×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2020-Aug-03 16:02:26
Comments
CompanyName
Command Transportation
FileDescription
Clutch
FileVersion
1.0.0.0
InternalName
Clutch.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Clutch.exe
ProductName
Clutch
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Info
Matching compiler(s):
.NET executable -> Microsoft
Info
Interesting strings found in the binary:
Contains domain names:
adobe.com
http://ns.adobe.com
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://schemas.microsoft.com
http://schemas.microsoft.com/expression/blend/2008
http://schemas.microsoft.com/winfx/2006/xaml
http://schemas.microsoft.com/winfx/2006/xaml/presentation
http://schemas.openxmlformats.org
http://schemas.openxmlformats.org/markup-compatibility/2006
http://www.w3.org
http://www.w3.org/1999/02/22-rdf-syntax-ns#
microsoft.com
ns.adobe.com
openxmlformats.org
schemas.microsoft.com
schemas.openxmlformats.org
www.w3.org
Suspicious
VirusTotal score: 1/72 (Scanned on 2020-11-20 18:23:24)
APEX:
Malicious
MD5
8c53e654289d2af66ff6b49eee2f705d
SHA1
8f3850ca824f02849864d6b85458bc1c5db6b952
SHA256
156518be18f0f92215340d4087f2dd76c20ccf03d1dfae40254806489d4c79bc
SHA3
f515a39b18c5a019b9a4300396cd13284a4a13df26bb37379dd69c85d73b5c64
SSDeep
49152:rziw4ZZ1VKKa9/VphZoKajSr/HtRjLIr8RaY6G0n5AT7XSuBk7tNGLuU7iRiE3d:r2vZPwz/VphWKamZRnIrDHGTzPBqtJ4
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2020-Aug-03 16:02:26
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
80.0
SizeOfCode
0x2db200
SizeOfInitializedData
0x4200
SizeOfUninitializedData
0
AddressOfEntryPoint
0x002DD186 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x2de000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
6.0
Win32VersionValue
0
SizeOfImage
0x2e4000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
5deda4732f375a98de0c6aad91b6fcb4
SHA1
0b4d75223fc9e6b818b89d438a47b8d899a996f1
SHA256
f8aa1830910adf17ae525bb26b58a9d75d87c3704b7f8c1cf62c2dc2acb43b76
SHA3
9f150a79030cfd4f834af9e26e3e64e2757d374b54fd244ac151d4e866a82a8d
VirtualSize
0x2db19c
VirtualAddress
0x2000
SizeOfRawData
0x2db200
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
7.97926
MD5
f3e430655496c71bc7abd2f65b82f816
SHA1
a4bbb31fc5d441485f8a9eb6f279d558ec304f01
SHA256
4caabd89af9af94c920cff64f7c79eaa64bf2006e7cd4796b461d8f087082f84
SHA3
35387f9eca1102c883f865ec6695b41d541582d42079b9b6cd200ed13cf00d6d
VirtualSize
0x3f4c
VirtualAddress
0x2de000
SizeOfRawData
0x4000
PointerToRawData
0x2db400
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
5.99408
MD5
accd205c08ea91ed74495826ad1ff265
SHA1
a602d60f61954494bd52661f9d1261fec360615c
SHA256
7bf5b7a2daa9f7f29b7b21d6c29dc2dbaf83f95eadbb9cbfaf85a340b07eaed3
SHA3
a3400de461a50842698fd0e54f70572dc163771a6948dc59d575621f8262e5b0
VirtualSize
0xc
VirtualAddress
0x2e2000
SizeOfRawData
0x200
PointerToRawData
0x2df400
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x468
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.71044
MD5
acd166266ad2d21bbe6f74bd8459f882
SHA1
7f511d453a0d33fff545ee86b3d60501f48c66d7
SHA256
2560f0369535a59faa7c6dc0e66efcd4305d92476d59f7b27d05b469ef33c5f2
SHA3
bff742c889493877fb8b8c394366fd1f8f60fa105b4a1574343c4a3f7699e1b9
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.9805
MD5
378ef88fb417e316e35aefbe5965f42e
SHA1
6ad958dccb88821c274512d9a23bb7317b606584
SHA256
e97c7f8b850a624df78e017dcfbcf51ac40da921810f006b7124b9a64c694c95
SHA3
8e37e4f080178c6a6f3c8ff10b1bde8e36b2362a49a883ccfd6615cd0afda0fc
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x25a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.01417
MD5
01b83756c5d8e13ee6250212d812aa39
SHA1
41531f8fe918b89641b68b717b2f46d17ee72dc4
SHA256
74f049410dd6b3ad343be5cd391969a20b743be8294380a38e873942a8103eab
SHA3
2f701464a76d139f73a39c63f7964a19ba8cf54807cbfe6327e9fde2253bdfc4
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x30
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.45849
Detected Filetype
Icon file
MD5
409e1724611e0bc39356e2f58888db55
SHA1
c06c0e66cc2f7956256e2f018aa0294bfa914960
SHA256
6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210
SHA3
315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x318
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.21079
MD5
d765fbc2e68159e4973bc2cfdfc4a086
SHA1
15169cb925b795b61f1e6612fbc8f824f084feb5
SHA256
eb1abc8c3bff222aaa1342ed0873caad54924b9447263a7144ea59c8d95cf516
SHA3
4e22f10aeaa205ec2ebf6556e7eaebf33f9c1cbea39491163a89ad240e320e23
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
Command Transportation
FileDescription
Clutch
FileVersion (#2)
1.0.0.0
InternalName
Clutch.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Clutch.exe
ProductName
Clutch
ProductVersion (#2)
1.0.0.0
Assembly Version
1.0.0.0