Manalyze report for 375320920e243d6b34a4df3db72cbf24

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Feb-02 19:57:26
Debug artifacts	C:\Users\adria\Documents\GitHub\desktopPet\obj\x86\Release\DesktopPet.pdb
Comments	Remembering the old 16-bit eSheep
CompanyName	Adriano
FileDescription	eSheep
FileVersion	`1.0.2.0`
InternalName	DesktopPet.exe
LegalCopyright	Copyright © 2015-2017
LegalTrademarks
OriginalFilename	DesktopPet.exe
ProductName	eSheep
ProductVersion	`1.0.2.0`
Assembly Version	1.0.2.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: qeMu`
Info	The PE is digitally signed.	`Signer: Open Source Developer` `Issuer: Certum Code Signing CA SHA2`
Safe	VirusTotal score: 0/71 (Scanned on 2019-01-27 22:57:04)	`All the AVs think this file is safe.`

Hashes

MD5	`375320920e243d6b34a4df3db72cbf24`
SHA1	`11b26f792718f3726da1d724e749728aa66f9353`
SHA256	`7672614e15d74a46d2a86faf86f38ada55e65bde6b85f8b5818ca10bec7cb170`
SHA3	`8d58003731a57730c84767de3ae0978b16fab4717435b5cd1ef146371a21daae`
SSDeep	`12288:hhO7UMMnW0LyJjYKjW1e6aN4+lCsfh/mCtiCkM:DzMMnW0LAEKjj6ViCm/m8iCkM`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Feb-02 19:57:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xaee00`
SizeOfInitializedData	`0x2a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000B0C06 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xb2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb8000`
SizeOfHeaders	`0x200`
Checksum	`0xc2cd4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0e06fa9a4ee91055700e2df7c7cb790f`
SHA1	`ec407c4b724af48d959832e748505d19f669a02b`
SHA256	`5329e6f4482138ca360c7e08842d071a9feb200494519f71b9f8a5a78e50127d`
SHA3	`9c7a0a12aa3a67600af98e02cc38691f815ba41c2ea5c92d81b9ce024e7ab9e6`
VirtualSize	`0xaec0c`
VirtualAddress	`0x2000`
SizeOfRawData	`0xaee00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56439`

.rsrc

MD5	`84571b33bd282f5a515165c00d9a35af`
SHA1	`de011c7afc4b29a175a30db59c1c13bea03b946b`
SHA256	`76547d48a93ee7f29b202caf7686d425037e335f973c077cd94b9ed344f7f4d5`
SHA3	`a06b05e54a5a303cf04b6ca8d75f1eaf65ac35a1d77a92bdf54b12acc7f0857e`
VirtualSize	`0x2738`
VirtualAddress	`0xb2000`
SizeOfRawData	`0x2800`
PointerToRawData	`0xaf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.52703`

.reloc

MD5	`6ee4a828c2bea2f2510f4eb781808bdb`
SHA1	`572ba57d67c6d18992ba3d40b47648b8985ba8b2`
SHA256	`4a02bf0320065fdee6404954a521047bcca92fa56bc2ad3999e632a9b62558de`
SHA3	`764be15b69dc5c8ff712c9cfe775f1f5b59bfead56a95a0b2c7279b401614965`
VirtualSize	`0xc`
VirtualAddress	`0xb6000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23074`
MD5	`ee67e9323c3d197678d39a5cf5d97faa`
SHA1	`8b31d1e05c14439ee333e7ad7a163a502ffa08b8`
SHA256	`01f75d3569f60dda333232aca4b321bd8735ab4bf4f2c93bfcbc6e530e3bd528`
SHA3	`5fb275c2c3ea08365efcc345451090f2b2a995aa8d8f43140fd5a8cb4f61eb0a`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73156`
MD5	`0a057792e52bd9149f94394fa4bf07d6`
SHA1	`65cb69db66e9131ed486e7cc8741d98314f6eef7`
SHA256	`5a2c4208d31f7aa1f1448fa970e937b3bf4dab0cfc2f2b1baf46121f2b678e66`
SHA3	`c8eba5e685c71b516281581b9d8ed732d14d1921db79d6f62079369fe684921f`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21059`
Detected Filetype	Icon file
MD5	`86561693760b088960969f3b7654507a`
SHA1	`82368be1644244e0fd66f1d737b3d45d26b2218f`
SHA256	`b1a9ff73f6a9d486c67f409a629924792ca40aa8966d45e48239863f63629fd0`
SHA3	`206e8d2db4680b7736ddcf7885984ca26fa1a66e72ec9073e8052ba82ea94408`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32175`
MD5	`e89d5f18ec27aa4c69e728fd1c5f50fe`
SHA1	`2adb6da48c609bcb5cf4d7b9eb6fa72d156cb3a6`
SHA256	`1a335f57b6f915eeff9aec308ef3ebda8af407d81097ee4d73760f4a6b7e8878`
SHA3	`c47c7d5f5f92152fdf0e910e0758f268f50f3d0c406abd98b0e773e103c9a82b`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd2b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99406`
MD5	`6d76149df5460202697215e4f77fc246`
SHA1	`4fcce278cb9462a4ffc35d7e3e74e8f0aebe08d7`
SHA256	`97b3cdf0a83468f4a7aa1e21a17db5882b6b03b8dea2354569b2ebae71cd284d`
SHA3	`0bdcbb016ebd5cd13f1c04bad7a205f608e22d2dddf93d2f9ec09de1e92d23b0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.2.0
ProductVersion	1.0.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Remembering the old 16-bit eSheep
CompanyName	Adriano
FileDescription	eSheep
FileVersion (#2)	1.0.2.0
InternalName	DesktopPet.exe
LegalCopyright	Copyright © 2015-2017
LegalTrademarks
OriginalFilename	DesktopPet.exe
ProductName	eSheep
ProductVersion (#2)	1.0.2.0
Assembly Version	1.0.2.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Feb-02 19:57:26
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0xb0a98`
PointerToRawData	`0xaec98`
Referenced File	C:\Users\adria\Documents\GitHub\desktopPet\obj\x86\Release\DesktopPet.pdb

TLS Callbacks

Load Configuration

RICH Header

375320920e243d6b34a4df3db72cbf24

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors