Manalyze report for 626eee537ebdc9e3321fac414fcfce977f099cacb98cd3c57be4c5252fec2614

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Nov-19 04:27:42
FileDescription
FileVersion	`1.0.0.0`
InternalName	Nony.exe
LegalCopyright
OriginalFilename	Nony.exe
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Malicious	VirusTotal score: 39/71 (Scanned on 2025-11-19 10:30:00)	`ALYac: Gen:Variant.Barys.53779` `APEX: Malicious` `AhnLab-V3: Trojan/Win.Crypt.C5417594` `Arcabit: Trojan.Barys.DD213` `Avira: TR/Spy.Gen` `BitDefender: Gen:Variant.Barys.53779` `Bkav: W32.AIDetectMalware.CS` `CTX: exe.unknown.barys` `CrowdStrike: win/malicious_confidence_100% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: BackDoor.XWormNET.5` `ESET-NOD32: MSIL/XWorm.N trojan` `Elastic: Windows.Trojan.XWorm` `Emsisoft: Gen:Variant.Barys.53779 (B)` `F-Secure: Trojan.TR/Spy.Gen` `Fortinet: MSIL/Agent.ECL!tr` `GData: MSIL.Backdoor.XWorm.C` `Google: Detected` `Ikarus: Trojan.MSIL.Bladabindi` `K7AntiVirus: Trojan ( 700000201 )` `K7GW: Trojan ( 700000201 )` `Kaspersky: HEUR:Trojan.Win32.Generic` `Kingsoft: malware.kb.c.1000` `McAfeeD: Real Protect-LS!65DC684FF904` `MicroWorld-eScan: Gen:Variant.Barys.53779` `Microsoft: Trojan:Win32/Wacatac.C!ml` `Rising: Malware.Obfus/MSIL@AI.88 (RDM.MSIL2:TK6AatRP300r2bavIghrnw)` `Sangfor: Virus.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.nm` `Sophos: ML/PE-A` `Symantec: MSIL.XWorm!gen2` `Trapmine: malicious.moderate.ml.score` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9t` `VBA32: Malware-Cryptor.MSIL.AgentTesla.Heur` `VIPRE: Gen:Variant.Barys.53779` `Varist: W32/MSIL_Kryptik.MVD.gen!Eldorado` `huorong: Trojan/MSIL.Injector.nq`

Hashes

MD5	`65dc684ff904f82f0ad0fd298e56efdc`
SHA1	`40817eba67fa3db86929d238240374117289fb1f`
SHA256	`626eee537ebdc9e3321fac414fcfce977f099cacb98cd3c57be4c5252fec2614`
SHA3	`3bbb11aeea8e3c3019f22a66fe8cf2846f8a8828cff98887273681886bee782c`
SSDeep	`1536:NIySoTUYxs9vyaQ5wEjbEkfxdwNECtMGVuXxvKaYenODibbJdV:NVTCQ5wEzJdG3MG2xvzrODibbN`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2025-Nov-19 04:27:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x16a00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001887E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1e000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`04de223e5ce7634774f773fe66312c71`
SHA1	`743ddf6b5403339eb1c9faf6e2166b95f808347e`
SHA256	`2f06e2c32b2d00293806af21f0d9794fd8ec0524ddcee272b2f632b9c3d18513`
SHA3	`1747cd0b31794522409fcd4801239828a1a4f9c45d2332a0a8bbba21ee42ed67`
VirtualSize	`0x16884`
VirtualAddress	`0x2000`
SizeOfRawData	`0x16a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67944`

.rsrc

MD5	`fbc3ae06be3e4b339ee9bd19eff2d7fc`
SHA1	`5792fc6270f1a6f9465e45a105321a0e8373398c`
SHA256	`9df32cf8fa5211e686d70c13480d8c81f6a03c9b9b4751e3f7c9ed7530e08adf`
SHA3	`62de03d83fa42caf93b5cd01efb8d4e3aaf5c51f2dbc54766935c14a20871c38`
VirtualSize	`0x600`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x600`
PointerToRawData	`0x16c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.69675`

.reloc

MD5	`8201090430e37626b8377cc1d5c6ce79`
SHA1	`f4f6086b76dcb4a63c26c80b2eadecb60347bf01`
SHA256	`7f660fb00d896e900059670b50d6e9b5395952e77c07afcbbae5302153807259`
SHA3	`fc374b2f46c8b86044927d5ee395e60eb63db0dd13634e6b1077610c5e9c59eb`
VirtualSize	`0xc`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0980042`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x23c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16691`
MD5	`8f26b9614c7c02a2bfa0f5bd7361ec1f`
SHA1	`13a6132ce7291ce1aeb66c7fffe94baab47ce5c1`
SHA256	`1260989223abe2e69b51c91c30ed9071e0b7baad24487a8d9e0beb2c4042300f`
SHA3	`5c050cb7133b9d83a2a44ea53ce44580ecb1c1311e0cef6e31cfc4c24e3380fa`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	Nony.exe
LegalCopyright
OriginalFilename	Nony.exe
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.