Manalyze report for 2dff9e01d1c7aa60596e46499719fccc0c919d07cf1e2f7cc7b713ae3ed8267e

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Jan-05 08:56:09
Debug artifacts	C:\Users\901563\Documents\Visual Studio 2008\Projects\Setup_eFA\Setup_eFA\obj\Debug\Setup_eFA.pdb
CompanyName	Microsoft
FileDescription	Setup_eFA
FileVersion	`1.0.0.0`
InternalName	Setup_eFA.exe
LegalCopyright	Copyright Â© Microsoft 2011
OriginalFilename	Setup_eFA.exe
ProductName	Setup_eFA
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious		`Unusual section name found: .sdata`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`236d7301353d193c8701ca776e883f24`
SHA1	`ec84d361af33981b98abcb28387ad0495120272c`
SHA256	`2dff9e01d1c7aa60596e46499719fccc0c919d07cf1e2f7cc7b713ae3ed8267e`
SHA3	`da80b0d47dd30f6080f9d37f46b1ac88b77cffc604d47b08e6e533bea21f71a2`
SSDeep	`768:j85GZYrFMNP2hO2ZPCYiW3uNONGqUglR4BcPD2XkpHVbH6:jLZYr1O2ZKYV3uNONIgleBYKXkpk`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2017-Jan-05 08:56:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000BF1E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x12000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`817d44d1d382a2581f9608aa801a4188`
SHA1	`5b49733883226ba075ac2c899ebf67e7257666ac`
SHA256	`9dcc592f8a8cd2cdfb14722dd762cb7d5a2451dd57a2110c7403669fa00030bf`
SHA3	`a4da9eeba950006367ea63f30f5fad310acfd7cf4aa234ad39285ea3d65f2f4e`
VirtualSize	`0x9f24`
VirtualAddress	`0x2000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67527`

.sdata

MD5	`364bd37017ed8f81e9049ce9dac62cc7`
SHA1	`9fd4b494450741751ff2bd790dba7049f23043bc`
SHA256	`5e17a27c450c25569db19030a06e71dfeceeabacf27042598bf7cc140dd7cef2`
SHA3	`5ff4c696c3592c483bb64f2a5b29372faeb113a2bee699088a3daf360cdc78f0`
VirtualSize	`0x96`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.18384`

.rsrc

MD5	`88f2ea2643ae34f6650729299e183a2b`
SHA1	`d6a42cbba64c7a9934bb239dcd9fec0d1ca8cd7b`
SHA256	`e04caf823830ad7c4371454efeed58975419c163981a4a664441789686b10fe2`
SHA3	`082dc94d64b219183b5aed07f02035df7178a9162fe056e7c3470ccb1452e9f2`
VirtualSize	`0xa80`
VirtualAddress	`0xe000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.69081`

.reloc

MD5	`691c6cecdd1fd42d7afed39e3ec87bcc`
SHA1	`83f245d0e67b1e4c2b8a85ff1cb7123ea759ab39`
SHA256	`2e301614d394538756fb29b0fb01381b81ff8ce353b594f0acbc9be9ee7460f6`
SHA3	`17259489fa40b9ec0b721567e5825e00df8290c9cf4caf314b5a75abdcb8e7fe`
VirtualSize	`0xc`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71419`
MD5	`d2d15e1e362ef2edda7238e165376112`
SHA1	`c1e5af71c456dc766ad70e1a3abc6c97fda626d7`
SHA256	`7c5a5e79e83118e35690003b7af90edf66caea64b38e03bf65e555c49c3a5b31`
SHA3	`fa458690e3f40a331300e7fea11f1f2d9d24266b84ed5c645b5eb272677670e6`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53612`
MD5	`da1aeaa9a812c0a31fcc6e42e2f8e675`
SHA1	`58edba28c9067b74c7699bd5a12348e5f7c50e49`
SHA256	`bf763501e16f639d5223f88427789665cb0baa9af8877e2e83c65e16016ab8b1`
SHA3	`c12b7a9764a04702f5684387b5fb20a37874203cb2af7b41921d68496146d378`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47702`
Detected Filetype	Icon file
MD5	`29a1f473b6fc0b877ce30be83212f25a`
SHA1	`a66309103e9f7ff118fd964f2cd5ae04bbd4a322`
SHA256	`e5d571d7f26fa57c7e00290d0fa8aef8c1d519983e0aa5ecd75f5d4b41fa4cda`
SHA3	`c3b0b1b14385cdc2d88d02c11aaca33ca55d509d2fe1dce1777c05d32c0e8a30`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3036`
MD5	`f5bc895c20dc8393912241992cc78159`
SHA1	`39e30a0eacdafe1579875633bcf0725b3e64b780`
SHA256	`eeb76d68058f9e55a86eeba651e74ba722486f6df64adc5a48c074210cb9620a`
SHA3	`9a1e45521b63f79f85da17b60d422afe89ef97dc02a18d473a74e09d6e4ae1e9`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Microsoft
FileDescription	Setup_eFA
FileVersion (#2)	1.0.0.0
InternalName	Setup_eFA.exe
LegalCopyright	Copyright Â© Microsoft 2011
OriginalFilename	Setup_eFA.exe
ProductName	Setup_eFA
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Jan-05 08:56:09
Version	`0.0`
SizeofData	`122`
AddressOfRawData	`0xc01c`
PointerToRawData	`0xa41c`
Referenced File	C:\Users\901563\Documents\Visual Studio 2008\Projects\Setup_eFA\Setup_eFA\obj\Debug\Setup_eFA.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.