×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date
2014-Feb-27 09:24:17
Detected languages
English - United States
Debug artifacts
RegSvcs.pdb
CompanyName
Microsoft Corporation
FileDescription
Microsoft .NET Services Installation Utility
FileVersion
2.0.50727.5483 (Win7SP1GDR.050727-5400)
InternalName
RegSvcs.exe
LegalCopyright
© Microsoft Corporation. All rights reserved.
OriginalFilename
RegSvcs.exe
ProductName
Microsoft® .NET Framework
ProductVersion
2.0.50727.5483
Comments
Flavor=Retail
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ 8.0
.NET executable -> Microsoft
Safe
VirusTotal score: 0/73 (Scanned on 2020-01-03 23:53:04)
All the AVs think this file is safe.
MD5
72a9f09010a89860456c6474e2e6d25c
SHA1
e4cb506146f60d01ea9e6132020def61974a88c3
SHA256
7299eb6e11c8704e7cb18f57879550cdd88ef7b2ae8cba031b795bc5d92ce8e3
SHA3
1946bed5984889fba5ca64d9d1e3f62fa9485d05607c162ff72d68661b03d25d
SSDeep
384:DOj9Y8/gS7SDriLGKq1MHR534Jg6ihJSxUCR1rgCPKabK2t0X5P7DZ+JgySW7Xx:D+gSAdN1MH3IJFRJngyX
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2014-Feb-27 09:24:17
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
Magic
PE32
LinkerVersion
8.0
SizeOfCode
0x5000
SizeOfInitializedData
0x2000
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00006BDE (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x8000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x1000
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0xc000
SizeOfHeaders
0x1000
Checksum
0x15893
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
d5ef3d14ecce6348979a74f85eddfbbf
SHA1
25479f30830b64c558770d66dbe760d219480dc3
SHA256
dcc2cdae19f74c0ba0b61029371f75c84bf2311052b1bfc86b7b07bf8c777dd1
SHA3
8f9f3d8bdad5d33b62aedde51f3a8076cc242de8f7aad696667311ad340644dc
VirtualSize
0x4be4
VirtualAddress
0x2000
SizeOfRawData
0x5000
PointerToRawData
0x1000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
5.05324
MD5
59cc94b385fb62009617a30e0c5b536b
SHA1
7ced8fda096525fe54880a1b705495150193a433
SHA256
0fb4f90c8b720f7398215fd705850156c8e03e3aa2449357f3a6234b6a32a228
SHA3
7f545ff184776eb62e4f5982f2dbcba62a4db6e0bbe42607d29c91f02e004832
VirtualSize
0x608
VirtualAddress
0x8000
SizeOfRawData
0x1000
PointerToRawData
0x6000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
1.90485
MD5
63a291abc9be8a60af54db95a0f819e2
SHA1
4c5cffa98b523812db0f16ba68a14625e1a2f3ab
SHA256
b88a322421dcc9759e63e057e364843b80b121a6e81e2c8831623f9111850b65
SHA3
3054afb5a6f5f725578c9d1fa1127d3894f61f6b20844f1bbe5de5ff94565bd4
VirtualSize
0xc
VirtualAddress
0xa000
SizeOfRawData
0x1000
PointerToRawData
0x7000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0131269
Type
RT_VERSION
Language
English - United States
Codepage
UNKNOWN
Size
0x3e4
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.55255
MD5
e80c71fcdf91dc38d6e8a12a56edc0dd
SHA1
1d56947caa4bf47f3e229408472eac25fee3502b
SHA256
34e5413343411517baa5c916ac1d60521041e092c4814d199e1686c199f095ed
SHA3
395f1dc3909aeedb8f5853e7dbb32242bf31f532117dad0ec31a1919ee4f6caa
Type
RT_MANIFEST
Language
English - United States
Codepage
UNKNOWN
Size
0x17f
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.31652
MD5
05e2bf31ed6c369e0cbe6dabeadd04e7
SHA1
ad1da6ec51c35374f2e9b45dc699cd53a3b8a75d
SHA256
8cbda19778c7193d2d2793c38096e4ea6590842b4493703e4c7e18934d457172
SHA3
49e7ad3ece09b664546e4796adc6c70501330053d66a754c88378aa30f7203af
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
2.0.50727.5483
ProductVersion
2.0.50727.5483
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
English - United States
CompanyName
Microsoft Corporation
FileDescription
Microsoft .NET Services Installation Utility
FileVersion (#2)
2.0.50727.5483 (Win7SP1GDR.050727-5400)
InternalName
RegSvcs.exe
LegalCopyright
© Microsoft Corporation. All rights reserved.
OriginalFilename
RegSvcs.exe
ProductName
Microsoft® .NET Framework
ProductVersion (#2)
2.0.50727.5483
Comments
Flavor=Retail
Resource LangID
English - United States
Characteristics
0
TimeDateStamp
2014-Feb-27 09:24:17
Version
0.0
SizeofData
36
AddressOfRawData
0x6b3c
PointerToRawData
0x5b3c
Referenced File
RegSvcs.pdb