Manalyze report for 80c092fa7a3558e429c0667cfe1180a1

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-May-15 19:21:05
Debug artifacts	g:\hargardiusx\hargardius\obj\x86\Debug\hargardius.pdb
FileDescription	hargardius
FileVersion	`1.0.0.0`
InternalName	hargardius.exe
LegalCopyright	Copyright © 2019
OriginalFilename	hargardius.exe
ProductName	hargardius
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run`
Malicious	VirusTotal score: 11/73 (Scanned on 2019-05-20 13:40:58)	`CAT-QuickHeal: Trojan.Infosteal.S6204156` `Cylance: Unsafe` `TheHacker: Trojan/FraudPack.ajum` `Kaspersky: UDS:DangerousObject.Multi.Generic` `Tencent: Win32.Trojan.Raasmx.Auto` `Endgame: malicious (moderate confidence)` `F-Secure: Heuristic.HEUR/AGEN.1040801` `SentinelOne: DFI - Suspicious PE` `Avira: HEUR/AGEN.1040801` `ESET-NOD32: a variant of MSIL/Agent.BNY` `Cybereason: malicious.7ad843`

Hashes

MD5	`80c092fa7a3558e429c0667cfe1180a1`
SHA1	`8f430367ad843012f8a0d1901103c8d7546d843d`
SHA256	`5a7a7c94eed3eea9fbc9ff1a32ea3422b46496e405f90858b1b169bb60bdbac6`
SHA3	`ef7cd1c58c38a79be9671d018e7bfe50a9797f4e9861a46b6f8c2611e7bda49d`
SSDeep	`384:30xsjDrzj7guCF0BNujo4SjEWR8n9Fji+0pLDQxrNbSyskczBCr6Us5N9Mm:ssjD3gv3E49r/AvUstM`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-May-15 19:21:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x91ba00`
SizeOfInitializedData	`0xc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0091D87E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x91e000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x922000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fd577652aaec2946076a7c6fece50607`
SHA1	`f116489f5db8fd93811ce0ec671c097bc2be6754`
SHA256	`88d6681578dcae34630be4dddefef7ab3e2b76a368b5f8d9c854c6a65f4d4221`
SHA3	`815e2e4e76be36bcfefdb95e254f273fd5d65c329f0f7f88e2132aa76b7f93ee`
VirtualSize	`0x91b884`
VirtualAddress	`0x2000`
SizeOfRawData	`0x91ba00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0566351`

.rsrc

MD5	`c356b4eecb001a2290af5a0a2e2a357c`
SHA1	`f8bd9f27cf88b98a46715b89ce193ac4f34ccf8a`
SHA256	`6993905fc06f38247cfba5998115d8190f00eaf8de9ead1ee2cefe1bef3c71ef`
SHA3	`a15b2ac7a6ce3f5f45cdb79e7139be4a134349996cfa32c2ae48d79984db0fc5`
VirtualSize	`0x890`
VirtualAddress	`0x91e000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x91bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.16112`

.reloc

MD5	`c52ddd583799d5710b2d67392639e7a6`
SHA1	`33a47466c772cdf339f2a2ac0dbd1d107299313f`
SHA256	`c3a78725cc7364dae50db3ee9e9bef15801dc01154afa4b5e2e471e6a1ded5d8`
SHA3	`dc5488dca74a8fcd488773eb1a24fd3682ffd7d02982b0df2350e1eed3320d86`
VirtualSize	`0xc`
VirtualAddress	`0x920000`
SizeOfRawData	`0x200`
PointerToRawData	`0x91c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x298`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.3596`
MD5	`eac22166163fc1e3622b6840336f5f08`
SHA1	`84058f9a33338a440bfd7e0c327b8576513399d0`
SHA256	`e55760bfc3b3caa3aea0586b6d07271e739de7ec0ebfcd974fb7ede725ad99cd`
SHA3	`cb9ac42a0711c5a30f3c620a4bcb64ed467dca489819ab816ba06d272643da5a`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.9815`
Detected Filetype	Icon file
MD5	`974644ebcef5bd4c4b158cb558b87fcc`
SHA1	`12872504920f1c556d53a69af4f69a093b7f9a66`
SHA256	`b2755a63eede932a6a06eec3344dbde3d52c23de602dc53a5b9d2e8f7dac4d5f`
SHA3	`e90b5f23ee821876873ac5a350c1d592aa0cfa53c1013035f15a3f87c0410f71`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25196`
MD5	`0dce8ba2f8690d78025348f1497b0d80`
SHA1	`e33fba37b48dba01bc4085914adb8828e9475a25`
SHA256	`49fa21a0ae50cf21454800b5700f0cdc621fdf6f827c3b9eec0615eb747d1561`
SHA3	`bb47611c4d5896ca38d60325ecfdbe9a7a9aebaeab6575620a203e3d76babd3b`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	hargardius
FileVersion (#2)	1.0.0.0
InternalName	hargardius.exe
LegalCopyright	Copyright © 2019
OriginalFilename	hargardius.exe
ProductName	hargardius
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-May-15 19:21:05
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x91d70c`
PointerToRawData	`0x91b90c`
Referenced File	g:\hargardiusx\hargardius\obj\x86\Debug\hargardius.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Yara error: ERROR_TOO_MANY_MATCHES