Manalyze report for 8ba49998cdeb0fb3bb552035ccc088eb

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2055-May-07 19:24:49
Comments
CompanyName
FileDescription	Dropper
FileVersion	`1.0.0.0`
InternalName	Dropper.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	Dropper.exe
ProductName	Dropper
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	The PE's digital signature is invalid.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011` `The file was modified after it was signed.`
Malicious	VirusTotal score: 36/71 (Scanned on 2026-02-12 17:16:14)	`ALYac: IL:Trojan.MSILZilla.202252` `APEX: Malicious` `AVG: Win32:MalwareX-gen [Bd]` `Arcabit: IL:Trojan.MSILZilla.D3160C` `Avast: Win32:MalwareX-gen [Bd]` `BitDefender: IL:Trojan.MSILZilla.202252` `Bkav: W32.AIDetectMalware.CS` `CTX: exe.trojan.msilzilla` `CrowdStrike: win/malicious_confidence_100% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.MulDropNET.93` `ESET-NOD32: MSIL/GenKryptik.GUXK trojan` `Elastic: malicious (high confidence)` `Emsisoft: IL:Trojan.MSILZilla.202252 (B)` `Fortinet: MSIL/GenKryptik.GUXK!tr` `GData: IL:Trojan.MSILZilla.202252` `Google: Detected` `Ikarus: Trojan.MSIL.Krypt` `Kaspersky: HEUR:Backdoor.MSIL.Crysan.gen` `Kingsoft: malware.kb.c.999` `Malwarebytes: Trojan.Crypt.MSIL` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Real Protect-LS!8BA49998CDEB` `MicroWorld-eScan: IL:Trojan.MSILZilla.202252` `Microsoft: Trojan:MSIL/Crysan.PLLZH!MTB` `Rising: Malware.Obfus/MSIL@AI.97 (RDM.MSIL2:iOc19arKIs98ql8kxcXWVQ)` `SentinelOne: Static AI - Malicious PE` `Sophos: Troj/Krypt-ATE` `Tencent: Trojan.Msil.Agent.16001263` `Trapmine: suspicious.low.ml.score` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9t` `VIPRE: IL:Trojan.MSILZilla.202252` `Varist: W32/MSIL_Kryptik.LMF.gen!Eldorado` `ZoneAlarm: Troj/Krypt-ATE` `huorong: HEUR:TrojanSpy/MSIL.Stealer.bw`

Hashes

MD5	`8ba49998cdeb0fb3bb552035ccc088eb`
SHA1	`25e027f6f94c90805532f702291664bf801e913f`
SHA256	`3b5cc1bc902dbb07abeb72441f23df8b5b78cc7409765f4fd25a42e67408561a`
SHA3	`2845c08dd8829cc734c79aa1f1903f5b02ff7e9e66656648bc7336d56fb5516e`
SSDeep	`12288:msQfIzTvEtHwr3ejWf/lidBb7xgSlxsMbYlmRwQJ2vjo5ZsuYwJO:mrfUT0wjMWaFGWo9`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2055-May-07 19:24:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x211200`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0021318E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x214000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x218000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0fa615cdb8c27794e371336874d41fa5`
SHA1	`0c7c48fce919b26fcd7dac1de67295bf59a59a5f`
SHA256	`94efee7439784198a82ee887e8846f707d13265ee1381e09002545a8a69e011a`
SHA3	`47582ad8e7ac1faaf2ac8cd54dd6cf5d0a938ebdb9f5b13f7d2ecddc97dc4c4c`
VirtualSize	`0x211194`
VirtualAddress	`0x2000`
SizeOfRawData	`0x211200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`2.77121`

.rsrc

MD5	`470c1b7ff8d34e3ae18e2b6d6aa6007e`
SHA1	`4b151b1a13acd79385e7d7c66c92e99d23ee2f2e`
SHA256	`136bf2540ea32fe14790624fe71c7deb1d11008c4e18bc2c100d78d3ca3fed6b`
SHA3	`022da5ad618063302589dfc0957a0c82e06c8821d4474cc4df15a0ee096c62f3`
VirtualSize	`0x598`
VirtualAddress	`0x214000`
SizeOfRawData	`0x600`
PointerToRawData	`0x211400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.49554`

.reloc

MD5	`2bcb672a4f004d3c8314cdecc1929ced`
SHA1	`a62c63ff9e573c2b1d4a2eb6fbbc12cdeddeeaf0`
SHA256	`8e0f0bf806bd4883134ac6737f004ef7b8780323a7c2b6a3044f848c5c0e2172`
SHA3	`083bd3d0f0b9c52a08632784517670dd6c5427207720f972c4722b8456848fe4`
VirtualSize	`0xc`
VirtualAddress	`0x216000`
SizeOfRawData	`0x200`
PointerToRawData	`0x211a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23022`
MD5	`8e86eaf53d611cde15c476f708799214`
SHA1	`ad34ea9a030b21402ff2b03cc428254b0026cca2`
SHA256	`4f9a86bd4ca4b5ee1bc28a18453266b0f8f3e47f81d31ba93d1512f8b2eab25f`
SHA3	`84ab6ec30c7a8d2223a8179e63f4baa2e9001836a0e1c94f69108be20cb201cb`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	Dropper
FileVersion (#2)	1.0.0.0
InternalName	Dropper.exe
LegalCopyright	Copyright © 2024
LegalTrademarks
OriginalFilename	Dropper.exe
ProductName	Dropper
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Yara callback received an unhandled message (6).