Manalyze report for a239a3c1b41c905194525201772b9ea048f12ef9883e9509947d9ac904350554

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Feb-01 03:23:00
Debug artifacts	CWGRNTCTF.pdb
Comments	CWGRNTCTF
CompanyName	CWGRNTCTF
FileDescription	CWGRNTCTF
FileVersion	`1.0.0.0`
InternalName	CWGRNTCTF.exe
LegalCopyright	Copyright Â© 2024 CWGRNTCTF
OriginalFilename	CWGRNTCTF.exe
ProductName	CWGRNTCTF
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious		`Unusual section name found: .sdata`
Malicious	VirusTotal score: 32/72 (Scanned on 2024-04-06 07:15:12)	`ALYac: Trojan.GenericKD.71577722` `APEX: Malicious` `Antiy-AVL: Trojan/Win32.Agent` `Arcabit: Trojan.Generic.D444307A` `BitDefender: Trojan.GenericKD.71577722` `BitDefenderTheta: Gen:NN.ZemsilF.36802.eq0@a0b8wsf` `Bkav: W32.Common.4924221F` `CrowdStrike: win/malicious_confidence_60% (W)` `Cybereason: malicious.9c11bd` `Cylance: unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Emsisoft: Trojan.GenericKD.71577722 (B)` `FireEye: Trojan.GenericKD.71577722` `Fortinet: PossibleThreat.PALLAS.M` `GData: Trojan.GenericKD.71577722` `Google: Detected` `Lionic: Trojan.Win32.ScarletFlash.4!c` `MAX: malware (ai score=82)` `Malwarebytes: Generic.Malware/Suspicious` `MaxSecure: Trojan.Malware.233596293.susgen` `MicroWorld-eScan: Trojan.GenericKD.71577722` `Microsoft: Trojan:Win32/Acll` `Panda: Trj/Chgt.AD` `Sangfor: Trojan.Win32.Agent.Vx77` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `TrendMicro-HouseCall: TROJ_GEN.R002H09BG24` `VIPRE: Trojan.GenericKD.71577722` `Varist: W32/ABRisk.QJVY-5262` `alibabacloud: Suspicious`

Hashes

MD5	`10fa9739c11bd1d35db40076e1f0552f`
SHA1	`a7211d82203a141f6ae53606e01217c469d378da`
SHA256	`a239a3c1b41c905194525201772b9ea048f12ef9883e9509947d9ac904350554`
SHA3	`76d8dbf7151b27b40346ae075e5d990e51fb296fac2c80b5318a63b812c67bbb`
SSDeep	`768:PFZe3Z3XS1hcZq8sLqheC/oq5WU/hAGj7mHI9GseQNb094S79nybYxdA2C2GPqx:q3ZnS1haq/pCJWVGrV1gj79Pcqx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2024-Feb-01 03:23:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xfc00`
SizeOfInitializedData	`0xa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00011BAE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x12000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x18000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ab08c48656ca7bdb3f056ad9976f7bdf`
SHA1	`336ba9d3bf2d3886521e332fd15f7b193fd8b7b3`
SHA256	`7cd881d239e6a6e97c5830bfe2edfc607e56e6eb4236407406520ce3d2a4df22`
SHA3	`02826575c5387ffb3c1aa24313a54f97fca1a46dd869faf13392a8d7ade630f1`
VirtualSize	`0xfbb4`
VirtualAddress	`0x2000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.6217`

.sdata

MD5	`9ddf23caa2d181f7b9ec20362fbfbf40`
SHA1	`b22b692afc85b22b0b58e176e70b7bcc4f5581f2`
SHA256	`a653f5156a28f48d2954841c79b0af39685fda8d0c819803b7943977537bfcfa`
SHA3	`104f8f5db6e9ac4efdaf1604f20bf64b9e00e0024b8bf824a53d08088e8ce611`
VirtualSize	`0x1e8`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.63075`

.rsrc

MD5	`20cf7ded4a9b0ec28b0e661cdc86b80b`
SHA1	`0a3720c5c11fbad74f150d7206f8ddf11c0a8f50`
SHA256	`6e5b33da95fbc0c613d9dcb49eefb326a34b17f3aae7286a8d47e4859ae0ccaf`
SHA3	`c8966ec891bb6839572c9d1d43c61f11f1bfed064b92ee500e758762442793cf`
VirtualSize	`0x5b0`
VirtualAddress	`0x14000`
SizeOfRawData	`0x600`
PointerToRawData	`0x10200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1637`

.reloc

MD5	`1761cb12cf60281db2b9f11e53f50088`
SHA1	`9d7b92bc980756712314b6fddfbf5aa236ef278e`
SHA256	`ce0cd0911cc1a9767fe7d1bc21121b2dbfc523761a620ad56ec3b552d1ec969a`
SHA3	`16363f9bb4e5906877473b87a65205aaaa0399e9c9a0bf17ce3b2fc0e5c1b701`
VirtualSize	`0xc`
VirtualAddress	`0x16000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3537`
MD5	`f5c60b6b92eab70a7a81d03b2a73c011`
SHA1	`ca49bccee3d1f651df94628fc259fce97f3a32c3`
SHA256	`b6e949e354bc3f372aadb136dde8bc55ffdbfbc1fbc812e510f50c1f49d20a8f`
SHA3	`5df24d28b2c1fb0865e3d321effb227c798c9e9d35865a0f95c0773694196ec9`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	CWGRNTCTF
CompanyName	CWGRNTCTF
FileDescription	CWGRNTCTF
FileVersion (#2)	1.0.0.0
InternalName	CWGRNTCTF.exe
LegalCopyright	Copyright Â© 2024 CWGRNTCTF
OriginalFilename	CWGRNTCTF.exe
ProductName	CWGRNTCTF
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`38`
AddressOfRawData	`0x11b2e`
PointerToRawData	`0xff2e`
Referenced File	CWGRNTCTF.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.