Manalyze report for 462c9765a8609fa06578d9251f2c1a1f8505404088b9b6f0b26aeb1d6798c460

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Oct-30 11:18:03
FileDescription	CODEX Language Changer
FileVersion	`2.1.0.0`
InternalName	language_changer.exe
LegalCopyright	CODEX Â© 2015
OriginalFilename	language_changer.exe
ProductName	CODEX Language Changer
ProductVersion	`2.1.0.0`
Assembly Version	2.1.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 31/72 (Scanned on 2026-04-14 17:47:51)	`ALYac: Application.Generic.4803386` `APEX: Malicious` `Arcabit: Application.Generic.D494B3A` `BitDefender: Application.Generic.4803386` `CTX: exe.hacktool.keygen` `CrowdStrike: win/grayware_confidence_100% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Emsisoft: Application.Generic.4803386 (B)` `Fortinet: Riskware/Application` `GData: Application.Generic.4803386` `Google: Detected` `Gridinsoft: Hack.Win32.Patcher.cl` `Ikarus: PUA.HackTool` `Kingsoft: Win32.HackTool.Keygen.v` `Lionic: Hacktool.Win32.Keygen.3!c` `Malwarebytes: Generic.Malware/Suspicious` `MaxSecure: Trojan.Malware.3405.susgen` `MicroWorld-eScan: Application.Generic.4803386` `Microsoft: HackTool:Win32/Keygen` `Panda: PUP/Keygen` `Rising: Hacktool.Keygen!8.B29 (C64:YzY0OkxxiUjNdD8O)` `Sangfor: Hacktool.Win32.Keygen.Vupl` `Skyhigh: BehavesLike.Win32.Infected.fm` `Sophos: Generic Reputation PUA (PUA)` `Symantec: Trojan.Gen.MBT` `Trapmine: suspicious.low.ml.score` `TrellixENS: Artemis!5F0E849A99C8` `VIPRE: Application.Generic.4803386` `Varist: W32/ABApplication.DZCZ-1209`

Hashes

MD5	`5f0e849a99c852d90ddb308d90cd6adf`
SHA1	`d639bba9f4d80fe1048e5b3bd6313be779bac66a`
SHA256	`462c9765a8609fa06578d9251f2c1a1f8505404088b9b6f0b26aeb1d6798c460`
SHA3	`17c8f9345271972054a5a9da023f06aa2b2b1fed49e98696bfed1e0201161150`
SSDeep	`6144:5IROos0TIzV178x07VwqCUkwrCEz77BAFXNlol+C:Xos0koyWEzhAF9l2h`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2015-Oct-30 11:18:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x1c800`
SizeOfInitializedData	`0x42a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001E61E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x20000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x66000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`77b9c0d2138460126f8d54925a7d6f29`
SHA1	`aef203995b98e9cf4336052413533f0d7236dd9e`
SHA256	`d70bf56f522c83aa24cfc5d19fee608e5a1f93d037c12b23dfd176ccd6425b28`
SHA3	`3c73a5ce52623524defa109d260eca1c5fd489ea740570f171ad705dcfd2d53d`
VirtualSize	`0x1c624`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1c800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49841`

.rsrc

MD5	`b8017435645a708a104f5b613d111cc8`
SHA1	`5af561eb4d6a79e2fa087d7c9ac32ec1353ba03f`
SHA256	`cd35b3ddae1df17fc48351027f9f239003370e4f53e010416a151aa49187cdf4`
SHA3	`75383b45318b58c4a4bdb9d366a6bc1106456fe8a2ffc2944899f6c81c5876ad`
VirtualSize	`0x4277d`
VirtualAddress	`0x20000`
SizeOfRawData	`0x42800`
PointerToRawData	`0x1ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.86511`

.reloc

MD5	`83b176ffbcc763ba22834db847ed43bf`
SHA1	`307f93ae7fb469c2c75bbe1830a58d7981be8382`
SHA256	`675b587bef8cf46e68a625bf7fc6e730b30d79f344d55764694021f473cb75a0`
SHA3	`751f6129ba38ffb56e51d3f5b0b9cee79a104551ac871a0bdb81062194dbdf9f`
VirtualSize	`0xc`
VirtualAddress	`0x64000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84997`
MD5	`3eaf21b51dba036c6dff06d7fbf401f0`
SHA1	`21cefa7ded90c3a2a486cf4ebbd260da695b4150`
SHA256	`4ed31f7bd7d20da8d0b6db3e35049bab0ca842fa409322752a7b089e52af2a82`
SHA3	`8d98759b0bf04cf28d1ec2810cac4aadfbd702292c41aab5dc955b5ec6f1d661`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83321`
Detected Filetype	Icon file
MD5	`86053cbb2107ada0660ea53be24d1886`
SHA1	`713daf1e897b38a85f442c3064f6f74be4f4b999`
SHA256	`ddbdb78241baaa55dd2dc817dc3e8d547e7629bee88643cce24520a9aebbd9f0`
SHA3	`117f02ed40197b1927dfec2d3229b7ae6b135a34e5d23d5531a9babf1f18d363`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31923`
MD5	`e81bd7f0fcd362943c345bb982157850`
SHA1	`1a086d5084661ae8d61d1f3c7db62a3f826f4661`
SHA256	`f9d97f0a5a56c6f5107060a2027ee5f9d3a68a5e9fd76ecdd1c11b6b001cddf0`
SHA3	`6ca3f924509e0324068fcd9d4f4187577c61d1d9d09949cfe761fec30389057b`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x311`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03315`
MD5	`e0e09e1841d0a15ec0f32b575588e22c`
SHA1	`d6bf833237eb130c86dc2ede909596189234b908`
SHA256	`628804740a4800774dc96cfeb8645dfa9b8948bc268a4b67170adba7d022f75d`
SHA3	`b83f44b3b605dff276d7aa01e0f56023049813a49dbb8b9d39287dbcb616be2f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.1.0.0
ProductVersion	2.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	CODEX Language Changer
FileVersion (#2)	2.1.0.0
InternalName	language_changer.exe
LegalCopyright	CODEX Â© 2015
OriginalFilename	language_changer.exe
ProductName	CODEX Language Changer
ProductVersion (#2)	2.1.0.0
Assembly Version	2.1.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.