Manalyze report for 838cb28b8f3bdf8ca3a4011ff6bc6f6f

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-Nov-19 18:49:20
Debug artifacts	C:\Users\kagan\Desktop\MBMalwTest\MBMalwTest\obj\Debug\MBMalwTest.pdb
Comments
CompanyName
FileDescription	MBMalwTest
FileVersion	`1.0.0.0`
InternalName	MBMalwTest.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	MBMalwTest.exe
ProductName	MBMalwTest
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QEMU qEmU` `Miscellaneous malware strings: cmd.exe`
Malicious	VirusTotal score: 15/68 (Scanned on 2017-12-02 01:56:25)	`Invincea: heuristic` `Symantec: Ransom.HiddenTear!g1` `TrendMicro-HouseCall: TROJ_GEN.R002H05L117` `Avast: FileRepMalware` `AegisLab: W32.Malware.Bucaspys!c` `Sophos: Mal/Generic-S` `McAfee-GW-Edition: Artemis!Trojan` `Endgame: malicious (high confidence)` `ZoneAlarm: UDS:DangerousObject.Multi.Generic` `McAfee: RDN/Generic.dx` `ESET-NOD32: a variant of MSIL/Filecoder.AK` `Rising: Ransom.FileCryptor!8.1A7 (C64:YzY0OsmwYzDYbbVD)` `GData: Win32.Malware.Bucaspys.A` `AVG: FileRepMalware` `CrowdStrike: malicious_confidence_100% (W)`

Hashes

MD5	`838cb28b8f3bdf8ca3a4011ff6bc6f6f`
SHA1	`42550a96f14f60d2dfd8e51c22ffcfca2d14b940`
SHA256	`f9c918a96b1c4290cf73c1017b70b6f8082f4558f3524a608d13f8dd81646a98`
SHA3	`7ba9847aa0cda3cfdb2f2b1f2e248592509aa8c3781766b7f1d2bd473015cf54`
SSDeep	`12288:ZRDX4jeK9i5GALeAk7aHsPFe7rcV1IUGvVuqD7bSnJeXKWc0c58kFQ:ZRL4jAtCAk7/2VT`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Nov-19 18:49:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x91c00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00093BB6 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x94000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x98000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fd2d16c88c34ac894c78938f8f69fd13`
SHA1	`e0d2b82f27be1781ba2c3fd58f6710cbb977d196`
SHA256	`458c5b090f4a8a43966989b963e36d0052f1dcd75f4d928d13e29c8532b3079e`
SHA3	`970627cb51252da882a0f52c96a0b30b8fe4ef9930c8a0582377ad1ab336d5ab`
VirtualSize	`0x91bc4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x91c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.90888`

.rsrc

MD5	`93991987ed6040c93875da91cb30d6dd`
SHA1	`c5f295dec35746eb81dbbb56d8edd4942aa5248a`
SHA256	`5367afca3c6446399e439683a87360a12ff3fb89180653e7900787958844ba2d`
SHA3	`30c92f9a6ea0da24400606f2016a453ceeb4f8eb4ae1d6d6463575ea115821f7`
VirtualSize	`0x5bc`
VirtualAddress	`0x94000`
SizeOfRawData	`0x600`
PointerToRawData	`0x91e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.12313`

.reloc

MD5	`684df03599cd7686c193b9465fd10095`
SHA1	`1ab6828936e3c1a3a8611c47c60ab1eb39093916`
SHA256	`7a6dd08d3c74feca7d4ac92ce77a11a471cb2ba13f9d52f2c8ca5707cc96634f`
SHA3	`6ba649b7105547c2fed867764ca6f31caa2c0d0902050b634a1cedaed85c3fda`
VirtualSize	`0xc`
VirtualAddress	`0x96000`
SizeOfRawData	`0x200`
PointerToRawData	`0x92400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28446`
MD5	`ceca8659ce6369d7b79a27e872d2a253`
SHA1	`f8a6d02d40f398857ee21b387e3ba79092c40d77`
SHA256	`f000430dd138efb6936d6125a0f37e18aa37e9a96d0e0d1f38bf86df5e332a23`
SHA3	`b71d34f9b52dc4b646e9e907c90fcafda783bf3bf888337cb9b42c41c4c19372`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	MBMalwTest
FileVersion (#2)	1.0.0.0
InternalName	MBMalwTest.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	MBMalwTest.exe
ProductName	MBMalwTest
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Nov-19 18:49:20
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x93a48`
PointerToRawData	`0x91c48`
Referenced File	C:\Users\kagan\Desktop\MBMalwTest\MBMalwTest\obj\Debug\MBMalwTest.pdb

TLS Callbacks

Load Configuration

RICH Header

838cb28b8f3bdf8ca3a4011ff6bc6f6f

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors