Manalyze report for 1bb809dabb389108ac874eccc32e65d8

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Sep-09 16:19:26
Comments
CompanyName
FileDescription	Espião NF-e
FileVersion	`1.0.0.0`
InternalName	EspiaoNFe.exe
LegalCopyright	Copyright © 2012
LegalTrademarks
OriginalFilename	EspiaoNFe.exe
ProductName	Espião NF-e
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	The PE is possibly a dropper.	`Resources amount for 82.3873% of the executable.`
Suspicious	VirusTotal score: 1/70 (Scanned on 2019-10-08 23:06:37)	`APEX: Malicious`

Hashes

MD5	`1bb809dabb389108ac874eccc32e65d8`
SHA1	`2aa4eb52e1becc69d83f85b653092937460dbbb7`
SHA256	`5036e7911b0a0dc790d83132f3d19d91a4a4e52add8a3689bdeba9ba3ae98840`
SHA3	`cb3664293a8c4d7e3958233d2b1975cbe2329cececeedd2f97c8edc84fc89a91`
SSDeep	`384:ZWDEdkomVQDmox1FVYcQyRDTe0HrrR+hVTuBLPl0puJ2a5W:7dAox1jYcQMe0HAhV6ZPAuJ5W`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Sep-09 16:19:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x1600`
SizeOfInitializedData	`0x8600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000034CE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b7bd3adf881670ede7e89b459534f098`
SHA1	`a17455359840543c1a43a20761d5c8c55351d80a`
SHA256	`f56ae76db1ec5ce4c4031189fe28c09ae71c85c82168885b9b94ad0879ac0758`
SHA3	`6a0502c5b52e091b350f01d19ba16ac513d42ca012a2d8ef6be7adc49ee43fdf`
VirtualSize	`0x14d4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.16103`

.rsrc

MD5	`c0daf2ddcddbe953c9fea32936184357`
SHA1	`d9b60f534057f2b1c8d9aa53502cd18ce86a7be1`
SHA256	`81e525804d70471b5eee987edca39edd28eb48b499450c12fa9b5542b1b86a51`
SHA3	`f810df65ccd437c3f38432f5984c7751575d0b938bd5afe46dcb5978525ef417`
VirtualSize	`0x83f8`
VirtualAddress	`0x4000`
SizeOfRawData	`0x8400`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.41321`

.reloc

MD5	`0e9cfe8ce65478f0a8bd7f8ca211b642`
SHA1	`93982c172b1a12c793bf73c89a9ea0c339e36a34`
SHA256	`9c478e5fcd097863d89557cd540f54598fdc9bc850b80390e1276c8fa475d0a0`
SHA3	`a35526fecf1941624ba103261bf9db2edec16bf3151e3c162da754cc07130dd6`
VirtualSize	`0xc`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73151`
MD5	`21288405bc6c5cdf9d3c1a8ace7cc504`
SHA1	`1fdec0b51ddf2086d456657b302aa22b54c462ee`
SHA256	`78ab02234aebf60209072b45e57c0ccdd2f6848f8437d01f60eacb1dfa83c6a0`
SHA3	`75529bc18b2631c58b39353085afd059a77cd39fdd1289d29b7db0cbfc90a48a`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.36927`
MD5	`e3b452c7edfdebf5503bd537c8ab930c`
SHA1	`b12a3107cc61acfdbec4dcd73e9db29c3c959bd4`
SHA256	`2d28fde46c05b9911d0451da31631f5ec4c2f6585a651de2e9887d90f987c6d4`
SHA3	`d31d1ddfdb2d82b3247704552f2084deae069e715355b92c2356f4995e51cfb3`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.41012`
MD5	`a6c1017ce1792df623e7c0f916ec8923`
SHA1	`9f188124353b95736f977db2f67ffd4263d8db56`
SHA256	`ec764ebbe5f1db20c7de2dc1827d723fc04ac2074f2ab8708d75596dbcebca0e`
SHA3	`1bd70f1b455eeff9d7a60508ff1ed978fced9c056a52b9b92def50b12c967194`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.02399`
MD5	`e9aec161077553a65b0da524a32caae3`
SHA1	`8f284b395728a18086d8a52f22a34e983a9f4726`
SHA256	`b613747e750b5e463b7da74fd4215b90c258147c2ac13894d7f6903bdfd6b9e2`
SHA3	`51492b29feb812ca19b92d1b21da53b6e9a2899eb539dcda45c92e2574a29566`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62308`
Detected Filetype	Icon file
MD5	`bec82d9c5028d979a420e534950d6233`
SHA1	`e1bd3221bbc5ba3e8172dc4e58089198b2ff4347`
SHA256	`0885230f1722c42fe74e368066038da27b8391506ba1582add2d240e41b30ab1`
SHA3	`c6629df6bbc335ec2e5c14a509e058afe8ca773892a9aa4fc96ba37eafef2cc7`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29328`
MD5	`55aa91d6acac29b9531a301f99146fb5`
SHA1	`28c4aceb9277537fb9a10d45ab46f9f9c2ff671e`
SHA256	`0ace2b3edb2b4027632a4b9f646d472e966f06c5ba58f389a11916b0248b41c4`
SHA3	`ed7d7d4321653a3fd85719e4115991e29a3f6067b9b0beb3bcfdfe1993540e35`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	Espião NF-e
FileVersion (#2)	1.0.0.0
InternalName	EspiaoNFe.exe
LegalCopyright	Copyright © 2012
LegalTrademarks
OriginalFilename	EspiaoNFe.exe
ProductName	Espião NF-e
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

1bb809dabb389108ac874eccc32e65d8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors