Manalyze report for 6ee7f3ecd5111cd5306792fd3141515d

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Aug-10 07:45:14
Comments
CompanyName	MSFree Inc.
FileDescription	KMSAuto Net
FileVersion	`1.3.8`
InternalName	KMSAuto Net.exe
LegalCopyright
LegalTrademarks
OriginalFilename	KMSAuto Net.exe
ProductName	KMSAuto Net
ProductVersion	`1.3.8`
Assembly Version	1.3.8.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 8.0` `MASM/TASM - sig2(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: SCHTASK Schtask control.exe sc.exe schtask` `Contains references to internet browsers: iexplore.exe` `Contains references to security software: sfc.exe` `May have dropper capabilities: %TEMP% CurrentControlSet\Services CurrentControlSet\services CurrentVersion\Run` `Accesses the WMI: root\cimv2` `Miscellaneous malware strings: Virus cmd.exe exploit virus`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES`
Info	The PE is digitally signed.	`Signer: Ratiborus MSFree Inc.` `Issuer: Ratiborus MSFree Inc.`
Malicious	VirusTotal score: 39/66 (Scanned on 2018-03-11 13:59:37)	`Bkav: W32.HfsAdware.6B84` `MicroWorld-eScan: Application.Hacktool.KMSAuto.B` `CAT-QuickHeal: HackTool.AutoKMS.FC.3225` `McAfee: Generic HTool.h` `Cylance: Unsafe` `K7GW: Unwanted-Program ( 004fa0b21 )` `K7AntiVirus: Unwanted-Program ( 004fa0b21 )` `Invincea: heuristic` `Cyren: W32/Trojan.TLVG-1451` `Symantec: Trojan.Gen` `ESET-NOD32: a variant of MSIL/HackKMS.I potentially unsafe` `TrendMicro-HouseCall: CRCK_KMS` `ClamAV: Win.Tool.Kmsauto-2` `Kaspersky: not-a-virus:RiskTool.Win32.HackKMS.i` `BitDefender: Application.Hacktool.KMSAuto.B` `Ad-Aware: Application.Hacktool.KMSAuto.B` `Sophos: KMS Activator (PUA)` `Comodo: ApplicUnsaf.Win32.HackTool.AutoKMS` `F-Secure: Application.Hacktool.KMSAuto` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: CRCK_KMS` `McAfee-GW-Edition: Generic HTool.h` `Emsisoft: Application.HackTool (A)` `SentinelOne: static engine - malicious` `Jiangmin: HackTool.KMSAuto.n` `Webroot: W32.Hacktool.Kms` `Antiy-AVL: RiskWare[RiskTool]/MSIL.HackKMS` `Microsoft: HackTool:Win32/AutoKMS` `Endgame: malicious (high confidence)` `Arcabit: Application.Hacktool.KMSAuto.B` `ZoneAlarm: not-a-virus:HEUR:RiskTool.MSIL.HackKMS.gen` `GData: Application.Hacktool.KMSAuto.B` `AhnLab-V3: HackTool/Win32.KMSAuto.R209007` `AVware: Trojan.Win32.Generic!BT` `MAX: malware (ai score=98)` `Yandex: Riskware.HackTool!7QxPaUSMW1c` `Ikarus: PUA.HackTool.Kmsauto` `Fortinet: Riskware/KMSAuto` `Cybereason: malicious.cd5111`

Hashes

MD5	`6ee7f3ecd5111cd5306792fd3141515d`
SHA1	`45c92d0e691175a39a8c61228f526f80a7ca94fc`
SHA256	`69a8ae6352cffd366409df8e566e84315b4bffcf5865a4b8079c446123ba1d26`
SHA3	`5015b0f5b08b420495454aa205ea8726501c148cdf4c18fb107338dd85179ccf`
SSDeep	`196608:0eywBGqyw1lT3ywuywQyw1ywlywaywTyw9lywfywEyw1ywHywwywmIBywyywsywv:IwBGnw1l+wjwNw4wIw3w2w9IwqwJw4w4`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2015-Aug-10 07:45:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`80.0`
SizeOfCode	`0x69a600`
SizeOfInitializedData	`0xc000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0069C4C2 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x69e000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x6ac000`
SizeOfHeaders	`0x200`
Checksum	`0x6ab464`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d96d3c1f27fdf8ed4ffc84bae8d08d53`
SHA1	`3d7a7de44f333b36e3bce4e739689b8420051814`
SHA256	`8c9240655a8aa6055e190444b341dc9a109990b79c03ff4b6fea8c364cc984d9`
SHA3	`471aeab4c818b7da6b9a866990ca8c00508a4487dee302e4e127e670787aa14f`
VirtualSize	`0x69a4c8`
VirtualAddress	`0x2000`
SizeOfRawData	`0x69a600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.09188`

.rsrc

MD5	`9fd389f93f01f78c83da3fd6f38a2dce`
SHA1	`8db451b07e1a3334e0f5a60e8ad5495a0cc5bdc5`
SHA256	`79789549d8e4a7ce5b7fe5db094fe8c76555ebbf624f2a2b28666bed5a4cd486`
SHA3	`5cab147a418b8b7e3718711102bf68fa2c2125e9d4d37b9c749a525140f5bc92`
VirtualSize	`0xbc3c`
VirtualAddress	`0x69e000`
SizeOfRawData	`0xbe00`
PointerToRawData	`0x69a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.62475`

.reloc

MD5	`cc481ba5a719ca3f1636116bf8fb9c81`
SHA1	`66967131b7e5b1b1fb7b7c5d6b7dd832e32f115e`
SHA256	`34aed731e9b854cb2c383fe43d56844ae095204ca31d2d84161a13bb3a119aca`
SHA3	`f7eeda6cd14b8c308a02cfbcbe598b5f49754bb306a41f0f308d41cbed928d68`
VirtualSize	`0xc`
VirtualAddress	`0x6aa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6a6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77266`
MD5	`b91dfb58d28a620ce5903736baafed0d`
SHA1	`399ea2003cb06393d4d8552d4d3ed308e0da2e28`
SHA256	`a5b578dd05dd966b8154c45589d9f4c4997c388f89cd1615f0507594f9671b8f`
SHA3	`e328d0612cf1ff38c411927390b44e130149cd7243e12f75a63fdd839e8c4ec1`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29604`
MD5	`eeedec0e99eddbf26b17e36eea0b76ac`
SHA1	`25826ac568237b22e43f8ceb021f333514be19d5`
SHA256	`2902fad50697e55603cdf43006ecb62a518dcb01872ba79d11ea1719c04868ff`
SHA3	`30003259647b920d96f05125f691c5d511004413bd48216d057ce914ff8448f0`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.35071`
MD5	`7abe8c176dbe2ae2ad5f9b41b39da62d`
SHA1	`fdacd53099ada70fcf91988cef9e29e4b490ca81`
SHA256	`cc3506eadd7e416b621899c23c435280f2869dc45a66b99b95ac0d92df654261`
SHA3	`6a4bdcca2822234763e90d596747bd97dbfc1e2019ccd4900eb92f5f586b31f6`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03007`
MD5	`02a09b53b53c0e3b0f82977eb58ab5b9`
SHA1	`712bf54be3ee3c2daabe4ad730c08dd76e73a55d`
SHA256	`8d20d73af732650caa2467f207905a0f30af8270243306f84afba87102301462`
SHA3	`e2924a6b8cf26ed892fbb368c2cd1423155690dd3d822ac372aa75971e43868b`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79019`
MD5	`79f34f59a1682db69ce1a1b9014771dc`
SHA1	`adbb3afafeaffdf99402d9ad49ed0cbdeef13c46`
SHA256	`737f61d83e94b9f96fa7d8a2e341e0120eee33b4aa0ddb24e61fca4d8ed60090`
SHA3	`537e0ab314bce8c179111115d97e55e9082e85650d88110671068425e8b21e13`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1678`
MD5	`24a1e7e7c6e045aefe1a55e777d0818a`
SHA1	`d3c6c274f87d67ab2ebcafc22c80d8b5c6bf30ab`
SHA256	`2371b811ce9e67be6371eb03cc6693973e6ba95483c177406be4165aa6a7fe5c`
SHA3	`50660bb5a0d1bcc535069946db77f2f63e58f26aabbafc7c11050fbb7dcb4f19`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32586`
MD5	`f1e11368814679b45bf408938a83d89c`
SHA1	`4ff9edddd0b7255764a20c559615107207bd4388`
SHA256	`d98b9f4207a4ed1122444a0f4d6ff15da9b99d65621491c6780b93bcddd0bbd1`
SHA3	`cc25469871061919e8aaa8992c2b437c235dc3ac4f4855b51a4f90da37a08fc6`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.672`
MD5	`95476d8cba2b0fc425a45b23f962492e`
SHA1	`79786f5ca7ecac9fc5a4be0f4e65310c4f349cd6`
SHA256	`5d3d4d5c58ccd81cee4b20fbaf65a19ba7abaa340c3239e51c47fcf1be349d54`
SHA3	`b920b15629910073d9b7072ae22d53243abc449536d5b368068cbc836c823004`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05539`
MD5	`de7d3bc3dcac36f1b115df41c3667658`
SHA1	`6b8192c80e09243cb2085806d23d6dd6d1908317`
SHA256	`72781296cf166c7ee02dd8af1e646ba2f931e3cc3c225c35808d0046ab42b352`
SHA3	`be8c8278836f822ae0e684bd418b6dcf9c9a1b27fefea531c59915c6ce8369f5`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96193`
Detected Filetype	Icon file
MD5	`f2ead720e26aea3a53ab0840ceb93532`
SHA1	`877ecc189bf14a4099f528ad5db16aa69d16c9b2`
SHA256	`acf711e5149fd94f1e8f573fde716526e9fae613de09caecc0bd36d3f6379b8e`
SHA3	`34781bb9ede25f9cd457c5451b0c6c37e8e3af30b96455bf3171318e843a237d`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x318`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33987`
MD5	`b4c42fcd12e51a66c3268fa3a58ec6d3`
SHA1	`5d9f9c23dc09ca5fcd8a6b039d3995e903a5de42`
SHA256	`08ae4ea3d6f64489cf5ffb0d4acef64bef53f3795147f3e2996cd9f58477d5db`
SHA3	`d8dd25921433e4d098593a8eda3ad8ff388db5f816663bc88c4ec7ab797e3b26`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc01`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41186`
MD5	`1013eb8986f4bbfe28bfdb90218006b8`
SHA1	`f7955422f894fbf63a42520b8b4518a4b60c6eed`
SHA256	`2595c62ac46f1922d13e744516f6f1f0a46fa116cff91c3167e36d92090f81a7`
SHA3	`1152cbca7d3cf04683a1e6edc8f790852a0ae883b56a64a6823907028ba1a0ba`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.8.0
ProductVersion	1.3.8.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	MSFree Inc.
FileDescription	KMSAuto Net
FileVersion (#2)	1.3.8
InternalName	KMSAuto Net.exe
LegalCopyright
LegalTrademarks
OriginalFilename	KMSAuto Net.exe
ProductName	KMSAuto Net
ProductVersion (#2)	1.3.8
Assembly Version	1.3.8.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

6ee7f3ecd5111cd5306792fd3141515d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors