Manalyze report for 4c77dd85c92c1adb56db13948d7f0c2e

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Jul-29 13:42:12
FileDescription
FileVersion	`4.0.0.0`
InternalName	Bot.exe
LegalCopyright	Copyright © 2012
OriginalFilename	Bot.exe
ProductVersion	`4.0.0.0`
Assembly Version	4.0.0.0

Plugin Output

Suspicious	The file contains overlay data.	`4142702 bytes of data starting at offset 0x2ed200.`

Hashes

MD5	`4c77dd85c92c1adb56db13948d7f0c2e`
SHA1	`40899356e587f74d49781d6b61f24968b4dbe730`
SHA256	`a2c18936280375c5f3d14156744c8c99a1d881fd5127da937251a2ed0da02405`
SHA3	`b942f4d7caf998ca190152bf1b7f23c8afe8fcfb0f2a6d14827d8480443ed2f4`
SSDeep	`196608:X9Mf8PlA4zPQXApOzaOIXKJIcUSpSUn8BlY:X9MU6iPQwgUXypSUnGK`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2013-Jul-29 13:42:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x2dfa00`
SizeOfInitializedData	`0xd600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002E18CC (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2e2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2f2000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`aae4984136723cc59c41d69756b63d49`
SHA1	`81a5d65c886a640d473a0773826c7dd35aa94ad8`
SHA256	`e33c5f655cf7996523b028b74feb000d4080b4b872b997cf9d70e6e8c6434c22`
SHA3	`8156ea54ce90439019e2468f62cb564a51dd21976dc1f20cda9d9c6345d4ec8c`
VirtualSize	`0x2df8d2`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2dfa00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.0101`

.rsrc

MD5	`d25985876ccdef99ad864036969219e9`
SHA1	`8fa6c527cfb46c86f48328616b6da5100108be7f`
SHA256	`c5376910899efb43157e5379034a820209cc3ccb60ff15dc9cfb48d395465e7b`
SHA3	`19b83227c412315916bbe8798b7a75fcaa64c865dbf8b19e4cd1c0a7258241f5`
VirtualSize	`0xd2a0`
VirtualAddress	`0x2e2000`
SizeOfRawData	`0xd400`
PointerToRawData	`0x2dfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.40974`

