Manalyze report for d335904e0fc1209cced63553bebb5203

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Jun-29 17:22:27

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %temp% Programs\Startup` `Miscellaneous malware strings: exploit`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	VirusTotal score: 55/72 (Scanned on 2019-12-31 03:27:55)	`MicroWorld-eScan: Trojan.Generic.22130915` `McAfee: GenericRXCD-LG!D335904E0FC1` `Malwarebytes: Trojan.FakeMS` `VIPRE: Trojan.Win32.Generic!BT` `Sangfor: Malware` `CrowdStrike: win/malicious_confidence_100% (W)` `Alibaba: Trojan:MSIL/VBInject.d184f7d0` `K7GW: Trojan ( 0051200a1 )` `K7AntiVirus: Trojan ( 0051200a1 )` `Arcabit: Trojan.Generic.D151B0E3` `TrendMicro: TROJ_GEN.R002C0CH819` `Symantec: ML.Attribute.HighConfidence` `APEX: Malicious` `Avast: Win32:Malware-gen` `Kaspersky: Trojan.MSIL.Agent.adcqq` `BitDefender: Trojan.Generic.22130915` `NANO-Antivirus: Trojan.Win32.Agent.erinqu` `Paloalto: generic.ml` `AegisLab: Trojan.Win32.Generic.lx9E` `Ad-Aware: Trojan.Generic.22130915` `Emsisoft: Trojan.Generic.22130915 (B)` `Comodo: Malware@#4x6t98qmq2pu` `F-Secure: Trojan.TR/Dropper.Gen` `DrWeb: Trojan.DownLoader25.14792` `Zillya: Trojan.Injector.Win32.543999` `Invincea: heuristic` `McAfee-GW-Edition: BehavesLike.Win32.Generic.hm` `FireEye: Generic.mg.d335904e0fc1209c` `Sophos: Mal/Generic-S` `SentinelOne: DFI - Malicious PE` `Webroot: W32.Trojan.Gen` `Avira: TR/Dropper.Gen` `Fortinet: MSIL/Injector.SNB!tr` `Antiy-AVL: Trojan/Win32.TSGeneric` `Endgame: malicious (high confidence)` `Microsoft: VirTool:Win32/VBInject` `ZoneAlarm: Trojan.MSIL.Agent.adcqq` `AhnLab-V3: Win-Trojan/FCN.140610.X1385` `BitDefenderTheta: Gen:NN.ZemsilF.33558.Gm0@aOyuXFci` `ALYac: Trojan.VBInject.RC` `MAX: malware (ai score=100)` `VBA32: Trojan.MSIL.Agent` `Cylance: Unsafe` `Zoner: Trojan.Win32.58057` `ESET-NOD32: a variant of MSIL/Injector.SNB` `TrendMicro-HouseCall: TROJ_GEN.R002C0CH819` `Rising: Trojan.Injector!8.C4 (TFE:C:m3HQDHIvpjF)` `Yandex: Trojan.Agent!Ft1Ft3Av57k` `Ikarus: Trojan.MSIL.RPX` `eGambit: Generic.Malware` `GData: Trojan.Generic.22130915` `AVG: Win32:Malware-gen` `Cybereason: malicious.e0fc12` `Panda: Trj/GdSda.A` `Qihoo-360: Win32/Trojan.18d`

Hashes

MD5	`d335904e0fc1209cced63553bebb5203`
SHA1	`118580c111cd1d5da92c281647cb773d060dfb4b`
SHA256	`55b8c931d255cef1b2541db94a1eea700b9849c253ca5b24f31aeaf272a276c9`
SHA3	`00ca503b3ca00a6415d62764f7817a8db38b82ea8440375cbf32e2807ba6b60d`
SSDeep	`12288:kD3LAmOkOB8kL/utGjV6tJapnbFmy3PZUoyIGNOJiR:knGZGitGR`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Jun-29 17:22:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x80e00`
SizeOfInitializedData	`0x1e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00082D3E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x84000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x88000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bc71e78730de17ce2ac62f6ca0207241`
SHA1	`5248ac02f5332525d733dec7d8b550c6babcc13a`
SHA256	`50f5c30373694f1a9660ad768c64095fc18739426dcae344a7983c19c04c6462`
SHA3	`9198f3f563d41e3030b60d68880c3e3c14ca67bf1a6ec953c8969a5f284f4c01`
VirtualSize	`0x80d44`
VirtualAddress	`0x2000`
SizeOfRawData	`0x80e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.16519`

.rsrc

MD5	`6387a995d8c8d62cc8c894ae554461aa`
SHA1	`38f0a0b3b799875d4ddb626eb3e14d455c7c9446`
SHA256	`d1c437b005f8bc03359e48288a06db45f970583b64c6f50138f435ef3278c4e3`
SHA3	`ff0326944bd20f6c98c593208bd28c745c0d7e06c258cee913cb284e5f8d6947`
VirtualSize	`0x1a0a`
VirtualAddress	`0x84000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x81000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1739`

.reloc

MD5	`549feb14bb8111f1377c3a6bfc2a6e88`
SHA1	`eeeb69a4e101c95bb23c97b05c6669dee6f3b74c`
SHA256	`10a54700ba52c048313dfd5ead9382ddbb60fe6478fbfc26ca44115ac6670628`
SHA3	`dfd845a9e23c95be98181eacf2f8bf1287102a4be45ba5f3491770828e4eb95b`
VirtualSize	`0xc`
VirtualAddress	`0x86000`
SizeOfRawData	`0x200`
PointerToRawData	`0x82c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85213`
MD5	`f526bc6086c01520d3a04cbbf2ae19e0`
SHA1	`e54e917c4762d0fbdf29e50906e35e798b99df82`
SHA256	`ac08deae876666e0e26c8a22e1794718a1b5bd0b73d5dd8a71d7542f5008f709`
SHA3	`3ba7a10a999abe90ca32cdfa7dfa37b126c6b9d0e5232f384ea31eced02c7503`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19496`
MD5	`9a5bc96dfcfaada8ae03e5514594a51d`
SHA1	`edad97d86b0cc93de1d38e5aae2e2b5ebb9fd4e5`
SHA256	`9b9ee37f142f641a322bac0b06975f3ed9b32d89bb4ef975a7a34aac0c62712e`
SHA3	`f11218aee229fc9fadaf9d1a46f502dadb0a79ad1377c6b4d32ff3a6b037743b`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.88563`
Detected Filetype	Icon file
MD5	`f59830b327862e43fd8156795de8ce86`
SHA1	`0a16c0e990148e24d084c07939b9c4195486a83b`
SHA256	`a952d351b0e7c4b08b3a84dfead42807e85b8ef0e01d1f67bf815972782ef6df`
SHA3	`9db1de771af2152e4812f75ed5aa2c53ef8cc1d3db169bd649c76dfb9add56c2`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41942`
MD5	`85c37132c0e1b8582ceef0601eaf91f3`
SHA1	`1cd27cb3263e9de929fe607044d010e1ffd5c6bd`
SHA256	`a02b7bbc898706bd402faf2532694571db530319d6dc189ae5e87dafbb6b3a5d`
SHA3	`ee301b35f30ed7a43b807bc2ae51b7364eeb09b79dce19bf855a61c1e41bb5b6`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read a VS_FIXED_FILE_INFO!
[!] Error: Could not read a VS_FIXED_FILE_INFO!
[*] Warning: Could not parse a VERSION_INFO resource!