Manalyze report for f381e338212079c3a03fbbb532cdec44b1d27db03e8cc4c47408ef038885d934

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-May-10 07:48:18
Comments
CompanyName	BASeCamp Software Solutions
FileDescription	JobClock Administration Applet
FileVersion	`1.4.8.0`
InternalName	EncoderFallbackExcept.exe
LegalCopyright	Copyright © 2011 BASeCamp Software Solutions
LegalTrademarks
OriginalFilename	EncoderFallbackExcept.exe
ProductName	BASeCamp JobClock
ProductVersion	`1.4.8.0`
Assembly Version	1.4.8.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 8.0` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 61/72 (Scanned on 2025-06-02 11:03:11)	`ALYac: Trojan.Ransom.Loki.DBZ` `AVG: Win32:MalwareX-gen [Pws]` `AhnLab-V3: Trojan/Win.Infostealer.R491212` `Alibaba: Trojan:MSIL/Tnega.1403fd51` `Antiy-AVL: GrayWare/MSIL.Kryptik.enu` `Arcabit: Trojan.Ransom.Loki.DBZ` `Avast: Win32:MalwareX-gen [Pws]` `Avira: TR/AD.SnakeStealer.mpbph` `BitDefender: Trojan.Ransom.Loki.DBZ` `Bkav: W32.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.YakbeexMSIL.ZZ4` `CTX: exe.trojan.msil` `ClamAV: Win.Dropper.LokiBot-10026309-0` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.PackedNET.331` `ESET-NOD32: MSIL/Spy.Agent.AES` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.Ransom.Loki.DBZ (B)` `F-Secure: Trojan.TR/AD.SnakeStealer.mpbph` `Fortinet: MSIL/Kryptik.AEZD!tr` `GData: MSIL.Trojan-Spy.Snake.XMTIRX` `Google: Detected` `Ikarus: Trojan.MSIL.Crypt` `Jiangmin: Trojan.MSIL.amrha` `K7AntiVirus: Trojan ( 00592bc01 )` `K7GW: Trojan ( 00592bc01 )` `Kaspersky: HEUR:Trojan.MSIL.Taskun.gen` `Lionic: Trojan.Win32.Loki.4!c` `Malwarebytes: Neshta.Virus.FileInfector.DDS` `MaxSecure: Trojan.Malware.74644571.susgen` `McAfeeD: ti!F381E3382120` `MicroWorld-eScan: Trojan.Ransom.Loki.DBZ` `Microsoft: Trojan:MSIL/Tnega.ST!MTB` `NANO-Antivirus: Trojan.Win32.Taskun.jsflgf` `Paloalto: generic.ml` `Panda: Trj/WLT.G` `Rising: Backdoor.Androm!8.113 (KTSE)` `SUPERAntiSpyware: Trojan.Agent/GenericKDZ` `Sangfor: Spyware.Msil.Tnega.Vtrm` `SentinelOne: Static AI - Malicious PE` `Skyhigh: GenericRXSW-EH!411019BCB582` `Sophos: Troj/Krypt-LX` `Symantec: Trojan.Gen.MBT` `Tencent: Malware.Win32.Gencirc.13b6022a` `Trapmine: malicious.moderate.ml.score` `TrellixENS: GenericRXSW-EH!411019BCB582` `TrendMicro: TrojanSpy.MSIL.SNAKELOGGER.JPQ` `TrendMicro-HouseCall: TrojanSpy.MSIL.SNAKELOGGER.JPQ` `VBA32: TScope.Trojan.MSIL` `VIPRE: Trojan.Ransom.Loki.DBZ` `Varist: W32/MSIL_Kryptik.HFI.gen!Eldorado` `VirIT: Trojan.Win32.MSIL.BUO` `Webroot: W32.Trojan.Gen` `Xcitium: Malware@#1m1caykgusd8e` `Zillya: Trojan.Agent.Win32.2800454` `ZoneAlarm: Troj/Krypt-LX` `Zoner: Trojan.Win32.135735` `alibabacloud: Trojan[stealer]:MSIL/AgentTesla.NCH2XJC` `huorong: HEUR:VirTool/MSIL.Obfuscator.gen!A`

Hashes

MD5	`411019bcb582ef6e3dab080d99925b4b`
SHA1	`38cfa080a7ab69fb6c5010f38e321272a39d5f19`
SHA256	`f381e338212079c3a03fbbb532cdec44b1d27db03e8cc4c47408ef038885d934`
SHA3	`ed6a9e7236f8552bce840c20d1ee0b3ba1783ba0c8d97fcdb49499e80f445cfe`
SSDeep	`12288:YTXiIfxt7J0tYlP4E1wWfCNBDtiuLLeoH9NcNuq0ZpbZOK9u1LX5Lz6NP+bdTAB:S72qlP4NDNviKKoH9f31OIu1LX5LuA`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-May-10 07:48:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xf4e00`
SizeOfInitializedData	`0x15a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000F6CCE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xf8000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x110000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e4f7e97e388d0829654b07c5afb1c2bc`
SHA1	`e98350916a41533cd55ab30004cda8434ec7ede6`
SHA256	`2c7706736ec72f0b936e52da2f4f74219b9da81a1055b45160b92d35bd4a4b71`
SHA3	`5ee33277485d857a1aa8b1c25da374f27f79a54a16f8ba37bf03b3a8cc7db8b3`
VirtualSize	`0xf4cd4`
VirtualAddress	`0x2000`
SizeOfRawData	`0xf4e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.06478`

.rsrc

MD5	`78a7d0d4b10699fabae7553e8036b3e0`
SHA1	`766ece3897a6e99fbe664e2ad99b0b396a333a9d`
SHA256	`157edaaa0a23f86f136cdcd9c5e3ecf4c24bc78ccfae83ee1e302867936bba5f`
SHA3	`77043f0679f276285fd4fc63208193b97c21472ba02d286445c873c5a64c89a5`
VirtualSize	`0x15718`
VirtualAddress	`0xf8000`
SizeOfRawData	`0x15800`
PointerToRawData	`0xf5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.00351`

.reloc

MD5	`b1b6955124608f81e0c70d77ca0de9b0`
SHA1	`693c8e6a3afce4a7078a80ec2d6ac1cffe6739f6`
SHA256	`fcdae15e18f4c954ad97ba38d721cc90b99dae29f3d91f1ba5d416e8112a205d`
SHA3	`6f04648b4d1ece0f90d046e5011d65378fac9f72f7435f1c918fff6ef3e9da95`
VirtualSize	`0xc`
VirtualAddress	`0x10e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12237`
MD5	`640b88fe2daf46722e8ba9fd4ddcbcbc`
SHA1	`5d0e91fca4a3b0d872a829683505e82a3219edf8`
SHA256	`c6d9248da37f7d1d57f49d2540c157b32bac81907d4734af8bec46b48223a515`
SHA3	`3af3bc444a090e13cd846a5c24a516aaf0ca4962fc315c9074bd538a7ec2b73d`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07433`
MD5	`b500b2d6736e616e94f7c446d2ee59d0`
SHA1	`e2fc548378038f44094a86d11d63240bf00a977a`
SHA256	`df90cdbbf6b68050c5bd8dd699af3a3069882bc6dfbaaedd2c8fa6821d7138c2`
SHA3	`10de384473b2f1c8c409c0a71482e95374c6e8f5fb863aea66d960dbb5b96841`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.86907`
MD5	`27b060dd2682fb00ab6726ef7167d6f5`
SHA1	`0f49449de3e680343d055764e99773593e19eaf8`
SHA256	`7716a40503377a3b8ea6c81ccef55a1d0f0459dcb5301cbbca24f2dc941bee13`
SHA3	`600f714d93b0713bac9fabb8422cf818aef8943f1fd7429672e443ed6cedfdb7`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91225`
MD5	`bdceb79de76474648058b79173f3adb2`
SHA1	`d1418a6a4f3b7c15feed5a6af6c5a32035f0f6d4`
SHA256	`60142f6ffdf2d0bed2e82d40f950ba53735bac25380612b81934b202a169bb30`
SHA3	`b481a05376106467da04524de5c2d921ceec64e8ba4c0cbe21d078602625e768`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.02796`
MD5	`21ace96bb5c7b3aece464842ccb1cd54`
SHA1	`0ea6925d741f225b7e22404cb0ce9609c3ca43ef`
SHA256	`c117de175e2e360be95721e08cd12a600b29d4abe4a86520f9279e61195f1dfa`
SHA3	`cfbbff1bfd5fe0e04c618a956485029a3ce4486a7f8084b9c7ec64021cbae718`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40531`
MD5	`0bd96b3c6bf9b29ebd2885bb1b96b463`
SHA1	`05ae3445f19606521c9d7fdbedd6d6200c84cb7d`
SHA256	`58b8839694a53c49f91ba3975402c7629b906c76e5154b35d81290166f9a2dfe`
SHA3	`c632a946e5faa65cce2a437eb123e565f42c68a6d7b199fa9e0b57bf1624006b`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75822`
Detected Filetype	Icon file
MD5	`553de3668fffaae23385a504f812d264`
SHA1	`9ed6e0f95031ad0ccc4e3108edf19d04962b51a5`
SHA256	`0ed429b5e46efe02106602d7e24ed9aa88435277e96e14971c19a97ccfc121c0`
SHA3	`7596724082a13efd34e52d32cf90b5e9bac85abbdd1c56a4078da7c56fdb7ecc`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40545`
MD5	`d0cb383c40131c3861ce87fd4cecd889`
SHA1	`74e2a55df08a4674c26db09343d27aae14e18554`
SHA256	`f1a44c21b2c57fa65a52d5ada5a83ad40df677e90887173499d11d17838a52c2`
SHA3	`5baaee3e4d27ee5b38b081e5ec1c2d5ec61ea9c4094c3542b57e047a753ceb6e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.4.8.0
ProductVersion	1.4.8.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	BASeCamp Software Solutions
FileDescription	JobClock Administration Applet
FileVersion (#2)	1.4.8.0
InternalName	EncoderFallbackExcept.exe
LegalCopyright	Copyright © 2011 BASeCamp Software Solutions
LegalTrademarks
OriginalFilename	EncoderFallbackExcept.exe
ProductName	BASeCamp JobClock
ProductVersion (#2)	1.4.8.0
Assembly Version	1.4.8.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.