Manalyze report for 69c1c648ca3a5537c1afed2364f55d8c

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jan-18 01:44:27
Comments
CompanyName
FileDescription	OQ.MineBot
FileVersion	`1.0.0.0`
InternalName	OQ.MineBot.GUI.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	OQ.MineBot.GUI.exe
ProductName	OQ.MineBot.GUI
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: qEMu`
Suspicious		Unusual section name found: A3\x059m"(` Section A3\x059m"(` is both writable and executable. `Unusual section name found:`
Malicious	VirusTotal score: 7/67 (Scanned on 2021-06-02 18:58:50)	`McAfee-GW-Edition: BehavesLike.Win32.Generic.wc` `Gridinsoft: Trojan.Heur!.03013281` `AhnLab-V3: Unwanted/Win32.Agent.R233985` `Malwarebytes: Trojan.Crypt.MSIL` `SentinelOne: Static AI - Suspicious PE` `Webroot: W32.Coinminer.Gen` `CrowdStrike: win/malicious_confidence_60% (W)`

Hashes

MD5	`69c1c648ca3a5537c1afed2364f55d8c`
SHA1	`60f036f4a6b1717d5ddcf105d706b3f6e166e00f`
SHA256	`c7b6758e63d0047dfd3c6d1bda3bf24e544eb72f067b2aa360bc0749e272c83b`
SHA3	`c15a9d922255c19b8cff5e484a69d2da9d18f8aab89062aa05ed0b781e2e1986`
SSDeep	`49152:uZ9aVGbGAIOo3ENZI5DwFdMa8jhrQ2np5K6N:TGiXz3Er7MaohE2e6N`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Jan-18 01:44:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x1d5c00`
SizeOfInitializedData	`0x1d9e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x003B600A (Section: )`
BaseOfCode	`0x1ac000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3b8000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

A3\x059m"(`

MD5	`aaca966bb4f26576f19325cdf562c301`
SHA1	`830a32e6fab4c672457f34c7f7a8fd806c3d8433`
SHA256	`8e2e76c8e15bc565acfdf0a256255bb921dbdf33d2ec8dd27e017591f606a6a4`
SHA3	`f3865d175af39d30fdba4463243afe3049692fdb53e9e3b4221191c46ab51b93`
VirtualSize	`0x1a93c4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1a9400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99991`

.text

MD5	`ff749c462f3c82167d83041e44ba6171`
SHA1	`80e9edf60f9f0db00d92162e484c2805e5aee0a4`
SHA256	`0e2817b69acb813fe1e83bb9179c6fa0406e2fa4966e87b0e315f5500a56f470`
SHA3	`d611d4ae88d8af7e63ee025fb76f93a308f948edb072f93f99622dfe460d7ee9`
VirtualSize	`0x1d5820`
VirtualAddress	`0x1ac000`
SizeOfRawData	`0x1d5a00`
PointerToRawData	`0x1a9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67371`

.rsrc

MD5	`e67a75610789fca383867abba68fa4a2`
SHA1	`1797d1b8f32d3cbcf611c76c138bc9afd032fb0c`
SHA256	`2eabe3e3ed6d8188a2d54524254ad16532978e64ed5317454a37ffa634f9e1ef`
SHA3	`6598717ad84d59e6dbb566059ec2edf796da35c63210d4cfa10a5ec611b4bf05`
VirtualSize	`0x30688`
VirtualAddress	`0x382000`
SizeOfRawData	`0x30800`
PointerToRawData	`0x37f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.04474`

.reloc

MD5	`5a8b8a048d35d23896b76b20ca68897e`
SHA1	`6ef06f293356ef1991e414002c86befe2453c085`
SHA256	`f566c49055f771e38baa05ea41a3cb48641f6fe5ef8a09e55e2d9268014ae4ad`
SHA3	`96a0f7ae6324dd9e65666d740eaa3905db0e0da3afbd3f264d4fe8fad0e15074`
VirtualSize	`0xc`
VirtualAddress	`0x3b4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3afa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0980042`

Section_5

MD5	`7a9c7f9dbbf4aef4dcf2b199acfeafee`
SHA1	`3ab1831bcc4b8082d9c4a3f7fe283d62c7883645`
SHA256	`48f903f9423ec1aaa17364f6092e90e793efb234477319abc49281b54e219748`
SHA3	`f51082ec51cf8ff0724dc730c830cf5d98fb5ebceb32a8321660d12692b0ff0e`
VirtualSize	`0x10`
VirtualAddress	`0x3b6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3afc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.142636`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x17c04`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99287`
Detected Filetype	PNG graphic file
MD5	`debac88a3aaa30cabb5217f420aaa31a`
SHA1	`485f4d551507f1770b6def37eac90a987297eea2`
SHA256	`ee704dd379147d8f14b7c8919e52a0960822e952161c33a5a39e223dce3107b3`
SHA3	`5d2fe002096a0c6e79a14cae87d91f3323acce7d2bebe892bf5382ab4e1cd1dd`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92612`
MD5	`e4b0f85c14c4d88572762a36e743e57e`
SHA1	`b4cd62f1ea6f4edb01b7e38f57df598026fdd5b9`
SHA256	`531b6e19141ba649824889f4d03163afe87842cee9dc420ec5bdb874d99607b8`
SHA3	`25b3a0e0a241e72af414c9b373e53b7f419a994dc28970cbfcf31649d68950c0`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32166`
MD5	`01405052ae9b46d0292579b46acf00ec`
SHA1	`cef9e79bc06b013b0d9a5609233fcc6ec8aaa60c`
SHA256	`eba0e6cfefe8119c03f5d81a2743c50dd90fcf4a5a8ef8a14001156f2b266424`
SHA3	`c9753a9410f46492d1b3c65fed7a053488328aa75f5c2ca2321dd33227d41ae1`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.74992`
MD5	`b78e18dd35c3ee4b6d0ab7c3a5e073f5`
SHA1	`3f2572046d2de7bdda8b144f77c7d5d49743026b`
SHA256	`7be13f3862dd07fe418c249b1224b40b5433f84d733bd0ec7e0a589680005bf3`
SHA3	`7b88906fc90c937d699529cae064754b1eabd31356e63156c6e5f2b937b23081`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.13064`
MD5	`539ef45065136065bc1ea7f6603dbfae`
SHA1	`df3d25ccebeb1ab2de712b29bd9c05e5a3165ef9`
SHA256	`8d9a045f028ba9e872bb335c7b14dbb0558008a37a6ffb5c7870274e48143158`
SHA3	`2e181544c4d03a43062bb443cc0e2a8d3ce84699f0f8cf646e888f1de66ea607`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.60225`
MD5	`0099fe0f139c1c92c720494d6b72192d`
SHA1	`b33da9ba2b05b1973e0ba003b0aabdffbad4ce96`
SHA256	`d32046089a1637dedd22275eb8df13ab468f210ddf0776d65e9122fd15dd532e`
SHA3	`7740ddb2d5e7aff52fa46a6a3454c876d4324f8fcb37f019da24c7742f3775d8`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79393`
Detected Filetype	Icon file
MD5	`044c718f109405771717af7e78411742`
SHA1	`78a94fe668a28381caf6138539f44936b6b5e27c`
SHA256	`b3d2c2a1c628104476e949a5d7506bb5d0575e4ee7d9ec61d7b33bb8b2899e97`
SHA3	`3cee5280830ba3b91f3a662df39c23901d0b8ac2a9a67206f3d5433acff82dda`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30136`
MD5	`4b40f21e2393c99a248ba2a844e7cc24`
SHA1	`7c8d487a6aba88f5b0e28a1e9773ea06166518f6`
SHA256	`09dfdc13638bbf00015bd5a0a9905963536c437a2ae3942bfecd3b3de14c7aa8`
SHA3	`83525a977ccd274043ec016ec4306d5764ce1712e16009ada8c01eddc41a3d89`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	OQ.MineBot
FileVersion (#2)	1.0.0.0
InternalName	OQ.MineBot.GUI.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	OQ.MineBot.GUI.exe
ProductName	OQ.MineBot.GUI
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

69c1c648ca3a5537c1afed2364f55d8c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

A3\x059m"(`

.text

.rsrc

.reloc

Section_5

Imports

Delayed Imports

1

2

3

4

5

6

32512

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors