Manalyze report for a06db6bf5f698da5c97de1795cb971ec

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Jun-18 03:35:11
Comments
CompanyName
FileDescription
FileVersion	`1.0.0.0`
InternalName	Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Stub.exe
ProductName
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Looks for VMWare presence: vmware` `Looks for Sandboxie presence: SbieDll.dll` `Accesses the WMI: root\Security`
Malicious	VirusTotal score: 40/66 (Scanned on 2022-06-23 15:51:00)	`Bkav: W32.AIDetectNet.01` `ClamAV: Win.Packed.Razy-9625918-0` `FireEye: Generic.mg.a06db6bf5f698da5` `CAT-QuickHeal: Trojan.IgenericFC.S14890850` `McAfee: Fareit-FZT!A06DB6BF5F69` `Cylance: Unsafe` `Sangfor: Suspicious.Win32.Save.a` `Cybereason: malicious.f5f698` `Cyren: W32/Samas.B.gen!Eldorado` `Elastic: Windows.Trojan.Asyncrat` `ESET-NOD32: a variant of MSIL/Agent.CFQ` `APEX: Malicious` `Cynet: Malicious (score: 100)` `Kaspersky: HEUR:Trojan.Win32.Generic` `BitDefender: IL:Trojan.MSILZilla.1628` `MicroWorld-eScan: IL:Trojan.MSILZilla.1628` `Ad-Aware: IL:Trojan.MSILZilla.1628` `Sophos: ML/PE-A` `DrWeb: BackDoor.AsyncRATNET.2` `McAfee-GW-Edition: BehavesLike.Win32.AdwareLinkury.qm` `Trapmine: suspicious.low.ml.score` `Emsisoft: IL:Trojan.MSILZilla.1628 (B)` `SentinelOne: Static AI - Malicious PE` `GData: IL:Trojan.MSILZilla.1628` `Avira: TR/Dropper.Gen` `MAX: malware (ai score=85)` `Arcabit: IL:Trojan.MSILZilla.D65C` `ZoneAlarm: HEUR:Trojan.Win32.Generic` `Microsoft: Backdoor:MSIL/AsyncRat.AD!MTB` `AhnLab-V3: Malware/Win32.RL_Generic.C3558490` `Acronis: suspicious` `ALYac: IL:Trojan.MSILZilla.1628` `Rising: Trojan.AntiVM!1.CF63 (CLASSIC)` `Ikarus: Trojan.MSIL.Agent` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: MSIL/CoinMiner.CFQ!tr` `BitDefenderTheta: Gen:NN.ZemsilF.34742.dm0@a8y@Ceg` `AVG: Win32:DropperX-gen [Drp]` `Avast: Win32:DropperX-gen [Drp]` `CrowdStrike: win/malicious_confidence_90% (D)`

Hashes

MD5	`a06db6bf5f698da5c97de1795cb971ec`
SHA1	`ac497d1db21f8720d2e802b0d885f9afab3a5b1b`
SHA256	`844584b3cde84d6ebfcb4e9f0bdd31fea4f37021727b771712674ea22e14dc46`
SHA3	`ef95a3c8ef7e2c4e66c4a6534f0a183f2708c2a6dc5e4cda111d0a90e841939a`
SSDeep	`1536:u5kqOmrxf0IRdsmAFrKHbKOIeuA+2u0lzRiBx:u5jOmrxf0IRmmARKHbKjHAgx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-Jun-18 03:35:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0xc200`
SizeOfInitializedData	`0xa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000E1AE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x10000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x14000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c12f62c0d4c343a445239659ba328205`
SHA1	`bdeb07c0efc21fbd95dcf2ecd4f8087eedc835f0`
SHA256	`3209c0e67f0a7aae387b37497503a49e712c76ba4ff7fa0a420cc76a63b727ab`
SHA3	`db2b8d375272dc3f4609742aeeb5e3523c480037f906380184a7161f89657d61`
VirtualSize	`0xc1b4`
VirtualAddress	`0x2000`
SizeOfRawData	`0xc200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.65544`

.rsrc

MD5	`2522fd8c77ec3a1fcf4224f317eb9c77`
SHA1	`1ad99a88360b00069b2ebf636321dcca62231703`
SHA256	`1b71b9071b98a626e3508b6f2088d5ee2f49c0274ded2601b5a09dd4c0079756`
SHA3	`09a56b470bac7e4aadbb8f044a0f6b9e427dab27e51d653cf2fdb36cdb63fc4d`
VirtualSize	`0x7ff`
VirtualAddress	`0x10000`
SizeOfRawData	`0x800`
PointerToRawData	`0xc400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.88397`

.reloc

MD5	`6efcae8c86c5f0823ec82847b83ae0af`
SHA1	`1516d623ba60e6c2b50dfbfad2af912714032146`
SHA256	`9fd0a4b209ecf829dba217b34ba583863782e8c5e44e6a1ac46fc3546aea5388`
SHA3	`012d430fabe29212e516ee03672f2ec9fe11fc25f75de14576afa15baaf3ee10`
VirtualSize	`0xc`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xcc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15228`
MD5	`16ec11406456535d1de48d96513667e8`
SHA1	`a60ebbbcae868abd27fc96e22701fae48940e53c`
SHA256	`23202710be8c5fc9672495b0b62bebcf29a087cc7e07236f6bb155efb6e499ad`
SHA3	`ec347df0db7e63c15cad3d1f9d2b5b4d497473b5992bd681fc145eb5057ecb7d`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x493`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22615`
MD5	`f3d7095de1636559aa56ad81b25bbff9`
SHA1	`6a55e1445c1c915664fba385828c5a0078fe460d`
SHA256	`4ff1c75a93b2280dabe75acecade82d644388c9f4412565d846aeb396bfdc133`
SHA3	`66d420e8633fd20ebea3048e5ed6afe3cf66dcb6d5041729ab7c7faa44b0a1b0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Stub.exe
ProductName
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

a06db6bf5f698da5c97de1795cb971ec

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors