Manalyze report for d96ee9703c6b3dc6289b9d7da7ff7569f81c54028473c8605a3e72306e796ad2

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2095-Oct-14 01:05:29
Comments
CompanyName
FileDescription	PhraseExpressKeygen
FileVersion	`1.0.0.0`
InternalName	PhraseExpressKeygen.exe
LegalCopyright	Copyright Â© 2021
LegalTrademarks
OriginalFilename	PhraseExpressKeygen.exe
ProductName	PhraseExpressKeygen
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	The file contains overlay data.	`16 bytes of data starting at offset 0x84c00.`
Malicious	VirusTotal score: 49/63 (Scanned on 2026-04-07 04:34:11)	`ALYac: Gen:Variant.MSILHeracles.31115` `APEX: Malicious` `AhnLab-V3: Trojan/Win32.Agent.C59497` `Alibaba: Trojan:Win32/AgentTesla.b5eac85c` `Arcabit: Trojan.MSILHeracles.D798B` `Avira: TR/Crypt.XPACK.Gen7` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `CTX: exe.trojan.msil` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.PackedNET.620` `ESET-NOD32: MSIL/Kryptik.CHY trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.MSILHeracles.31115 (B)` `F-Secure: Trojan.TR/Crypt.XPACK.Gen7` `Fortinet: MSIL/Kryptik.CHY!tr` `GData: Gen:Variant.MSILHeracles.31115` `Google: Detected` `Ikarus: Trojan.MSIL.Crypt` `Jiangmin: Trojan.Generic.hixcv` `K7AntiVirus: Trojan ( 005d4a401 )` `K7GW: Trojan ( 005d4a401 )` `Kingsoft: Win32.Riskware.Keygen.fn` `Lionic: Trojan.Win32.AgentTesla.4!c` `Malwarebytes: Generic.Crypt.Trojan.DDS` `MaxSecure: Trojan.Malware.325357590.susgen` `McAfeeD: Real Protect-LS!AEFDEF3FF3CA` `MicroWorld-eScan: Gen:Variant.MSILHeracles.31115` `Microsoft: Trojan:Win32/AgentTesla!rfn` `NANO-Antivirus: Trojan.Win32.Kryptik.kaajuo` `Paloalto: generic.ml` `Rising: Malware.Obfus/MSIL@AI.98 (RDM.MSIL2:4aa0P3zFU2jZwnS/4Odh0A)` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.13b8ce98` `Trapmine: malicious.moderate.ml.score` `TrendMicro: TROJ_GEN.R002C0DJ923` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9z` `VIPRE: Gen:Variant.MSILHeracles.31115` `Varist: W32/Risk.AGXJ-7931` `VirIT: Trojan.Win32.MSIL_Heur.A` `Xcitium: Malware@#2gbewyzi1e4my` `Yandex: Trojan.Kryptik!cJuHQc1E39k` `Zillya: Trojan.Kryptik.Win32.3614069` `alibabacloud: Trojan[dropper]:MSIL/AgentTesla.Gen` `huorong: Trojan/MSIL.Agent.ll`

Hashes

MD5	`aefdef3ff3ca427ad7e0cc5b25e2010e`
SHA1	`6828b9e6d5aad769364341f98cba5d071be28075`
SHA256	`d96ee9703c6b3dc6289b9d7da7ff7569f81c54028473c8605a3e72306e796ad2`
SHA3	`68e94cdfd401c4aff2efc18e402e743971e76dc4eacc71db2c102fe953edd4de`
SSDeep	`12288:jeiA4kIIPDoKcTi+4QPWVwC/9K83uPvFTDGdzeYQfMiUXRb6RiQPToNTuaccRLv4:jeiA4kII7oKcTi+4QPWVwC/9K83uPvFB`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2095-Oct-14 01:05:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x4c000`
SizeOfInitializedData	`0x38a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0004DEFE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x8a000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`366f92d531f25d54788f84d05267a51a`
SHA1	`8609943c35d4dc076fd46d47162eb1d579d7e843`
SHA256	`8d1183893f4ad4924ca57e1b6d538ee192f9ae5be674ab1e59dc476a3b510efb`
SHA3	`d4713f9c44cbfa3cceccaa26f42a3bb9c1a5d88f20db49740e2230c085eb80cc`
VirtualSize	`0x4bf04`
VirtualAddress	`0x2000`
SizeOfRawData	`0x4c000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.95051`

.rsrc

MD5	`8fe0385a1f47543d696c6d3c2b8baccd`
SHA1	`55ae7583e00c80943351a445b4c6b60595c09766`
SHA256	`1208adcc951f9615ad6f68e82b67fba4d78b3ce3bc77ed367eb7980c9aac4953`
SHA3	`119726ef92516b0e6ddcb69e6220908817cf6138d90915f28405cbdca8942554`
VirtualSize	`0x38800`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x38800`
PointerToRawData	`0x4c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.98742`

