Manalyze report for e6fa3028cd03318496852718143d256f

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2014-Dec-13 05:09:01
Debug artifacts	d:\Projects\My\loic\loic\obj\Release\LOIC.pdb
Comments	TCP/IP stress-test tool
FileDescription	Low Orbit Ion Cannon
FileVersion	`1.0.8.0`
InternalName	LOIC.exe
LegalCopyright	Public domain
OriginalFilename	LOIC.exe
ProductName	Low Orbit Ion Cannon
ProductVersion	`1.0.8.0`
Assembly Version	1.0.8.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	`Contains domain names: https://j.mp`
Malicious	VirusTotal score: 46/70 (Scanned on 2021-04-05 19:20:32)	`Elastic: malicious (high confidence)` `MicroWorld-eScan: Application.Hacktool.US` `FireEye: Generic.mg.e6fa3028cd033184` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `ALYac: Misc.HackTool.Loic` `Cylance: Unsafe` `VIPRE: Trojan.Win32.Generic!BT` `Sangfor: Hacktool.Win32.Agent.sc` `K7AntiVirus: Trojan ( 700000121 )` `BitDefender: Application.Hacktool.US` `K7GW: Trojan ( 700000121 )` `Cybereason: malicious.8cd033` `Cyren: W32/MSIL_LOIC.CRA.gen!Eldorado` `Symantec: Hacktool` `ESET-NOD32: a variant of MSIL/HackTool.LOIC.AF potentially unsafe` `APEX: Malicious` `Avast: Win32:Loic-A [Trj]` `Alibaba: HackTool:MSIL/Uflooder.7cd5d9d1` `NANO-Antivirus: Trojan.Win32.Mlw.eswpzj` `ViRobot: Keygen.136192` `Ad-Aware: Application.Hacktool.US` `Emsisoft: Application.Hacktool.US (B)` `Comodo: Malware@#2bq2788hhdirm` `Zillya: Tool.LOIC.Win32.151` `TrendMicro: TROJ_SPNR.0BA015` `McAfee-GW-Edition: HTool-Loic` `Sophos: Mal/Generic-R + Troj/Loic-A` `Ikarus: HackTool.Loic` `Jiangmin: HackTool.MSIL.aet` `MAX: malware (ai score=100)` `Kingsoft: Win32.HackTool.Undef.(kcloud)` `Gridinsoft: Trojan.Win32.Agent.dg` `Microsoft: HackTool:MSIL/Uflooder.C!bit` `SUPERAntiSpyware: Hack.Tool/Gen-LOIC` `GData: Application.Hacktool.US` `AhnLab-V3: Trojan/Win32.Loic.R131592` `McAfee: HTool-Loic` `Malwarebytes: HackTool.LOIC` `TrendMicro-HouseCall: TROJ_SPNR.0BA015` `Yandex: Trojan.Igent.bTL4uG.3` `SentinelOne: Static AI - Malicious PE` `Fortinet: Riskware/Loic` `Webroot: Hacktool:Oylecann.A` `AVG: Win32:Loic-A [Trj]` `Paloalto: generic.ml` `CrowdStrike: win/malicious_confidence_100% (D)`

Hashes

MD5	`e6fa3028cd03318496852718143d256f`
SHA1	`4c85973d612cd1955163c244c9c334d3a0c507cb`
SHA256	`f60a52512773b52def9ba9ce8aad61144d2cf351f6bc04d1c5a13abef8f3b89b`
SHA3	`27e774d8906ebd6e6995d0213839b78625cd344f2c1ddf26b871561fc9b0e522`
SSDeep	`3072:aMGPLnkqtBoZ9B8ocW48kLcOpd29oRFdf:aZP7dXoZ9B8GJkVrd`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2014-Dec-13 05:09:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x1c400`
SizeOfInitializedData	`0x4e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001E22E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x20000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x28000`
SizeOfHeaders	`0x200`
Checksum	`0x291ed`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`91d7761ed2be0aa5f9889aa76c93769e`
SHA1	`1f7821bc964c8c537d05f0205efc50c35f0e123f`
SHA256	`4b0825a64a56cb56e1298771dc78e2c7dec642393e5892300c527f13892cdfcf`
SHA3	`25724e75faf487da2dfb32b58dc98dee9d26330808df04bf46d1d5e6df5c01cd`
VirtualSize	`0x1c234`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1c400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.57679`

.rsrc

MD5	`e2762b97e29e1c2281748ecf9fd849e0`
SHA1	`cd9615c84b95462346761f7e9e80520331e31740`
SHA256	`4e231cc4ff46fb90d4be40d22c3ffd34555a110037e499ad0cc2384620f8b2c7`
SHA3	`d0e89ea3d5729797b10812ce2759245d9fda2587c9becd9b556be8f9f42e5ea3`
VirtualSize	`0x4b40`
VirtualAddress	`0x20000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x1c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.52139`

.reloc

MD5	`d50e5b571437d0649b0c67f3dac907de`
SHA1	`1b86c8ccbad0d2ac3a4452b494fd5e0a46b368a7`
SHA256	`a756dffa2e2d6bba146e97569d54c416f8f38132f7b78e58f3760e49e2c6deaf`
SHA3	`574c77b7aa9b5224286d46a212ee8742da4e186a3e9bc8e36681644c69cc652d`
VirtualSize	`0xc`
VirtualAddress	`0x26000`
SizeOfRawData	`0x200`
PointerToRawData	`0x21200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.3006`
MD5	`327b3e3cf9df1b473c9a53eb1b47332e`
SHA1	`a3a29508313924e41fe23cfc35985471cbaa35a6`
SHA256	`928bbd9c4b91e56e0c4070a3ee9a8dc3732eb8aca80a047209dc1d37b6fe3e57`
SHA3	`c22585486cdd0d6a03225d1f1659a349a0dd866eb5d4ab4e9085a6a5ee4ed4a8`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12381`
MD5	`773ace57c7445a4bec89bceb1302837a`
SHA1	`f59ea74381c29a2298b0b666f9b196ec359c3c58`
SHA256	`dfe9c530b3f3d6cb0b819312377c3b3b920d164eea602c59a514d3cbb763ab7b`
SHA3	`6639f139d5dca850583c0ab6289c904720be3b83143d0f5ec2aaf7a82f52796d`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.30411`
MD5	`5579f76238c73a32e469436765c89f33`
SHA1	`f47938adc1b8002bf11f847fbf3723abf74028e0`
SHA256	`1f286451ff592b2c06798da95a1c2405749a13760dca38e59e5c0a9957ed1ab4`
SHA3	`d9d5f358f671d398f6596d9327a6e112064d8f6bcb35f458edd788bf65403764`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.97706`
MD5	`1779d986d61b0ed5c2381675daa611c1`
SHA1	`5b1bc6df388211b017de2feb7715ca0a36a95817`
SHA256	`9603b5a0df2e8e87a036dd93bb61c9516d71260e792938533416631ec1ffa4ab`
SHA3	`6af968961fb9da888e7fafacaa4b7c7766b77a382b27c8fc2da741fde6edb0da`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68598`
Detected Filetype	Icon file
MD5	`032cd024a49e37ce77d4720582291440`
SHA1	`5eab7e784b579aa72de4a04121ef7d7e865c596e`
SHA256	`99e222853c95957d4e8af20500231dfb884884edbcc1ad69e3c80259997cf285`
SHA3	`3e83ab44888a5add78bcb22cb695904ff021e172bfb0a03ac98c03ac390040a7`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x310`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31386`
MD5	`21a6496ab73cacea1b59dd88f4508d4b`
SHA1	`2750332cbee789183f3cf595238c11f51c0854d2`
SHA256	`e5863482206c048f9f16e56153de1a872d73eaead313c6a722ea7feabbc3ad7d`
SHA3	`72eb2db3bd8e8408af94a3e9d9c2b3aa7c1818e3785ac4b023503e49f0a04ef0`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.8.0
ProductVersion	1.0.8.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	TCP/IP stress-test tool
FileDescription	Low Orbit Ion Cannon
FileVersion (#2)	1.0.8.0
InternalName	LOIC.exe
LegalCopyright	Public domain
OriginalFilename	LOIC.exe
ProductName	Low Orbit Ion Cannon
ProductVersion (#2)	1.0.8.0
Assembly Version	1.0.8.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2014-Dec-13 05:09:01
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x1e0c0`
PointerToRawData	`0x1c2c0`
Referenced File	d:\Projects\My\loic\loic\obj\Release\LOIC.pdb

TLS Callbacks

Load Configuration

RICH Header

e6fa3028cd03318496852718143d256f

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

2

3

4

5

32512

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors