Manalyze report for ab619931ebf56ee0137548f18209f38b

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-Nov-19 16:33:57
FileDescription
FileVersion	`岞䂥뼼㋨땆`
InternalName	FiguredHarpsEastboundľ쪴머
LegalCopyright
OriginalFilename	FiguredHarpsEastbound짤盋⒄
ProductVersion	`㩐皋陯﹇귁`
Assembly Version	둚纷敵⋷譸炯

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: Exploit`
Info	The PE is digitally signed.	`Signer: 3 AM CHP` `Issuer: COMODO RSA Code Signing CA`
Malicious	VirusTotal score: 41/56 (Scanned on 2015-10-26 07:07:23)	`MicroWorld-eScan: Trojan.GenericKD.2473178` `nProtect: Trojan.GenericKD.2473178` `CAT-QuickHeal: Trojan.Generic.r3` `ALYac: Trojan.GenericKD.2473178` `Malwarebytes: Backdoor.Bot` `VIPRE: Trojan.Compcert.51415 (fs)` `K7GW: Trojan ( 004c52901 )` `K7AntiVirus: Trojan ( 004c52901 )` `Arcabit: Trojan.Generic.D25BCDA` `Agnitum: Trojan.Injector!J86jTSZh/X0` `Symantec: Trojan Horse` `ESET-NOD32: a variant of MSIL/Injector.KBO` `TrendMicro-HouseCall: TROJ_DRIDEX.TD105V` `Avast: MSIL:Agent-DBZ [Trj]` `Kaspersky: HEUR:Trojan.Win32.Generic` `BitDefender: Trojan.GenericKD.2473178` `NANO-Antivirus: Trojan.Win32.DridexDownloader.dsqmrq` `Tencent: Win32.Trojan.Inject.Auto` `Ad-Aware: Trojan.GenericKD.2473178` `Sophos: Troj/MSIL-DFI` `Comodo: UnclassifiedMalware` `F-Secure: Trojan.GenericKD.2473178` `DrWeb: Trojan.Dridex.125` `Zillya: Trojan.Injector.Win32.268639` `TrendMicro: TROJ_DRIDEX.TD105V` `McAfee-GW-Edition: RDN/Generic.dx!dtc` `Emsisoft: Trojan.MSIL.Injector (A)` `Cyren: W32/Trojan.ATXG-6820` `Avira: TR/DridexDownloader.A.82` `Antiy-AVL: Trojan/Win32.TSGeneric` `Microsoft: Trojan:Win32/Dynamer!ac` `AhnLab-V3: Trojan/Win32.Injector` `GData: Trojan.GenericKD.2473178` `McAfee: RDN/Generic.dx!dtc` `AVware: Trojan.Compcert.51415 (fs)` `Baidu-International: Trojan.MSIL.Injector.KBO` `Ikarus: Trojan.MSIL.Injector` `Fortinet: MSIL/Injector.KBO!tr` `AVG: MSIL8.XNR` `Panda: Trj/Chgt.O` `Qihoo-360: HEUR/QVM03.0.Malware.Gen`

Hashes

MD5	`ab619931ebf56ee0137548f18209f38b`
SHA1	`2c7b5007094e5f6e468bc6c8c0d9ab72339c2ad9`
SHA256	`c1e879ea756603d66a27c74d8297b78582d808de48d4e02608f3e57193542122`
SHA3	`7f816f0b05c18c7787dcd8e7e34ff46187298d5573ad3342542523a7ec701b78`
SSDeep	`3072:9CsOTRvtQrQfkPpGZ2RFqXViXovzsX6p8LNJ7eV67S+BkHtICPx/Wc8ItNMmKY/M:hNUfkPY2RZqa6soxhKY/sxZhk8td`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2007-Nov-19 16:33:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x37e00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00039D3E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x3a000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3e000`
SizeOfHeaders	`0x200`
Checksum	`0x429ba`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`62d409087b0ef634a75f66dab78bf234`
SHA1	`428073d642a056c20d88bb91942e2deb507baa17`
SHA256	`a0e05fd3191bc6ed8aad0bf07e31de0ea1d7c710df69168cf13f7fa2c8e2590f`
SHA3	`9e07d8d87db1832b09936507806bfb39d9b8ce086c82ee492295d935cb265dbf`
VirtualSize	`0x37d44`
VirtualAddress	`0x2000`
SizeOfRawData	`0x37e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.44327`

.rsrc

MD5	`df29f960bfe12339ecc067297dbf1f82`
SHA1	`39a5ef24b9da9a6da6c478882d27f8c49adaedc0`
SHA256	`15a7b9034db09493b247f2e74391726902f6bf257dc5027037a9d1ff626f67d5`
SHA3	`8c49f850850e77e8c6256e167d5344b5dcd4978e2ef36823e7f297d82ef04ed3`
VirtualSize	`0xb69`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x600`
PointerToRawData	`0x38000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.17261`

.reloc

MD5	`4ce4d2ceff95ef086d6d451525ca3cc9`
SHA1	`f18ee2c08bd97517cdff34e1077c2c989d2fd8a8`
SHA256	`2eb81d9f23f11fcf8266df62ca5f62ff25395f715671c5e0ca92a0a20fba673f`
SHA3	`6e18b05819f3fdd961b76f42204b14f03680c7228c31d75e71328b8b7501fa79`
VirtualSize	`0xc`
VirtualAddress	`0x3c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x38600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x27c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.00141`
MD5	`61e0183f2e60c3b21f22b6eab66404cf`
SHA1	`254990946256a28fc5a2fa5e71bb5bc394cd89a1`
SHA256	`6f29e312f245447ec63dc8891f7dc1fe0a05c7214eeae4127fe1e4c96b12ca44`
SHA3	`d991f0e556c229d6b0613239ece0c1b326dd1250753a7a7177640e4a7339d737`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00437`
MD5	`04dd6a74f608ded352f3e6dfe04cbdba`
SHA1	`256144719530e172cb56503b5c351ccc99fa2567`
SHA256	`dd2786c9d9bd0925b931b2334367ecf9e6793d4ae460dd1385ca98688f8a47d5`
SHA3	`3857721d72f43cc6d933956ffac591adea1e8dfbde749f44ef9d3ce53ad42b31`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	岞䂥뼼㋨땆
InternalName	FiguredHarpsEastboundľ쪴머
LegalCopyright
OriginalFilename	FiguredHarpsEastbound짤盋⒄
ProductVersion (#2)	㩐皋陯﹇귁
Assembly Version	둚纷敵⋷譸炯

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

ab619931ebf56ee0137548f18209f38b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors