Manalyze report for 4f3590fa2cd25ecc8ce90cef8ad68841

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Dec-22 14:18:16
Debug artifacts	C:\BuildAgent\work\418938d249503ab8\Setup\SetupSIM\obj\Release\SetupSIM.pdb
Comments	Flavor=Retail
CompanyName	Snow Software AB
FileDescription	SetupSIM
FileVersion	`5.25.3183.0`
InternalName	SetupSIM.exe
LegalCopyright	Copyright © 2016
LegalTrademarks
OriginalFilename	SetupSIM.exe
ProductName	Snow Integration Manager
ProductVersion	`5.25.3183.0`
Assembly Version	5.25.3183.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware` `Looks for VirtualPC presence: 0f 3f 07 0b` `May have dropper capabilities: CurrentVersion\Run` `Contains another PE executable: This program cannot be run in DOS mode.` `Contains domain names: adobe.com http://ns.adobe.com http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# ns.adobe.com www.w3.org`
Info	The PE is digitally signed.	`Signer: Snow Software AB` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`4f3590fa2cd25ecc8ce90cef8ad68841`
SHA1	`32a28d629cf3d64a6285850fc8357d26a894ef91`
SHA256	`876e4d1a9ee35a75b6ae513bbe94f7962cea755ab236c3417cd0933064123e7a`
SHA3	`0c7d4b05fecae2c66ac9c41664f7ef9cd46b52414c21c2e624e4b5d791cd8033`
SSDeep	`786432:QBlFeOW5++wHIszxEUBlFeOW5+CwHIszxyt:QBlFe15++wHIOBlFe15+CwHI5`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Dec-22 14:18:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x1c87400`
SizeOfInitializedData	`0x1ac00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x01C89252 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x1c8a000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1ca8000`
SizeOfHeaders	`0x200`
Checksum	`0x1caa478`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`92568a9b46cf871b2d79b607cf5d4eee`
SHA1	`da96d9afe1fd759b76a960a09793368ff794aa7d`
SHA256	`917e64317ca2cb686271c1d22acc10ba4ead166ce08839ba591ad3d6552ccf69`
SHA3	`f40301557053e9bb3fcc03cf2cdde659fa355bab818ca50e26bda49e378b219b`
VirtualSize	`0x1c87258`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1c87400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.9904`

.rsrc

MD5	`995ee9699631b2f297ae44271353d3c6`
SHA1	`9e60e07f874299d2fa447928b57e638997735d4e`
SHA256	`b9879cc302ee36cc5762e2c18d197c5bfdd646ed0c750e150380929f38ce1991`
SHA3	`02a779bba64821260424b8f8be04d8bec34263dd06333d06d99d1a1a40a22a18`
VirtualSize	`0x1a818`
VirtualAddress	`0x1c8a000`
SizeOfRawData	`0x1aa00`
PointerToRawData	`0x1c87600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.59279`

.reloc

MD5	`bb8c9aeff11d643bc8f7dc57fe6918a9`
SHA1	`2d573c2918d80aaf68a1812252b86d55ba666038`
SHA256	`a88db2b3b097365d40e42d74cd696c0355e42c6cc9d31d9e4116bdcef38b8557`
SHA3	`ca4748acda2433851afcef68ed0636a82dc9689477429d12377a25bcf2d07faf`
VirtualSize	`0xc`
VirtualAddress	`0x1ca6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1ca2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.122276`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1b18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90301`
Detected Filetype	PNG graphic file
MD5	`52379cadf638d827f82cad1db3e8ba12`
SHA1	`8549701f89ecb9ce5b9627da0ad463c3b5f1bf39`
SHA256	`7c0aa3bac9f7c8dc632c88d3b95ab7a8f6a7ad59d2272e3f61b2a975cdab9c20`
SHA3	`2f96da7256b73741812529143426806ca59cf9af3008986dd86271955acbf3cf`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82004`
MD5	`83fe9c703f84ac76859de57c38da209c`
SHA1	`468cb27b855fc115445cc01258eeb3460897fb9a`
SHA256	`b97486b65dbcbce738a004644f1a639dfdebe33f42a473fa2068f340690d08b9`
SHA3	`7130f007275c1f39343c28518e267b8594bd8d63de584bf4f72aa5135fe4aa9b`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0625`
MD5	`6c8e7768b9719c4a52b28fdee5fc1c03`
SHA1	`34d2dd0e738779aa83e89ef2c890a108c018a61e`
SHA256	`f87047dc8dae24d95e42372a11cd0843d0410e35ffc51c3669ccbf94a7df50f6`
SHA3	`12ec16f0036920605437f39baa41ffb752c9a486ebf6808b5c6d789771fd7353`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26587`
MD5	`66b351780c56a3dffc07f952b0fdc6a7`
SHA1	`97e50aec713c8cd22bf31ce61aa89e61e0d87e37`
SHA256	`bc51ac086525934c614e9ebe0caedaf4874e5bd381fe3933beb43a57adb02d74`
SHA3	`1752face56e21c043a1bed81a0bdb1096c51559416bad64359d38ff4e631a64e`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44774`
MD5	`684cdd6d2028ddf801555724666f6f86`
SHA1	`ff0bdef670c24e2d449936b3424acbf6b39ed4a3`
SHA256	`1ddd2830f7a258e59126ed8a023ad7646a18f196953b037efbc50845564bb4e3`
SHA3	`43daf3f56a1fa7b2437f3157ccf2c613099c9caabf221c2630029263c5bed393`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.83352`
MD5	`babcc692abe7886f3c77ec0af541cbc0`
SHA1	`65afc7052a5c70ce70892e8fe70cb7821720afde`
SHA256	`2faf3c2f39edad735c6def5c1065d48a1e955f2ae7e8af4e34ae0f0fa17fb991`
SHA3	`ae4d052f8973f14437b07536bac1d341315c242ac52c24e67f67c3e2713569db`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`0c943e97eff7255fd63bad57c5103719`
SHA1	`33d76f6c5b81ae1c1c43cd2b3191ba51b8882a4e`
SHA256	`63ff3fd4f453ba80d11aae9d24309d122f9432ca669b78d9be4fc38ed3bd8be1`
SHA3	`5d72bb687b7af80a7f32d6895679e16ff5d3f43ee92639f02b3b5af18996163e`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43286`
MD5	`48957dbac6290b79bebd217d6907916d`
SHA1	`db24baef94ca7a5571a17b1afaf7ced2dc10c527`
SHA256	`56ea99ebde7d4a668571047c29df73e05c8b88ec7f85d7ae28c67ee984271cc0`
SHA3	`a2074fac01f045751ae5e928a405dd0bc8644c788cdd5a397e01f3cd399572ef`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.25.3183.0
ProductVersion	5.25.3183.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Flavor=Retail
CompanyName	Snow Software AB
FileDescription	SetupSIM
FileVersion (#2)	5.25.3183.0
InternalName	SetupSIM.exe
LegalCopyright	Copyright © 2016
LegalTrademarks
OriginalFilename	SetupSIM.exe
ProductName	Snow Integration Manager
ProductVersion (#2)	5.25.3183.0
Assembly Version	5.25.3183.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Dec-22 14:18:15
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x1c890e4`
PointerToRawData	`0x1c872e4`
Referenced File	C:\BuildAgent\work\418938d249503ab8\Setup\SetupSIM\obj\Release\SetupSIM.pdb

TLS Callbacks

Load Configuration

RICH Header

4f3590fa2cd25ecc8ce90cef8ad68841

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors