4b5fa4941eb78c40ccf5976b72dbd936

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2104-Oct-29 08:11:57
Debug artifacts C:\Users\admin\source\repos\CTF4old\obj\Release\CTF4old.pdb
Comments
CompanyName
FileDescription CTF4old
FileVersion 1.0.0.0
InternalName CTF4old.exe
LegalCopyright Copyright © 2023
LegalTrademarks
OriginalFilename CTF4old.exe
ProductName CTF4old
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Malicious VirusTotal score: 6/69 (Scanned on 2023-03-18 19:21:30) Bkav: W32.AIDetectNet.01
Cynet: Malicious (score: 100)
Cyren: W32/Trojan.HJG.gen!Eldorado
APEX: Malicious
Google: Detected
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 4b5fa4941eb78c40ccf5976b72dbd936
SHA1 23c69d40d146146dba11e687e49aaeb1e7be3567
SHA256 1ff6f7e1a5abbdbc10e0013879a78a0b052904e571136f9f4868b8f070ebb9d4
SHA3 6fdb6a76d8cbddfa76031b57f1bd46cc87078b1717e3e402f135a002e41d9b6c
SSDeep 96:wsN25ODGgV9YJKXErhagNAJLHUIjjwLWzNt:ws4m9YJHrhagNOH9jEc
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2104-Oct-29 08:11:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x1000
SizeOfInitializedData 0x800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00002F9A (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8a275ec1c43baaa870b2e92a72d77418
SHA1 de990bc2c7508ba164d81f95e83cfe16683a2fae
SHA256 62d20e05364c4a9803ad6b0485e67525af413861e2510b03da46cba2721be92a
SHA3 3936456f5e864a6a7a03e689013814db72ab509564f7fba475901ff42f530611
VirtualSize 0xfa0
VirtualAddress 0x2000
SizeOfRawData 0x1000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.31648

.rsrc

MD5 69578169c186731da9b02ace3782501d
SHA1 a6562820b2718aef56ee623009d7f09585060b01
SHA256 97950a09f8a92ab93e494769622cc0bac9ab8324ada21c2e0c20a066a9fa9969
SHA3 35cc19268f938e303ec8fee49ec5b24c149e91b683082ad006c2368fed41d2a5
VirtualSize 0x59c
VirtualAddress 0x4000
SizeOfRawData 0x600
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.05423

.reloc

MD5 618957766bea37e660c7e8e238148303
SHA1 8d49d8c09627ee006161f7c6f1755da835d11c94
SHA256 3a95d2146537af3e83da9645e6eec0839e4c9413c17299bfd6bff536003618fd
SHA3 35530f61122543ad74f667c03c624dafe1f5f427bb4db51deea04fec7dffe86b
VirtualSize 0xc
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x30c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.26042
MD5 fa0f6032e8d1e5992a06f419cd617ed4
SHA1 0064c94eb792d8f4e70eedcd45a2e0db33c5435e
SHA256 37e08e56d2bae9a8d949394c64daff22197b1c8ac4ef414c482ca5b82f17bf66
SHA3 7e89159321b40b9a6ee09d8218232f2ebbbfc887b883aa2ff476b5e83138a4ed

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription CTF4old
FileVersion (#2) 1.0.0.0
InternalName CTF4old.exe
LegalCopyright Copyright © 2023
LegalTrademarks
OriginalFilename CTF4old.exe
ProductName CTF4old
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2104-Jul-07 19:46:49
Version 0.0
SizeofData 84
AddressOfRawData 0x2ef4
PointerToRawData 0x10f4
Referenced File C:\Users\admin\source\repos\CTF4old\obj\Release\CTF4old.pdb

UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->