Manalyze report for c547f591b85e8d29c4e75dba2185602e84133132cab6321ed7272671ecee657e

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2104-Aug-19 18:05:28
Debug artifacts	C:\Users\Chelovek_Krutoi\source\repos\M5\M5\obj\x86\Release\M5.pdb
Comments
CompanyName
FileDescription	M5
FileVersion	`1.0.0.0`
InternalName	M5.exe
LegalCopyright	Copyright Â© 2026
LegalTrademarks
OriginalFilename	M5.exe
ProductName	M5
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Interesting strings found in the binary:	`Contains domain names: cloudpub.ru http://y.cloudpub.ru http://y.cloudpub.ru/Game/gametest.aspx?key https://y.cloudpub.ru https://y.cloudpub.ru/api/launcher/update.exe https://y.cloudpub.ru/api/launcher/ver.txt https://y.cloudpub.ru/images/m.png y.cloudpub.ru`
Malicious	VirusTotal score: 5/71 (Scanned on 2026-05-20 12:11:45)	`Bkav: W32.Malware.27D089C6` `CrowdStrike: win/malicious_confidence_70% (W)` `Elastic: malicious (moderate confidence)` `VBA32: Downloader.MSIL.gen.rexp` `VirIT: Trojan.Win32.MSIL_Heur.A`

Hashes

MD5	`f6797cf6ea614d6061bf888622912136`
SHA1	`1298869b1ccf88e80eaddb3870debc46b55dfc2e`
SHA256	`c547f591b85e8d29c4e75dba2185602e84133132cab6321ed7272671ecee657e`
SHA3	`55d24f038765023bfd62dba64dac0739201275b048bc5c2806700a4b3a8a5fa0`
SSDeep	`384:gCPqwCMbWlY/NiIm9afgbz5N6N21EaY4In9bY4fnP:WwCY5U9agbpBY39Emn`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2104-Aug-19 18:05:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x3c00`
SizeOfInitializedData	`0xe00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005AB6 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`008acfd005b0717bd63c75909b7d2c20`
SHA1	`e5233c7781087c70b761a80a6e2498b1e63960e5`
SHA256	`8224b69740a0016ee2f957e5d2d73e2f18eb903f70a7be99e3e085a5568d0511`
SHA3	`4c3fc5b53ce0cb8ab9f2e03159b7e8e1dcecc0f6871ff4c40a4f33759406041b`
VirtualSize	`0x3abc`
VirtualAddress	`0x2000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.58481`

.rsrc

MD5	`5f85a9402b699bc538e3e095536768e6`
SHA1	`7eb347fbd9dfb2407a8429a0ca44bedf8770487f`
SHA256	`7f20a1d83b9994b71b623e4e7009bd0c48a98ffec81576a27736e995636fbce4`
SHA3	`2774bd2d7186e942ad9825973776c86628e4f280872ab990035fb775a4c2d3d8`
VirtualSize	`0xb70`
VirtualAddress	`0x6000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.09433`

.reloc

MD5	`685d129716cc3d3bec35975ec4d612b4`
SHA1	`6fd8b97384ff611bc64bc3fb1d7e4edb6be0ac1d`
SHA256	`390f1b830ec679f9e7919a8511b409319c53ecfc8bc8afc84008d3cf8e31719e`
SHA3	`29dd39b2c8e102b8616697ba6342f7ae4e83c2f22523ced17ef56b56d12c3e9c`
VirtualSize	`0xc`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x540`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9475`
MD5	`58ec4ee26e74fa69222dca3e58c07363`
SHA1	`e99c78671e3325a5c6829b14ce5bee2f2e7de834`
SHA256	`7ca05d8ce45135deb7cd13d3fd6f46d1cdf95e2620706ba1ce84336583caa597`
SHA3	`0c11d24ac627a37bbacbc809b0496706d06aa5a24f309be65e14e5d6f9844a39`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`c1432d505caadc3846ad4d6c4c0c097d`
SHA1	`bcfd458c22d534fdfe576785afe80fd129729677`
SHA256	`48982016e370effa827d54e330478713a3231aa5c775a1b04bb5c6af744535f0`
SHA3	`e22b712da268c5ec9863da32584e81f0276b809d02f95cd35d852dda1fa9a5a7`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2405`
MD5	`2883b88f1279f890e325781d4ed7e314`
SHA1	`ddd9818d39c654bb25a493d313d6b988a3fde0e8`
SHA256	`678722bf87a88678ec3094d18827bd7574c2aa0009d1ad71dd95f3eda76776b4`
SHA3	`60a2a54f13413e517ea659af697d5f48f7f31a3cc2cba4a4267b9a77fcd12a0f`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	M5
FileVersion (#2)	1.0.0.0
InternalName	M5.exe
LegalCopyright	Copyright Â© 2026
LegalTrademarks
OriginalFilename	M5.exe
ProductName	M5
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2066-Jun-19 02:50:37
Version	`0.0`
SizeofData	`91`
AddressOfRawData	`0x5a08`
PointerToRawData	`0x3c08`
Referenced File	C:\Users\Chelovek_Krutoi\source\repos\M5\M5\obj\x86\Release\M5.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.