Manalyze report for 5ec3421342cf6e27ccdd330e9741677fdb4d00c8efc7fa910486d908ccf80720

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Aug-18 17:06:31
FileDescription
FileVersion	`1.0.0.0`
InternalName	Output.exe
LegalCopyright
OriginalFilename	Output.exe
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 54/70 (Scanned on 2025-09-07 11:08:54)	`ALYac: Gen:Variant.Jalapeno.2922` `APEX: Malicious` `AVG: Win32:MalwareX-gen [Bd]` `AhnLab-V3: Trojan/Win.AsyncRAT.C5480705` `Alibaba: TrojanDropper:MSIL/AsyncRat.d706be1e` `Arcabit: Trojan.Jalapeno.DB6A` `Avast: Win32:MalwareX-gen [Bd]` `Avira: TR/Dropper.Gen` `BitDefender: Gen:Variant.Jalapeno.2922` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.Ghanarava.1756766156da0dc9` `CTX: exe.trojan.msil` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.PWS.Stealer.35217` `ESET-NOD32: a variant of MSIL/TrojanDropper.Agent.FVC` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Jalapeno.2922 (B)` `F-Secure: Trojan.TR/Dropper.Gen` `Fortinet: MSIL/Agent.FVC!tr` `GData: Gen:Variant.Jalapeno.2922` `Google: Detected` `Gridinsoft: Malware.Win32.XWorm.tr` `Ikarus: Trojan-Downloader.MSIL.Agent` `K7AntiVirus: Trojan ( 005c78c61 )` `K7GW: Trojan ( 005c78c61 )` `Kaspersky: HEUR:Trojan-Dropper.MSIL.Dapato.gen` `Kingsoft: MSIL.Trojan-Dropper.Dapato.gen` `Lionic: Trojan.Win32.AsyncRat.b!c` `Malwarebytes: Trojan.Dropper.MSIL` `McAfeeD: Real Protect-LS!E00C66CBB02C` `MicroWorld-eScan: Gen:Variant.Jalapeno.2922` `Microsoft: Trojan:MSIL/AsyncRat.ABJU!MTB` `NANO-Antivirus: Trojan.Win32.Stealer.laxfku` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Malware.Obfus/MSIL@AI.88 (RDM.MSIL2:mGawx3lGUiuZ+4F0o6Kilg)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.vc` `Sophos: Troj/Mdrop-JWQ` `Symantec: MSIL.Dropper!gen1` `Tencent: Trojan.MSIL.Asyncrat.ca` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!E00C66CBB02C` `TrendMicro: Backdoor.Win32.XWORM.YXFHSZ` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9l` `VIPRE: Gen:Variant.Jalapeno.2922` `Varist: W32/MSIL_Agent.HXS.gen!Eldorado` `ViRobot: Trojan.Win.Z.Jalapeno.7134720` `ZoneAlarm: Troj/Mdrop-JWQ` `alibabacloud: Trojan[dropper]:MSIL/AsyncRat.AKUI3DGW` `huorong: Backdoor/MSIL.AsyncRat.h`

Hashes

MD5	`e00c66cbb02cdedfcf374cfbc6da0dc9`
SHA1	`3cc127a5529dff449c3587845901c8504ad6fcf9`
SHA256	`5ec3421342cf6e27ccdd330e9741677fdb4d00c8efc7fa910486d908ccf80720`
SHA3	`6b12068cf45aa601cefefb4897c4deaf8203dd7016846a7ac7ae60c323b12150`
SSDeep	`196608:sU0mOAjZXAZj6khF47fqscyenvpvV9n/FL1KBrAf:8NAOJD8Gscyevpvv/FLYg`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2025-Aug-18 17:06:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x6cd400`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x006CF20E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6d0000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6d4000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ecb8b6a32850180d70c2737aaa32446e`
SHA1	`a54df4d0ff93337611a2cc8994538e5ea7ab01ba`
SHA256	`10799a8b019a2a39bdf1c673c0b2f9990dfef0f8896f59f99f810c30a86c22b1`
SHA3	`4eaf3183f1c17c6ed6ff58a53cf366399a17aead5a5fe3fe81173adcdb39af2d`
VirtualSize	`0x6cd214`
VirtualAddress	`0x2000`
SizeOfRawData	`0x6cd400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99992`

.rsrc

MD5	`f09f8121d5b92098749a97913a43aac1`
SHA1	`6fdf26fd27beca868c15081fe002a934da63b8ef`
SHA256	`bad9f2c49d54963e33b5edaaac0dc74841982f16ee77b456aa71eb6517bf865d`
SHA3	`bb95e5ba242c6728a519fbf6947dc20e27a7c0cc03bfe88d94bc78c1ad01b418`
VirtualSize	`0x4ce`
VirtualAddress	`0x6d0000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6cd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.71101`

.reloc

MD5	`b711a7fafb007e10c1676e6d2eb985c5`
SHA1	`b5f1cdd8c9051be95f8583146697720e6d734b5c`
SHA256	`25eb4e80ddf2cc6886daee2e04cfb2db649fff6f5426fc9db954b3e82c8bbd1c`
SHA3	`83740449b27a0767c2f4437cf4c30132010c9871000a3097a2698301ddb06869`
VirtualSize	`0xc`
VirtualAddress	`0x6d2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6cdc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x244`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19147`
MD5	`a390b397fa5a7eb7bdc7b55921bddb4a`
SHA1	`3182ebe61879d659a99a7408847dd406b66b1cc6`
SHA256	`18a3741b81aeb21f08ad4a61cf056a7aa4ee148be64e15aaa99af147332924bc`
SHA3	`ecae79308695e3cab9930f913c3d3a699cae961e6525467072f1ac640745f8d3`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	Output.exe
LegalCopyright
OriginalFilename	Output.exe
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.