×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2021-Apr-19 09:56:46
Debug artifacts
NNEnterprise.pdb
Comments
Interactive Network Diagrams
CompanyName
J.A.Green
FileDescription
Network Notepad Enterprise
FileVersion
1.0.34.0
InternalName
NNEnterprise.exe
LegalCopyright
© J.A.Green
LegalTrademarks
OriginalFilename
NNEnterprise.exe
ProductName
Network Notepad Enterprise
ProductVersion
1.0.34.0
Assembly Version
1.0.34.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
Suspicious
PEiD Signature:
HQR data file
Info
Cryptographic algorithms detected in the binary:
Uses constants related to MD5
Suspicious
VirusTotal score: 2/68 (Scanned on 2021-05-01 13:47:54)
Symantec:
ML.Attribute.HighConfidence
AhnLab-V3:
Malware/Win32.Generic.C1140812
MD5
5abd275c51e72d1c9b77e2621003b5bf
SHA1
5d39ba02ebd94aee0969b903db10969b1e0e495f
SHA256
4175f7dec20c4caabe8b70576e24d99db8d0c10b10e1220a5bd82399364a3b4b
SHA3
7c7c0735525e96f07a6f59ce0ccddf71954298c7fb98c95213848bd669f416be
SSDeep
49152:gqIRl9QCyDZZtgRmNnSMJWWVQ4YdmB/LXE7x:gqIRl9QCyHtgE6
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2021-Apr-19 09:56:46
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
Magic
PE32
LinkerVersion
80.0
SizeOfCode
0x391200
SizeOfInitializedData
0x2c00
SizeOfUninitializedData
0
AddressOfEntryPoint
0x003930DE (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x394000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x39a000
SizeOfHeaders
0x200
Checksum
0x398fe5
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
15
MD5
a18d2b7ea054714535e672aa685e91cd
SHA1
40a1a738282c8e14872a8fa59c71e6885d0d7e96
SHA256
2497b7a5d915f6de895a41ef1c35bcfd71fe91b7a094631612a4eb83993b97cb
SHA3
4361b63e8e28fed199367ef434d77e42610ea317236bc135c61e66e657e4b5f8
VirtualSize
0x3910e4
VirtualAddress
0x2000
SizeOfRawData
0x391200
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
6.32785
MD5
5a6b49a828bc8d2cffe9d775e3b5d8f0
SHA1
d5cc0af9704a0cff49be534c5673d5b59b1e2c2b
SHA256
1ec365d9887d8602bb69bc6871e1245fd6218ee13721b70b1a67d2d394e43388
SHA3
a766810876c6d7d46238aec8fbaccede919c1e9d68a8aac08b2ba76c58b1a095
VirtualSize
0x2898
VirtualAddress
0x394000
SizeOfRawData
0x2a00
PointerToRawData
0x391400
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
5.40172
MD5
d19fb89b2fc122811d51f0ad3cdc8ef4
SHA1
e1a66f7943d3436bb5f1e1a78af40a0065990854
SHA256
8c5f51799ca1c4741049943d63c8d21c8586e78986a78858d89f74806a567cd7
SHA3
e268bb8690f5aec3c97cb0f72816db55560da96d87ade3f3a2541b09949392ce
VirtualSize
0xc
VirtualAddress
0x398000
SizeOfRawData
0x200
PointerToRawData
0x393e00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0980042
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.01313
MD5
42dd474421985fbe18eaac304e863528
SHA1
17adcf7e31139e889e6d559e9384bca255a90070
SHA256
bc95915c90fab087c4d681e73031ad0c565b0beae217bae4549d6f86ca21bb4e
SHA3
ed5b24e20635df4821c049a8a9dc7679d7cb586698a35ac741ba9adbba18d339
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x8a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
6.13951
MD5
700077641a75532a59349de05ac6fe04
SHA1
2441c065c3816ec0fa3ce27155b3cd1f23e60e04
SHA256
6498c1f35f0aa85a2cf14fb687495d64e5b3e6a96d7654fcea101093625d52b5
SHA3
e233b01825d3ae97853639c04541d11d08e13b824bf461574d8ec4d460b8b9e8
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x468
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.2603
MD5
f82095f60fad078b95c866cb95d14319
SHA1
6bb05b8e8c87f4a39207abf748276307c67707d0
SHA256
3de10ab6cfa2637fc0fc5c9b3010c3dcec4a2203ce8275ada237b7a1b48775f5
SHA3
322f60a1a21be71987211f9272c67507ff1862233fa0a37cf5eece5321121868
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x568
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.60746
MD5
c1a8557617d3675e48bd1d9005642bac
SHA1
a5ccf06c815854d485e017349ca364cae94ca7c3
SHA256
c6d69d75746cf8a8a24284eca5415a3e7c043acb0461a3beb985b98f8a215834
SHA3
ec6fea319107d563ec6fcf662eb225ed6a852e29479f34f002a41c9c09dd2ca9
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x3e
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.46808
Detected Filetype
Icon file
MD5
3c069249eb2e0b2256ee690875dd0784
SHA1
a17ba78935f0601dba12d0dc3cd0a80d770b541b
SHA256
fbaee59a7324de1da237e7986281007fce6523442fed7892636a26c6e87756d1
SHA3
9a910ad3079edc6456204a3536464f4f96afd424f9df38de71fd3c5a1c908f32
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x3be
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.32136
MD5
d8f780e8c06adf8f0588d2edacdec998
SHA1
9d93515eeb80093d1b13cb402a7b5594a658f83b
SHA256
88d00657d63b4e7739d4ff63d2e02e1f124ee858426d29d5f682b25ef404d988
SHA3
81ded39c641dc746d171ca28cb54558ca28ed0971e0fb1c5b9179e32be785f08
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.34.0
ProductVersion
1.0.34.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
Interactive Network Diagrams
CompanyName
J.A.Green
FileDescription
Network Notepad Enterprise
FileVersion (#2)
1.0.34.0
InternalName
NNEnterprise.exe
LegalCopyright
© J.A.Green
LegalTrademarks
OriginalFilename
NNEnterprise.exe
ProductName
Network Notepad Enterprise
ProductVersion (#2)
1.0.34.0
Assembly Version
1.0.34.0
Characteristics
0
TimeDateStamp
1970-Jan-01 00:00:00
Version
0.0
SizeofData
41
AddressOfRawData
0x393061
PointerToRawData
0x391261
Referenced File
NNEnterprise.pdb
[*] Warning: Could not read a WIN_CERTIFICATE's header.