×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2024-Oct-30 04:08:38
Detected languages
English - United States
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
Info
Interesting strings found in the binary:
Contains domain names:
Malicious
VirusTotal score: 50/72 (Scanned on 2024-10-31 09:26:49)
APEX:
Malicious
AVG:
Win32:Malware-gen
AhnLab-V3:
Trojan/Win.Generic.C5606423
Alibaba:
Trojan:MSIL/Heracles.fdfbc2b2
Antiy-AVL:
Trojan/MSIL.Heracles
Arcabit:
Trojan.Generic.D4711C42
Avast:
Win32:Malware-gen
Avira:
TR/Kryptik.gnquu
BitDefender:
Trojan.GenericKD.74521666
Bkav:
W32.AIDetectMalware.CS
CTX:
exe.trojan.msil
ClamAV:
Win.Packed.Lazy-10036699-0
CrowdStrike:
win/malicious_confidence_100% (D)
Cylance:
Unsafe
DeepInstinct:
MALICIOUS
DrWeb:
Trojan.Siggen29.61577
ESET-NOD32:
a variant of MSIL/Kryptik.AMFK
Elastic:
malicious (high confidence)
Emsisoft:
Trojan.GenericKD.74521666 (B)
F-Secure:
Trojan.TR/Kryptik.gnquu
FireEye:
Generic.mg.d5b8ac0d80c99e7d
Fortinet:
MSIL/Kryptik.AMFK!tr
GData:
MSIL.Trojan-Stealer.WhiteSnake.G3UFDK
Google:
Detected
Gridinsoft:
Malware.Win32.Gen.tr
Ikarus:
Trojan.MSIL.Crypt
K7AntiVirus:
Trojan ( 005b9c511 )
K7GW:
Trojan ( 005b9c511 )
Kaspersky:
HEUR:Trojan-PSW.MSIL.Stealer.gen
Kingsoft:
MSIL.Trojan-PSW.Stealer.gen
Lionic:
Trojan.Win32.Heracles.i!c
Malwarebytes:
Trojan.Crypt.MSIL
MaxSecure:
Trojan.Malware.300983.susgen
McAfee:
Artemis!D5B8AC0D80C9
McAfeeD:
Real Protect-LS!D5B8AC0D80C9
MicroWorld-eScan:
Trojan.GenericKD.74521666
Microsoft:
Trojan:MSIL/Heracles.CXCF!MTB
Paloalto:
generic.ml
Panda:
Trj/Chgt.AD
Rising:
Malware.Obfus/MSIL@AI.87 (RDM.MSIL2:/Z8+wfR9Xq5qEiBU15WnXQ)
SentinelOne:
Static AI - Malicious PE
Skyhigh:
Artemis!Trojan
Sophos:
Mal/MSIL-VX
Symantec:
ML.Attribute.HighConfidence
Tencent:
Malware.Win32.Gencirc.141f6731
Trapmine:
malicious.moderate.ml.score
Varist:
W32/ABTrojan.VFXG-3780
VirIT:
Trojan.Win32.MSIL_Heur.A
Xcitium:
Malware@#34jvooy0emziy
alibabacloud:
Trojan[stealer]:MSIL/Heracles.CDI93DGW
MD5
d5b8ac0d80c99e7dda0d9df17c159f3d
SHA1
ae1e0aeb3fbba55999b74047ee2b8bb4e45f108a
SHA256
c330322b774eb263b008178ff707e13b843fd7df62445cca3c52356509c26f78
SHA3
06d1a6b4ba230c1cc161275e9fcdc727acb1cf3a07e0cff3d8b14c1cb4bdbc8b
SSDeep
6144:+MW2MDA5DDzwLLoMC9YsbxE0UyRtXpJldoopDIrhi7m:EREZELLoMeYkxEgJzTp
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2024-Oct-30 04:08:38
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
8.0
SizeOfCode
0x3ea00
SizeOfInitializedData
0xe600
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00040929 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x42000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x54000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
2bdbe9f6c652fc19d48b5cc1242a4e20
SHA1
40f5505ac59226bfa86c1ca02dcd0a0ef1abe510
SHA256
823b1d9b616dad4157d064f525b0c40bb35841cf8aeedf242d5e15d80e317b56
SHA3
33aa65d49ccf765c4067564e5e9f75b739021af26a44ac4ff39ddefb04887362
VirtualSize
0x3e92f
VirtualAddress
0x2000
SizeOfRawData
0x3ea00
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
7.92698
MD5
5f49f94e89367157a32ad3441ce31ada
SHA1
6baddbeeaa6dd81a23b73cbba18344aa786483dd
SHA256
bdfb75ff01f53e9b7633596513431f05acb23cffa6de0d1067810600cfce87c2
SHA3
2266fdc3bcdcf61fcfb86f45407ad1f002c3dbe68e752886ae0dbfbb1c17ea5b
VirtualSize
0xe2f1
VirtualAddress
0x42000
SizeOfRawData
0xe400
PointerToRawData
0x3ec00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
3.36987
MD5
52e40c31d7518491c819d662123eac07
SHA1
59090206411a30b600a920a3da5d68053cbf82a1
SHA256
18100c671f8c3b9e6f8ee6b4afd87522eb60b396f67955c0fd053dc5df766fc2
SHA3
54b95bd7e7cc39a995823a52fb82e0e66ef19039e902380e4355458cb3c1a660
VirtualSize
0xc
VirtualAddress
0x52000
SizeOfRawData
0x200
PointerToRawData
0x4d000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0815394
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0xa68
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.74641
MD5
2073a3bce01223d897c6e67e18e677e7
SHA1
f12d3ad97307acd4b6283883ff2535a1162b847f
SHA256
dadedca04ae6f15e735054a8844a0bb8c303e28e6a20a7b54393218ac9dac901
SHA3
e46bdf2c29fbea8826e7fbe4a23b787838298a2c57522375d89b84e0dadafb64
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x668
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.98658
MD5
54aab9687517924a6f0872d3db85eefa
SHA1
62922bb6f27fbb4249513a00d0249079706901df
SHA256
49e1fd7235582a5fcda21ad7019a28f07be0bf5758e58ce433622ad2c186890f
SHA3
f088eafbfb352a9b54edad9f0b94b7222fb44a8593945940d99d3dd13d26e8dc
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x2e8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.01586
MD5
57086a45c3525554f76a843b8ea0ceb0
SHA1
bb3b05066884d9c430e0b242802c280ac263b894
SHA256
aaa0ec91899e3916e363e4670f8073cdd5de32024c330183e3e06a5c402ee7ae
SHA3
c79a0a88119906e5258eff43faafc4b86f3f5b6bb2871cce6de3d9cf379d4c66
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x128
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.1704
MD5
c9113f4798daee1ff04397b4699fee20
SHA1
04a77a02cdada1d0adb3af383475cf77ed177e76
SHA256
029b2163ec401f4b713e6870760f636551fab3fa800dbb940d4b0c547a922072
SHA3
47db69117d269446375dfe691c9444c7f9bbd176e1d529ba1748f54262d34cb9
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x1628
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.912
MD5
a3ecd0150aa90c103ffd60e970a79b04
SHA1
155aa3f218939e3accb8578679c03dcbc88f5e52
SHA256
5426a3cf123eedfefc4fc0e764de1bd8c8f69edf6e0c68af1984438b28074de3
SHA3
212acca720a6b223f41cece9fd8589bbd1a13bbda47f2594ef695cac349254ba
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0xea8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.8663
MD5
c519cde0a3de8b3fae65ec263d0211f2
SHA1
b5ec2ab4e4b832bbce774c34b575512f417dbea1
SHA256
aaa4217a07f23dc3124979542a8e1105ae36b6bd6e2951fd33e37fb66bfa6e97
SHA3
d126ff50d5c59f801cea6ba3220990d077af1349152fea03feb60a7e4fe71b0d
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x8a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.49649
MD5
07484b7d7d2de97ae274c997b13fcd95
SHA1
505d59bc4593dc34851764ff10e31a163db98f2d
SHA256
eab50ea5ff7abfa5e9c64cc691ea9cce1cac6d3a913a599902f486a05ce951e6
SHA3
fe754e115793dab307b8d9c1cf7eed88457e4fbe84d43324f4ad20d29dbb95dc
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x568
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
0.972379
MD5
d4e7ffb2c44d42dd0361bdf025ddc1cf
SHA1
b2f0d88ce66caf4e0efca16007174289977cf11b
SHA256
37265ae581f5649902228e063059ee88f390f5b67176020840d586a5cd55bd24
SHA3
0f814a879813c5f3705704e6b19fa66a7839ebf98df1941ad9e76825050843d9
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x12e5
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
7.68913
Detected Filetype
PNG graphic file
MD5
2bdb3ce74738954decb4aa7784bc1dad
SHA1
7c1a93a6508fd2ab9998c87735e2e4cefebfdfef
SHA256
463eae02434b126bc01fc4aa5b1efd88fcb53313b05d180a199bfe064273cefd
SHA3
974d364c75b622f15c6c3f9f6fe645353b7aeaaf881f9285c1a568181ea6512d
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x4228
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.03031
MD5
2f8da60b986b88d85ae9bf8741138629
SHA1
35b96991f3c9de50adc6a854314d7c4b3b762b4c
SHA256
83e1da080a4c85ba6c53a8b73a88a43bda96f0af2f63565aeacc8020c57fb711
SHA3
422e7d3d156266b34b571d202b0d2dcd4c42ebf317ab5755e4d4ab84837f5ed4
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x25a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.4506
MD5
b7a61dbaf8fed9e8fd55586271a7a2fe
SHA1
1bf83736a9459f39e8ad4415a8a55f0fd03031d9
SHA256
1b9e2b76fb8a6306d71a58e8277e61cf775b329f259833b48539dabc55564dde
SHA3
ad3d753b9786fa2d2920812cb8dfb9cc077f392df40690a3dcf584e51d55b6e9
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.25978
MD5
74fa412d3b673173879e1694849b16fe
SHA1
fd666f6bd32077a3b3ad97d4591ed6e170179911
SHA256
e1cdcfc343bd2be7111edf269de89a61f6bed13a5780a79fec57110350d2b175
SHA3
59c23cb88d5b074c0e9d5dbc3af87739c0d65b11acab261f17e191f3575af7f4
Type
RT_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0x468
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.88786
MD5
208b4b138664f95bc9c28daa5d6240b7
SHA1
79131678428163495ffee79cf6c3cd70a4622804
SHA256
c98be6a1843a183920435a4ebcfcd9e8b1595b05aa7eb74e646fde7e2a22145b
SHA3
5f193d529afeb126339e38e17cffc7868ea66de29a81db907d1c031d9c5822e3
Type
RT_GROUP_ICON
Language
English - United States
Codepage
UNKNOWN
Size
0xbc
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.08095
Detected Filetype
Icon file
MD5
ee0da5fbb3d343c27941fb3f8b77164a
SHA1
c2be29713ab52dcf391d34d14f367cbbab966cc0
SHA256
81341db39d8fdec0bd34960423a41a5e2ba5c5830b957f070d1563580b52011b
SHA3
f3d78fc2b713ea2475d919525d0e8019ea390471c9899df1b1345093fb558919
Type
RT_VERSION
Language
English - United States
Codepage
UNKNOWN
Size
0x584
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.80863
MD5
3fc91d51f9d09a682e8a2dfb9807abf3
SHA1
310dd1d0010b460df237700b38b23b411be7fa1d
SHA256
13708ca7e0948842e24c0a6f046d945f33abe29a16d2fce3afa21397d2ccf102
SHA3
3fc3a7b12a43a67f55641b5f869aa775318d266134ac36e29f0bf71a4b199cde
Type
RT_MANIFEST
Language
English - United States
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1
879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256
c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3
93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34
[!] Error: Could not read a VS_FIXED_FILE_INFO!
[!] Error: Could not read a VS_FIXED_FILE_INFO!
[*] Warning: Could not parse a VERSION_INFO resource!