Manalyze report for 7d1f2495456c45e3a2bdf589e01a76a0

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-May-26 14:15:29
Debug artifacts	C:\Users\Win7\Documents\Visual Studio 2012\Projects\Alt\Kryptolocker\Kryptolocker\obj\Debug\Kryptolocker.pdb
FileDescription	Kryptolocker
FileVersion	`1.0.0.0`
InternalName	Kryptolocker.exe
LegalCopyright	Copyright © 2016
OriginalFilename	Kryptolocker.exe
ProductName	Kryptolocker
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	This program contains valid cryptocurrency addresses.	`Contains a valid Bitcoin address: 18uM9JA1dZgvsgAaeeW2XZK13dTbk1jzWq`
Suspicious		`Unusual section name found: .sdata`
Malicious	VirusTotal score: 57/71 (Scanned on 2019-10-05 16:33:43)	`MicroWorld-eScan: Trojan.GenericKD.3290803` `VBA32: TrojanRansom.MSIL.Agent` `FireEye: Generic.mg.7d1f2495456c45e3` `CAT-QuickHeal: Ransom.CryptoLocker.A4` `ALYac: Trojan.Ransom.Herbst` `Zillya: Trojan.Agent.Win32.690265` `CrowdStrike: win/malicious_confidence_80% (D)` `Alibaba: Ransom:MSIL/Agent.f0923deb` `K7GW: Trojan ( 004f17a31 )` `K7AntiVirus: Trojan ( 004f17a31 )` `Arcabit: Trojan.Generic.D3236B3` `Invincea: heuristic` `F-Prot: W32/Agent.KXE` `Symantec: Ransom.Cryptolocker` `Avast: Win32:Malware-gen` `Kaspersky: Trojan-Ransom.MSIL.Agent.wt` `BitDefender: Trojan.GenericKD.3290803` `NANO-Antivirus: Trojan.Win32.Drop.ediitj` `AegisLab: Trojan.MSIL.Agent.j!c` `Endgame: malicious (moderate confidence)` `Sophos: Mal/Generic-L` `Comodo: Malware@#30c99a1s1spon` `F-Secure: Trojan.TR/FileCoder.gfox` `DrWeb: Trojan.MulDrop6.43574` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: Ransom_CRYPHERBST.A` `McAfee-GW-Edition: Generic.yx` `Trapmine: suspicious.low.ml.score` `Emsisoft: Trojan.GenericKD.3290803 (B)` `SentinelOne: DFI - Suspicious PE` `Cyren: W32/Agent.KTCM-7921` `Jiangmin: Trojan.MSIL.cfjj` `Avira: TR/FileCoder.gfox` `Fortinet: W32/Herbst.A!tr` `Antiy-AVL: Trojan/Win32.BTSGeneric` `Microsoft: Ransom:Win32/Genasom!rfn` `ViRobot: Trojan.Win32.Ransom.203776.A` `ZoneAlarm: Trojan-Ransom.MSIL.Agent.wt` `AhnLab-V3: Trojan/Win32.Ransom.C1470119` `Acronis: suspicious` `McAfee: Generic.yx` `MAX: malware (ai score=100)` `Ad-Aware: Trojan.GenericKD.3290803` `Cylance: Unsafe` `Zoner: Trojan.Win32.43429` `ESET-NOD32: MSIL/Filecoder.BL` `TrendMicro-HouseCall: Ransom_CRYPHERBST.A` `Tencent: Trojan.Win32.Herbst.a` `Yandex: Trojan.Agent!CtidP1um4/E` `Ikarus: Trojan.MSIL.Filecoder` `MaxSecure: Trojan.Malware.9537824.susgen` `GData: MSIL.Trojan-Ransom.Herbst.A` `Webroot: W32.Trojan.Agent.Gen` `AVG: Win32:Malware-gen` `Cybereason: malicious.5456c4` `Panda: Trj/WLT.C` `Qihoo-360: HEUR/QVM03.0.Malware.Gen`

Hashes

MD5	`7d1f2495456c45e3a2bdf589e01a76a0`
SHA1	`d96c1b25685da01a97a55f9e7c99be73b6316634`
SHA256	`18605f7a5a47ac16f722e3ec8a42121035bb95f731aaad5090c5e11104fc3185`
SHA3	`69f297e943e3fff8d15b27c861f94877766201b1541dc6774ddc58cee430dcef`
SSDeep	`768:q1pIbARNCFWm3LUQjUuvdT5MvNarTEvHHi1wc5cccXtYUc5ODYvhgTCcqK97LJ+:amb6YYUjUDYKWcqOZPBsl`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2016-May-26 14:15:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x2e400`
SizeOfInitializedData	`0x3400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0003030E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x32000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3239224c485b3db99e17fef466c85edb`
SHA1	`1032d9c3bbc4725f16d001502e5d2ea09760cd83`
SHA256	`689da5bb7d48a0b23ef6b7bae7f87d0c7d215e715cbeb30d9e7fe0142a8f946f`
SHA3	`d47788cfb897e53f8c946076333292bea40293fa18a70abe715fc9033f1376be`
VirtualSize	`0x2e314`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2e400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.969`

.sdata

MD5	`334d2f0d992e54403d4c032ba91d688e`
SHA1	`2c0d23fd5be8f66abe854727491568743e695102`
SHA256	`8f77fd60153d0b3ecf99714f58325bcdd6a38cca7dacfaac7ffaa4d4f52cec88`
SHA3	`42547009197efc7b88327e6031b43f6eeef77d0c0cd9eaae3f9309e9f3740870`
VirtualSize	`0x138`
VirtualAddress	`0x32000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.33217`

.rsrc

MD5	`994598450e46db75fa2b42fba007ae8e`
SHA1	`d4cc3420ec7976a58be4028ad76521de51c8611b`
SHA256	`1f34c809ae8f8ed238986cce63f196473b55df78a2e8c12e4f25bc639e19069c`
SHA3	`ecf477ccf0da65d7d49bcdbb37249aaef848efd0a795dd03d6002efa171c49fc`
VirtualSize	`0x2e70`
VirtualAddress	`0x34000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x2ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.30092`

.reloc

MD5	`0811b3db3451c0f340dde193e5c45c59`
SHA1	`61a85fdf80a1c80ed7b9383fe9e44c7b4bfffb52`
SHA256	`bc7d2a42ab5bc07a369d68b2bb83a1696070fdaaa1d0d4e0aa9daf75f02f30ab`
SHA3	`df133554b9f496d465ac9186df8fca96dc2587ca4ff6cdbf1b166c19dd61011f`
VirtualSize	`0xc`
VirtualAddress	`0x38000`
SizeOfRawData	`0x200`
PointerToRawData	`0x31a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0843`
MD5	`105b81bd721715275df5b229be68f074`
SHA1	`d9f82fd4974afb06297b803c70381d79bed90f9a`
SHA256	`478fe62e420007abb1a697a24cb1b80ced0a8e0a335d6ce68606efe71c4afaa2`
SHA3	`c5cffeaf58994264ee32c847cfe8575d3d360caa128613a4d47c99a2a49f8375`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.04772`
MD5	`f3018f2b932e0949bf386acd81aea508`
SHA1	`2515ef70721a15a20410f44b2c6fd724b7a2e07f`
SHA256	`abdc6eaa0ea69a1c506edf070a07fb12071453e08ecf3c6e35f1397d3422051f`
SHA3	`a7a18654c47f77448da7853d9a7d7fb4eee42c9e0cd6fde09467d6ef9e556e2a`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76148`
MD5	`52b71dd210ac5cf0fe97a3f9ba9a3896`
SHA1	`ed8632d87b02c7ab7dceb17bac85c8d23982f82b`
SHA256	`dc2a1f63c0882b33321345f27c07ef9f8bdb87aa687f075a474be430a1135982`
SHA3	`1852ad0a2b764cd65724857c1d8b61ca8a44398ac0b545e65747de83c84d9780`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.71396`
MD5	`14dff9b6c56d206aca6add232d20b50a`
SHA1	`d0b685483ff7225729d953638fb65f7d72f333de`
SHA256	`accfee1287c9f7dc25ecb19548ed246ceae1652fef5ad532914d5bb9dc9299ef`
SHA3	`8a9f96e045cf78160e00bb388bf90e23483a77d3075982e33eb9ef4861999af8`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.72071`
MD5	`a81075dd2b656f081e035280f17e7a93`
SHA1	`2e05cabb4904b309c79c221eb187ac41c53183de`
SHA256	`b76fc9f2130962dfc25029a639848894feee7e9eb1a0fe5c680e3a90671741b1`
SHA3	`573f8978953f0e5bde7dac42120c262e47727a40c0904aee26cc8e88d99ec10b`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72257`
MD5	`8eb389e5fd517774f26c9d113315365d`
SHA1	`16a2a3489eb31857dff142f6ccbbe110e2b3a90b`
SHA256	`b0a40090c9bfdfdd8d2f77b68d7052d1eeceb41dc5ab2eaa9c85e15104984ef1`
SHA3	`2ce61f9e0b33eb6c7c04168b99a585cc6e346a715f0d0e66cf67d6a0b8a62710`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71964`
Detected Filetype	Icon file
MD5	`a29f9f54be50b15d74257a197464bfdc`
SHA1	`85107c8039c33fa53c80003ea45b9081ea1bcf1a`
SHA256	`05507c3c1ae2629aec59c1d7c14944b8aa1492eee696d1c825c5407c929ed1e1`
SHA3	`98706ece32a9cff781122b40a3ef44bfdc7eab732ec93fd42d6d8f3c7756693c`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27137`
MD5	`2a5605a090379e4675eae4dc15f092f9`
SHA1	`213f5bf2bcf79fbf7c9f88bff2f46049b83dd3c8`
SHA256	`07569d5fc32537e45c2d9b959bb7efbf4d7aa3b3043ab36058a2080642249300`
SHA3	`d64f9f13f30e40642d5a83d16e27c14c145732454b8558ea58bb09901db23b0f`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	Kryptolocker
FileVersion (#2)	1.0.0.0
InternalName	Kryptolocker.exe
LegalCopyright	Copyright © 2016
OriginalFilename	Kryptolocker.exe
ProductName	Kryptolocker
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-May-26 14:15:29
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x3201c`
PointerToRawData	`0x2e81c`
Referenced File	C:\Users\Win7\Documents\Visual Studio 2012\Projects\Alt\Kryptolocker\Kryptolocker\obj\Debug\Kryptolocker.pdb

TLS Callbacks

Load Configuration

RICH Header

7d1f2495456c45e3a2bdf589e01a76a0

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.sdata

.rsrc

.reloc

Imports

Delayed Imports

2

3

4

5

6

7

32512

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors