Manalyze report for cb706977acf35640a9b1158423f571cc

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Jul-09 22:49:11
Comments	Coding Inc
CompanyName	Coding Inc
FileDescription	Remote Assistance
FileVersion	`5.1.545.1`
InternalName	Remote Assistance.exe
LegalCopyright	Copyright © 2013 - 2017
ProductName	Remote Assistance
ProductVersion	`5.1.545.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 29/64 (Scanned on 2017-07-11 06:50:39)	`Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9999` `F-Prot: W32/MSIL_Injector.KQ.gen!Eldorado` `Symantec: Trojan.Gen` `TrendMicro-HouseCall: TROJ_GEN.F0D1H00G917` `Avast: Win32:Malware-gen` `Kaspersky: Trojan.Win32.Neurevt.znc` `Paloalto: generic.ml` `AegisLab: Troj.W32.Neurevt!c` `Tencent: Win32.Trojan.Inject.Auto` `Endgame: malicious (high confidence)` `DrWeb: Trojan.MulDrop7.31813` `VIPRE: Trojan.Win32.Generic!BT` `Invincea: heuristic` `McAfee-GW-Edition: BehavesLike.Win32.BadFile.jh` `Sophos: Mal/Generic-S` `Cyren: W32/MSIL_Injector.KQ.gen!Eldorado` `Avira: TR/Dropper.MSIL.ppryl` `Antiy-AVL: Trojan/Win32.Neurevt` `ZoneAlarm: Trojan.Win32.Neurevt.znc` `GData: Win32.Trojan.BetaBot.E80FV3` `McAfee: GenericRXBY-NP!CB706977ACF3` `AVware: Trojan.Win32.Generic!BT` `Malwarebytes: Spyware.PasswordStealer.Gen` `ESET-NOD32: a variant of MSIL/Injector.SOJ` `Rising: Malware.Undefined!8.C (cloud:B9Gimg9je0B)` `SentinelOne: static engine - malicious` `AVG: Win32:Malware-gen` `Panda: Trj/GdSda.A` `CrowdStrike: malicious_confidence_100% (W)`

Hashes

MD5	`cb706977acf35640a9b1158423f571cc`
SHA1	`6eb7ee4667f6e433f7dce218171b71009aa7d9e9`
SHA256	`c9bd87ba95af7018e109a86ab47e949c092d6588e5260324118ac89a6cef254e`
SHA3	`82608c0651cbe4a7f970e737465f03b990157858edc53af48ae0b7c508a56983`
SSDeep	`6144:devSqvzTS8Wedg1CmbAu2qYvZDHmh73rAFpu6tYCK/qIK2KEydRk9ge+xI+cO:xqPrWedg02ORH4rASMmpCiWoO`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Jul-09 22:49:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x48c00`
SizeOfInitializedData	`0x5b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0004ABEE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xaa000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`53617b38477793e775ddb3b6d7022128`
SHA1	`c7c5e87e8c7a89e78efb95d74522a0c7db519a60`
SHA256	`22a6d4ce35d92fec7beedc6b10075875e24d152f0bd7715ea5ae12f967c3ba03`
SHA3	`ba9d0531bc7a6dda03bac26c7be71aac9c362a4ca9573680ec2db10c38a6c18b`
VirtualSize	`0x48bf4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x48c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.9467`

.rsrc

MD5	`a6bd2bfafd3742105b5d1b00f922c689`
SHA1	`0b369260123a0967ac931d13e92103682e407edd`
SHA256	`130d04de8989b4bebc2915191bf9819e8ff45b8fc9f38107989e667f4edf870b`
SHA3	`1735776172a5876a8b7bd3e1e0bba0e6d5e6fb6a34f59aa86d05562bda0588a2`
VirtualSize	`0x5ac7a`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x5ae00`
PointerToRawData	`0x48e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.84637`

.reloc

MD5	`fa598f6e3ed7c52aabf99778ba91a9a2`
SHA1	`c0a3a45886c1d065743b0668f913ffaa43343bf4`
SHA256	`4a24b641dee97679ab3ac9f7a52126bd4202a7d9cdcd5c3b39df896330c018dd`
SHA3	`1e3762448e690080066039e2d58a2498fc729296bc4e0edcc97b8abc5c9e3fa2`
VirtualSize	`0xc`
VirtualAddress	`0xa8000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

50

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.71364`
MD5	`c0054fc1812ba7e360bd380becd996c1`
SHA1	`22e9312ab8e886acad1e96728319588b9dc31adc`
SHA256	`f1814a0a931ed54cc74ff4ba956712bdb2f4cd0a4b54b823e7909e09e85daa9a`
SHA3	`dfc8e1965068b4d8f8e17fdf1a72cb63ac4147eeb324f5bef851790319e7b3c9`

51

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14302`
MD5	`3ae4e95fc0b035ece2269260a7c4496b`
SHA1	`1fd1431950f9295b06a57b83ad1e0cdd739231c5`
SHA256	`f47608227f4f3f87f6bbb343b4f4ac5c68b982c6e83b25f1c5ae646fd7ddeb4c`
SHA3	`f27170ed705c532948c0b2ecb1d9037ddbd725b93128fe8700c4fe3b9a175f2d`

52

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40987`
MD5	`738030a9a5985e4a3f66b7dc6134c3f7`
SHA1	`73c4ff677b8d084ddcf6fa7120ff9285850a6193`
SHA256	`519a7e48c07da739d5f59971d82d10128b5951711a64c475b1688b16639068c8`
SHA3	`84e024abd1e243f7f75d1dff98f9c942dba49cee66292613831ec6b9e7ef5b90`

53

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.58813`
MD5	`e91150a141e03b24cc3033a67fb62c76`
SHA1	`fa899235ae0020211b747c657510842012fc59dc`
SHA256	`6721d5e57c5de6092cfbc51a3861b61b941bcfc73ba25c93dcaf21a8fd53a584`
SHA3	`807b11ec69da408dc74945fc229c2278a9e0f11b6becd58edc1b02e1e86e7daf`

54

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.93059`
MD5	`65aea56f71f13125bc5fab8457f9d2e9`
SHA1	`26ada0cf6b54e3b047855c1d6f546a46c1115386`
SHA256	`2ecbad748b891b735f5c6f515f1ec2f36764538cb6cadde96fe4c4263a22a33e`
SHA3	`51db5a37c15e38ce0f90ead50a9dc47170c80d2b73e4eb3874bbdab8758b427c`

55

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.13285`
MD5	`6e58826e2e31af5c900630f3a9d3c02e`
SHA1	`46dfde0094db15f8bef1a6383884a999c9e04de5`
SHA256	`8373b4f808a39aed6092102fea98603397667cf976f939fc8d1162099df5d1fa`
SHA3	`8ff1bb53a3df28a104a84be1fab75006abb1aa097a05a662e3a1de092ca01cf6`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86826`
Detected Filetype	Icon file
MD5	`9b761c867c9a268e34928f5e2545dcde`
SHA1	`150c97337703f63b9306934ed85108ea56db77b2`
SHA256	`a02f1a17ba5509fc7ce4bac544166ba86a37ae6331b91b92998be03636b804c3`
SHA3	`b7a870d9242a3bdfd30a6cc16fccaa37c0cd43bef264ec1016aa28fd9e72b2f9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37252`
MD5	`94806c705c7990afc846171072cc0159`
SHA1	`430beab44c1aec8b6d0eff98b095eef0a6c5a52d`
SHA256	`dfae7379889c044719b53821407e18d218901da2797447507d9d942054210a72`
SHA3	`94e29e0dd684cfc2e35f3049d9d82eb9c3ba7f89ec5b734c2e3af615bcecbb6b`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.1.545.1
ProductVersion	5.1.545.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Coding Inc
CompanyName	Coding Inc
FileDescription	Remote Assistance
FileVersion (#2)	5.1.545.1
InternalName	Remote Assistance.exe
LegalCopyright	Copyright © 2013 - 2017
ProductName	Remote Assistance
ProductVersion (#2)	5.1.545.1

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

cb706977acf35640a9b1158423f571cc

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

50

51

52

53

54

55

1

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors