Manalyze report for 7a46efea308e62d25d9ed60a640067166d1a5816815a3efd388a265cb242a3ce

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2099-Nov-22 15:25:55
Comments
CompanyName	Alexandre Coelho
FileDescription	Antivirus Removal Tool
FileVersion	`1.0.7.3`
InternalName	Antivirus_Removal_Tool.exe
LegalCopyright	Copyright Â© 2019 Alexandre Coelho
LegalTrademarks
OriginalFilename	Antivirus_Removal_Tool.exe
ProductName	Antivirus Removal Tool
ProductVersion	`1.0.7.3`
Assembly Version	1.0.7.3

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 8.0` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 7/68 (Scanned on 2026-03-13 03:33:59)	`APEX: Malicious` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Gridinsoft: Trojan.Win32.Gen.cl` `SentinelOne: Static AI - Suspicious PE` `VirIT: Trojan.Win32.MSIL_Heur.A` `Webroot: W32.Hacktool.Riskware`

Hashes

MD5	`577d7437eea1196afd3a5c15a1a8aa6c`
SHA1	`426666f30adfa27029c66a786358ebee19077e3b`
SHA256	`7a46efea308e62d25d9ed60a640067166d1a5816815a3efd388a265cb242a3ce`
SHA3	`426839ba6d0c5a3938cd7ba51b13b480fb84b7b78a26b589b17b2b3d4aac2b36`
SSDeep	`24576:JBE/H1JQto2kJXYNA07tjDB15vzModRag16qG258AXAAlHWXZeJVWgbtaB8xR3t:JBE/H1JQSJXKTtnBT7MskM8AXA`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2099-Nov-22 15:25:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xd1200`
SizeOfInitializedData	`0x7400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000D2FFE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xd4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xde000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e79e28e8ca02505404a5f4122056af1e`
SHA1	`51b98f07c3223bfdc0b1bc5e9170661c1060bb25`
SHA256	`55eb6beab3c3875da7912405c5be63d4a7bb1b1787c42bc0e0b117370f908665`
SHA3	`823b1613d4fff4a064ba67f9d9ff60d16c533b489a1367ebb06c393a2429c2d7`
VirtualSize	`0xd1004`
VirtualAddress	`0x2000`
SizeOfRawData	`0xd1200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.85961`

.rsrc

MD5	`6e27df26f4c48751a363b752012d2ecf`
SHA1	`1853d7344175afcb097b84cc1b44c80763b2783f`
SHA256	`174c78dd5218eb1b210505c28e405277eb1f8931aa1c887d0dd3fd73a8ea05df`
SHA3	`6b6c1ecfa8369a16131f219d9d10c7700ff68e5bf30e689d46e042e10c42fd2d`
VirtualSize	`0x71e0`
VirtualAddress	`0xd4000`
SizeOfRawData	`0x7200`
PointerToRawData	`0xd1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.82968`

.reloc

MD5	`b051c5cce992f45bf32d586b7337786c`
SHA1	`4258315cce1a76da8ea2cf48f77521df996cdd2c`
SHA256	`0b587648981462f0702ef0e66cacbeb560ce4e5be56417d9cd6a88518884a2fb`
SHA3	`8e915bc8c1609e054e68b666c79d8cd8dd1ee9dca2dfde87439ce6e9c71824b5`
VirtualSize	`0xc`
VirtualAddress	`0xdc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd8600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0776332`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05608`
MD5	`f991e26d92ba534f9cf8a94765ee43b3`
SHA1	`00b685837eeb1a0d674e6f87cbeb8bcf8a05d038`
SHA256	`de54edbeadfafec22a98740f65010b2dc8f2d8c354448119add74f4e5f6220d0`
SHA3	`bc10c8d5c01c9005a20c9732d1fb2d1ebfd7e21f165a6533b85991c07ffdd1ac`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43922`
MD5	`70a0f3c50a00d050bfbe0a64f68712b0`
SHA1	`ae2c6066f3a49c0ab282f853a1d6c991b19288f3`
SHA256	`e2c7e763785352efcbd406f5433ae7d7154ed31262e56eb89d61f5833b655aa1`
SHA3	`db0cf2f3d5d8675b9dfd67879e421d92e227048d6e706ee3b1efda72c972207d`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01784`
MD5	`284b92925f794433b0918b7eb2faf481`
SHA1	`e4ac045db5641a6fdb755e2f4d2e64c0849dc3dd`
SHA256	`06126d51a510bfdd8b53dd94e06e74d4cea2253ddbbde677a3c4c4612062350f`
SHA3	`922641ec1b00fa524489e20a94a89c8c3ebb23671b5fd174732b2688a1222530`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x24f7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92783`
Detected Filetype	PNG graphic file
MD5	`282b23ae85a994523933f30da33d81c2`
SHA1	`04930a5f830f9f3476bc006d00656fedd7bea7b5`
SHA256	`868d5188cc05dde0d1670e5da5efadce632516ed964ef1e56d317b667e4c1e34`
SHA3	`127e2a2500f533215ae73a604c61b727c1163a1de95715f3ba1ab98d2b59d064`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44608`
Detected Filetype	Icon file
MD5	`c15cdd6c4a9d282b192a5aa027913dbd`
SHA1	`8d230ffc9613be8f53b14687ff02734ad84d2673`
SHA256	`d3185f23259af06a3602155c7216248e9b9eabce7a29a384e99adf70a8d694f2`
SHA3	`5f03e330af2d03d313f7f7965450e107410a0d90fdad5cf8c3c9adbc5f6f5f9e`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35923`
MD5	`51c57891e8eecd983d0bcdf92ce601f4`
SHA1	`85ef2710053794b2138781bceccbe94149ef8673`
SHA256	`e702fd713980bb36ba9145ad7224f69017c1e45a322e981d2551d1193d6d13d4`
SHA3	`b06329e0c32ce3c5973f40d5ee2d8e5174da64480d3fe5c91304171fbf5cb0ea`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00772`
MD5	`e0e4a019be8bfcf48b646ce2f98b627c`
SHA1	`c96a62055bcf99d90ad8e85f180ff98a2a8e9f72`
SHA256	`5cad9422b30296dc60ad088d66bda7fb0b5ce7bd57f780a5e044b68300e7bbd9`
SHA3	`9f3e1fce8557212d37bf9305fc64610b65b608f5b18749642ae8b550a31aba28`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.7.3
ProductVersion	1.0.7.3
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Alexandre Coelho
FileDescription	Antivirus Removal Tool
FileVersion (#2)	1.0.7.3
InternalName	Antivirus_Removal_Tool.exe
LegalCopyright	Copyright Â© 2019 Alexandre Coelho
LegalTrademarks
OriginalFilename	Antivirus_Removal_Tool.exe
ProductName	Antivirus Removal Tool
ProductVersion (#2)	1.0.7.3
Assembly Version	1.0.7.3

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.