Manalyze report for ec79d5c6e8026d3ea29a7dc45ca9dd59

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Oct-06 07:45:06
Comments
CompanyName
FileDescription	2Friend
FileVersion	`1.0.0.0`
InternalName	Mobi Fastpay.exe
LegalCopyright	Copyright © 2015
LegalTrademarks
OriginalFilename	Mobi Fastpay.exe
ProductName	2Friend
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Suspicious		`Unusual section name found: \x17f\x1cpj+[L` `Section \x17f\x1cpj+[L is both writable and executable.` `Unusual section name found:`
Malicious	VirusTotal score: 23/68 (Scanned on 2018-10-06 08:05:46)	`MicroWorld-eScan: Gen:Variant.Razy.398624` `Cylance: Unsafe` `BitDefender: Gen:Variant.Razy.398624` `Symantec: ML.Attribute.HighConfidence` `Kaspersky: HEUR:Trojan.MSIL.Agent.gen` `Ad-Aware: Gen:Variant.Razy.398624` `F-Secure: Gen:Variant.Razy.398624` `Invincea: heuristic` `McAfee-GW-Edition: BehavesLike.Win32.Generic.bc` `Emsisoft: Gen:Variant.Razy.398624 (B)` `Ikarus: Trojan.Confuser` `Avira: TR/Dropper.MSIL.Gen` `MAX: malware (ai score=83)` `Microsoft: Trojan:Win32/Fuerboos.A!cl` `Endgame: malicious (high confidence)` `Arcabit: Trojan.Razy.D61520` `ZoneAlarm: HEUR:Trojan.MSIL.Agent.gen` `GData: Gen:Variant.Razy.398624` `ALYac: Gen:Variant.Razy.398624` `SentinelOne: static engine - malicious` `Cybereason: malicious.fdcabc` `CrowdStrike: malicious_confidence_100% (D)` `Qihoo-360: HEUR/QVM03.0.56EB.Malware.Gen`

Hashes

MD5	`ec79d5c6e8026d3ea29a7dc45ca9dd59`
SHA1	`93de6d9fdcabcde8dd69de5813c4aa3d04d409bb`
SHA256	`a75a355ee85b34b63560c8aaf922b817711e43fb4ee3cef7a8ab5355df8461d3`
SHA3	`388b61de0450327ccdfb56d48e8f9892b32fd49df60cd625234a80201f702531`
SSDeep	`12288:JB055hVhXbUdqVdQw8DtzMSk6awDgh78gNm2m20OlQ147l56JnQ0EFURc23Okhx:JO551Lsgr81LzPDE7RNlf6Ul56a0`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Oct-06 07:45:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0xa600`
SizeOfInitializedData	`0xb5a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000C800A (Section: )`
BaseOfCode	`0xb0000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xca000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x17f\x1cpj+[L

MD5	`209c721fc719d374a8e65eb55cec5cc7`
SHA1	`baf58b6b3c215d5cb031103f81620d87371a740d`
SHA256	`b20b307343f6d524814cc58a37169b69e050baddd135f51341e820c2dc672a5b`
SHA3	`dbfa1f1e9779567cb47257686c54d45a38bfb4961724c75b3ba49d3943ebc51d`
VirtualSize	`0xad320`
VirtualAddress	`0x2000`
SizeOfRawData	`0xad400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99974`

.text

MD5	`5299c304fa592e5f1d83c7a86dbfdfd8`
SHA1	`74d7e1a522e203abd27584cecba76d9a09bd949d`
SHA256	`6b8f0d4d47106b61a32bc04eb4cd0176dc2864c3d024d3f605ba3f44e8f03122`
SHA3	`6745fe61db21859607e5fb8de705fe39515d8d62e95d72be4117385a301a5af8`
VirtualSize	`0xa280`
VirtualAddress	`0xb0000`
SizeOfRawData	`0xa400`
PointerToRawData	`0xad800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.61157`

.rsrc

MD5	`52a990130d8b5cac60759258924f5881`
SHA1	`2d72d6b0f350d54db2044dc35254cca15ac89309`
SHA256	`e6bc44dda47ca4b909bbc153d1611f45b2ed47782e7a7455e9a556f4e0cc9ff7`
SHA3	`b8c3b0e63ab054c447fcfcc7d9b14b1a9baa675df564af68f08e9fac0e2415be`
VirtualSize	`0x83f0`
VirtualAddress	`0xbc000`
SizeOfRawData	`0x8400`
PointerToRawData	`0xb7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.27959`

