Manalyze report for 7d52796bb5cbc165029c623d85d2ca3b

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Nov-01 05:18:39
Detected languages	English - United States
Debug artifacts	B1gdBlJ1GO11GpIX.pdb
FileDescription	Virtual Controller
LegalCopyright
yright Â© VIRTUAL 2017
ProductName	VirtualController

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Malicious	VirusTotal score: 33/68 (Scanned on 2018-11-07 03:03:46)	`Bkav: W32.AIDetectVM.malware` `MicroWorld-eScan: Gen:Variant.Razy.417490` `McAfee: GenericRXGO-NX!7D52796BB5CB` `K7GW: Trojan ( 0053c4a21 )` `Arcabit: Trojan.Razy.D65ED2` `TrendMicro: TROJ_GEN.R004C0DK618` `Cyren: W32/MSIL_Kryptik.DH.gen!Eldorado` `Symantec: Trojan.Gen.2` `TrendMicro-HouseCall: TROJ_GEN.R004C0DK618` `Kaspersky: HEUR:Trojan-PSW.MSIL.Fareit.gen` `BitDefender: Gen:Variant.Razy.417490` `Avast: Win32:MalwareX-gen [Trj]` `Ad-Aware: Gen:Variant.Razy.417490` `Emsisoft: Gen:Variant.Razy.417490 (B)` `F-Secure: Gen:Variant.Razy.417490` `Invincea: heuristic` `McAfee-GW-Edition: Artemis` `Sophos: Mal/Generic-S` `F-Prot: W32/MSIL_Kryptik.DH.gen!Eldorado` `Webroot: W32.Trojan.Gen` `Fortinet: MSIL/GenKryptik.CPLB!tr` `Endgame: malicious (high confidence)` `Microsoft: VirTool:MSIL/Injector` `ZoneAlarm: HEUR:Trojan-PSW.MSIL.Fareit.gen` `AhnLab-V3: Trojan/Win32.Inject.R242158` `ALYac: Gen:Variant.Razy.417490` `MAX: malware (ai score=87)` `Malwarebytes: Trojan.Injector` `ESET-NOD32: a variant of MSIL/Injector.UBH` `GData: Gen:Variant.Razy.417490` `AVG: Win32:MalwareX-gen [Trj]` `Cybereason: malicious.6cf2bc` `CrowdStrike: malicious_confidence_100% (W)`

Hashes

MD5	`7d52796bb5cbc165029c623d85d2ca3b`
SHA1	`118e4386cf2bc8803d2b50ff2a3f1c1bd2a45cc1`
SHA256	`703a9cf507ddf1b8b42b63a16927b8b72fa79be3ee7f9d898d52a243a010af46`
SHA3	`c8068f9a736df40c641a915f3a3965d22720c0fd51c9d5ffcb79b388b92ef48d`
SSDeep	`12288:NBMGQobSwsnYFlkq/RABC3183jix2riHBfWsdo8187S8B6tlw5j3UWoZN4ShE3U:QGQoewsnYkq/+BC31GjoZ5dd187SgGl`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-Nov-01 05:18:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x63800`
SizeOfInitializedData	`0x28200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000656CE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x66000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x90000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ec0d01410b7d7685686dfe8408c2359a`
SHA1	`e9cbcbc467abc9f8c2dfa02e1ea207ec36bb3371`
SHA256	`ba6b676313ad81dd612646e961f98878979ac2157b9d471658f51b5e1b5772eb`
SHA3	`eeaa8f46808d846abfb49416e505616c8b5f9d7f4e02d1bdbf0f9c3617eee33e`
VirtualSize	`0x636d4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x63800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.20332`

.rsrc

MD5	`b7ee3ece2ad8748fdeae011945e2df66`
SHA1	`977bbafb6d2355dc785326e4514473400530ede3`
SHA256	`cf98838d604add149c9e98ae303f1e2cac3d84a176f3b83c71bb2c337bf6a193`
SHA3	`0cea1e1b98a8c51a14dcaee00a883dfd0203ceaef31ac69f33ab8b7338a8275f`
VirtualSize	`0x27e78`
VirtualAddress	`0x66000`
SizeOfRawData	`0x28000`
PointerToRawData	`0x63a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.00955`

.reloc

MD5	`0487eaa3f7c1ff04ca9e27b01dd7512b`
SHA1	`00937cfd9005a655fce44f7b9ca0a2b722b0655b`
SHA256	`04e7fea0b14a2920b105396d2c140f370c60b89b06671c3759b2b15bb2167a87`
SHA3	`d40c73dfa33a87fe7697df589d80848d05ed97f544e54836ff2998b00707dc3c`
VirtualSize	`0xc`
VirtualAddress	`0x8e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71987`
MD5	`2a741d59d28164a60ed463b246ad6165`
SHA1	`9c83f49010ec7e4f383ac9661485289a2a1fd281`
SHA256	`cf94fc7fd2b68d4502506d46e11e71e95899c918677c44b75ed0c19a92e3071b`
SHA3	`f8b7e6d1e5a7495b1574976d1597781d6550696473a14f6f6c22c360b6557456`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06021`
MD5	`d77b911f596dbaa238f3585b51c46a03`
SHA1	`3d181925262ad539c5442b3520efcedaf403b80a`
SHA256	`c3cd56e0b766ae3a3b8d854bbaf385a4f6fd22b623fa4737084dbe6ca1ad1ae1`
SHA3	`ee292ea35ef2e99c5e43eb3c6e7e75afd33c26f2529f3449f371e3a4d50d79b9`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0938`
MD5	`833a28a7266675ad409253c66c4d9575`
SHA1	`b56e150f8aed010b6e487a6842cf4601b1965042`
SHA256	`b64b7c722fdc312ddad6010021f4fad0ad8dca1118335b4bc6b3c6912edfad6f`
SHA3	`389485748159eb62752e46a448c7128f4e247dab6025e22012f603d50bc8342b`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.9038`
MD5	`9f27af032e4d3e69c19a000d855ee614`
SHA1	`4ad10da4063b1c2b79db6ceb8164501da6030505`
SHA256	`1be2fc467aa89fb27b74ceea7571e507fb3ff3f970bdcbd019e134be693d4d43`
SHA3	`b257e36dda1ff6b1d6091b184ff1a9491e5d61f28728ae21f98d43d902b3deaa`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17971`
MD5	`b57c247d2778fdb2881774ab2b2bc616`
SHA1	`8c390a233f8bb75ac341ff6969ad42ef989f61b0`
SHA256	`bdc60692c8455200bb8399d5ec96c4df6e6a84c1446faa999ce810f7a727e587`
SHA3	`92b6de8721e6d44eb280d29fb6761582e87349fa6e042628b0d2ca339eff24f3`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16557`
MD5	`818c0f812051816dd6eb327e529bbb13`
SHA1	`9051b57e9d4d36a266750b2b265e6fafc4a547b7`
SHA256	`31a4dc4ef3067ecb57dbea974d46915febf8b3f3bef96e9d03007ba026979951`
SHA3	`b86d186ea49074ced980915bb5350c25a107656ad583a78a5420a1e69a102d5f`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47297`
MD5	`781f809a2e9156714440d5b189262063`
SHA1	`58979d397e66c8b2c7d9721cd293051aa7564c15`
SHA256	`a9b73cc55a349bd017a0c3db8301b365d16932216d784f57a89461659820fbeb`
SHA3	`36539fd31675ed540af1e10fb41d542ef6d84645d1e677d3c46482b41c5cdd11`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36066`
MD5	`8d8c2f1f7a07f27cc467f291caa63c3c`
SHA1	`e3c015b72cf3abcb396a5075a6b0f313b09c7eb7`
SHA256	`9e3dc3f3cd22b1fe2092085decfae1504b8a2cbd3daff068022fa37808e1734f`
SHA3	`4a79c6b6fc47f71eb12ee4db1fc08118bdb1033075d193fe12960ab9b9f23b97`

0

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04267`
Detected Filetype	Icon file
MD5	`19e8539aa32516256b9737a24124881a`
SHA1	`f7ec87a574d6d65feee9cc867d66ac50b6c7e8ae`
SHA256	`75eb61d5ab8c2826919feb98fe88c308f42b61d507e6a9362f9ee8ff91cb2a82`
SHA3	`f3cd8cdb5031a4b3c5c472b95e73cde9a55c8b9aeb481795d89f138aaf641d4c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13043`
MD5	`273ef800f5fcbcdaac832c0947d260c5`
SHA1	`7e42a083ac2a7c562182351daa47c2f5dae40ad6`
SHA256	`cdad318bbccd5b2f03322456968d1eb2a5db90a6f274145be2f3f55b1689e906`
SHA3	`1145724de35992980226deaaece5355999ce1784cb9c1d4b8e10a40579625e17`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Virtual Controller
LegalCopyright
yright Â© VIRTUAL 2017
ProductName	VirtualController

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`45`
AddressOfRawData	`0x65650`
PointerToRawData	`0x63850`
Referenced File	B1gdBlJ1GO11GpIX.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: 8 excess bytes have been read from a StringFileInfo!
[*] Warning: 8 excess bytes have been read from a StringFileInfo!