d17cf2f47d925b55d6cfc3f17a864926b0ebbbd733840729c19ff3e71325fbc0
This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2026-Mar-10 13:29:51 |
| Comments | |
| CompanyName | Microsoft |
| FileDescription | Laptop Battery Analyzer |
| FileVersion | 3.3.0.0 |
| InternalName | NLBA_LaptopBatteryAnalyzer.exe |
| LegalCopyright | Copyright © Microsoft 2015 |
| LegalTrademarks | |
| OriginalFilename | NLBA_LaptopBatteryAnalyzer.exe |
| ProductName | Laptop Battery Analyzer |
| ProductVersion | 3.3.0.0 |
| Assembly Version | 3.3.0.0 |
Plugin Output
| Suspicious |
Unusual section name found: K\x092\x0b3fy:
Section K\x092\x0b3fy: is both writable and executable. Unusual section name found: |
|
| Malicious | VirusTotal score: 10/59 (Scanned on 2026-04-09 04:07:20) |
CrowdStrike:
win/malicious_confidence_100% (D)
Cylance: Unsafe DeepInstinct: MALICIOUS Elastic: malicious (moderate confidence) Fortinet: PossibleThreat Gridinsoft: Trojan.Heur!.03033281 SentinelOne: Static AI - Malicious PE Symantec: ML.Attribute.HighConfidence Trapmine: malicious.moderate.ml.score TrellixENS: Artemis!EEDC4D21C094 |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x80 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2026-Mar-10 13:29:51 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 8.0 |
| SizeOfCode | 0x38b800 |
| SizeOfInitializedData | 0x27cc00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0060C00A (Section: ) |
| BaseOfCode | 0x27c000 |
| BaseOfData | 0x2000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x2000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x610000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
K\x092\x0b3fy:
.text
.rsrc
Section_4
.reloc
Imports
| mscoree.dll |
_CorExeMain
|
|---|
Delayed Imports
1
32512
1 (#2)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 3.3.0.0 |
| ProductVersion | 3.3.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| Comments | |
| CompanyName | Microsoft |
| FileDescription | Laptop Battery Analyzer |
| FileVersion (#2) | 3.3.0.0 |
| InternalName | NLBA_LaptopBatteryAnalyzer.exe |
| LegalCopyright | Copyright © Microsoft 2015 |
| LegalTrademarks | |
| OriginalFilename | NLBA_LaptopBatteryAnalyzer.exe |
| ProductName | Laptop Battery Analyzer |
| ProductVersion (#2) | 3.3.0.0 |
| Assembly Version | 3.3.0.0 |
| Resource LangID | UNKNOWN |
|---|
TLS Callbacks
Load Configuration
RICH Header
Errors
Leave a comment
No comments yet.