Manalyze report for 00cd56697fd3ff490fcdd5fb846147bb

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Aug-19 18:07:40
Debug artifacts	C:\dev\perl\htdocs_csdi_smoothviewer\src\media_installers\resources\upd35.pdb
FileDescription
FileVersion	`0.0.0.0`
InternalName	MediaBuyerAgent.exe
LegalCopyright
OriginalFilename	MediaBuyerAgent.exe
ProductVersion	`0.0.0.0`
Assembly Version	0.0.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: rshell.exe` `Tries to detect virtualized environments: HARDWARE\DESCRIPTION\System` `Looks for VMWare presence: VMware vmware` `May have dropper capabilities: CurrentControlSet\services` `Accesses the WMI: root\Security`
Info	The PE is digitally signed.	`Signer: cloud4pc` `Issuer: GlobalSign CodeSigning CA - SHA256 - G2`
Malicious	VirusTotal score: 39/58 (Scanned on 2016-09-03 00:54:00)	`Bkav: W32.HfsAdware.D362` `MicroWorld-eScan: Application.Generic.1558515` `CAT-QuickHeal: PUA.Eorezo.D3` `Malwarebytes: Adware.EoRezo` `Zillya: Adware.Eorezo.Win32.15053` `K7AntiVirus: Adware ( 004cd9721 )` `K7GW: Adware ( 004cd9721 )` `Arcabit: Application.Generic.D17C7F3` `Invincea: virus.win32.chir.b@mm` `F-Prot: W32/S-0a7e3f89!Eldorado` `Symantec: SMG.Heur!gen` `TrendMicro-HouseCall: TROJ_GEN.R00XC0EI216` `ClamAV: Win.Adware.Eorezo-357` `Kaspersky: not-a-virus:AdWare.MSIL.Eorezo.cj` `BitDefender: Application.Generic.1558515` `NANO-Antivirus: Trojan.Win32.Unwanted.dztpro` `Ad-Aware: Application.Generic.1558515` `Comodo: Application.Win32.EoRezo.AB` `F-Secure: Application.Generic.1558515` `DrWeb: Program.Unwanted.734` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: TROJ_GEN.R00XC0EI216` `Sophos: Eorezo (PUA)` `Cyren: W32/S-0a7e3f89!Eldorado` `Jiangmin: AdWare.MSIL.djdb` `Avira: ADWARE/EoRezo.86720` `Antiy-AVL: Trojan/Win32.TSGeneric` `GData: Application.Generic.1558515` `AhnLab-V3: PUP/Win32.EoRezo.R167868` `AVware: Trojan.Win32.Generic!BT` `VBA32: AdWare.MSIL.Eorezo` `ESET-NOD32: a variant of MSIL/Adware.EoRezo.B` `Rising: Trojan.EoRezo!1.A145 (classic)` `Yandex: PUA.EoRezo!` `Ikarus: AdWare.MSIL.Eorezo` `Fortinet: Adware/Eorezo` `AVG: BundleApp.BKGC` `CrowdStrike: malicious_confidence_100% (D)` `Qihoo-360: HEUR/QVM03.0.0000.Malware.Gen`

Hashes

MD5	`00cd56697fd3ff490fcdd5fb846147bb`
SHA1	`c62da103cbb404c6c6d6c52c08350e44dae6a6ec`
SHA256	`b6b1e1f6297adb28efd1ca13cfc22058477cc8fe31e5b653fa52830e53a67ee2`
SHA3	`61195578bd14668e1b5c50793ba1502616a897052d6d0d80ac4c668edccaada0`
SSDeep	`1536:FPo51/2R8AEcH75p7soAsyawgtzam2BR6D1bZ6iidIc9f6NDlvHsOS:FPo51/2R8AEcH7v7gsyawgtzamND1l6p`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2015-Aug-19 18:07:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x13a00`
SizeOfInitializedData	`0xa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00015852 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x16000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1a000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f6b24ae3e8f19e3c0ae358f1442cfda5`
SHA1	`00614ac4e2b331f998e7082ed4da1a331b1c8445`
SHA256	`e233812e5e09b7af8c1cb517b5f579555b06c922a32ab0072326859ae2d7e973`
SHA3	`ba7ff51c129418cf3dc24c2a46a52227ac107b1e8f18ff7f1c362d6dfc4a58b6`
VirtualSize	`0x138ea`
VirtualAddress	`0x2000`
SizeOfRawData	`0x13a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4506`

.rsrc

MD5	`7fa4945f3eccbd141e423a85cb6a230f`
SHA1	`1ce8e43581581083f1c639f0d98661595e067b4b`
SHA256	`5d043ab3fb1f02d1abc1be55b64179c261407e4d3ae95a41e4f9a5d1ea5f1a39`
SHA3	`a4314be3f440ab297f526d5344f8033797c81806d3ea92ddd1669c25ec8291cf`
VirtualSize	`0x603`
VirtualAddress	`0x16000`
SizeOfRawData	`0x800`
PointerToRawData	`0x13c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.80718`

.reloc

MD5	`1b9f13ff9d5e832c6cce25be25dd9315`
SHA1	`0e57bab2fcca16ff39384061831fd7ee51e4dcc0`
SHA256	`2018de1068e3c50aeebdbe3b6af50a2fa342ba7eb1503fab4c79182bae8a9917`
SHA3	`9e1f15c31419933c1d5bd1232098cd17a8b55ee125d1fd7c874c996af7a2463f`
VirtualSize	`0xc`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x264`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20096`
MD5	`d3f59bc5de544b9132b69a4dbf2b18ab`
SHA1	`e424753f1679f55b1147e825d6e10358ba3bd19f`
SHA256	`fccde951f2b0c9dffce995b6c9a506145b3cf5ac5ee622924d3ea49b92346f11`
SHA3	`5fee81265691e4fe55a6c854259b2f5f9e3109e5a5d098a6749a7505f923313b`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ff`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04449`
MD5	`c15c2bc862e2fda972e8e04d8655de7c`
SHA1	`0f90bdcffd30250fec7bb8057afff1760f3bd652`
SHA256	`aafcad20be643778ca26f93abce2dfe147f59f87258172ec82051549e6f7ff7c`
SHA3	`24593a5789437067ca43703f6e88b441c3dce785932fbcb97e0e45ff60d402fe`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	0.0.0.0
InternalName	MediaBuyerAgent.exe
LegalCopyright
OriginalFilename	MediaBuyerAgent.exe
ProductVersion (#2)	0.0.0.0
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2015-Aug-19 18:07:40
Version	`0.0`
SizeofData	`102`
AddressOfRawData	`0x15884`
PointerToRawData	`0x13a84`
Referenced File	C:\dev\perl\htdocs_csdi_smoothviewer\src\media_installers\resources\upd35.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: [plugin_authenticode] Hashing algorithm 1.2.840.1015.13.2.5 is not supported.