Manalyze report for f1a8cce5f97ca84013a322c27af8cf64

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jan-14 21:27:15
Comments	My Love Details
CompanyName	My Love Details
FileDescription	My Love
FileVersion	`0.0.0.0`
InternalName	Folder+.exe
LegalCopyright	Copyright My Love Details 2016
LegalTrademarks	My Love Details
OriginalFilename	Folder+.exe
ProductName	My Love Details
ProductVersion	`0.0.0.0`
Assembly Version	0.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	The file contains overlay data.	`1000 bytes of data starting at offset 0xcbe48.`
Info	The PE is digitally signed.	`Signer: My Love` `Issuer: My Love`
Malicious	VirusTotal score: 43/66 (Scanned on 2019-07-23 09:16:18)	`MicroWorld-eScan: Trojan.GenericKD.40996453` `FireEye: Generic.mg.f1a8cce5f97ca840` `CAT-QuickHeal: TrojanDropper.MSIL` `ALYac: Trojan.GenericKD.40996453` `Cylance: Unsafe` `K7AntiVirus: Trojan ( 005467131 )` `BitDefender: Trojan.GenericKD.40996453` `K7GW: Trojan ( 005467131 )` `Cybereason: malicious.5f97ca` `Arcabit: Trojan.Generic.D2718E65` `Cyren: W32/Trojan.LANV-0725` `ESET-NOD32: MSIL/Agent.BTZ` `Paloalto: generic.ml` `GData: Trojan.GenericKD.40996453` `Kaspersky: HEUR:Trojan-Dropper.MSIL.Scrop.gen` `Alibaba: TrojanDropper:MSIL/Scrop.05217374` `NANO-Antivirus: Trojan.Win32.Mlw.fmresz` `Avast: Win32:Trojan-gen` `Tencent: Msil.Trojan-dropper.Scrop.Ecjw` `Ad-Aware: Trojan.GenericKD.40996453` `Sophos: Mal/Generic-S` `Comodo: Malware@#1umamot7comtp` `F-Secure: Trojan.TR/Dropper.Gen` `Qihoo-360: Win32/Trojan.Dropper.a3f` `Invincea: heuristic` `McAfee-GW-Edition: Artemis!Trojan` `Emsisoft: Trojan.GenericKD.40996453 (B)` `SentinelOne: DFI - Malicious PE` `Avira: TR/Dropper.Gen` `Antiy-AVL: Trojan[Dropper]/MSIL.Scrop` `Microsoft: Trojan:Win32/Occamy.C` `Endgame: malicious (high confidence)` `ZoneAlarm: HEUR:Trojan-Dropper.MSIL.Scrop.gen` `McAfee: Artemis!F1A8CCE5F97C` `MAX: malware (ai score=100)` `Malwarebytes: Trojan.Dropper.MSIL` `Yandex: Trojan.Agent!D32plSelmWM` `Ikarus: Trojan.Dropper` `eGambit: PE.Heur.InvalidSig` `Fortinet: MSIL/Agent.BTZ!tr` `AVG: Win32:Trojan-gen` `Panda: Generic Malware` `CrowdStrike: win/malicious_confidence_100% (D)`

Hashes

MD5	`f1a8cce5f97ca84013a322c27af8cf64`
SHA1	`4754a92c5fb46cc01036f104c9a29588499c55a5`
SHA256	`959e1a9b59901e1d2ef5e576a326eac6a06c869a2237f940cfe139669870295f`
SHA3	`c4d43390ff0830dcd7461858e6cef9f16b945ae59f6e3931554feefda203921d`
SSDeep	`12288:OQZw6b4b0/adpaq3mxE5IMHvp1BW8fkDdF2z:NkOu5VB1BWAXz`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Jan-14 21:27:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0xb0000`
SizeOfInitializedData	`0x1a800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000B1E9E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xd0000`
SizeOfHeaders	`0x200`
Checksum	`0xd952e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5e89cfdc558971ede381eeaca9eea7eb`
SHA1	`8500ac3b27b451416e4bbd806e7006d5b9303148`
SHA256	`5934ee7d9620e8338119ea54171c4ba311d2ead93e6ad0e30e9be848429ab9ae`
SHA3	`11712440936a07e86ddef1bf9f36da44d04ae32202d459b023a835e31f1290a4`
VirtualSize	`0xafea4`
VirtualAddress	`0x2000`
SizeOfRawData	`0xb0000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.63288`

.rsrc

MD5	`c86775a5e1301b9622476c4a0230f0eb`
SHA1	`d6042bbafae07d725dcb7dede6298f998527466b`
SHA256	`d4ef2382f9b13df2682e1e199d9abe1728d18b8c8625249d80f594306433c801`
SHA3	`8f9394be919c56a8fdf532ea7a0f18fb9d40c3952302f1f7d8ede2c9a7072e9b`
VirtualSize	`0x1a458`
VirtualAddress	`0xb2000`
SizeOfRawData	`0x1a600`
PointerToRawData	`0xb0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.25607`

.reloc

MD5	`46493430eb99b3489dfe7466509a7683`
SHA1	`45ee93d474d82796f38b49fb790d3adcdf585e74`
SHA256	`4a8295ccea2e097c946318f8c7a78887d60af0cd850ed3092a15011e13879ec4`
SHA3	`bbb3c83798ff51153b0bea464c54e3430d2c0073a9e7792d3c477f7e7fdfb520`
VirtualSize	`0xc`
VirtualAddress	`0xce000`
SizeOfRawData	`0x200`
PointerToRawData	`0xca800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63324`
MD5	`645f519c518ab353ee42100b9d6df3fc`
SHA1	`62f6e9f7a18f6467787cda0fe1f7652a870f5eaa`
SHA256	`694ac473aafea31c1a62f1cd83ce496a9c0b9b2342b05990fc006438583fd4e3`
SHA3	`fe564efa8b980985e4c7e4ab345e6e0a9f28b1f6b08d2c6b5c6b9129a0ddb118`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x9763`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98611`
Detected Filetype	PNG graphic file
MD5	`029a01c2d18ab8c41b2eb02c92ae49ad`
SHA1	`385cff137f7ce07c67d94a395f54d9b331594585`
SHA256	`2381a9c3a68ceb4f05861a4ebb5c944ed4cb52ebd5e4addf3bf0fae916d740f9`
SHA3	`dcb870b14d344d0f31bc3e3eb9d83e8e8cc1a917055074f121f46fee31f2bee8`

A

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.19569`
Detected Filetype	Icon file
MD5	`13849ec20d5acfc45947ec353aafe752`
SHA1	`32ed5a08301c2266053e471a7ae6c729fdb71d5d`
SHA256	`d46c39b4b8fceda0a3bec98f4a7ce7535d5c2c1912c544a58f8a59bacf401039`
SHA3	`602b2088129ceb6cfbc25c7dd0129bc97642ffb9decd11b902bb758c54d124e9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31313`
MD5	`0d415877bd03ebfad2bf107ba9b2311d`
SHA1	`5ec912d97efdac2a65b97fcfa8734ecc436a6f16`
SHA256	`59b7d564db0a944ff970654e07dbd926a01d73ffef199d726a282c9b13065a2f`
SHA3	`023db56ed76987bf77d345d59a9fdce55174c8c7d76a242a6ac2d05382c90a5f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	My Love Details
CompanyName	My Love Details
FileDescription	My Love
FileVersion (#2)	0.0.0.0
InternalName	Folder+.exe
LegalCopyright	Copyright My Love Details 2016
LegalTrademarks	My Love Details
OriginalFilename	Folder+.exe
ProductName	My Love Details
ProductVersion (#2)	0.0.0.0
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

f1a8cce5f97ca84013a322c27af8cf64

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

A

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors