Manalyze report for a3b3c9e9c1c68df7a1902750cef695b9b5518f19c5ecbb8e3796f5b80468e361

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-24 19:03:05
Comments	Important System Files
CompanyName	Utility Application
FileDescription	Server Dev Bty
FileVersion	`2.3.8.5`
InternalName	server1.exe
LegalCopyright	Copyright Â© 2026 Utility Application
LegalTrademarks	All right Reserved.
OriginalFilename	server1.exe
ProductName	Server Development Bty
ProductVersion	`2.3.8.5`
Assembly Version	2.2.8.2

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 53/69 (Scanned on 2026-05-26 19:01:39)	`ALYac: Gen:Variant.Application.Tedy.28594` `APEX: Malicious` `AVG: MSIL:GenMalicious-R [Trj]` `AhnLab-V3: Trojan/Win.Generic.C5448890` `Alibaba: Trojan:MSIL/Kryptik.cecb3516` `Antiy-AVL: Trojan[Spy]/MSIL.Quasar` `Arcabit: Trojan.Application.Tedy.D6FB2` `Avast: MSIL:GenMalicious-R [Trj]` `Avira: TR/Dropper.Gen` `BitDefender: Gen:Variant.Application.Tedy.28594` `Bkav: W32.Malware.46A60562` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `CTX: exe.trojan.msil` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: BackDoor.Quasar.277` `ESET-NOD32: MSIL/Kryptik.AHOV trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Tedy.28594 (B)` `F-Secure: Trojan.TR/Dropper.Gen` `Fortinet: PossibleThreat.MU` `GData: Gen:Variant.Application.Tedy.28594` `Google: Detected` `Gridinsoft: Trojan.Win32.Kryptik.sa` `Ikarus: Trojan-Spy.MSIL.Agent` `K7AntiVirus: Trojan ( 005d2bd61 )` `K7GW: Trojan ( 005d2bd61 )` `Kaspersky: HEUR:Trojan-Spy.MSIL.Quasar.gen` `Kingsoft: MSIL.Backdoor.Quasar.gen` `Lionic: Trojan.Win32.Quasar.m!c` `Malwarebytes: Malware.AI.2936412639` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Real Protect-LS!99AD21828B37` `MicroWorld-eScan: Gen:Variant.Application.Tedy.28594` `Microsoft: Trojan:Win32/Malgent!MSR` `Paloalto: generic.ml` `Rising: Malware.Obfus/MSIL@AI.95 (RDM.MSIL2:jA7DqYmIFyGqthmuyM35Uw)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/Generic-S` `Tencent: Msil.Trojan-Spy.Quasar.Fflw` `Trapmine: suspicious.low.ml.score` `TrellixENS: Artemis!99AD21828B37` `TrendMicro: Backdoor.Win32.QUASARRAT.YXGEXZ` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04CA3` `VBA32: CIL.HeapOverride.Heur` `VIPRE: Gen:Variant.Application.Tedy.28594` `Varist: W32/MSIL_Kryptik.NBM.gen!Eldorado` `VirIT: Trojan.Win32.MSIL_Heur.A` `Yandex: Trojan.Igent.b6BxmK.3` `alibabacloud: Trojan[downloader]:MSIL/Injector.CRI` `huorong: Trojan/Injector.ayu`

Hashes

MD5	`99ad21828b3790dd280ffc9f148c286a`
SHA1	`c31f7bb2faa00fc44a132b1d759c4d48c6f9dad4`
SHA256	`a3b3c9e9c1c68df7a1902750cef695b9b5518f19c5ecbb8e3796f5b80468e361`
SHA3	`f8cbf6175b4a8f0236e1cc8ac2fcf2a7d84cd8476d754c47977f5cd56049882c`
SSDeep	`24576:yMB64zqlq4D5Wd2J450tX2k4FNMLWSCn53nHh7qGAeVHa/SUIr:04E9L+50xeFuqh7wuHz`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2026-May-24 19:03:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`80.0`
SizeOfCode	`0xb8c00`
SizeOfInitializedData	`0x19600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000BAB8E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xbc000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xd8000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c77fc9b87d0a9e60487e5f15d17467d7`
SHA1	`cf8be31e7799778466fe2cbdb09d5fdea546a96e`
SHA256	`b348765ba904adadbaac322d95ff703e36c244342f0f599894663400d4458a65`
SHA3	`e0f70475fcadb6eee0dec5d5f50b813302892de8bac7d0d27947cd81b2e24e5c`
VirtualSize	`0xb8b94`
VirtualAddress	`0x2000`
SizeOfRawData	`0xb8c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95599`

.rsrc

MD5	`322c426363a8e41b2b040c13c1927bee`
SHA1	`ab462e1c974b1376bef20554443119e5ba856feb`
SHA256	`5ef4531c60186fcc7b1a94294600ce9c0e560eaf0097b78db872f50bd9d14e28`
SHA3	`5061cd3367fbf39a14bc10d80478bc76da5229a9b9fba13097a2e9d5e5eb1e5b`
VirtualSize	`0x193f0`
VirtualAddress	`0xbc000`
SizeOfRawData	`0x19400`
PointerToRawData	`0xb8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.93152`

.reloc

MD5	`d75a90ae46345151152173061c15ae36`
SHA1	`5e29e2c8c7343afad0c256d20730676e24673622`
SHA256	`0f99ec2228d00246edac02652a1744109b49fbed39c4a017251355d924e93d21`
SHA3	`c72b860cf3ed434563502c2b89ad9cc81050b27ef93293327b606ac28c1b1663`
VirtualSize	`0xc`
VirtualAddress	`0xd6000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.644089`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.48662`
MD5	`72c22fbbf3c9ce632d6ccbf8c37ac7a4`
SHA1	`c438b9170dcee027fc36ee8c6de69d14d9ce2f2e`
SHA256	`f33b56bdbb69264b4134018e423b49c1747098d086a10282926a35869897c4f3`
SHA3	`df829ec8ebc0252d7a9e149d8f2c505030027c1802948e2e8c39104932fc465b`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89961`
MD5	`3c83a8a695e53ac05d421e7d9042d42e`
SHA1	`5221c168e74549d4f9886d2e1d5e8b1f28a02aba`
SHA256	`a3841d5467e4c37ff3b65e6ce039b31a8295b12e6a28ee05629aa9e666172baa`
SHA3	`21f31c4c1272ab22ec636c3397d8ae16e35254e40bf3dc24fd7828a9fd2ead54`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.71079`
MD5	`145244928f9cbc788ebc37afe71f18d6`
SHA1	`b2457c6516e5c0149b068d98577410282f6a9fd6`
SHA256	`237bd048edc5db6802157f957891bbd13ab301b5869927c61d5e544cf56b741b`
SHA3	`0db38a4617c0b753e1f3f4072ba3864c26eed42b03815d991d83ce4ebe548f63`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63859`
MD5	`9d30e0443ecdd06405f6cc5bbdf42c4c`
SHA1	`9d5f73b0d03e365761fcc09c4112c7ecc61e7bc6`
SHA256	`a66a4d1879af75d96e9398658ab68d196486b337ff4b708cace44fdfda20973b`
SHA3	`905652ca738ddff7c548022903f62bb27ebbaf69616471631cf718607b1a7658`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.72724`
MD5	`a61a7e7ff888397a99acc77df59174e0`
SHA1	`1acae7d2dd47e10754297d0ca3a5904922c0537e`
SHA256	`2d5cb46bfb4483f04e4cd2c667d9e0415683da632d96b3985c4de17c0035eec0`
SHA3	`c004fcc3bf1ed238b642793940c2cbad40a223d1147041ca539ed28197e0c584`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80283`
Detected Filetype	Icon file
MD5	`da9b70665374e3394540c51191a2dfd6`
SHA1	`c91b3f6407149e322850f6a257923abb260adeb5`
SHA256	`9595be7d246f12c7356d15b8facc45ea482de63d316af484c99156170b9d7362`
SHA3	`d75e51b150e9bb574412de784a1ecf652c36717a52f920f529a2c01e2dfce6af`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40949`
MD5	`1c7d19f930f51ceee46d0c6bd29bb155`
SHA1	`a42f6ec007a022f6256251123d4488b30eb645db`
SHA256	`00561e2a771d1d4d47d590e556aac0bd7488a4f57980f9d0bce0fbfdbd07fcf7`
SHA3	`3520e69423369d0df6bfb62041d055c1b201a9d14a3ed0d55be7b9d23c68a1fa`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8d3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94474`
MD5	`e0c7db168b7a36d7e594e4233f59d312`
SHA1	`8167cba0901deaff9b6d62e6250094d77a386bba`
SHA256	`d91e19ed914eb094332f1f9be7567e36b4756223eb6de21ceb0d6463e06eac83`
SHA3	`e7f034c95c256baac4b95169f2ccb09b9a1912b8501f8f24a6eae19b7428729a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.3.8.5
ProductVersion	2.3.8.5
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Important System Files
CompanyName	Utility Application
FileDescription	Server Dev Bty
FileVersion (#2)	2.3.8.5
InternalName	server1.exe
LegalCopyright	Copyright Â© 2026 Utility Application
LegalTrademarks	All right Reserved.
OriginalFilename	server1.exe
ProductName	Server Development Bty
ProductVersion (#2)	2.3.8.5
Assembly Version	2.2.8.2

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.