Manalyze report for fc6fb6ad71beb6a89b3a21f1779e56c8ccd5de15380cf2be0e9e28d97a7327c3

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2082-Apr-05 20:07:17
Debug artifacts	c:\work\cryptor_alf\real_exe\E1\obj\Release\teerthewr.pdb
Comments
CompanyName
FileDescription	j34ytje
FileVersion	`1.0.0.0`
InternalName	teerthewr.exe
LegalCopyright	Copyright Â© 2025
LegalTrademarks
OriginalFilename	teerthewr.exe
ProductName	j34ytje
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: vmware`
Malicious	The PE's digital signature is invalid.	`Signer: Ashampoo GmbH & Co. KG` `Issuer: VeriSign Class 3 Code Signing 2010 CA` `The file was modified after it was signed.`
Malicious	VirusTotal score: 25/71 (Scanned on 2026-06-04 20:11:32)	`AVG: Win32:MalwareX-gen [Cryp]` `Arcabit: Trojan.Zusy.D94B3F` `Avast: Win32:MalwareX-gen [Cryp]` `Avira: TR/Dropper.MSIL.Gen` `BitDefender: Gen:Variant.Zusy.609087` `Bkav: W32.Malware.B095E10F` `CTX: exe.unknown.zusy` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: MSIL/Kryptik.AQIM trojan` `Elastic: malicious (moderate confidence)` `Emsisoft: Gen:Variant.Zusy.609087 (B)` `F-Secure: Trojan.TR/Dropper.MSIL.Gen` `Fortinet: MSIL/Kryptik.AOSV!tr` `GData: Gen:Variant.Zusy.609087` `Google: Detected` `Kaspersky: VHO:Exploit.MSIL.ChecksumController.gen` `McAfeeD: Trojan:Win/Msilstealers.FYF` `MicroWorld-eScan: Gen:Variant.Zusy.609087` `Microsoft: Trojan:MSIL/PureLogs.BAI!MTB` `Symantec: ML.Attribute.HighConfidence` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04CA3` `Varist: W32/MSIL_Kryptik.NCZ.gen!Eldorado` `Webroot: Win.Hacktool.Dcrat` `huorong: Trojan/MSIL.Obfuscated.jo`

Hashes

MD5	`4b40afef6d3c5d6b857e8988b298a412`
SHA1	`d9ff51ecf0837740cdd803605dfc8c55bf0d0544`
SHA256	`fc6fb6ad71beb6a89b3a21f1779e56c8ccd5de15380cf2be0e9e28d97a7327c3`
SHA3	`b2e640272550b60f43598a3a46ac25a215a45d34194646576c371a68e0bce451`
SSDeep	`3072:v9O3+Sp99pEGHncPn2+VkjbDq5/odJ0tM86Wau8relQbgYrnvRbxhJyFYY2mIV0X:FTS5GUWkaQi9DjG4QbgY1bxs2NVIx7UY`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2082-Apr-05 20:07:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x32000`
SizeOfInitializedData	`0x11000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00033EEE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x34000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x48000`
SizeOfHeaders	`0x200`
Checksum	`0x49a90`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9c37872477303a017887be307be145a1`
SHA1	`28d773a088ed2af8a7008e7ae972de2ea8333133`
SHA256	`c2770d10bf2e5503b4fa5ec168720a01120fd87ee966efb6e5c3b13ebf6dde0e`
SHA3	`2ee0205f2528c64755d4f8639ded4525cf91b6e3d3d36823354ee174366d27ce`
VirtualSize	`0x31ef4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x32000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63109`

.rsrc

MD5	`dde9dc962f26554d6cba72be9d9ac31d`
SHA1	`ebae0ea3a00e2e882d11fb082afbfe517b09f4e2`
SHA256	`60331c7756bc9ada43e53b6a95b07ff6540413873155a7ad67ce7c04cf321540`
SHA3	`3f95796ea00f95a625636f4ff9859a37e110a627231ddce587244afda39a0d0e`
VirtualSize	`0x10c3c`
VirtualAddress	`0x34000`
SizeOfRawData	`0x10e00`
PointerToRawData	`0x32200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.84986`

.reloc

MD5	`c1df5c65ffd6a7c8e8953fc70e51eb48`
SHA1	`6a32f3dfc1630caa87a5b6814ab30fc3cbe3b5e4`
SHA256	`becf6f593cadaa1b1d264b8af131d184a39c6b375dc54c92b4c03f496f8b8d10`
SHA3	`e32f18c8c775fb0ae9a971a7b3a4ed64f500707b2d39bff4f0a9b292cfcfa3f0`
VirtualSize	`0xc`
VirtualAddress	`0x46000`
SizeOfRawData	`0x200`
PointerToRawData	`0x43000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.86249`
MD5	`cf1f2f812339e35abe35c3fb37df5fc6`
SHA1	`5f3b54ae86320e3a23acfaa72082c69498bcc3c5`
SHA256	`5f7a82c39f31e5e61d842a22b2b871aff38c11fdc1da10743d05795acef707b9`
SHA3	`8c85d156f72ec013a4cbbce9cbe5a10117b48a0e3807b25e47b9132b3f265476`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`38388dda6548693f4d42f2241a4218d7`
SHA1	`78bedd12a20f97e31e58742381f3d0ca1edb4715`
SHA256	`cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba`
SHA3	`9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27087`
MD5	`a8439189cb05c5698f97b1810e106799`
SHA1	`aef9b6dc29e115296bd405828f225dd3161c1d57`
SHA256	`e80ce1dcb6d5dbb9a4d5ae5bd9a5934e056de2bddd37241874cd8c0668c71817`
SHA3	`c8c8314a5fbc151479968caede64db607c6badfec9f998024c54502fb39ca373`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	j34ytje
FileVersion (#2)	1.0.0.0
InternalName	teerthewr.exe
LegalCopyright	Copyright Â© 2025
LegalTrademarks
OriginalFilename	teerthewr.exe
ProductName	j34ytje
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2079-May-13 04:01:47
Version	`0.0`
SizeofData	`82`
AddressOfRawData	`0x33e48`
PointerToRawData	`0x32048`
Referenced File	c:\work\cryptor_alf\real_exe\E1\obj\Release\teerthewr.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.