Manalyze report for 48def172f4370348add9cc7fd91e711e1a3114f58e7eb0890c0fa4254adfec9f

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Dec-10 10:16:34
Debug artifacts	C:\Users\Nemanja2\Documents\Visual Studio 2010\Projects\SVE NOVO\Paysafecard\Paysafecard Main - v2\Paysafecard Main - v2\obj\x86\Release\paysafe card mv2.pdb
FileDescription	Paysafecard Main - v2
FileVersion	`1.0.0.0`
InternalName	paysafe card mv2.exe
LegalCopyright	Copyright © 2012
OriginalFilename	paysafe card mv2.exe
ProductName	Paysafecard Main - v2
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	Contains domain names: adobe.com ezhacks.net fileice.net fileml.com filesmy.com http://ezhacks.net http://fileml.com http://filesmy.com http://ns.adobe.com http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://purl.org http://www.fileice.net http://www.fileice.net/download.php?file http://www.iec.ch http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# ns.adobe.com www.fileice.net www.iec.ch www.w3.org
Suspicious		`Unusual section name found: .sdata`
Malicious	VirusTotal score: 3/52 (Scanned on 2014-08-21 04:42:25)	`Bkav: W32.Clod01f.Trojan.882f` `Symantec: WS.Reputation.1` `AntiVir: APPL/EzHack.A`

Hashes

MD5	`8f0671c2cbaeca75e47fea34793d0faf`
SHA1	`6f373b7f2bb1c9e7db12945f049508cf0188b99a`
SHA256	`48def172f4370348add9cc7fd91e711e1a3114f58e7eb0890c0fa4254adfec9f`
SHA3	`c0d5deadfb1f97d8935ad4ccfa62cfeb8643140695fb7f0afbf71f483cde809e`
SSDeep	`24576:ftYLLJSK6E3xH5hVSvq1ZOdavypJ/dsGtYLLJSK6E3xH5h:1YPUK6E3xZhVSSnOdiyb/vYPUK6E3xZ`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Dec-10 10:16:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0xdd400`
SizeOfInitializedData	`0x8e000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000DF3BE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xe0000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x172000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f1625b4339ad55b007eb56b42340ad1b`
SHA1	`3ac503f0ffcec5c6de195f7354189c059a7a707e`
SHA256	`d739e82afdb1e7cce8bbff431b30966ee0e6dd3dacc70ad689295ec59c98c36d`
SHA3	`e272a7c0ef9626e518e8ca5ea44d3a43b8dcea93939c2701316cdb9ec917ccd7`
VirtualSize	`0xdd3c4`
VirtualAddress	`0x2000`
SizeOfRawData	`0xdd400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40526`

.sdata

MD5	`eb9da0d98310221302985d7d3479df0d`
SHA1	`f20a72d9bf5b2a43aec23449537fca344e757ce9`
SHA256	`1045fc5cde46afde028c95a0ac04d65018266a18b30ae31e2eb93ef558e104af`
SHA3	`da04fc9243c8ef329d5f22d1c8b54a9f252da59c7fadfb51c19683ccab08cdd3`
VirtualSize	`0xd2`
VirtualAddress	`0xe0000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdd800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.92978`

.rsrc

MD5	`05ae202a8b72ef8d5bbab6ba5e3a0cb2`
SHA1	`a55ec2e2fdfaae1dcba807a09a991ed1f37795b7`
SHA256	`049d2734f1de59d9cd22e60aabe139b5a775f3451b11ef3186b46adece7b5c8c`
SHA3	`1809ca195b58e03caa5fcf896cc6272a67a06d055384f733c96dd6078af24bae`
VirtualSize	`0x8daf0`
VirtualAddress	`0xe2000`
SizeOfRawData	`0x8dc00`
PointerToRawData	`0xdda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.34927`

.reloc

MD5	`8695023d5a24c58e24e2946d63788c58`
SHA1	`dc3b5a88b1fe7a8c7fb509656a27b94d350c5dda`
SHA256	`329efaff8c55b9f7ad28443780e45b9e805db3a44dce5ae19fd01d30f5653397`
SHA3	`371b3c00844c3988e2edd9f63de9dfe3a6dc9a679ac4f9edf7bd41e03cc8fa60`
VirtualSize	`0xc`
VirtualAddress	`0x170000`
SizeOfRawData	`0x200`
PointerToRawData	`0x16b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45643`
MD5	`3201b4d548ad3cd66f63227d59861f8f`
SHA1	`24009cf70cd141318a23a1d6c79f2325a8dd71b3`
SHA256	`bfc67747891b3b279c9b28b4eb1a7d7d3a20bb3a2ec8800e3b4196b80e00bb8d`
SHA3	`f541c61f30ebe12c0bf47873d6ccae8a4af16812acac087397b6902b23a11350`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23393`
MD5	`2435299dba7c67ff143c3c09f8f2205d`
SHA1	`ac7460ccf377043bb5d8504754677110b7c33239`
SHA256	`131c51ef7f13e561678324fc4894036a9c6f1befe26a06e0010edd7d9874b0ab`
SHA3	`b3162f0cda443bb9ba4aac1edb2729d97241a00f58a4c55c712500f84eb5602c`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6975`
MD5	`0488b93151ef7d55688b62425ca087b7`
SHA1	`1216b4c780e36e6babf74c1068177c39c4a388b4`
SHA256	`264991273e1f0566d30474bf56469e6a9df1b95f07e54a40bf9df29f7b576323`
SHA3	`d8d7dde4eaefeb07a9a868d5790e31f31e1f39a83662662f208222a0866654ed`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.72841`
MD5	`80dd0ea2b1a9ee13005067bd49090441`
SHA1	`72368d1208238a75b603557691ffca3364650886`
SHA256	`048cefcf57579f1236677618377bbaebee43b0b4092539adb6a1d95e18d4da15`
SHA3	`16744be24adbbd575389089823cfa9d9fe4820d510d92694269e2035d7899f84`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.4634`
MD5	`53ef1abc8d78b5cac604eb03f0f9ad01`
SHA1	`4acc9985b24737ebc3bb59c13003be566ca32a54`
SHA256	`4c2613019599307222ce86e27d263e1d79981f2522d1799c7d053bbc30177a40`
SHA3	`eb48a43fcb5cb4556694bffe44780781fde7e46b461f678cf0bf20e4732f8cd3`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83001`
MD5	`f2ecc1c757eedad2470032f1346c7427`
SHA1	`cd3e3b8a1bd80cda38e68f7c7ff577d639918c23`
SHA256	`bc699ed7f55e3ab44f4cf0b76b194b8be57cdfe0b4ceecfbd75a6bd710d7e180`
SHA3	`37f82aa498d55a5a89f658e88ed71203108d2b6875ed33a85c9fa357f7dcb00d`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61292`
MD5	`b5b40601eec564b607441a27ca9d4a8f`
SHA1	`fa153fd43097d51e3d2898bb7c1c1f4be5ff6b12`
SHA256	`a65f5bc46ce18ce4d160e715c54b970e4c1fa779f7edb0216c66d669f4049d57`
SHA3	`4939809d9a6b9f27933f1f08cb12681b3a4ac36804ce9c46c7ad688860da21c9`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3976`
MD5	`2c741ce2060e0525f043318759df707e`
SHA1	`da56da2dabc602c729c79d6ce44305d9619a5a24`
SHA256	`99aa033852c3278ab7f1187317d77b52aff5b9ee02a8e5ece3feeb83642238bc`
SHA3	`69884a665af5483a8a61c3923f46900c13eee272ce4ab6c7fb4ce08ae8df6b46`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.76996`
MD5	`0f8e7a54ab51c8f2308d3728344ff990`
SHA1	`463c2baaebdf73f14bbfb57c0da40ad7c2a05a90`
SHA256	`112a254546125e7c59549f4b2c0dca828da67af03d4f7c7fba25b296eb254b56`
SHA3	`ff4ff1a90d6611e9450e1e544eb2be09d6006f6a983426883d93017c23a59460`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xa68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68184`
MD5	`e5ad1468f7cfa92a975952844f9bebb9`
SHA1	`a6587f5cce23a7b6d48009ce7e17878e3d31bb56`
SHA256	`aa78457a9425234f99fbbe6ecb9c5197cb4e5671dcacff4b479b8f40fc56ca87`
SHA3	`179e56163bae8c0d8908436c924b0b7f353658315ba65c23c9dc022228002728`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.55249`
MD5	`b27b39aa8d32f3088a87ae04e0a7b718`
SHA1	`68893b7e8dc626b467492c49256280cf9a78f8e8`
SHA256	`b332c1e464eb9defd1c0810cf1a960c0ddce469be24790246ec25606a1c9172b`
SHA3	`cd8f6380a70406475978ff5d3405933c21ba4944a5ef69be49cdf094d64d80e7`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87919`
MD5	`5885c43ea964940ed0061db8e29eab67`
SHA1	`2231f05e22a6ede7a6715cbc0c783d11bf55fbb3`
SHA256	`0a86685265f65366c6f0aa92ab9daf5ea46fc9758a7413982a7ce0149e340396`
SHA3	`29eb08f2ed2ffb2bb4cb120055a772985fa18d22b5882992fa7e9c1f1828306a`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xa068`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.3988`
MD5	`e96dd32a4e63ccdbe8127f59c1c1ce9e`
SHA1	`5c4db992265cf28ac0bfbdc8e2ca93cc845fb9e1`
SHA256	`6a71c16d983cc06c978e95ae89586e921dbd94eba39653e72fb072fa4470fd58`
SHA3	`96bdc3614d40c954843d38e5ac5621b6141a34bb7e519c78cf42fc9446fb9daa`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x32028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71377`
MD5	`83d298bcf13d27d4f95aba7745476d7a`
SHA1	`2416615664d621a26c6f8a576a512517288328e2`
SHA256	`d397c5d991d4473b6767662b5c46390ce69df3ea968b1547a49ae34c9a8791bc`
SHA3	`b3b751a5c88856741719256defcee178ae7b492373d23ab52b2d4d3bae38de5c`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99368`
MD5	`a2bc434645c422181cf0251e62a8d5f3`
SHA1	`ad504a56c0c622f14fb85c35bddad44875d5383a`
SHA256	`5d68c8839498c1f1bfd128a1a4238628d4ebabe980fa0022cde938b83b17e828`
SHA3	`86f79ae1f98ce11cbb1f4e27148b6991eaf09cc20a3a3464bf3d19f1efe21a8e`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08901`
Detected Filetype	Icon file
MD5	`34d4a2f8bdf94a7d864c670d430a9cab`
SHA1	`530f7b3aed07916795ce8849953c3e97868a0aae`
SHA256	`0bcf2fb21540d55f9e5b80c4b9175d717019815776d9da6ad5688f3a6a759d1a`
SHA3	`be2edef65b47a8c0a6c0d5a959ffec3661c9b4c0e79214c2ad22d1c982df2225`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32736`
MD5	`8cac824d12f2b02984024e32196b1328`
SHA1	`88ecfb3ad6e1415f3454a038a7b9786c1395b715`
SHA256	`e9250e840be256b81e178164f8c1e5ffe911998a3b0bd3af4a2ea0aa8891956d`
SHA3	`89e278fc4f608bb80719717e5fda3887ac717cfeab7c0377ca801c51b3414173`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	Paysafecard Main - v2
FileVersion (#2)	1.0.0.0
InternalName	paysafe card mv2.exe
LegalCopyright	Copyright © 2012
OriginalFilename	paysafe card mv2.exe
ProductName	Paysafecard Main - v2
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Dec-10 10:16:34
Version	`0.0`
SizeofData	`182`
AddressOfRawData	`0xe001c`
PointerToRawData	`0xdd81c`
Referenced File	C:\Users\Nemanja2\Documents\Visual Studio 2010\Projects\SVE NOVO\Paysafecard\Paysafecard Main - v2\Paysafecard Main - v2\obj\x86\Release\paysafe card mv2.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.