Manalyze report for a24d5a8f6a916fe976face1f145cf297

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Sep-27 08:59:07
Debug artifacts	G:\VisualStudioProjects_CN\RemoteTool\RemoteTool\obj\Release\MSAService.pdb
Comments
CompanyName
FileDescription	Microsoft Security Application
FileVersion	`1.0.0.0`
InternalName	MSAService.exe
LegalCopyright	Copyright © 2018
LegalTrademarks
OriginalFilename	MSAService.exe
ProductName	Microsoft Security Application
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Malicious	VirusTotal score: 8/69 (Scanned on 2019-10-19 17:47:11)	`McAfee: Artemis!A24D5A8F6A91` `APEX: Malicious` `Endgame: malicious (moderate confidence)` `McAfee-GW-Edition: Artemis!Trojan` `SentinelOne: DFI - Suspicious PE` `AhnLab-V3: Malware/Win32.RL_Generic.C3508355` `Rising: Trojan.Agent!8.B1E (TFE:D:4WwkVUwu4lK)` `CrowdStrike: win/malicious_confidence_60% (W)`

Hashes

MD5	`a24d5a8f6a916fe976face1f145cf297`
SHA1	`d75cb8e319506f56423794db6517c0e6fbd89880`
SHA256	`9de5cc5f48c67272613f4aba83e73ce90091a5a610096128a0244dd14ba3e59a`
SHA3	`c6e991e31f1593ec752a2301e4d8132a8a96c92c90c3cdc95dad7d4ad9fec34c`
SSDeep	`1536:pLo7R9tfuDp0F/VsBNL+bb2wN6Y6tKMq:xCkp0MBNL+b2wgY`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Sep-27 08:59:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xae00`
SizeOfInitializedData	`0xf200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000CA9E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xe000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x20000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7fd0982e170a0b120ab57aa1cd28603b`
SHA1	`7f7446d297cb498653e9849e4b504906f727f586`
SHA256	`f692b626c375f429aba50a29650fd35ac4938d1ae5ed1c596d84421f6df3f00e`
SHA3	`e089a2e2394667264bc333a5f807f90cfd07154b1b1cba2f33351504fda40870`
VirtualSize	`0xac2c`
VirtualAddress	`0x2000`
SizeOfRawData	`0xae00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.69094`

.rsrc

MD5	`dee1283213a0fe56778070a4dc97fc01`
SHA1	`51af3eb8a91184070782499bc6784279e207665e`
SHA256	`6e6a2ff1af26b3f7180183eb2ecaa9641913063b56f99633330422f25e499d14`
SHA3	`ffab50d4d3e2fc92cff3887eef2425d3f7b0a0ff6afe1ee0ecf31472e26e8504`
VirtualSize	`0xef5c`
VirtualAddress	`0xe000`
SizeOfRawData	`0xf000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.65482`

.reloc

MD5	`53da1b46a97c68972063d7f4a8ff124b`
SHA1	`7d3cde1ea1b3441f9e70c2a311002e9f862ad0b1`
SHA256	`f3a3131ee3b0f87bc900ebfdd4492cd77aea39c1fab048d74ad99224e60dfeaa`
SHA3	`44f43fe3f897b23f907752d9fe2add462a8d75f7cc8e8cbc601d165331296b7b`
VirtualSize	`0xc`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe8ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.49808`
MD5	`86b04cb216d77d89492de8e1c16066a1`
SHA1	`67350b634f6650699b25741435a27523c3f0e87e`
SHA256	`35c79bbcf6e9d50be00aaf31fb700763affe54ff136a5dcf0d1c9c3dbb5cff55`
SHA3	`2a11bcf700a6040369e407ecfb129d9db766a6ea4fc3c92e7b90e945c88665d5`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`a2bee1173dd4044832721c58d83dbf2d`
SHA1	`dad73b85696feae7859cbe968e1002bfffeabc8f`
SHA256	`ee7716b5df0dd7eb2a9490d9350be39b1e3e791eb2b4da8b4b3dfc38a929a39e`
SHA3	`e3be5884b52975ab3fdca7553eafe0affe5e955bcc517cc6b7a35b968064442f`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x37c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29841`
MD5	`804625fb18127f3c93f027432183fedf`
SHA1	`c30824df0eda75f3a6e4b6a2d4122a5f99435b82`
SHA256	`0e906d5c06e2cec0f449a6c2bd50e017b3f5b1ceeb3343126718f19798e7ac83`
SHA3	`c9412a8124c14358a2c9c6398c7af1c87a06068f0d5847922d8ab7654d96e7d3`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	Microsoft Security Application
FileVersion (#2)	1.0.0.0
InternalName	MSAService.exe
LegalCopyright	Copyright © 2018
LegalTrademarks
OriginalFilename	MSAService.exe
ProductName	Microsoft Security Application
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Sep-27 08:59:07
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0xc930`
PointerToRawData	`0xab30`
Referenced File	G:\VisualStudioProjects_CN\RemoteTool\RemoteTool\obj\Release\MSAService.pdb

TLS Callbacks

Load Configuration

RICH Header

a24d5a8f6a916fe976face1f145cf297

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors