Manalyze report for 507f816268a4a65859093a3d7dec2820

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Nov-30 10:28:52
FileDescription
FileVersion	`1.0.0.0`
InternalName	icce.exe
LegalCopyright
OriginalFilename	icce.exe
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 58/71 (Scanned on 2019-10-20 03:54:55)	`MicroWorld-eScan: Trojan.GenericKD.31506110` `FireEye: Generic.mg.507f816268a4a658` `CAT-QuickHeal: Trojan.GenericFC.S6057373` `McAfee: GenericRXAD-WZ!507F816268A4` `Cylance: Unsafe` `Zillya: Backdoor.Generic.Win32.8741` `K7AntiVirus: Trojan ( 00548b5f1 )` `Alibaba: Backdoor:MSIL/PasGen.9c3211e0` `K7GW: Trojan ( 00548b5f1 )` `Cybereason: malicious.268a4a` `Arcabit: Trojan.Generic.D1E0BEBE` `Invincea: heuristic` `Symantec: Trojan Horse` `APEX: Malicious` `Avast: Win32:MalwareX-gen [Trj]` `ClamAV: Win.Packed.Generickdz-6766483-0` `Kaspersky: HEUR:Backdoor.Win32.Generic` `BitDefender: Trojan.GenericKD.31506110` `NANO-Antivirus: Trojan.Win32.Kryptik.fktcqs` `Paloalto: generic.ml` `AegisLab: Trojan.Win32.Generic.4!c` `Ad-Aware: Trojan.GenericKD.31506110` `Emsisoft: Trojan.GenericKD.31506110 (B)` `Comodo: Malware@#m6egr520xqh5` `F-Secure: Heuristic.HEUR/AGEN.1001106` `DrWeb: Trojan.DownLoader19.34409` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: Backdoor.MSIL.NANOCORE.AMR` `McAfee-GW-Edition: BehavesLike.Win32.Generic.dc` `Trapmine: malicious.moderate.ml.score` `Sophos: Troj/MSIL-LZC` `SentinelOne: DFI - Malicious PE` `Jiangmin: Backdoor.Generic.atrx` `eGambit: Unsafe.AI_Score_99%` `Avira: HEUR/AGEN.1001106` `Fortinet: MSIL/Injector.REB!tr` `Antiy-AVL: Trojan[Backdoor]/Win32.AGeneric` `Endgame: malicious (high confidence)` `Microsoft: Backdoor:MSIL/PasGen.YA!MTB` `ZoneAlarm: HEUR:Backdoor.Win32.Generic` `AhnLab-V3: Backdoor/Win32.Noancooe.C2916253` `Acronis: suspicious` `VBA32: TScope.Trojan.MSIL` `ALYac: Backdoor.RAT.MSIL.NanoCore` `MAX: malware (ai score=100)` `Malwarebytes: Backdoor.Agent.MSIL` `ESET-NOD32: MSIL/NanoCore.E` `TrendMicro-HouseCall: Backdoor.MSIL.NANOCORE.AMR` `Rising: Backdoor.Generic!8.CE (TFE:C:NJ8EXjmtnFJ)` `Yandex: Trojan.Kryptik!aJuwbCbEMuk` `Ikarus: Trojan.MSIL.Krypt` `MaxSecure: Trojan.Malware.7175197.susgen` `GData: Trojan.GenericKD.31506110` `Webroot: W32.Malware.Gen` `AVG: Win32:MalwareX-gen [Trj]` `Panda: Trj/CI.A` `CrowdStrike: win/malicious_confidence_100% (W)` `Qihoo-360: HEUR/QVM03.0.8FA2.Malware.Gen`

Hashes

MD5	`507f816268a4a65859093a3d7dec2820`
SHA1	`e18b54e9d6e8bd9f8f02bdfa5440e18fd163cb38`
SHA256	`32bb5f767fe7788bca4dd07f89f145d70ec3f58e2581cab9ca6182d3fce9bc86`
SHA3	`fdd0867e124f9b8cc0a55b12430a9477be779585c8cc12db199bc1467554a293`
SSDeep	`6144:TlcTZNVU1//nZwP28S8sjEGAFQSFhdpFxE:pUVU1nZEJfTHdpFx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-Nov-30 10:28:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x3f000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0004020E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x42000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x46000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c614361246ff8211eb9f53b946871e91`
SHA1	`2a2bc4cc54b90c12f90094fb9ee2bff83ad9bcea`
SHA256	`da61951485d8df0703b8da138ab9507da2a693baf5d4bdbba5f517a997178791`
SHA3	`786db3eec7422be6214a9b8b4001f9a058cb8d730a818a34852f7ac040cf491e`
VirtualSize	`0x3e214`
VirtualAddress	`0x2000`
SizeOfRawData	`0x3f000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.7613`

.rsrc

MD5	`315bf48cf26a4ff00c3f3bb9bdce6ec7`
SHA1	`d7ecd6e27c6b677b895caf28af8a16bc5b619fec`
SHA256	`d9025e4d9ac9db59ed29f1f2b20df5b2b015ab208c7a0d9f66fa434fadbbe658`
SHA3	`8891ba902f481993851f774f99d1d6170165fcb056ee7637f8c6533558ebbc22`
VirtualSize	`0x298`
VirtualAddress	`0x42000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x40000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.666535`

.reloc

MD5	`65d074ee4f5b24067112929862d1778f`
SHA1	`087cc031a0d6c34bf6a9f9d059614281573036b7`
SHA256	`9c1d96c6f15106462f7358e7edaf4440294a9d59168f1ecf2276a262f4564f95`
SHA3	`d340200db46651af21641cea9417566e6802641dfd108cc16f087ef442f53e23`
VirtualSize	`0xc`
VirtualAddress	`0x44000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x41000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0131269`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x23c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16185`
MD5	`8e1d5b5d5626693727da73e5b50463f6`
SHA1	`8b94be0cae1bc2c2fc58d9e8450a007f70fa3854`
SHA256	`f84b4bc433622a87ae9787e2e92c0df1be87ea63121f042958d600a86d2c660a`
SHA3	`6c23331129f04e6868afa80f4e7cbe58212265387c0128c0533bdddeb1f2a28f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	icce.exe
LegalCopyright
OriginalFilename	icce.exe
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

507f816268a4a65859093a3d7dec2820

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors