Manalyze report for 70ea5636565a989fa29252ba173947ad

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Dec-09 18:58:19
Detected languages	English - United Kingdom English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	The file contains overlay data.	`17939 bytes of data starting at offset 0x1c00.` `The overlay data has an entropy of 7.54074 and is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`70ea5636565a989fa29252ba173947ad`
SHA1	`ec70a558c1eb93145f50cb70b2ae29ea4878a647`
SHA256	`ff0c477c1f6fe76d76d2ecf56734b4434531ab46790725d865695d4ff7f950bb`
SHA3	`a0818d4e38b99d27212c24c6ac97c8058fe43b712948eee6170baabe4d6d1232`
SSDeep	`384:xvcTqOGaY5LOzYOXBcD4B6JxoQv7NRkcFSTLTXdpFpp7GvLeMPPx0:xvdnR5LO0OXWFxPRTFS7Xznwe0Px0`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x40`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x2`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0xb400`
e_oeminfo	`0xcd09`
e_lfanew	`0x40`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2010-Dec-09 18:58:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002E5E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`728a86ca9bdbcf2a883d4936f2f7454a`
SHA1	`84777ad2937953d07279a326574a106bff5f4a70`
SHA256	`3f18e925f05d2c5949f26e2b846c5cf58c2d175a833d1590e91d183d418c5b2e`
SHA3	`a5e32f11125f95ed34da8ed0f4443e04a27138441441c9e849c3527046bb62e2`
VirtualSize	`0xe64`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.2553`

.rsrc

MD5	`f2f6a14eb3c904cfd3507599c24f8db6`
SHA1	`2551605bdf30b60ef7c17c88799373fdb5e02544`
SHA256	`9e4867aa8734c2a2aab497321c12ed9e764d5d2522fd3d5b60752c46b028d081`
SHA3	`84abc3e591dd7e7389c3d3cbe05307451140efa70352520bf802004bc8c4a552`
VirtualSize	`0x7a4`
VirtualAddress	`0x4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.24493`

.reloc

MD5	`b697236972080f8957416ba337132243`
SHA1	`b0cd3f23aaf293a1e6487279ed04845a1eacea93`
SHA256	`12838a7fa2ab3fd627493fc1eb5dc23d20d45183a7dbcd1b876a7e5569b27c70`
SHA3	`73a780fef6a87b9e807671cf0fb50f773904c7b6ff8b62e933511702ee33cec2`
VirtualSize	`0xc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50177`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71419`
MD5	`d2d15e1e362ef2edda7238e165376112`
SHA1	`c1e5af71c456dc766ad70e1a3abc6c97fda626d7`
SHA256	`7c5a5e79e83118e35690003b7af90edf66caea64b38e03bf65e555c49c3a5b31`
SHA3	`fa458690e3f40a331300e7fea11f1f2d9d24266b84ed5c645b5eb272677670e6`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53612`
MD5	`da1aeaa9a812c0a31fcc6e42e2f8e675`
SHA1	`58edba28c9067b74c7699bd5a12348e5f7c50e49`
SHA256	`bf763501e16f639d5223f88427789665cb0baa9af8877e2e83c65e16016ab8b1`
SHA3	`c12b7a9764a04702f5684387b5fb20a37874203cb2af7b41921d68496146d378`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0207`
MD5	`5a32206e4bb9d06170ae00fa980db49b`
SHA1	`126a45f48625322ba11eb0acf1ade9115ad6802b`
SHA256	`9f2fc067639866642bb1a73fb43006d233e569d25566b16dedec472fe5d3c5c3`
SHA3	`bfab9d66b065ea131bdc44ac811cfcf4d5c43a1075f9b6d16f0c8f2f20237cac`

Version Info

TLS Callbacks

Load Configuration

RICH Header

70ea5636565a989fa29252ba173947ad

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors