Manalyze report for dcd7634cd980838b5de7e76f9751182d1d52d03de4f5cad560379564c7c5c0e2

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-26 01:15:54
FileDescription
FileVersion	`0.0.0.0`
InternalName	RichardLauncherLite.exe
LegalCopyright
OriginalFilename	RichardLauncherLite.exe
ProductVersion	`0.0.0.0`
Assembly Version	0.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 8.0` `.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	`Contains domain names: https://pyro.rocks https://www.pyro.rocks`
Suspicious	The PE is possibly a dropper.	`Resources amount for 93.6632% of the executable.`
Malicious	VirusTotal score: 11/71 (Scanned on 2026-05-27 14:53:28)	`APEX: Malicious` `Bkav: W32.Malware.92D7D110` `CrowdStrike: win/malicious_confidence_60% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Kingsoft: malware.kb.c.773` `MaxSecure: Trojan.Malware.300983.susgen` `Trapmine: malicious.moderate.ml.score` `TrendMicro-HouseCall: Trojan.MSIL.Gen.TL0101ER26Y9` `VBA32: Downloader.MSIL.gen.rexp`

Hashes

MD5	`b2762136010a7460fc8e31935d92a343`
SHA1	`1fbacf947503b4439b0f86c9e0b0fc07c9aedc23`
SHA256	`dcd7634cd980838b5de7e76f9751182d1d52d03de4f5cad560379564c7c5c0e2`
SHA3	`9a987e236acc641845132c2006220c62ee630b0b003f19390a9ff18a31e84dc8`
SSDeep	`3072:vFmZ6mQu+nQwxbyyFyyyyyyyyyyyaQg1gQN+mwNBtLC18zYGUYajGsNubWqjLXS:vF66lQwHQg1gQN+mwNBtLQ8oQtQn`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2026-May-26 01:15:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x5a00`
SizeOfInitializedData	`0x5b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000794E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x66000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ce6f4631edef6a9212b84a36cdeccde6`
SHA1	`cf502da5bb8004ac37106fb7971689383d404996`
SHA256	`089fe593476bf02f741fa76669bf11b3e719de5610e53f321df2ef6ea571fab3`
SHA3	`34761f4e912ff5d8f0a2926d179e8326926aa0b64c61c8d18399d410526df27c`
VirtualSize	`0x5954`
VirtualAddress	`0x2000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.61958`

.rsrc

MD5	`e3efb9ebe2990b82c46bac1f13ed502b`
SHA1	`f98da0ab98037d8298c660e2296be2c3d3807a53`
SHA256	`59afec471fa08dd32fdebb11c5430c81d73f2e4bb680fec6ef0b42df02aa85d6`
SHA3	`a0e76f1ee0d1b4be0aca56b3320747b69f1f88d95e8d5b60b21e3397a91aebc3`
VirtualSize	`0x5ac10`
VirtualAddress	`0x8000`
SizeOfRawData	`0x5ae00`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.16422`

.reloc

MD5	`07516e9b7c94d7cd6e5030a507f02055`
SHA1	`224a9539c98363348be778db8272520023d4d31a`
SHA256	`7eb6daa052bda2701b364bd9e26607de7544d5e5c86db8d127cb3835e08a7ff1`
SHA3	`9f013f1bba1f34755c08a9b728a9477269956f5d44d022ade02b765721b29abd`
VirtualSize	`0xc`
VirtualAddress	`0x64000`
SizeOfRawData	`0x200`
PointerToRawData	`0x60a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08237`
MD5	`7d129a86a808f1ee743cf3d32493c89d`
SHA1	`9d8c261431ccda27f9fe713bcc7d2a61b275cdb9`
SHA256	`dd69a4ba1f557f37671363d6be5fb325072ff16e1dc0928bab416cd59dd3088c`
SHA3	`ce975c005ee8fe789a2fbd2126234ea9bbe6367dfdb4113a861cee8ce2056faf`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19527`
MD5	`950070a218a5751787fc613661827ded`
SHA1	`983bc700134dcf06939a8eb86ffa971f5cebd61f`
SHA256	`6f59e31206b2e5f330b4254f5e9ef90eb6819ccc4b000cb0bc0ae1c218c84dcd`
SHA3	`086e048266cc4c5b949bc43fb225007c1e44d6cf9569bb2cf8ab8d352ffcc4b0`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43214`
MD5	`0843279e66f5f349b477c9711866783c`
SHA1	`ae0d960e6d5d17c4097be7dd368728aa6a96765d`
SHA256	`88235fe5a089ffee8e5db9d048a000d235627c5e27b7fbe69a93a65fe9828641`
SHA3	`62dc8f3178067ac9c364a2b85935cd5c22d9f025c91c758ff210d64f98ae4d01`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63313`
MD5	`92daf3104453b548c1f56f666ecc04e4`
SHA1	`feecbcf522ed4ae4f50ae237c3a601af4e78e106`
SHA256	`fceec82e7af0d3a8d64728081c5ca3cf35fd34df4664d167611e3cbfa70b1921`
SHA3	`0359932d46ed1730275d2c8cd850ecd4bbbf34427ca72d5535b3e18f182a3de3`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.82798`
MD5	`7f523dafff2dfa35c474d22dbe84f3e8`
SHA1	`a307b09b4929bfa8754b092635cc18b0992a85ec`
SHA256	`00ca0259dc7940b8a74afcc7fe6b3e0893091b919ae929598f8de6684a7a2345`
SHA3	`543653b624ee07ac8329444ba1f4a5e4e06e7507d3b63ae70325b7dbfaaa83f0`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36778`
MD5	`d7faec87aa07eaf96b0881d7b9f9dca1`
SHA1	`49d36d9441c77f398b068e97f0e883c3987c4ee6`
SHA256	`545ce64d41f11234a5f8163fc000137dd239b953990e2ad556da2f64ffacebc3`
SHA3	`62fa1a11fac77f46a99c99af599bed1f3efb72902597b02b3282ddb29851431f`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76511`
Detected Filetype	Icon file
MD5	`0b18f8da8dfbb1ed079c0d323ec53a3c`
SHA1	`f58d98419639fc7fd878bdef276c05a76b436990`
SHA256	`48b99bd54b2fd532ef2a2319f0c72506381d8bdb8eb782ced9d668aba31a9817`
SHA3	`29e4285ade16934564970a6a7cdd586e2894535077d64bd59b9fe10aca2129a7`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x274`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19922`
MD5	`5cfa4ddbdade52058164e0e7300406ef`
SHA1	`cd8367075e3098477bd005de2e8e80ef5cb78821`
SHA256	`a828748ee36463dc9612eac3dc955db0e699c31deca7f9dde536792add0b10a9`
SHA3	`44b927b650d2a470d8852f971f0f335949279456fc55a9fe7ec614e98b11e005`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	0.0.0.0
InternalName	RichardLauncherLite.exe
LegalCopyright
OriginalFilename	RichardLauncherLite.exe
ProductVersion (#2)	0.0.0.0
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.