Manalyze report for bbfc5c83239c1360b3a6bc855f801eca

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Mar-22 12:23:16
CompanyName	Zanoza Software LLC
FileDescription	ZModeler3
FileVersion	`1.0.0.1231`
InternalName	ZModeler3.exe
LegalCopyright	Copyright © 2002-2023
OriginalFilename	ZModeler3.exe
ProductName	ZModeler
ProductVersion	`1.0.0.1231`
Assembly Version	1.0.0.1231

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Malicious	VirusTotal score: 54/72 (Scanned on 2024-06-06 15:56:53)	`ALYac: Gen:Variant.Jalapeno.10718` `APEX: Malicious` `AVG: Win32:RATX-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.C5604394` `Alibaba: Trojan:MSIL/Generic.c5f3c213` `Antiy-AVL: Trojan[Dropper]/MSIL.Agent` `Arcabit: Trojan.Jalapeno.D29DE` `Avast: Win32:RATX-gen [Trj]` `Avira: TR/Dropper.Gen2` `BitDefender: Gen:Variant.Jalapeno.10718` `BitDefenderTheta: Gen:NN.ZemsilF.36806.@p0@amytOZg` `Bkav: W32.AIDetectMalware.CS` `Cybereason: malicious.3239c1` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.Siggen28.47342` `ESET-NOD32: a variant of MSIL/TrojanDropper.Agent.FZX` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Jalapeno.10718 (B)` `F-Secure: Trojan.TR/Dropper.Gen2` `FireEye: Generic.mg.bbfc5c83239c1360` `Fortinet: Adware/Agent` `GData: Gen:Variant.Jalapeno.10718` `Ikarus: Trojan.MSIL.Agent` `Jiangmin: Trojan.MSIL.aozue` `K7AntiVirus: Trojan ( 005af2fa1 )` `K7GW: Trojan ( 005af2fa1 )` `Kaspersky: HEUR:Trojan.MSIL.PowerShell.gen` `Lionic: Trojan.Win32.PowerShell.4!c` `MAX: malware (ai score=81)` `Malwarebytes: Malware.AI.4274042924` `MaxSecure: Trojan.Malware.74168641.susgen` `McAfee: Artemis!BBFC5C83239C` `McAfeeD: ti!F822CAB6AB88` `MicroWorld-eScan: Gen:Variant.Jalapeno.10718` `Microsoft: Trojan:Win64/Reflo.HNS!MTB` `Paloalto: generic.ml` `Panda: Trj/Chgt.AD` `Rising: Malware.Obfus/MSIL@AI.85 (RDM.MSIL2:TythOFQqDk7DSW7qVpbJpg)` `Sangfor: Dropper.Msil.Agent.Vh03` `SentinelOne: Static AI - Malicious PE` `Skyhigh: Artemis` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.14066a52` `Trapmine: malicious.high.ml.score` `TrendMicro: TROJ_GEN.R002C0XCN24` `TrendMicro-HouseCall: TROJ_GEN.R002C0XCN24` `VIPRE: Gen:Variant.Jalapeno.10718` `Varist: W32/ABTrojan.JQUI-8500` `Webroot: W32.Trojan.TR.Dropper.Gen2` `Zillya: Dropper.Agent.Win32.578576` `ZoneAlarm: HEUR:Trojan.MSIL.PowerShell.gen` `alibabacloud: Trojan[dropper]:MSIL/PowerShell.gen`

Hashes

MD5	`bbfc5c83239c1360b3a6bc855f801eca`
SHA1	`02a59bb46d68b7d2088ae6026ba89729e5248340`
SHA256	`f822cab6ab8854eb6fbcae0ae99a85d079589d478697b6168afac3c19ff78a84`
SHA3	`257bda7679da52d3b66fefaa4b17f50a44ca20887c37c460f922a1163ad1869d`
SSDeep	`98304:6mV2bhCSK0yJqzZGq7DE2yJNoOGMWRUUbMeKRZ/QB44KOfsQIoYi9CxUW:61tCSK0HzJ7D6foOGMWRUUPK//QBPfx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2024-Mar-22 12:23:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x4e0800`
SizeOfInitializedData	`0x4c600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x004E2731 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x4e4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x534000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`73b859dc3073634c4fc91fb475d41206`
SHA1	`3aff2ad15e52e3acaa42c1f43f24a2db8d4e2891`
SHA256	`09ffc3a51dbbeff2aeb9170fbaa86b0f3f55901b6103155458b6393fbbdb7532`
SHA3	`437ad96f40502611f873b2fa078c4580cf13af36d5ef9caa077ed1924f304f13`
VirtualSize	`0x4e0737`
VirtualAddress	`0x2000`
SizeOfRawData	`0x4e0800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99378`

.rsrc

MD5	`449c0b7134c0070096e32157ab86df26`
SHA1	`6724fa932e4e8e42dfd67eb6b60c7ebdd9879c50`
SHA256	`cf40b028e4384a5a419a1e7e18aee4c1a1d0b60b5b71b871592bc50ef4f47f01`
SHA3	`74090b9142a31290f5d6bf36aaee4f9c0a6ca66621ad38aa5fa64bdd2bd6e92f`
VirtualSize	`0x4c36e`
VirtualAddress	`0x4e4000`
SizeOfRawData	`0x4c400`
PointerToRawData	`0x4e0a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.21896`

.reloc

MD5	`3c854a1f82697a737fe96b9e0aaa1577`
SHA1	`7b58239b07c9d82d48bb54fa84fead9a5a8c5ede`
SHA256	`607ebfa3bb66bbf78ca8b2584b1490ed943e5156d42d861df31e571610e98c9b`
SHA3	`ccd53026c20ccd5c6b127dee85bd17e22c8b60a429e440fd23b138c11dcc7007`
VirtualSize	`0xc`
VirtualAddress	`0x532000`
SizeOfRawData	`0x200`
PointerToRawData	`0x52ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15456`
MD5	`32afe61d371229349273121e793f981c`
SHA1	`a46a48034c099ea5995174293767d1f6bd062eea`
SHA256	`716a234e09cc9692a70101987eaa97871309c0db02cc093ae5c7b3541c04c6ba`
SHA3	`63784b4b89acb7222d2e2dd29241b20908c4fde649a442ed7632ff9b11314504`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99749`
MD5	`fbef9001045a90a9048c02441bf5d229`
SHA1	`37c1b4afafa72f29722b420146cdcb9800d1a10b`
SHA256	`31f5877d135b5931da03cf5b11981c24696cbac4cfb13e07af7dc670b3bb59a1`
SHA3	`504d5f9a923f6b985b6fcda19c599e200c62a27ea8454df9bffceb19ebeb7dcd`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.81047`
MD5	`b5569d42cd4451d7cf8ae766bc95d791`
SHA1	`059fb5d5fa3a0fafb21820256bf7cddeddaad0d6`
SHA256	`0390219a271d86b17607e02f255ebb13f72bf162c6e3317a11341badae8e2f96`
SHA3	`5fceb0bb2995f1f514076b57a551fb54ae2a46c526a17a5d824d5a70dc61af71`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.5634`
MD5	`c2a4d355be7485547908b912082109a4`
SHA1	`19eb61fa24c34a49972d52eadde80a83bbf568b8`
SHA256	`17886dd9eeb6988cd0aa07c165129eec73cb1fdd208dae2513073aa5c8f6f798`
SHA3	`2349db31cf87020f11296c08910a9d4962ee82e88aeefc60f1f278c3751d076c`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.39092`
MD5	`f0a96cb3b541a2ae442aba5d71ed7bfa`
SHA1	`3be7c8f0787d11d968b2abd48b10e3507fff4547`
SHA256	`50320d0da66937b01a4d64fbf35bf4fc4513123a033b605a58978d30aae8fd56`
SHA3	`61290a7b7c463c472d7a956065919f047846902dd5a744c20e31471acb08edc1`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1209`
MD5	`788c62a139d18ac8e88aa5f0e0622133`
SHA1	`5dcb0835924ed1044215e211c45373f4b9f5997f`
SHA256	`daac9db38a53dba70093a60c808c6614a9b980e915ea90e13e44f2f383acb863`
SHA3	`70a3146b122e9510761a08cc19aaf3c48528e78e86aeb0cfe69dc055fbe6de3b`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.47458`
MD5	`14787b2a0bfed0b42b1c43aeea845f06`
SHA1	`6abd0c5bb5c5733213c1f70b9ae4b188b22d700f`
SHA256	`96d24b9d01aaa54421291e222ec29d88bb50a7df51fd4fed321fee6ee453764d`
SHA3	`374de58af24d6c9f418cc0a5c358d470c6ebfe489f51710a06b9a17949f5e9fa`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93419`
MD5	`1b0acc3cb5b61f1e697811b0900ed51c`
SHA1	`3da91fada99a4ec5aa1d53ed39fe1ddf1063cbae`
SHA256	`09934eb6ed4c4dd5650877593aafa92fc3869dc47e0f20bfd1cb6d98b7f88dde`
SHA3	`00341110902187e08ac2d40a8b0b332d4d1035f9e86e380b13dda98174cbe8ee`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.66319`
MD5	`bd607c49b1cca51fc1364f5549149f5a`
SHA1	`4701aeb551508e676b744250e91f56f0f4e87b71`
SHA256	`8ed523e44aa42d482e34fc2280862f52c9df6879a1b8e34d0cd4c482b8ddb23a`
SHA3	`2c48c25ca990fb52b22641840f5b019182de0c55faea319abba929261e998a37`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.3918`
Detected Filetype	Icon file
MD5	`2f017a672ec3b96f022691c3669cb4ba`
SHA1	`cfe7e61fb9b6f702e5ba97acf367a45282cbdf31`
SHA256	`2bfd0ba04002d7be8fd94af336b58294e5b0e79f4c7bc3d8b62f5894a9e53845`
SHA3	`b3e14b91e3a25d39de2d369e54f750c264c2d3b495b994b7d1c01b8b7d40c9e3`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x318`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39104`
MD5	`7b2834810c903d6307fdbf532ddffcc5`
SHA1	`52c9c3fec8703c4052d4c2effa164546c058a039`
SHA256	`9ddc3315b8b9dffc186941c21d8a2cf98f926efdeda73c521bd3f85152c992e3`
SHA3	`579dbf2e1d474b4487936424bdad089795e86b523608eef9d83fa2e80cc8f8d0`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1231
ProductVersion	1.0.0.1231
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Zanoza Software LLC
FileDescription	ZModeler3
FileVersion (#2)	1.0.0.1231
InternalName	ZModeler3.exe
LegalCopyright	Copyright © 2002-2023
OriginalFilename	ZModeler3.exe
ProductName	ZModeler
ProductVersion (#2)	1.0.0.1231
Assembly Version	1.0.0.1231

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

bbfc5c83239c1360b3a6bc855f801eca

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

1 (#2)

1 (#3)

1 (#4)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors