Manalyze report for db16a291ba7045778a93d2e5b1d904c5

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Sep-27 19:55:33
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 8.0` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: api.github.com github.com go.microsoft.com http://go.microsoft.com http://go.microsoft.com/fwlink/?LinkID http://go.microsoft.com/fwlink/?LinkId http://schemas.microsoft.com http://schemas.microsoft.com/XML-Document-Transform http://schemas.microsoft.com/packaging/2010/07/ http://schemas.microsoft.com/packaging/2010/07/manifest http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd http://schemas.microsoft.com/packaging/2011/10/nuspec.xsd http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd http://schemas.microsoft.com/packaging/2013/01/nuspec.xsd http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd http://www.w3.org http://www.w3.org/2001/XMLSchema https://api.github.com https://api.github.com/ https://github.com microsoft.com schemas.microsoft.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Suspicious	VirusTotal score: 1/72 (Scanned on 2025-12-26 03:56:15)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`db16a291ba7045778a93d2e5b1d904c5`
SHA1	`9b403a973d2da98da55b8dbcb387622d047c475d`
SHA256	`508bd6a8ccfe8f6b271b9ad1d0cad8c329cfdb218b8efe8300456f44ab5c2ad4`
SHA3	`7151252d464dc0a881885ad314c4d3da2ea51a1aaa399a176c7328c99c761bbb`
SSDeep	`24576:wWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9mG:Nt3UCiag6CKM2zCyZuOjJaxSS5qh`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Sep-27 19:55:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x1cee00`
SizeOfInitializedData	`0x1e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x001D0C3E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1d6000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b3e9af21264c28a0d9ec76326b79c3ca`
SHA1	`37805d962cf1e0d257f4d2f3cfeb072f8b32248c`
SHA256	`bbf7ba6d22b31d2501d9dd010a918716e17fbf0e089c591e0d6a20d76587b928`
SHA3	`4ded1cfd85db6fc96f5d2819facb635b4c29467caf2749f82afa8506c026c76a`
VirtualSize	`0x1cec44`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1cee00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.8965`

.rsrc

MD5	`c020712cdcf1985ba173f1dffa014e64`
SHA1	`4229ab5d4e69d7f8fdad4c2828aa22a7e6ed933d`
SHA256	`382b11adcf8498ad692367e7ffe29f4260b0bbe5da168331abb3cc0d03075b9c`
SHA3	`811b6662bdba50f4fd6d89a6c62355904dc87063ab63e07f3c7541fa00b481be`
VirtualSize	`0x1af8`
VirtualAddress	`0x1d2000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x1cf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.27213`

.reloc

MD5	`95ccf30cfa4a47e6962a6915e518f6df`
SHA1	`4b8a79947d2f88a8bbea3756a2b79ac6af30a687`
SHA256	`e511b53214834d7cb84cb54dab21d2a415bd9b933e7d59598d5c793d4d256232`
SHA3	`13711965c2adf5b827aed88a5253a9a4b06918121c35ed843f926a2cc7db0437`
VirtualSize	`0xc`
VirtualAddress	`0x1d4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1d0c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.08234`
MD5	`94f3a9f891f8970144e45bdea7557258`
SHA1	`a3927e8e1b14c84cf34bec79d48fc71a1d834817`
SHA256	`4e0f7c26a0735be14dadea083a7b28b88406f607aa89bb46c4f486c4f1059beb`
SHA3	`2cf1c59095c88811273ff49bcbedc0bd5f64b2fdba66b3a4717e3251fac6eb14`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38886`
MD5	`219fa281a732b49a25f44eb19047a2cf`
SHA1	`6bbbee2d16cf28e8ca805c704668672e10742cca`
SHA256	`5413aa7c03a33fe034523f26f0ea37fce02f1ddec08391dab41e3216a92b06a2`
SHA3	`3510860148a846ba4fcdabed0e39d12726ff8282538df5f425e96a51f7321989`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5e1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14488`
MD5	`89620db116ab442a736809dbe09510e1`
SHA1	`5440749c5eeebf32e6c37dbc2c5bd755d4d7de2b`
SHA256	`f4acb86e3534d7bac91eb9f2c646055848d6a0dd7fb0e9a962e7588ac3e6ca83`
SHA3	`eca1705f0d44ced47a45ae082ba16e818863f30d7c9ca6625b4484de957ecdce`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: StringFileInfo expected, read ProductVersion instead.
[!] Error: StringFileInfo expected, read ProductVersion instead.
[*] Warning: Could not parse a VERSION_INFO resource!