Manalyze report for 74f3653df24db41cf9072b0af64976e9

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-May-30 13:25:24
Debug artifacts	c:\BuildAgent\work\release\adguard\build\obj\Release\AdguardSvc\AdguardSvc.pdb
Comments	AdGuard for Windows
CompanyName	Adguard Software Ltd
FileDescription	AdGuard for Windows
FileVersion	`7.0.2693.6661`
InternalName	AdguardSvc.exe
LegalCopyright	Copyright © Adguard Software Ltd 2009-2019
LegalTrademarks	Copyright © Adguard Software Ltd 2019
OriginalFilename	AdguardSvc.exe
ProductName	AdGuard for Windows
ProductVersion	`7.0.2693.6661`
Assembly Version	7.0.2693.6661

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	The PE is possibly a dropper.	`Resources amount for 81.1305% of the executable.`
Info	The PE is digitally signed.	`Signer: Adguard Software Limited` `Issuer: DigiCert High Assurance Code Signing CA-1`
Safe	VirusTotal score: 0/72 (Scanned on 2019-06-14 08:18:46)	`All the AVs think this file is safe.`

Hashes

MD5	`74f3653df24db41cf9072b0af64976e9`
SHA1	`f553e276648574df23b68aa158d5b00bccb15850`
SHA256	`16d2d7255b72d39a3f874d6a6d26d7cc7d9e95041502df0278c2ff85094282ea`
SHA3	`57527dedb6b948c61268befdce836aeb848abbe85d7c96d360c350cc8fbaa5c7`
SSDeep	`768:6opOZA/bHoiSudEpC6MFaL734FGxJX/A1Kg/mEp6Kgu:6opbUiSuqpC6Ia/344xJX/A1Fsc`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-May-30 13:25:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x2200`
SizeOfInitializedData	`0x1b400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000416E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x24000`
SizeOfHeaders	`0x200`
Checksum	`0x2c82b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2790264bb9753bfa92598b4202503656`
SHA1	`4698f8d5e0149d2c33435b565e3770299fa62a0d`
SHA256	`206fadcba44641ef4285a7b9b16313b13327bc74c238fdbcc584ddea29f2ee90`
SHA3	`7b4d5b8b1b76208cc03d253c8b24e1aa1790163b952e2c2f3899f1d25ccfdda6`
VirtualSize	`0x2174`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.27688`

.rsrc

MD5	`5075ac489cf4a9a6fb7cd63dc092724c`
SHA1	`eef1d5afe8141c204a848dca655028f668c4df5b`
SHA256	`4ef5c1f876d2ac6aac3c7aa437f0472c3371b5139197fe5293e42145c3ce0a9b`
SHA3	`edfb255dfbdbb8a692b63dec10c7213c1f176484d9d4906ffa29ca10c3b8f1bb`
VirtualSize	`0x1b150`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1b200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.00424`

.reloc

MD5	`8c71c94cab8b02e092f9c54a3d373082`
SHA1	`7c747a63bf094e45c5e528e2e3375c0b6a3c0106`
SHA256	`2fefe790a360efa439b306f83f78b02c9e872a746462bb11d8e55eabd97550d6`
SHA3	`6b752a42ee0b947ee81c9c2c61e28de7590e1ded28dcbb01afdb8a4f6eb38a05`
VirtualSize	`0xc`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75679`
MD5	`6f512361f557b33b20f2ad815bf4db00`
SHA1	`5f1e6bbdc8110365097731ce9c257a7ba5cdde66`
SHA256	`9cfcf08262a0b17bcc0d8136e64af7af5d67bf066e5f5d67c4a19512723f0332`
SHA3	`e0ab562dbd6414bbc5383009e500e5f89e514639608937e892fb617677d01bcb`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05081`
MD5	`68c23fa3e02127f6541ad7bc80b66f6f`
SHA1	`407167a8f240568a852e002e8fc2eddf2f0baca9`
SHA256	`2df7481360d4c917a86e3f0d406b8e93399d1b8166076b61a5f94e55c0bfb768`
SHA3	`428909baa262acf15182ce974f65b7edb257654c3bb759d1d127f896564a53c5`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70033`
MD5	`2eb9f238c9899a5e654e0b2ed73b7e4c`
SHA1	`fc8fed921c61ff6020e4e5f95386235360b59858`
SHA256	`633602864ee514871ebc63890988c9080ca7565cb98399f6bcb2962c0fc72343`
SHA3	`9f92c2adf320f22690c7a7fb24e77ec40d153e32b659d68814e1e5e721241c88`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49937`
MD5	`163f233c7fcebac42e6e90aa7dfc9e66`
SHA1	`321b38ecab56f62e2e325e2537085787b6dc58cf`
SHA256	`efdf9b64b9283477d746d74567331fb65a47db8103f1397747478f29fcef6f4b`
SHA3	`fc00da849c6935f6dbb23f00807c539cda0bb576017d48c1d353c8dcfaf1ae41`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11626`
MD5	`54ce2fe6b524bf763e14e8a2c1cb7cc2`
SHA1	`fb6ebd6a1b795d8d1b13fc396a09aaf9f5cadd24`
SHA256	`31743b32fd41c644bee03155e6fb6c03b2daa15fb03cce342af748243b407c98`
SHA3	`b336d13cf8d63397212dec4a8327ef2cb9f1bd4ae0d6ad1d0c8d4835990083c8`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22ba`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91805`
Detected Filetype	PNG graphic file
MD5	`6a896a56b0274204afe134291590111f`
SHA1	`773f21945565b34badb061884007cfef4a6a6538`
SHA256	`22fe32cf792ebf6908b95df722eb92559ae90c00c3199084cdac6351ebe2c26e`
SHA3	`eab02ec825936e5e8b56ee2da4129ce4929621e4f3608672da1495259dbe4152`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8494`
Detected Filetype	Icon file
MD5	`46b27dd7230607aa5aaead1ac5d587d5`
SHA1	`a4079d1307d06ee8e7c8be42d22f9d577ba62945`
SHA256	`72206799e4ed7d00278435050bb9d94962508109f32bdd39a7ee5872247d1202`
SHA3	`63c4d3436dd31cbc8b19c4f0d7512f92dbceebf38c99bcd663c79caaf3d772ac`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x438`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53352`
MD5	`cf62f47008dcf45e118329cb8746e8fa`
SHA1	`2d346626db13ed8872f2e1c967c656403d1845ce`
SHA256	`d4e18531313090accf0b9f10d5186f56ad31c62f7e7610207b53ea59d0b941aa`
SHA3	`6bde206a0d99d62830991cd335ce303f5c81ecf7957cdd325458f3720a39172d`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16009`
MD5	`8fa487aab58e3aa88887682218f3ffa0`
SHA1	`7bd9844471d9c40525368a14ad4c4a5dedea7fdc`
SHA256	`87443c114d52b44d2366320f714dc49688f27adedb4803e0970904ce5d9d0fbe`
SHA3	`7f9213b09f46f465a4f496338af28b596a2f6ba0a9b676a673984ae7b7755a44`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	7.0.2693.6661
ProductVersion	7.0.2693.6661
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	AdGuard for Windows
CompanyName	Adguard Software Ltd
FileDescription	AdGuard for Windows
FileVersion (#2)	7.0.2693.6661
InternalName	AdguardSvc.exe
LegalCopyright	Copyright © Adguard Software Ltd 2009-2019
LegalTrademarks	Copyright © Adguard Software Ltd 2019
OriginalFilename	AdguardSvc.exe
ProductName	AdGuard for Windows
ProductVersion (#2)	7.0.2693.6661
Assembly Version	7.0.2693.6661

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-May-30 13:25:24
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x4000`
PointerToRawData	`0x2200`
Referenced File	c:\BuildAgent\work\release\adguard\build\obj\Release\AdguardSvc\AdguardSvc.pdb

TLS Callbacks

Load Configuration

RICH Header

74f3653df24db41cf9072b0af64976e9

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

2

3

4

5

6

7

32512

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors