Manalyze report for c5460701f45d70e8b7255195ee08d15d87aa7847562ca27a6b5cd0c803418f5d

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2095-Oct-13 19:27:34
Debug artifacts	DevExpress_Patch_Keygen_DFoX.pdb
Comments	Patch and Keygen for all DevExpress Component
CompanyName	DeFconX
FileDescription	DevExpress_Patch_Keygen_DFoX
FileVersion	`2.5.0.0`
InternalName	DevExpress_Patch_Keygen_DFoX.exe
LegalCopyright	Copyright © 2022
LegalTrademarks	DeltaFoX
OriginalFilename	DevExpress_Patch_Keygen_DFoX.exe
ProductName	DevExpress_Patch_Keygen_DFoX
ProductVersion	`2.5.0.0`
Assembly Version	2.5.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Malicious	VirusTotal score: 36/67 (Scanned on 2022-06-25 17:28:57)	`Bkav: W32.AIDetectNet.01` `Lionic: Riskware.Win32.Generic.1!c` `FireEye: Gen:Heur.MSIL.HackTool.54` `McAfee: RDN/Generic PUP.z` `Malwarebytes: Malware.AI.4004521453` `Sangfor: Backdoor.Win32.Bladabindi.ml` `Alibaba: Trojan:Win32/MalwareX.4b6f2df0` `Cybereason: malicious.793923` `Cyren: W32/ABRisk.PPKA-8603` `Elastic: malicious (high confidence)` `APEX: Malicious` `Paloalto: generic.ml` `BitDefender: Gen:Heur.MSIL.HackTool.54` `MicroWorld-eScan: Gen:Heur.MSIL.HackTool.54` `Avast: Win32:MalwareX-gen [Trj]` `Ad-Aware: Gen:Heur.MSIL.HackTool.54` `Emsisoft: Gen:Heur.MSIL.HackTool.54 (B)` `TrendMicro: TROJ_GEN.R002C0PCP22` `McAfee-GW-Edition: RDN/Generic PUP.z` `SentinelOne: Static AI - Suspicious PE` `GData: Gen:Heur.MSIL.HackTool.54` `Webroot: W32.HackTool.Gen` `MAX: malware (ai score=81)` `Arcabit: Trojan.MSIL.HackTool.54` `Microsoft: Trojan:Win32/Casur.A!cl` `AhnLab-V3: Trojan/Win.Hacktool.R268820` `ALYac: Gen:Heur.MSIL.HackTool.54` `Cylance: Unsafe` `TrendMicro-HouseCall: TROJ_GEN.R002C0PCP22` `Rising: Trojan.Generic/MSIL@AI.90 (RDM.MSIL:ucR2AY28VrMElz6Gy1vIbw)` `MaxSecure: Trojan.Malware.11903493.susgen` `Fortinet: PossibleThreat` `BitDefenderTheta: Gen:NN.ZemsilF.34742.jm0@aeki7Io` `AVG: Win32:MalwareX-gen [Trj]` `Panda: Trj/GdSda.A` `CrowdStrike: win/grayware_confidence_60% (W)`

Hashes

MD5	`55f2a7779392333714ae245739edf252`
SHA1	`3b0844ef6d2e966289c6c8bf9e4ab2fc93c7d1f3`
SHA256	`c5460701f45d70e8b7255195ee08d15d87aa7847562ca27a6b5cd0c803418f5d`
SHA3	`0a6f1da1b73b828bc9382f64d2fe050bdd85b20a6aebca36043ed7ff829d9e56`
SSDeep	`3072:YkxA9v0l/BHYHCA3WMt1p+YzBBVTWlJJmfXDTPmfXDGUk:iMUpDtLz1TcJJWDWD`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2095-Oct-13 19:27:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x21600`
SizeOfInitializedData	`0x6600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0002340E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x24000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2e000`
SizeOfHeaders	`0x200`
Checksum	`0x2ed33`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`15`

.text

MD5	`9693ea58fc90285a8f27c748c440d967`
SHA1	`31e81585e2407044842b65cd29c5682ce2341b79`
SHA256	`91d79c6fad507cc5d2647b8a8b3adfbdc379fd4ee5a6d3f94cdf7b9b62b68944`
SHA3	`8f8687ac19e488a77c76993720c50ba70f719b79559aa8bb257c091008f5b5b0`
VirtualSize	`0x21414`
VirtualAddress	`0x2000`
SizeOfRawData	`0x21600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.99514`

.rsrc

MD5	`d997e67f55fe00e2670bea1f5838d445`
SHA1	`60b4aa03f0cc5c6b263c0222e36428fe61b0716b`
SHA256	`cde5998481e38f2793ffbcad2abd42dec05038ddeb9eede26f8c5dda3a40022d`
SHA3	`83917aeab95d094243666cf6b873f8a06427cc61763f91989792db7494bae1ea`
VirtualSize	`0x63b8`
VirtualAddress	`0x24000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x21800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.11101`

.reloc

MD5	`6f4cf742a789a144806c8bc09e428dbf`
SHA1	`0b19ec8ec3b24ba3d271959960a9255446182155`
SHA256	`e6ac54d98b889c9d8dfd5d24b8995876bfd8b8a4cf5aae376c75d10a68b992b7`
SHA3	`feb6c6668694f5d087f222ce190706e247b2e7c717bfc1145c45fc5029b277d3`
VirtualSize	`0xc`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x27c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.24766`
MD5	`6d1cae6272afbb88876ed6476b990d8c`
SHA1	`095719090b599ba4a64de150df6aaeb72bc86c7b`
SHA256	`8802216634fcdd4176eb889ca5d231eac393ae48e1d43c1195447b557d94b38b`
SHA3	`98e48d0be25fe8d0f2f16825b6dfb411e49c3aa81c26d2d46ef75c8cfcfc0b36`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.44148`
MD5	`ebbc5b1fafd8783e072222b4f4bea534`
SHA1	`4785f2cde61e8319048850559aec4a553ba0fe33`
SHA256	`38c8e2aed4e1afd6d0f7ccf62a26e5dfd712c8e8c541c633d80d1e0bf30b7a7e`
SHA3	`973bd6f32f962e2369de8dfb23a2aebf680bf89fcafa1c81aa9510888f896640`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7773`
MD5	`5ab9bc97fb58f9ddbdbe205a93d53008`
SHA1	`76194f8681ff649bb0158ee84191cbb4e296cabf`
SHA256	`7a84c7c95d38a980ff49398ca2daa2fdcb5ce835f0d2bc5ee6dbbf1a3036f28a`
SHA3	`cf13e29aa1a4608eff75153993d1777fa9c5364fe3fb2ad7a1a18c0d97e181f8`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x142a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86194`
Detected Filetype	PNG graphic file
MD5	`0f924a877d623ff2d4f404eab7b2e59d`
SHA1	`930d847561162b28ca5f6cd3c0e580dae042c855`
SHA256	`5525a1f12d996551d2bc5a5ef1c209563e93ab571a6397ecd228fb5947959435`
SHA3	`c7104abb60c0d3dd36c7574a5157840bde9e576fd45ec136d19158c0d59ebfb4`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44608`
Detected Filetype	Icon file
MD5	`d10a7e8e0899362b0db9bacd154369b3`
SHA1	`348da216859634a925548577a8c3b66775dbfdb5`
SHA256	`ed9a46cf4a1d0cd6b9ab3391c5fb69d5be6b329472bb8fac98b307b8ffac41b0`
SHA3	`192370b9a5dd585d65795b02b94c24c3cd721e0dbc457895cd5f1f1b65f2eaf7`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x430`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39345`
MD5	`5f71a3a72a605a935f4cd07e87cec3bb`
SHA1	`9a7fe5a131ac147898f94dee8f8ca420f7fcd086`
SHA256	`0fe7ffbd33af2949d3f7b2d8e07266f520f5b04f036df1c530c3cb3719436489`
SHA3	`59ebb954f0484f16b477858e911506e0be863d38e6d3ed7ce98d3207dc6a9894`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00587`
MD5	`5c72f656bdf2c2d0e255197ba73525e6`
SHA1	`6de3565f21eacb6cee6d054e819d312e4d5aff65`
SHA256	`e1063930c0a3e2d72c761838826e400c4a440e3d03509fe48ff9d59f485a25e3`
SHA3	`6c6822ce829fa1565c5412ec82f5dcc216da1cf599e9d631dadf67b38797ead2`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.5.0.0
ProductVersion	2.5.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Patch and Keygen for all DevExpress Component
CompanyName	DeFconX
FileDescription	DevExpress_Patch_Keygen_DFoX
FileVersion (#2)	2.5.0.0
InternalName	DevExpress_Patch_Keygen_DFoX.exe
LegalCopyright	Copyright © 2022
LegalTrademarks	DeltaFoX
OriginalFilename	DevExpress_Patch_Keygen_DFoX.exe
ProductName	DevExpress_Patch_Keygen_DFoX
ProductVersion (#2)	2.5.0.0
Assembly Version	2.5.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`57`
AddressOfRawData	`0x23384`
PointerToRawData	`0x21584`
Referenced File	DevExpress_Patch_Keygen_DFoX.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.