Manalyze report for 1bb7f5b36bfc96f0d8f5ad2aab4c493c

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Apr-04 22:21:22
Comments
CompanyName
FileDescription	WindowsFormsApplication1
FileVersion	`1.0.0.0`
InternalName	WindowsFormsApplication1.exe
LegalCopyright	Copyright © 2016
LegalTrademarks
OriginalFilename	WindowsFormsApplication1.exe
ProductName	WindowsFormsApplication1
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: adobe.com http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sTpe/ResourceRef# http://www.w.org http://www.w.org/1999/02/22-rdf-syntax-ns# ns.adobe.com www.w.org`
Suspicious	This PE is packed with VMProtect	`Unusual section name found: .vmp0` `Unusual section name found: .vmp1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`1bb7f5b36bfc96f0d8f5ad2aab4c493c`
SHA1	`b1a4c7eab00b7c1403558bbdc908b3c0b155c82f`
SHA256	`3f2a3b998a1bdcaba1245327e0f34d4657706b9a4f2d057d45a48478ab528bc5`
SHA3	`1c27c12a003d6c7e43357183573d6c4ffda3a2ceaa8fa12a0c02222d09bc33cd`
SSDeep	`786432:WStoKyrF7eOK3lilFI+1h8qLnjzXDKKpECLx:NgsOslWFI+Ienj/KKplx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Apr-04 22:21:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xe4e000`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x01B1D406 (Section: .vmp1)`
BaseOfCode	`0x2000`
BaseOfData	`0xe50000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x298e000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe4de74`
VirtualAddress	`0x2000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.vmp0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x14c2`
VirtualAddress	`0xe50000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.vmp1

MD5	`4c00ae5ab37c594ae7c166c61785ccd5`
SHA1	`c66e1f528254bde4bfed2b82db5911850869f65a`
SHA256	`bdbc529c92b8507feb740c017b615ce8c2f2c83a09b19c7ba3b6e23322f16a3c`
SHA3	`9b76708ad197c43e4ec353a5ddf967163077e402e7951e1f757a0dbdd0d4c456`
VirtualSize	`0x1b32fc0`
VirtualAddress	`0xe52000`
SizeOfRawData	`0x1b33000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.90724`

.rsrc

MD5	`f63c80d74b4d0f7106f2e39c4a6523dc`
SHA1	`b253e0a87d8e6cf20a50c96e3fbef1e44254ad15`
SHA256	`5810e70d6b7da8d43bd68ea5f4c8fd79564680d201a1f30b562beca86060cce9`
SHA3	`99f439a5d8d25bc8c46d4b467ce722b6d3e9c97d171327a94138b8a6acc00b94`
VirtualSize	`0x4204`
VirtualAddress	`0x2986000`
SizeOfRawData	`0x4400`
PointerToRawData	`0x1b33400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.13931`

.reloc

MD5	`4a1b5a085bbfcc3cc309e613d99c38ae`
SHA1	`5755f4e2370f64f8ab84829b0dca359595da3555`
SHA256	`0a1eeecf7b1208ee544666a1c8df1329f320698c7db95114b6b2c8934f7669b7`
SHA3	`36d9b5b3fbff3e228eef0dab46752c6a05f4b58759f218531f0b988f3c60e969`
VirtualSize	`0xc`
VirtualAddress	`0x298c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1b37800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.142636`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2463`
MD5	`aacce8e9998a381ec6d854023f9c5622`
SHA1	`526075e18efc06ccb7d91d1e40c310a5533c599f`
SHA256	`fa10d7988f54439606940aa190ad46cd04785b66005b04126644b2ea82145e84`
SHA3	`4e43ef1ef4390c6dedc366f396673aa83db38ba1a8e41cf24de2f1e6d9f16776`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.14178`
MD5	`e410907089b9ca8ad3336d858aeee270`
SHA1	`a1a784c46363d77384b981fb70d41ffad2b49435`
SHA256	`a46fef5b124fe6f93cf9253a110e5b32f473ad66eaa015a462bd2474b71c06bc`
SHA3	`d35b77d8e89690f543e6aa0cb6fc17fc52dbdf671f62829677e8463639499aa1`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03469`
MD5	`b78ec74eed65db603da9df2fb0ea9cd0`
SHA1	`fba49e1d4c7ade2b4662bf97c95e17acdbe534d5`
SHA256	`00ba40cc060052d4d239372f1e116789f068023c142a7cf5527d23cd0b1298d3`
SHA3	`9d6cf881338e4cf845f0b9c2f49d4c20e40fe25772e1cbd52e79b9dbeb80e1b1`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`409e1724611e0bc39356e2f58888db55`
SHA1	`c06c0e66cc2f7956256e2f018aa0294bfa914960`
SHA256	`6ab18c3b81a5d30c5a190a4504cae807d73b1a4d02d56ffddf641abbb62b7210`
SHA3	`315b2ad40793f4ef885ff4c878169b02c62f619b57780a98a76c8538cd0ee5c9`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x39c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29724`
MD5	`0778a77796269842b61d974e34760e9f`
SHA1	`b476a716d6b5537c117f674f847d4abbe6fcdd82`
SHA256	`d5f28d6318ae966665df68bc63c4b243c890d82738888c491a07edf054a12ff1`
SHA3	`4e31a0a04008b1ee33e16c8645bc9f65e55286577f4cf963bfa8c82e3449f96d`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	WindowsFormsApplication1
FileVersion (#2)	1.0.0.0
InternalName	WindowsFormsApplication1.exe
LegalCopyright	Copyright © 2016
LegalTrademarks
OriginalFilename	WindowsFormsApplication1.exe
ProductName	WindowsFormsApplication1
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .text has a size of 0!
[*] Warning: Section .vmp0 has a size of 0!