Manalyze report for 2e66e56daef4dc799377353d889fe9bf6290bb1c7352097fa87dca23d5deeb4f

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Nov-13 01:39:07
Comments	Project X
CompanyName	Cracking the code 4 fun!
FileDescription	Project X
FileVersion	`3.3.0.3`
InternalName	MADARA.exe
LegalCopyright	Copyright 2023
LegalTrademarks
OriginalFilename	MADARA.exe
ProductName	Project X
ProductVersion	`3.3.0.3`
Assembly Version	2.3.0.3

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	`Contains domain names: captureone.com dogdev.net gatherproxy.com http://dogdev.net http://gatherproxy.com http://txt.proxyspy.net http://txt.proxyspy.net/proxy.txt https://www.captureone.com https://www.captureone.com/en proxyspy.net txt.proxyspy.net www.captureone.com`
Malicious	VirusTotal score: 5/71 (Scanned on 2026-06-04 13:40:24)	`CrowdStrike: win/malicious_confidence_60% (W)` `Gridinsoft: Hack.Win32.Patcher.bot` `Microsoft: HackTool:Win32/Patcher` `TrendMicro-HouseCall: Trojan.MSIL.Gen.TL0101DH26ZT` `Webroot: W32.Malware.gen`

Hashes

MD5	`478ed3b27dc9fb2caf0d93bbea1f209b`
SHA1	`9b1aa8080db4201fe118f62a0286e96bf8d2153e`
SHA256	`2e66e56daef4dc799377353d889fe9bf6290bb1c7352097fa87dca23d5deeb4f`
SHA3	`62a1176deb0e25af644b5fd01a6e83ed580c23053db10ea1230f1aae0361c24e`
SSDeep	`768:PwxKPX0WCqXwR5oDdDbID7lctVVcXgYJjSt1rJgHdzYcHeWDZ:oIcnR5oDdDbID7lc3V65Stm8c`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2024-Nov-13 01:39:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x7a00`
SizeOfInitializedData	`0x3c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00009886 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xa000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`33ee98ef23d32a6b5c5356350f3e3b8b`
SHA1	`8bebf1fda49bd335854e8b452bc4baab3aa9bbb6`
SHA256	`b72ec6dc737cd32f76d540348ecd57188de111013e3421bd4c83eafa100ce3be`
SHA3	`805e912a3ff0d62ff4285e5eba7ba8518cdfd88e9d3f9f28053451bb63508a38`
VirtualSize	`0x788c`
VirtualAddress	`0x2000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.28368`

.rsrc

MD5	`10296d7fc928328090dc18d9c94f6f2b`
SHA1	`f5f8ab23f291e9b9dd1e535b81d7fa795b160d15`
SHA256	`b05f4bca95b2dfd29a87cda779c317b9e60c947b226fa2d58f5a5a151c800987`
SHA3	`4073df8ee384e0debef9ee8f30de644a2fb053ab1d4e411050ac6466856e770d`
VirtualSize	`0x382c`
VirtualAddress	`0xa000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.90507`

.reloc

MD5	`109ec2b075d88a0deac63951fd4d4c97`
SHA1	`2deeba20562aee9c29c345ec519a5ddd8996b3f5`
SHA256	`a59512b5adc29aeef69617e774c7a5c4ccd2e107563ca24910512c99f034cd87`
SHA3	`41b3b0e4973c530db751aa0758c420abb6addaf8266e7bb27ad3b8a9f0e4c9e6`
VirtualSize	`0xc`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0476`
MD5	`441bbffd321cff26e1c7130e1640d51c`
SHA1	`513b3dd841197b04b8d1d6e2ccf82130c28d45f0`
SHA256	`6c5d960300f6aed0bb97f04d2e239b1ae29b32add64351c2c0aa4e5c1a395a78`
SHA3	`be87806d9812511563527822712e4f5916a0a2d9b1689b3b1aa4f710410b3438`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51309`
MD5	`faf01e17da259cd7325d5130825d5015`
SHA1	`de3b8d87932b712502e706169437ff8adfc45285`
SHA256	`66dfc9df4eb9e7c9782e8acaa2773a59112f221dc22fc109ef2af13352bcf3c1`
SHA3	`d25cdf36df896ecb65e306aafb2e34c2de9c3d204595736c5fe92fc800fc033a`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.68675`
MD5	`5eadacbb1ae8e51f16a1f94bb91eae27`
SHA1	`499b29212247b1cd20545aebae8507f5ed077f3d`
SHA256	`26bc11e0e84c12a70ecc114a0fe575fb7ca377fc5a20e94d571900579a40426c`
SHA3	`37d3c68a8e982bf41ea1c194706d4e4efedaf771f9cca3fc0c8d01c6a4ba895e`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.19976`
MD5	`311c6953583a36dd02cb9891ee39659c`
SHA1	`7b804719d5c442532d0fa0eda5d63d26c3847a5e`
SHA256	`04b050ea00eee750cbeadf257c7b1ec8afe379ff991e7ccd45fb0f4b5f430baf`
SHA3	`4acde3688270377ad93ca74cc4eadc9cc9177d33c422524979553f310438d1c8`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06992`
MD5	`2a98fc15028e978e214c8c04e97adf79`
SHA1	`b95b6fc912c68a67ff4f6928906aba196e9678d0`
SHA256	`c9187cd54c42d8b84fd3abdc2ad3c7a6c9ba906bab2a781d0499e1ea37830d62`
SHA3	`d6c684cf15fbab6a90e569352b67f5b84249f08267efd5b7b31491d9ad0bc0a8`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33524`
MD5	`3b0f6788214c2a7337643b2d45525b73`
SHA1	`3e5a38fdf9657ec7947594ecbbb3639903672789`
SHA256	`e480d1b4caec39a9fcb3e513416727973345423e7fca47cbf25dc44ae07fa530`
SHA3	`7252edbcc2d44788a3df9ab08c9af6addd2933feaaeda2bf7fb68407aa834fc6`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66931`
Detected Filetype	Icon file
MD5	`4f1bf0a3e0ea53301dc23c5086e1800b`
SHA1	`a3866cc65cb497d3be273f3912afdba86f58ea02`
SHA256	`2e5afd8074c9f54a3b5132ad2d5d17cb20ab66fd9949198a0cf50691b49708df`
SHA3	`1356b037687c1cdf21f56bcf23587abc54140529c29ef80b12fba89837bb3e6f`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x350`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39026`
MD5	`913b7462ee9ac60b6e509ac5493304e2`
SHA1	`7da38830b29676025667c2c37fec3a82a2cc8e8c`
SHA256	`b2b5cd691ed818d1e32b4220ca1fdeffe78c6239d92d92d639a3db128857dea8`
SHA3	`6819c3e56643431b242b82a4dcd94597e55766b5aab035cf4be2575fd7b30fc2`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03948`
MD5	`9c567d9f0d68765c9381820c3e324888`
SHA1	`9a3e3010bd41685d39337b7d7c43c59b1a61d6d2`
SHA256	`33b70290ca562e3e523613de602334aa9ece722d12f8304051259c841b12f1ef`
SHA3	`a8d226a305c77f191a67d83e49eda347f3172b1683e23ab677ea0fdaf1bde4de`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.3.0.3
ProductVersion	3.3.0.3
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Project X
CompanyName	Cracking the code 4 fun!
FileDescription	Project X
FileVersion (#2)	3.3.0.3
InternalName	MADARA.exe
LegalCopyright	Copyright 2023
LegalTrademarks
OriginalFilename	MADARA.exe
ProductName	Project X
ProductVersion (#2)	3.3.0.3
Assembly Version	2.3.0.3

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.