Manalyze report for 87033b1d03d86a27fe8b90bfc6dd3976

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Nov-04 02:29:58
Comments
CompanyName
FileDescription	WindowsApp2
FileVersion	`1.0.0.0`
InternalName	WindowsApp2.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	WindowsApp2.exe
ProductName	WindowsApp2
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Suspicious		`Unusual section name found: !\x0ed?\x02fv&` `Section !\x0ed?\x02fv& is both writable and executable.` `Unusual section name found:`
Malicious	VirusTotal score: 19/67 (Scanned on 2019-04-03 22:54:50)	`McAfee: Artemis!87033B1D03D8` `CrowdStrike: win/malicious_confidence_100% (W)` `F-Prot: W32/MSIL_Troj.NT.gen!Eldorado` `Avast: Win32:Malware-gen` `Paloalto: generic.ml` `Sophos: Generic PUA GL (PUA)` `Comodo: Malware@#2lxphdvxkxkvb` `F-Secure: Trojan.TR/Dropper.MSIL.Gen` `Invincea: heuristic` `McAfee-GW-Edition: Artemis` `Trapmine: malicious.high.ml.score` `FireEye: Generic.mg.87033b1d03d86a27` `Ikarus: Trojan.MSIL.MultiPacked` `Cyren: W32/MSIL_Troj.NT.gen!Eldorado` `Avira: TR/Dropper.MSIL.Gen` `AegisLab: Trojan.Win32.Generic.4!c` `Acronis: suspicious` `SentinelOne: DFI - Malicious PE` `AVG: Win32:Malware-gen`

Hashes

MD5	`87033b1d03d86a27fe8b90bfc6dd3976`
SHA1	`6b8448ed5e641256404a6570d5b8465196a0f1d8`
SHA256	`057d8e0408d08140796c2bf215919cd573fbfa2d18d36ff607518d9474313210`
SHA3	`3e89344a800b8fec011be35d91066168507c0fc770be205563c325ed8e5a65c3`
SSDeep	`3072:7+VTPcx4VphNdpwd2/HuXHMNdnuhs++fJAhMYR5hoV+cMum6TSqHqzJ:76TPc6/d2dAO3xeRfNyHU9Mx6TK`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2017-Nov-04 02:29:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`80.0`
SizeOfCode	`0x2e6e00`
SizeOfInitializedData	`0x24200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0031200A (Section: )`
BaseOfCode	`0x26000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x314000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

!\x0ed?\x02fv&

MD5	`06b2a5d9978df907308f3d5b5eb3bce3`
SHA1	`84541331cc1f8d73073cb4f711c1d0106f287675`
SHA256	`b869938c08ec51c45a07dec35b0dc2ef357272453d739394c3eb7f6bb32fb207`
SHA3	`0b0bd241d1123544dd56ec2e3e860561d289478c846c666378af0c22f93591fb`
VirtualSize	`0x23968`
VirtualAddress	`0x2000`
SizeOfRawData	`0x23a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99882`

.text

MD5	`3475222f33b862665b8c051863906f42`
SHA1	`47c8418e36484a5f5b21ff5071d92edab073b389`
SHA256	`a774da03624bc466aa0a193d5ddd1f6de347786673c37b74171fefd282c1cfd2`
SHA3	`ff86c6f37e3e59089faa1bee2540fd0450a405aef74c42aa0ad2d8d194c043a8`
VirtualSize	`0x2e6a70`
VirtualAddress	`0x26000`
SizeOfRawData	`0x2e6c00`
PointerToRawData	`0x23e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.167839`

.rsrc

MD5	`d8c56b6bb259a6dd0aa659ba8835914e`
SHA1	`8e793e68494880eb8d36a428075fe852596110a2`
SHA256	`187044ea6b1de818f85a3a8ab48a292f38309fafc684c39be6dacf76d2e90418`
SHA3	`de44106dccc63e2365c7da2b08fe6db595459b56ed92bada797a933678afcd51`
VirtualSize	`0x5b8`
VirtualAddress	`0x30e000`
SizeOfRawData	`0x600`
PointerToRawData	`0x30aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.13296`

.reloc

MD5	`849edc236f01ed90b74fb3c53a32b817`
SHA1	`b0d2d083f7c8e9a83fa4a86e93d3bf0eec525d17`
SHA256	`4f4f19cb1d2363d4d01e00b5df69087a5df4f9b12277b988e46a31066a3def17`
SHA3	`45827b1a71454343db6b406b790cda0a454cc833a0d4d250f88a6014349ebb76`
VirtualSize	`0xc`
VirtualAddress	`0x310000`
SizeOfRawData	`0x200`
PointerToRawData	`0x30b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0980042`

MD5	`ba312f12fa5e32b709324330e2da56da`
SHA1	`9d45705d63ce587b79de79f24380a680f1471da3`
SHA256	`51f100740af7f2b444bd75fbea5df1b49117695c783dbdd27c7ff2f63854ca02`
SHA3	`0c03ab0feb9a99942e53b601b1780bd73e6893143ad6e90bb75c24bd9505bd94`
VirtualSize	`0x10`
VirtualAddress	`0x312000`
SizeOfRawData	`0x200`
PointerToRawData	`0x30b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.122276`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3165`
MD5	`0a9b08bf61d86089c6d80192bf87cdae`
SHA1	`a89161a28ad34a64f339006cb4d56604ca602733`
SHA256	`69c3824c3957ae9a4ad6ad46e08c0de9486df4946c85d64b00deaa3358a13241`
SHA3	`06bcc1793470c614a475f5fff9940c322cb8b1c6448fb3b2540847974dbceb26`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	WindowsApp2
FileVersion (#2)	1.0.0.0
InternalName	WindowsApp2.exe
LegalCopyright	Copyright © 2017
LegalTrademarks
OriginalFilename	WindowsApp2.exe
ProductName	WindowsApp2
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Yara error: ERROR_TOO_MANY_MATCHES