Manalyze report for 8c53e654289d2af66ff6b49eee2f705d

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Aug-03 16:02:26
Comments
CompanyName	Command Transportation
FileDescription	Clutch
FileVersion	`1.0.0.0`
InternalName	Clutch.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Clutch.exe
ProductName	Clutch
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	Contains domain names: adobe.com http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# microsoft.com ns.adobe.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org www.w3.org
Suspicious	VirusTotal score: 1/72 (Scanned on 2020-11-20 18:23:24)	`APEX: Malicious`

Hashes

MD5	`8c53e654289d2af66ff6b49eee2f705d`
SHA1	`8f3850ca824f02849864d6b85458bc1c5db6b952`
SHA256	`156518be18f0f92215340d4087f2dd76c20ccf03d1dfae40254806489d4c79bc`
SHA3	`f515a39b18c5a019b9a4300396cd13284a4a13df26bb37379dd69c85d73b5c64`
SSDeep	`49152:rziw4ZZ1VKKa9/VphZoKajSr/HtRjLIr8RaY6G0n5AT7XSuBk7tNGLuU7iRiE3d:r2vZPwz/VphWKamZRnIrDHGTzPBqtJ4`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Aug-03 16:02:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`80.0`
SizeOfCode	`0x2db200`
SizeOfInitializedData	`0x4200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002DD186 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2de000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2e4000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5deda4732f375a98de0c6aad91b6fcb4`
SHA1	`0b4d75223fc9e6b818b89d438a47b8d899a996f1`
SHA256	`f8aa1830910adf17ae525bb26b58a9d75d87c3704b7f8c1cf62c2dc2acb43b76`
SHA3	`9f150a79030cfd4f834af9e26e3e64e2757d374b54fd244ac151d4e866a82a8d`
VirtualSize	`0x2db19c`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2db200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.97926`

.rsrc

MD5	`f3e430655496c71bc7abd2f65b82f816`
SHA1	`a4bbb31fc5d441485f8a9eb6f279d558ec304f01`
SHA256	`4caabd89af9af94c920cff64f7c79eaa64bf2006e7cd4796b461d8f087082f84`
SHA3	`35387f9eca1102c883f865ec6695b41d541582d42079b9b6cd200ed13cf00d6d`
VirtualSize	`0x3f4c`
VirtualAddress	`0x2de000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x2db400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.99408`

.reloc

MD5	`accd205c08ea91ed74495826ad1ff265`
SHA1	`a602d60f61954494bd52661f9d1261fec360615c`
SHA256	`7bf5b7a2daa9f7f29b7b21d6c29dc2dbaf83f95eadbb9cbfaf85a340b07eaed3`
SHA3	`a3400de461a50842698fd0e54f70572dc163771a6948dc59d575621f8262e5b0`
VirtualSize	`0xc`
VirtualAddress	`0x2e2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2df400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71044`
MD5	`acd166266ad2d21bbe6f74bd8459f882`
SHA1	`7f511d453a0d33fff545ee86b3d60501f48c66d7`
SHA256	`2560f0369535a59faa7c6dc0e66efcd4305d92476d59f7b27d05b469ef33c5f2`
SHA3	`bff742c889493877fb8b8c394366fd1f8f60fa105b4a1574343c4a3f7699e1b9`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9805`
MD5	`378ef88fb417e316e35aefbe5965f42e`
SHA1	`6ad958dccb88821c274512d9a23bb7317b606584`
SHA256	`e97c7f8b850a624df78e017dcfbcf51ac40da921810f006b7124b9a64c694c95`
SHA3	`8e37e4f080178c6a6f3c8ff10b1bde8e36b2362a49a883ccfd6615cd0afda0fc`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01417`
MD5	`01b83756c5d8e13ee6250212d812aa39`
SHA1	`41531f8fe918b89641b68b717b2f46d17ee72dc4`
SHA256	`74f049410dd6b3ad343be5cd391969a20b743be8294380a38e873942a8103eab`
SHA3	`2f701464a76d139f73a39c63f7964a19ba8cf54807cbfe6327e9fde2253bdfc4`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x318`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21079`
MD5	`d765fbc2e68159e4973bc2cfdfc4a086`
SHA1	`15169cb925b795b61f1e6612fbc8f824f084feb5`
SHA256	`eb1abc8c3bff222aaa1342ed0873caad54924b9447263a7144ea59c8d95cf516`
SHA3	`4e22f10aeaa205ec2ebf6556e7eaebf33f9c1cbea39491163a89ad240e320e23`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Command Transportation
FileDescription	Clutch
FileVersion (#2)	1.0.0.0
InternalName	Clutch.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Clutch.exe
ProductName	Clutch
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

8c53e654289d2af66ff6b49eee2f705d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

32512

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors