Manalyze report for 378542173eb8633569eb16ce6acd97b2

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Sep-19 07:14:58
Debug artifacts	C:\Users\Frasgarov\Documents\cashin\CashInTerminalWpf\obj\x86\Release\CashInTerminalWpf.pdb
Comments
CompanyName	Bank of Baku
FileDescription	CashInTerminalWpf
FileVersion	`5.1.10.94`
InternalName	CashInTerminalWpf.exe
LegalCopyright	Copyright © Microsoft 2013
LegalTrademarks
OriginalFilename	CashInTerminalWpf.exe
ProductName	CashInTerminalWpf
ProductVersion	`5.1.10.94`
Assembly Version	5.1.10.94

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Accesses the WMI: root\CIMV2` Contains domain names: adobe.com bankofbaku.com http://ns.adobe.com http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://purl.org http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://tempuri.org http://www.bankofbaku.com http://www.bankofbaku.com/PaymentService http://www.bankofbaku.com/PaymentService0 http://www.bankofbaku.com/PaymentService2 http://www.bankofbaku.com/PaymentService9 http://www.bankofbaku.com/PaymentServiceT http://www.bankofbaku.com/PaymentServiceU http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# http://www.w3.org/2001/XMLSchema inkscape.org microsoft.com ns.adobe.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org tempuri.org www.bankofbaku.com www.inkscape.org www.w3.org
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`378542173eb8633569eb16ce6acd97b2`
SHA1	`216a9d134e36f0787edb8e2016292bce3ea5b8e5`
SHA256	`f66a01e41ed20dfa41dde67a53a3a1beef5bf30fc9c7b80af926cbf240b08c31`
SHA3	`be4d0c48d98bdf452312afbd6fabecea20cd24906e080775d9081caa6dd62f1b`
SSDeep	`98304:3Qqy17cOmqK9NV76qIeEfHqEGWCr41OuAOuxnMqSSlAPrNy:3Qq2cOmqK9NgqIeE9CEFmOTN`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2023-Sep-19 07:14:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x527000`
SizeOfInitializedData	`0x26200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00528DF2 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x52a000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x552000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7222133511630cd6a9873486c011b10d`
SHA1	`644775831af90dd1a83d19e1edc5418dbc8d0db6`
SHA256	`3c538d61330c4e1dbb3c6e28345a976998430ac8db0b2d9c283838d3aa119f2d`
SHA3	`0b7dccf292e3d2ebbf857ffb9248fe5e68da9017eb22727b2f07858aa51ff1d0`
VirtualSize	`0x526e78`
VirtualAddress	`0x2000`
SizeOfRawData	`0x527000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.67761`

.rsrc

MD5	`f4bc455d5a0ef058670e3ab24cdebea4`
SHA1	`4a7319dd5f11680a23e80c0f5772fac827349019`
SHA256	`6b2727888c77a6859a7c68b78ca3e0909368601c6404d1931bdc9fd32d8f1a88`
SHA3	`63d76fec86742e30167ec56142c1eaa7ed267eeb495b7bc9f7af7309afaa5d9a`
VirtualSize	`0x25f64`
VirtualAddress	`0x52a000`
SizeOfRawData	`0x26000`
PointerToRawData	`0x527200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.72197`

.reloc

MD5	`f4fdca3dfcc5a920050c63cd6e4f5250`
SHA1	`be5aaf2b1c0c8a947ab98c71e5ce8f4d91962eed`
SHA256	`4560898e8707845db09f9b36bbdd55d9bc6886c022506d523cbd2a63b176129f`
SHA3	`037595f5aba5ff62c1672a402730f78e4cc4fbef9a210b35ed7fa5bca95ef144`
VirtualSize	`0xc`
VirtualAddress	`0x550000`
SizeOfRawData	`0x200`
PointerToRawData	`0x54d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.98924`
MD5	`02c0b4b6f914693098d6cf1bc2386e7d`
SHA1	`a1a67707687ab030cb2cdd61315e5a3d38b98a7c`
SHA256	`672bf62e5a1301b3ba762f1226406bfa7fe112e2d6c7268e5aaaed8e52fd3367`
SHA3	`88fab25ee16faec5f3633bdf216e256282de7638ec4f340d7fec89aa1e089193`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.94993`
MD5	`a6a9261349556ff438c81edd612b2f38`
SHA1	`bc4a5d356a42c642b0b92783312497e952be9353`
SHA256	`28a01fd3fce3f1c47418e7d0583f2943faa6054991b5c5fdea5ffd831904356d`
SHA3	`6ecd259861540952cc9208d8dbd3ac57ff17b5c598808a274e741f0b188e44fa`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x7601`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97331`
Detected Filetype	PNG graphic file
MD5	`e024ef0001874c8b4cc043a99cfc0815`
SHA1	`664ce4ff0dd7140712ac0f4ed28ff3e0758c3dd6`
SHA256	`9b9790cf78cf98aa1c2cf851173ecebd086f21c5c498eed3d4190337278769ea`
SHA3	`07dbbbe2e40345474eca14d44e96b86559b046ea1dda097df0d1de324582b0cc`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79848`
MD5	`a2cb2d7b0cf6fa2d10610e7781f635de`
SHA1	`8d1afed38276bae65de2c5252718eace7111caf7`
SHA256	`496fe3294b245525f41f558c37fdd5c9001722d1ff6b05103bcfbcc64de7f90a`
SHA3	`0c53f9a8f062b3c6d3c8a69178f097be981c9b18ed23b110b62f16eebbb6dfd2`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.60386`
MD5	`684f2cc8d43efef383f3565f699169a7`
SHA1	`f0f0f3d71415ae198096d556e4c96047783fae6b`
SHA256	`6ac0213863f2c092392fc06811017c669b0b69642c4f7f2261137e26b29bb9e0`
SHA3	`006deb01de597557354cc9c117b70a2e90e0cbd84e0baf5d85710559fe189916`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67525`
MD5	`a466ec218b969e2e56b318f776685738`
SHA1	`a929b61a5c0a5a417134f309f322c9d2880185ec`
SHA256	`6437575fe55aa13f2ef0faf5588f8ed9d7e617706bb3e0b144b245f8d269c539`
SHA3	`2c1a2471d3ef3273e6d0997a005628e2b3a04d0ed36fbbbd30176caf45a7eab7`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15106`
MD5	`2a2520e1d0636156c286132d612e98d0`
SHA1	`b6b994b7920aa33e95a4525ebc2c145e56051994`
SHA256	`7b99f7968dcfb19a7d2dd34a2760b8022e9a052d28ea5e09ce9f62a2d266f9e9`
SHA3	`634494163bdc13f8a934b121d44c712c662e55c0dca0f7f0e6b1b555e3c598e7`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89512`
MD5	`1fa20fd11851cffb372461759ef34731`
SHA1	`48a01805034ffabb3c10727f5e11142d8d715321`
SHA256	`571c152e7723d88348ce65fade445e4e542c8b8b4b4a6c520fa502f50e44207a`
SHA3	`59ad91503879e99e3b8724d7d6a6f8460715c1751c97f3c4b1e05de0ec6f3292`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93753`
Detected Filetype	Icon file
MD5	`c882f6afcb5cdb93a9ca865c5e59d627`
SHA1	`a74dc827c09ce412639ba3f88aa1cbb574637bd4`
SHA256	`6e4b7ceff778ec12ed8d784c3627a047c8bde75253f647c8d8f845c85a970901`
SHA3	`f1109ff728c194c6caec52f40cca2730d546b26231d852deb58179c4a03ee4b3`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42773`
MD5	`4266f7dbef02d1ae6d9fefe82f447f53`
SHA1	`23b4f9145f4dc69c92d447f24b0a0710dd896e58`
SHA256	`c49410600962c1cbb7ac320340aa84a4f71606d9e8cdb80183e4a63f73d39cee`
SHA3	`60ced913f54309c0f6659db7e9dfc1ce6610777425df3433755d6bc54e1b3725`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.1.10.94
ProductVersion	5.1.10.94
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Bank of Baku
FileDescription	CashInTerminalWpf
FileVersion (#2)	5.1.10.94
InternalName	CashInTerminalWpf.exe
LegalCopyright	Copyright © Microsoft 2013
LegalTrademarks
OriginalFilename	CashInTerminalWpf.exe
ProductName	CashInTerminalWpf
ProductVersion (#2)	5.1.10.94
Assembly Version	5.1.10.94

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Sep-19 07:14:58
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x528c84`
PointerToRawData	`0x526e84`
Referenced File	C:\Users\Frasgarov\Documents\cashin\CashInTerminalWpf\obj\x86\Release\CashInTerminalWpf.pdb

TLS Callbacks

Load Configuration

RICH Header

378542173eb8633569eb16ce6acd97b2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

32512

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors