×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date
2021-Oct-15 20:10:13
Comments
CompanyName
FileDescription
Seatbelt
FileVersion
1.0.0.0
InternalName
Seatbelt.exe
LegalCopyright
Copyright © 2018
LegalTrademarks
OriginalFilename
Seatbelt.exe
ProductName
Seatbelt
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Info
Matching compiler(s):
.NET executable -> Microsoft
Suspicious
Strings found in the binary may indicate undesirable behavior:
Contains references to system / monitoring tools:
control.exe
msconfig.exe
mshta.exe
regedit.exe
regsvr32.exe
rundll32.exe
sc.exe
schtask
Contains references to internet browsers:
Contains references to security software:
Looks for VMWare presence:
May have dropper capabilities:
CurrentControlSet\Services
CurrentVersion\Run
Accesses the WMI:
ROOT\Subscription
Root\CIMV2
Root\Microsoft
root\Microsoft
root\Security
root\cimv2
root\standardcimv2
Miscellaneous malware strings:
Contains domain names:
github.com
https://54.92.196.162
https://54.92.196.162/
https://github.com
https://lolbas-project.github.io
https://lolbas-project.github.io/
Suspicious
No VirusTotal score.
This file has never been scanned on VirusTotal.
MD5
550ce8dead622c14e2858908273e6116
SHA1
1ceefa652c6b3ef359fcb335c7dbe0e0366d2af2
SHA256
b5e6a1913eade2b8d24b6612aeb7ab5ab9a34778a91cd17d2b6144a06404d265
SHA3
d4c7c914bb06f81dfa853625630866b38b4209a234798c14f229931d969e1a82
SSDeep
12288:d917niCBVEspiu7hLtvh/m+w9j5S7yDXzKR/xNK9aVR98bSrBBHoz++A2WsjK3K:Rni/MnaBWix
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2021-Oct-15 20:10:13
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Magic
PE32
LinkerVersion
48.0
SizeOfCode
0x88200
SizeOfInitializedData
0x800
SizeOfUninitializedData
0
AddressOfEntryPoint
0x0008A116 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x8c000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x90000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
bc25fd4a210d2cff561ad289e0e15dcc
SHA1
6e75a00b1eb9cf9e5f4c41887e1ec69f34e9bce3
SHA256
d32506de35d32961a9f682fef3a8bddfcd6796166783f03564cc6551173b5cb1
SHA3
39c4e12c63945ca5c41700c91cdf3c00cb3b33375fd7877fbab2d72b00ddf1f7
VirtualSize
0x8812c
VirtualAddress
0x2000
SizeOfRawData
0x88200
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
5.91542
MD5
559378ffafcb9e96670b3741a2850079
SHA1
91e1e22a54312c6433ef386a227650667258c36a
SHA256
631615b705f4f8e0ec97fd7a9d86525e80ef459d58cb17ead991409766996f98
SHA3
b4c811aa25afd6a8b5accc382365f6022ddfe4a15bafeba6056601df2c3d9f2f
VirtualSize
0x5ac
VirtualAddress
0x8c000
SizeOfRawData
0x600
PointerToRawData
0x88400
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
4.06332
MD5
fc790cf8bbb7444c0d3c3a74297db97e
SHA1
76883bcca27e97ac40b38f3effad4cad68ef8dae
SHA256
2c10366ac7d477844d0ec23d19a047f103a76c73bd77f2df142dc6e94d194234
SHA3
458ab949f4401ed280c6dd9418c150e27ee6aa15e786e499dbf0be6387d57d58
VirtualSize
0xc
VirtualAddress
0x8e000
SizeOfRawData
0x200
PointerToRawData
0x88a00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x31c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.2322
MD5
f9f17fa9be450a2a9d2fdb6d97fd87a9
SHA1
69b75a6b4bdeaac1df9370d61db0b79ca3c75f4f
SHA256
fa249ce9cb6519fcfdc1225c9774dc375b1e66fdda7b4d95e776cd02d5b05854
SHA3
1604ec5b272944ff846a38a79a0cf797773bcbbf95f48fc48fdbf55f582d6c07
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
b7db84991f23a680df8e95af8946f9c9
SHA1
cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256
539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3
4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
FileDescription
Seatbelt
FileVersion (#2)
1.0.0.0
InternalName
Seatbelt.exe
LegalCopyright
Copyright © 2018
LegalTrademarks
OriginalFilename
Seatbelt.exe
ProductName
Seatbelt
ProductVersion (#2)
1.0.0.0
Assembly Version
1.0.0.0