Manalyze report for 5c0f7979dbfcf26f6db6d565b93bc855

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-10 06:33:11
Comments
CompanyName	Priform
FileDescription	Birthday Reminder
FileVersion	`5.3.0.1`
InternalName	BRscp.exe
LegalCopyright	Copyright Priform 2026
LegalTrademarks
OriginalFilename	BRscp.exe
ProductName	Birthday Reminder
ProductVersion	`5.3.0.1`
Assembly Version	5.3.0.1

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Malicious	VirusTotal score: 46/72 (Scanned on 2026-02-11 03:25:33)	`APEX: Malicious` `AVG: Win32:MalwareX-gen [Cryp]` `AhnLab-V3: Malware/Win.Kryptik.C5846159` `Avast: Win32:MalwareX-gen [Cryp]` `BitDefender: Trojan.GenericKD.79106854` `Bkav: W32.AIDetectMalware.CS` `CTX: exe.trojan.msil` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.Inject6.26017` `ESET-NOD32: MSIL/Kryptik.APKT trojan` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.79106854 (B)` `Fortinet: MSIL/Formbook.FQQD!tr` `GData: Win32.Trojan.Agent.JLUCCI` `Google: Detected` `Gridinsoft: Trojan.Win32.Kryptik.sa` `Ikarus: Trojan.MSIL.Inject` `Kaspersky: HEUR:Trojan.MSIL.Crypt.gen` `Kingsoft: malware.kb.c.804` `Lionic: Trojan.Win32.Crypt.4!c` `Malwarebytes: Malware.AI.3946598785` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Real Protect-LS!5C0F7979DBFC` `MicroWorld-eScan: Trojan.GenericKD.79106854` `Microsoft: Trojan:MSIL/Taskun.STDF!MTB` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Trojan.Kryptik!8.8 (CLOUD)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: Artemis!Trojan` `Sophos: Troj/Krypt-AQM` `Symantec: Scr.Malcode!gdn34` `Tencent: Trojan.MSIL.AgentTesla.16003029` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!5C0F7979DBFC` `TrendMicro-HouseCall: TROJ_GEN.F0D1C00BA26` `Varist: W32/MSIL_Kryptik.MUC1.gen!Eldorado` `VirIT: Trojan.Win32.MSIL_Heur.A` `Webroot: W32.Trojan.Kryptik.Lzfl` `Yandex: Trojan.Igent.b5ZXef.2` `ZoneAlarm: Troj/Krypt-AQM` `alibabacloud: Software:MSIL/Taskun.SS#93DGW` `huorong: HEUR:VirTool/MSIL.Obfuscator.gen!A`

Hashes

MD5	`5c0f7979dbfcf26f6db6d565b93bc855`
SHA1	`1e85fe4ef50ec46f8b5ef710a9e64aa7a697fbb8`
SHA256	`a4ee12f9674be93285bebae1860592dbc2d4e9f0a1eb5f9d142a833c235f9af3`
SHA3	`6fc3af451a660528ce48cc99f774262e46e815da4e27b6a47415dd4562ad8627`
SSDeep	`24576:dguQErr2TLER8Xp1P6+u1zeQxk++IbqWOncLiWHW0g2bBsgab+H59ssQJuxUVic:KuZuTXHPuZe47bPGcL3HWN2VRabM59s`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2026-Feb-10 06:33:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x140a00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0014280E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x148000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`de4d8dd0b896532e3089a3403177f708`
SHA1	`907639ae8e34a495c2f3852c03f8e1be02e02f37`
SHA256	`494de8b4d2b41bfd712baa80b4c7a2ef4a31ebaa7dcfc7927443812ba517aad1`
SHA3	`6f1f4c21f12e1465c328958cdb08678527c9c6811abec8c7589392fbdba6f5c6`
VirtualSize	`0x140814`
VirtualAddress	`0x2000`
SizeOfRawData	`0x140a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.92236`

.rsrc

MD5	`3441ffb04c7802bf309f1f467f08e6cc`
SHA1	`4ef60e73b03c6d6af8cdea2ffcb926b18fbd7629`
SHA256	`4322ac0cf915384d36b67552a0a36a9678d49c8beac88bb655cc8c3ce3b4ffdd`
SHA3	`9c37257fdc294f449a7e2a7ab56909319ba659c241eb0050df86e0906193f723`
VirtualSize	`0x600`
VirtualAddress	`0x144000`
SizeOfRawData	`0x600`
PointerToRawData	`0x140c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1835`

.reloc

MD5	`0cd27fecab73782126f69a6419133e69`
SHA1	`8aa70e5b5b5a2adea7b351df33b2359ee118bb96`
SHA256	`a19a3474f91bec88c2dccb41aa9285c306d00dd53812fb98a7b1bd4f0ded8e06`
SHA3	`c5910e2d2ef3a106bf5cfacc5bb8538ed06ca292c689c6f6a6c8fee830fe2a02`
VirtualSize	`0xc`
VirtualAddress	`0x146000`
SizeOfRawData	`0x200`
PointerToRawData	`0x141200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35712`
MD5	`eaea2827973ec90e97019d9c63532279`
SHA1	`c3ac0ecbd0fece72606791966bb066bfef3a59d1`
SHA256	`7e039f47bcf7df43a3d69c30786f692f77fbb152b75fd191d77dcf4f34ca18df`
SHA3	`cb1b1b55f2b42592ad3b2cd836c9fed6350ec2e63389a2400ab40fc8fd07b667`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.3.0.1
ProductVersion	5.3.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Priform
FileDescription	Birthday Reminder
FileVersion (#2)	5.3.0.1
InternalName	BRscp.exe
LegalCopyright	Copyright Priform 2026
LegalTrademarks
OriginalFilename	BRscp.exe
ProductName	Birthday Reminder
ProductVersion (#2)	5.3.0.1
Assembly Version	5.3.0.1

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

5c0f7979dbfcf26f6db6d565b93bc855

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors