Manalyze report for 609ad3d99e5148f54dac7a5e65868a39

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Jan-10 14:36:40
Comments	oversee generate venture progress perceive conceive comprehend lazy bright train.exe
FileDescription	it lazy white.exe
FileVersion	`8.8.0.3`
InternalName	XeniaZacharyGrace.lnktYuL
LegalCopyright	plan dark sprint revolutionize motivate (c) 2023
OriginalFilename	XeniaZacharyGrace.lnktYuL
ProductVersion	`8.8.0.3`
Assembly Version	8.8.0.3

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants`
Malicious	VirusTotal score: 31/72 (Scanned on 2025-01-11 05:00:22)	`ALYac: Gen:Variant.Jalapeno.19250` `APEX: Malicious` `AVG: Win32:PWSX-gen [Trj]` `Arcabit: Trojan.Jalapeno.D4B32` `Avast: Win32:PWSX-gen [Trj]` `BitDefender: Gen:Variant.Jalapeno.19250` `CTX: exe.unknown.jalapeno` `CrowdStrike: win/malicious_confidence_90% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of MSIL/TrojanDropper.Agent.GCY` `Elastic: Windows.Trojan.Lumma` `Emsisoft: Gen:Variant.Jalapeno.19250 (B)` `FireEye: Generic.mg.609ad3d99e5148f5` `Fortinet: MSIL/Agent.GCY!tr` `GData: Gen:Variant.Jalapeno.19250` `Google: Detected` `Ikarus: Trojan-Spy.Win32.LummaStealer` `Kaspersky: HEUR:Trojan.MSIL.Injuke.gen` `Malwarebytes: Malware.AI.2246851199` `McAfeeD: Real Protect-LS!609AD3D99E51` `MicroWorld-eScan: Gen:Variant.Jalapeno.19250` `Microsoft: Trojan:MSIL/LummaC.ACIA!MTB` `Panda: Trj/GdSda.A` `SentinelOne: Static AI - Malicious PE` `Symantec: ML.Attribute.HighConfidence` `Tencent: OB:Trojan.Msil.Kryptik.16001593` `Trapmine: malicious.moderate.ml.score` `VBA32: BScope.TrojanPSW.Lumma` `VIPRE: Gen:Variant.Jalapeno.19250` `huorong: HEUR:TrojanSpy/LummaStealer.f`

Hashes

MD5	`609ad3d99e5148f54dac7a5e65868a39`
SHA1	`23c15205ab07661867ac18ae30a21726e6ee4e5a`
SHA256	`f73e64745ca4976d051b2d904d73762edab5eb84bf82bbf78a9a1f9aa31fee91`
SHA3	`ba3d9a92b69fffad373b838c2d5035391efb6662530ddd7d251863171310751d`
SSDeep	`12288:8yL0W0ZwvcPjoWLXJUgYnXgpLdt3zbALdX0J:fLAyvcPjoWLXJUgYXgp`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2025-Jan-10 14:36:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x77200`
SizeOfInitializedData	`0xa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0007904E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x7a000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7e000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c8043aab26801ea9f847d4ea00e2d598`
SHA1	`1e2bfb76fc00e2330094471687c7f899be11955f`
SHA256	`a06ca9b78b65111e6323a943f063d0de6a606357502ecdf3c5aa9d0f38c082cb`
SHA3	`d94b8775074d84294bd7bf283f1f3b182ade96d763f646d501cbf7fb36aaf3f9`
VirtualSize	`0x77054`
VirtualAddress	`0x2000`
SizeOfRawData	`0x77200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.03672`

.rsrc

MD5	`f62ef601b4708095c4a080184a5a1c94`
SHA1	`fb15ec6cca03b2fb591432c87e0eddcfb30a1aa2`
SHA256	`172a7f71ffdb589f290ade1869e309357b1fbf4bba7c76d77b2ea02725644cc0`
SHA3	`28b4686fe9851e6fb3f1a5c97294105f3a83bdd1c9281a86664050bb5fbe7bab`
VirtualSize	`0x64a`
VirtualAddress	`0x7a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x77400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.56083`

.reloc

MD5	`997f8b1fe39fb45d9c3781fb77da85bb`
SHA1	`1e7b32a91d148b2a1150a57ba1db1a8e3f69830f`
SHA256	`e70c24233eb3fa58a9f25b0bda02bc7d430a79ba73d665280a9f6192f2acfa35`
SHA3	`163496145baa6b9190f3375bf064138ac570453c93fa29da388aaee0806164b0`
VirtualSize	`0xc`
VirtualAddress	`0x7c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x77c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41499`
MD5	`b267a6350fe6e1be9fedfd9daea4cea7`
SHA1	`31dfd59617a0cf6693678113ad386111f9e4b449`
SHA256	`4d4dffcbc24a616beac345d07c990e79094ce6d1e5afcf044167c26e82c08a82`
SHA3	`073d6a86496a53475105e3d44194fad5b575ec709cd1869848c4c23107df0d58`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	8.8.0.3
ProductVersion	8.8.0.3
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	oversee generate venture progress perceive conceive comprehend lazy bright train.exe
FileDescription	it lazy white.exe
FileVersion (#2)	8.8.0.3
InternalName	XeniaZacharyGrace.lnktYuL
LegalCopyright	plan dark sprint revolutionize motivate (c) 2023
OriginalFilename	XeniaZacharyGrace.lnktYuL
ProductVersion (#2)	8.8.0.3
Assembly Version	8.8.0.3

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

609ad3d99e5148f54dac7a5e65868a39

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors