Manalyze report for f1c2525da4f545e783535c2875962c13

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Sep-03 00:15:25
CompanyName	Microsoft Corporation
FileDescription	Microsoft Edge
FileVersion	`127.0.2651.105`
InternalName	WizClient2.exe
LegalCopyright	Copyright Microsoft Corporation. All rights reserved.
OriginalFilename	WizClient2.exe
ProductName	Microsoft Edge
ProductVersion	`127.0.2651.105`
Assembly Version	127.0.2651.105

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Contains references to security software: rshell.exe` `May have dropper capabilities: CurrentVersion\Run` `Accesses the WMI: root\Security` `Contains domain names: api.telegram.org https://api.telegram.org https://api.telegram.org/bot https://i.ibb.co https://i.ibb.co/Dwrj41N/Image.png telegram.org`
Malicious	VirusTotal score: 45/75 (Scanned on 2024-09-03 00:25:12)	`ALYac: Dump:Generic.Malware.SFL.EEDE61C6` `APEX: Malicious` `AVG: Win32:RATX-gen [Trj]` `AhnLab-V3: Trojan/Win.MSILZilla.C5374956` `Arcabit: Dump:Generic.Malware.SFL.EEDE61C6` `Avast: Win32:RATX-gen [Trj]` `Avira: TR/Spy.Gen` `BitDefender: Dump:Generic.Malware.SFL.EEDE61C6` `BitDefenderTheta: AI:Packer.9CD1B15C1F` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.GenericFC.S29961068` `ClamAV: Win.Packed.njRAT-10002074-1` `CrowdStrike: win/malicious_confidence_100% (D)` `Cybereason: malicious.da4f54` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: BackDoor.SpyBotNET.58` `ESET-NOD32: a variant of MSIL/Agent.DWN` `Elastic: malicious (high confidence)` `Emsisoft: Dump:Generic.Malware.SFL.EEDE61C6 (B)` `F-Secure: Trojan.TR/Spy.Gen` `FireEye: Generic.mg.f1c2525da4f545e7` `Fortinet: MSIL/Agent.DWN!tr` `GData: MSIL.Backdoor.XWormRAT.A` `Google: Detected` `Ikarus: Trojan.MSIL.Bladabindi` `MAX: malware (ai score=89)` `Malwarebytes: Backdoor.XWorm.Generic` `MaxSecure: Trojan.Malware.121218.susgen` `McAfee: Trojan-FVYT!F1C2525DA4F5` `McAfeeD: Real Protect-LS!F1C2525DA4F5` `MicroWorld-eScan: Dump:Generic.Malware.SFL.EEDE61C6` `Microsoft: Trojan:MSIL/XWorm.C!MTB` `Rising: Backdoor.njRAT!1.9E49 (CLASSIC)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.ch` `Sophos: ML/PE-A` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score` `VBA32: Backdoor.MSIL.XWorm.gen` `VIPRE: Dump:Generic.Malware.SFL.EEDE61C6` `Varist: W32/MSIL_Agent.EWV.gen!Eldorado` `VirIT: Trojan.Win32.MSIL_Heur.B` `huorong: Backdoor/MSIL.DDos.b`

Hashes

MD5	`f1c2525da4f545e783535c2875962c13`
SHA1	`92bf515741775fac22690efc0e400f6997eba735`
SHA256	`9e6985fdb3bfa539f3d6d6fca9aaf18356c28a00604c4f961562c34fa9f11d0f`
SHA3	`e0e4d2b3a27f7faa38234fd21296f3ab402680e04c0c8642ffcb580b95764759`
SSDeep	`3072:O4et7oUbY1cZx3bNLap5fOesrKe5BV0bUniyimyW:O4GkcHbAe5v0bURy`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2024-Sep-03 00:15:25
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x12600`
SizeOfInitializedData	`0x12200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001447E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x16000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2a000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`93a0924952f5ff6f1718369ab1476828`
SHA1	`d60fddaf1c9df8a465fd9b2f77fc57b6c7801de0`
SHA256	`f1a50741fd4e80d39b4f72b8dc405d65c07290634043c18e5238e9285b513ed8`
SHA3	`ddb8f587ca3fc02c16502854b0869d1e20933cf679676e6f6bb83503a03b2a27`
VirtualSize	`0x12484`
VirtualAddress	`0x2000`
SizeOfRawData	`0x12600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.14846`

.rsrc

MD5	`7fd3e3fc11413536243aadd076347030`
SHA1	`27caf6e928b5f1d396e4a9bbf41e993f3d1e260c`
SHA256	`d45612f4a92390e289655fa3cc4a40ea4c46e2b8c8ed90cbc421c578e968748d`
SHA3	`29172566230c873537beb1221fa3f39fd526f3a4b9f27317197b2e8d6563c7a2`
VirtualSize	`0x11fd2`
VirtualAddress	`0x16000`
SizeOfRawData	`0x12000`
PointerToRawData	`0x12800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.76322`

.reloc

MD5	`549acdf2b41238c7228afe03770ae4a1`
SHA1	`fbb6154598d98127cd7137433e01c584c70991ad`
SHA256	`b909661f4bbf915b0e1e5442b3eb89bea119934f276db0d1b096fd5d97180a3a`
SHA3	`c5d75a8a8bc8c437abf330200299d980591e98e14d25d46a67b77510b397bf90`
VirtualSize	`0xc`
VirtualAddress	`0x28000`
SizeOfRawData	`0x200`
PointerToRawData	`0x24800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6fd1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93687`
Detected Filetype	PNG graphic file
MD5	`05c5e6269d701bb955caeab398845eb9`
SHA1	`6af7db18e26aa460bd43842f68ad292bfdbe8d3b`
SHA256	`81be816eaf825fc65744a34d2e9ac060c008838c3124b4f52298686f84eda7d5`
SHA3	`feab9556fe4155e9e5772547aa271fcaea36476d8683d61db33e1ebd4890ed4a`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45828`
MD5	`2c78774dd208f4ab76ea5eac623b69d5`
SHA1	`fc1fdc20825a807346700e0663505b718396bd66`
SHA256	`761ed25024f100a25bb3ff1f5af8658abe16086cf8eeecf35f9a7493089dbf60`
SHA3	`0985e06180d389d07922fdb9560bb0221ec6dc28573483bad3ac59be42ea079f`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49799`
MD5	`7744d08204370f134c8fafc9fc9ba574`
SHA1	`4a944306de7a48498b37a8c8d5ffbdca86a8ce90`
SHA256	`f46daaedf599ca9b840f34473f1e7dcd7d59e6436c89ac87c51a56b960ca0556`
SHA3	`29aef36a79e47fa703933c59fa12e169768d45cab866a324557d2ab3d5f5bd29`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57683`
MD5	`0adc3f87808b04f87718d32a7f5efe18`
SHA1	`da0ed8c771bc91ca4c1e03bdc88487f78d5ed8b1`
SHA256	`d35a6854b3997967f86d712561163ee83d0744ee90edb0d07b6fb9dee0e3b11d`
SHA3	`592938e9f50329e0a04bcd6e44fd05720341851e8afb910901a975400df92404`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71509`
MD5	`892de54c9aac9bdb22c4e5ac87d02c53`
SHA1	`9a605da180d0cbda0ce8302942021a69acf51189`
SHA256	`ff67d10f20866c49aad622ec404b27f3bba5da9411e442b0adedd0001a520c64`
SHA3	`ada7ce9062fca19c3aa94af7da88963309b9b5f017a159ae448cbcea0ea127c2`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76024`
MD5	`f2916239a71269e53ac5e526757f7b50`
SHA1	`6fcec38863fe5537abdbec4d2a5b0d69a17d2bcd`
SHA256	`810e886ee71854383702ad56bf782f1d0672f142baf6e366bc178368d3503796`
SHA3	`9a179b1878a012d0dfceb23c733fc48b71933aa13342aedaf8beb5bd5ff0b4ac`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.97393`
MD5	`1cd24f84a1d7f0c71c45cc13504e0910`
SHA1	`fbfd75f4e810e850b07ac4ccbe228ef20b5db167`
SHA256	`cac5649212afad33f2c0faac40e7e6311e23fd2f39a4c44bc5b5eb1e3ae67611`
SHA3	`3721aaf68f6dd404ed4edd7848c436fbba8e53f77102653a102f5c2da6a9a0b6`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93295`
MD5	`28de43ca8cc76b2564891550c1ff48be`
SHA1	`9464b779ceaffc9924b6dbd87d11a868c28852ce`
SHA256	`976f423f50cb0e8b1f3d017672fdaa433ef774865b200bd05ecac24cb500c27b`
SHA3	`0097374d6a3102399822e66e03016863aaf820bd02baa719fe9f3f6cccfb7eb4`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46085`
Detected Filetype	Icon file
MD5	`76ddb918659fe837e44cd9e80d4ccca7`
SHA1	`8d05068723587ff890ac6b23c30fa70090abc974`
SHA256	`8e0cb1c6f85682f76ae6c904492aba0d2367553ebee1f8b04734babee57e9cf2`
SHA3	`b7b2c431f5406a7ad26d9bf9bb9ee5ccdb6c8a0241d52e9fbfc8d612026e14be`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4137`
MD5	`c9a4841b168d2ca68e4c628b5aed9fda`
SHA1	`1505179d2272ecedab6cbe15770bc06fad496c27`
SHA256	`1edf1860fc95d68522cc63abb1c4c922474cabc60cd26f97ba2d52b99d0ba2ba`
SHA3	`7c009cc507a19beb63a6cb9f4404e212eff67b027524b7838477810c7ad01e5c`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	127.0.2651.105
ProductVersion	127.0.2651.105
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Microsoft Corporation
FileDescription	Microsoft Edge
FileVersion (#2)	127.0.2651.105
InternalName	WizClient2.exe
LegalCopyright	Copyright Microsoft Corporation. All rights reserved.
OriginalFilename	WizClient2.exe
ProductName	Microsoft Edge
ProductVersion (#2)	127.0.2651.105
Assembly Version	127.0.2651.105

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

f1c2525da4f545e783535c2875962c13

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

1 (#2)

1 (#3)

1 (#4)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors