×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date
2104-Oct-29 08:11:57
Debug artifacts
C:\Users\admin\source\repos\CTF4old\obj\Release\CTF4old.pdb
Comments
CompanyName
FileDescription
CTF4old
FileVersion
1.0.0.0
InternalName
CTF4old.exe
LegalCopyright
Copyright © 2023
LegalTrademarks
OriginalFilename
CTF4old.exe
ProductName
CTF4old
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Malicious
VirusTotal score: 6/69 (Scanned on 2023-03-18 19:21:30)
Bkav:
W32.AIDetectNet.01
Cynet:
Malicious (score: 100)
Cyren:
W32/Trojan.HJG.gen!Eldorado
APEX:
Malicious
Google:
Detected
MaxSecure:
Trojan.Malware.300983.susgen
MD5
4b5fa4941eb78c40ccf5976b72dbd936
SHA1
23c69d40d146146dba11e687e49aaeb1e7be3567
SHA256
1ff6f7e1a5abbdbc10e0013879a78a0b052904e571136f9f4868b8f070ebb9d4
SHA3
6fdb6a76d8cbddfa76031b57f1bd46cc87078b1717e3e402f135a002e41d9b6c
SSDeep
96:wsN25ODGgV9YJKXErhagNAJLHUIjjwLWzNt:ws4m9YJHrhagNOH9jEc
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2104-Oct-29 08:11:57
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Magic
PE32
LinkerVersion
48.0
SizeOfCode
0x1000
SizeOfInitializedData
0x800
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00002F9A (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x4000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
6.0
Win32VersionValue
0
SizeOfImage
0x8000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
8a275ec1c43baaa870b2e92a72d77418
SHA1
de990bc2c7508ba164d81f95e83cfe16683a2fae
SHA256
62d20e05364c4a9803ad6b0485e67525af413861e2510b03da46cba2721be92a
SHA3
3936456f5e864a6a7a03e689013814db72ab509564f7fba475901ff42f530611
VirtualSize
0xfa0
VirtualAddress
0x2000
SizeOfRawData
0x1000
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
5.31648
MD5
69578169c186731da9b02ace3782501d
SHA1
a6562820b2718aef56ee623009d7f09585060b01
SHA256
97950a09f8a92ab93e494769622cc0bac9ab8324ada21c2e0c20a066a9fa9969
SHA3
35cc19268f938e303ec8fee49ec5b24c149e91b683082ad006c2368fed41d2a5
VirtualSize
0x59c
VirtualAddress
0x4000
SizeOfRawData
0x600
PointerToRawData
0x1200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
4.05423
MD5
618957766bea37e660c7e8e238148303
SHA1
8d49d8c09627ee006161f7c6f1755da835d11c94
SHA256
3a95d2146537af3e83da9645e6eec0839e4c9413c17299bfd6bff536003618fd
SHA3
35530f61122543ad74f667c03c624dafe1f5f427bb4db51deea04fec7dffe86b
VirtualSize
0xc
VirtualAddress
0x6000
SizeOfRawData
0x200
PointerToRawData
0x1800
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0815394
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x30c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.26042
MD5
fa0f6032e8d1e5992a06f419cd617ed4
SHA1
0064c94eb792d8f4e70eedcd45a2e0db33c5435e
SHA256
37e08e56d2bae9a8d949394c64daff22197b1c8ac4ef414c482ca5b82f17bf66
SHA3
7e89159321b40b9a6ee09d8218232f2ebbbfc887b883aa2ff476b5e83138a4ed
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
b7db84991f23a680df8e95af8946f9c9
SHA1
cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256
539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3
4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
FileDescription
CTF4old
FileVersion (#2)
1.0.0.0
InternalName
CTF4old.exe
LegalCopyright
Copyright © 2023
LegalTrademarks
OriginalFilename
CTF4old.exe
ProductName
CTF4old
ProductVersion (#2)
1.0.0.0
Assembly Version
1.0.0.0
Characteristics
0
TimeDateStamp
2104-Jul-07 19:46:49
Version
0.0
SizeofData
84
AddressOfRawData
0x2ef4
PointerToRawData
0x10f4
Referenced File
C:\Users\admin\source\repos\CTF4old\obj\Release\CTF4old.pdb
Characteristics
0
TimeDateStamp
1970-Jan-01 00:00:00
Version
0.0
SizeofData
0
AddressOfRawData
0
PointerToRawData
0