Manalyze report for aa2c5d03820cf8019e01394e2063d6854f0811313c8b0fb2bdfc40c7045b14ba

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2042-Jul-14 01:04:00
Comments
CompanyName
FileDescription	HostForms
FileVersion	`5.0.0.0`
InternalName	HostForms.exe
LegalCopyright	Copyright Â© 2010
LegalTrademarks
OriginalFilename	HostForms.exe
ProductName	HostForms
ProductVersion	`5.0.0.0`
Assembly Version	5.0.0.0

Plugin Output

Suspicious		`Unusual section name found: .FEF3`
Suspicious	The file contains overlay data.	`16 bytes of data starting at offset 0xc4600.`
Malicious	VirusTotal score: 25/70 (Scanned on 2026-05-29 14:44:48)	`ALYac: Gen:Variant.MSILHeracles.235707` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Misc]` `AhnLab-V3: Trojan/Win.Generic.C5659244` `Antiy-AVL: Trojan/MSIL.Kryptik` `Arcabit: Trojan.MSILHeracles.D398BB` `Avast: Win64:MalwareX-gen [Misc]` `Avira: TR/W64.Agent` `BitDefender: Gen:Variant.MSILHeracles.235707` `Bkav: W32.Malware.FC77FD76` `CTX: exe.unknown.msilheracles` `CrowdStrike: win/malicious_confidence_90% (D)` `Cylance: Unsafe` `DrWeb: Trojan.PackedNET.2703` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.MSILHeracles.235707 (B)` `F-Secure: Trojan.TR/W64.Agent` `GData: Gen:Variant.MSILHeracles.235707` `Gridinsoft: Trojan.Heur!.020134A3` `Kaspersky: HEUR:Trojan.MSIL.Crypt.gen` `McAfeeD: ti!AA2C5D03820C` `MicroWorld-eScan: Gen:Variant.MSILHeracles.235707` `SentinelOne: Static AI - Malicious PE` `VIPRE: Gen:Variant.MSILHeracles.235707` `huorong: Trojan/MSIL.Heracles.a`

Hashes

MD5	`81c504523aefaa27afb0757289d37bae`
SHA1	`444acf4d93a9c415048bfdaaf038d8da82dbd1c3`
SHA256	`aa2c5d03820cf8019e01394e2063d6854f0811313c8b0fb2bdfc40c7045b14ba`
SHA3	`af81c5178f3ac95ccb0b2458dd459fdc17d65c372d6dd16e560536788b22938d`
SSDeep	`24576:0fXhGcuwZwknnWm365p6Fzb9YxIoF7WNTU:ehGcuwZw4nWl6FSxIRNQ`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`4`
TimeDateStamp	2042-Jul-14 01:04:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`48.0`
SizeOfCode	`0x6e`
SizeOfInitializedData	`0xc3beb`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002062 (Section: .text)`
BaseOfCode	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xcc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d97fad47f595f21231d2511e3894b737`
SHA1	`f0bd59a06018418f09f7357cbf48da3a2eaea7b9`
SHA256	`2cdfe10b0dfe2bba3ac6fdc5dda830a1eb19b59da5239cc793afa0e940bc6e88`
SHA3	`a32f803410b25620eb9f4049eba97d2e49bd58e03c313e149682bf73ddf536ac`
VirtualSize	`0x6e`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.690202`

.rsrc

MD5	`5b575b93609e5bd8e6963735a6741731`
SHA1	`41d2536d4c26d855f47636c034b9a1c3395b1080`
SHA256	`a2cbe544426792c8ae550feccbb1de0d013168e45d5da3cd6131ca4af660a317`
SHA3	`1aac692ec1d8340acd817b4dc1e44fa4a9472f77e7aa4ab2829df21ca5dccecb`
VirtualSize	`0x267b`
VirtualAddress	`0x4000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.98021`

.FEF3

MD5	`9ce6b26b4325a8e5a6bc1a68d53c2a59`
SHA1	`1ac9f084e7d441649e1f4d4cbc7a7a28f37e0fbf`
SHA256	`e472a85c1bb21e2b526f3a6a3e1e2f15af43a9f047ee13d2b3da1f9483bb3c39`
SHA3	`2c5e305c50acb975eb35ecee18dcc2188709d97bb911b0f5531a0511d4054558`
VirtualSize	`0xc1558`
VirtualAddress	`0x8000`
SizeOfRawData	`0xc1600`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99885`

.reloc

MD5	`23e87f4152aa3055eb8ede3c3b0f563e`
SHA1	`fd7e2a704981385890e8c97190cea3bb378ce5f9`
SHA256	`da2344fdd2345eb66f9c5d809c92c7a8b6235d049553dbf147455220cef05d8e`
SHA3	`8a8dac7fa26be9de97f5bbceba3e89bb2e06450ab757e1700ec6645e513728f6`
VirtualSize	`0x18`
VirtualAddress	`0xca000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.174052`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x15bd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.78657`
Detected Filetype	PNG graphic file
MD5	`964f6256f2e8ed07e9fd62f2a9db99e3`
SHA1	`3447ade95b879972ee91ff843237e5778467b29d`
SHA256	`3806aa449bf467715a76adeae9c67e581ee05c4fa166d28eaf4af6a58f8f80d1`
SHA3	`27ba23c8c1542cece7034c11f6c2fcad58421d85ee6be6d3eabc1a90a8389225`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.51664`
Detected Filetype	Icon file
MD5	`3206e3c9d12152c39c865dbf122e639d`
SHA1	`400ba3c06d5aa13e733cb0a1577dca98419a9038`
SHA256	`cf17595207263d533e109c2b1f0e34e46e65fa4ebe8f246518ee4d52f0a5dd0b`
SHA3	`65d2df7c74c1a496b3940cb7a5e206d55fc6e53cfeed0f465cdd8d060e444936`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27221`
MD5	`46a63f527986ca19e196524c8213d5cc`
SHA1	`e8705e65b3f7d1c566d6b8c6bdbf7fbab790cad3`
SHA256	`878dd4c123c4257dba3097c9c128a6e287ecb0f538c818989f5a7dc2aff08898`
SHA3	`a653cf05a47e9d562a3b7b6cc57df5843fbd31f011572d1b91b27165f2585a53`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc5b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00684`
MD5	`49278a34b5990f1d5a6c94a998a49f47`
SHA1	`b70474c513b42820f00f95ae3db8cbaf00d45acc`
SHA256	`51ac86fb532fb5883231be4ef7538255e6875d63fa62c8035d72f4d65c0ec114`
SHA3	`459a18c96cfb740f79e79ca5b205bb8ed0ae8569ec2196922c7ea0bb308953f5`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.0.0.0
ProductVersion	5.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	HostForms
FileVersion (#2)	5.0.0.0
InternalName	HostForms.exe
LegalCopyright	Copyright Â© 2010
LegalTrademarks
OriginalFilename	HostForms.exe
ProductName	HostForms
ProductVersion (#2)	5.0.0.0
Assembly Version	5.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.