.reloc

MD5	`7c7108a001f4b4dc36a956e163d8cedd`
SHA1	`e6585c11e4544cf042420899d87183b647d16327`
SHA256	`3d574265daafede18290f288d550c02c2b3c6b6cae6767498c032d1a4bac91c9`
SHA3	`a6e358c36421297cc646a8c41246eab17012cd8e50d4da3837d184d4891b511d`
VirtualSize	`0xc`
VirtualAddress	`0x88000`
SizeOfRawData	`0x200`
PointerToRawData	`0x84a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x108cb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98633`
Detected Filetype	PNG graphic file
MD5	`2ec5f5827e4267e84a2e6b2948aa2e12`
SHA1	`081a68fd39d511399ce9e9cad916b9f5f88cff68`
SHA256	`a15022bbd4335b1fbe4179afc9f23954a46a184873db85a8bb7cc452943df3b8`
SHA3	`c8526e624d7090231993dd190a9bf2ee2b60bb48f61bc1500b00c28e2da07985`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.59561`
MD5	`52f99aa30de980d137838ee4dd0797d9`
SHA1	`96caff9c8ec5d6d27597da269b570a8cb11fa0a1`
SHA256	`379bef6313e156b0ea327863378ef49cc0b73d797ea059fb107608990130707e`
SHA3	`849966ed88cc1a67b1f23e020cb76d3ef7e0181b4183fd5ca6dbe2cef6991262`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80877`
MD5	`1e14447ae9987c998594b601f36c35f3`
SHA1	`a14155347298821267024fed2c00eba1c0d58c6f`
SHA256	`72866a501b921bf8e955e2df1c3893d41147f5c5cc2e284c83bf80ea538f2895`
SHA3	`abfb2a9b4a8b40042730d0cea4f964d82d7107818fbe9b17bc8f493e33fe7bb2`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8005`
MD5	`291be022dd881a3726c3cdc359824e22`
SHA1	`9ee593381d8f44d4e3992dc213e7ffd5672e75ed`
SHA256	`ed696bacd92a5c38cc22000501022d2a7163e2124bb21315bbd37f394e12d20e`
SHA3	`1aec15b84e493430007eb6a9438601ed474b576b26fcd409b90d1e2a269352a3`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77517`
MD5	`a59656604cb5cf699a02088053dcf87c`
SHA1	`068726888d2ff57e14ff42f5967c51a6412746ab`
SHA256	`0f8abe7e9ce3a9f662ec321c134a900ad163035b6b9702ee691ca42a8f389c17`
SHA3	`8da15506d3c96fbafd3c5d000791fb041e4c6f38c9f6d50f787c7011194c8d07`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00195`
MD5	`d7d7f6eb29796548f24f0358fa82c4f4`
SHA1	`b1a06c9b3e471ce780ebebb05fe46473cbbab5e4`
SHA256	`f04687719f2869709c8daf8995366be233833e05df23789f434df7605988f3ee`
SHA3	`f812f0be9f2872d580a6fc806a2cb09365fa3de11edae73ecea1a818242cad28`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02277`
MD5	`81f48adaf06515c11bf743d9a746f699`
SHA1	`97b493c99cc5981b9e2389cbd385f9cbec78a222`
SHA256	`c3a07e124b3e35f304506c1fe39523e41c82e48cb3920676d20dd4432a7b88ca`
SHA3	`e527aacd9cc0107cad489d382cccb01abdb57d03e5f0ea58f7799e9fb8c67675`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29044`
MD5	`a773854b3bfeb355716f2cd3a6484eb7`
SHA1	`d38e44ec286b32155fc7ce7b68acb3533d46a4d1`
SHA256	`d676867d2042cbe03818ff1400f9e4210a7298494ebf401d3a48ad6d240880b1`
SHA3	`991aa2750168e84867539718c4d91dbe8e0d5ca4739f44add3556fd1ec4346f8`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28126`
MD5	`00411a24c12a4912cdb2efa64e3ab78e`
SHA1	`e0e200b86a11f542d9d2e473c40c61f6c6ab1abe`
SHA256	`c71f58e0f2d40ab4f73747b827087605c54ad356daa70eb3268c0cd028e11605`
SHA3	`dc23f9b30310c6886e8c003808080c8295005dca9e734e1b259b3228a5cd3a91`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03222`
Detected Filetype	Icon file
MD5	`9371e0da765d8397c00b46d4aa9d0193`
SHA1	`2fbed7efc699cdb8e4a4987b1450e38ecafc840c`
SHA256	`003a8ee98e3d4b2bb40348927c4d019a0918de90d2dd3aee094a1ddbb227d265`
SHA3	`2f9738f191b0294cabcdf890e5982580be349c1b04f79f6accbca90ef16b393d`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x36c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28477`
MD5	`8cba1c0d481484d6a8b4d0159f9f4ab7`
SHA1	`00440d9f02435258f558c2f88db88312c1e3b555`
SHA256	`4d88afeb736d7fb0e70a09302b50fa7d9ba1fc70b88b770f8c3eedd9f3449ea1`
SHA3	`d30c4ebda1dbeeba66a7775643f07c927f7dd4b25c3e9b7ad6617d59c16743ac`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	PhraseExpressKeygen
FileVersion (#2)	1.0.0.0
InternalName	PhraseExpressKeygen.exe
LegalCopyright	Copyright Â© 2021
LegalTrademarks
OriginalFilename	PhraseExpressKeygen.exe
ProductName	PhraseExpressKeygen
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.