Manalyze report for 0adf4caa456d2c99db94403637a24b81

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Jul-18 18:50:53
Debug artifacts	E:\Nick\Windows Services\Windows Services\obj\Release\Windows Services.pdb
Comments	Access Start, Stop And Status Of Windows Services.
CompanyName	Advantage International
FileDescription	Windows Services
FileVersion	`2.07.1818`
InternalName	Windows Services.dll
LegalCopyright	OpenDoor Software®
OriginalFilename	Windows Services.dll
ProductName	Add2Exchange
ProductVersion	`2.07.1818`
Assembly Version	2.7.1818.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Contains domain names: DidITBetter.com Support.DidITBetter.com ftp.DidITBetter.com ftp://ftp.DidITBetter.com ftp://ftp.DidITBetter.com/Public/Upload/Customer http://Support.DidITBetter.com http://Support.DidITBetter.com/SearchResults.aspx?q`
Suspicious	The PE is possibly packed.	`Unusual section name found: .sdata` `The PE only has 1 import(s).`
Safe	VirusTotal score: 0/68 (Scanned on 2021-10-12 19:25:40)	`All the AVs think this file is safe.`

Hashes

MD5	`0adf4caa456d2c99db94403637a24b81`
SHA1	`6838fa4362d672cd83a6e4f018fe006983746983`
SHA256	`1dbd65638df0f3e20d6d33de04a8c5f2ab3610a24c8274e0a16f0480a75470c4`
SHA3	`0af8bea0c9ac71091bac7ed8cb36c80e219ec7eadf58372e2d9f526df05974d8`
SSDeep	`384:hdL996K3bIaXH+9XNGQ5KRFWRex3Zqx4P8LabNZcWJSJfdJT1O+:j99HbnqZ5KRkY8fpB`
Imports Hash	`dae02f32a21e03ce65412f6e56942daa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2018-Jul-18 18:50:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x5800`
SizeOfInitializedData	`0xe00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000776E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xe000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9d547464575534349224ff9940bcf2b5`
SHA1	`7cb639743b494663bd57de68e6870618e5750315`
SHA256	`b324c39be51601636a24afde7d7c3e1cb5bc788c2329d7cc5f5cd514b6635617`
SHA3	`da56c2f090ba596225f6adc57abdabd3501331fc78143f690aa8e5a1408b7be6`
VirtualSize	`0x5774`
VirtualAddress	`0x2000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67412`

.sdata

MD5	`84565901ce53147056839e325c2ce6f6`
SHA1	`029c8d3ca03614cab5552f87554f40d8b6380722`
SHA256	`825d33cd2093be99db9235e1489c0b6ef4a37e4c18b847692dfd961bb54f2a85`
SHA3	`8f9b98d46a78a1095608f8cdf6afdeca4ca9d7670c64543b5992a8b55483077d`
VirtualSize	`0x7f`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.78619`

.rsrc

MD5	`7cdb8ce5820c9fd922d42901453ba310`
SHA1	`5a1a0ea5aff8ab53622e97b36abc452e4cd1ad55`
SHA256	`1677d3ae1d002a0b2c8eb8f3d8f1030efde26c38ade4fdba8b81ae23671ddb18`
SHA3	`79908bcd6269e6131b64faf19ce2c42dbb16f314cec0910934d12d2fa2a6f3ea`
VirtualSize	`0x920`
VirtualAddress	`0xa000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.20466`

.reloc

MD5	`803ecdbc4b90224695faf84d0bc14863`
SHA1	`fab2ffb65aa99f24c47913a5fe994072dcd7f50a`
SHA256	`9c1e40ca4575e8d5e0c11d5c6ce8cf9277f067c08664e93ffd9772b574fe61e4`
SHA3	`7ece1c7cf0feacb0aa7190b4b3bc22b9f7080893b25a969eab64d9ee4b3d0ea8`
VirtualSize	`0xc`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0776332`

Imports

mscoree.dll	`_CorDllMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71419`
MD5	`d2d15e1e362ef2edda7238e165376112`
SHA1	`c1e5af71c456dc766ad70e1a3abc6c97fda626d7`
SHA256	`7c5a5e79e83118e35690003b7af90edf66caea64b38e03bf65e555c49c3a5b31`
SHA3	`fa458690e3f40a331300e7fea11f1f2d9d24266b84ed5c645b5eb272677670e6`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53612`
MD5	`da1aeaa9a812c0a31fcc6e42e2f8e675`
SHA1	`58edba28c9067b74c7699bd5a12348e5f7c50e49`
SHA256	`bf763501e16f639d5223f88427789665cb0baa9af8877e2e83c65e16016ab8b1`
SHA3	`c12b7a9764a04702f5684387b5fb20a37874203cb2af7b41921d68496146d378`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47702`
Detected Filetype	Icon file
MD5	`29a1f473b6fc0b877ce30be83212f25a`
SHA1	`a66309103e9f7ff118fd964f2cd5ae04bbd4a322`
SHA256	`e5d571d7f26fa57c7e00290d0fa8aef8c1d519983e0aa5ecd75f5d4b41fa4cda`
SHA3	`c3b0b1b14385cdc2d88d02c11aaca33ca55d509d2fe1dce1777c05d32c0e8a30`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44225`
MD5	`4a6f3e3a2a6ba9f8a8286fc94ce1bb89`
SHA1	`237a2643285183c18de042effea0795bcc44aaab`
SHA256	`0b734f7b201138ee45f7e46aebf8dcdfcb59567659c41a658fd5bd2e06e7a1af`
SHA3	`c34419ae303aed400be5d6838f5de64e31f05805591aee625969d12ed989c9de`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.7.1818.0
ProductVersion	2.7.1818.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments	Access Start, Stop And Status Of Windows Services.
CompanyName	Advantage International
FileDescription	Windows Services
FileVersion (#2)	2.07.1818
InternalName	Windows Services.dll
LegalCopyright	OpenDoor Software®
OriginalFilename	Windows Services.dll
ProductName	Add2Exchange
ProductVersion (#2)	2.07.1818
Assembly Version	2.7.1818.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Jul-18 18:50:53
Version	`0.0`
SizeofData	`99`
AddressOfRawData	`0x801c`
PointerToRawData	`0x5c1c`
Referenced File	E:\Nick\Windows Services\Windows Services\obj\Release\Windows Services.pdb

TLS Callbacks

Load Configuration

RICH Header

0adf4caa456d2c99db94403637a24b81

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.sdata

.rsrc

.reloc

Imports

Delayed Imports

2

3

32512

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors