×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2052-Dec-28 07:12:52
Debug artifacts
C:\Users\Noah\source\repos\Google Meet\Google Meet\obj\Debug\Google Meet.pdb
Comments
CompanyName
FileDescription
Google Meet
FileVersion
1.0.0.0
InternalName
Google Meet.exe
LegalCopyright
Copyright © 2021
LegalTrademarks
OriginalFilename
Google Meet.exe
ProductName
Google Meet
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Malicious
The program tries to mislead users about its origins.
The PE pretends to be from Google but is not signed!
Malicious
VirusTotal score: 3/69 (Scanned on 2021-04-05 22:39:58)
Rising:
Trojan.Zpevdo!8.F912 (CLOUD)
APEX:
Malicious
eGambit:
Unsafe.AI_Score_99%
MD5
6ae2e6c5e376f04ae1562b00dec29de9
SHA1
bf7386fe487a3d30681b26bcc8a600a7232be471
SHA256
bda3f32d0bb1916b46695f656d1960a339883bf0c060a2e223a664160caf9375
SHA3
6d6fb37c2cf45c5b5c4c02b097ba9c90e8fe0d890f34ee39bdd90fb7adfed2f4
SSDeep
3072:otjtjtjtGCoZIp9EQVyQSyN9EQVyQSyV:pArytCyt
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2052-Dec-28 07:12:52
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Magic
PE32
LinkerVersion
80.0
SizeOfCode
0x40200
SizeOfInitializedData
0x3c200
SizeOfUninitializedData
0
AddressOfEntryPoint
0x000421F2 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x44000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
6.0
Win32VersionValue
0
SizeOfImage
0x82000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
f75301848fd1d6d9117460769c6d6dee
SHA1
5a5c31f8831842baec40e00b711e7069bebbec3c
SHA256
6e6b5c31b32257fea6b03585258349efd98aeb0fc075e194baa716b9960a8192
SHA3
4d99204e35532c49ddb737ad75e3bb08a1f0682826dc38ca86e55b5fd23e4752
VirtualSize
0x401f8
VirtualAddress
0x2000
SizeOfRawData
0x40200
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
2.90293
MD5
5174991295e06c1086085e1fe564d5ac
SHA1
d870b27ee2a444b08266f79a37b04bd6353f53c4
SHA256
13a7129e9be5521a4a003b6a253e0839642131da06a07c88d2722059175fac51
SHA3
66681e38a3845c87a754dc1bd0284da808709671430a022f91ab830b7bbbf03a
VirtualSize
0x3bf68
VirtualAddress
0x44000
SizeOfRawData
0x3c000
PointerToRawData
0x40400
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
2.50234
MD5
0febb5c93dfa122197e352e38ea75409
SHA1
27189f5c1e73a1ec99f3603b4531411cb97ca2e8
SHA256
9488724bb2056a7225502447cd8d0add370961e059ed1b474009b11c301292c1
SHA3
37805bc0960ca0b90907871886e0e80b165d32f7cbfebaa0f43d23e08a269c04
VirtualSize
0xc
VirtualAddress
0x80000
SizeOfRawData
0x200
PointerToRawData
0x7c400
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x3b908
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.46012
MD5
712b20320f4f98c2c5a194b82275efbe
SHA1
4663d48d236ab25dc5baa934a4949a4e7fd26c18
SHA256
d3fde2589ecb6a7d94093c8f0926fc6726c3072bc00c308a7ad5c6912a55b1c3
SHA3
0fbe054d4c293a4230c57a72f7f2d9f719806b384cae1a128de79555c765b5ca
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x14
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.01924
Detected Filetype
Icon file
MD5
e133ceeb1f61d4669efaa5d109f63cf9
SHA1
7f4a4eee18147421cf12f69487a8024818aa8499
SHA256
45d896122ad4f1db7b07ce954aeb58f00f7d8730163a541b0d69e82e033ec371
SHA3
bf401747e59429a2ddfdd330bab7e5ebcdfe30df6c76d6c37a97cfc349bcb86f
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x32c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.27116
MD5
30586a79f4b3db75500e884ad6b4ab61
SHA1
e52974dbd326881169d23e66e3fa8daa07966b81
SHA256
beee196a075f2c624faa9b0410a966eee929145d56e7936bcdac2113cadd783f
SHA3
d293d18f69bbc19184dcc8b44dc32c26d929977a2bdfb592cdf63d34549a5ba8
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
b7db84991f23a680df8e95af8946f9c9
SHA1
cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256
539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3
4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
FileDescription
Google Meet
FileVersion (#2)
1.0.0.0
InternalName
Google Meet.exe
LegalCopyright
Copyright © 2021
LegalTrademarks
OriginalFilename
Google Meet.exe
ProductName
Google Meet
ProductVersion (#2)
1.0.0.0
Assembly Version
1.0.0.0
Characteristics
0
TimeDateStamp
2061-Oct-15 07:59:09
Version
0.0
SizeofData
101
AddressOfRawData
0x42138
PointerToRawData
0x40338
Referenced File
C:\Users\Noah\source\repos\Google Meet\Google Meet\obj\Debug\Google Meet.pdb
Characteristics
0
TimeDateStamp
1970-Jan-01 00:00:00
Version
0.0
SizeofData
0
AddressOfRawData
0
PointerToRawData
0