Manalyze report for 7bcbedf00279f1c005e0e9155ce510443c75de88f28140b5f2e88fb6d551ff3a

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2013-Apr-23 09:47:55
Comments	ShellCode Encoder - Uses ROR In Encryption
CompanyName	Dev-Point
FileDescription	ShellCode Encoder
FileVersion	`1.0.0.0`
InternalName	Shellcode Encoder Coded By Simon-Benyo.exe
LegalCopyright	Copyright Simon-Benyo Â© 2013
OriginalFilename	Shellcode Encoder Coded By Simon-Benyo.exe
ProductName	ShellCode Encoder - Uses ROR In Encryption
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`97140e65f8d7c9847d74614686aae228`
SHA1	`ac81416bd353e741cffdf54c0859f0a593da2db2`
SHA256	`7bcbedf00279f1c005e0e9155ce510443c75de88f28140b5f2e88fb6d551ff3a`
SHA3	`f54716c5979b76d32c6c48eb33b95b467568b3444da3745936973fa24473ef97`
SSDeep	`192:gS04rOYae8X8nQrORQsl4VTZVKnlYJLkNI7gjLTSLUen83yuhZZUKUW5UVQRszY:gS0IjQrOmS4btUhLTLd7JCzYcHeUZ`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2013-Apr-23 09:47:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x2200`
SizeOfInitializedData	`0x1e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000041CE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5b58a8369adf4d4f98d2850d86430250`
SHA1	`6463fe0f17c26bfba97ba9908efb2997dedc0a4f`
SHA256	`70da5b05368337a751c80371ed57494f4a73eb4e3f557721d6bc3e2c59bcc3f9`
SHA3	`4694bea413d6e58b7756e6078d94557cfcc91ec16c954c1a02b4b878116c7be8`
VirtualSize	`0x21d4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.64235`

.rsrc

MD5	`6d64886777adf0af0bf6246301cbb9b7`
SHA1	`e72fee6ad1c95cca3c4da7b0ff6b6bfd94ff0ae7`
SHA256	`4cc9b97e423329864e46a037b269c781ad6c112d926a0242e28993521c1075ad`
SHA3	`9ecde51d8d4721a6b2cfb2eee40b3886d715aed7cd23a915caeda0c5834b79ca`
VirtualSize	`0x1b58`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.43947`

.reloc

MD5	`7c042d7fe320e8be00c9cda81d82f8ed`
SHA1	`92709b937a3d7529467368784a71ca6b4e2b717f`
SHA256	`a8d6fe8b9e487423273c2cb3849512b20993fc8040990aa81f468b04e8376051`
SHA3	`9eea1f5e6e5b34e85fc66a6daba80e804423b8991c64210191ac92904a4c911a`
VirtualSize	`0xc`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0843`
MD5	`105b81bd721715275df5b229be68f074`
SHA1	`d9f82fd4974afb06297b803c70381d79bed90f9a`
SHA256	`478fe62e420007abb1a697a24cb1b80ced0a8e0a335d6ce68606efe71c4afaa2`
SHA3	`c5cffeaf58994264ee32c847cfe8575d3d360caa128613a4d47c99a2a49f8375`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.04772`
MD5	`f3018f2b932e0949bf386acd81aea508`
SHA1	`2515ef70721a15a20410f44b2c6fd724b7a2e07f`
SHA256	`abdc6eaa0ea69a1c506edf070a07fb12071453e08ecf3c6e35f1397d3422051f`
SHA3	`a7a18654c47f77448da7853d9a7d7fb4eee42c9e0cd6fde09467d6ef9e556e2a`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76148`
MD5	`52b71dd210ac5cf0fe97a3f9ba9a3896`
SHA1	`ed8632d87b02c7ab7dceb17bac85c8d23982f82b`
SHA256	`dc2a1f63c0882b33321345f27c07ef9f8bdb87aa687f075a474be430a1135982`
SHA3	`1852ad0a2b764cd65724857c1d8b61ca8a44398ac0b545e65747de83c84d9780`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45881`
Detected Filetype	Icon file
MD5	`2de9d6a59ecdf12b8923e19dbdd3d1fe`
SHA1	`75531d0e74a75ab49e1a787d229b8c6f5c4da5ae`
SHA256	`2f7fef35f016f3cc1f40a39d1dd656c33ca31f990482a3bb64d140aa08ef0a19`
SHA3	`d5fb9d8e7829a1f3f6d6fcdc1d5e1f3adccf134fc682632e4c1a6a1736bcb73b`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x438`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35137`
MD5	`99564e39d8fedc593dc509a232a6823d`
SHA1	`78a64b03a6499bf1ff7ecce74d546a968e72ab66`
SHA256	`50d9c3e258b701ca9b739bad1febb334e20b8495c5bb664c4f5e4f5540deae34`
SHA3	`f7048da062445550cbe5511ba36b1dae9aea84f2d4342d3a13422bf2d3790181`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xa65`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01726`
MD5	`188355c8906f3ea46e3c410c170db241`
SHA1	`0c4f5568c7c8533da060e5b590c9b2d9184b0e6f`
SHA256	`4390603f814d79b38624fbcaffbe74eefd7a3a04b690a330a1aae7104cace3de`
SHA3	`0ed2c60bd1c4cf65c6b1e0aa434096420aec65fb4b7c8b01904ee596775eb965`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	ShellCode Encoder - Uses ROR In Encryption
CompanyName	Dev-Point
FileDescription	ShellCode Encoder
FileVersion (#2)	1.0.0.0
InternalName	Shellcode Encoder Coded By Simon-Benyo.exe
LegalCopyright	Copyright Simon-Benyo Â© 2013
OriginalFilename	Shellcode Encoder Coded By Simon-Benyo.exe
ProductName	ShellCode Encoder - Uses ROR In Encryption
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.