Manalyze report for befd43899d3fd6441ae166811caf6c71c5f28cded92b567562b5186d942e6cd2

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Mar-12 16:16:39
Comments
CompanyName	AU88
FileDescription	Official premium betting and entertainment platform. Offering sports betting, live casino, slot games, lottery, and exclusive VIP rewards. Fast payout, high odds, secure transactions, and professional customer service. The ultimate destination for serious players.
FileVersion	`4.1.8.2`
InternalName	au88elite
LegalCopyright	Â© 2026 AU88 Elite Entertainment
LegalTrademarks	AU88â¢
OriginalFilename	au88elite
ProductName	AU88 Elite
ProductVersion	`4.1.8.2`
Assembly Version	4.1.8.2

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `May have dropper capabilities: CurrentVersion\Run` `Accesses the WMI: root\Security` `Contains domain names: api.ipify.org https://api.ipify.org https://api.ipify.org/ https://ipwho.is https://stackoverflow.com ipify.org stackoverflow.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to RC5 or RC6` `Uses constants related to Twofish` `Uses constants related to TEA`
Malicious	VirusTotal score: 50/63 (Scanned on 2026-05-13 14:00:16)	`ALYac: Gen:Variant.Application.fca.3927` `APEX: Malicious` `AhnLab-V3: Backdoor/Win32.QuasarRAT.R341693` `Alibaba: Backdoor:MSIL/Quasar.2fed8328` `Antiy-AVL: Trojan/MSIL.Quasar` `Arcabit: Trojan.Application.fca.DF57` `Avira: TR/Quasar.A` `BitDefender: Gen:Variant.Application.fca.3927` `Bkav: W32.Malware.33F0574A` `CAT-QuickHeal: Trojan.Generic.TRFH927` `CTX: exe.unknown.generic` `ClamAV: Win.Malware.Generic-9883083-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: BackDoor.Quasar.299` `ESET-NOD32: MSIL/Agent.CLQ trojan` `Elastic: Windows.Generic.Threat` `Emsisoft: Gen:Variant.Application.fca.3927 (B)` `F-Secure: Trojan.TR/Quasar.A` `Fortinet: MSIL/Agent.BPH!tr` `GData: MSIL.Backdoor.Quasar.A` `Google: Detected` `Gridinsoft: Trojan.Win32.Agent.sa` `Ikarus: Trojan-Spy.Agent` `Jiangmin: Trojan.MSIL.aogzw` `K7AntiVirus: Trojan ( 005b1c021 )` `K7GW: Trojan ( 005b1c021 )` `Kaspersky: HEUR:Trojan.MSIL.Quasar.gen` `Kingsoft: MSIL.Trojan.Quasar.gen` `Lionic: Trojan.Win32.Quasar.4!c` `Malwarebytes: Backdoor.Quasar` `McAfeeD: Trojan:Win/QuasarRAT.AA` `MicroWorld-eScan: Gen:Variant.Application.fca.3927` `Microsoft: Backdoor:MSIL/Quasar!atmn` `NANO-Antivirus: Trojan.Win32.Quasar.lelzaq` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: Backdoor.Quasar!1.E5F1 (CLASSIC)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Troj/Quasar-AF` `Tencent: Backdoor.Msil.Quasar.16001301` `VBA32: Trojan.MSIL.Quasar.Heur` `VIPRE: Gen:Variant.Application.fca.3927` `Varist: W32/MSIL_Troj.BTX.gen!Eldorado` `VirIT: Trojan.Win32.MSIL_Heur.B` `ZoneAlarm: Troj/Quasar-AF` `alibabacloud: Backdoor:MSIL/Quasar.server` `huorong: Trojan/MSIL.Obfuscated.g!crit`

Hashes

MD5	`93d3e455557f8b3cf1af9f8c020317e2`
SHA1	`27da24185729764e435884cd2fc99a0b2ea041be`
SHA256	`befd43899d3fd6441ae166811caf6c71c5f28cded92b567562b5186d942e6cd2`
SHA3	`065d8f38c5210f3e23c12e740b9d5083593daee6a563bfd80843423ed0f3c6be`
SSDeep	`49152:dvn+j2teai5mmP3lhsFQawoSgGsYRJ6WbR3LoGdMTHHB72eh2NT:dv+j2teai5mmP3lhsFhwoSgGsYRJ6Q`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2023-Mar-12 16:16:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x31c800`
SizeOfInitializedData	`0x29800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0031E65E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x34c000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fb33a9dcc85cb1963944be7be8778b17`
SHA1	`b35d955af5230c77a877a72ca3e007b02edc8c74`
SHA256	`179cc0a42ce99b790b6abfc8386c5d3dfb9439b9794c8333fd2e3611a9f92ed0`
SHA3	`cfdf5d8040ad288f14d1217f45992800146537d9deb61ebfcfa4f09a222924a0`
VirtualSize	`0x31c664`
VirtualAddress	`0x2000`
SizeOfRawData	`0x31c800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.08482`

.rsrc

MD5	`955a81b355c73e42500c055bdc56c0b2`
SHA1	`09bf0315ff82d91c08c5be8990050807b0479006`
SHA256	`fb12651a72c1b9c468fea66f7c7e5ada76ff46d616da18074e9693933b380e28`
SHA3	`ac86c5a007bb1cacb36df6c9904642c8abfa1e7871d5915f376650413a3c00de`
VirtualSize	`0x29460`
VirtualAddress	`0x320000`
SizeOfRawData	`0x29600`
PointerToRawData	`0x31ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.51348`

.reloc

MD5	`560a49ce9f8bb4cf792e6e36c5ea702d`
SHA1	`aa5593ac7bd9fdb800c1fa21e966f4e74a5ac66c`
SHA256	`daab7bcca9b4f1d6735b6a7dcbaba9f2a4e58ba8f0e75a7b93a3e15963aa13e1`
SHA3	`dc5f566c8cf15bd2f67c86ece234f2b7db0bc2024ae0627cabaeae789852e80b`
VirtualSize	`0xc`
VirtualAddress	`0x34a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x346000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x28708`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37581`
MD5	`047f7e154fcee664d3ec17501fc99d91`
SHA1	`0450484a73ee14b7c06c70107e431e0f05b160c3`
SHA256	`16eb46432e53114bf9d7c5e972f1ae16d5862e0284f41ab6c3da94d78bcbb118`
SHA3	`b6cfd13fc04155506120ae0c38c4348e73b4e22a63a7d35aa23d85c421b3474b`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`8843e66f24cc9df5b97712f9231fd0db`
SHA1	`ac8daed60471710470aac8d79e0f23ba57d7c14c`
SHA256	`a27cf103bca72926047a6625fb69704e41e59738ff7b2c91854cacc2f9f4585a`
SHA3	`8fecfb6c7f9f9f5630169db0d8f2a40e3e11f83b90efd3fead24290c5a9bac31`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x53c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42155`
MD5	`8ab75f560644565bf698cae09c1d6241`
SHA1	`a7137c1e1b23ac15626c594547204eb528b718f0`
SHA256	`8ece5ea9652b1f8b063eeedd69534512e33868586cf14d006bd68f6ea5620f8d`
SHA3	`1682888a72ed63f0204c91a0f7f913f3a1768fd27596252c5fc2402759c68088`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6d7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.18029`
MD5	`ef224e384450bd3a0c3dc30e1fea01a8`
SHA1	`324739f2b1686d940bb3e241087e79c0fdc09381`
SHA256	`1896060246fc6b09837baf64f2b9888be8b6cb85e9840edf6e616a28da057250`
SHA3	`513da03328753cbf47106623ac5ad3711cd6061f7a71e1e793f52eff21ac9f59`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.1.8.2
ProductVersion	4.1.8.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	AU88
FileDescription	Official premium betting and entertainment platform. Offering sports betting, live casino, slot games, lottery, and exclusive VIP rewards. Fast payout, high odds, secure transactions, and professional customer service. The ultimate destination for serious players.
FileVersion (#2)	4.1.8.2
InternalName	au88elite
LegalCopyright	Â© 2026 AU88 Elite Entertainment
LegalTrademarks	AU88â¢
OriginalFilename	au88elite
ProductName	AU88 Elite
ProductVersion (#2)	4.1.8.2
Assembly Version	4.1.8.2

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.