Manalyze report for 705fe384c5d21806fab395dce0e36dbc

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
FileDescription	DataBase Technology
FileVersion	`0.0.2.30`
InternalName	dbFly.exe
LegalCopyright	Copyright © 2012
OriginalFilename	dbFly.exe
ProductName	DataBase Technology
ProductVersion	`1.7`
Assembly Version	0.0.2.30

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 microsoft.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org`
Suspicious		`Unusual section name found: .import`
Suspicious	The file contains overlay data.	`256 bytes of data starting at offset 0x388200.` `The overlay data has an entropy of 7.20473 and is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`705fe384c5d21806fab395dce0e36dbc`
SHA1	`c5c00b67babc6bbaa02998ab37bc4ae5620813e8`
SHA256	`ab1c382d64504a25b4b1ac44d16c19aa0328ab0ea8b0ff2ae9574fa80a446854`
SHA3	`93d5d94dd0a41f67d2c08abb1f7823844c3c3c66a572a3af63adca00119a3d1d`
SSDeep	`6144:bPrnYO9ESfo94d4U9Z6BGvgiRVyRxkIe/f4WL2rBZjsDg0iUKz+OIe/fC:TrnYHSY38abnPy`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x1f4c00`
SizeOfInitializedData	`0x200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x001F5A84 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x38b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NO_SEH`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`949cad4aa041e61d50890057142065ea`
SHA1	`bc88f21e8143515759cbda18e1ff37363b262c12`
SHA256	`50d293ce189e9d4ed6664065bdb1b1722a49b39298396396c24d4d2bdb2f41d9`
SHA3	`c580c2525fcd4fa4c89b5b44bf7714a2bbdd99757a13d4c36fd2903a51a604f5`
VirtualSize	`0x1f5000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1f4c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.25785`

.data

MD5	`7c3da049471bf1e6474f2f3385fce60e`
SHA1	`834014dea70ad10ea302964c400ebb1f562716a4`
SHA256	`616f5de37fb27cc4c903183993e2dfd374e9a950f00cb2f5915e5159f3fd7a21`
SHA3	`5ca8bc6a363a73729e50763d87dc694e9e656c872b137eb2f8b3c3962fef6132`
VirtualSize	`0x1000`
VirtualAddress	`0x1f6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1f5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0520112`

.import

MD5	`5b3962ee97e67053fecd368d101757ed`
SHA1	`9021ee1595af67ea804fd6736f6fe1db1c2bd637`
SHA256	`5bd4fab9fae464984ef87575bcb86f44663a0ec779b1725017c4ad30c6b9a80f`
SHA3	`8f15fa4e31187e0be9a783340940b4b555e5b36365a2a3f8fd8acbf83cd2db51`
VirtualSize	`0x200`
VirtualAddress	`0x1f7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.680525`

.reloc

MD5	`dcee7b59afb90bfa68cb9d35434bfe75`
SHA1	`7bb50a298f8f6d6fe1a432dbb18c81be31d802b8`
SHA256	`25416121445762b576285d36d108a38ca8354abad7618127ea29467469d0a05c`
SHA3	`bc4dd1d888a6af3e489f0ba1c8ad4f7f1fab5bfeea6a95cf55f70ccfbb0290b1`
VirtualSize	`0x200`
VirtualAddress	`0x1f8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1f6200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

