Manalyze report for 737646392a7c882064e22ecb9fc0b2732399e44ced2f56d873e656d0035af288

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-25 01:47:08
Comments
CompanyName
FileDescription	CardGame
FileVersion	`0.0.1.0`
InternalName	PAdc.exe
LegalCopyright
LegalTrademarks
OriginalFilename	PAdc.exe
ProductName	CardGame
ProductVersion	`0.0.1.0`
Assembly Version	0.0.1.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 52/71 (Scanned on 2026-06-27 13:04:10)	`ALYac: Trojan.GenericKD.80625239` `APEX: Malicious` `AVG: Win32:MalwareX-gen [Cryp]` `AhnLab-V3: Trojan/Win.Generic.C5902351` `Alibaba: Packed:MSIL/Confuser.e9eeb2b6` `Antiy-AVL: Trojan/Win32.Rescoms` `Arcabit: Trojan.Generic.D4CE3E57` `Avast: Win32:MalwareX-gen [Cryp]` `Avira: TR/W32.MalwareX` `BitDefender: Trojan.GenericKD.80625239` `Bkav: W32.Malware.1DC20F19` `CTX: exe.trojan.msil` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.Remcos.1060` `ESET-NOD32: Win32/Rescoms.N trojan` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.80625239 (B)` `F-Secure: Trojan.TR/W32.MalwareX` `Fortinet: MSIL/Kryptik.AFFR!tr` `GData: Trojan.GenericKD.80625239` `Google: Detected` `Gridinsoft: Trojan.Win32.Packed.sa` `Ikarus: Trojan.MSIL.Crypt` `K7AntiVirus: Backdoor ( 005cddf21 )` `K7GW: Backdoor ( 005cddf21 )` `Kaspersky: HEUR:Backdoor.MSIL.XWorm.gen` `Kingsoft: malware.kb.c.995` `Malwarebytes: Trojan.MalPack.PNG` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Trojan:Win/GenericPack.BMP` `MicroWorld-eScan: Trojan.GenericKD.80625239` `Microsoft: Trojan:Win32/Kepavll!rfn` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: Backdoor.XWorm!8.1812C (CLOUD)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Trojan.tc` `Sophos: Mal/Generic-S` `Symantec: Scr.Malcode!gdn34` `Trapmine: suspicious.low.ml.score` `TrellixENS: Artemis!038112C489A6` `TrendMicro: Backdoor.Win32.REMCOS.YXGFYZ` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04CA3` `VBA32: CIL.HeapOverride.Heur` `VIPRE: Trojan.GenericKD.80625239` `Varist: W32/MSIL_Kryptik.NDQ.gen!Eldorado` `VirIT: Trojan.Win32.MSIL_Heur.A` `Yandex: Trojan.Igent.b6MTqW.2` `alibabacloud: VirTool:MSIL/Wacatac.B9nj`

Hashes

MD5	`038112c489a65525aaa6c2ede6c33c2a`
SHA1	`2b4e83cfdab5b79ae1aa1b4df8dd4503a9c99deb`
SHA256	`737646392a7c882064e22ecb9fc0b2732399e44ced2f56d873e656d0035af288`
SHA3	`ffd884b557ad95be2b6281508ed515adcf282b4200924e96d3baf8f0c36194d7`
SSDeep	`24576:195B2OVmJ576J2Mcfjtza088n0PEKE/e72kz7fc:7TVme1cI9H0/iXz7`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2026-Jun-25 01:47:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x148800`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0014A7AE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x14c000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x152000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4893a9c3e073027d7b8b67fab1502732`
SHA1	`e528695185199a2dcee63d43e57af2da359c6fe3`
SHA256	`3325e2a28b8b461be2474bbb59dc7b05b0543bc34634529517d8666427bb6490`
SHA3	`4241dc2d98ce2fdcf69f6bf914daf8a72146813e8bb5788899d1f8ed6911edf0`
VirtualSize	`0x1487b4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x148800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.90452`

.rsrc

MD5	`a3bdabc5a4f601d683815ab56d7929ef`
SHA1	`81031cb4fa07619bfce03fca73b210ef4a4c3585`
SHA256	`88487fb793d1e9242e837e04a99fcce3cd64fbc9ec993302325a75b315d367a1`
SHA3	`8816190e5f28b6707a3bd9e95710f7abb99586242660da1abaecc84abb1cf493`
VirtualSize	`0x2db8`
VirtualAddress	`0x14c000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x148a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.71548`

.reloc

MD5	`65bc7a53f83927ed5eb4c74e0084424f`
SHA1	`9d6587c642e855c7e42ffeb816ddb10f8ef5b59c`
SHA256	`261a2fef1b9c2f614e43a1f0e11f2f2198c2544c8978f384b1bc1b3c540e013a`
SHA3	`8b791a0299c00644c615d9fc2bffd79c4eb2bd95d4995e2c14bb373ebf673530`
VirtualSize	`0xc`
VirtualAddress	`0x150000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x279a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94784`
Detected Filetype	PNG graphic file
MD5	`d2cf092e6809aeb4459f13ea5fca6731`
SHA1	`015eb43d42d76582b3b8af3e3f2cc2479bb3855f`
SHA256	`da8d7c897f75c6e6bd5c03b3618cf9599fd6b0b56d7e4bd705b9f427228ca9bd`
SHA3	`fef4e07960ba8e77c81bcee927961ea4b1f96023e9a71de5fdfae5a645d4ad9d`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.51664`
Detected Filetype	Icon file
MD5	`1fd9c4c50d784d392dbb550f7c83cc88`
SHA1	`a4226748a4948ac40610562aa08de8e8eb05e1b7`
SHA256	`b966f4dd092ad27b89a1de83e612aff9e7d649decbd304c55b68dc411680097d`
SHA3	`92aa25c70a05ad43ab1e9f4c908618eee03b99e9f32c0b9fc34a3df98b31fcc4`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18705`
MD5	`8289e99ce96d527fcb5181503d4cc076`
SHA1	`f69368d628ac256ed7252f04363556aa26fa7f35`
SHA256	`026ece88283ec979da3757b3af2a44b6ac872918bb488bfb8f536e66b1d657d1`
SHA3	`09825b690afff7d2c52ff832407ecfd0ccbce8aaf595b349a5f2335a565f2961`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.1.0
ProductVersion	0.0.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	CardGame
FileVersion (#2)	0.0.1.0
InternalName	PAdc.exe
LegalCopyright
LegalTrademarks
OriginalFilename	PAdc.exe
ProductName	CardGame
ProductVersion (#2)	0.0.1.0
Assembly Version	0.0.1.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.