Manalyze report for 3337a5e1a220c716ec2541eb3863a797

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Apr-19 14:59:26
Debug artifacts	d:\CTF\題目\bin2\bin2\obj\Debug\bin2.pdb
FileDescription	bin2
FileVersion	`1.0.0.0`
InternalName	bin2.exe
LegalCopyright	Copyright © 2017
OriginalFilename	bin2.exe
ProductName	bin2
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`3337a5e1a220c716ec2541eb3863a797`
SHA1	`03a20fc763d3fc88168d245290ede879730f5a28`
SHA256	`e54e72e2f58c5967fbf3894c674e0f49526069e9fb8651e2fb904763c83d9791`
SHA3	`6092b94a72df96854b41570bb57e26a4805956c2383378bc0057623c0e12d9ad`
SSDeep	`192:909j3+mzkdeIfU/OlhAw8nI2vEVppZ93ECZ4qLYPcZ5wZ:90d3+mzkdeIfU/3w8nLs//90WTecZ5w`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Apr-19 14:59:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x1800`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000367E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0ed778990ab1d2ca02029f1aa079cd96`
SHA1	`3ce541ecc786a5120649b1f543748f6ef34d41d0`
SHA256	`3a9bf3adb125cb72d6de359d8e4aea0de26fe8b9ea1c87945c13e56115137f0b`
SHA3	`a2b7048ddef7c12f575b5df506b70e57f80158ea824b453f0b272fe15fd0903d`
VirtualSize	`0x1684`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.12828`

.rsrc

MD5	`742d690f95044b333be845dbf12d0dc7`
SHA1	`a76af1408b7e51d23bc8a9a6ac17ab13ae0fefb8`
SHA256	`9fb58a427c304d709e0b8b5fc8014738ddb22a0bdb2635b03a856de057eaadfb`
SHA3	`b351e21165596fdad971da3a98230598e576c35eabb5208d470817007842894a`
VirtualSize	`0x520`
VirtualAddress	`0x4000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.84685`

.reloc

MD5	`94c83615374c759567ac289fc2ed7d53`
SHA1	`ee7dbf5449926276ebbcdc8e476985ea48f76b2c`
SHA256	`05e8a0206031a2d5a0f4cc04801a666bdeb831c1c20fde2c4073c29545cf6caa`
SHA3	`a222255c281b71cd6e30920f26a04acdbb5aab2d1aafe261c13c5207cc5f9e7b`
VirtualSize	`0xc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x290`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23675`
MD5	`73c06df70f4f0915931f022b80effd8e`
SHA1	`51ec2bfdd5d79652b5ac81519bd1243320032507`
SHA256	`fbd47fef0065a5b986eb69646d623149959a4f740ff57ab15b7751c7627cabca`
SHA3	`f70420bd827e24638e12ddcdc628d837c393985401faa4dbd15ccb2f12d7f09d`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	bin2
FileVersion (#2)	1.0.0.0
InternalName	bin2.exe
LegalCopyright	Copyright © 2017
OriginalFilename	bin2.exe
ProductName	bin2
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Apr-19 14:59:26
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x3514`
PointerToRawData	`0x1714`
Referenced File	d:\CTF\題目\bin2\bin2\obj\Debug\bin2.pdb

TLS Callbacks

Load Configuration

RICH Header

3337a5e1a220c716ec2541eb3863a797

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors