Manalyze report for 0bea180008821064553f926b220b662dcf9a8947cc65b3c7ef9c5dac030f056f

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Jun-17 11:42:15
Debug artifacts	e:\documents\visual studio 2015\Projects\GatewayRAMTools\GatewayRAMTools\obj\Release\GatewayRAMTools.pdb
Comments
CompanyName
FileDescription	GatewayRAMTools
FileVersion	`1.3.0.0`
InternalName	GatewayRAMTools.exe
LegalCopyright	Copyright Â© 2016
LegalTrademarks
OriginalFilename	GatewayRAMTools.exe
ProductName	GatewayRAMTools
ProductVersion	`1.3.0.0`
Assembly Version	1.3.6012.22867

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	`Contains domain names: Maxconsole.com github.com http://www.maxconsole.com http://www.maxconsole.com/maxcon_forums/threads/293584-Tool-Gateway-RAM-Tools https://github.com maxconsole.com www.maxconsole.com`
Suspicious	VirusTotal score: 1/68 (Scanned on 2021-05-18 10:42:35)	`APEX: Malicious`

Hashes

MD5	`c3c063fd5df76c1be35a38e0b8c10ea6`
SHA1	`ce74a71465d3aa3b8bbf26f43aa0dc68e6f5cd7f`
SHA256	`0bea180008821064553f926b220b662dcf9a8947cc65b3c7ef9c5dac030f056f`
SHA3	`07eb86c8e0d619427735fa722660b084290eb5ed39fb09eb1b31e8c7fb3ea1c0`
SSDeep	`3072:nS/ngArJRnyYAYrON79GL/1wrt3WtB8/GG49GL/1wJ:IngYNyzSL/1wrtG8L/1w`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2016-Jun-17 11:42:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x2a400`
SizeOfInitializedData	`0x12800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0002C1EE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2e000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x44000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`39e273d9e7bd86bc6bbc994a96efd53a`
SHA1	`794b090818ecabf93cff7299ad79734080be1994`
SHA256	`5caff024d131bdd3096fc816056856223eda00930d26aa451574c01a0d8c1a49`
SHA3	`fb3cde89aef44827e5f2a79f030f89cb6f19b9358ee253c597c956461f101093`
VirtualSize	`0x2a214`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2a400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45074`

.rsrc

MD5	`d76fd703756a56c033b11dcfc3a174ad`
SHA1	`aaf8304c4fb0d4144451d963918fbf0498bd0f0c`
SHA256	`9c1ee7ad74f9b1c7a0ca06e723cc15d744f5ddaf8f21d9ef6003b13dd5c4240b`
SHA3	`1b0d460d6c6116eddeeafaa7919337a70d9175fd7e6b5d9996a9a692a9a2828e`
VirtualSize	`0x12444`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x12600`
PointerToRawData	`0x2a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.96093`

.reloc

MD5	`33da17905ac1baf3e327c11b9345ea84`
SHA1	`df239df793731774b602aca5bac3ce38ee54195e`
SHA256	`c6602ad8e407c6395efbc3a4acef3184fda3acbd2fed41bd0468f67ad1b20ebd`
SHA3	`56f5bba67d90d92c3843863e57627f9f80a25616eb89282425a43186e0152296`
VirtualSize	`0xc`
VirtualAddress	`0x42000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.97872`
MD5	`c4249b971eb7de17b8703b1825401079`
SHA1	`6998b601c5a092bc4146f7805230ade1c550ec1c`
SHA256	`5c383a50897fbbfefbbdf9650d4114b245bef407f55abe952821b83adf78f671`
SHA3	`3cda3ebb824f7ce1f58473dfdbc71b86d27b8693c474840535df7dbf914cf86d`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85926`
MD5	`5df4b4168af7d2892fbd3f254a378897`
SHA1	`8e6f4f81f15419a9e065058067725febd90a259b`
SHA256	`c9bc5c6775cf0820e2fd775d5c35f61a14c4168b0d52c023ebc278ab7777a42e`
SHA3	`2715af718d61cea0de8c3a8a1c973f8b3c1297d3935384bc81b4bdb70fa29081`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.81581`
MD5	`77e3dffa951bd3c7ec1b42e0977d838c`
SHA1	`857f9d52a5bf8b5735d2f3cbf5505d487810586a`
SHA256	`96b94a9de9fcd6c3ce37965fff72388085b4299f6fac1b71e2a33301aac1b6dd`
SHA3	`059a5778fe18bf6a00b9791b645e610c400e92585714339c1f5d253c6719e9f4`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.5451`
Detected Filetype	Icon file
MD5	`d6ad39240f74d025cbfffe5b9570a615`
SHA1	`513601392b43dd7ea7a28c2563a1d65b54e9e21c`
SHA256	`1e7738fd6ac03092ff2f204d6d7c6188f7a5dd94b820b799cefdbcfecd01face`
SHA3	`6f1c4c243cb504c60f9facc8495ee5fc7504765a4ed48f50f655bfd46fcdd0ca`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39073`
MD5	`6d7ee400f4d2a6060d697e848171d5f6`
SHA1	`355da3380de8c1d932bb2111eb0b58835226500f`
SHA256	`adf07b96d7e7ff687f873652ba399e3f2895684a5f980d4f90943253db16e3d2`
SHA3	`e76bcd0072f3fb05b3a3428cdb633476c56954a404ff49687f12da1b2788fb0b`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.0.0
ProductVersion	1.3.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	GatewayRAMTools
FileVersion (#2)	1.3.0.0
InternalName	GatewayRAMTools.exe
LegalCopyright	Copyright Â© 2016
LegalTrademarks
OriginalFilename	GatewayRAMTools.exe
ProductName	GatewayRAMTools
ProductVersion (#2)	1.3.0.0
Assembly Version	1.3.6012.22867

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-Jun-17 11:42:15
Version	`0.0`
SizeofData	`129`
AddressOfRawData	`0x2c118`
PointerToRawData	`0x2a318`
Referenced File	e:\documents\visual studio 2015\Projects\GatewayRAMTools\GatewayRAMTools\obj\Release\GatewayRAMTools.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.