Manalyze report for 2589a94afcb1bdef6f8f2490936ee6679eb4ee94b39f5bf392042f2b89530a6c

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2101-Feb-04 18:54:50
Comments	CleanUp
CompanyName	CleanUp
FileDescription	CleanUpfile
FileVersion	`7.3.1.0`
InternalName	y.exe
LegalCopyright	Copyright Â© 2026
LegalTrademarks
OriginalFilename	y.exe
ProductName	CleanUp
ProductVersion	`7.3.1.0`
Assembly Version	7.3.1.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft`
Suspicious		`Unusual section name found: .U\m` `Unusual section name found: .5g!`
Info	The PE is digitally signed.	`Signer: Andre Fathurrohman` `Issuer: SSL.com Code Signing Intermediate CA RSA R1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`b549621403dd75f6235aa2792b6dab78`
SHA1	`009a8c7609876869a58e19f97ee214d439e82918`
SHA256	`2589a94afcb1bdef6f8f2490936ee6679eb4ee94b39f5bf392042f2b89530a6c`
SHA3	`4bd148612223cb4dacb9938c329b65962cc6f3e65c44e4198462bffe8b494f63`
SSDeep	`98304:ZJeBYb27mQN+mKqZv0ayw41tX7pshYiy9D4KiULC3HvT:ZUBYb27mQAmfZv04UtFGYiy9DHigeT`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2101-Feb-04 18:54:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x2600`
SizeOfInitializedData	`0x2ae00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00004492 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x49a000`
SizeOfHeaders	`0x400`
Checksum	`0x4980b4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ea53dc72980665627f9ad0f9b274754d`
SHA1	`1dbc343d38009c02c22cd13d2ceaa38952edb532`
SHA256	`b431cd7a8a9ccc577a7a75e6c15a81ca9ec0d5071ba58e5cbddd51c17e329282`
SHA3	`f4baffeea4f6cd740e65071e2fb32bca7d99f4df6a430e42e2b6db3f2a8ace7e`
VirtualSize	`0x2498`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.75314`

.U\m

MD5	`f0654f29e2e92ccbe216a9a4bcc50d7e`
SHA1	`92eb85eb324d3ac2bcaa5b796fe729fdcd3730d0`
SHA256	`2d764118dbd832dfdd8d48236db0156d3ab9c2024a5829a833d269307cbc318d`
SHA3	`5d940e502cc59072110f22be9c8d672d7abee2fbb1ff1d857717192309c8c36c`
VirtualSize	`0x47a95`
VirtualAddress	`0x6000`
SizeOfRawData	`0x47c00`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.64638`

.5g!

MD5	`072912dc650ed2b384169cfded89ccfc`
SHA1	`038791776f10add530b0033175a76119b615f6d7`
SHA256	`5179aa3f873e57093c810b6167a3a121543225dfaf5adde5db724c1e1299bdec`
SHA3	`2567db317c2424fbcfd4503a2630ec34cd636c8567ff6c5b329cad74a8b23ee2`
VirtualSize	`0x41d5b4`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x41d600`
PointerToRawData	`0x4a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62271`

.rsrc

MD5	`f2e0df6b8f1183731842a060dcc78956`
SHA1	`d00ca2d69f350da0536a04346d7738a9dfd9baee`
SHA256	`e8da945991beb3aa16a5402e58596b241ae58e0fab4afec4bc556d9f32e01b15`
SHA3	`4b4d4e4a4b74adb3563933df84d114b2169a10df9b3c2b8493664057091a2604`
VirtualSize	`0x2aa60`
VirtualAddress	`0x46c000`
SizeOfRawData	`0x2ac00`
PointerToRawData	`0x467c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.41529`

.reloc

MD5	`f7abf0032dab2bf82ccb31a6b1e05fc2`
SHA1	`5da89e03771c11f9b6b5ffd26dce849c3807fd61`
SHA256	`5dd41ca85c8d50128e4613d2002911f6f3e3b612d0b3522ae046c084dadeeaf9`
SHA3	`621296a529961db14d396b95615a9c68016ad27655aa3921be02ba79b33344a8`
VirtualSize	`0xc`
VirtualAddress	`0x498000`
SizeOfRawData	`0x200`
PointerToRawData	`0x492800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a67`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.93672`
Detected Filetype	PNG graphic file
MD5	`2503fd74a2d5f18bc1c2a1e5feb24d99`
SHA1	`5ae531baa34b0cace76a95a33361f4095a570909`
SHA256	`d68550cd334b985c43e6f2a6e91b651bb1f829ed1352d27d6dbe530c213b9a01`
SHA3	`f8d3fed9d1f4ed80267e66b650b41d07fcf7f0333d0528fc1947e89fd73eef59`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.13281`
MD5	`35af270973b7b09a071fe173e8cb8083`
SHA1	`698094dcbdd3153f1ea5fc88e03d25afafae3fc1`
SHA256	`4228a231285b318f40ae4dd2641d53f79c668698e604211f6b20a84d848def1b`
SHA3	`7b56febe742911792a5571a41f612d041cc23eb337ddb5071a4d9fa1f29e28bb`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53219`
MD5	`5858ac24fcc2b245e836001be78b6199`
SHA1	`ff56bb5e7cdc384991b0475562c1a672ac9a18fc`
SHA256	`bcf10ed300bc2ed1f878f8694b555b460c34ffb0d74ca1e43125cea1118880bf`
SHA3	`0c10efc3419dc2c2169cd2f414c4486752d009bc2b3b53125f24f2f84a3fdfdb`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55907`
MD5	`a53c88d7040349edcfc27104b22f1552`
SHA1	`e3c55520b52a266d5aa626cf5d7cb0befc986cf0`
SHA256	`a8d1617afd0d3873cc1673cfdd10b657e139ded17cad58d6564d69f4b36e4da3`
SHA3	`4ea7d43719ea299dcaf0de4367bc6ea92d739b78674f41f2c1aced06178d869d`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14483`
MD5	`8773f31072954691f0dab15e503cdbd9`
SHA1	`7536d68e5b1a0bafc99e729a92fe22fe63160248`
SHA256	`2ba296877ab4dd8247bf3acc014a24ce9298b7ba926ddbe34c4a0466a1c1b81c`
SHA3	`22a93cf3dab88b9da693187288ded8fe65d164e2fdee4d6342a8708500b6527b`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1562`
MD5	`546b2c68da82a8537f2883d93bea58d1`
SHA1	`a5f03b51032c723a8d25fc6cb7251f8c06840853`
SHA256	`4279449e7efca60b05808ce4eeccfceef1d7741b0c21346566f329fcda3ea542`
SHA3	`ac987b4cf8e04a5c0b530ebe7386fbd4ae04b07e0ee270ee3dbd56442850ba11`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03196`
MD5	`64a339e0323a998c0ba69989bf266836`
SHA1	`cee4e625b69636753a1a02eca0510aabdcedce9a`
SHA256	`0ec1ce8ea5a604c6804c5dccb6de01b7ca553b12934001a23ca63795cec3e1ce`
SHA3	`9c45e1c6ab2736d8df5a1cc5acde4c04360467e19a816b0a507ac15410cfa2ce`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46773`
MD5	`6e7e6702e9f3b1828645dd102e000a31`
SHA1	`924be877c63602f8b2c6021ceee680ff0659abc8`
SHA256	`87e98c652f0a7f23ee6bde462b05cdd0c2db6b9509190c793d145d9714ec0062`
SHA3	`dcfa8549a75af44667b0163abcc12f8b737e520b62ad5fb8f89056f7e747b38d`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.64694`
MD5	`3ca9bb502d2349bab5aec84a9ece45fe`
SHA1	`9c1663fb333960b69536727fa330cd795a2e9168`
SHA256	`2e89ca3d8de0a369ca14f0027ef981f60852b2892e49a1d5140663c5c949af15`
SHA3	`34dc8a9bfdcb640fb41ac4708133926c50c969d56ac9e4ee2dc3edb908c72e7e`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03466`
Detected Filetype	Icon file
MD5	`a141c71f20c4dba67404984412303343`
SHA1	`223c2aec94900c4b7b1c3fffcc2f0162a7048e3a`
SHA256	`54d76050b288521fe654dc010bd56d0ac6e4193d7425ab93ae0122d8dacacd9d`
SHA3	`8c6b24445f9cb5be70a9405130c29be1d4c110abfc70c46d67acb47955d7ac56`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34698`
MD5	`4b0775266c38ec8e09f100e4ef818ff6`
SHA1	`5f3ce63f28a0ad54adcae1bcafecf07adfe491bb`
SHA256	`259630ec6acd398dd679b2be6b08ee8e304dd8fdf6e83ba4ad555ab830fe0095`
SHA3	`a6cbd7cd50f6a46cde9a478fa8aa884486e5bc0b7d0a6dae7709e5a26e6d0e99`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	7.3.1.0
ProductVersion	7.3.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	CleanUp
CompanyName	CleanUp
FileDescription	CleanUpfile
FileVersion (#2)	7.3.1.0
InternalName	y.exe
LegalCopyright	Copyright Â© 2026
LegalTrademarks
OriginalFilename	y.exe
ProductName	CleanUp
ProductVersion (#2)	7.3.1.0
Assembly Version	7.3.1.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read PDB file information of invalid magic number.

Leave a comment

No comments yet.