Manalyze report for b712de4ba27e5c6a9116487ad1f6e78d1be502a33f05c0454f11bb7f5dc57ade

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2100-Oct-13 03:20:15
Comments
CompanyName	Leppsoft
FileDescription	Soundpad
FileVersion	`4.0.9.0`
InternalName	Soundpad
LegalCopyright	Copyright (C) 2016-2024 Leppsoft
LegalTrademarks
OriginalFilename	Soundpad
ProductName	Soundpad
ProductVersion	`4.0.9.0`
Assembly Version	4.0.9.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 49/68 (Scanned on 2026-05-02 12:06:58)	`ALYac: Gen:Variant.Application.msilheracles.2873` `APEX: Malicious` `AVG: Win32:MalwareX-gen [Spy]` `AhnLab-V3: Malware/Win.Generic.C5354698` `Alibaba: TrojanSpy:MSIL/Bobik.7073fd44` `Antiy-AVL: Trojan[Spy]/MSIL.Bobik` `Arcabit: Trojan.Application.msilheracles.DB39` `Avast: Win32:MalwareX-gen [Spy]` `BitDefender: Gen:Variant.Application.msilheracles.2873` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `CTX: exe.trojan.msil` `ClamAV: Win.Packed.Marsilia-10021147-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: MSIL/Agent.WXS trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.msilheracles.2873 (B)` `Fortinet: MSIL/Agent.WXS!tr` `GData: Gen:Variant.Application.msilheracles.2873` `Google: Detected` `Gridinsoft: Trojan.Win32.Agent.sa` `Ikarus: Trojan.MSIL.Agent` `K7AntiVirus: Spyware ( 700000201 )` `K7GW: Spyware ( 700000201 )` `Kaspersky: HEUR:Trojan-Spy.MSIL.Bobik.gen` `Kingsoft: MSIL.Trojan-Spy.Bobik.gen` `Lionic: Trojan.Win32.Bobik.l!c` `Malwarebytes: Trojan.MalPack` `MaxSecure: Trojan.Malware.300983.susgen` `McAfeeD: Real Protect-LS!546BEA72664D` `MicroWorld-eScan: Gen:Variant.Application.msilheracles.2873` `Microsoft: Trojan:MSIL/Lazy.AMBB!MTB` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Spyware.Bobik!8.108FF (CLOUD)` `Sangfor: Virus.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Troj/MSIL-TGO` `TrellixENS: GenericRXWO-IB!546BEA72664D` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9z` `VIPRE: Gen:Variant.Application.msilheracles.2873` `Varist: W32/MSIL_Agent.HKZ.gen!Eldorado` `VirIT: Trojan.Win32.MSIL_Heur.A` `ZoneAlarm: Troj/MSIL-TGO` `alibabacloud: Trojan:MSIL/Lazy.AZHJ3DGW` `huorong: Trojan/MSIL.Agent.jp` `tehtris: Generic.Malware`

Hashes

MD5	`546bea72664db04bb325d6d677b63324`
SHA1	`22aa350abdd19175cdb5e8a751c2e839f69b1fe6`
SHA256	`b712de4ba27e5c6a9116487ad1f6e78d1be502a33f05c0454f11bb7f5dc57ade`
SHA3	`676107f2ee0ab09315dac8f9a91be35238fcacf0a957bef1dd47ef9a818fc1da`
SSDeep	`12288:+uTDMTfnu733E0z6mISXq/wRW4qtYr7OJBWfy8:13E0GPBJiO+fN`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2100-Oct-13 03:20:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xa8600`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000AA53E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xac000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb4000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b0ddf1d01f55a2096ec504b359662b10`
SHA1	`855d9e1fb1df05e774b73152743f0a7909944e34`
SHA256	`73b4923e200663aca49ca393f582564a25d124d47ea9fb6d75b88aa144021e9b`
SHA3	`5c54acb66ad62ba2a68be0fd8f88f22ba54251b73c962c1f636e6c58b17f1ee3`
VirtualSize	`0xa8544`
VirtualAddress	`0x2000`
SizeOfRawData	`0xa8600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.70783`

.rsrc

MD5	`a5570e3dd305bef2f25289721feafd76`
SHA1	`ffc91e3f75a83122e069ba1d9dc6fd2ed5221cd7`
SHA256	`28d8ece291f7e5bf4bb595805dcb6d822a84bb751885caa34edce426e990bd83`
SHA3	`082804c0289c7fb4f6f552df8977ab46612086336e53696e439e6439c47ad7c5`
VirtualSize	`0x4318`
VirtualAddress	`0xac000`
SizeOfRawData	`0x4400`
PointerToRawData	`0xa8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.74813`

.reloc

MD5	`ecf30eb23b44470b23e3b1906c1b668b`
SHA1	`acf7bacd38b5bab739a5c19733d62d1a09a706dd`
SHA256	`9703a1ed60480241866f38df365cba99ad92bba041cf6f7c122c5778584daf37`
SHA3	`6b0f7ce85ea77b6b6741c883b5ecff30cc70448a757920b6c3ac53111c4bdf79`
VirtualSize	`0xc`
VirtualAddress	`0xb2000`
SizeOfRawData	`0x200`
PointerToRawData	`0xacc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.30361`
Detected Filetype	PNG graphic file
MD5	`8bcb4582c183268bd1a0f0fb9647fd11`
SHA1	`c4bdfa47f6dbd4c3d86267a92ec5842bbc12af53`
SHA256	`921c3c089bd4155b9430715eea50384876c3de4c5c175c8ef438a74bd3615ded`
SHA3	`02b3d260ef09ac5640167a327255e6b199f17369ccd9e6a460f9de9cbca4cfa1`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x365`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.68433`
Detected Filetype	PNG graphic file
MD5	`f4a0ef6d70b9b3605a3963456d351647`
SHA1	`61fa4d0ec87175d5d75603104e2fb2cb6d8002a1`
SHA256	`0f9b0ca8cc7be24553730ba4d57ab918da87d2f4faf93c08892d8cb8bacd9f3e`
SHA3	`bd14873f0f7e9826f9be1cff596090872859f7c28526c1b8059ee3228a1762eb`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x530`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76778`
Detected Filetype	PNG graphic file
MD5	`ef128106c201c78cf1bea7db9415a2b3`
SHA1	`abd8442115b37714b2f02a96cb36301f6cfb25ee`
SHA256	`219286fa2d89d92942b2fe1877dea083e2820c1c07b02443602bd1bddbca2d2c`
SHA3	`22bd65b269da08604a7807deb64a55bae9e7289eebc1ab0052824aaf51fcff79`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6eb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83744`
Detected Filetype	PNG graphic file
MD5	`520efece3659a6ffc21f1eca0fdb355c`
SHA1	`58ce0861e5de9da6c8cf9d036df30e127c559bd6`
SHA256	`dcc74cc5efa21e51321c3846092fc2eb7d8b10cd3a7bd7db0e1e5fd7e44b5d62`
SHA3	`8dba3dd1f3916bb51b8d6d2136d524ccc8347959addba17620bf341fef422a9a`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xe5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90995`
Detected Filetype	PNG graphic file
MD5	`67bc920ed00f36238ada5268f265a721`
SHA1	`3e0aa96faaa17f73d7357a230e7925e577d19aef`
SHA256	`8b544ed6d8f2e563ad1ddcaaf47493fb51a57fd35d5e8b5ede37331e65bfa931`
SHA3	`4e78792e201fbd4249e1d478aad7103f5bbe0a08547432f43c56f080f5b491d0`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1bf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89759`
Detected Filetype	PNG graphic file
MD5	`c4ab763605ecab1c2d1098f63776ea24`
SHA1	`98930806752580e11ef75b12a1867304a9bc806b`
SHA256	`4e2caa1293db07246dfba7c82f50503255c271d3d7998d6bd8b20530615b164a`
SHA3	`f02253ea9645b3bd93fd3929e43e625bef8cb5c8cd3a86507fa9b8794038c470`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.2621`
Detected Filetype	Icon file
MD5	`eb0d7f6a850611eb1ecda53e6494c135`
SHA1	`fdb7def01e734aa4010369d94341ea763f7201a6`
SHA256	`2fcc1f53f8bcc99c61d23aec9d9f11fb567ed68100b448547d930fd74ee01e16`
SHA3	`9027236e2a8b9c756874ab86fc321049bd1451f63b0b39dddd42ebd24d49ea1f`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x33c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29532`
MD5	`e78fd65e839c83c1d9fb35989bcad61a`
SHA1	`aed7123b4a1043352511b1e0aafa79bf3f5749a4`
SHA256	`a786f7a160ffc0aa2400b6895cb88e9b1d281cb0220c28117f4fa8fd4e3e4db9`
SHA3	`fb1ba74e8f434649d96e189ef0d29e8dd863050541b00be7c796682f53daf8cd`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.0.9.0
ProductVersion	4.0.9.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Leppsoft
FileDescription	Soundpad
FileVersion (#2)	4.0.9.0
InternalName	Soundpad
LegalCopyright	Copyright (C) 2016-2024 Leppsoft
LegalTrademarks
OriginalFilename	Soundpad
ProductName	Soundpad
ProductVersion (#2)	4.0.9.0
Assembly Version	4.0.9.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.