.rsrc

MD5	`c8fca5747fe9e89fa5da2ddd42d19463`
SHA1	`06cc3fe073f1d793b88978a40ead9c140b0d2df7`
SHA256	`1c4c09acb49359645a59a527705c9e6064b94a0e7ecdb2d976fbdf4811d4c9ea`
SHA3	`ee22788f3182173a8eb80fd71af2c8229b0dfc340c7ae25229940a83df544225`
VirtualSize	`0x191e00`
VirtualAddress	`0x1f9000`
SizeOfRawData	`0x191e00`
PointerToRawData	`0x1f6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.13464`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16958`
MD5	`241483bb5e359fe22fd791567b1dfbea`
SHA1	`cfc90c63d5ac21670b2a0cca65e2bf326bf15238`
SHA256	`65cca25448e1b99d8819996bd19c648e73bdddd2bd5a310ddd29db0c249e4eee`
SHA3	`2761bb5e0ffddea2f0ddb5b31d747b6db6686c74fa157e8e4cc42c3ea61a0f44`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.31428`
MD5	`3c1db012c787a91a41cb006b28e3f221`
SHA1	`a3dd9f9387ead957a0d4874d11cabfe5fc44dc3d`
SHA256	`022ba01ba70bb67c8246b8d905e1fd5c34986105f9eacf9c4e0235336d6dd3e6`
SHA3	`e08903e94af08f151c536c0f8d25d471f0946be7a29b9601e30a4ac057d1df96`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68376`
MD5	`72a6be30705fbb27c51b29a37f880553`
SHA1	`5e3f48330c8d981b3fe900a8eb8a10a38bbb6db4`
SHA256	`461710804217503f6348c182645a660ef9df02697f58ea862c0683ca507e6340`
SHA3	`2f2ecbec6d5d97d843a8cdbfcd06e5e465e4c31d057abbc658240d452d9398bc`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66595`
MD5	`8f526d23ecff19d9c60d8aa25a3026c0`
SHA1	`b295f8260f6f83172b3e4f0c13b987866d8d2a12`
SHA256	`951d7fcd7ce9a387c6bc5243194ebb3e5284f9c1bc044299c50970273f79fc14`
SHA3	`6af1e32707f3981fb729eb7a55de5d51c86e72147d797ed2d0b8ac0d25220654`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23075`
MD5	`4458cb13fc0b0869ddf534966512ac53`
SHA1	`12562c2bd17c713200d7fd1e8ee331e17ecec849`
SHA256	`b11b5811ae6740114e7492b8de34257cee10a9471df1286c6ba1d1fb890c8678`
SHA3	`883e5c37b28268cff59c9f6f8ac0fd9b60e29e792cb8164e9d6efc9fe84ad164`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22896`
MD5	`9634bee9224112f98f39a13735928565`
SHA1	`a37745281405a76188461f31ffb34e014101171f`
SHA256	`5b598cc8afeca8249786af1302086155e8d97a1465c7ff345fc4f1369bb37ae0`
SHA3	`d3f2a13aba6ed8c177307a0a828bb24bb46ab4525c42b1342536b6d2a8a838ca`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62373`
MD5	`f5690915f54011a33658e53b3ec023d3`
SHA1	`d3f62a6f60501ed278dc1d4f1328a56ea770655e`
SHA256	`ccd7c82fcded49df2c2a37885e152beda2a52031ad6772aef142aa8b15e07e41`
SHA3	`a6ca383190b7861824b3500c8b40abef69fecc08dc209ccf3f5cdb9141fb7cd0`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61933`
MD5	`ed862f795a50ba22f40012d17b59956b`
SHA1	`73f5a1092fd14fe8c7afab3d74ad71fec896f5c5`
SHA256	`53758b5b4d8a6ee463a740678cd19070ba4b7af2ae033f1694ea938a554566f4`
SHA3	`b1138005253c5402d068caab7b322a432fde5d583e3fda7ae3c9d1217fbe77a1`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16017`
MD5	`2088b88f09a072b7b32f62539b9f8ef1`
SHA1	`e40e33b1467bbe2978bea078f66390c0fee831d4`
SHA256	`9ebcd6c574081da094467af9419d3e7e21e56111bd26dc36427e16f887cf7773`
SHA3	`9ce7e1603a264987e689bcc35bcb692a2198bd21325784d244c2c5727fecb928`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x108028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.87682`
MD5	`72dae69e100a720c71a249d34ff15826`
SHA1	`6198bcc38c4cd73569b1a3052171d311baeeaef1`
SHA256	`82697a904236a6c2436c0ea60b0a2ab5b71cd307edb27d2fcce809f526eacd1b`
SHA3	`578075e9f1ebf835bac47343ec7b8cc806919f23cefaef4c177405f622e0893f`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06312`
Detected Filetype	Icon file
MD5	`705e33755a1c985ea97ec8b820138f96`
SHA1	`dc52278f5e45a9ac1ed1c5a6073eaaf461af6686`
SHA256	`f90e1de5b54d5d71bd061ac204a67faf748d335d272602a7ab99276b63310267`
SHA3	`1707c15e95c794e27e17d254d019680258d60fa26cdba2ec32b546010a52c362`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35297`
MD5	`49b882a8b5f9bbff34476f31fd63ab54`
SHA1	`a5c29b0425838b6d3ee7daa1c2bf63b023871aa3`
SHA256	`a7e6c22606a391b6727803944214853b78649d9640e58e0351b84e33df385259`
SHA3	`1e838536640f9eeeb65524819204cba4dd5901983b345f6dc9c116b1547f82e9`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.2.30
ProductVersion	1.7.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	DataBase Technology
FileVersion (#2)	0.0.2.30
InternalName	dbFly.exe
LegalCopyright	Copyright © 2012
OriginalFilename	dbFly.exe
ProductName	DataBase Technology
ProductVersion (#2)	1.7
Assembly Version	0.0.2.30

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Yara error: ERROR_TOO_MANY_MATCHES