Manalyze report for ec801a7d4b72a288ec6c207bb9ff0131

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Dec-10 09:47:39
Comments
CompanyName	master131
FileDescription	Extreme Injector
FileVersion	`3.7.3.0`
InternalName	Extreme Injector.exe
LegalCopyright	Copyright © 2017
LegalTrademarks	master131
OriginalFilename	Extreme Injector.exe
ProductName	Extreme Injector
ProductVersion	`3.7.3.0`
Assembly Version	3.7.3.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 53/70 (Scanned on 2022-03-02 00:46:55)	`Lionic: Trojan.Win32.Generic.llVQ` `Elastic: malicious (moderate confidence)` `MicroWorld-eScan: Application.Hacktool.ZQ` `FireEye: Generic.mg.ec801a7d4b72a288` `CAT-QuickHeal: PUA.GenericFC.S6060072` `ALYac: Application.Hacktool.ZQ` `Cylance: Unsafe` `Zillya: Trojan.DllInject.Win32.1584` `Sangfor: Riskware.MSIL.Injector.ky` `K7AntiVirus: Unwanted-Program ( 004d38111 )` `K7GW: Unwanted-Program ( 004d38111 )` `Cybereason: malicious.d4b72a` `BitDefenderTheta: Gen:NN.ZemsilF.34232.4n0@ayB2dwj` `Cyren: W32/Trojan.OFOZ-0327` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of MSIL/DllInject.XQ potentially unsafe` `APEX: Malicious` `Paloalto: generic.ml` `Kaspersky: not-a-virus:UDS:RiskTool.MSIL.Injector` `BitDefender: Application.Hacktool.ZQ` `NANO-Antivirus: Trojan.Win32.DllInject.fjhtkg` `SUPERAntiSpyware: Hack.Tool/Gen-Injector` `Ad-Aware: Application.Hacktool.ZQ` `Emsisoft: Application.Hacktool.ZQ (B)` `Comodo: Malware@#khuyon6cxb3x` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: TROJ_GEN.R002C0DF921` `McAfee-GW-Edition: Artemis!Trojan` `Sophos: Generic PUA DC (PUA)` `Ikarus: PUA.HackTool` `GData: Application.Hacktool.ZQ` `Avira: APPL/Injector.AH` `Antiy-AVL: Trojan/Generic.ASMalwS.24F7A11` `Gridinsoft: Trojan.Win32.Agent.dg` `Arcabit: Application.Hacktool.ZQ` `ViRobot: HackTool.Injector.1968128` `ZoneAlarm: not-a-virus:UDS:RiskTool.MSIL.Injector` `Microsoft: Trojan:Win32/CryptInject` `Cynet: Malicious (score: 99)` `AhnLab-V3: HackTool/Win32.Injector.C4224306` `McAfee: GenericRXAA-AA!EC801A7D4B72` `MAX: malware (ai score=100)` `VBA32: Trojan.Tiggre` `Malwarebytes: RiskWare.Injector.DC` `TrendMicro-HouseCall: TROJ_GEN.R002C0DF921` `Rising: Trojan.Generic/MSIL@AI.100 (RDM.MSIL:fLDtS9sOsRbTTSTfaUsOhA)` `Yandex: Trojan.Igent.bTKAcV.64` `SentinelOne: Static AI - Malicious PE` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: W32/DllInject.XQ!tr` `Webroot: W32.Injector` `Panda: Trj/CI.A` `CrowdStrike: win/grayware_confidence_100% (W)`

Hashes

MD5	`ec801a7d4b72a288ec6c207bb9ff0131`
SHA1	`32eec2ae1f9e201516fa7fcdc16c4928f7997561`
SHA256	`b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46`
SHA3	`3eda210dbd0185cf41bf9d7aa642bec416e7e20a53dc9d916bb764c36a2a4b54`
SSDeep	`49152:NNEVtO1U1y1DDDDDD7Llngq7NNMqU0p2Vhk9a:NNEVJyZlng4p2V`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Dec-10 09:47:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x1db800`
SizeOfInitializedData	`0x4e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x001DD65E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x1de000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1e6000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0x1bcf3ac9`
NumberOfRvaAndSizes	`15`

.text

MD5	`9c5f4ed596ead001c32392c7d2ae9434`
SHA1	`18a9e16fbe5c288408657106f32879e55b3507aa`
SHA256	`c943c832a71f378f869686681f04d47dd413b062aa113680a6767cb46232b6a4`
SHA3	`12555b3ea607482b2e733ebf5f955905f07e5568ea2657fcc7b4f0ab8e5cd19c`
VirtualSize	`0x1db664`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1db800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.25583`

.rsrc

MD5	`b2c75c8faaa5ce615fa4d4d340c049dc`
SHA1	`a9db0b1c63c1821a53c554a04e65c60cf47840d9`
SHA256	`e872a641c43574f3000482e23b63ab4cac58b951730ce7f53890e838452dfe4f`
SHA3	`d3ed74aab6c5bb501787eb73ee17f5cfe37cc427b6b05f1917479bd3f3df1d5e`
VirtualSize	`0x4b98`
VirtualAddress	`0x1de000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x1dba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.04092`

.reloc

MD5	`a3146c32832e7667f628449aac483fa8`
SHA1	`e589c6061e02931f2d3e10e15945a2c56933a4b0`
SHA256	`85460f443a7778826066fe9c2545a80b37d589256e591f8456b7aef487690655`
SHA3	`da3980ba610671318f334f25102bf01f77e9b6f31866dfb80b84132492ddd99f`
VirtualSize	`0xc`
VirtualAddress	`0x1e4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e0600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.48876`
MD5	`e76cc6366d6025be19fbbbd0b8a02a2a`
SHA1	`ac7d498bb5e315e5e6b81347a4e22d1f4b2d4a1f`
SHA256	`ca20a6f7c53b03e83029915dc9b8970dabaea0f4cad4ac4edcf506c4827f660f`
SHA3	`acfdf408240f9e39591321d80db57ed31e9845cd45b98e54bda09b1d58dca4bd`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75208`
MD5	`cb4f380c6e551fbf139be039020e4ca7`
SHA1	`aa7f82c5363601b7c8e87b92ff730a0b002f6924`
SHA256	`3447b8b465e3094dbab27c49c65870432ca38ab4a5b7e314bca035926e6cb092`
SHA3	`7286e4a83ce90cc7f5cac4397fb954b42f01395638c702b89b9bd20363b3c92b`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.48935`
MD5	`9c997a7226c68372595e6bb58082e217`
SHA1	`86cbd7be57a98d9f43d127f1681cfa3e8acb9cc6`
SHA256	`124a500188c3db4087895504f1aa0068f446e7862d709c6bcb64f52d3a25b3f1`
SHA3	`f75d80dabbfe9bc03c04c8a9cb28b33a5f5d2a3bcbc692c7fbb5fb6a2138141c`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`1ec6a7b3300970378c29695a6cc13d36`
SHA1	`99ce74251d19d800608e30bed6e0d793931da56e`
SHA256	`77a1efb6136f52dd2372987b13bf486aa75baeacb93bad009aa3e284c57b8694`
SHA3	`7a94ba315b3ab461cec9dad3048599d32b0e597047f9655159bd6dfdc694e4a3`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x37c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34845`
MD5	`b1fef662572accb374c1eb8723579e8f`
SHA1	`a229b031b6b089cfbb8b05e99d527bb69097d063`
SHA256	`e91dd0a808adb3df6204a4b225f26e5c3e32272420ae347892a3808038351d72`
SHA3	`2650b72fb3f778d86d213b5e8d8a20dedef8c54833828ce75c1dfa6aac67a14f`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb9f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04023`
MD5	`8d178f6640424ccbde04dc2839c38485`
SHA1	`1b2449c0584816ba23be761a6b58d3a73a839132`
SHA256	`fcb1b49b9624f37788ce30acc67b3dede97c5ebf039458009bf8304c786c882c`
SHA3	`293d21179a311c882336db494b0af0e6ee9cea99e8f6767c43a50403e937e344`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.7.3.0
ProductVersion	3.7.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	master131
FileDescription	Extreme Injector
FileVersion (#2)	3.7.3.0
InternalName	Extreme Injector.exe
LegalCopyright	Copyright © 2017
LegalTrademarks	master131
OriginalFilename	Extreme Injector.exe
ProductName	Extreme Injector
ProductVersion (#2)	3.7.3.0
Assembly Version	3.7.3.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

ec801a7d4b72a288ec6c207bb9ff0131

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors