Manalyze report for d6d876c7327482a6293fb5014393ace99e14aa7e0638bbda9fc602d35b8a72c9

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Feb-08 22:10:28
Comments
CompanyName
FileDescription	HMC 2.0
FileVersion	`1.0.0.0`
InternalName	Hackus Mail Checker Reforged.exe
LegalCopyright	Copyright Â© 2022
LegalTrademarks
OriginalFilename	Hackus Mail Checker Reforged.exe
ProductName	Hackus Mail Checker
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: MSConfig.exe Regedit.exe Taskmgr.exe procexp.exe schtask` `Contains references to security software: MSASCui.exe MsMpEng.exe` `May have dropper capabilities: CurrentVersion\Run` `Accesses the WMI: root\CIMV2 root\Security` `Miscellaneous malware strings: virus`
Suspicious	The PE is possibly a dropper.	`Resources amount for 80.7805% of the executable.`
Malicious	VirusTotal score: 55/67 (Scanned on 2026-03-20 09:16:25)	`ALYac: Trojan.GenericKDZ.102657` `APEX: Malicious` `AhnLab-V3: Trojan/Win.Agent.C5394037` `Alibaba: Backdoor:MSIL/AsyncRAT.8236d361` `Antiy-AVL: Trojan[Backdoor]/MSIL.AsyncRAT` `Arcabit: Trojan.Generic.D19101` `Avira: HEUR/AGEN.1365975` `BitDefender: Gen:Variant.Application.Jalapeno.131` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.GenericFC.S30154362` `CTX: exe.trojan.msil` `ClamAV: Win.Packed.Razy-9807129-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DrWeb: BackDoor.AsyncRATNET.1` `ESET-NOD32: MSIL/AsyncRAT.A trojan` `Elastic: Windows.Generic.Threat` `Emsisoft: Trojan.GenericKDZ.102657 (B)` `F-Secure: Heuristic.HEUR/AGEN.1365975` `Fortinet: MSIL/Agent.CTE!tr` `GData: MSIL.Trojan-Stealer.Keylogger.BA` `Google: Detected` `Gridinsoft: Trojan.Win32.Downloader.dd!ni` `Ikarus: Backdoor.Agent` `Jiangmin: Trojan.MSIL.aoink` `K7AntiVirus: Trojan ( 700000201 )` `K7GW: Trojan ( 700000201 )` `Kaspersky: HEUR:Trojan.MSIL.Agent.gen` `Kingsoft: MSIL.Backdoor.SheetRat.gen` `Lionic: Trojan.Win32.AsyncRAT.4!c` `Malwarebytes: AsyncRAT.Backdoor.Rat.DDS` `McAfeeD: Real Protect-LS!5237DCB1E6EC` `MicroWorld-eScan: Trojan.GenericKDZ.102657` `Microsoft: Trojan:MSIL/AsyncRAT.S!MTB` `NANO-Antivirus: Trojan.Win32.AsyncRAT.leijnn` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Backdoor.AsyncRAT!1.C678 (CLASSIC)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: W32/VenomRAT!5237DCB1E6EC` `Sophos: Troj/VenomRat-A` `Symantec: Backdoor.ASync` `Tencent: Trojan.MSIL.Agent.16000593` `Trapmine: malicious.moderate.ml.score` `TrellixENS: GenericRXVS-NQ!5237DCB1E6EC` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9z` `Varist: W32/Trojan.IML.gen!Eldorado` `ViRobot: Trojan.Win.Z.Asyncrat.381440` `VirIT: Trojan.Win32.MSIL_Heur.B` `Webroot: Win.Trojan.Gen` `Zillya: Trojan.AsyncRAT.Win32.24521` `ZoneAlarm: Troj/VenomRat-A` `alibabacloud: Rat:Win/AsyncRAT.Stub` `huorong: Backdoor/MSIL.DcRat.a`

Hashes

MD5	`5237dcb1e6ecef53c17472b3832ab465`
SHA1	`7b84a29b91e761a7a36196078e2896fec884fd83`
SHA256	`d6d876c7327482a6293fb5014393ace99e14aa7e0638bbda9fc602d35b8a72c9`
SHA3	`5519e978011f8dd33bd1664bd5165cd6574ddd480b9f2ea3ed3391c6f1f577e2`
SSDeep	`3072:hUmcxg8vcyPMVZrzZH1bMBgQyTc3zirAYjBc34ucm0afVlY:hAcyPMVZ3ZVbsg+Gbtc34a`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2023-Feb-08 22:10:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x11600`
SizeOfInitializedData	`0x4ba00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001346E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x14000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x62000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6ab4b5c095ffa9ab9bf8797b27bca0b3`
SHA1	`826cc364416537a7a86e535dfe0182a91f260b89`
SHA256	`7af93da0a1fe9cf0ea01f47114c351f4c3e24063011c284f356221d76ee855da`
SHA3	`9672516fc71b6328a720f72916f1689a3a9d325607e8bb8ae24213272883f952`
VirtualSize	`0x11474`
VirtualAddress	`0x2000`
SizeOfRawData	`0x11600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.82894`

.rsrc

MD5	`793a8213d0922e4500b17a5c7f9d2df4`
SHA1	`6fbf66af649a0de94cd25c78f0bcab07d7d75d43`
SHA256	`f44b1703f2ed1dcd8d0c448fb61894d9c9438f4b49a83b9ac4315372dae16481`
SHA3	`dccb8c69d505603bedb7716d7c7ffbe534f2faf8a8cb2858f67f84ac6a04e93f`
VirtualSize	`0x4b654`
VirtualAddress	`0x14000`
SizeOfRawData	`0x4b800`
PointerToRawData	`0x11800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.46488`

.reloc

MD5	`b5456319a3019d6d3680593bec713244`
SHA1	`d44f087cef67ea95a035e93e446efcb6cd9c9057`
SHA256	`5af04e333afaacf8ac8c3e38f474f8645c6b5128079e4295335299d373235b96`
SHA3	`aafb784014e1e31deaa86ed9d8faf82169b6793924fb213b10a4213fc71a9895`
VirtualSize	`0xc`
VirtualAddress	`0x60000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39338`
MD5	`dc04f22f1d78500d1ee4eb9656adfa48`
SHA1	`44bf2a4469f56f35a75e08a978b45283b5c53d4d`
SHA256	`5837cd580d7f5a2902f61d7a69a1535c5d810465879c53f0f24a16a878d36836`
SHA3	`9fd06d8a2029a500e3674af4301b28c9e773aa7a0fb358062b394228e34528aa`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.42604`
MD5	`1054ed087d007f2bb98d619acb8ae438`
SHA1	`27e97561694948f3c1b27951c05d3a95f00a606f`
SHA256	`00b29ff34ee42519133cfb568c3f0e391b684d08fa4f5fe2d36e9fe681ebe45b`
SHA3	`3cf03efb17aec5c2bec277366110c7fa364cbf4bb53f08462776797e331f20ca`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3627`
MD5	`d9323f3dc4c2dd3714a3c03bff47a117`
SHA1	`540f5b100cf776b196021bf3bad44e1bad31ef3d`
SHA256	`f3bdd4c0da12fe323348375010f1eb50a3d1abbd02e112c66082a16cd7abf32d`
SHA3	`dc314c73214d9ff4cbf533ca8ffefdf5b4b0f85ba4757285f47c9113b44233f9`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02789`
MD5	`f9bd2ce1e03f5cdb45b586bac2220e66`
SHA1	`3a7ab18ed4c4776db7d3bb8ade07dde5d3062fbd`
SHA256	`a88ad863e202624fbad3d3f9055f947af97f9a040345fe71988d2c3ceba02e92`
SHA3	`44eb0009cf5f273d93dcffaad0723890f38de217b30c3d076f3b71916e8fbd52`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.63859`
MD5	`bfb452eb7f22be355045e06f8c521e40`
SHA1	`666e684e8e880daa46e4a3d87408a31a0ceb7327`
SHA256	`d715905490068e6c28a3e8d506d42f8b60006db3deb617ac0a7597bc33a1aceb`
SHA3	`06b98ed13ce7fc93752699d0d470bb0dff5da182f6854a99a825b7c185d63a71`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.22807`
MD5	`ca30592eb8c08ac8de33dc7549da89c0`
SHA1	`0e7e06912d4c4de1e8419648c6e34f34a3d5cf83`
SHA256	`48c8e4b79ee3b59ba8166cfe4fbbf1591910d6b15ab030c71ad1219cac5e3b43`
SHA3	`34cdfb5b98df0cafa8768b0cbacf6b712bdd68fe5074a26c2ccf8e1d41a8d3cd`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90216`
MD5	`0e98495d7cebc672998221b5d548994f`
SHA1	`0790c89b19676a5f3e86a79f64f32e8ecfff81d0`
SHA256	`ee30cab734cefd95e8cd4a8db6da0b2403ca6c7e418f67768eff5ef91645f230`
SHA3	`6c068d6123bad9acdbad2ea9544edc42bc6134439cb0afcf59d6b2a0e69d8cec`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75958`
MD5	`35bd75704ad46369b998abfa9be71466`
SHA1	`d00a7d082983937f27323bb5094a661e8e56fd20`
SHA256	`10ef92a58b0484f44a98d5dee44819d296f9f013cb32884927b8ed4ac0e7d76b`
SHA3	`883d8927f69a3eded052eb10011ecf402812719cde1a64ed594177b371da0f0e`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2fbe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95244`
Detected Filetype	PNG graphic file
MD5	`653a2432988ba5771ef3cdcf95338fe5`
SHA1	`7852ac1cc9603a934130695b732c60a07ff1845d`
SHA256	`5d8bf50c975b98798aed11a543870acb1e90dce77abb03f5337cc065c5d06eb9`
SHA3	`2c2b576f5e5aec402bd09678d2a0298393c026ac77211fb441c5c447c80ba73c`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58551`
Detected Filetype	Icon file
MD5	`c95cc143261cf5f490a47842e30c3ac7`
SHA1	`8aa0dca8f2b0e61b5da387dbc60d33f10079548b`
SHA256	`40db9911ffbee58b9bad64ac4850445dbfefeee700f417bb9c4624451f7ec750`
SHA3	`3761fae7bca1c94ab4850e046e136e0a71681c9cd5296ac79ed3f0a0f4158418`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x37c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32455`
MD5	`83db19d9535a4e67d94b1bf9f2719212`
SHA1	`2f2fe43e0e0d8802d58d9ec342d15a29dc7d1cad`
SHA256	`c31525e7584bfc74ddb4ecc05dda540aadbdd3c021b37cd90e0602bd24166a7a`
SHA3	`732fbad79d11ea4e6dd41988702abb206985d5576dd924dbffb12fd62faf3f0e`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xa83`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13313`
MD5	`d8edc24dd706bd2bbea1e5d943a43d9f`
SHA1	`8c8a4d7b12aeaa85ec22ff6d594725eef13c8ba5`
SHA256	`6bda71eaee226fbd056f2563bb23023d1ac62a3ab93552e044ea5244e785ba78`
SHA3	`b1ee9530d3d802971d963935196d5d189b79fa6881430747ca5d9d015ce0760a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	HMC 2.0
FileVersion (#2)	1.0.0.0
InternalName	Hackus Mail Checker Reforged.exe
LegalCopyright	Copyright Â© 2022
LegalTrademarks
OriginalFilename	Hackus Mail Checker Reforged.exe
ProductName	Hackus Mail Checker
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.