Manalyze report for 76f89c122bbddd576ae1e72e31673157

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2074-Jun-27 09:20:40
Debug artifacts	C:\Users\Alex\source\repos\N2D\obj\Release\N2D.pdb
Comments	Node2Deauther
CompanyName	mrvodka@github
FileDescription	N2D
FileVersion	`1.0.0.0`
InternalName	N2D.exe
LegalCopyright	GNU License
LegalTrademarks	n/a
OriginalFilename	N2D.exe
ProductName	N2D
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: CMD.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	VirusTotal score: 3/68 (Scanned on 2019-11-22 16:54:57)	`BitDefenderTheta: Gen:NN.ZemsilF.32253.@p0@a077aXk` `Ikarus: Trojan.MSIL.HackTool` `SentinelOne: DFI - Suspicious PE`

Hashes

MD5	`76f89c122bbddd576ae1e72e31673157`
SHA1	`236b464b4970b75bf41565c5e036da5085368777`
SHA256	`08b21666f0ab7b317750795d4017cc2a463c187a178308c8a4873ce952b7e2c8`
SHA3	`db4f02a7ce1d36814aa2ff2acede48cf7e015e53e88a02177272afa833b4d2de`
SSDeep	`196608:ll1lKe2o0X6hZIM8TMa7Pan/L+Azfc89uERqrl1lKe2o0X6hZIM8TMa7Pan/L+A:v1lKe2/qQM8fE/L7lpa1lKe2/qQM8fE`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2074-Jun-27 09:20:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xb64600`
SizeOfInitializedData	`0x8200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00B66586 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xb68000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb72000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ef9ef01b95807cc3bd7bb7d1208794b6`
SHA1	`4861a2335b2e40a0ae56a4e86878dd394f321f4c`
SHA256	`4b941085d47d15e2bd1e562070139efeff65bb5efc41f5b7570c228c79792bbf`
SHA3	`bf7c815655a4b0f70e48c3400cc70757eae911f8cf05885897d5e8245daabb72`
VirtualSize	`0xb6458c`
VirtualAddress	`0x2000`
SizeOfRawData	`0xb64600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.96127`

.rsrc

MD5	`455302941759a970e9d90752881dfc34`
SHA1	`48396f45ccab2249c1ec7f1c97ed64641b04c9d9`
SHA256	`3941cb2e34cdf0a600a899dcb27079aa33c80af55f97a2cbc584446e470285fa`
SHA3	`735ed5f1c359b79c4521a34fdb4f7883714a21675dd86381fca09d321d404974`
VirtualSize	`0x7e14`
VirtualAddress	`0xb68000`
SizeOfRawData	`0x8000`
PointerToRawData	`0xb64800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.09926`

.reloc

MD5	`799a0eaa6c2adb809b6c00c8a31c2aca`
SHA1	`0317d4179ca896c844cab80f8dd3720eb0970a60`
SHA256	`cdce7b39be4f5e15e051984419813bf3bec893c579a9d0bbd81baa668c6d0161`
SHA3	`a4b63b1344992390a5d0893c90d9c6ba245d7f3fa249c60359b6fb3b056ca61b`
VirtualSize	`0xc`
VirtualAddress	`0xb70000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb6c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46995`
MD5	`90ac5e87ec0a556b23aa3f12690fff9c`
SHA1	`e4422c04353929849a30c29a1555cba1bcecb15d`
SHA256	`92d78a34fe4fcbe8f00140b9c0bdd3a0d7e3073a0bc0757405310a80159076c3`
SHA3	`0f4a16c2abafff65bcacdb9e4e94bb22c44f5175001485abad080b6d5e629dd0`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1323`
MD5	`a2d7e2c5ab4b92526c2e279e61b407f9`
SHA1	`42c534cc87f05bf08fdd61caea8a088040cbb312`
SHA256	`6c2a66fcc3b48cc8f1fdf6febf1a3af5902af253bf5e6b25efb97761fc10a3c3`
SHA3	`44e26ddafe00c1d8b19b58889154aaa7f4c89776a0f2b776fa5f8f847cd7912e`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.88423`
MD5	`fc9802503d5d8846d54535ad852ceb68`
SHA1	`ba92c6a8bf8f5a6ba2833297788763e9827fb1b1`
SHA256	`7009845a4debf60ba52ad41fb9c233d132743fc95fb45f84c6f37db47624ffd9`
SHA3	`3fa1e1717dbe693d0e442b7bfe734ed57fd16b18c422c058e5f545bc2ad24725`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55667`
MD5	`d19e9bc4bbffcae8026e2a6fc0508d70`
SHA1	`43a5ad1da4657baf245b036eb0d8fa6d3fffa1b2`
SHA256	`c086820a0fa4a03bf3fce09d1cbc8b8a83364eb2cb65c0f33963cc8cd5f01846`
SHA3	`3a2594c992916077e7b3ba92d877aad28eac513aeae2c6290edfa94bcd42021d`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x34c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95525`
Detected Filetype	PNG graphic file
MD5	`196575cfd29dbe242438264fd6e0e2eb`
SHA1	`df95bbbebc59938bd3cabf00c4bccdec6e2e3020`
SHA256	`13b3f65140c98578bb0e61589f2604a5170204aebf8a3232d4c81c94a691f2c3`
SHA3	`01bd53038d12becaecf0da4d64d8930b87c49065d49cd9046c07bdd706212546`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64638`
Detected Filetype	Icon file
MD5	`a3c4c05ea191938542a1079226c3fa4b`
SHA1	`dbcc99b3e63d675d2085bef074409e770b9f256c`
SHA256	`d0b423a5cc44ab208b27c04e516cbe98fee0bd8e5248ed87948836f504ebe73f`
SHA3	`baa4c7117dc79c99e7cef83f161375ed237029dfbed20ded087c86445849865f`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x318`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29257`
MD5	`886a3d9361b3ada6bf9f2b93f9b731c9`
SHA1	`8558f6c256433498b49b5800b5f353572005f172`
SHA256	`48eea00ddb508cb64247702cf61c260b5baa8656c9e089fe6c9da7a23b6c62b2`
SHA3	`641d09c34a1704119bcc7be8acd68589ebf58f14702aeec287ac379cbc271290`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Node2Deauther
CompanyName	mrvodka@github
FileDescription	N2D
FileVersion (#2)	1.0.0.0
InternalName	N2D.exe
LegalCopyright	GNU License
LegalTrademarks	n/a
OriginalFilename	N2D.exe
ProductName	N2D
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2088-May-11 16:20:52
Version	`0.0`
SizeofData	`75`
AddressOfRawData	`0xb664e8`
PointerToRawData	`0xb646e8`
Referenced File	C:\Users\Alex\source\repos\N2D\obj\Release\N2D.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

76f89c122bbddd576ae1e72e31673157

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

32512

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors