Manalyze report for c31109b7e2b33429be7a47395766eb87e17c29c63fdeb7266a89a39ea812c171

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2056-Mar-17 12:20:44
Comments
CompanyName
FileDescription
FileVersion	`1.0.0.0`
InternalName	Application.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Application.exe
ProductName
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: api.arkoselabs.com arkoselabs.com http://www.robloxaccount.ml http://www.robloxaccount.ml/payload/payload.js https://roblox-api.arkoselabs.com https://roblox-api.arkoselabs.com/fc/logic/misc/assetProxy.php?replacePublicKey https://twitter.com https://web.roblox.com https://www.roblox.com https://www.roblox.com' https://www.roblox.com/captcha/app/login?credentialsType roblox-api.arkoselabs.com roblox.com twitter.com web.roblox.com www.roblox.com`
Suspicious		`Unusual section name found: .lunar0` `Unusual section name found: .lunar1`
Suspicious	The file contains overlay data.	`4366 bytes of data starting at offset 0x16b400.`
Malicious	VirusTotal score: 40/68 (Scanned on 2021-07-01 04:50:07)	`Elastic: malicious (high confidence)` `MicroWorld-eScan: Gen:Variant.MSILHeracles.19827` `FireEye: Generic.mg.0ab4061167cfa790` `ALYac: Gen:Variant.MSILHeracles.19827` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Save.a` `Cybereason: malicious.435981` `BitDefenderTheta: Gen:NN.ZemsilF.34770.Bv1@aCyLgpd` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of MSIL/Packed.VMProtect.C suspicious` `APEX: Malicious` `Paloalto: generic.ml` `ClamAV: Win.Packed.Msilheracles-9866653-0` `Kaspersky: HEUR:Trojan-PSW.MSIL.Anagra.gen` `BitDefender: Gen:Variant.MSILHeracles.19827` `Avast: Win32:RATX-gen [Trj]` `Ad-Aware: Gen:Variant.MSILHeracles.19827` `Sophos: ML/PE-A` `VIPRE: Trojan.Win32.Generic!BT` `Emsisoft: Gen:Variant.MSILHeracles.19827 (B)` `SentinelOne: Static AI - Malicious PE` `GData: Gen:Variant.MSILHeracles.19827` `Jiangmin: Trojan.PSW.MSIL.btdh` `eGambit: Unsafe.AI_Score_89%` `Avira: HEUR/AGEN.1141326` `MAX: malware (ai score=83)` `Gridinsoft: Trojan.Heur!.022130A1` `Microsoft: Trojan:Script/Phonzy.B!ml` `Cynet: Malicious (score: 100)` `AhnLab-V3: Malware/Win.Generic.C4474602` `McAfee: GenericRXPA-XK!0AB4061167CF` `Malwarebytes: Malware.AI.1605932795` `Tencent: Trojan.Win32.Agent.cf` `Ikarus: Trojan.MSIL.Vmprotect` `MaxSecure: Trojan.Malware.300983.susgen` `Webroot: W32.Malware.Gen` `AVG: Win32:RATX-gen [Trj]` `Panda: Trj/GdSda.A` `CrowdStrike: win/malicious_confidence_70% (D)` `Qihoo-360: Win32/Backdoor.Rat.HwMASUUA`

Hashes

MD5	`0ab4061167cfa7901e471ce8246c99b1`
SHA1	`6b9052943598154fc4003dbac9c2a6c5ae7cd940`
SHA256	`c31109b7e2b33429be7a47395766eb87e17c29c63fdeb7266a89a39ea812c171`
SHA3	`27589c6e6e5a10e1a2a284e05a54f2f12c889aa3949c60075aa1c8ec0fd442ed`
SSDeep	`24576:4wg30og+l8oBUsJrBZwI9Xms6q7bKdqmGTJf6BZWgmyM1ZFg6Y:Fg30VG8JsJrAI9XIUbfmGTJf6Bh6Y`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2056-Mar-17 12:20:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x9b800`
SizeOfInitializedData	`0x16b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00262FDE (Section: .lunar1)`
BaseOfCode	`0x2000`
BaseOfData	`0x9e000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2b0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9b704`
VirtualAddress	`0x2000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.lunar0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa21fe`
VirtualAddress	`0x9e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.lunar1

MD5	`b650533ec02b1a3df56a994d9e979b8a`
SHA1	`767b099a049692b50029255fde8b6ed10a94d078`
SHA256	`90a0f005ee743f64dfdf9e72b1c9b902e0a2747ef0f6b39600ed6a28b9bdf926`
SHA3	`973bd16ef988ca2437b7935a2cc038a57642b8fd6ee966750a311e571418ca3b`
VirtualSize	`0x159cf8`
VirtualAddress	`0x142000`
SizeOfRawData	`0x159e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.82145`

.rsrc

MD5	`ed1f9a883655310a0e4b996c512b2b55`
SHA1	`4edf90200c59eb99eb23b30d4b9f0187390eebe8`
SHA256	`400f1972723d47759b2e82db902260c2d07ea4ff4ca50cc614fa5818bd9daff7`
SHA3	`940309443a2019467d8276810061620d9583416772142fd915d539eb6f07dac1`
VirtualSize	`0x10e3c`
VirtualAddress	`0x29c000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x15a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.97527`

.reloc

MD5	`d4df0ea71fef2d27bdeee35de19227c7`
SHA1	`c86c5b48fc81eaeb803a39d1ad9d5a997af85df9`
SHA256	`a336097731bed39f821667636a1f5948814eaebbf7212e2662dcdac53f14606e`
SHA3	`aee68a049eea9963b04ddd6086da66de9d87de5cb98a3d62bf80e430b33a35a4`
VirtualSize	`0xc`
VirtualAddress	`0x2ae000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.122276`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.87264`
MD5	`e20dfe7458ab9d1a9f32e6770b79be0a`
SHA1	`1e761a891956340315251c91164bcd2fa2ca8e60`
SHA256	`400436a7978d4bf221ccafef6b028efff3b4ae8625186efae1fe3e3559427293`
SHA3	`739193c69f2d7c4458f24a0de7e9765fbeaa3cdf1cbe39be4e6eab63a6520fdf`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`dd77aac392ccc09821c5bd800fb2d404`
SHA1	`9b0968b402e80b9a5e39d6189ec1c07aa10bd395`
SHA256	`e1b76116ca5adca3e85ccbd49cdb8f7144236020c8ec4b87fdf209a8d2fd5be7`
SHA3	`4c8ea5b110eb3f70f516517eb11fd46397053ae1e0245e3e2993b74f94087bf3`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16886`
MD5	`2e1debf16d6e19b630caa3ce48426bb7`
SHA1	`d4a7a5784f2e92463e3af28bb9e9c2175bec157e`
SHA256	`e9f6e3a171988eb1030aea64a3e647fa72186cfbc9ae2d1df90a53754eb0c99c`
SHA3	`2f48bbc54300f1b43bb200a9a68cbfc9bf66d901f36028e68a2481e080749a36`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	Application.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Application.exe
ProductName
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .text has a size of 0!
[*] Warning: Section .lunar0 has a size of 0!

Leave a comment

No comments yet.