Manalyze report for 5abd275c51e72d1c9b77e2621003b5bf

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Apr-19 09:56:46
Debug artifacts	NNEnterprise.pdb
Comments	Interactive Network Diagrams
CompanyName	J.A.Green
FileDescription	Network Notepad Enterprise
FileVersion	`1.0.34.0`
InternalName	NNEnterprise.exe
LegalCopyright	© J.A.Green
LegalTrademarks
OriginalFilename	NNEnterprise.exe
ProductName	Network Notepad Enterprise
ProductVersion	`1.0.34.0`
Assembly Version	1.0.34.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	PEiD Signature:	`HQR data file`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	VirusTotal score: 2/68 (Scanned on 2021-05-01 13:47:54)	`Symantec: ML.Attribute.HighConfidence` `AhnLab-V3: Malware/Win32.Generic.C1140812`

Hashes

MD5	`5abd275c51e72d1c9b77e2621003b5bf`
SHA1	`5d39ba02ebd94aee0969b903db10969b1e0e495f`
SHA256	`4175f7dec20c4caabe8b70576e24d99db8d0c10b10e1220a5bd82399364a3b4b`
SHA3	`7c7c0735525e96f07a6f59ce0ccddf71954298c7fb98c95213848bd669f416be`
SSDeep	`49152:gqIRl9QCyDZZtgRmNnSMJWWVQ4YdmB/LXE7x:gqIRl9QCyHtgE6`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2021-Apr-19 09:56:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`80.0`
SizeOfCode	`0x391200`
SizeOfInitializedData	`0x2c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x003930DE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x394000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x39a000`
SizeOfHeaders	`0x200`
Checksum	`0x398fe5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`15`

.text

MD5	`a18d2b7ea054714535e672aa685e91cd`
SHA1	`40a1a738282c8e14872a8fa59c71e6885d0d7e96`
SHA256	`2497b7a5d915f6de895a41ef1c35bcfd71fe91b7a094631612a4eb83993b97cb`
SHA3	`4361b63e8e28fed199367ef434d77e42610ea317236bc135c61e66e657e4b5f8`
VirtualSize	`0x3910e4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x391200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32785`

.rsrc

MD5	`5a6b49a828bc8d2cffe9d775e3b5d8f0`
SHA1	`d5cc0af9704a0cff49be534c5673d5b59b1e2c2b`
SHA256	`1ec365d9887d8602bb69bc6871e1245fd6218ee13721b70b1a67d2d394e43388`
SHA3	`a766810876c6d7d46238aec8fbaccede919c1e9d68a8aac08b2ba76c58b1a095`
VirtualSize	`0x2898`
VirtualAddress	`0x394000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x391400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.40172`

.reloc

MD5	`d19fb89b2fc122811d51f0ad3cdc8ef4`
SHA1	`e1a66f7943d3436bb5f1e1a78af40a0065990854`
SHA256	`8c5f51799ca1c4741049943d63c8d21c8586e78986a78858d89f74806a567cd7`
SHA3	`e268bb8690f5aec3c97cb0f72816db55560da96d87ade3f3a2541b09949392ce`
VirtualSize	`0xc`
VirtualAddress	`0x398000`
SizeOfRawData	`0x200`
PointerToRawData	`0x393e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0980042`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01313`
MD5	`42dd474421985fbe18eaac304e863528`
SHA1	`17adcf7e31139e889e6d559e9384bca255a90070`
SHA256	`bc95915c90fab087c4d681e73031ad0c565b0beae217bae4549d6f86ca21bb4e`
SHA3	`ed5b24e20635df4821c049a8a9dc7679d7cb586698a35ac741ba9adbba18d339`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13951`
MD5	`700077641a75532a59349de05ac6fe04`
SHA1	`2441c065c3816ec0fa3ce27155b3cd1f23e60e04`
SHA256	`6498c1f35f0aa85a2cf14fb687495d64e5b3e6a96d7654fcea101093625d52b5`
SHA3	`e233b01825d3ae97853639c04541d11d08e13b824bf461574d8ec4d460b8b9e8`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.2603`
MD5	`f82095f60fad078b95c866cb95d14319`
SHA1	`6bb05b8e8c87f4a39207abf748276307c67707d0`
SHA256	`3de10ab6cfa2637fc0fc5c9b3010c3dcec4a2203ce8275ada237b7a1b48775f5`
SHA3	`322f60a1a21be71987211f9272c67507ff1862233fa0a37cf5eece5321121868`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.60746`
MD5	`c1a8557617d3675e48bd1d9005642bac`
SHA1	`a5ccf06c815854d485e017349ca364cae94ca7c3`
SHA256	`c6d69d75746cf8a8a24284eca5415a3e7c043acb0461a3beb985b98f8a215834`
SHA3	`ec6fea319107d563ec6fcf662eb225ed6a852e29479f34f002a41c9c09dd2ca9`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.46808`
Detected Filetype	Icon file
MD5	`3c069249eb2e0b2256ee690875dd0784`
SHA1	`a17ba78935f0601dba12d0dc3cd0a80d770b541b`
SHA256	`fbaee59a7324de1da237e7986281007fce6523442fed7892636a26c6e87756d1`
SHA3	`9a910ad3079edc6456204a3536464f4f96afd424f9df38de71fd3c5a1c908f32`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3be`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32136`
MD5	`d8f780e8c06adf8f0588d2edacdec998`
SHA1	`9d93515eeb80093d1b13cb402a7b5594a658f83b`
SHA256	`88d00657d63b4e7739d4ff63d2e02e1f124ee858426d29d5f682b25ef404d988`
SHA3	`81ded39c641dc746d171ca28cb54558ca28ed0971e0fb1c5b9179e32be785f08`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.34.0
ProductVersion	1.0.34.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Interactive Network Diagrams
CompanyName	J.A.Green
FileDescription	Network Notepad Enterprise
FileVersion (#2)	1.0.34.0
InternalName	NNEnterprise.exe
LegalCopyright	© J.A.Green
LegalTrademarks
OriginalFilename	NNEnterprise.exe
ProductName	Network Notepad Enterprise
ProductVersion (#2)	1.0.34.0
Assembly Version	1.0.34.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`41`
AddressOfRawData	`0x393061`
PointerToRawData	`0x391261`
Referenced File	NNEnterprise.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Could not read a WIN_CERTIFICATE's header.