a54dfacc1098735b4001c9e9aeab1698
This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2021-Aug-05 15:53:40 |
| FileDescription | |
| FileVersion | 1.3 |
| InternalName | TestProcedimientoW10.exe |
| LegalCopyright | |
| OriginalFilename | TestProcedimientoW10.exe |
| ProductVersion | 1.3 |
| Assembly Version | 1.3.0.0 |
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft |
| Suspicious | The PE is possibly a dropper. | Resources amount for 86.3847% of the executable. |
| Malicious | VirusTotal score: 15/67 (Scanned on 2021-11-24 18:14:41) |
CAT-QuickHeal:
Trojan.WacatacFC.S12096838
McAfee: RDN/Generic.dx Cybereason: malicious.fcbc97 Cyren: W32/MSIL_Kryptik.BWA.gen!Eldorado APEX: Malicious Paloalto: generic.ml McAfee-GW-Edition: RDN/Generic.dx FireEye: Generic.mg.a54dfacc1098735b Microsoft: Trojan:Win32/Zpevdo.B AhnLab-V3: Malware/Win32.RL_Generic.C3792642 Cylance: Unsafe TrendMicro-HouseCall: TROJ_GEN.R002H06IG21 SentinelOne: Static AI - Suspicious PE BitDefenderTheta: Gen:NN.ZemsilF.34294.Am0@a0NlRWk MaxSecure: Trojan.Malware.300983.susgen |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x80 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 3 |
| TimeDateStamp | 2021-Aug-05 15:53:40 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 11.0 |
| SizeOfCode | 0xde00 |
| SizeOfInitializedData | 0x5ae00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000FD4E (Section: .text) |
| BaseOfCode | 0x2000 |
| BaseOfData | 0x10000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x2000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x6e000 |
| SizeOfHeaders | 0x200 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rsrc
.reloc
Imports
| mscoree.dll |
_CorExeMain
|
|---|
Delayed Imports
2
3
4
5
6
7
32512
1
1 (#2)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.3.0.0 |
| ProductVersion | 1.3.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| FileDescription | |
| FileVersion (#2) | 1.3 |
| InternalName | TestProcedimientoW10.exe |
| LegalCopyright | |
| OriginalFilename | TestProcedimientoW10.exe |
| ProductVersion (#2) | 1.3 |
| Assembly Version | 1.3.0.0 |
| Resource LangID | UNKNOWN |
|---|