Manalyze report for 7d9a6307e6b8a9f8b24ad99cd0e3ae6b

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Sep-18 16:02:41
Debug artifacts	C:\SBODev\rou_coremodeladdon\SBO AddOn Setups\SBOAddOnSetupx64\obj\x86\Release\SBOAddOnSetupx64.pdb
CompanyName	Viseo
FileDescription	SBOAddOnSetupx64
FileVersion	`1.0.0.0`
InternalName	SBOAddOnSetupx64.exe
LegalCopyright	Copyright © Viseo 2014
OriginalFilename	SBOAddOnSetupx64.exe
ProductName	SBOAddOnSetupx64
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: crl.microsoft.com go.microsoft.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T http://crl.microsoft.com/pki/crl/products/tspca.crl0H http://go.microsoft.com http://go.microsoft.com/fwlink/?LinkId http://microsoft.com0 http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/CSPCA.crt0 http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 http://www.microsoft.com/pki/certs/tspca.crt0 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.microsoft.com0 microsoft.com www.microsoft.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512`
Suspicious		`Unusual section name found: .sdata`
Malicious	VirusTotal score: 6/71 (Scanned on 2023-09-18 16:12:02)	`Elastic: malicious (moderate confidence)` `Cylance: unsafe` `Symantec: ML.Attribute.HighConfidence` `APEX: Malicious` `MaxSecure: Trojan.Malware.300983.susgen` `Cybereason: malicious.9ba8af`

Hashes

MD5	`7d9a6307e6b8a9f8b24ad99cd0e3ae6b`
SHA1	`90789f99ba8af8126df2df0302b7bf81131d63b2`
SHA256	`feebef3354fef8a38c6a02a0cc632a26a0a62f235f0b23356b71a62b4f83b354`
SHA3	`4fabb69795404778ff944ce72d068243d4a40c4367e7014eaadc7ae95b5ec046`
SSDeep	`49152:1TGP3Nn7BxwucBRxjY84hmrWH19ar7Wo+WjCRZ5IfNFe1enhxjk:EPdn7Bxwud8IPamo+WjCTWfNI1eno`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2023-Sep-18 16:02:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x205000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00206E6E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x208000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x20e000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3f66a080687c1f1a51cac26c71d92b20`
SHA1	`0f1c02059d9045d3cd8a1b27d25db4930f98d795`
SHA256	`4ad31159a4d6957e22ca9da4d2422f1f07cd12aa8882777ba06eb10ace6f0db8`
SHA3	`60f00544174f2a75a7280410c5422828cc98f5c127984f9c596805b9c7dca251`
VirtualSize	`0x204e74`
VirtualAddress	`0x2000`
SizeOfRawData	`0x205000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.67576`

.sdata

MD5	`e6ab8f89e5a4f40a32c1b47d930a0fe3`
SHA1	`5edc4dc55b1eed0a8e1322f98f50519c352e018d`
SHA256	`cde2cbdfac67600fa28b9df4e210c401a8de0d25dc21afd4e8563ee3c14d96ab`
SHA3	`b1137ac02783f63e5e4c114a9bc0e877902fed024e1b6c89da52afd7319f6ce6`
VirtualSize	`0x98`
VirtualAddress	`0x208000`
SizeOfRawData	`0x200`
PointerToRawData	`0x205400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.17766`

.rsrc

MD5	`61e30e66f8389bc1d6b40f153a947696`
SHA1	`c7d26b9c0f3e0e8075b87c72780bfe1946e26cc8`
SHA256	`b58cb23c3d279799ed4233597ac5363a661d508d78ecc23066083ceda8b24687`
SHA3	`15262e295607ad0e72ce49a7ba25eafa59218c2d4d6605d99ed5981e18232f83`
VirtualSize	`0xab0`
VirtualAddress	`0x20a000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x205600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.75579`

.reloc

MD5	`0f071ca420192617470f008425d81166`
SHA1	`b06137b2c28f1b53968e19cde2e88d4c0fdd0772`
SHA256	`c0aab495e893495b6c092adca320a46c831d3044b7549c3ab71baf60a86c73db`
SHA3	`326591bf062582f8c216fd41eb89d854119d208c853c6915bd841425fc5fe2b8`
VirtualSize	`0xc`
VirtualAddress	`0x20c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x206200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71419`
MD5	`d2d15e1e362ef2edda7238e165376112`
SHA1	`c1e5af71c456dc766ad70e1a3abc6c97fda626d7`
SHA256	`7c5a5e79e83118e35690003b7af90edf66caea64b38e03bf65e555c49c3a5b31`
SHA3	`fa458690e3f40a331300e7fea11f1f2d9d24266b84ed5c645b5eb272677670e6`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53612`
MD5	`da1aeaa9a812c0a31fcc6e42e2f8e675`
SHA1	`58edba28c9067b74c7699bd5a12348e5f7c50e49`
SHA256	`bf763501e16f639d5223f88427789665cb0baa9af8877e2e83c65e16016ab8b1`
SHA3	`c12b7a9764a04702f5684387b5fb20a37874203cb2af7b41921d68496146d378`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47702`
Detected Filetype	Icon file
MD5	`29a1f473b6fc0b877ce30be83212f25a`
SHA1	`a66309103e9f7ff118fd964f2cd5ae04bbd4a322`
SHA256	`e5d571d7f26fa57c7e00290d0fa8aef8c1d519983e0aa5ecd75f5d4b41fa4cda`
SHA3	`c3b0b1b14385cdc2d88d02c11aaca33ca55d509d2fe1dce1777c05d32c0e8a30`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33807`
MD5	`31c4ee399c1d6b97124e8dbae93cbe7b`
SHA1	`d9606b9120816e49a45cb5d60c627bdea93a80e3`
SHA256	`f53c38e2460696c28792ef0a7b700f1cd6882367982f38e7ba7c6708e8ea2047`
SHA3	`f6dffe3a118f882d4a21aa5b1dafdb3bba1cb46fe0296885e5f08c024bb723f6`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Viseo
FileDescription	SBOAddOnSetupx64
FileVersion (#2)	1.0.0.0
InternalName	SBOAddOnSetupx64.exe
LegalCopyright	Copyright © Viseo 2014
OriginalFilename	SBOAddOnSetupx64.exe
ProductName	SBOAddOnSetupx64
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Sep-18 16:02:41
Version	`0.0`
SizeofData	`124`
AddressOfRawData	`0x20801c`
PointerToRawData	`0x20541c`
Referenced File	C:\SBODev\rou_coremodeladdon\SBO AddOn Setups\SBOAddOnSetupx64\obj\x86\Release\SBOAddOnSetupx64.pdb

TLS Callbacks

Load Configuration

RICH Header

7d9a6307e6b8a9f8b24ad99cd0e3ae6b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.sdata

.rsrc

.reloc

Imports

Delayed Imports

2

3

32512

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors