Manalyze report for 5e70f97e0dad9d4c3d99c9eba4be6accab5c96efc872c808375e4893d62bf792

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2099-Sep-14 18:42:27
Debug artifacts	C:\Users\user\ToyStoryChallenge\obj\Release\net48\ToyStoryChallenge.pdb
CompanyName	ToyStoryChallenge
FileDescription	ToyStoryChallenge
FileVersion	`1.0.0.0`
InternalName	ToyStoryChallenge.exe
LegalCopyright
OriginalFilename	ToyStoryChallenge.exe
ProductName	ToyStoryChallenge
ProductVersion	`1.0.0`
Assembly Version	1.0.0.0

Plugin Output

Malicious	VirusTotal score: 3/72 (Scanned on 2026-03-24 08:37:36)	`Google: Detected` `Ikarus: Trojan.MSIL.Rozena` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`3799b6c933dc2cfd8046ce1c07e655cd`
SHA1	`a780fef18703f88a22a58064b98e9758529a7219`
SHA256	`5e70f97e0dad9d4c3d99c9eba4be6accab5c96efc872c808375e4893d62bf792`
SHA3	`c85e3415f65baf7cfde1b9e4e955106289aea47de2251361fef0072a12804819`
SSDeep	`96:nkcjm3XAvRsRHpmZ4aE/x/3lqkzxWz+mwaHifkGizNt:nZjm3ORaS4f5zM5wK6kGE`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2099-Sep-14 18:42:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002E52 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3f747abcb6cd3d6abe5bd15a93ce2fa3`
SHA1	`10a28463db589d423dcc317da4a8a5a4738c4c35`
SHA256	`9335ef40671815b29b516dce941bfe9dea108e8a52bc335dc476d58d379cbe62`
SHA3	`54e2713c877b99efb1c6b17dc45843b71334d0f2749519097a6cd8d10aebea5b`
VirtualSize	`0xe80`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.09867`

.rsrc

MD5	`4a05cfca4dfb05d14c053cd483685cde`
SHA1	`52fc691d255840627fd62748d43754d1ab8ba378`
SHA256	`9236f50a7fbeb053fdda0bedc114271ea4754e630850caae7209a9034e43f690`
SHA3	`cc4ab6affcb5f557abc3dcb7794b737d8459c2ee717f949fb41b51ac71097c0a`
VirtualSize	`0x5a0`
VirtualAddress	`0x4000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.05871`

.reloc

MD5	`023bcb04d56330a105aebf62ccd35e8e`
SHA1	`35b28d3a8a21344718b41070654d652d8b63165a`
SHA256	`514c46213dfbcce7ae2faf48e329bba191709cd910f3ba6421fb9f8acd8d05c9`
SHA3	`888e11be0ebd337588cff805cd875509f783d8f4a747f1a670a0a97b5029f7c9`
VirtualSize	`0xc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x310`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25075`
MD5	`6cbd95216e88265d3675f3b15bf2a92b`
SHA1	`206f520944694b301d57414b4f4406ab9feb0a79`
SHA256	`f35e463b27791a6545f6286b526a7da0df9613986ee86cec0ee2a219ca5e4275`
SHA3	`1daf80a7be849a2c652bda07752883494051fb72cbfc82419b1e6591d4d275cb`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	ToyStoryChallenge
FileDescription	ToyStoryChallenge
FileVersion (#2)	1.0.0.0
InternalName	ToyStoryChallenge.exe
LegalCopyright
OriginalFilename	ToyStoryChallenge.exe
ProductName	ToyStoryChallenge
ProductVersion (#2)	1.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2062-Oct-03 19:16:24
Version	`256.20557`
SizeofData	`96`
AddressOfRawData	`0x2d78`
PointerToRawData	`0xf78`
Referenced File	C:\Users\user\ToyStoryChallenge\obj\Release\net48\ToyStoryChallenge.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`1.0`
SizeofData	`39`
AddressOfRawData	`0x2dd8`
PointerToRawData	`0xfd8`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.