Manalyze report for 76639ab92661f5c384302899934051ab

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Aug-11 04:44:18
Comments
CompanyName
FileDescription	SolaraBootstrapper
FileVersion	`1.0.0.0`
InternalName	SolaraBootstrapper.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	SolaraBootstrapper.exe
ProductName	SolaraBootstrapper
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus` Contains domain names: discord.com go.microsoft.com http://127.0.0.1 http://james.newtonking.com http://james.newtonking.com/projects/json http://www.w3.org http://www.w3.org/2000/xmlns/ https://aka.ms https://discord.com https://getsolara.dev https://go.microsoft.com https://go.microsoft.com/fwlink/p/?LinkId https://pastebin.com https://www.newtonsoft.com https://www.newtonsoft.com/jsonschema https://www.nodejs.org https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi https://www.nuget.org https://www.nuget.org/packages/Newtonsoft.Json.Bson james.newtonking.com microsoft.com newtonking.com newtonsoft.com nodejs.org nuget.org pastebin.com www.newtonsoft.com www.nodejs.org www.nuget.org www.w3.org
Malicious	VirusTotal score: 57/75 (Scanned on 2024-08-16 09:50:07)	`ALYac: Trojan.Generic.36701669` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Trj]` `AhnLab-V3: Malware/Win.Generic.R660720` `Alibaba: Trojan:Win32/Convagent.c328f9e4` `Antiy-AVL: Trojan/Win32.Convagent` `Avast: Win64:MalwareX-gen [Trj]` `Avira: TR/Agent_AGen.ftans` `BitDefender: Trojan.Generic.36701669` `Bkav: W64.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.Convagent` `CrowdStrike: win/malicious_confidence_70% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win64/Agent_AGen.CAZ` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.Generic.36701669 (B)` `F-Secure: Trojan.TR/Agent_AGen.ftans` `FireEye: Trojan.Generic.36701669` `Fortinet: W64/Agent_AGen.CAZ!tr` `GData: Trojan.Generic.36701669` `Google: Detected` `Gridinsoft: Trojan.Win64.Agent.cl` `Ikarus: Trojan-Downloader.MSIL.Agent` `K7AntiVirus: Trojan ( 005b93731 )` `K7GW: Trojan ( 005b93731 )` `Kaspersky: HEUR:Trojan.Win32.Convagent.gen` `Kingsoft: Win32.Trojan.Convagent.gen` `Lionic: Trojan.Win32.Convagent.4!c` `MAX: malware (ai score=81)` `Malwarebytes: RiskWare.GameHack` `MaxSecure: Trojan.Malware.109653022.susgen` `McAfee: Artemis!76639AB92661` `McAfeeD: ti!6BB9AD960BCC` `MicroWorld-eScan: Trojan.Generic.36701669` `Microsoft: Trojan:Win32/Malgent!MSR` `Paloalto: generic.ml` `Panda: Trj/Chgt.AD` `Rising: Trojan.Convagent!8.12323 (CLOUD)` `Sangfor: Trojan.Win32.Convagent.V9n8` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: Artemis!Trojan` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.1415e396` `TrendMicro: TROJ_GEN.R002C0DHF24` `TrendMicro-HouseCall: TROJ_GEN.R002C0DHF24` `VBA32: Trojan.Convagent` `VIPRE: Trojan.Generic.36701669` `Varist: W64/MSIL_Kryptik.KOF.gen!Eldorado` `VirIT: Trojan.Win64.MSIL_Heur.A` `Webroot: W32.Adware.Gen` `Xcitium: Malware@#2bg450v9kedrs` `Yandex: Trojan.Convagent!bnPDgOCNaL8` `ZoneAlarm: HEUR:Trojan.Win32.Convagent.gen` `alibabacloud: Trojan:Win/Agent_AGen.CMP` `huorong: TrojanDownloader/MSIL.Pstinb.a`

Hashes

MD5	`76639ab92661f5c384302899934051ab`
SHA1	`9b33828f8ad3a686ff02b1a4569b8ae38128caed`
SHA256	`6bb9ad960bcc9010db1b9918369bdfc4558f19287b5b6562079c610a28320178`
SHA3	`d56c2052cf98c8bf2c424c9e2e25d73bf0303c25bdc452302374368ed94834c9`
SSDeep	`12288:THeLH6iTPSE54sgweI9oaQJj3r+piq+77xOZ+eMm:THeLHdTSEeyoaQJj3Spiq+77xd`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2024-Aug-11 04:44:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0xc6600`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000C8446 (Section: .text)`
BaseOfCode	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xce000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`208e639c73785a5840c86dd87d37b773`
SHA1	`3c226afc7c7f4b5fa5b9d7193c2d64c92a47b49a`
SHA256	`a6a2093a814727828a294822601cc69fe75fda5b562a5cec0543d971697858a7`
SHA3	`0a73771a48d264381891f7a9e7bc3a6eb9a8f01da178d254486dddc6aff200e4`
VirtualSize	`0xc6464`
VirtualAddress	`0x2000`
SizeOfRawData	`0xc6600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.61028`

.rsrc

MD5	`706ed0398f1aa324656eb5102ff400cf`
SHA1	`293330ed29fcff995fe2aa792e86e7ee1c2a84ce`
SHA256	`0d8c311342041f6e7c4d960315c24a56a8ee39143f1890ecdf772f6aa90371b3`
SHA3	`6bb15db202b73fa3b6e6b9b6e7c41449ff96ea41515951050826ca2ed846adfd`
VirtualSize	`0x575`
VirtualAddress	`0xca000`
SizeOfRawData	`0x600`
PointerToRawData	`0xc6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.77069`

.reloc

MD5	`be5d798f694de0060b9e1c2130397ee5`
SHA1	`82fab8b46cdcd5f937b8722a2e6d3176780948dc`
SHA256	`12bc54f9b59836fe2fce800754234e7e2eba2657b160058898cfc0059b8e7b89`
SHA3	`7cc812b660557bda33a24ee8bc9c375c59e18658104ab0fbca57d0a825b57ae5`
VirtualSize	`0xc`
VirtualAddress	`0xcc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0980042`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22436`
MD5	`ef5a2773c8482660f9abe976ac5684b7`
SHA1	`c7d0259f2e7595a43426aca46fb5988504e47afa`
SHA256	`29079a72cf0b93457c4c1069d2019ef115658e8e1c2e6a846b489f608aba701c`
SHA3	`20ebb6d87ec350cd83e9888329f5d3df3475e2c71ed8f4fa998993f3bf6d75a8`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x169`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00403`
MD5	`3a054402c80f2cd19b9f510e076c27f7`
SHA1	`28a626213db62f65c2461b254e7c1e110c339309`
SHA256	`b04cd0eff378f76e3a3ab2183c05b84c523a79707a664b8353fb73eab41963e8`
SHA3	`6f7ad01c5817f146bffdde4d4ce833b145cb9b2401670e63f61ee329e81c887d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	SolaraBootstrapper
FileVersion (#2)	1.0.0.0
InternalName	SolaraBootstrapper.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	SolaraBootstrapper.exe
ProductName	SolaraBootstrapper
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

76639ab92661f5c384302899934051ab

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors