7076721507085d82824306f80a516eef

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2013-Dec-27 20:22:40
Debug artifacts boost.pdb
Comments Make Your PC Happy.
CompanyName Reason Software Company Inc.
FileDescription Boost by Reason
FileVersion 1.0.2.27680
InternalName boost.exe
LegalCopyright Copyright © 2013 Reason Software Company Inc.
LegalTrademarks Boost® is a registered trademark of Reason Software Company Inc.
OriginalFilename boost.exe
ProductName Boost by Reason
ProductVersion 1.0.2.27680
Assembly Version 1.0.2.27680

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
Suspicious Strings found in the binary may indicate undesirable behavior: Tries to detect virtualized environments:
  • 0f 01 0d 00 00 00 00 c3
Info Cryptographic algorithms detected in the binary: Uses constants related to SHA1
Suspicious Unusual section name found: .sdata
Info The PE is digitally signed. Signer: Reason Software Company Inc.
Issuer: VeriSign Class 3 Code Signing 2010 CA
Safe VirusTotal score: 0/59 (Scanned on 2017-02-23 16:54:52) All the AVs think this file is safe.

Hashes

MD5 7076721507085d82824306f80a516eef
SHA1 478f2b6f010e8d6147c112949f4c988d607de6bc
SHA256 1ee382a6ef1f7622b968fa92f6f9a50d4d24d6c2ebf822fe022af164e2582a31
SHA3 aaf6b0d2005be47eb4eff3dc132efb159e9c9b379df6ec30adf495a2dae020c3
SSDeep 98304:bE7CNJwUgm89H7KS5EzZseuw5JcsGrREZ3zyIp2d7mh3tUBkMV:KUY5GQicLrREZ30dyh3tw
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2013-Dec-27 20:22:40
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x521000
SizeOfInitializedData 0x4a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00522E1E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x524000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x52e000
SizeOfHeaders 0x400
Checksum 0x5286cc
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6bc2696de11c9694fd47f107e24f1429
SHA1 76f9d4b6dfe14e5664700f80ba65e37d94c60e22
SHA256 04a3293790513ac469fa2fd973b10f4080ee2c24808fb17b19734ec149163933
SHA3 86c53d4b966dc6b6f94abe9dd0f61a1235bbc13e7d20e53c6f2453ffe326e4fd
VirtualSize 0x520e24
VirtualAddress 0x2000
SizeOfRawData 0x521000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.64778

.sdata

MD5 f0257f81248d7a1af45032acfa95410d
SHA1 839aa137bbd17c7dab5c52b19ebc3d17f41f76de
SHA256 db055dcd11ba1e5e36af2902daf80023599f22dff9e636974deef38337c70639
SHA3 eab977af4ed89907aba1c02b28e5eda5af0ff14a13440dca9be17358efd0dcbf
VirtualSize 0x345
VirtualAddress 0x524000
SizeOfRawData 0x400
PointerToRawData 0x521400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.28126

.rsrc

MD5 4bfc35cc47e2f1eff2652ae6d3160a12
SHA1 0654352055e645afc32e539dabb4e13ba6c81e7f
SHA256 915ddd0d54943e05439e3a77f125331fa368b59aec734d53f54b485a2f10b5d4
SHA3 f87cca9ec172d770c0afc4a0935f0062ea9b672e4abad73ecc9f9ae11f5263ce
VirtualSize 0x42b8
VirtualAddress 0x526000
SizeOfRawData 0x4400
PointerToRawData 0x521800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.64635

.reloc

MD5 9c21f73095dd9ac9cdd5d3fe5c8e31cb
SHA1 07f70d57b88403ab9ff8737aa2de0094a17f3f65
SHA256 87796bd6f692aa2ead2ce860ea0a2942c1e9d25b8aab802707d3a394303a0622
SHA3 822358159bca3ae149bca32154d34b7243e7a4833acf92040525c53bb3225969
VirtualSize 0xc
VirtualAddress 0x52c000
SizeOfRawData 0x200
PointerToRawData 0x525c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0980042

Imports

mscoree.dll _CorExeMain

Delayed Imports

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.51999
MD5 e491bf44284fa3d6d730c72faf6ef2a7
SHA1 422f942f69a83a3a1a980e2c3fbb24c5c07fb8b1
SHA256 a713111d8600e83a7407a33d36302c3b78129400c8b935de070e27fd89045f4f
SHA3 1d06279bfd83001793f98d7ecdadd50c251fa1b8d734a49b7d5a2645a2456c1e

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.65724
MD5 b5493a5ea27c0e0afdee93299ab0ede7
SHA1 03d6d95df23518f48d1aa45ac74617c129f8de1d
SHA256 b0bc1e5de1f398a094235fa7b603278e5cb6a9e590b729b8695fcaaca1b57255
SHA3 bc8c491cb61ad1c5b50d14d1765546cbf7879edae183a38f8aee96f549b030d9

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.31641
MD5 5ca487fdc1d6c52301ee59d5d85ff0cc
SHA1 ab170b7a22f1c7c99a8a60ed4d56a317dd118558
SHA256 b49172a51d7c2d3d85af0d48fd0ca8a321fca09db425c6fc08aeabf9986fb9bd
SHA3 0a83000603916b20584ea2dfc1e6312441efc7ae449866398ed8c4b0a2dee5e6

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.49203
Detected Filetype Icon file
MD5 e86e7683b3d73b6f16a9dd2df4cd8d49
SHA1 2acd1fa175f4050bf64c9d97331582742f842b09
SHA256 59fd35b13bb55065442e8106035c8d760136e42360a8de3b4d5b71d3806d6b46
SHA3 dc8bc20d18a2cd1a5e2dcb7f3301e2c19f3de8073283bce25ba967127409428c

1

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x450
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.44942
MD5 b20d4ae406ddcab291daac8fb9aa46a8
SHA1 158f437b88c2b20a8447a11eef812902ec72feaf
SHA256 2d78f5aa8a698a8c298b83c7cf6eaa7a69099b45033d336106b3d60cce9c1f61
SHA3 8a992cb979c43c6e5e88296c51b38b8f663c7f9be1296515b19ce888012b7e73

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1ed
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.90893
MD5 56837bd9e91a98f1457b7fd19bc827ee
SHA1 a7267b406f43bdd5f319dd14130c7d3647e54d59
SHA256 ef3b4d6217d09d2debc9d1891d41a60aa6ffc53eeec8f56d3a3065890fdd4b77
SHA3 3a053ea8dd7d5cdf9c61b1593a531303fa55bd1d8a713f95d53e175ac356a069

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.2.27680
ProductVersion 1.0.2.27680
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Make Your PC Happy.
CompanyName Reason Software Company Inc.
FileDescription Boost by Reason
FileVersion (#2) 1.0.2.27680
InternalName boost.exe
LegalCopyright Copyright © 2013 Reason Software Company Inc.
LegalTrademarks Boost® is a registered trademark of Reason Software Company Inc.
OriginalFilename boost.exe
ProductName Boost by Reason
ProductVersion (#2) 1.0.2.27680
Assembly Version 1.0.2.27680
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 34
AddressOfRawData 0x5215a4
PointerToRawData 0x5211a4
Referenced File boost.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->