Manalyze report for 738583111ef0f36a57348bb735f6a3cc

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Apr-19 03:02:03
Comments	Part of elevator/launcher IntelliJ kit.
CompanyName	JetBrains s.r.o.
FileDescription	elevator
FileVersion	`1.5.5.0`
InternalName	QkNVwEjKpmQ43iW.exe
LegalCopyright	Copyright (C) 2017 JetBrains s.r.o.
OriginalFilename	QkNVwEjKpmQ43iW.exe
ProductName	IntelliJ Platform
ProductVersion	`1.5.5.0`
Assembly Version	6.2.5.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 55/69 (Scanned on 2022-05-26 17:41:17)	`Bkav: W32.AIDetectNet.01` `Lionic: Trojan.MSIL.NanoBot.m!c` `Elastic: malicious (high confidence)` `DrWeb: Trojan.PackedNET.964` `McAfee: RDN/Generic BackDoor` `Cylance: Unsafe` `Sangfor: Suspicious.Win32.Save.a` `K7AntiVirus: Trojan ( 005635d01 )` `Alibaba: Backdoor:MSIL/NanoBot.725aafed` `K7GW: Trojan ( 005635d01 )` `Cybereason: malicious.11ef0f` `Cyren: W32/MSIL_Agent.BGF.gen!Eldorado` `Symantec: Trojan.Gen.MBT` `tehtris: Generic.Malware` `ESET-NOD32: a variant of MSIL/GenKryptik.EIUM` `APEX: Malicious` `Paloalto: generic.ml` `Cynet: Malicious (score: 100)` `Kaspersky: HEUR:Backdoor.MSIL.NanoBot.gen` `BitDefender: IL:Trojan.MSILZilla.2102` `NANO-Antivirus: Trojan.Win32.GenKryptik.hjxhoo` `MicroWorld-eScan: IL:Trojan.MSILZilla.2102` `Tencent: Msil.Backdoor.Nanobot.Aguv` `Ad-Aware: IL:Trojan.MSILZilla.2102` `Sophos: Mal/Generic-S` `Zillya: Trojan.GenKryptik.Win32.47357` `TrendMicro: TROJ_GEN.R002C0GDU22` `McAfee-GW-Edition: BehavesLike.Win32.Generic.fc` `FireEye: Generic.mg.738583111ef0f36a` `Emsisoft: IL:Trojan.MSILZilla.2102 (B)` `SentinelOne: Static AI - Malicious PE` `Jiangmin: Backdoor.MSIL.cwzl` `Webroot: W32.Trojan.Gen` `Avira: TR/AD.Nanocore.yvyxc` `Kingsoft: Win32.Hack.Undef.(kcloud)` `Microsoft: Backdoor:MSIL/Noancooe.B` `Arcabit: IL:Trojan.MSILZilla.D836` `ZoneAlarm: HEUR:Backdoor.MSIL.NanoBot.gen` `GData: IL:Trojan.MSILZilla.2102` `AhnLab-V3: Malware/Win32.RL_Generic.C4086670` `Acronis: suspicious` `VBA32: TScope.Trojan.MSIL` `ALYac: IL:Trojan.MSILZilla.2102` `MAX: malware (ai score=100)` `Malwarebytes: Trojan.Crypt.MSIL` `Panda: Trj/GdSda.A` `TrendMicro-HouseCall: TROJ_GEN.R002C0GDU22` `Rising: Trojan.Generic/MSIL@AI.90 (RDM.MSIL:c41ot6EUfxwEje0EtGEBnA)` `Yandex: Trojan.GenKryptik!LwoJe75Br50` `Ikarus: Trojan.MSIL.Krypt` `MaxSecure: Trojan.Malware.73691366.susgen` `Fortinet: MSIL/GenKryptik.EHAI!tr` `AVG: Win32:Trojan-gen` `Avast: Win32:Trojan-gen` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`738583111ef0f36a57348bb735f6a3cc`
SHA1	`bc580b5b7fead042a96ca84a0242398dddc7c2cc`
SHA256	`564285daf11bcb254fbb90a8d1a525e98d62b01c6f5c27596241e200fa7d1314`
SHA3	`d6f5ef78b108160fe73872e247de0390d87970fe0fb83937791d40aa6db8e4ce`
SSDeep	`6144:ApUDLXxY1YbAO4Jrpz8SO+stQRTmg9AsQJE/l+2qm5kLqt:gI26b4Fz+ttU/9P8E/jGA`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Apr-19 03:02:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x54400`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00056322 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x58000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x5c000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8d1c22416cb85e23f05af52e06b2c400`
SHA1	`2b18f0b904d7774ff7c2029057773623bd89539c`
SHA256	`cbdb5ddcc992ea1c1a0b2f2dba48d94983f1d20e599a7f969d489bb550e7293a`
SHA3	`1080dde4f5ac1c501290eda7b42eb33855cdbcba17dc18cfb9fa6349c40e9dea`
VirtualSize	`0x54328`
VirtualAddress	`0x2000`
SizeOfRawData	`0x54400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.77731`

.reloc

MD5	`5a5f08d10f21e8c38dd0f3f47e3432c7`
SHA1	`834832ca459f3f6ea7bb9c1ed8f9b57732e83271`
SHA256	`3dd891dc514238ea35270efcb51c4ca50f4d77ae6acb856ce3d4c817a4f21b1b`
SHA3	`d3e3650ba2efe6b02eef9b17b4498bba942587e1f2a54b547e1677d696e16c29`
VirtualSize	`0xc`
VirtualAddress	`0x58000`
SizeOfRawData	`0x200`
PointerToRawData	`0x54600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

.rsrc

MD5	`e72f8c7ad16bdbf31cafcd889fbde58d`
SHA1	`b65d7e704b444f0d2269a294e88c6ee585ae5869`
SHA256	`9d857dee9632db72ed9458afa6dd93f06698ce302abdcbec465dd8485dbb8f3d`
SHA3	`e912a65defe4b5ea149c37c36af4d5e3ed1f4fc990f067347eceb59e6d832c4c`
VirtualSize	`0x400`
VirtualAddress	`0x5a000`
SizeOfRawData	`0x400`
PointerToRawData	`0x54800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.35733`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46892`
MD5	`9218d55e48c5fd47787d19a1a1c9ee2b`
SHA1	`9ccf162d905d7416e4e807edb9e3f18d779f6f70`
SHA256	`ea8c009dc0ac1979ed508c96a9ebe261e547ea0aa1a8db0645a6c758bac97e77`
SHA3	`cdc760fa2ad7d434a326b09ea7a610082b7d33e2444aa8cdc05a26245b152348`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.5.5.0
ProductVersion	1.5.5.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Part of elevator/launcher IntelliJ kit.
CompanyName	JetBrains s.r.o.
FileDescription	elevator
FileVersion (#2)	1.5.5.0
InternalName	QkNVwEjKpmQ43iW.exe
LegalCopyright	Copyright (C) 2017 JetBrains s.r.o.
OriginalFilename	QkNVwEjKpmQ43iW.exe
ProductName	IntelliJ Platform
ProductVersion (#2)	1.5.5.0
Assembly Version	6.2.5.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: New version of yara_rules/company_names.yara detected. The rules will be recompiled.