Manalyze report for 83559ce0deb5931d657f9b558f4c4eb3df967893471b778b8babfed907df8e0f

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Nov-26 10:08:37
Debug artifacts	c:\Users\SS COmputer\AppData\Local\Temp\bin_copy\obj\Debug\fury.sp.pdb
FileDescription	fury.sp
FileVersion	`1.9`
InternalName	fury.sp.exe
LegalCopyright
OriginalFilename	fury.sp.exe
ProductVersion	`1.9`
Assembly Version	1.9.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Looks for VMWare presence: vmware` `Looks for Sandboxie presence: SbieDll.dll` `May have dropper capabilities: CurrentControlSet\Services CurrentVersion\Run Programs\Startup` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe` `Contains domain names: costura.discord.net discord.net`
Suspicious	The file contains overlay data.	`7537320 bytes of data starting at offset 0x2dd600.`
Malicious	VirusTotal score: 38/65 (Scanned on 2021-11-29 20:30:48)	`Elastic: malicious (high confidence)` `ClamAV: Win.Packed.Bulz-9853289-0` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `McAfee: PUP-XOG-WS` `Sangfor: Suspicious.Win32.Save.a` `CrowdStrike: win/malicious_confidence_70% (D)` `K7GW: Trojan ( 0057bd891 )` `K7AntiVirus: Trojan ( 0057bd891 )` `BitDefenderTheta: Gen:NN.ZemsilF.34062.@p3@a01bWFn` `Cyren: W32/Bulz.AU.gen!Eldorado` `ESET-NOD32: a variant of MSIL/Agent.UKY` `Avast: Win32:RATX-gen [Trj]` `Cynet: Malicious (score: 99)` `Kaspersky: Trojan-PSW.Win32.Disco.q` `BitDefender: Gen:Variant.Bulz.424747` `MicroWorld-eScan: Gen:Variant.Bulz.424747` `Ad-Aware: Gen:Variant.Bulz.424747` `Sophos: Mal/MSIL-UO` `DrWeb: BAT.Disabler.24` `McAfee-GW-Edition: PUP-XOG-WS` `FireEye: Generic.mg.7440ae457b39ad53` `Emsisoft: Gen:Variant.Bulz.424747 (B)` `SentinelOne: Static AI - Malicious PE` `GData: Gen:Variant.Bulz.424747` `Avira: TR/Spy.Agent.vqkxt` `Arcabit: Trojan.Bulz.D67B2B` `APEX: Malicious` `Microsoft: Trojan:MSIL/Agent.UKY!MTB` `AhnLab-V3: Trojan/Win.Generic.C4418359` `VBA32: TScope.Trojan.MSIL` `ALYac: Gen:Variant.Bulz.424747` `MAX: malware (ai score=83)` `Malwarebytes: Trojan.PolDis` `Ikarus: PWS.MSIL.Dcstl` `MaxSecure: Trojan.Malware.121218.susgen` `Fortinet: MSIL/Agent.F0B7!tr` `AVG: Win32:RATX-gen [Trj]` `Cybereason: malicious.7418a6`

Hashes

MD5	`7440ae457b39ad537abaa03e3a1df82e`
SHA1	`f991cb37418a6dc891d4d26bdee22bb5b2fe1c3d`
SHA256	`83559ce0deb5931d657f9b558f4c4eb3df967893471b778b8babfed907df8e0f`
SHA3	`47d035f972537908dc65a09497617ece354a6eb5272a0c371b639c33df781332`
SSDeep	`98304:NqXpy05Q0N1rsYSZ6BoXh1kkypSH3Oh5Bemg:M405QYtsTEB08T8HehLv`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2021-Nov-26 10:08:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x2d6800`
SizeOfInitializedData	`0x6c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002D875E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2da000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2e4000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`761e5efb781524c6f0a8dfdf0c6b50db`
SHA1	`c95220cf0977e50ebf31328e7f4a9c8b3c87e278`
SHA256	`1770ec759f5dfa56cfdc83694e32cdb530730d207effcfafbd3be5f3634a01bd`
SHA3	`3a4613196a1728fe2625155c72b9f9fc5c8a431d31a02b65aa2e82ea6d425078`
VirtualSize	`0x2d6764`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2d6800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99852`

.rsrc

MD5	`e7d7fa8815143deafd7c7d9bfedfdb70`
SHA1	`dd5b21167083d999cf7e570330b6187f5a3a67d6`
SHA256	`6e85ecee1f84d0ebd8251794e695558c4338eb86bbec6f5623bdf9a76d347b28`
SHA3	`e81c1a901a949dc46c173f9292d819d1daface5fb9128c9a80f3bc944c6187b2`
VirtualSize	`0x6810`
VirtualAddress	`0x2da000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x2d6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.79919`

.reloc

MD5	`a7219c2485ddbdbc6cd55ff6af61b8c1`
SHA1	`595c6b9edf84db28c15d6ff14ff7fd59ac735bb4`
SHA256	`df68d66ee3b6fa0b4fecb2756f6515715e2b84c02dfae5561450fdf455cd2880`
SHA3	`3182b5f271aa5cd0523ae3e67f0a8ab4079c9496dc08fb61dddd9c26c2811047`
VirtualSize	`0xc`
VirtualAddress	`0x2e2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2dd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4fad`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94263`
Detected Filetype	PNG graphic file
MD5	`30722d6bf4c3ba8b2df6f5a12a8612fe`
SHA1	`fd7e2ed642ffd674f5c7bd345a864e44f4546595`
SHA256	`4cacf610f0b0c551863a01b3b0ccf9f7e6f65e770a7187a81d32180faf4cd3f3`
SHA3	`3700ca9be72910ec5af470169142d7ccb34c67439d1aa667dd780381561f7dda`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x9e3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88996`
Detected Filetype	PNG graphic file
MD5	`f4fd3dd28aeab51d96d438e41b3c7af6`
SHA1	`7e005ab71e7461517ea9c267051b03adccced340`
SHA256	`a9d3f1484867afe9354c1ad2819788b5841c245897c6a77ef9a95d0d162dfd65`
SHA3	`56504d217ab4aeae10099d1677be8a64021f45c24d219e6c49c2ba47b8c0b2df`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5c2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75459`
Detected Filetype	PNG graphic file
MD5	`8be4eaf919afd204ef8d73d1d1621f7d`
SHA1	`6152bacff46f958f99c80aaca6ba67d5c43fd438`
SHA256	`e70951a8c19fca6de1a450d1c88fc383d4c234b086bca4bc514e904b2f6cfc5d`
SHA3	`b6bd32839ca57b553bb4403d02b73528ea9bc0ff0069e761e0f430728e27284b`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x27d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.41799`
Detected Filetype	PNG graphic file
MD5	`382a5e4d447678718b72aa550dc1e240`
SHA1	`5edad90d3b31f0eef178ba240693c2f5de8b6f9d`
SHA256	`c6c10d1ca75ef93d6703a5c9ba740d38948ba76cd30df45198ab30648b54ed66`
SHA3	`cc57181c6447bc643819c83e764c4957845298e3e5cf65e9e4ee38033ef3c766`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32628`
Detected Filetype	Icon file
MD5	`2064ea217645909744754031d4801b41`
SHA1	`9de75470276ddeaefde129b10bf9534127dcf20e`
SHA256	`0acb5366ff07454a83004905789b8fb7cfa997cef02099ca2e2584934e32bf95`
SHA3	`8c0591db3b9c2402f1b2149fd4a3364a4c95e06289582e482751099877bf6e21`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x240`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26663`
MD5	`19961913cde9d38b5fb6b9a8e326851c`
SHA1	`cc23a88c78954757aa50464929a2a3d431b8772e`
SHA256	`827c8cf2f137feffe19c2fb08a7804da1e544a87ce086f82502a31dac54d251d`
SHA3	`72e7eae9f23d2ba088fc8c511e3886d545f5fa23fdecd4cb26de26c864e2fb11`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.9.0.0
ProductVersion	1.9.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	fury.sp
FileVersion (#2)	1.9
InternalName	fury.sp.exe
LegalCopyright
OriginalFilename	fury.sp.exe
ProductVersion (#2)	1.9
Assembly Version	1.9.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Nov-26 10:08:37
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x2d85ec`
PointerToRawData	`0x2d67ec`
Referenced File	c:\Users\SS COmputer\AppData\Local\Temp\bin_copy\obj\Debug\fury.sp.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Yara error: ERROR_TOO_MANY_MATCHES

Leave a comment

No comments yet.