×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2099-Oct-18 00:32:21
Debug artifacts
C:\Users\Dell\visualstudio\source\repos\RiseLauncher\RiseLauncher\obj\Release\RiseLauncher.pdb
Comments
CompanyName
FileDescription
RiseLauncher
FileVersion
1.0.0.0
InternalName
RiseLauncher.exe
LegalCopyright
Copyright © 2020
LegalTrademarks
OriginalFilename
RiseLauncher.exe
ProductName
RiseLauncher
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info
Interesting strings found in the binary:
Contains domain names:
https://client.craftrise.network
https://client.craftrise.network/api/launcher/hashs.php
Info
The PE is digitally signed.
Signer: \x00D\x00E\x00S\x00K\x00T\x00O\x00P\x00-\x00M\x00V\x00T\x00H\x001\x000\x00M\x00\\x00y\x00u\x00n\x00u\x00s
Issuer: \x00D\x00E\x00S\x00K\x00T\x00O\x00P\x00-\x00M\x00V\x00T\x00H\x001\x000\x00M\x00\\x00y\x00u\x00n\x00u\x00s
Malicious
VirusTotal score: 5/67 (Scanned on 2020-09-17 20:13:08)
CrowdStrike:
win/malicious_confidence_60% (W)
Symantec:
ML.Attribute.HighConfidence
APEX:
Malicious
SentinelOne:
DFI - Malicious PE
Cybereason:
malicious.d4fa9a
MD5
f82d92979dd88d7443d8cd13c48f8508
SHA1
3d161dad4fa9a430633cecd94c42d63430abffae
SHA256
0c17dd44f1f445c273223d761e947950dc461ebede2b31748865f5d4c39f64a5
SHA3
6de4cbb23c4642fdbd9c9748d30f582cd68bd8e371f9d707fb53e2bbc9d05cce
SSDeep
12288:XWnIMFkL4Rtpmrc93BpzNK1xD6s4y2O1IwMDMVqfBdcmDBREAOi:FekkRrmrcdHzECs4y2OcMVqJdcrM
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2099-Oct-18 00:32:21
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
48.0
SizeOfCode
0xbc800
SizeOfInitializedData
0x8800
SizeOfUninitializedData
0
AddressOfEntryPoint
0x000BE7BE (Section: .text)
BaseOfCode
0x2000
BaseOfData
0
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0xcc000
SizeOfHeaders
0x200
Checksum
0xc8034
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
e8a9b64823e9ef1091eb36cfe55fd782
SHA1
050de9491e300cd2de1caaa9ae472e92703ae4aa
SHA256
4de2573586dee0325e01a69bb9f34e2e3864cc8faa422e7e0bfce0673f7c7ac8
SHA3
e1a7df9df45103085ebec175d0f46ffbc2d8261f1b30bc73bcf74389a7faa707
VirtualSize
0xbc7c4
VirtualAddress
0x2000
SizeOfRawData
0xbc800
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
7.98716
MD5
236cf043dcd34387bdda9a5371831f4a
SHA1
2f272acd83e7c83393e31c9a5e40cedb22a371ef
SHA256
17eaab0107ecfbbf48486c61d77505e92bd21437d6f3e121c174c22416f9ba9d
SHA3
2de39d0c332c75079696c79ad1e972c28d0fdd85f3b078e8f6a5a54cb764a67f
VirtualSize
0x8418
VirtualAddress
0xc0000
SizeOfRawData
0x8600
PointerToRawData
0xbca00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
7.87335
MD5
5e8775485205dcb508ff8c3b43a9aef2
SHA1
978299929ef37b68b6d6b9bbaa039fa3a8c60921
SHA256
b3fc01e7c158308b7d876db8013a9f4739ad3ff38a20f8b9e6ee087a525a7e7d
SHA3
144e2f922a96f9d16b4b8404724d78444679fa54b87651ce217c0fbed9db9d66
VirtualSize
0xc
VirtualAddress
0xca000
SizeOfRawData
0x200
PointerToRawData
0xc5000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x7fdb
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
7.96891
Detected Filetype
PNG graphic file
MD5
b0123442f46ee6d7129a9848eaf9d40d
SHA1
e317a3fbf8ec385e2fde93f8c90582befc1568b6
SHA256
bbe159cee6456eab5dc4ba5e5d1132cadbb9465f48ba1fb5f3a720e9fa116c5d
SHA3
923f895af7a7c1bbf043122ba8c8668af609edb80d42a489b048c14d3bce4091
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x14
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.51664
Detected Filetype
Icon file
MD5
e7dd1ca12461a23cdc45022150dd2408
SHA1
dbe1ea9b3081ef133e661f6d090bab560d41b11f
SHA256
0672b4f74cc928a109f7b30b21cdf8ee10c11712a517f16ecf7ba63c6357dcc5
SHA3
ee160a9cf67533e84083cce7e2654a7113c6336f4fa9097f17816b8f232850c9
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x33c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.25718
MD5
2928cfb2ffe3f45d0cb53b053d24cc7e
SHA1
031df8f3c3831031ef8ce763e8806cceab5071b0
SHA256
2c891bba4d490a666b81b05b96046ad765290fc4fac11ddb260367e058ec27e9
SHA3
83703887210efdfab860eae79554f68728af463936341680978c4a56f2b11e65
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
FileDescription
RiseLauncher
FileVersion (#2)
1.0.0.0
InternalName
RiseLauncher.exe
LegalCopyright
Copyright © 2020
LegalTrademarks
OriginalFilename
RiseLauncher.exe
ProductName
RiseLauncher
ProductVersion (#2)
1.0.0.0
Assembly Version
1.0.0.0
Characteristics
0
TimeDateStamp
2099-Oct-18 00:32:21
Version
0.0
SizeofData
119
AddressOfRawData
0xbe6f4
PointerToRawData
0xbc8f4
Referenced File
C:\Users\Dell\visualstudio\source\repos\RiseLauncher\RiseLauncher\obj\Release\RiseLauncher.pdb
Characteristics
0
TimeDateStamp
1970-Jan-01 00:00:00
Version
0.0
SizeofData
0
AddressOfRawData
0
PointerToRawData
0xbc96b