×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2017-Feb-02 19:57:26
Debug artifacts
C:\Users\adria\Documents\GitHub\desktopPet\obj\x86\Release\DesktopPet.pdb
Comments
Remembering the old 16-bit eSheep
CompanyName
Adriano
FileDescription
eSheep
FileVersion
1.0.2.0
InternalName
DesktopPet.exe
LegalCopyright
Copyright © 2015-2017
LegalTrademarks
OriginalFilename
DesktopPet.exe
ProductName
eSheep
ProductVersion
1.0.2.0
Assembly Version
1.0.2.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
.NET DLL -> Microsoft
.NET executable -> Microsoft
Suspicious
Strings found in the binary may indicate undesirable behavior:
Looks for Qemu presence:
Info
The PE is digitally signed.
Signer: Open Source Developer
Issuer: Certum Code Signing CA SHA2
Safe
VirusTotal score: 0/71 (Scanned on 2019-01-27 22:57:04)
All the AVs think this file is safe.
MD5
375320920e243d6b34a4df3db72cbf24
SHA1
11b26f792718f3726da1d724e749728aa66f9353
SHA256
7672614e15d74a46d2a86faf86f38ada55e65bde6b85f8b5818ca10bec7cb170
SHA3
8d58003731a57730c84767de3ae0978b16fab4717435b5cd1ef146371a21daae
SSDeep
12288:hhO7UMMnW0LyJjYKjW1e6aN4+lCsfh/mCtiCkM:DzMMnW0LAEKjj6ViCm/m8iCkM
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2017-Feb-02 19:57:26
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
48.0
SizeOfCode
0xaee00
SizeOfInitializedData
0x2a00
SizeOfUninitializedData
0
AddressOfEntryPoint
0x000B0C06 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0xb2000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0xb8000
SizeOfHeaders
0x200
Checksum
0xc2cd4
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
0e06fa9a4ee91055700e2df7c7cb790f
SHA1
ec407c4b724af48d959832e748505d19f669a02b
SHA256
5329e6f4482138ca360c7e08842d071a9feb200494519f71b9f8a5a78e50127d
SHA3
9c7a0a12aa3a67600af98e02cc38691f815ba41c2ea5c92d81b9ce024e7ab9e6
VirtualSize
0xaec0c
VirtualAddress
0x2000
SizeOfRawData
0xaee00
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
6.56439
MD5
84571b33bd282f5a515165c00d9a35af
SHA1
de011c7afc4b29a175a30db59c1c13bea03b946b
SHA256
76547d48a93ee7f29b202caf7686d425037e335f973c077cd94b9ed344f7f4d5
SHA3
a06b05e54a5a303cf04b6ca8d75f1eaf65ac35a1d77a92bdf54b12acc7f0857e
VirtualSize
0x2738
VirtualAddress
0xb2000
SizeOfRawData
0x2800
PointerToRawData
0xaf000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
5.52703
MD5
6ee4a828c2bea2f2510f4eb781808bdb
SHA1
572ba57d67c6d18992ba3d40b47648b8985ba8b2
SHA256
4a02bf0320065fdee6404954a521047bcca92fa56bc2ad3999e632a9b62558de
SHA3
764be15b69dc5c8ff712c9cfe775f1f5b59bfead56a95a0b2c7279b401614965
VirtualSize
0xc
VirtualAddress
0xb6000
SizeOfRawData
0x200
PointerToRawData
0xb1800
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0815394
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x468
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.23074
MD5
ee67e9323c3d197678d39a5cf5d97faa
SHA1
8b31d1e05c14439ee333e7ad7a163a502ffa08b8
SHA256
01f75d3569f60dda333232aca4b321bd8735ab4bf4f2c93bfcbc6e530e3bd528
SHA3
5fb275c2c3ea08365efcc345451090f2b2a995aa8d8f43140fd5a8cb4f61eb0a
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.73156
MD5
0a057792e52bd9149f94394fa4bf07d6
SHA1
65cb69db66e9131ed486e7cc8741d98314f6eef7
SHA256
5a2c4208d31f7aa1f1448fa970e937b3bf4dab0cfc2f2b1baf46121f2b678e66
SHA3
c8eba5e685c71b516281581b9d8ed732d14d1921db79d6f62079369fe684921f
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x22
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.21059
Detected Filetype
Icon file
MD5
86561693760b088960969f3b7654507a
SHA1
82368be1644244e0fd66f1d737b3d45d26b2218f
SHA256
b1a9ff73f6a9d486c67f409a629924792ca40aa8966d45e48239863f63629fd0
SHA3
206e8d2db4680b7736ddcf7885984ca26fa1a66e72ec9073e8052ba82ea94408
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x374
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.32175
MD5
e89d5f18ec27aa4c69e728fd1c5f50fe
SHA1
2adb6da48c609bcb5cf4d7b9eb6fa72d156cb3a6
SHA256
1a335f57b6f915eeff9aec308ef3ebda8af407d81097ee4d73760f4a6b7e8878
SHA3
c47c7d5f5f92152fdf0e910e0758f268f50f3d0c406abd98b0e773e103c9a82b
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0xd2b
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.99406
MD5
6d76149df5460202697215e4f77fc246
SHA1
4fcce278cb9462a4ffc35d7e3e74e8f0aebe08d7
SHA256
97b3cdf0a83468f4a7aa1e21a17db5882b6b03b8dea2354569b2ebae71cd284d
SHA3
0bdcbb016ebd5cd13f1c04bad7a205f608e22d2dddf93d2f9ec09de1e92d23b0
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.2.0
ProductVersion
1.0.2.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
Remembering the old 16-bit eSheep
CompanyName
Adriano
FileDescription
eSheep
FileVersion (#2)
1.0.2.0
InternalName
DesktopPet.exe
LegalCopyright
Copyright © 2015-2017
LegalTrademarks
OriginalFilename
DesktopPet.exe
ProductName
eSheep
ProductVersion (#2)
1.0.2.0
Assembly Version
1.0.2.0
Characteristics
0
TimeDateStamp
2017-Feb-02 19:57:26
Version
0.0
SizeofData
284
AddressOfRawData
0xb0a98
PointerToRawData
0xaec98
Referenced File
C:\Users\adria\Documents\GitHub\desktopPet\obj\x86\Release\DesktopPet.pdb