Manalyze report for 1c74281c95cae35440c0f563645edb559ec5242173d44ac37409bde34293b9d3

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Nov-19 09:38:50
Comments
CompanyName
FileDescription
FileVersion	`0.0.0.0`
InternalName	test
LegalCopyright
LegalTrademarks
OriginalFilename	test.exe
ProductName
ProductVersion

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft`
Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: crl.microsoft.com github.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://python.org http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pkiops/Docs/Repository.htm0 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.microsoft.com0 https://github.com microsoft.com python.org www.microsoft.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`df1899b4d42ba4d2430f2a71aea5f73e`
SHA1	`bfa81f985c53f886d19e9f8589a8e17d35a849a9`
SHA256	`1c74281c95cae35440c0f563645edb559ec5242173d44ac37409bde34293b9d3`
SHA3	`583f989852784f4045636cab0b4b1fddcbef340795645040bc394858e4e29709`
SSDeep	`49152:r7c0DidsYrrK6AXoZjw5ZNggnPCGpwZLQ:rwsirAWwigPLUQ`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2025-Nov-19 09:38:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0x408800`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000040A7EE (Section: .text)`
BaseOfCode	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x410000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c3c875e989a064f59c81dcc31830e93b`
SHA1	`d769ef927e349e2766acca320b1939670e9e4826`
SHA256	`a8b4e4dc854264a2f3adf33d1f47504489b2e35d8f5d417fb9ece383369f1dd0`
SHA3	`527b38c774eec2f989b9e960d35aa8426c915168156f2a6ab93857b4488cab8b`
VirtualSize	`0x4087fa`
VirtualAddress	`0x2000`
SizeOfRawData	`0x408800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.13156`

.rsrc

MD5	`0ce8a6c5787788b86c5ba308aaec4095`
SHA1	`9e2ab1ab26269cba27491b5ae4800bd1ee11da4f`
SHA256	`e5d82436098d0948c13d665610efd8db2d900356bfe315c6568e09c447b184f9`
SHA3	`8dff0ac2eae690a7ac630bbd96568725da49eec2ee842668a5e9d9140812a5c9`
VirtualSize	`0x2d8`
VirtualAddress	`0x40c000`
SizeOfRawData	`0x400`
PointerToRawData	`0x408a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.31644`

.reloc

MD5	`6af870eec66b38efc5d21af498abe649`
SHA1	`1d2c49c6dde9b18612f921f83719c9ff57f9eba2`
SHA256	`20caf1191614d3d9a7ac4d3ee731a2fecc9960a5e81e84b1969ff2afa7197cf8`
SHA3	`3e78174ccc67de07d621a6d40b8d26e31121cdd2613c98b3939701a135e9ca11`
VirtualSize	`0xc`
VirtualAddress	`0x40e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x408e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x280`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16796`
MD5	`ca9c1cec523185f77cb09253751a5b81`
SHA1	`a07c6a5b797373362d52e06c9241b8bdac2e9330`
SHA256	`323c3ff9ed0a07ee90bdfcc621439244d49fc3c6b9fa40a92acbb5095856e380`
SHA3	`94c0ba2f204f1189c3eba9670a06c52e3be51620fa8562add57f39e45ee363b0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments
CompanyName
FileDescription
FileVersion (#2)	0.0.0.0
InternalName	test
LegalCopyright
LegalTrademarks
OriginalFilename	test.exe
ProductName
ProductVersion (#2)

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.