Manalyze report for 525ae111008dc860b740b91262707b191e6c7efe19048f2401ac157f054814fb

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Nov-19 15:29:48
Comments
CompanyName
FileDescription	flowjo
FileVersion	`1.0.7993.29694`
InternalName	flowjo.exe
LegalCopyright
LegalTrademarks
OriginalFilename	flowjo.exe
ProductName
ProductVersion	`1.0.7993.29694`
Assembly Version	1.0.7993.29694

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 44/72 (Scanned on 2024-11-27 13:03:39)	`ALYac: Gen:Variant.Lazy.148150` `APEX: Malicious` `AVG: Win32:MalwareX-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.C5589290` `Alibaba: Trojan:Win32/MalwareX.7b792d86` `Antiy-AVL: Trojan/Win32.Agent` `Arcabit: Trojan.Lazy.D242B6` `Avast: Win32:MalwareX-gen [Trj]` `Avira: TR/Dropper.Gen` `BitDefender: Gen:Variant.Lazy.148150` `Bkav: W32.AIDetectMalware.CS` `CTX: exe.trojan.lazy` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Emsisoft: Gen:Variant.Lazy.148150 (B)` `F-Secure: Trojan.TR/Dropper.Gen` `FireEye: Gen:Variant.Lazy.148150` `Fortinet: PossibleThreat` `GData: Gen:Variant.Lazy.148150` `Google: Detected` `Ikarus: Trojan.Dropper` `K7AntiVirus: Riskware ( 00584baa1 )` `K7GW: Riskware ( 00584baa1 )` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.2939784421` `MaxSecure: Trojan.Malware.160108552.susgen` `McAfee: Artemis!0CA560358515` `McAfeeD: ti!525AE111008D` `MicroWorld-eScan: Gen:Variant.Lazy.148150` `Microsoft: HackTool:Win32/Keygen!MTB` `Paloalto: generic.ml` `Panda: Trj/Chgt.AD` `Rising: Hacktool.Vigorf!8.F62B (CLOUD)` `Sangfor: Trojan.Win32.Lazy.Vzqa` `SentinelOne: Static AI - Malicious PE` `Skyhigh: Artemis!Trojan` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score` `TrendMicro-HouseCall: TROJ_GEN.R002H09KJ23` `VIPRE: Gen:Variant.Lazy.148150` `Varist: W32/Risk.YEAY-3082` `alibabacloud: Trojan[dropper]:Win/Lazy`

Hashes

MD5	`0ca560358515cd1ce0f4cddcb528cc81`
SHA1	`04fb57ed354a0dd8ce2fae792d11ad69e6fbfeb3`
SHA256	`525ae111008dc860b740b91262707b191e6c7efe19048f2401ac157f054814fb`
SHA3	`2456b66475584cbdb651f3fcf9c3b077d144c1ee4113e75e320e09da49b5dde1`
SSDeep	`1536:wY8CmDz4dEYf3RLqf6AMxrGgFne/A+me1XzuQkgx:n8C4MddfJqSb4Mne4ODu5gx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2021-Nov-19 15:29:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`80.0`
SizeOfCode	`0x11000`
SizeOfInitializedData	`0x1e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00012E5E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x14000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x18000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`48ee608733ce37da4e2b39ce3bc1778b`
SHA1	`6aef0ee3d07e871e8a2d9d2b23ef2d614051b53a`
SHA256	`dca329995eee1546762c39421c8f7cd8260e68581e433d80bd6f7dc8942e0d55`
SHA3	`c8bdfb0fe025b8b1d41446662bd4fbf6ece8d7ae4e98995fbd454d9c0f372f71`
VirtualSize	`0x10e6c`
VirtualAddress	`0x2000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.64262`

.rsrc

MD5	`4039febf7a35b14ca9f1156b8cd87756`
SHA1	`b2b16233a66892a383f46ce2d75441498b7b1025`
SHA256	`d9e854132dff8776c40d014c31ea758c448de0ea1d228309787a0ef51acd20c1`
SHA3	`fab9e1615b396d2279908d9f81d2de1bc3d4449d8a12b0bff80ec37b0f455ec2`
VirtualSize	`0x1a24`
VirtualAddress	`0x14000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x11200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66436`

.reloc

MD5	`5ab005327a78947ce57dd3f4ca0406a2`
SHA1	`29b48be335cc3eff2f71d98996314d6988ea0e09`
SHA256	`7a93d5ba13fbea7a6c6f9a8470237fe2a62520d2256669b0da4f0ce929b73db2`
SHA3	`666732c33673f782dce0ab1647ca505df802eab2587e65da0940bd23d7b10b24`
VirtualSize	`0xc`
VirtualAddress	`0x16000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55623`
MD5	`8e0b1bee7d2c5b4795a195f1a401185e`
SHA1	`a71ecaa04ec8857f0854e5f03001620ae8f5a21b`
SHA256	`d6bf34f0e014efddae4ddbf61fa331f3d72a5a25520af6961e6897ecc175bc36`
SHA3	`ec9f2a9fbc9cb072f92f85fa7f09993373cb70ef9778368f91a3ed97ec4a2468`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.81924`
Detected Filetype	Icon file
MD5	`cbee427fa121aba9b9b265ff05de5383`
SHA1	`24fcae33001c8e0f5ec795c6edf076a69d59589f`
SHA256	`494e4fd717fa1ee0c5c7bb3b4e28fdab4b7f6e95b4f9865f5ab86f03f62ae62c`
SHA3	`a3fa35d56632275ba55716a4964f02031270f61f06a903fc460ac2dd6bebde85`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33038`
MD5	`860c548e7709e6aee8258468e28f8ec0`
SHA1	`ffdd70b473c78eaba7b1980b7995d95bcf597873`
SHA256	`5556c754462fe1a6cd91e1b932909026d4dfa3139b0f2abe2f1906aade91e8fd`
SHA3	`da64b4a9a13606bf9255a62fc88c6a97e043b91d99b5e760c62577f89424bdf2`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06644`
MD5	`c0dc54535a2bb554702fdbc83fa97866`
SHA1	`6af82cab1e14bfae7f8c89577ba0b2c443fc08cc`
SHA256	`65a76351350b9996f1367fa5fbac17f333e283d677d20d587a1662177250f23e`
SHA3	`f04bd58c37f0d91770a968d768a5aaaa2384c470388ed1d244ff34321d182bb2`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.7993.29694
ProductVersion	1.0.7993.29694
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	flowjo
FileVersion (#2)	1.0.7993.29694
InternalName	flowjo.exe
LegalCopyright
LegalTrademarks
OriginalFilename	flowjo.exe
ProductName
ProductVersion (#2)	1.0.7993.29694
Assembly Version	1.0.7993.29694

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.