Manalyze report for d396d80fc7b4432df0986e81fa4bbb39

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Sep-15 19:15:16
FileDescription
FileVersion	`0.0.0.0`
InternalName	JIT.Cecil.dll
LegalCopyright
OriginalFilename	JIT.Cecil.dll
ProductVersion	`0.0.0.0`
Assembly Version	0.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft`
Suspicious	The PE is possibly packed.	`The PE only has 1 import(s).`
Malicious	VirusTotal score: 13/71 (Scanned on 2026-02-06 18:57:17)	`APEX: Malicious` `Bkav: W32.AIDetectMalware.CS` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Gridinsoft: Malware.Win32.Gen.cl` `Kaspersky: UDS:Trojan.Win32.GenericML.xnet` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: ti!A82BF44C3D3F` `Rising: Trojan.Generic!8.C3 (CLOUD)` `SentinelOne: Static AI - Suspicious PE` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`d396d80fc7b4432df0986e81fa4bbb39`
SHA1	`e556b986af1c928fd567aaf69ee0e4d7c48a12bc`
SHA256	`a82bf44c3d3f10e1f59740ed102c18af9b0fe376a3df073616f2b4aafccb0435`
SHA3	`686868241243c0e3c5a66d58076319a134023bfb5b2e4af1d2564348d63f77c8`
SSDeep	`3072:MMm6bNFpjAfeSbgjCsB+pJfTXn322xmIsDzfDr9vXTOHoUe0KNcd9znPIpBxUj5:Mznf223TLnm2oLXDrdP99cdJnr`
Imports Hash	`dae02f32a21e03ce65412f6e56942daa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-Sep-15 19:15:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x2b400`
SizeOfInitializedData	`0x2b800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0002D292 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2e000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x32000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8a4840998ede51c5abc117b34dcb1e99`
SHA1	`b587470e47ccb674710eed15bd3952d010047cb6`
SHA256	`4b69800c60db948cb68d6de2b50f76069adf37aab9aaa9755bae75ef5353663e`
SHA3	`8cb99f19bb98ed0d8b1314f2920a8535e18c3ba865d9a8f26e842e50c7e6c89b`
VirtualSize	`0x2b298`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2b400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.80298`

.reloc

MD5	`c40f1afc48adbf61d26ce586f3859f6b`
SHA1	`882d66240f1cc2ca4048cfb69837db87dda59580`
SHA256	`d1d7d334b32671d3bfe6b3b4cceee7421994c0be6709f497317983af204d7807`
SHA3	`c9647f2af65d802b39dbff9fffd1211b8704b9f13b0e75ab57d9b6ac082b4285`
VirtualSize	`0xc`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

.rsrc

MD5	`c072b42a2b5722b331199788c2df3a7b`
SHA1	`9a5961c64e46b15a94f1d46e2ec6becd7e453470`
SHA256	`1c93ad385508f2c2ff46e49228a10c7cc0f5bbe05956e7baad37ca0ffaac0200`
SHA3	`4f71fa7fd666af52fe0200207bc34b3ef3b9ef7eb400fe72e1162549c04537b8`
VirtualSize	`0x2a4`
VirtualAddress	`0x30000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.17989`

Imports

mscoree.dll	`_CorDllMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x24c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18142`
MD5	`f8ade7637c3a3d1f55cb41f43164c225`
SHA1	`87badb2c4a923b6e77b2545139a189392c016b20`
SHA256	`a0fe62cb0a39608302b0cc9374309a07e69e2d33eea0704a1f146c783a787064`
SHA3	`abbea6f7e0f29f3b912ff860581cb1dc479acedbd4189daecab6c41104e24ae8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
FileDescription
FileVersion (#2)	0.0.0.0
InternalName	JIT.Cecil.dll
LegalCopyright
OriginalFilename	JIT.Cecil.dll
ProductVersion (#2)	0.0.0.0
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

d396d80fc7b4432df0986e81fa4bbb39

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.reloc

.rsrc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors