Manalyze report for 5d33185c1c4b086e87334f7435660e5e9f4e8765e25bf6aafd4a96e7b46ddae9

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2084-Sep-28 04:59:21
Comments
CompanyName
FileDescription
FileVersion	`1.0.0.0`
InternalName	Nqsjntiwuib.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Nqsjntiwuib.exe
ProductName
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Malicious	VirusTotal score: 37/71 (Scanned on 2026-05-23 17:57:17)	`ALYac: Gen:Trojan.Mardom.MN.10` `APEX: Malicious` `AVG: MalwareX-gen [Cryp]` `Antiy-AVL: Trojan[PSW]/MSIL.Stealer` `Arcabit: Trojan.Mardom.MN.10` `Avast: MalwareX-gen [Cryp]` `Avira: TR/Dropper.MSIL.Gen` `BitDefender: Gen:Trojan.Mardom.MN.10` `Bkav: W32.Malware.64404A24` `CTX: exe.trojan.mardom` `CrowdStrike: win/malicious_confidence_100% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: MSIL/Kryptik.AMRH trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Trojan.Mardom.MN.10 (B)` `F-Secure: Trojan.TR/Dropper.MSIL.Gen` `GData: Gen:Trojan.Mardom.MN.10` `Google: Detected` `Ikarus: Trojan.MSIL.Agent` `Kaspersky: HEUR:Trojan-PSW.MSIL.Stealer.gen` `Malwarebytes: Trojan.Crypt.MSIL.Generic` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Real Protect-LS!EF4BCB110376` `MicroWorld-eScan: Gen:Trojan.Mardom.MN.10` `Microsoft: Trojan:MSIL/Barys.SG!MTB` `Paloalto: generic.ml` `Rising: Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:9XMfHG92PP0GCeWLcZfLtg)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04CA3` `VIPRE: Gen:Trojan.Mardom.MN.10` `Varist: W32/MSIL_Kryptik.NCI.gen!Eldorado` `tehtris: Generic.Malware`

Hashes

MD5	`ef4bcb110376f885c7a38fd64517179b`
SHA1	`49de6c7ab21ca282497487fee27c5eb1d4f59253`
SHA256	`5d33185c1c4b086e87334f7435660e5e9f4e8765e25bf6aafd4a96e7b46ddae9`
SHA3	`e3214efc1baef730caf20a1561fbdfe4ee77bd72de0b5aa4e359a337ca1a39a8`
SSDeep	`12288:H06+dIunHxTHnOskNlGctO252lsG07olGYTJ45DINA3O5yAk8CT:H0PdnHhusIc2O2u8WGYTCqgO5yTZ`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2084-Sep-28 04:59:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x81200`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0008312E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x84000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x88000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a7577eaf9e58752f4c845b98aadcd327`
SHA1	`03a6e20c332760dc0e6c1355ab8bf6be45586f17`
SHA256	`90a69beea2ae8617c433a2c6fe6855d2591c1c53cb3dcb82c952b1718ae99693`
SHA3	`d0e7fa3ef370b757f37ecb5caffd8700642b6338bd159094f2eac46941605151`
VirtualSize	`0x81134`
VirtualAddress	`0x2000`
SizeOfRawData	`0x81200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.83664`

.rsrc

MD5	`b56e855b9be86ab35b8b5fe3d50b35ab`
SHA1	`4a3379711cebea0592bead86c5b5035f00705f7a`
SHA256	`52effe4886123288575da0eb9b232c7f0d95831aa5011e541c33bfd299d99753`
SHA3	`284ff21c023dab3f0eeb88176598ccb6af97669c50828d6f81405cc4c583e02a`
VirtualSize	`0x570`
VirtualAddress	`0x84000`
SizeOfRawData	`0x600`
PointerToRawData	`0x81400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.96096`

.reloc

MD5	`14b1b976aea73dfc99161d34f5f8a40e`
SHA1	`86e7171832c12e754a524e97a494596fb7ef85de`
SHA256	`2e14ee663dc5af6a7da19e6d26dd5e8f3e8004eeae05c08796003a273994ca7a`
SHA3	`036496b3ae0f9fffae8119e75ce173d20502f5ef6992d1a6c4dc4159dc02a3ab`
VirtualSize	`0xc`
VirtualAddress	`0x86000`
SizeOfRawData	`0x200`
PointerToRawData	`0x81a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0980042`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19855`
MD5	`4d86af542dfeeb0137274a099fba670b`
SHA1	`a4b689ed94cb758a1186509fd082aff3f4b95c63`
SHA256	`6101440c646e07710fa1a6fd15aa82b950afcc2c858f0f125b6a54a1ca2e4237`
SHA3	`df8ff6a9cfe3daa4e6fcfd60af3932c18cd71f1674722e9987387095a3c77ad8`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	Nqsjntiwuib.exe
LegalCopyright
LegalTrademarks
OriginalFilename	Nqsjntiwuib.exe
ProductName
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.