Manalyze report for dd3dca2b3d551af342644b3c325a6092

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-May-10 05:24:51
Comments
CompanyName	Bitnami
FileDescription
FileVersion	`1.0.0.0`
InternalName
LegalCopyright	Copyright Bitnami
LegalTrademarks
OriginalFilename
ProductName	XAMPP
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Looks for VMWare presence: vmware` `Looks for Sandboxie presence: SbieDll.dll` `Accesses the WMI: root\Security`
Malicious	VirusTotal score: 42/67 (Scanned on 2021-09-14 18:11:40)	`Elastic: malicious (high confidence)` `MicroWorld-eScan: IL:Trojan.MSILZilla.1627` `CAT-QuickHeal: Trojan.IgenericFC.S14890850` `ALYac: IL:Trojan.MSILZilla.1627` `Cylance: Unsafe` `Sangfor: Suspicious.Win32.Save.a` `K7AntiVirus: Trojan ( 005678321 )` `K7GW: Trojan ( 005678321 )` `CrowdStrike: win/malicious_confidence_80% (D)` `Cyren: W32/MSIL_Troj.UP.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of MSIL/Agent.CFQ` `APEX: Malicious` `ClamAV: Win.Packed.Razy-9625918-0` `Kaspersky: HEUR:Backdoor.MSIL.Crysan.gen` `BitDefender: IL:Trojan.MSILZilla.1627` `Avast: Win32:DropperX-gen [Drp]` `Rising: Trojan.AntiVM!1.CF63 (CLASSIC)` `Ad-Aware: IL:Trojan.MSILZilla.1627` `Sophos: ML/PE-A + Mal/Agent-AVM` `DrWeb: Trojan.Siggen9.56514` `McAfee-GW-Edition: Fareit-FZT!DD3DCA2B3D55` `FireEye: Generic.mg.dd3dca2b3d551af3` `Emsisoft: IL:Trojan.MSILZilla.1627 (B)` `SentinelOne: Static AI - Malicious PE` `GData: MSIL.Trojan.PSE.1DQ5TRK` `Jiangmin: Backdoor.MSIL.cxnh` `Avira: HEUR/AGEN.1121262` `MAX: malware (ai score=86)` `Antiy-AVL: Trojan/Generic.ASMalwS.3396911` `Arcabit: IL:Trojan.MSILZilla.D65B` `Microsoft: Backdoor:MSIL/AsyncRat.AD!MTB` `Cynet: Malicious (score: 100)` `AhnLab-V3: Malware/Win32.RL_Generic.C3558490` `McAfee: Fareit-FZT!DD3DCA2B3D55` `VBA32: TScope.Trojan.MSIL` `Malwarebytes: Generic.Trojan.Malicious.DDS` `Ikarus: Trojan.MSIL.Agent` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: MSIL/CoinMiner.CFQ!tr` `BitDefenderTheta: Gen:NN.ZemsilF.34142.dm0@aWnrRIh` `AVG: Win32:DropperX-gen [Drp]`

Hashes

MD5	`dd3dca2b3d551af342644b3c325a6092`
SHA1	`6ef551568ac4339259927239eae681decc0dfd05`
SHA256	`d2e755a8909d18be7e01fa96adf5c26c6d0f55a1f539eac1997f36887fb6fe52`
SHA3	`0ff154633ca9d729676c29c2535bc6644de57e174510059a0e8beaf6eea0d853`
SSDeep	`768:wu6cdTAYhbJWUh8Nzmo2qLiOso+Q5ZMsTgOY+n4PIYvl7r0bF6+VrmZRoFl11pm:wu6cdTAu42SL+Q/MsTgOYCYvl7gbF/Q`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-May-10 05:24:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0xb200`
SizeOfInitializedData	`0xc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000D07E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xe000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x12000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`dbfc92d16608c23267e0788962ac5710`
SHA1	`60b2b8d1037c3fd5fe7f99b1b76cac86b03f7279`
SHA256	`00699d14824f763b7e444dbc091c8493027ab1c986f0c44de2b9c0e241775838`
SHA3	`03b07793fc8cf2a89f2bc5dc898ca8941e50671852986488939f473f8f0dd5c9`
VirtualSize	`0xb084`
VirtualAddress	`0x2000`
SizeOfRawData	`0xb200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.61963`

.rsrc

MD5	`23578f93ac96e0ea92fa8f891477ebbb`
SHA1	`12b192958e9057f43641c19194de2943f0c6d90c`
SHA256	`8c5ac7a08689bf7e261e76f5bee9f33acc97af95ef982bad6c1c6e7d6a9308dc`
SHA3	`6bd8596e01a4e0c7063fa798802a577b24c77a8ff9ca38a45bc51a9a4f686bd7`
VirtualSize	`0x814`
VirtualAddress	`0xe000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.15497`

.reloc

MD5	`4cabfef58a4e8716ddd98e1c6e729d0d`
SHA1	`d43e4f428600065d6587b01053c40e0e17fd2a11`
SHA256	`710c6c3887a31ddef8447c498ff1fb3e6d8e528baebde1912c5cdfff00aea2b2`
SHA3	`7407faaddbc316b69960e09bcbdff4a931c02a6e3462161ab6dd305f92e38657`
VirtualSize	`0xc`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20445`
MD5	`770344b5e43baa992d1070bb6cb71e6c`
SHA1	`c8a9116a9e3bc545d045c368a780d562fae7ea8a`
SHA256	`98ce51babf233dad68d79d5ced49293cc0e0b19a5755fb974583db1bc5fe326f`
SHA3	`c5bb0c154fdd5d0f72b7456b7e5e87560c79de0a46d0424e5f92682f59f7330b`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x493`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22615`
MD5	`f3d7095de1636559aa56ad81b25bbff9`
SHA1	`6a55e1445c1c915664fba385828c5a0078fe460d`
SHA256	`4ff1c75a93b2280dabe75acecade82d644388c9f4412565d846aeb396bfdc133`
SHA3	`66d420e8633fd20ebea3048e5ed6afe3cf66dcb6d5041729ab7c7faa44b0a1b0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Bitnami
FileDescription
FileVersion (#2)	1.0.0.0
InternalName
LegalCopyright	Copyright Bitnami
LegalTrademarks
OriginalFilename
ProductName	XAMPP
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

dd3dca2b3d551af342644b3c325a6092

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors