×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date
2013-Jun-24 19:32:43
CompanyName
NETRESEC AB
FileDescription
RawCap
FileVersion
0.1.5.0
InternalName
RawCap.exe
LegalCopyright
Copyright NETRESEC AB 2013
OriginalFilename
RawCap.exe
ProductName
RawCap
ProductVersion
0.1.5.0
Assembly Version
0.1.5.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious
VirusTotal score: 1/69 (Scanned on 2019-01-11 18:53:11)
Trapmine:
suspicious.low.ml.score
MD5
0d7a08e7f58bfe020c59d739911ee519
SHA1
c427933591274c97ad00516ab91454c9ea71c5eb
SHA256
f6917fa47ce498af0dd840e1467c29c1701dde0a850009ae7523f554b12ad379
SHA3
fbad84f0c9f4fd7885729633f468cdf16029fe36c5527da25664bea19d256881
SSDeep
384:4hhCzKWJ+QbGt8UpJSj81FnU6boLNqbag/MDyNfn1AB+CzYcHe+m:ChCa8YFxbI/kNABfzYcHe+m
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2013-Jun-24 19:32:43
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
Magic
PE32
LinkerVersion
6.0
SizeOfCode
0x4a00
SizeOfInitializedData
0x5800
SizeOfUninitializedData
0
AddressOfEntryPoint
0x0000693A (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x8000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0xc000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
100f4eec0ea385dd232a367771ec2041
SHA1
f724ad12fc8c93b0bc2f2c6b442854570a5aa4f0
SHA256
adb5dff08ec4a5ca32c17f052f049d89e3e85b125ab2adebcd0854f07678349d
SHA3
21b3475b2349fc78e57b7cbf09f7775ab48c5c167f2122f7a76f659c45665700
VirtualSize
0x4940
VirtualAddress
0x2000
SizeOfRawData
0x4a00
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
5.98309
MD5
2537474412496456e450e19e02d4bd0e
SHA1
c89c59811ba27a03b72b5a46fba29dfeb0f55c62
SHA256
e56c2e964e85054a9ad74987b77e96c9210f277d0a4d3753244c0707385334c1
SHA3
e623631a8959a3d5b2293f124e91b9bb47a87854167fb7fd4d24236c4f13c8e1
VirtualSize
0xc
VirtualAddress
0x8000
SizeOfRawData
0x200
PointerToRawData
0x4c00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0815394
MD5
783d954df32ae2d2b646dfc3e9584132
SHA1
46d6c118ce2d8a63ec6dd369f7e5d6c9229af97c
SHA256
f37f0cb4a10d6675a0484a79d20cd7c3d44d3ac990436c68651edaf33a668ab1
SHA3
fb1bb865a237823383fc32744470342a6757eff0a40350b3d5cf25b0277128ea
VirtualSize
0xc6c
VirtualAddress
0xa000
SizeOfRawData
0xe00
PointerToRawData
0x4e00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
4.6624
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x2ec
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.35116
MD5
8955931a25437b39630b01f54e7d28a7
SHA1
67b09b166b5ccb6d30ccb0c8e00c1472bcada76b
SHA256
444229f2159de41cf35ff81686445cc01ea3ac9cf533032a618a6893ac85bef2
SHA3
a82a6888e9ac36a6b9f615ebdfc6cf96fd4bd9cf93313f3ecf54c28b742b7289
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x8de
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.94274
MD5
82312969f8bd80ed78f48b1f155bc184
SHA1
71742b1fa6c9a5f5352dc71aba13f45408ecdbb5
SHA256
de573605851f560ebe913b6e3b4f06d88b8c805d4123d1d39cf4f2c9ddc9512f
SHA3
106a19735c8430882b8ba479053177bf97025e64d6785cba0e3f097dc155b706
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
0.1.5.0
ProductVersion
0.1.5.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
CompanyName
NETRESEC AB
FileDescription
RawCap
FileVersion (#2)
0.1.5.0
InternalName
RawCap.exe
LegalCopyright
Copyright NETRESEC AB 2013
OriginalFilename
RawCap.exe
ProductName
RawCap
ProductVersion (#2)
0.1.5.0
Assembly Version
0.1.5.0