.reloc

MD5	`838ad7b74c42ccbb91b1b62749ecf6d2`
SHA1	`040c81b4ff13e080af945e5084bf63643259e1c1`
SHA256	`16963b947bacdef74d9dc6f99f15b4cfa9db19b544ca373e0507c72b8f500bd9`
SHA3	`38e462d7cafee89270a02c0195f451b53764c70ba525e40ae0b48ba1800f888c`
VirtualSize	`0xc`
VirtualAddress	`0x2f0000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2ed000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.30843`
MD5	`d1ff8804a450c91473c8720cb2216a05`
SHA1	`a5ec26be655783c6e6bdb326b2e5c22b1d118b04`
SHA256	`cdb55516222389d9f837fb47b94d6474beed0d5fd820537afcedf16041502b68`
SHA3	`0bdef263fb4656f6477639963236e4f37eadb21d32dee8a7d7b55867ea9f2b63`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32956`
MD5	`b6756885c280f3804ca7915ca57affca`
SHA1	`53231d193a4571f108641fc7b0c474c49ec2ecee`
SHA256	`70e14dfeb440eefd9beed0cffd81bab7d720a50b726ed6e15b310e62954efb70`
SHA3	`96c07b1f86e491acb703aae971bc4b4ba39c9589ffa1fd53a9eec88a3f99b638`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29111`
MD5	`f0389960ba8e40a854720e5cd09c3a73`
SHA1	`f55bee6186f7c3e90658a0e6942cd1b2b156c4be`
SHA256	`6038d941a8a443d17f47e9b9e31cd7b3068b981515e98184daa2070dfe28a371`
SHA3	`e253baa49fad0ed1421d0802bfe6d0cadd182c4d9b97f8a9e591bed15d686df2`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1705`
MD5	`4a507734ec1d13489f50b137dc1144ae`
SHA1	`b857b9a31b775bb267cfae79bfc70ae67ff6b7a5`
SHA256	`90c395a460932571581352ccb99e169e02bcce5cb3a808cc057d19a262f887ae`
SHA3	`4d8258ce3ee812783508845a42d53c78870870aa6bb0e02bccb769a8d26ec1b6`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72442`
MD5	`fe0917fb80ea4a63e54d58b91e929402`
SHA1	`f6e5f8211cd1ea1addfeccf8ee3549975e728886`
SHA256	`23a635bebe91a39d43e88e7e285ad5a2d870d8f326528ca659ee4d7a81dfe6e9`
SHA3	`a276e571e2fb3a6bb0b4a12073088c3b14b785452870eeb401e41a522c8de95d`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.17423`
MD5	`1a0726560abaf945d0442d59eb2561b2`
SHA1	`3900f1510d7c46678a8c57c20f75bbc1acdcea96`
SHA256	`457308ab2455f4c54b5a15deb4a10d64204ad7cc09f45e213c2d5c620922e2ef`
SHA3	`0688f7e0754422e162545d0ac8c65e741a71493edb87004916816ea810ff57b3`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.09695`
MD5	`f0412717cf70ac11ae1af56bf02f5772`
SHA1	`4fe7ff16dc98646c0807e1b3d3dafc42fcd0b0db`
SHA256	`55cd02edf46530d9fc34915acaade250a92a33ad67eec10bea5be2e1a75a66f4`
SHA3	`44345e7ee6e058ff6d2948a54c599cc82aba88b117efcd8c5edf0d2f65043bb3`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0117`
MD5	`3b294ead5b9791e0d545c0f57e622e28`
SHA1	`d39cd183ec1d0d4f9e70ef86e5ada93411ff499b`
SHA256	`ad8df15db1f67485befa156238a66bb84f6f1d1bcd54d300ec6e501fb6e28bbb`
SHA3	`30283282bd608ea5a16f7ff9f11e522039bccc4cccd06344909dfb3dd6868b50`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.03281`
MD5	`04decf93e7ae871cffa5f0543cffc150`
SHA1	`f09c1c525fbd6dcf1f5322945d06d403465bc995`
SHA256	`c644efb8b352139b90cea0c105de70e2c88ef3efb2acd480f40804b8adfe1867`
SHA3	`3e8f28453538272ac6daa213bcd104b649b027291e7762fe8b3874037e82b979`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x402e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93561`
MD5	`8b231b8fd1b6791789675b54d7b143f4`
SHA1	`e1c536f6decf467a4ea03e5229ad05a697089cc1`
SHA256	`dce1e9388d151d213b2e91bec37ae1c89feedf82e1cb6fcc8bdeab29a36b1d5e`
SHA3	`f4738e1cc438af8b8026627bd6640dcef1302787e44405e4641c904ae6f4ce12`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52489`
MD5	`98c49503da74fab567576a28ea88b8b4`
SHA1	`f5ca864aa4340b40c862935c9b8ec79d95352c5d`
SHA256	`589b2873e29802a9848eb556c26e4c45ba49bc6c03eb54be9d1d8d97858872ba`
SHA3	`12063c4d8e1e59ce621a692be06a2cd6678a6b41f5880547fdd3fecd63f4a808`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65614`
MD5	`2b5142426a85c301377c33315edc1e01`
SHA1	`0716a424f250ae544c5952d3e2b786d8b97fa9a7`
SHA256	`397f4e1da1a40c89d4bffd7f0ed4606956efcd771162f0420affb41d9b3d3de6`
SHA3	`886a746fb477e24e5e1b839566903aae5d2edbff3280c5487cf399051691f6e0`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.68031`
MD5	`7b52de00b91531e1b965f6d1cf3510d6`
SHA1	`cd07c11cd6ff638a4a01a8b555a9a15e84e77357`
SHA256	`01d926d10424809b469775f9e9e7749c763841968dc0ff96be847385429a329e`
SHA3	`71fe71ce46fa90b6fa5ec8fc96b5980d3057d4787bfc8cadaf593cf729865abc`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32052`
MD5	`3a2e2cc9ef53e9a29958913bbbffa740`
SHA1	`8e3f3e64271f8e842465d78391516396d06aaf52`
SHA256	`8792fb054a35bf3e0e3c7e08a6d2160adcedb803ce822ef3ef4ca6febd64da5b`
SHA3	`ef474785ee471734dc41d31464069442911dd75c72d187d456c8d73654e47702`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.88563`
MD5	`f59830b327862e43fd8156795de8ce86`
SHA1	`0a16c0e990148e24d084c07939b9c4195486a83b`
SHA256	`a952d351b0e7c4b08b3a84dfead42807e85b8ef0e01d1f67bf815972782ef6df`
SHA3	`9db1de771af2152e4812f75ed5aa2c53ef8cc1d3db169bd649c76dfb9add56c2`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08758`
MD5	`ac351ddd55e0ac66b0095119d82d3c36`
SHA1	`a592f5a069f261c265e7dbefd88680b8f2d54412`
SHA256	`32cef9a0a2e98825617102acb9efc46d137e84cc0651b11e55cce07136ec3fed`
SHA3	`8fa47143f694d1a3a9a38e5603dada8e98e19cfe798d63ea1cfb80713e78a5c7`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x254`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22342`
MD5	`c22bf091003b504593b2a26ff4d14569`
SHA1	`7cbe1389f55116e82903ae036679d988a0fc1725`
SHA256	`595e0384b33960d89a3698384686de292209533224ba31ce58c46d392b0e3fe4`
SHA3	`d57935e59f390573bb3cf8a5e24ff94cda7048e5f9c58abe6a25358cde2f2f12`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.90047`
MD5	`d7105a81d48b7c512bbe7eaf7057b085`
SHA1	`fc1d73807f554dbaa58bf780c78055f0fb02a0cc`
SHA256	`ed1874921fa8f8c04922eab736263c97af7913c0bde4f14d476798a8a2710115`
SHA3	`2dbeab98398a80ce4a71fb97d33125d7dc218025d4eed979c3a4b385032873d4`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.0.0.0
ProductVersion	4.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	4.0.0.0
InternalName	Bot.exe
LegalCopyright	Copyright © 2012
OriginalFilename	Bot.exe
ProductVersion (#2)	4.0.0.0
Assembly Version	4.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Please edit the configuration file with your VirusTotal API key.
[!] Error: Could not load yara_rules/bitcoin.yara!
[!] Error: Could not load yara_rules/monero.yara!
Could not load company_names.yara!
[!] Error: Could not load yara_rules/compilers.yara!
[!] Error: Could not load yara_rules/findcrypt.yara!
[!] Error: Could not load yara_rules/suspicious_strings.yara!
[!] Error: Could not load yara_rules/domains.yara!
[!] Error: Could not load yara_rules/peid.yara!