Manalyze report for 53e929bc37d7690e1adee6a374e639d5

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2096-Jun-11 03:14:41
Comments
CompanyName
FileDescription
FileVersion	`2.4.5`
InternalName	Client.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Client.exe
ProductName
ProductVersion	`2.4.5`
Assembly Version	2.4.5.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe schtask` `Contains references to internet browsers: chrome.exe firefox.exe` `Contains references to security software: rshell.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Looks for VMWare presence: VMware vmmouse vmware` `Looks for Sandboxie presence: SbieDll.dll` `Looks for VirtualBox presence: SOFTWARE\Oracle\VirtualBox Guest Additions VBoxGuest VBoxMouse VBoxSF VBoxTray \\.\pipe\VBoxMiniRdDN \\.\pipe\VBoxTrayIPC vboxservice` `Looks for Qemu presence: QEMU Qemu qemu` `May have dropper capabilities: CurrentVersion\Run` `Accesses the WMI: root\Security` `Miscellaneous malware strings: cmd.exe virus` `Contains domain names: amyuni.com api.ipify.org https://api.ipify.org https://api.ipify.org/ https://ipwho.is https://www.amyuni.com https://www.amyuni.com/downloads/usbmmidd_v2.zip ipify.org www.amyuni.com`
Malicious	VirusTotal score: 51/65 (Scanned on 2026-02-11 05:15:29)	`ALYac: Trojan.GenericKDZ.114388` `APEX: Malicious` `AhnLab-V3: Spyware/Win.Tinclex.C5814347` `Alibaba: TrojanBanker:MSIL/Aikaantivm.1a9331a4` `Arcabit: Trojan.Generic.D1BED4` `BitDefender: Trojan.GenericKDZ.114388` `Bkav: W32.AIDetectMalware.CS` `CTX: exe.trojan.msil` `ClamAV: Win.Malware.Generic-9883083-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DrWeb: BackDoor.QuasarNET.3` `ESET-NOD32: MSIL/PulsarRAT.A trojan` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKDZ.114388 (B)` `Fortinet: MSIL/Agent.CVS!tr` `GData: Trojan.GenericKDZ.114388` `Google: Detected` `Gridinsoft: Trojan.Win32.Agent.sa` `Ikarus: Trojan.MSIL.Agent` `K7AntiVirus: Spyware ( 700000201 )` `K7GW: Spyware ( 700000201 )` `Kaspersky: HEUR:Trojan.Win32.Generic` `Kingsoft: MSIL.Trojan.Convagent.gen` `Lionic: Trojan.Win32.Quasar.4!c` `Malwarebytes: Backdoor.Pulsar` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Real Protect-LS!53E929BC37D7` `MicroWorld-eScan: Trojan.GenericKDZ.114388` `Microsoft: VirTool:MSIL/Aikaantivm!atmn` `NANO-Antivirus: Trojan.Win32.Quasar.lelzaq` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: Trojan.AikaCrypter!1.BCF6 (CLASSIC)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/MsilDyn-E` `Symantec: Backdoor.Trojan` `Tencent: Trojan.Msil.Keylogger.16001821` `TrellixENS: Artemis!53E929BC37D7` `TrendMicro: Backdoor.Win32.QUASARRAT.YXGA1Z` `TrendMicro-HouseCall: TSPY_TINCLEX.SM1` `VIPRE: Trojan.GenericKDZ.114388` `Varist: W32/MSIL_Troj.C.gen!Eldorado` `ViRobot: Trojan.Win.Z.Agent.977920.HL` `VirIT: Trojan.Win32.MSIL_Heur.B` `Webroot: Win.Trojan.Quasar` `Zillya: Trojan.PulsarRAT.Win32.943` `ZoneAlarm: Mal/MsilDyn-E` `alibabacloud: Trojan:MSIL/Injector.VLV` `huorong: Backdoor/Quasar.f`

Hashes

MD5	`53e929bc37d7690e1adee6a374e639d5`
SHA1	`b537f15639bc1b0a86cee830fb4c36398769d74d`
SHA256	`e6c7980415166ed95dde34ff12897e29ecd961e5f69cf7a21d6bc6be4204390f`
SHA3	`dddb2e743e8128e294eb3c65cf1d3aa56075c1721bc54e5924c9e8da8a9e3847`
SSDeep	`24576:SF/pXxJzck+uGW/yFoBkkAQV1+47IXstdDxY:SF/pXTYjqqanTX+oBtFx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2096-Jun-11 03:14:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xedc00`
SizeOfInitializedData	`0xe00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000EFB7E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xf4000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`351b3ce49c603fc79f99431b6d75ef11`
SHA1	`68fcc55a0f09f23bc9b39e06a28a0914078e2149`
SHA256	`0c37cd170c2b6e67501b9c4ce54edea2068bee8d2909169b71b9d864970671e1`
SHA3	`d7b275729085ec56ff33ddcddf4c04c06b13c8ba7c0db96f7e8a6c790c5f006c`
VirtualSize	`0xedb84`
VirtualAddress	`0x2000`
SizeOfRawData	`0xedc00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.25728`

.rsrc

MD5	`9b486b05bfcc29dab6f9238e83999dfb`
SHA1	`7837377617e84df87e78c07ca22e8fa706c56834`
SHA256	`1344ba0814a5ef19558c8c0030d26ad65b8d674d7768a30cc6efca09723f5c40`
SHA3	`74ba91bfe7564afe243c0662cde37d4cfc291fb9772ef76b073062c5b5434acf`
VirtualSize	`0xa74`
VirtualAddress	`0xf0000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xede00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.67254`

.reloc

MD5	`89484a306b2b5e34c24da616c4556620`
SHA1	`b0e387d5b5abb340a836a05b2246b2bf83fc455d`
SHA256	`99a666fe255dd75cb821a148a86b505f18760783d0b824c4e77e71a5c49a5518`
SHA3	`c110488f31fb24003f37d31510764744811978f1b90fc8ff1a060edadce0f6f5`
VirtualSize	`0xc`
VirtualAddress	`0xf2000`
SizeOfRawData	`0x200`
PointerToRawData	`0xeea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21401`
MD5	`9afeca05ef5c08405ac5e1464e5e6858`
SHA1	`06d4438856d44903a4fba99d714e431352f35b2a`
SHA256	`de8c5ae1e6cb8a40188ae4145d823e664662635761a94389a9417680e603b882`
SHA3	`2486084de9e14b136087b2725616f5eb24bf2138b798bee1a8a11ddb4ad4c5b9`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x702`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2193`
MD5	`2fed9b6edf5b46e0b313a4312b4d8051`
SHA1	`dddd8628a3cade8ee0032cecf8deeeaf3f487a69`
SHA256	`d59e2eeb5f7d4ff65d12800706135841b0cfdcb75fa5221e3bddadeff3253837`
SHA3	`02d6ea3739351c99d15836870048ecceca4cd783225c2cc3a24349cce3cfb28f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.4.5.0
ProductVersion	2.4.5.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription
FileVersion (#2)	2.4.5
InternalName	Client.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Client.exe
ProductName
ProductVersion (#2)	2.4.5
Assembly Version	2.4.5.0

Resource LangID	UNKNOWN

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0xedd28`

TLS Callbacks

Load Configuration

RICH Header

53e929bc37d7690e1adee6a374e639d5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors