Manalyze report for 0bbbd60ad342787af81c9930a5965a90fc515e73bc9fa456fb9e0b4296dacf6d

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2086-Nov-16 22:34:56
Debug artifacts	MobiInstaller.pdb
CompanyName	MobiInstaller
FileDescription	MobiOffice
FileVersion	`1.8.14656.1`
InternalName	MobiInstaller.exe
LegalCopyright
OriginalFilename	MobiInstaller.exe
ProductName	MobiOffice
ProductVersion	`1.8.64656.0+d1a964fc05b85eabda1b61c3b5a6599ccc0d4cf3`
Assembly Version	1.8.14656.1

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: AppCenter.Resources.AppResources.de AppCenter.Resources.AppResources.es AppCenter.Resources.AppResources.fr AppCenter.Resources.AppResources.it AppCenter.Resources.AppResources.ru AppResources.de AppResources.es AppResources.fr AppResources.it AppResources.ru MobiInstaller.de MobiInstaller.es MobiInstaller.fr MobiInstaller.it MobiInstaller.ru MobiSystems.AppCenter.Resources.AppResources.de MobiSystems.AppCenter.Resources.AppResources.es MobiSystems.AppCenter.Resources.AppResources.fr MobiSystems.AppCenter.Resources.AppResources.it MobiSystems.AppCenter.Resources.AppResources.ru Resources.AppResources.de Resources.AppResources.es Resources.AppResources.fr Resources.AppResources.it Resources.AppResources.ru cfg.mobisystems.com googleapis.com http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.microsoft.com/winfx/2006/xaml/presentation/options http://schemas.microsoft.com/xaml/behaviors http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 https://cfg.mobisystems.com https://cfg.mobisystems.com/_data/banners/ https://cfg.mobisystems.com/update/Dependencies/Microsoft.VCLibs.140.00.UWPDesktop/14.0.33728.0/x64/Microsoft.VCLibs.x64.14.00.Desktop.appx https://cfg.mobisystems.com/update/Dependencies/Microsoft.VCLibs.140.00/14.0.33519.0/x64/Microsoft.VCLibs.x64.14.00.appx https://cfg.mobisystems.com/update/Dependencies/Microsoft.WindowsAppRuntime.1.5/5001.70.1338.0/x64/Microsoft.WindowsAppRuntime.1.5.msix https://mobisystems.com https://storage.googleapis.com https://storage.googleapis.com/ms-apps-bucket-exp/_data/banners/ https://storage.googleapis.com/ms-apps-bucket-test/_data/banners/ https://support.mobisystems.com https://support.mobisystems.com/hc/articles/24994358001821-Troubleshoot-Common-Installation-Errors?platform https://support.mobisystems.com/hc/requests/new https://www.mobisystems.com https://www.mobisystems.com/wpf microsoft.com mobisystems.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org sentry.mobisystems.com storage.googleapis.com support.mobisystems.com www.mobisystems.com
Info	The PE is digitally signed.	`Signer: MobiSystems` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`999f23efdc3e6be352c1e952ad1c7945`
SHA1	`8731d135dfe3b1d59ba7c189384aa8dca169a2a7`
SHA256	`0bbbd60ad342787af81c9930a5965a90fc515e73bc9fa456fb9e0b4296dacf6d`
SHA3	`301f18bef3d542654718ad881f0f3279c03d5769b8a513ed30af6a213158f54d`
SSDeep	`98304:DeeDOS/pVWX6xbkqXf0F4zWXGWAAkQ7gZ6LlRG/:3FxVWX6xbkSI4zW2W/7gZiu`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2086-Nov-16 22:34:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x325000`
SizeOfInitializedData	`0x25e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00326E0E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x350000`
SizeOfHeaders	`0x200`
Checksum	`0x34f952`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c03bb8b7391af790034c24fa55d534ce`
SHA1	`a86fa56bfbb71070484a16a5194fbcb95dfc0280`
SHA256	`368c9314b18f7716ea7a72ec6b76f7b732283cd50bd436ed2afe5957d84c8bca`
SHA3	`02764bc2c25930fae12be1c190d8cc552fe0b1e9a62adcffdbdfe743a6574fe4`
VirtualSize	`0x324e14`
VirtualAddress	`0x2000`
SizeOfRawData	`0x325000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.81737`

.rsrc

MD5	`b7fdabb1e6ccd09663856bf8f17b0cea`
SHA1	`ef830743d7cfa20e2f1e9db40ac1acf801f09e8a`
SHA256	`69b68f9f4c56918f936ed2220cc00e2d85be89d9d9939dd830da1f11b66bad45`
SHA3	`f72c21623335d53918f0f744db7a46bb946eef7cba4b232d748353cfef1e426a`
VirtualSize	`0x25a18`
VirtualAddress	`0x328000`
SizeOfRawData	`0x25c00`
PointerToRawData	`0x325200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.17785`

.reloc

MD5	`d5f18a462e31ce726c0cd7698d84cfa8`
SHA1	`f5e6079ba4f0066c5bdb62ab9e4a868afbbcdf5d`
SHA256	`c67cae706e3c1b06ce7c89d2d8aa9f3f2f6cd0325bab3ccda3a660d1615843ea`
SHA3	`5dcd16b08b886f966b26867a14707bd8cb6c823845f77b1c29c89b814c9e1ce1`
VirtualSize	`0xc`
VirtualAddress	`0x34e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x34ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.96564`
MD5	`0b7e3ecff048f9ee067d5e8d91b5a5eb`
SHA1	`e7384c18ea82a48a3aef1a7e2f75d1a7f6030c2f`
SHA256	`8b4dbc33d5bb1d8ab5f3ac65d527744a47daa5b839c1a9f5b2e0b8f0b9e5c575`
SHA3	`07ef83eb7c7c638a61bb244be294d59c69d982cea0ac9ce46b8a98dc4581c235`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79356`
MD5	`c0ae6d44d77504f3ecfd1144b66c7213`
SHA1	`6d4621e7ccf1725dd4a5dae125a47d795ca95afa`
SHA256	`8da82bb579e44f66208a37ebf3cc3f5475e0cad830022b4ec3b371553cebae23`
SHA3	`b8011a9183a8816e622c334bf9e67a27bd509405914f5a494e1633c6bcda28e6`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76002`
MD5	`1a32efdaf7b8d1771b462b21621f080e`
SHA1	`ecce6aa692c0b98aac12a1ed45ffb49caa1b6fd2`
SHA256	`b332f0422b92f558888897c28a1f5f1100c987052d16d566af8d799cf8d7e363`
SHA3	`8e18e0445fd5fd4514d5842b7f451e10ec48777d99bb0b5a5f2d0c0709f3ff21`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.60323`
MD5	`2c347c3b20692ab68256ee915a2a6720`
SHA1	`e0654ac6b7c1b939b5198ad1c99e30dd6baf70ed`
SHA256	`78f3eea85ce5972c0cd7b9cd7f37047a9c18cd68652cef0d409c9891cfc2826d`
SHA3	`be3e8179713ac2a3aba88d836f9a95dbab577e5641f5fcdc462df7fac8e84e6e`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09314`
MD5	`a70d6cbdd1f5cadb2d5c7cc07c07799e`
SHA1	`2fd6d50e021a03850da61fafeabd1053eac83c3e`
SHA256	`06843865bf39840c93c9496a09f64b3a6385498d1c9e0baf2f75ca6f543950ee`
SHA3	`491464f1a3c2b8df3e2fe47a54896aae25591a281d7784d0649744eb0df217b2`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87659`
MD5	`c8cc7a678b29e8106f2642356f26df45`
SHA1	`1e27aec86f43b09bc4766d0486128051988a3050`
SHA256	`4a7ca45c46f54cb1ff2858cfd090f913f08a5b6f3a67f910af0b7e0b33e4f15f`
SHA3	`5ebbc4c3cda10b8298bf9e586ab1c2c34b7515b584763bcf31ffb23e85cbd469`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61203`
MD5	`947cf860f0e582290bbc24b2d77af1c3`
SHA1	`592a7bd8a96099427cd5001c4e22ebf0b3ce13c0`
SHA256	`0029370cf1a18099b2feddda6f52c182c7d00c77fdddf1cc717ec8fded2b8e8e`
SHA3	`2aecd683b53fd77de4adf7e044e509cae50d6071ddfff249fdfdef0c9a156ce0`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6374`
MD5	`1e23026df8239d742a69bcd937465e9d`
SHA1	`a57a00a378dadfdd5e2aa6fd6559a72111502848`
SHA256	`af02d958c46f5d80ebc0fbdbe261a081204ef1149debe285ff10cb3e68adf235`
SHA3	`cb66ec15e778dabec679bca84150df66fcb46e5f5812199f8179992eeab9a4e7`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59374`
MD5	`fc95700029c59e9d29d93a8ce7bbc976`
SHA1	`a1dbd0bf298e36394fa8690cf958f902bbdd22cd`
SHA256	`629a459cc83407b3e0478c588ace094da734a10565c7c24b53d6c70bbf0e8fe8`
SHA3	`b38e907c5fb021249ef2ae9560da599d16087d120bc151ec66e0a265120d35e2`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x67e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60598`
MD5	`ca3784a9130e2bd90e390d139e82f356`
SHA1	`a51de88ac06da661558676056970587eaf3983df`
SHA256	`dd4519df98631f525e614e9fea94d90f73b32d12410598df64314b90e99f9568`
SHA3	`4d75fdabcc7b4f0f1279b4fe4c2ec2a715f3e47f4b49ba25579ab41c28150ff3`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33675`
MD5	`630d3346a29e13da8ce29c4fe6ac35da`
SHA1	`59f026ba4c63e2ad0542fb47a60a935715059c52`
SHA256	`cb6e02ada1cd94496392810fe98420a37a9217cfc90ef661d631e138df7e6bb6`
SHA3	`9263120d601d57486ce894b0050239488e79e63c6aa8e32652944699d354ab66`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1994`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86954`
Detected Filetype	PNG graphic file
MD5	`cb703d20f2ad2c89243591370e640707`
SHA1	`96079de93e8b8e7f3cf869994df406b74a24d6a5`
SHA256	`6431a739937c38a83e4a347dcd5980028f1325474ddab7ecd803d1031a2569f5`
SHA3	`a940c44bf5a6fc716df2b739f0ad55d0e72d2d2dc6015e478699e994df6ef0d9`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20218`
Detected Filetype	Icon file
MD5	`ebaff9a06854fd834bf57a481d87797a`
SHA1	`ed257f39550351fca1237f579fe41047633eb61a`
SHA256	`569652f6c57fafa0832d2d0891dbfd9494a5331cbf4ff5709daf9955f66c70c8`
SHA3	`06a965b54ac8315e4bd79e211de6a3f089acd32ab4aaed42c8dcaf893aa7ac41`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x350`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44556`
MD5	`c21d88ca1a19becf1cb5a4ff44536f35`
SHA1	`ce1290e1049f3f2e18cf93ef9961d56da5d07113`
SHA256	`2dcbd5d061490714f6f0d873495e5f81f33436808f188bb387066986298acf68`
SHA3	`fc20c21abe80b249dae3f7071b7e714addb93e801b72bac3d0f23675ed0c98a7`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x658`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8216`
MD5	`83a281746c6a84c991fd38999e2be9d1`
SHA1	`a5952a3bd0ef5dc8a8e821bfdd2c3c497f698414`
SHA256	`b60b6ab7a292063f2195f646db2a7aa2462faf765029cddb9a9c98c140033877`
SHA3	`80471ad3530cb07ff3c483baabcc82fb46bfa8a85abbee16c1b9dd68500b8b6d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.8.14656.1
ProductVersion	1.8.64656.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	MobiInstaller
FileDescription	MobiOffice
FileVersion (#2)	1.8.14656.1
InternalName	MobiInstaller.exe
LegalCopyright
OriginalFilename	MobiInstaller.exe
ProductName	MobiOffice
ProductVersion (#2)	1.8.64656.0+d1a964fc05b85eabda1b61c3b5a6599ccc0d4cf3
Assembly Version	1.8.14656.1

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2086-Nov-16 22:34:56
Version	`256.20557`
SizeofData	`42`
AddressOfRawData	`0x309260`
PointerToRawData	`0x307460`
Referenced File	MobiInstaller.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`256.256`
SizeofData	`121648`
AddressOfRawData	`0x30928a`
PointerToRawData	`0x30748a`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0x324fba`

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.