Manalyze report for 67d02a501f65eec30c06931f8dd6cdc2a309c27379480044cc3f46c2c453b393

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Apr-22 13:26:41
Debug artifacts	D:\Work\Updaters 2.0\Updater_172_Kain\Updater\obj\Debug\Kain.pdb
Comments
CompanyName	UpNova.ru
FileDescription	Kain
FileVersion	`1.0.0.0`
InternalName	Kain.exe
LegalCopyright	Copyright Â© 2020 UpNova.ru
LegalTrademarks	UpNova.ru
OriginalFilename	Kain.exe
ProductName	UpNova.ru
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: UpNova.ru adobe.com hardcodet.net http://ns.adobe.com http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://purl.org http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://www.hardcodet.net http://www.hardcodet.net/taskbar http://www.shinntype.com http://www.shinntype.com/ShinnType_EULA.pdf http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://updhasfyerted.kain.ws https://updhasfyerted.kain.ws/config/ microsoft.com ns.adobe.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org shinntype.com www.hardcodet.net www.shinntype.com www.w3.org
Malicious	VirusTotal score: 6/72 (Scanned on 2025-10-08 02:14:41)	`DeepInstinct: MALICIOUS` `Fortinet: PossibleThreat` `MaxSecure: Trojan.Malware.335198140.susgen` `Panda: Trj/Chgt.AD` `Skyhigh: Artemis!Trojan` `TrellixENS: Artemis!EADC6065B861`

Hashes

MD5	`eadc6065b861660b47fc62dcf5345728`
SHA1	`380386a2ef00dd5b47623aa05a892d024ac2fdbe`
SHA256	`67d02a501f65eec30c06931f8dd6cdc2a309c27379480044cc3f46c2c453b393`
SHA3	`2222665748167159a4f2d3bc74b5c93841d885f98bbaa0cb90414f94d0be3d51`
SSDeep	`24576:BL29+8fF8fkeySL10NjgFGrZ84rfsPFp7GIUFRz5bUdZACuJpUv9p6:BL2vF8xTLnGrZNwPXGzz5YdZACuJpU`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2025-Apr-22 13:26:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x232800`
SizeOfInitializedData	`0x12800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002320A2 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x236000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x24c000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7594c975070c227c7cd2c92fed75a2f7`
SHA1	`3774b68fa23e35335d47060d148e50eded8e3cf6`
SHA256	`3291bd5fc112635deccf6b895b2d9a3b8690c11b591841ac5bfcf7bc9fff0e2f`
SHA3	`5638781652e53f36be64e027e148bb76c558a9aebbfa5da9e734d591253fa8fc`
VirtualSize	`0x232688`
VirtualAddress	`0x2000`
SizeOfRawData	`0x232800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44588`

.rsrc

MD5	`fbca25edf834d6b702392b24e4305195`
SHA1	`ce56bc01424c305b274d3eca54a428b3b2ca48fb`
SHA256	`bd548cf22eacaae4d7084207f78b6c4d728de12dd5372e028c3de9edf4350a0c`
SHA3	`1cb5ffa43c7d1c10839b5419d18ca15d9a397cf86cec32eca0b5bda92c10d4d9`
VirtualSize	`0x12478`
VirtualAddress	`0x236000`
SizeOfRawData	`0x12600`
PointerToRawData	`0x232a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.95957`

.reloc

MD5	`2fe7d6e5683008bd1527458667f68b53`
SHA1	`9bc082067cf6052071bb6ff26340343d582f7a45`
SHA256	`fe5a9c8dd1d830ed42783dfac3849f729caea33b77f9c56825bbd166b336d580`
SHA3	`e3b3e745de32e2a5d38dadbe4cc8d507a21a072fb5bb64afb261cc80f8f01608`
VirtualSize	`0xc`
VirtualAddress	`0x24a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x245000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x11e0c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98688`
Detected Filetype	PNG graphic file
MD5	`f2f7d5934c7345374eb295be9812dce9`
SHA1	`88df81ffe019237d7a3837c74d0b21ace59ea00d`
SHA256	`0383c42127182b4656f98a11caa9da8b5d3b7ee4edca050a14abeed4eca3bc0d`
SHA3	`e63e15431c3a39225f579cf13cffd056a3872ed65d2e4c1d7b5d39b30d6235ed`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.59047`
Detected Filetype	Icon file
MD5	`1d938225b3a64e04cdc48523fb208d83`
SHA1	`bc52adeca96d30a1039fed9326973f07fa57600f`
SHA256	`09a5cce00ac0b649569955099d8cac0ee6b028c000c1cad7b2043f8ada7779e1`
SHA3	`5d2a0a8e7402f609d664f6fe7ca36c876639b356753113b3f523d3a120629ad7`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29568`
MD5	`7be0dbc7cf6f4c0818d6bac4b001f394`
SHA1	`87b7841a823dd6caab99b74c1bc91e5d0263bd5e`
SHA256	`e71ae5fcc78ddbeea09c8a4686b2743656eb50a0d56595d53f54fbe9a8cdfe12`
SHA3	`0c1f6d417a6ddb190d6ed735208378ccb36d49051030dc325d51361a729b2c38`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	UpNova.ru
FileDescription	Kain
FileVersion (#2)	1.0.0.0
InternalName	Kain.exe
LegalCopyright	Copyright Â© 2020 UpNova.ru
LegalTrademarks	UpNova.ru
OriginalFilename	Kain.exe
ProductName	UpNova.ru
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Apr-22 13:26:40
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x231f34`
PointerToRawData	`0x230134`
Referenced File	D:\Work\Updaters 2.0\Updater_172_Kain\Updater\obj\Debug\Kain.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.