×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date
2018-Feb-22 05:43:22
Detected languages
English - United States
Debug artifacts
RegSvcs.pdb
CompanyName
Microsoft Corporation
FileDescription
Microsoft .NET Services Installation Utility
FileVersion
4.7.3056.0 built by: NET472REL1
InternalName
RegSvcs.exe
LegalCopyright
© Microsoft Corporation. All rights reserved.
OriginalFilename
RegSvcs.exe
ProductName
Microsoft® .NET Framework
ProductVersion
4.7.3056.0
Comments
Flavor=Retail
PrivateBuild
DDBLD402
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info
The PE is digitally signed.
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA
Safe
VirusTotal score: 0/67 (Scanned on 2018-09-14 01:09:08)
All the AVs think this file is safe.
MD5
2867a3817c9245f7cf518524dfd18f28
SHA1
d7ba2a111cedd5bf523224b3f1cfe58eec7c2fdc
SHA256
43026dcff238f20cff0419924486dee45178119cfdd0d366b79d67d950a9bf50
SHA3
dea07fbac5585fa656579492fdc998b843457cacf476fc44b4f21b7a8453c214
SSDeep
768:bBbSoy+SdIBf0k2dsYyV6Iq87PiU9FViaLmf:EoOIBf0ddsYy8LUjVBC
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2018-Feb-22 05:43:22
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
48.0
SizeOfCode
0x6400
SizeOfInitializedData
0xc00
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00008356 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0xa000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
6.0
Win32VersionValue
0
SizeOfImage
0xe000
SizeOfHeaders
0x200
Checksum
0x122a9
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
52e3c8808ce4fc09d60c3d970e8ad64d
SHA1
32db2717ff3974842f917f5e9672f65cc43b7c33
SHA256
904cca696df8fb6cda52db4a610cb5accd3ac079124104e413cdf39e26069387
SHA3
05dbd27649acc50c639f0caf3386e53f3877994a41d231d22cc950f05be06f19
VirtualSize
0x635c
VirtualAddress
0x2000
SizeOfRawData
0x6400
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
5.10646
MD5
6a973df493ca87828c3bd9aa53c20fa1
SHA1
c9c322ffaae515fc8102cc71911178de781ff43e
SHA256
2f14d26b7a598d81c1dc6ad3dba2945e85d21210b7c7cbae25ed43132958cb1e
SHA3
e98fefb505f56ffeafd0bcea88ca69a1f8ff4c4fa87a98a20a7e45790b5b3be9
VirtualSize
0x938
VirtualAddress
0xa000
SizeOfRawData
0xa00
PointerToRawData
0x6600
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
4.36126
MD5
15d36e316cb9f1712da33d94556e8b5b
SHA1
963b23b29f68c55404c19d5428524a88ca8ff908
SHA256
b669ae0f2b7f2634ea091b1e216d7e5294eb3974465a960fad195258ee739219
SHA3
f167a5a174fbc6c0be16c931ef19b78a096fa591eacadc13b16cae233972db7a
VirtualSize
0xc
VirtualAddress
0xc000
SizeOfRawData
0x200
PointerToRawData
0x7000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0815394
Type
RT_VERSION
Language
English - United States
Codepage
UNKNOWN
Size
0x400
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.50305
MD5
23c632b898fc82b14060bc7d63e50753
SHA1
011eb944f720678ebc9ffc562f6c4ca89de7fcf9
SHA256
2cda3b440d1224978b076765143b19c4b5ab53d2414b33d5ffa8a4a380200797
SHA3
3337d4c75f08def428de4414179081e8926f31261fdc0d289a2a252793adb767
Type
RT_MANIFEST
Language
English - United States
Codepage
UNKNOWN
Size
0x494
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.69746
MD5
c9e50ca0afbc09b67f31c37fff6dd77a
SHA1
b8c591859a2d5f9c736c6afae4907b8a003f8c03
SHA256
d48dbfc67fb19651347f11b98121d3bc6aba6d5c33c84e1b40a2c5b55633d5ca
SHA3
2a45dd5aa2ba790f897c39f0dba17916066fed63d52a7be949d62b8b3f7efc21
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
4.7.3056.0
ProductVersion
4.0.30319.0
FileFlags
VS_FF_PRIVATEBUILD
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
English - United States
CompanyName
Microsoft Corporation
FileDescription
Microsoft .NET Services Installation Utility
FileVersion (#2)
4.7.3056.0 built by: NET472REL1
InternalName
RegSvcs.exe
LegalCopyright
© Microsoft Corporation. All rights reserved.
OriginalFilename
RegSvcs.exe
ProductName
Microsoft® .NET Framework
ProductVersion (#2)
4.7.3056.0
Comments
Flavor=Retail
PrivateBuild
DDBLD402
Resource LangID
English - United States
Characteristics
0
TimeDateStamp
2018-Feb-22 05:43:22
Version
0.0
SizeofData
36
AddressOfRawData
0x81e8
PointerToRawData
0x63e8
Referenced File
RegSvcs.pdb