Manalyze report for 6bf2cc4e9d9901541214d7efc8bb8bb24ef5bddc238598333c843e421c042c6b

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2096-Jan-06 03:00:39
Assembly Version	12.0.0.1002
FileVersion	`12.0.0.1002`
ProductVersion	`1.0.0+7b33720e3a1f97d765faf71193859e08500723ac`
OriginalFilename	UpdateRetreiver.exe
FileDescription	UpdateRetreiver
ProductName	UpdateRetreiver
CompanyName	UpdateRetreiver

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Interesting strings found in the binary:	`Contains domain names: climatcon.com confetly.com https://confetly.com https://rani.climatcon.com https://rani.climatcon.com/r rani.climatcon.com`
Info	The PE is digitally signed.	`Signer: AMARYLLIS SIGNAL LTD` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`
Safe	VirusTotal score: 0/72 (Scanned on 2025-09-05 11:11:14)	`All the AVs think this file is safe.`

Hashes

MD5	`fe0f5c9c6aadffefdcd94cb517a95368`
SHA1	`b0301dd7627343b01154d1150c98a0d79b2ebb0f`
SHA256	`6bf2cc4e9d9901541214d7efc8bb8bb24ef5bddc238598333c843e421c042c6b`
SHA3	`d97a3a0a289428f266bf64bb6fdd253a076188cc450d79834e5196d42c5ea6f6`
SSDeep	`768:+xEogXReQMj7FVKhk3aKpv32I25YwwcPmer2RBYf2E/:+xIeQghVukl2IuwKmugBYfN`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2096-Jan-06 03:00:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0x5e00`
SizeOfInitializedData	`0xa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000007D7E (Section: .text)`
BaseOfCode	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x200`
Checksum	`0x17463`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c21ee3bded369e15948b9ae1fe35e8e4`
SHA1	`c6a0dfcc46236413e89e5f37680390ce57ba00fe`
SHA256	`554d0aa84ee7048a2f31271831bb2b59bd44d0dbedc1c2802630af3eb26abde0`
SHA3	`988e047b26af4f85032edd5cacb90069d8843da0d1975b354fb357c01609e005`
VirtualSize	`0x5d84`
VirtualAddress	`0x2000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.68497`

.rsrc

MD5	`0bcd6e23e43d287739450957b829ce6a`
SHA1	`847a11337a51ad14c6fcbbb7ba1eb9301b24a766`
SHA256	`78b3e1ab98e603b059f8cd0adba934005237044592345f87c97f565fb796de42`
SHA3	`2492f21acab646d8ff2ab40aed34dcabf1fa4536432c6aff461cb95bdb9298da`
VirtualSize	`0x854`
VirtualAddress	`0x8000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.44701`

.reloc

MD5	`2436cf735e961c7a85eacae8e533d3d1`
SHA1	`72ef21c5164afc0e61d90ffe1f2aaf71221f6879`
SHA256	`41d0911e1deb342bd024bbe7b342823204919ca7f18c0d3fbaf5472ea0957074`
SHA3	`ff5a065effa252d3f5bb0c7d736bc60de8f5065f59e7794ff0b82368d308a779`
VirtualSize	`0xc`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38535`
MD5	`cd276ecef440dd9c93232162cbefb873`
SHA1	`e22a0789ea278312207c21386716e53f349ad1cc`
SHA256	`c9b17b0ba94b0b94e9e4a0da52d3ca7f29e5368ff09432b5b9fbe21b3de01af4`
SHA3	`d5d09034184ae69edc53a71850da432547f7a5848b24abb2d929663b0fced339`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4bd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40446`
MD5	`86a646ac40f4cde4b7720aebb05269fb`
SHA1	`90bce6bc289f283a00e28640205a4dd48b15a2dd`
SHA256	`89f2a8b9a3a30af4673af9b9539aecfa775846227cf2cdd2f56fc813531cf8e9`
SHA3	`b14a32cf53f3af0de341f8e4f2af162b4e13c957afd9de0d5fbfceae30dc7c9b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	12.0.0.1002
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Assembly Version	12.0.0.1002
FileVersion (#2)	12.0.0.1002
ProductVersion (#2)	1.0.0+7b33720e3a1f97d765faf71193859e08500723ac
OriginalFilename	UpdateRetreiver.exe
FileDescription	UpdateRetreiver
ProductName	UpdateRetreiver
CompanyName	UpdateRetreiver

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.