375320920e243d6b34a4df3db72cbf24

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Feb-02 19:57:26
Debug artifacts C:\Users\adria\Documents\GitHub\desktopPet\obj\x86\Release\DesktopPet.pdb
Comments Remembering the old 16-bit eSheep
CompanyName Adriano
FileDescription eSheep
FileVersion 1.0.2.0
InternalName DesktopPet.exe
LegalCopyright Copyright © 2015-2017
LegalTrademarks
OriginalFilename DesktopPet.exe
ProductName eSheep
ProductVersion 1.0.2.0
Assembly Version 1.0.2.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET DLL -> Microsoft
.NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: Looks for Qemu presence:
  • qeMu
Info The PE is digitally signed. Signer: Open Source Developer
Issuer: Certum Code Signing CA SHA2
Safe VirusTotal score: 0/71 (Scanned on 2019-01-27 22:57:04) All the AVs think this file is safe.

Hashes

MD5 375320920e243d6b34a4df3db72cbf24
SHA1 11b26f792718f3726da1d724e749728aa66f9353
SHA256 7672614e15d74a46d2a86faf86f38ada55e65bde6b85f8b5818ca10bec7cb170
SHA3 8d58003731a57730c84767de3ae0978b16fab4717435b5cd1ef146371a21daae
SSDeep 12288:hhO7UMMnW0LyJjYKjW1e6aN4+lCsfh/mCtiCkM:DzMMnW0LAEKjj6ViCm/m8iCkM
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Feb-02 19:57:26
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0xaee00
SizeOfInitializedData 0x2a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000B0C06 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0xb2000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xb8000
SizeOfHeaders 0x200
Checksum 0xc2cd4
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0e06fa9a4ee91055700e2df7c7cb790f
SHA1 ec407c4b724af48d959832e748505d19f669a02b
SHA256 5329e6f4482138ca360c7e08842d071a9feb200494519f71b9f8a5a78e50127d
SHA3 9c7a0a12aa3a67600af98e02cc38691f815ba41c2ea5c92d81b9ce024e7ab9e6
VirtualSize 0xaec0c
VirtualAddress 0x2000
SizeOfRawData 0xaee00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.56439

.rsrc

MD5 84571b33bd282f5a515165c00d9a35af
SHA1 de011c7afc4b29a175a30db59c1c13bea03b946b
SHA256 76547d48a93ee7f29b202caf7686d425037e335f973c077cd94b9ed344f7f4d5
SHA3 a06b05e54a5a303cf04b6ca8d75f1eaf65ac35a1d77a92bdf54b12acc7f0857e
VirtualSize 0x2738
VirtualAddress 0xb2000
SizeOfRawData 0x2800
PointerToRawData 0xaf000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.52703

.reloc

MD5 6ee4a828c2bea2f2510f4eb781808bdb
SHA1 572ba57d67c6d18992ba3d40b47648b8985ba8b2
SHA256 4a02bf0320065fdee6404954a521047bcca92fa56bc2ad3999e632a9b62558de
SHA3 764be15b69dc5c8ff712c9cfe775f1f5b59bfead56a95a0b2c7279b401614965
VirtualSize 0xc
VirtualAddress 0xb6000
SizeOfRawData 0x200
PointerToRawData 0xb1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.23074
MD5 ee67e9323c3d197678d39a5cf5d97faa
SHA1 8b31d1e05c14439ee333e7ad7a163a502ffa08b8
SHA256 01f75d3569f60dda333232aca4b321bd8735ab4bf4f2c93bfcbc6e530e3bd528
SHA3 5fb275c2c3ea08365efcc345451090f2b2a995aa8d8f43140fd5a8cb4f61eb0a

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.73156
MD5 0a057792e52bd9149f94394fa4bf07d6
SHA1 65cb69db66e9131ed486e7cc8741d98314f6eef7
SHA256 5a2c4208d31f7aa1f1448fa970e937b3bf4dab0cfc2f2b1baf46121f2b678e66
SHA3 c8eba5e685c71b516281581b9d8ed732d14d1921db79d6f62079369fe684921f

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21059
Detected Filetype Icon file
MD5 86561693760b088960969f3b7654507a
SHA1 82368be1644244e0fd66f1d737b3d45d26b2218f
SHA256 b1a9ff73f6a9d486c67f409a629924792ca40aa8966d45e48239863f63629fd0
SHA3 206e8d2db4680b7736ddcf7885984ca26fa1a66e72ec9073e8052ba82ea94408

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x374
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32175
MD5 e89d5f18ec27aa4c69e728fd1c5f50fe
SHA1 2adb6da48c609bcb5cf4d7b9eb6fa72d156cb3a6
SHA256 1a335f57b6f915eeff9aec308ef3ebda8af407d81097ee4d73760f4a6b7e8878
SHA3 c47c7d5f5f92152fdf0e910e0758f268f50f3d0c406abd98b0e773e103c9a82b

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xd2b
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.99406
MD5 6d76149df5460202697215e4f77fc246
SHA1 4fcce278cb9462a4ffc35d7e3e74e8f0aebe08d7
SHA256 97b3cdf0a83468f4a7aa1e21a17db5882b6b03b8dea2354569b2ebae71cd284d
SHA3 0bdcbb016ebd5cd13f1c04bad7a205f608e22d2dddf93d2f9ec09de1e92d23b0

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.2.0
ProductVersion 1.0.2.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Remembering the old 16-bit eSheep
CompanyName Adriano
FileDescription eSheep
FileVersion (#2) 1.0.2.0
InternalName DesktopPet.exe
LegalCopyright Copyright © 2015-2017
LegalTrademarks
OriginalFilename DesktopPet.exe
ProductName eSheep
ProductVersion (#2) 1.0.2.0
Assembly Version 1.0.2.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Feb-02 19:57:26
Version 0.0
SizeofData 284
AddressOfRawData 0xb0a98
PointerToRawData 0xaec98
Referenced File C:\Users\adria\Documents\GitHub\desktopPet\obj\x86\Release\DesktopPet.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors