Manalyze report for bac51303cd3e8ad9c5dec6a61792096f

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Mar-04 19:47:44
Debug artifacts	C:\Users\pecin\Source\Repos\PKMN-NTR\PKMN-NTR\obj\Release\PKMN-NTR.pdb
Comments	A on-the-air Pokémon memory editing/reading program with bots for Nintendo 3DS.
CompanyName
FileDescription	PKMN-NTR
FileVersion	`3.6.6637.24831`
InternalName	PKMN-NTR.exe
LegalCopyright	Copyright © 2016-2018
LegalTrademarks
OriginalFilename	PKMN-NTR.exe
ProductName	PKMN-NTR
ProductVersion	`3.6-beta3`
Assembly Version	3.6.6637.24831

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: QeMU qeMu` `Miscellaneous malware strings: cmd.exe` `Contains domain names: costura.system.net http://smea.mtheall.com http://smea.mtheall.com/get_payload.php?version mtheall.com paint.net smea.mtheall.com system.net`
Malicious	VirusTotal score: 38/71 (Scanned on 2020-12-17 13:42:49)	`Lionic: Trojan.Win32.Crypt.4!c` `MicroWorld-eScan: Trojan.Generic.23016260` `McAfee: Artemis!BAC51303CD3E` `Cylance: Unsafe` `BitDefender: Trojan.Generic.23016260` `K7GW: Trojan ( 0053d2d91 )` `K7AntiVirus: Trojan ( 0053d2d91 )` `Symantec: ML.Attribute.HighConfidence` `Avast: Win32:Malware-gen` `Kaspersky: Trojan.MSIL.Crypt.ghil` `Alibaba: Trojan:MSIL/SuspectCRC.8d7d0a69` `NANO-Antivirus: Trojan.Win32.Crypt.ffgvoe` `Ad-Aware: Trojan.Generic.23016260` `Emsisoft: Trojan.Generic.23016260 (B)` `Zillya: Trojan.Crypt.Win32.42567` `McAfee-GW-Edition: Artemis!Trojan` `FireEye: Trojan.Generic.23016260` `Sophos: Mal/Generic-S` `GData: Trojan.Generic.23016260` `Jiangmin: Trojan.MSIL.isue` `Webroot: W32.Trojan.Msil.Crypt.Ghil` `MAX: malware (ai score=81)` `Antiy-AVL: Trojan/MSIL.Crypt` `Kingsoft: Win32.Troj.Generic_a.a.(kcloud)` `Arcabit: Trojan.Generic.D15F3344` `ZoneAlarm: Trojan.MSIL.Crypt.ghil` `Microsoft: Trojan:Win32/Occamy.C30` `ALYac: Trojan.Generic.23016260` `Panda: Trj/GdSda.A` `ESET-NOD32: a variant of Generik.BQODYLD` `Tencent: Msil.Trojan.Crypt.Pitp` `Yandex: Trojan.Crypt!SDf5xCxi3+0` `Ikarus: Trojan.SuspectCRC` `Fortinet: W32/Crypt.GHIL!tr` `AVG: Win32:Malware-gen` `Cybereason: malicious.3cd3e8` `Paloalto: generic.ml` `Qihoo-360: Win32/Trojan.431`

Hashes

MD5	`bac51303cd3e8ad9c5dec6a61792096f`
SHA1	`e9d597ebc824c6775fe4bf11b5bcb094cf4e09e5`
SHA256	`3051328ee91b9d3bfacfa0a55b9691c7a2dfb175d8d6660681bf7f9591df9258`
SHA3	`27b8880cb382b963c9011dbca9992abd57aa2a2c1f2bb9101427b14be9fc5669`
SSDeep	`196608:T/ZZZZZgJZZZZZqmJnM1DC0uAXJNqXYZmF6kZ7KD4uwB23SUctCx:TsJ7qJIzF687KEuwBlo`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-Mar-04 19:47:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0xe12a00`
SizeOfInitializedData	`0x3ea00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00E1492E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xe58000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e75e1a3708c5a468a64a96b51160d2df`
SHA1	`213dbcb890397c32f562e3d794b45a1982035ee0`
SHA256	`2eaec190c31f58ee54429951a690c5c94aed668b301ee457424e14f19fc035c1`
SHA3	`3876c4b2b1e3ff4ad29763b2a922602b2dcef5fae02d01059eab0416fc5e725f`
VirtualSize	`0xe12934`
VirtualAddress	`0x2000`
SizeOfRawData	`0xe12a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.30233`

.rsrc

MD5	`08b017f658671ef812ed95875cb4e06b`
SHA1	`9d2033abc00c45ae76af894bb01e6e0042e3acce`
SHA256	`9015b30469bdf3c8c0486311f23afbd100ee1967e6c28296e55ced24c7e5d3bb`
SHA3	`596d6a29392d3b18e769c255d1df1bed3e6c611301410919cfc3060803728e3b`
VirtualSize	`0x3e6cc`
VirtualAddress	`0xe16000`
SizeOfRawData	`0x3e800`
PointerToRawData	`0xe12c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.35565`

.reloc

MD5	`e50177585ba8bd0de96ded3ab969d067`
SHA1	`5afb1efc4d222130493745fc09062b705eea8596`
SHA256	`5330c968da6542e87117c65398ff91b8ebe357908f3f9464439e1cc1ef9cb15a`
SHA3	`dd0e6dd63e9acbead5ab555e2c6284e25ebf19e430ce91692f958d1da70353b7`
VirtualSize	`0xc`
VirtualAddress	`0xe56000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe51400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1deb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96788`
Detected Filetype	PNG graphic file
MD5	`89cd0a90a785078707cb32b68aefd6c0`
SHA1	`bbfd31e973e3fc3bc4dd0e9358753fc783b7d635`
SHA256	`b1eff488e92628ee1cbaefb37cc0f8ef92f72237384ea1058b824fab669f7faf`
SHA3	`34c7bea24f6443eaf1120cf5376ebe433a223c5903487013d251d6757f821eb9`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xbcde`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97921`
Detected Filetype	PNG graphic file
MD5	`3240c9b9d64ea32a98244fecb849e232`
SHA1	`c9dc0ac8cd9ca306fad13fc5e5496131abea3445`
SHA256	`1ea3dc00519b2f3d1d4afeef5ef1fe7a974e8ca47997c9d8461e7c7bdcfd5704`
SHA3	`774363cda323f114c9a8dee90f2c1875bdf7d73bc452344fe94478a01c7b9463`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.08996`
MD5	`2d14ef3241da7b3b47d31187bf38d86f`
SHA1	`59f13261a6a9461937e7b441a0ebeedb04c33c70`
SHA256	`b797924859a15f9d0e7f5ed94aa5384f87137d2c67eb057dfa319a703f136d4a`
SHA3	`b7b53755a6afc65b22d6de1333202004422eb8cb76d4f4ad08df7be9c1e1058b`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.20338`
MD5	`b91944bd6b916e5a23835c69ef17c525`
SHA1	`a9c857b88510c32d76aecaef4e209dda8de2363d`
SHA256	`401940c7558283b9978026be1fc5437f308ec370a60626390379dd4a94fb824e`
SHA3	`1675456067d6076249da387536ed1a80f2ca53a3469ed9b19f4b7ef71390f2e8`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.74501`
MD5	`45b1a6c7232216381a4364e5f6916bb9`
SHA1	`ee7e9ca32f8071992ca4aa17fec9a5d23bc1a6a6`
SHA256	`7870ec45f9d2cb6023bbe51d28863456d552875635dc39d29ae93edd681b4c4f`
SHA3	`0f17b82f7174dc2b94003873798248d82bdc5424c2ae3b15dc21875a00f7b3aa`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.80465`
MD5	`6ed400743f750933a00c8ea7bc16af53`
SHA1	`ac5f8547f5d65caec1bc9cb78a71589ac6c22f69`
SHA256	`e694c021cb6da6f10e485beab29f5c880fc1085e2ff1f620526b1f60afd9e10e`
SHA3	`ce047e2601d4ffed986d42291640c5ae53e01249ee073a71b307920b9e10fe2b`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.69127`
Detected Filetype	Icon file
MD5	`db9973700e01073a1f0c15b371ef6acf`
SHA1	`b579fe41f1a74f5a956a1d106447af76ae1ea049`
SHA256	`c3ac7403d88570c77c7ff2cb2fb903989fd6d35d9623a0a13400823d0fa94be7`
SHA3	`2ccef130c7f2189ff36da11bf57a50248c3ed26ec4210b7de755d52a86ba9deb`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49515`
MD5	`a9b6470408aea6a7dfd85fdb80c21715`
SHA1	`b0bfd835ad57c7e7d44a937ba37ff4c1b2aa2638`
SHA256	`69b6a2a42c4fd3a0ecbda3041f785d7a543df4677b6ee85719f7e1f89efbd892`
SHA3	`6defecc4abce3ba76a6d1f37af4adf92b1d643d25cae6f12ecd347c60bf9e646`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.6.6637.24831
ProductVersion	3.6.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	A on-the-air Pokémon memory editing/reading program with bots for Nintendo 3DS.
CompanyName
FileDescription	PKMN-NTR
FileVersion (#2)	3.6.6637.24831
InternalName	PKMN-NTR.exe
LegalCopyright	Copyright © 2016-2018
LegalTrademarks
OriginalFilename	PKMN-NTR.exe
ProductName	PKMN-NTR
ProductVersion (#2)	3.6-beta3
Assembly Version	3.6.6637.24831

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Mar-04 19:47:44
Version	`0.0`
SizeofData	`95`
AddressOfRawData	`0xe14878`
PointerToRawData	`0xe12a78`
Referenced File	C:\Users\pecin\Source\Repos\PKMN-NTR\PKMN-NTR\obj\Release\PKMN-NTR.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Yara error: ERROR_TOO_MANY_MATCHES