Manalyze report for e91fa8296b55acea94ac7b4d43800043

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Sep-15 11:54:23

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://www.smartassembly.com http://www.smartassembly.com/webservices/Reporting/ http://www.smartassembly.com/webservices/Reporting/UploadReport2 http://www.smartassembly.com/webservices/UploadReportLogin/ http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL smartassembly.com www.smartassembly.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The file contains overlay data.	`15720 bytes of data starting at offset 0x43800.` `The overlay data has an entropy of 7.98882 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 21/67 (Scanned on 2020-09-15 10:37:35)	`Elastic: malicious (high confidence)` `Sangfor: Malware` `Cybereason: malicious.f9410a` `Invincea: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `APEX: Malicious` `Kaspersky: HEUR:Backdoor.MSIL.NetWiredRC.gen` `Avast: Win32:RATX-gen [Trj]` `DrWeb: Trojan.PackedNET.276` `FireEye: Generic.mg.e91fa8296b55acea` `Ikarus: Trojan.MSIL.SmartAssembly` `Microsoft: Trojan:Win32/Woreflint.A!cl` `ZoneAlarm: HEUR:Backdoor.MSIL.NetWiredRC.gen` `ESET-NOD32: a variant of MSIL/Packed.SmartAssembly.AZ` `SentinelOne: DFI - Malicious PE` `eGambit: Unsafe.AI_Score_98%` `Fortinet: MSIL/Kryptik.SHS!tr` `BitDefenderTheta: Gen:NN.ZemsilF.34242.rm2@aO7BNtd` `AVG: Win32:RATX-gen [Trj]` `CrowdStrike: win/malicious_confidence_100% (D)` `Qihoo-360: HEUR/QVM03.0.F16E.Malware.Gen`

Hashes

MD5	`e91fa8296b55acea94ac7b4d43800043`
SHA1	`b51bed4f9410a8c6db0e60083369f6e68019dc4e`
SHA256	`026bd73fce61c5177854904260c7aadb7eedaab416ea11d6c12b6a87f75d39f4`
SHA3	`ca358fbc8e705b8b79c2bfe1a42e01fcc39984f0079e523059ddb9b3d3e1fe8b`
SSDeep	`3072:wj12CnpWsqVA4osZaBbtVyc9g5GQtjtKduS39rZmOldMiYUNtpTM2iaMwByjUX1:yhTHbbXycYGQtjtKdTl5tI2AebX1`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Sep-15 11:54:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x40600`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000425F7 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x44000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x4a000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f69fac17a57e44f2aae5cbc793461c3b`
SHA1	`70eb4a3c87e80d33b3aef05e75bda9a30f33278a`
SHA256	`b0c56ad35788d007f8f2004187b006b40fcfe4c15b06fb6f8eab11bfdd989680`
SHA3	`a0367f16c064a7adf9acee1ffefdd4c71302f8a5405314062331dc59c105ebc5`
VirtualSize	`0x405fd`
VirtualAddress	`0x2000`
SizeOfRawData	`0x40600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.10036`

.rsrc

MD5	`d98b9c03a01eed22e35bf441611fd64e`
SHA1	`9ec8bb8cc6fb534290a77089ee2cd0119b0d815a`
SHA256	`0c2a52f7de3410693100b9330795db51bd8c3e5508fb942f2494f44e6c212e9b`
SHA3	`e745be5ea6e6159f7039c802f8caab298aebb6733f4317a19d0dc20fb9b40972`
VirtualSize	`0x2cea`
VirtualAddress	`0x44000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x40800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.57317`

.reloc

MD5	`133375d138e3827984d7cd00103dbabf`
SHA1	`0e4f07caa73263bcfa0c7bfcf52cc4b903117fec`
SHA256	`df09760540369fe6b47936413ca737f46db8ac1b68c06f014bf77388095bf6b4`
SHA3	`363e51518d5f1fe77a414cacfa6c03a28621b3ea54701efc78ed3b915b42bf22`
VirtualSize	`0xc`
VirtualAddress	`0x48000`
SizeOfRawData	`0x200`
PointerToRawData	`0x43600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1b8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83901`
Detected Filetype	PNG graphic file
MD5	`c88936dd1a7d59c4403d6babb04dd87e`
SHA1	`cc33904defad90d05ccec92b7fff7d5902941795`
SHA256	`ea057e896209478d8290a1b526cae84f2509678d866d08382614707f3b710d47`
SHA3	`28528f7316cb893a622c6611bbd967fcc40de2bf615e7332dee0fbd31997398e`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.29968`
MD5	`092bef43014ecb8adbaf06131ce5e40b`
SHA1	`1b15bd67961afbecb0cbbd1183c2d0dc9ed9e7cf`
SHA256	`f50850ec3e997252b5533691868d04c15e923efe4f694c0ea8126f612e60404c`
SHA3	`cab0b87867861997a7a03b362811b9052b40dea25bcd54a88c60956b6f6e9968`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.6735`
MD5	`3a69266d6258e81e65a29138c95fe2a8`
SHA1	`606560abf36b292f238d7ad4aa6c09ec8a21f8a3`
SHA256	`bc1cb94bcc63c8541ff535da88ed153ff3346db3fb93fc27fe87d414b2038dc4`
SHA3	`4204359c479df05357b6bf705b0d2961c1a4317d43977784fcf2835e25209f54`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.73746`
MD5	`75705b8eedfc400d14f7ae9c8f40935b`
SHA1	`ebecc73c1403107ce631cc21a6c4262a4c0ee1aa`
SHA256	`c433628ee32bb8698e81f2ebb23d615e4bcf34ba954055410c64c3638c95503c`
SHA3	`3b0525e50fdad680ebf6318fef60a34ffd36ae26a82fa7bb4675d27b0227a0e2`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69265`
MD5	`76b057741da4577549a4b9ef8f585bb3`
SHA1	`4d4f6f821507639f8214bae9aa2be1f480b7e844`
SHA256	`b008246dad106e522b98810ce6bc1212c8f12e78a6f77506283782438ea5b65d`
SHA3	`acce4c5df16010fce31dd43cfe4645d11a9aadc7ccd5da162bdbd154c1ac9b78`

1000

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78538`
Detected Filetype	Icon file
MD5	`53975c41e7520296015f9db3f16a6c74`
SHA1	`03aad254664361f296e2c982968d4afb537a573e`
SHA256	`4041084c14f8f142bf7919feedf1437c9bdb5c3040db4a2bd2b0cf387f006fcf`
SHA3	`79879cd09c0a4a1d24967b53fe230d9ae0fc1613299a75561402de6ad65509c7`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41199`
MD5	`1995c6684c046eae7c01a93147e1746a`
SHA1	`cb925fb4cb8db49567ca1c4675a677ea7256f6d8`
SHA256	`149a812d77b0553dc00b153623252938d0fa94e6475f8e53b1ef15da4fa0a273`
SHA3	`684c5afd1042eeb64085439802f608472e66f88a3f32ee686e1c298147d80933`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read a VS_FIXED_FILE_INFO!
[!] Error: Could not read a VS_FIXED_FILE_INFO!
[*] Warning: Could not parse a VERSION_INFO resource!