×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2054-Apr-23 15:35:09
Debug artifacts
C:\Users\NetboyDev\source\repos\BitTool Ultimate\BitTool Ultimate\obj\Release\BitTool Ultimate.pdb
Comments
Create bitcoin transactions.
CompanyName
BitTools Inc.
FileDescription
BitTool Ultimate
FileVersion
2.5.0.0
InternalName
BitTool Ultimate.exe
LegalCopyright
Copyright © 2020
LegalTrademarks
OriginalFilename
BitTool Ultimate.exe
ProductName
BitTool Ultimate
ProductVersion
2.5.0.0
Assembly Version
2.5.0.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ 8.0
Info
Interesting strings found in the binary:
Contains domain names:
adobe.com
ajaxload.info
blockchain.com
google.com
http://ns.adobe.com
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://www.w3.org
http://www.w3.org/1999/02/22-rdf-syntax-ns#
https://www.blockchain.com
https://www.blockchain.com/btc/address/
ns.adobe.com
www.blockchain.com
www.google.com
www.w3.org
Suspicious
VirusTotal score: 2/68 (Scanned on 2020-08-24 19:54:10)
APEX:
Malicious
SentinelOne:
DFI - Malicious PE
MD5
59f21d4d321475c16b2e07ea8efb9474
SHA1
1f36e896f07730fb64ebdac67acf1a90eb41f64d
SHA256
d0b092463db5d12ad840a2706fed4f616a728c5de99224817acc1c170060c936
SHA3
ca233cb5c09d54e4a0bca94162ba439ab58d917d21221ab929fedc4ce41547a4
SSDeep
12288:DjP4QmIgMpd0hKM0ZrzA8tZgwmgA4dlZc4:DL/qMp+hizZZgPkdP
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2054-Apr-23 15:35:09
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Magic
PE32
LinkerVersion
80.0
SizeOfCode
0x6d800
SizeOfInitializedData
0x2000
SizeOfUninitializedData
0
AddressOfEntryPoint
0x0006F6F2 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x70000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
6.0
Win32VersionValue
0
SizeOfImage
0x74000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
752d3f26de2d7c96300a153a36bcba04
SHA1
3d3fd5a7b8a7b74f0bfbb463ff5ac248f14f0c2e
SHA256
51764a71105361e6438cf6621346a0e50ae11a589c104180e8331ed3db285a04
SHA3
1cfad6a0b592d821dcea563fd1218b4dbb547061556b13fe2fc7985dae97e022
VirtualSize
0x6d6f8
VirtualAddress
0x2000
SizeOfRawData
0x6d800
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
7.69262
MD5
9bc52d8c1835e3b8784fdd794cabc21d
SHA1
760e057a2f432a00fbabf8bec03377556b0eed2f
SHA256
9b30a1701706949cef1549cfb517abf8291b41075a843ee44a5e357eae5a6d56
SHA3
af045887f9d16b04e798b8c0fda7e55c706b07434108eaf26c78cf89a57d601b
VirtualSize
0x1c30
VirtualAddress
0x70000
SizeOfRawData
0x1e00
PointerToRawData
0x6da00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
3.55864
MD5
b4fe48b2a52e14ca406c0debcc14b502
SHA1
cdda29d5212aa713b57f24102406bfb2cfad2adc
SHA256
30da242901935ca9d0a8185cbc32a59dbe7d7bf438dfb11d9685b38c766efcb2
SHA3
b38049baaaab4814c0ee80662e64de018c854942925aec37339dd539770cd739
VirtualSize
0xc
VirtualAddress
0x72000
SizeOfRawData
0x200
PointerToRawData
0x6f800
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x468
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.81277
MD5
fd95828356a0753ebba7d0bc8bccb4fd
SHA1
652c8c22f49cbe9f850565fb137f5903d4e323d7
SHA256
ebeeaae5574d136a244a8d469b0a3b9f0fcb4878f33f9065e42830dd714ea2fc
SHA3
77f14c79cab14ca091d9f419c47103b11ff2b3360abdcadade82e8c2b0cdc986
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.06102
MD5
47400d6cf29099412b713eda09d662fd
SHA1
6f9535c742f3ad812c4366e7ca5febfc353ea14a
SHA256
d0f069dfa20bdb83d2f5c21e9453b704fc7e14ef120c817a3e229968f3693155
SHA3
e93b9c5de7dc66e17c7e2ad3ed9c17e2e2e3633310733b91b989583fb3517108
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x22
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.21059
Detected Filetype
Icon file
MD5
86561693760b088960969f3b7654507a
SHA1
82368be1644244e0fd66f1d737b3d45d26b2218f
SHA256
b1a9ff73f6a9d486c67f409a629924792ca40aa8966d45e48239863f63629fd0
SHA3
206e8d2db4680b7736ddcf7885984ca26fa1a66e72ec9073e8052ba82ea94408
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x3ac
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.32191
MD5
5e5c4b200d17e3c40033735fd42f7556
SHA1
4da24cbf104efaaf7a9ba4c37632a1b12567be41
SHA256
f3af5a4ea15d2c3261fef9c0cf5a24de9da091c2b2cc2796a0b9991f70b02428
SHA3
9953257620302b06492cbcf176e800e621ca592b72eaba3ef7c0b173d49eee38
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
b7db84991f23a680df8e95af8946f9c9
SHA1
cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256
539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3
4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
2.5.0.0
ProductVersion
2.5.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
Create bitcoin transactions.
CompanyName
BitTools Inc.
FileDescription
BitTool Ultimate
FileVersion (#2)
2.5.0.0
InternalName
BitTool Ultimate.exe
LegalCopyright
Copyright © 2020
LegalTrademarks
OriginalFilename
BitTool Ultimate.exe
ProductName
BitTool Ultimate
ProductVersion (#2)
2.5.0.0
Assembly Version
2.5.0.0
Characteristics
0
TimeDateStamp
2058-May-06 10:57:36
Version
0.0
SizeofData
123
AddressOfRawData
0x6f624
PointerToRawData
0x6d824
Referenced File
C:\Users\NetboyDev\source\repos\BitTool Ultimate\BitTool Ultimate\obj\Release\BitTool Ultimate.pdb
Characteristics
0
TimeDateStamp
1970-Jan-01 00:00:00
Version
0.0
SizeofData
0
AddressOfRawData
0
PointerToRawData
0