.reloc

MD5	`1e8a07159c110dc8e35ff6ce91fe7ba2`
SHA1	`83761bac0576fbf910d38e2245e8e303fd03a9bc`
SHA256	`2bdf81505716ec4d03b5948bc3de6261f84cd883bc5825a7a04d7c3a2e9be9c1`
SHA3	`ec238f2368acfd55da492185e871c09eb71ff5d4f43bc2b8cbba5b20915b0e3d`
VirtualSize	`0xc`
VirtualAddress	`0xc6000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0926235`

MD5	`bf164188ce7bc7fede1a6f703c4681f6`
SHA1	`7738abb26eac5489cf83a93cbc23b993413dc0ec`
SHA256	`7f7c0419e5be223beb91f61b973eaa8211f54b3d7f9f98767f344d937629628e`
SHA3	`9d35405e6e0aa7aa68fd296e1c7aade06eba7868d4e04bae02bc47861f3596b7`
VirtualSize	`0x10`
VirtualAddress	`0xc8000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.142636`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53784`
MD5	`474ebde763092b7d94d9bc70f494c058`
SHA1	`a25a04ee7bae858cdf1a5f2ef9ea0dbf5ed736b8`
SHA256	`b037262a2d281eafb2c2252562be0f73360f5a2a0e787b17061aece2a33b9f87`
SHA3	`508dfb201229a208bbea8107df0d367d725ebda5f8e8ba49bb1a4cd0fc37cc13`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23001`
MD5	`f94142bb60592eb4d42ab1450e24b9f8`
SHA1	`35cdd9c4c4bdab4e9d9c9ade1b6fa57a0ef51297`
SHA256	`b649c05c70cbcdc67b0928b72c7b4f5b211e18da587a2ea3b449654a0a7d72c5`
SHA3	`d1feab8d133556cfab04367084553fe2c7b0a004ae38aea937714bfc0fa14049`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9938`
MD5	`434e1866f7754bfc44ab086a5f2bbf0d`
SHA1	`0f3635d416d8d7878489628152ea0f4a8f83ad9e`
SHA256	`1b006b2680902e21879bf223a5d75d0f10f877aee1f420d6084180414b9b1d97`
SHA3	`306c6e861c889df13a7b2ed433f11caca743764d18b0ad0a7759360466f85911`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93569`
MD5	`aba7b2be22b9409f68cced67ef73cfd0`
SHA1	`e5b53c048355ce3f8f831efa4af381233a2d10fb`
SHA256	`1dc1d629e7dc8037307ab7d90c56170e948ae8a338408c483335400bb27dbfc7`
SHA3	`e58aeb368c7c7bb85e2c872eb79b55983783f096a245bc284cf2f7c10f678ee9`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62308`
Detected Filetype	Icon file
MD5	`bec82d9c5028d979a420e534950d6233`
SHA1	`e1bd3221bbc5ba3e8172dc4e58089198b2ff4347`
SHA256	`0885230f1722c42fe74e368066038da27b8391506ba1582add2d240e41b30ab1`
SHA3	`c6629df6bbc335ec2e5c14a509e058afe8ca773892a9aa4fc96ba37eafef2cc7`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26658`
MD5	`989875a72784dede92a75560f2f41776`
SHA1	`cf24ab81bfd713cebefd871eeb0f1e861a09976e`
SHA256	`e1d24d1db30cbe1f9b369c37c239a40f2b480e1e917107741649fc6410aae167`
SHA3	`4b3c57622c91dfe509983e46636aa549b8ebc272325f56f55f884bba9d9ca17d`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	2Friend
FileVersion (#2)	1.0.0.0
InternalName	Mobi Fastpay.exe
LegalCopyright	Copyright © 2015
LegalTrademarks
OriginalFilename	Mobi Fastpay.exe
ProductName	2Friend
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

ec79d5c6e8026d3ea29a7dc45ca9dd59

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

\x17f\x1cpj+[L

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors