×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2019-Sep-27 08:59:07
Debug artifacts
G:\VisualStudioProjects_CN\RemoteTool\RemoteTool\obj\Release\MSAService.pdb
Comments
CompanyName
FileDescription
Microsoft Security Application
FileVersion
1.0.0.0
InternalName
MSAService.exe
LegalCopyright
Copyright © 2018
LegalTrademarks
OriginalFilename
MSAService.exe
ProductName
Microsoft Security Application
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Info
Matching compiler(s):
.NET executable -> Microsoft
Malicious
VirusTotal score: 8/69 (Scanned on 2019-10-19 17:47:11)
McAfee:
Artemis!A24D5A8F6A91
APEX:
Malicious
Endgame:
malicious (moderate confidence)
McAfee-GW-Edition:
Artemis!Trojan
SentinelOne:
DFI - Suspicious PE
AhnLab-V3:
Malware/Win32.RL_Generic.C3508355
Rising:
Trojan.Agent!8.B1E (TFE:D:4WwkVUwu4lK)
CrowdStrike:
win/malicious_confidence_60% (W)
MD5
a24d5a8f6a916fe976face1f145cf297
SHA1
d75cb8e319506f56423794db6517c0e6fbd89880
SHA256
9de5cc5f48c67272613f4aba83e73ce90091a5a610096128a0244dd14ba3e59a
SHA3
c6e991e31f1593ec752a2301e4d8132a8a96c92c90c3cdc95dad7d4ad9fec34c
SSDeep
1536:pLo7R9tfuDp0F/VsBNL+bb2wN6Y6tKMq:xCkp0MBNL+b2wgY
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2019-Sep-27 08:59:07
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Magic
PE32
LinkerVersion
48.0
SizeOfCode
0xae00
SizeOfInitializedData
0xf200
SizeOfUninitializedData
0
AddressOfEntryPoint
0x0000CA9E (Section: .text)
BaseOfCode
0x2000
BaseOfData
0xe000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x20000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
7fd0982e170a0b120ab57aa1cd28603b
SHA1
7f7446d297cb498653e9849e4b504906f727f586
SHA256
f692b626c375f429aba50a29650fd35ac4938d1ae5ed1c596d84421f6df3f00e
SHA3
e089a2e2394667264bc333a5f807f90cfd07154b1b1cba2f33351504fda40870
VirtualSize
0xac2c
VirtualAddress
0x2000
SizeOfRawData
0xae00
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
5.69094
MD5
dee1283213a0fe56778070a4dc97fc01
SHA1
51af3eb8a91184070782499bc6784279e207665e
SHA256
6e6a2ff1af26b3f7180183eb2ecaa9641913063b56f99633330422f25e499d14
SHA3
ffab50d4d3e2fc92cff3887eef2425d3f7b0a0ff6afe1ee0ecf31472e26e8504
VirtualSize
0xef5c
VirtualAddress
0xe000
SizeOfRawData
0xf000
PointerToRawData
0xb000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
1.65482
MD5
53da1b46a97c68972063d7f4a8ff124b
SHA1
7d3cde1ea1b3441f9e70c2a311002e9f862ad0b1
SHA256
f3a3131ee3b0f87bc900ebfdd4492cd77aea39c1fab048d74ad99224e60dfeaa
SHA3
44f43fe3f897b23f907752d9fe2add462a8d75f7cc8e8cbc601d165331296b7b
VirtualSize
0xc
VirtualAddress
0x1e000
SizeOfRawData
0x200
PointerToRawData
0x1a000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0815394
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0xe8ac
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.49808
MD5
86b04cb216d77d89492de8e1c16066a1
SHA1
67350b634f6650699b25741435a27523c3f0e87e
SHA256
35c79bbcf6e9d50be00aaf31fb700763affe54ff136a5dcf0d1c9c3dbb5cff55
SHA3
2a11bcf700a6040369e407ecfb129d9db766a6ea4fc3c92e7b90e945c88665d5
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x14
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.91924
Detected Filetype
Icon file
MD5
a2bee1173dd4044832721c58d83dbf2d
SHA1
dad73b85696feae7859cbe968e1002bfffeabc8f
SHA256
ee7716b5df0dd7eb2a9490d9350be39b1e3e791eb2b4da8b4b3dfc38a929a39e
SHA3
e3be5884b52975ab3fdca7553eafe0affe5e955bcc517cc6b7a35b968064442f
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x37c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.29841
MD5
804625fb18127f3c93f027432183fedf
SHA1
c30824df0eda75f3a6e4b6a2d4122a5f99435b82
SHA256
0e906d5c06e2cec0f449a6c2bd50e017b3f5b1ceeb3343126718f19798e7ac83
SHA3
c9412a8124c14358a2c9c6398c7af1c87a06068f0d5847922d8ab7654d96e7d3
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
b7db84991f23a680df8e95af8946f9c9
SHA1
cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256
539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3
4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
FileDescription
Microsoft Security Application
FileVersion (#2)
1.0.0.0
InternalName
MSAService.exe
LegalCopyright
Copyright © 2018
LegalTrademarks
OriginalFilename
MSAService.exe
ProductName
Microsoft Security Application
ProductVersion (#2)
1.0.0.0
Assembly Version
1.0.0.0
Characteristics
0
TimeDateStamp
2019-Sep-27 08:59:07
Version
0.0
SizeofData
284
AddressOfRawData
0xc930
PointerToRawData
0xab30
Referenced File
G:\VisualStudioProjects_CN\RemoteTool\RemoteTool\obj\Release\MSAService.pdb