Manalyze report for bbbe0409204fdb9c417728a4a79e13b894ace90b7196de03eb20ea2c2b08f287

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2097-Feb-01 00:43:56
Debug artifacts	C:\Users\demax\source\repos\FRYBLX INSTALLER\FRYBLX INSTALLER\obj\Debug\FRYBLX INSTALLER.pdb
Comments
CompanyName
FileDescription	FRYBLX INSTALLER
FileVersion	`1.0.0.0`
InternalName	FRYBLX INSTALLER.exe
LegalCopyright	Copyright Â© 2026
LegalTrademarks
OriginalFilename	FRYBLX INSTALLER.exe
ProductName	FRYBLX INSTALLER
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Interesting strings found in the binary:	`Contains domain names: https://fryblx.dev https://www.fryblx.dev https://www.fryblx.dev/install/ccv https://www.fryblx.dev/install/v/`
Malicious	VirusTotal score: 10/72 (Scanned on 2026-04-11 19:01:22)	`AVG: Win32:MalwareX-gen [Drp]` `Avast: Win32:MalwareX-gen [Drp]` `CrowdStrike: win/malicious_confidence_70% (D)` `DeepInstinct: MALICIOUS` `Fortinet: PossibleThreat` `MaxSecure: Trojan.Malware.612479599.susgen` `McAfeeD: ti!BBBE0409204F` `Sangfor: Trojan.Win32.Agent.V3tq` `TrellixENS: Artemis!63CF3AC61611` `alibabacloud: Suspicious`

Hashes

MD5	`63cf3ac61611721c0a5bc37e8a50d4fc`
SHA1	`be0f619b251898037c86570a85988561c8d9ae2c`
SHA256	`bbbe0409204fdb9c417728a4a79e13b894ace90b7196de03eb20ea2c2b08f287`
SHA3	`e5be7c00a9feab35c7e2c45572a89e9cd65bec996c8a2e08c3b0faad3d06c68e`
SSDeep	`384:ydvCjlrYmKYqrrW0ZGSqTu+/Y2wq+KEPtLwSDkvwKwq6uanpgZxZptYcFSVc03K:YYq3GSq0LwoATtYcFSVc6K`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2097-Feb-01 00:43:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x4a00`
SizeOfInitializedData	`0x1400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000695A (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6094e1eeaac487b2324bf07ce7e55bad`
SHA1	`3bd8ab1f2c77b4888aabcb22b88fa4010dddbfe6`
SHA256	`24da14b83d012aa5bacc1832f9fb4378f4a315bff85546bcc2d166604a972a1d`
SHA3	`749577649154645878840e7369fd268d25b31017274a5d20666a48a1d8d7e0cb`
VirtualSize	`0x4960`
VirtualAddress	`0x2000`
SizeOfRawData	`0x4a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.7853`

.rsrc

MD5	`3809058e1aff5c0174624b3c819dfc08`
SHA1	`244a9aaf4c9d0869ddd9d0068091e56aab70c6e4`
SHA256	`a623ad7e132b579f6c85153af2c8f9457b7ea1c41ad2ce775bddbff663ea838a`
SHA3	`4c930d8c81e5ea3a54e5c3d816138c519d0096de90f8cc4cf2afccc439580852`
VirtualSize	`0x1150`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.01132`

.reloc

MD5	`47a31cc806d843354224bdcfd3885378`
SHA1	`ef78dc1a5cdee7f3f34c9c80d2962a08e6a57a11`
SHA256	`2578cb817dcae8e8994a8b8ac204f490958b1fe8459b4ab67fc70031f77ba47b`
SHA3	`744ae5db4e1a4bd270dff58e82f440580f6b4a4a2b5651983878930dc9261a5b`
VirtualSize	`0xc`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36055`
MD5	`416fce9162480dc2ee8e90e13f730c6f`
SHA1	`7c1fb2da4ece3b3facdf19808de14f8030ded8f5`
SHA256	`4c7a6151bdf38e52d4bed694f87902c413ec245f8d5e750a84bbb2d74853b7bb`
SHA3	`105d9923ee52748e1e8d805093b0f20955ced5a98415860f6b2e09cce151ee3e`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd4f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0261`
MD5	`7c2e8994801adc70eb5b1125bf988660`
SHA1	`b4e18ed345eea36106246472b7656fac4e3f26fb`
SHA256	`44f705d4035aca6816883007e5533d0dbf3b8e7dfca873d5a35e37609e09be92`
SHA3	`802fee27ae576f0531e9579fd89e0da29c510485566635c5f2e02778609f8b73`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	FRYBLX INSTALLER
FileVersion (#2)	1.0.0.0
InternalName	FRYBLX INSTALLER.exe
LegalCopyright	Copyright Â© 2026
LegalTrademarks
OriginalFilename	FRYBLX INSTALLER.exe
ProductName	FRYBLX INSTALLER
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2040-Dec-10 07:09:02
Version	`0.0`
SizeofData	`117`
AddressOfRawData	`0x6890`
PointerToRawData	`0x4a90`
Referenced File	C:\Users\demax\source\repos\FRYBLX INSTALLER\FRYBLX INSTALLER\obj\Debug\FRYBLX INSTALLER.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.