Manalyze report for 10ffbca709af8706bc3196c1df5a5df3116382ae136ea5ebf0c750447a27bdfd

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Sep-27 19:55:33
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: api.github.com github.com go.microsoft.com http://go.microsoft.com http://go.microsoft.com/fwlink/?LinkID http://go.microsoft.com/fwlink/?LinkId http://schemas.microsoft.com http://schemas.microsoft.com/XML-Document-Transform http://schemas.microsoft.com/packaging/2010/07/ http://schemas.microsoft.com/packaging/2010/07/manifest http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd http://schemas.microsoft.com/packaging/2011/10/nuspec.xsd http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd http://schemas.microsoft.com/packaging/2013/01/nuspec.xsd http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd http://www.w3.org http://www.w3.org/2001/XMLSchema https://api.github.com https://api.github.com/ https://github.com microsoft.com schemas.microsoft.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Info	The PE is digitally signed.	`Signer: Anthropic` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/70 (Scanned on 2026-05-09 00:40:43)	`All the AVs think this file is safe.`

Hashes

MD5	`cccde245c0932163c31245317cf8279e`
SHA1	`e01b10a4d9572c6ef117f8b1cc99836c89135a6e`
SHA256	`10ffbca709af8706bc3196c1df5a5df3116382ae136ea5ebf0c750447a27bdfd`
SHA3	`0bf760412a4da69c6b4b17dfc3a8e043cfc0cd914e162ddbff1a784151b1f081`
SSDeep	`24576:TWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9mEc4:at3UCiag6CKM2zCyZuOjJaxSS5qhlJ`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Sep-27 19:55:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x1cee00`
SizeOfInitializedData	`0x18800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x001D0C3E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1ee000`
SizeOfHeaders	`0x200`
Checksum	`0x1f1a60`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b3e9af21264c28a0d9ec76326b79c3ca`
SHA1	`37805d962cf1e0d257f4d2f3cfeb072f8b32248c`
SHA256	`bbf7ba6d22b31d2501d9dd010a918716e17fbf0e089c591e0d6a20d76587b928`
SHA3	`4ded1cfd85db6fc96f5d2819facb635b4c29467caf2749f82afa8506c026c76a`
VirtualSize	`0x1cec44`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1cee00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.8965`

.rsrc

MD5	`6ee19e0c8b31101b432f4fd937b55612`
SHA1	`2b8dc6496aa1c13d02b2989d81a86ac086df192b`
SHA256	`ed1999f8ab50f5b6bab744d08cc07c996a2109c77b70d0055f8fa68a8d2fb38f`
SHA3	`9aa23290b39d80091a4c346d68cc4b862aaff02eeea22692e3eee48a782afdc0`
VirtualSize	`0x185c4`
VirtualAddress	`0x1d2000`
SizeOfRawData	`0x18600`
PointerToRawData	`0x1cf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.22778`

.reloc

MD5	`95ccf30cfa4a47e6962a6915e518f6df`
SHA1	`4b8a79947d2f88a8bbea3756a2b79ac6af30a687`
SHA256	`e511b53214834d7cb84cb54dab21d2a415bd9b933e7d59598d5c793d4d256232`
SHA3	`13711965c2adf5b827aed88a5253a9a4b06918121c35ed843f926a2cc7db0437`
VirtualSize	`0xc`
VirtualAddress	`0x1ec000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.10355`
MD5	`5a97467b03e4657264ccbc6cb36e1d8c`
SHA1	`5111e41a4763ef9e78dcf5b51f5318a82d55e846`
SHA256	`2a336dab7571efd00caf7d0f83df9768fff01ead419eeea7461b38343390fa2c`
SHA3	`7cb425cb274263922e048a37fea6b700420fa90f514bf81cffe866c0496eedeb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39972`
MD5	`603604dea51f71ebebe23c98befafa6f`
SHA1	`e5d32540d81ed3d70248aa893894441712c6588f`
SHA256	`631d9ab6f3fba9e9e50f11d5c1a34d79ef32aaaa13225f3facbbae4b90bf0c8f`
SHA3	`357372befe8c437c9cdc7987f4bd3fa782ec7904def458d1889c91e8c5e96699`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15878`
MD5	`e27382642b6d2f1d7c46cb520f369587`
SHA1	`04b71f5926ab0065e3315868f1a47503c8e6d2d1`
SHA256	`4e497cbf17a992ed7e6afcf5ddeddbdc46c74ff5f8d4ab1df4af62216e191670`
SHA3	`23be9ca237caaa5155a55745c4747f488258ae8970ed561167c8d1443988e3f7`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45567`
MD5	`0c2933a05e167c35f83a2d674e70c50c`
SHA1	`310da27e37cdb29739589bc9e9e94eac03e22b3c`
SHA256	`6ab7b2470a864ac69069a37e66d2e79827dc7663bd97f2548b7d37afd9fc6169`
SHA3	`84249473f5dec50c5c11f98aca9f04ff23730340de12e5e5a6b9317e21b2b517`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.69975`
MD5	`545b5dfb2d41342958f3493d3383820f`
SHA1	`99d97fbb5aebe21cacc7a730f1ff63ab0f51570b`
SHA256	`7e2e3e9e094e72b680590dc304bfd158aa53dcac9e0cc4b9a92131f5d95b9c07`
SHA3	`92194990310673918dc78289eeb11738b4fc8c8c657941ce96344be66b7e2fb2`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb03b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98828`
Detected Filetype	PNG graphic file
MD5	`12f5225aa786966d042deac9fb7a11e0`
SHA1	`5f040ccd2aa218707b87bcde85e58fddc6cbeb11`
SHA256	`9c56fe2b44e1d0367b98c2c5ee2255aebbd7093902bffed36aa36e3431b40fb5`
SHA3	`0fba4e043916f339ae6500776f49bf3ef2155cd5a716c57a8ed8df05782bc922`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49452`
MD5	`a0a45e731c6d9e82a195d86d40e0d0e4`
SHA1	`c5f1df249c04828d470abc5fb943189d2a1a2161`
SHA256	`62d283c89db3b8f4a9a6122f95ccb05463ba4230a7364b18960436e2af7839a5`
SHA3	`eb46af25a3c084bb1bf6d6ec536220fec6625b3da24a2eaaa26164f9803b7216`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.5479`
MD5	`11acb44bf0e4aed25993eb2f293dda2f`
SHA1	`b408b317001f439348344cec06f3b2ed803ff998`
SHA256	`3feb52740d9778d3175584aec4bfa161ce6038deb508c8f250e88e7f4124d643`
SHA3	`eb7caf8f9a6a2368e8d707aaae89fed2e2503fef836091b71b2ad7954c59a249`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57293`
MD5	`2c4f26b97d78c26b364249c225de3215`
SHA1	`5f29f2769a031b0dfd706f48f1df10f661bf4012`
SHA256	`38e41093e3615b8987356195aeedb84e0dea619ec2a2625e3a947bc1e0bb7f49`
SHA3	`dc98e2ebf4513bf30f545dc1553c281ed44dab5c64e421ef5bb16770a06adad1`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.6775`
MD5	`80b98804aa927e7e28c43cce657a22a1`
SHA1	`40f5be6a42b8f6a82a576f41f4bb75124ffd46a3`
SHA256	`b57f619cbf9fe7a3b8561c5dda277ecd0686842cb40b63b5b44ead61474b9858`
SHA3	`0e4befe8cfc2106548e6470e25a1ffd703939ad6142ab24d65c211df55bdb5c3`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.81176`
MD5	`1a26e08db36e24cd76e4aa74121c621c`
SHA1	`6a926a45bfc6ca618bdaf58e1516fd39b571e549`
SHA256	`f1c0c3e95786f23c688c486d118d21e457447aa2276ae407d51dacb2da24019e`
SHA3	`8badd76fea3e820acdcafa233e13007cfc605d8409806c0a8d663aa3222686cc`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.86043`
MD5	`d6d3870dcf8c912a636bf4006140623f`
SHA1	`394195dd8e26f36459245e0b2dd631e0b2450bfa`
SHA256	`2b7414d146c15b58705c6e608cee698ded4ea9f4acb04527e53311360ca1b473`
SHA3	`7591778aa4762b44bd0f8e9d99fe19c04fd926e7fc0b64881ca8cac06c026a70`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84245`
MD5	`a9e448562c403909a60aa0400d8b46cb`
SHA1	`d36b8745e87fdceb340854e982add2d78fafde80`
SHA256	`4d1cad545d25a3c7d166f79832fec1ecade4e87e554a8b77e38be64d5e5fd579`
SHA3	`46a2e8d2f72d396b4ffb6f68060b7798e0a20f4a5e179116e79a50928cc7358d`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11665`
Detected Filetype	Icon file
MD5	`86ed78eb40b2be8e0f161e1a3f01311c`
SHA1	`a566435a193030bde13050f72226c1193f0d4ed6`
SHA256	`8b40e62322837463e9ed4b56616b92fd7561f7a79077c92a967d5123a7594c53`
SHA3	`598ecbd958881e068cec0929a0c9536d01d69de40705a48104c2ceb026f55782`

1 (#3)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38886`
MD5	`219fa281a732b49a25f44eb19047a2cf`
SHA1	`6bbbee2d16cf28e8ca805c704668672e10742cca`
SHA256	`5413aa7c03a33fe034523f26f0ea37fce02f1ddec08391dab41e3216a92b06a2`
SHA3	`3510860148a846ba4fcdabed0e39d12726ff8282538df5f425e96a51f7321989`

1 (#4)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5e1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14488`
MD5	`89620db116ab442a736809dbe09510e1`
SHA1	`5440749c5eeebf32e6c37dbc2c5bd755d4d7de2b`
SHA256	`f4acb86e3534d7bac91eb9f2c646055848d6a0dd7fb0e9a962e7588ac3e6ca83`
SHA3	`eca1705f0d44ced47a45ae082ba16e818863f30d7c9ca6625b4484de957ecdce`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: StringFileInfo expected, read ProductVersion instead.
[!] Error: StringFileInfo expected, read ProductVersion instead.
[*] Warning: Could not parse a VERSION_INFO resource!

Leave a comment

No comments yet.