Manalyze report for c113951b89e83575465b8cb2412ca864f8a393c74e1e131ef3f3154173cc1284

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jul-21 14:30:58
FileVersion	`13.905.8.57580`
ProductVersion	`13.905.8.57580`
Comments	Web Companion protects you against malicious websites and dangerous links found online
CompanyName	Lavasoft
FileDescription	Web Companion
InternalName	WebCompanion.exe
LegalCopyright	Â© Lavasoft Limited. All Rights Reserved.
LegalTrademarks	(R) Lavasoft
OriginalFilename	WebCompanion.exe
ProductName	Web Companion
Assembly Version	13.905.8.57580

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: Localization.Resource.de Localization.Resource.es Localization.Resource.fr Localization.Resource.it Localization.Resource.ru Resource.de Resource.es Resource.fr Resource.it Resource.ru WCInstaller.Localization.Resource.de WCInstaller.Localization.Resource.es WCInstaller.Localization.Resource.fr WCInstaller.Localization.Resource.it WCInstaller.Localization.Resource.ru WCInstaller.de WCInstaller.es WCInstaller.fr WCInstaller.it WCInstaller.ru adobe.com cloudflow.lavasoft.net flow.lavasoft.com flwadw.com http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://schemas.microsoft.com http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://staging-cloudflow.lavasoft.net http://staging-cloudflow.lavasoft.net/v1/event-stat http://staging-cloudflow.lavasoft.net/v1/event-stat-wc http://tempuri.org http://wc-update-service.lavasoft.com http://wc-update-service.lavasoft.com/components.asmx http://wc-update-service.lavasoft.com/update.asmx http://wcdownloadercdn.lavasoft.com http://wcdownloadercdn.lavasoft.com/13.905.8.57580/WebCompanion-13.905.8.57580-prod.zip http://wcdownloadercdn.lavasoft.com/13.905.8.57580/webinstaller-13.905.8.57580-prod.zip http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://flow.lavasoft.com https://flow.lavasoft.com/v1/event-stat https://flwadw.com https://rt.webcompanion.com https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip https://staging-webcompanion.lavasoft.net https://staging-webcompanion.lavasoft.net/dci/4.0.0.14/Webprotection.zip https://wcdownloader-qa.lavasoft.com https://wcdownloader-qa.lavasoft.com/13.905.8.57580/WCInstaller.exe https://wcdownloader-qa.lavasoft.com/13.905.8.57580/WebCompanion-13.905.8.57580-internal.zip https://wcdownloader-qa.lavasoft.com/13.905.8.57580/webinstaller-13.905.8.57580-internal.zip https://wcdownloadercdn.lavasoft.com https://wcdownloadercdn.lavasoft.com/13.905.8.57580/WCInstaller.exe lavasoft.com lavasoft.net microsoft.com ns.adobe.com qa.lavasoft.com rt.webcompanion.com schemas.microsoft.com service.lavasoft.com staging-cloudflow.lavasoft.net staging-webcompanion.lavasoft.net tempuri.org update-service.lavasoft.com wc-update-service.lavasoft.com wcdownloader-qa.lavasoft.com wcdownloadercdn.lavasoft.com webcompanion.com webcompanion.lavasoft.net www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Info	The PE is digitally signed.	`Signer: 7270356 Canada Inc.` `Issuer: Entrust Extended Validation Code Signing CA - EVCS2`
Malicious	VirusTotal score: 18/71 (Scanned on 2026-03-12 09:11:50)	`Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.Ghanarava.177327040884c169` `CTX: exe.trojan.webcompanion` `DeepInstinct: MALICIOUS` `DrWeb: Program.Unwanted.5536` `ESET-NOD32: MSIL/WebCompanion.C potentially unwanted application` `Gridinsoft: PUP.Win32.WebCompanion.oa!s1` `K7AntiVirus: Unwanted-Program ( 005cf1b21 )` `K7GW: Unwanted-Program ( 005cf1b21 )` `Malwarebytes: PUP.Optional.WebCompanion` `MaxSecure: Trojan.Malware.300983.susgen` `Paloalto: generic.ml` `Skyhigh: WebCompanion` `Sophos: Generic Reputation PUA (PUA)` `Trapmine: suspicious.low.ml.score` `TrellixENS: WebCompanion` `VBA32: TScope.Trojan.MSIL` `alibabacloud: Trojan:MSIL/WebCompanion.C`

Hashes

MD5	`56b3b6fb098e55a47c9d6de55584c169`
SHA1	`1db31f995fc636de141f46ad8e32e913b7579644`
SHA256	`c113951b89e83575465b8cb2412ca864f8a393c74e1e131ef3f3154173cc1284`
SHA3	`107ca853b3e35733cc6b05504c6055d826773ba065f430dbbf01c65cea17f829`
SSDeep	`12288:fdQZXyI+485gE1j0F11pY+9iakm3VX7dlCM:fdMM5Cv1phiaks77CM`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2025-Jul-21 14:30:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xae400`
SizeOfInitializedData	`0x6e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000B02BA (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xb2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xbc000`
SizeOfHeaders	`0x200`
Checksum	`0xc5da8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1c693311f2d802ec681729d70397a8a7`
SHA1	`caeab3a7e44a3b12441d5fa753ec1d386f357b0f`
SHA256	`0805828308932d18481d1a13b32c35c18a11ed282c52a6df1dbbb9ce055c45c3`
SHA3	`743e6d5ba30cc310b35c0c051466775032f57a0cdcf32f54558037de77099044`
VirtualSize	`0xae2c0`
VirtualAddress	`0x2000`
SizeOfRawData	`0xae400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.20845`

.rsrc

MD5	`d799b391796303e621b2595da97c8965`
SHA1	`f3df41ea69b09700f2886ac95723bbff3793b179`
SHA256	`e82a855c6f906e13b5680a6a7dfe8dd4af9a0640fb647b1fd5a4246ba6bfb1ac`
SHA3	`0eee2ed80081019ecc4620d92243bd669c3775fdfdd288053b776c6cb324f3f3`
VirtualSize	`0x6a44`
VirtualAddress	`0xb2000`
SizeOfRawData	`0x6c00`
PointerToRawData	`0xae600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66257`

.reloc

MD5	`63e16505f9b557559af230e4ec68b72d`
SHA1	`b975d7c7762221748c4a338140923d6f0a72e8f2`
SHA256	`b56d4aab436c3663a9890fa0fe672d8fb40ca75803a6ab22f8c53f6bd20fc2ac`
SHA3	`3d6e23259984fa0e13f4acf8becbf1ebaa55af8a49fa9606bad9239ef19fb354`
VirtualSize	`0xc`
VirtualAddress	`0xba000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76693`
MD5	`a7e57968a0c93730317de3208eb431bc`
SHA1	`2f0b4336901247689fd7680390fa13f200ed51ef`
SHA256	`124a76c44014b2b22cb704e0a4c86ddbab4c3194ec00f2d847293df3620a94c8`
SHA3	`da28ec2b7dd6848df2e132f01ee54dd35ea20958f233b1389218445d33035303`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50691`
MD5	`0d98562d8b45dc079e1f03c2d66512ab`
SHA1	`1d4c8df72f4cf7bca7c99f6b7caef4e64f8595a0`
SHA256	`d222e3a18acacb64e634d710fb447e2bc5a959df6294c64f5a2c4b40556aa789`
SHA3	`a530b9005e35de9760eb3c8477bfe4b2bc74ce5ec49ca594c4fc0d2fb39669cd`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25855`
MD5	`4371666fc9b6f6e79a5d881feeda3b81`
SHA1	`de5b3fefa7ee56a9cc58c0d38266ff88a3b5c963`
SHA256	`fca0e9956af4b27d09782d65cc6cd77289386d684de553337dd85731258ec058`
SHA3	`4c76dc679ce155d3ebb09de5c05a82ea935473bab17fc9b0b5aa84475d8cf7f0`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.00183`
MD5	`76b7cd985f7d4a8de31e808c50b30349`
SHA1	`219b463e96ea00aeb45c1492214b98fa11f31a6c`
SHA256	`b8560d3d0a26d9c3bc372cf640b3a291e65ab42396a936fbd2dd32c79787be9d`
SHA3	`267ec5eb0246467e12eed83deea0f204ac277da1f7a352b6bb689c2dc3f2aa88`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a7b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85645`
Detected Filetype	PNG graphic file
MD5	`8dde3193ed57d4d6e2e8025d1a8e4891`
SHA1	`f9b627f647d1cbe390731a59eb83b89cfdb42d0e`
SHA256	`3fe49af7d3e344b0d891523827cc7c12856c74907ce2e73bfc635e1b689a5656`
SHA3	`61b6ad0db3b634ce1422de65c981cf6afe6de211d63c5ff09b953c662d25b98e`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64638`
Detected Filetype	Icon file
MD5	`062fdee8ff1b6d43f0e27d63beac83e0`
SHA1	`62c8828497587524238bceb72e4cc51ecdd34b57`
SHA256	`34c6894496ceb6d1d38695df00153254706489fb2e96348fe2483064e6180afa`
SHA3	`7509f47e170c43e4f009a38607258c89f24313e644457346f0873e2569f95d6d`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x478`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.466`
MD5	`d8cce689f1f63ac883ee2427bacccfc2`
SHA1	`cf017b72376dbb8a3331ded99b13dc37576cea69`
SHA256	`85fd2a7f7a0af5c363fd6b01dd7655566517024a16cfc954731d8c19ac696329`
SHA3	`e589d9217dd3f91d5625a7ebcd381b649db7374fa02c839c311a09421bbdd794`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31297`
MD5	`feaa3307ac03e410ae1e079a30ab1f46`
SHA1	`fb6edb3b7852b77e6fcd4afc39053d20af977d8a`
SHA256	`72561fc50ae407a2ebf1eaa6844f0093eeaea054506e61a5952d3f130cca8d58`
SHA3	`0d84d035fcd5c6498a50b7f38ab0a210ef9ac1d31ba7bb099c16a1c2a4611782`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	13.905.8.57580
ProductVersion	13.905.8.57580
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileVersion (#2)	13.905.8.57580
ProductVersion (#2)	13.905.8.57580
Comments	Web Companion protects you against malicious websites and dangerous links found online
CompanyName	Lavasoft
FileDescription	Web Companion
InternalName	WebCompanion.exe
LegalCopyright	Â© Lavasoft Limited. All Rights Reserved.
LegalTrademarks	(R) Lavasoft
OriginalFilename	WebCompanion.exe
ProductName	Web Companion
Assembly Version	13.905.8.57580

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.