3b0623a664ebfbf9eac72f705b97f9e6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2039-Dec-18 04:32:35
Debug artifacts MobiOffice_Setup.pdb
CompanyName MobiSystems Inc.
FileDescription MobiOffice
FileVersion 10.10.8183.1
InternalName MobiOffice_Setup.exe
LegalCopyright © 2015-2024 MobiSystems Inc. All rights reserved.
OriginalFilename MobiOffice_Setup.exe
ProductName MobiOffice
ProductVersion 10.10.58183.0+b142426f143f9eb60874f1c025331626ef971462
Assembly Version 10.10.8183.1

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET DLL -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
Contains domain names:
  • AppCenter.Bootstrapper.Properties.Resources.de
  • AppCenter.Bootstrapper.Properties.Resources.es
  • AppCenter.Bootstrapper.Properties.Resources.fr
  • AppCenter.Bootstrapper.Properties.Resources.it
  • AppCenter.Bootstrapper.Properties.Resources.ru
  • Bootstrapper.Properties.Resources.de
  • Bootstrapper.Properties.Resources.es
  • Bootstrapper.Properties.Resources.fr
  • Bootstrapper.Properties.Resources.it
  • Bootstrapper.Properties.Resources.ru
  • MobiSystems.AppCenter.Bootstrapper.Properties.Resources.de
  • MobiSystems.AppCenter.Bootstrapper.Properties.Resources.es
  • MobiSystems.AppCenter.Bootstrapper.Properties.Resources.fr
  • MobiSystems.AppCenter.Bootstrapper.Properties.Resources.it
  • MobiSystems.AppCenter.Bootstrapper.Properties.Resources.ru
  • MobiSystems.com
  • Mobisystems.com
  • Properties.Resources.de
  • Properties.Resources.es
  • Properties.Resources.fr
  • Properties.Resources.it
  • Properties.Resources.ru
  • Resources.de
  • Resources.es
  • Resources.fr
  • Resources.it
  • Resources.ru
  • Setup.de
  • Setup.es
  • Setup.fr
  • Setup.it
  • Setup.ru
  • analytics.com
  • cfg.mobisystems.com
  • connect.mobisystems.com
  • developers.google.com
  • exp.connect.mobisystems.com
  • google-analytics.com
  • google.com
  • googleapis.com
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/appx/manifest/externaldependencies
  • http://schemas.microsoft.com/expression/blend/2008
  • http://schemas.microsoft.com/winfx/2006/xaml
  • http://schemas.microsoft.com/winfx/2006/xaml/presentation
  • http://schemas.microsoft.com/winfx/2006/xaml/presentation/options
  • http://schemas.openxmlformats.org
  • http://schemas.openxmlformats.org/markup-compatibility/2006
  • https://cfg.mobisystems.com
  • https://cfg.mobisystems.com/update
  • https://connect.mobisystems.com
  • https://connect.mobisystems.com/api
  • https://developers.google.com
  • https://developers.google.com/analytics/devguides/collection/protocol/ga4
  • https://exp.connect.mobisystems.com
  • https://exp.connect.mobisystems.com/api
  • https://storage.googleapis.com
  • https://storage.googleapis.com/ms-apps-bucket-exp/update
  • https://storage.googleapis.com/ms-apps-bucket-test/update
  • https://test.connect.mobisystems.com
  • https://test.connect.mobisystems.com/api
  • https://www.google-analytics.com
  • https://www.google-analytics.com/debug/mp/collect
  • https://www.google-analytics.com/mp/collect
  • microsoft.com
  • mobisystems.com
  • openxmlformats.org
  • schemas.microsoft.com
  • schemas.openxmlformats.org
  • sentry.mobisystems.com
  • storage.googleapis.com
  • test.connect.mobisystems.com
  • www.google-analytics.com
Info The PE is digitally signed. Signer: MobiSystems
Issuer: DigiCert Global G3 Code Signing ECC SHA384 2021 CA1
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 3b0623a664ebfbf9eac72f705b97f9e6
SHA1 3c58f41a21c543865a353854b660696f1cff7aef
SHA256 8579cfaaaf704373c902e6bc5a8bf2269b4185551c737c7e8e407a3c59361134
SHA3 30bf05a5f47907b0d988e35691ec3f38f9be6017ef7d60dd522e4a627c7a0216
SSDeep 24576:9Ubjj2Vi67/fLfSDyFoBkkA1BIwmR3/DhuN8TIlTM6aXl6m:9UXjql7DSmanAG3/DFuTjaXlX
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2039-Dec-18 04:32:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x17e000
SizeOfInitializedData 0x25e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0017FEBE (Section: .text)
BaseOfCode 0x2000
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1a8000
SizeOfHeaders 0x200
Checksum 0x1b5395
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a6fe843d12d4e913da7b3d272760acbc
SHA1 f0d4b7346b33da51b9d1f5d6e6a5916fc90897ae
SHA256 0c52a6764771b676a4f29ea0ca4fc09ef202241938c01b67a27cf85c6f29dad1
SHA3 2d41ab784a484f6ad3a4311afd6676d33345eababcec96820f420ac5f6a78408
VirtualSize 0x17dec4
VirtualAddress 0x2000
SizeOfRawData 0x17e000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.50453

.rsrc

MD5 633033729791b693672c8de838bcfee1
SHA1 4cf8e3af69c0fc64b60e71523ddf0ec66122567e
SHA256 f393a4f1f95791154df1040356e8de0a7a0cb82a9b81d126fc4944492a1e843d
SHA3 87b4cdd88ba9579b4b68fc71d1ce5a0dd66527ad027c1537ca4b75a2767a0daa
VirtualSize 0x25a9c
VirtualAddress 0x180000
SizeOfRawData 0x25c00
PointerToRawData 0x17e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.18165

.reloc

MD5 3b8be2a97fe8da4910c0375993230e95
SHA1 90bfd689466978f5d84973f078e0983bbbf27e05
SHA256 6b727c258c39f651db94a39aeba8bfb8ea1b508a273f02fa4b7e56d2f9e51b48
SHA3 b72ec8c76d022900174cc090697fdc94de2aebc1c625a1f3aba9824ba97de07f
VirtualSize 0xc
VirtualAddress 0x1a6000
SizeOfRawData 0x200
PointerToRawData 0x1a3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.96564
MD5 0b7e3ecff048f9ee067d5e8d91b5a5eb
SHA1 e7384c18ea82a48a3aef1a7e2f75d1a7f6030c2f
SHA256 8b4dbc33d5bb1d8ab5f3ac65d527744a47daa5b839c1a9f5b2e0b8f0b9e5c575
SHA3 07ef83eb7c7c638a61bb244be294d59c69d982cea0ac9ce46b8a98dc4581c235

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x6b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.79356
MD5 c0ae6d44d77504f3ecfd1144b66c7213
SHA1 6d4621e7ccf1725dd4a5dae125a47d795ca95afa
SHA256 8da82bb579e44f66208a37ebf3cc3f5475e0cad830022b4ec3b371553cebae23
SHA3 b8011a9183a8816e622c334bf9e67a27bd509405914f5a494e1633c6bcda28e6

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.76002
MD5 1a32efdaf7b8d1771b462b21621f080e
SHA1 ecce6aa692c0b98aac12a1ed45ffb49caa1b6fd2
SHA256 b332f0422b92f558888897c28a1f5f1100c987052d16d566af8d799cf8d7e363
SHA3 8e18e0445fd5fd4514d5842b7f451e10ec48777d99bb0b5a5f2d0c0709f3ff21

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.60323
MD5 2c347c3b20692ab68256ee915a2a6720
SHA1 e0654ac6b7c1b939b5198ad1c99e30dd6baf70ed
SHA256 78f3eea85ce5972c0cd7b9cd7f37047a9c18cd68652cef0d409c9891cfc2826d
SHA3 be3e8179713ac2a3aba88d836f9a95dbab577e5641f5fcdc462df7fac8e84e6e

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x1a68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.09314
MD5 a70d6cbdd1f5cadb2d5c7cc07c07799e
SHA1 2fd6d50e021a03850da61fafeabd1053eac83c3e
SHA256 06843865bf39840c93c9496a09f64b3a6385498d1c9e0baf2f75ca6f543950ee
SHA3 491464f1a3c2b8df3e2fe47a54896aae25591a281d7784d0649744eb0df217b2

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.87659
MD5 c8cc7a678b29e8106f2642356f26df45
SHA1 1e27aec86f43b09bc4766d0486128051988a3050
SHA256 4a7ca45c46f54cb1ff2858cfd090f913f08a5b6f3a67f910af0b7e0b33e4f15f
SHA3 5ebbc4c3cda10b8298bf9e586ab1c2c34b7515b584763bcf31ffb23e85cbd469

7

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x3a48
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.61203
MD5 947cf860f0e582290bbc24b2d77af1c3
SHA1 592a7bd8a96099427cd5001c4e22ebf0b3ce13c0
SHA256 0029370cf1a18099b2feddda6f52c182c7d00c77fdddf1cc717ec8fded2b8e8e
SHA3 2aecd683b53fd77de4adf7e044e509cae50d6071ddfff249fdfdef0c9a156ce0

8

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.6374
MD5 1e23026df8239d742a69bcd937465e9d
SHA1 a57a00a378dadfdd5e2aa6fd6559a72111502848
SHA256 af02d958c46f5d80ebc0fbdbe261a081204ef1149debe285ff10cb3e68adf235
SHA3 cb66ec15e778dabec679bca84150df66fcb46e5f5812199f8179992eeab9a4e7

9

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5488
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.59374
MD5 fc95700029c59e9d29d93a8ce7bbc976
SHA1 a1dbd0bf298e36394fa8690cf958f902bbdd22cd
SHA256 629a459cc83407b3e0478c588ace094da734a10565c7c24b53d6c70bbf0e8fe8
SHA3 b38e907c5fb021249ef2ae9560da599d16087d120bc151ec66e0a265120d35e2

10

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x67e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.60598
MD5 ca3784a9130e2bd90e390d139e82f356
SHA1 a51de88ac06da661558676056970587eaf3983df
SHA256 dd4519df98631f525e614e9fea94d90f73b32d12410598df64314b90e99f9568
SHA3 4d75fdabcc7b4f0f1279b4fe4c2ec2a715f3e47f4b49ba25579ab41c28150ff3

11

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.33675
MD5 630d3346a29e13da8ce29c4fe6ac35da
SHA1 59f026ba4c63e2ad0542fb47a60a935715059c52
SHA256 cb6e02ada1cd94496392810fe98420a37a9217cfc90ef661d631e138df7e6bb6
SHA3 9263120d601d57486ce894b0050239488e79e63c6aa8e32652944699d354ab66

12

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x1994
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.86954
Detected Filetype PNG graphic file
MD5 cb703d20f2ad2c89243591370e640707
SHA1 96079de93e8b8e7f3cf869994df406b74a24d6a5
SHA256 6431a739937c38a83e4a347dcd5980028f1325474ddab7ecd803d1031a2569f5
SHA3 a940c44bf5a6fc716df2b739f0ad55d0e72d2d2dc6015e478699e994df6ef0d9

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0xae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20218
Detected Filetype Icon file
MD5 ebaff9a06854fd834bf57a481d87797a
SHA1 ed257f39550351fca1237f579fe41047633eb61a
SHA256 569652f6c57fafa0832d2d0891dbfd9494a5331cbf4ff5709daf9955f66c70c8
SHA3 06a965b54ac8315e4bd79e211de6a3f089acd32ab4aaed42c8dcaf893aa7ac41

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x3d2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.51615
MD5 f9c904760ff11d966a0120613e88bf21
SHA1 5f9f53391f46c10a2a518f77ce9e322a8ac41b25
SHA256 fd6293d862928e258f2ca344f1fd3efbfaa90c1946f8af5887e288c6898f3349
SHA3 ba2265949f01cbfb56d1f94316e85562a0881cfd7423767a7a8b9b83943423c0

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x658
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.8216
MD5 83a281746c6a84c991fd38999e2be9d1
SHA1 a5952a3bd0ef5dc8a8e821bfdd2c3c497f698414
SHA256 b60b6ab7a292063f2195f646db2a7aa2462faf765029cddb9a9c98c140033877
SHA3 80471ad3530cb07ff3c483baabcc82fb46bfa8a85abbee16c1b9dd68500b8b6d

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.10.8183.1
ProductVersion 10.10.58183.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName MobiSystems Inc.
FileDescription MobiOffice
FileVersion (#2) 10.10.8183.1
InternalName MobiOffice_Setup.exe
LegalCopyright © 2015-2024 MobiSystems Inc. All rights reserved.
OriginalFilename MobiOffice_Setup.exe
ProductName MobiOffice
ProductVersion (#2) 10.10.58183.0+b142426f143f9eb60874f1c025331626ef971462
Assembly Version 10.10.8183.1
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2039-Dec-18 04:32:35
Version 256.20557
SizeofData 45
AddressOfRawData 0x169638
PointerToRawData 0x167838
Referenced File MobiOffice_Setup.pdb

UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 256.256
SizeofData 92171
AddressOfRawData 0x169665
PointerToRawData 0x167865

UNKNOWN (#2)

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0x17e070

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->