538abccfe627abe11b0c2a34e3d68aa9720f09ffd`
SHA3	`b8aee92b528b031f259334c70526038380c16aada851d55e942ab2756bf196bd`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.90401`
MD5	`b3abdf7c991d06c64696f7ad5d1e1157`
SHA1	`f166f9f00db61aa20382622b812ee85aab766289`
SHA256	`d2ad1680e7618844799eccc93edbbf395e3721c9749b86f2cf00c6aa5577d4e5`
SHA3	`0508132b7b8db5ad5afa2860737b4804255e14d82e242fd8fa59f1ef497168f4`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89004`
MD5	`b0f6d38cfc6efd461a95f04bb9b5ad88`
SHA1	`fb40852de1ddbd7972827e0f8a38b21178e0bbe3`
SHA256	`b7cfc6fc7a720338396f291709303250226cdce52bf2e72ae2f770269d26586d`
SHA3	`e3058c51229b8ca315d235d819b1178bcfb595bac8983a2b1a90309802ba56c1`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05494`
MD5	`51aec8dd0e562a54721911ea72f04828`
SHA1	`83d05278c4d130da4653988a4c3092d0a63befa6`
SHA256	`b7eaaaaf530de87b6bb28e4e84781033072b3885f220d8c05d0eeb8b79aa5c84`
SHA3	`8525b5f2f608dede4d8610938acf05d459d1085f8ced4784d01aebc1f8120c1a`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14379`
MD5	`3702ea4f797bf3f7d52809e7496475d8`
SHA1	`3c1d9030d4d7e080376018ff305a3469b35b5333`
SHA256	`25dd161ef2e4477b47fa0e673cfb6b556c0368954acd9fb8030182abc518e564`
SHA3	`dbcee9a0410f0f1206fcfe4d1b1792dcc2cde7792e8b987d2ce005ee411c4385`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35357`
MD5	`014afdc514048acc24d781557709997b`
SHA1	`fa6928d067971e17692f81c440a95e237bff78b6`
SHA256	`053458193329b40ee9264defa4344873cb7e12bdc765ca9e60ae132cab6718ba`
SHA3	`946c7fbb733e154835ac49c88b986f91a336ea25703d90e41ef458ed594b555c`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38649`
MD5	`baaad57a1d49cacf75c03ec4d9871826`
SHA1	`f12f3fdd8cee1f28bd6d0e4ce678f9a6077ff6a3`
SHA256	`d8f6b9290dc469a7f8dbec8d7ad7218ff5b38f6aa21365d5cde878a22a770645`
SHA3	`7dda60051dcd30b2c3caa3d279802549cac1e4ae58063f35a71ced5f3eff48a9`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03466`
Detected Filetype	Icon file
MD5	`fa0dcee668f5b6cda90f243984af261a`
SHA1	`394a88665e10d051b3979be612ac96416fd55917`
SHA256	`e378f286a43a578a5768f49aa38711b3634e86e62b82ba410c05730de2b9c647`
SHA3	`1523df25a8e4954c3cf3ce3b7232a9fa527792e4c6001792b8721a934a296e12`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44656`
MD5	`b9c303ad4e3696dc8f870c5e7c5455dd`
SHA1	`cd665666d34f52bc6cf95d171e5e1e32e1bc2f81`
SHA256	`c4010f713c38ded223bfb0f9bb890730d963949654731494e93af4d31c1247b7`
SHA3	`09d908c4d2b76fcd1fafbcfa1833ab5a1689d545a7c2e687f2f1d10615b6f10b`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.6.4222.18
ProductVersion	3.6.4222.18
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	fghbgnhh dyyyte yj
CompanyName	samefoob
FileDescription	hkjhanscuaua
FileVersion (#2)	3.6.4222.18
InternalName	gfhhdrty.exe
LegalCopyright	2022
LegalTrademarks	gfhthh454ty
OriginalFilename	gfhhdrty.exe
ProductName
ProductVersion (#2)	3.6.4222.18
Assembly Version	3.6.4222.18

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`37`
AddressOfRawData	`0x3d3237`
PointerToRawData	`0x3d1637`
Referenced File	gfhhdrty.pdb

TLS Callbacks

Load Configuration

RICH Header

46d1995f95bb1dbc0cf3de793387c01c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.sdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors