×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2012-Feb-23 05:41:05
Debug artifacts
C:\SanctionedMedia\Svy\SanctionedMedia\Smad\obj\Release\Smad.pdb
CompanyName
PCProtect
FileDescription
RecSave
FileVersion
5.0.0.0
InternalName
Smad.exe
LegalCopyright
OriginalFilename
Smad.exe
ProductName
MyPCProtect
ProductVersion
5.0.0.0
Assembly Version
5.0.0.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious
Strings found in the binary may indicate undesirable behavior:
May have dropper capabilities:
Suspicious
The file contains overlay data.
221696 bytes of data starting at offset 0xba00.
The overlay data has an entropy of 7.99917 and is possibly compressed or encrypted.
Overlay data amounts for 82.3194% of the executable.
Suspicious
No VirusTotal score.
This file has never been scanned on VirusTotal.
MD5
830a210026a9c47da75ca0cc460d491d
SHA1
771b53cb41aae55b9aa17e69985a785edff84bdd
SHA256
b40c269a7321fc136772ff1e473146554587166c39adfef0b89b4f154c51e232
SHA3
54d00c483d0b0dd43bcc26c2d995663a71e0926c421477345e8f2cfec84c0acd
SSDeep
6144:A0lV/QafLKMRnBtTwtcDDZFDZdpcQXZ7HRK9L1Z9fv4:A0DIaTKMpBtIiF/pfXS9H9fQ
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2012-Feb-23 05:41:05
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
8.0
SizeOfCode
0xa800
SizeOfInitializedData
0x1000
SizeOfUninitializedData
0
AddressOfEntryPoint
0x0000C64E (Section: .text)
BaseOfCode
0x2000
BaseOfData
0xe000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x12000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
03b9f57d935df58873b10095356c35fb
SHA1
b384ef8ae8af2cb8675bd91003150a08760550cc
SHA256
443270a42069b8709dc0890675b5d50f21643a553b0e988ad5d2756fa13e1662
SHA3
2d50f745edfc28a5a0c69cce2a3d9844ddbaddb6cc47db3d1624bde87e25a4c4
VirtualSize
0xa664
VirtualAddress
0x2000
SizeOfRawData
0xa800
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
5.60763
MD5
b2c994ba858df6470dff6ef80cee723f
SHA1
d760bb921fdf40b467dced751b6675fbe0c8164e
SHA256
5280c0739de49c250103ecaa2c2539537b18285ae9cde61216bcec373348ff23
SHA3
5b904bcf0b62cf14b555e65d16fbd000c3e2d7c5cc115ae1917a62d8d9830f2d
VirtualSize
0xd20
VirtualAddress
0xe000
SizeOfRawData
0xe00
PointerToRawData
0xaa00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
4.82434
MD5
591071dcbd12d37e26b8bd6738c72a52
SHA1
336cbab7b4426b08e68a6785d760e5c37cd7f99f
SHA256
eedee62120b2ac1590e31f54d970ed2bd19606b09b2b4c4512d987b8e5d37ced
SHA3
e3477b4da9c1c74d948d778137ae433780e5e6cbe9e40971fd456999aed4dbe3
VirtualSize
0xc
VirtualAddress
0x10000
SizeOfRawData
0x200
PointerToRawData
0xb800
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0815394
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x2b4
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.25888
MD5
0a6b26236b39461aa9e409f09cd14182
SHA1
c7bd6b51bfc8553ff3724e1c6303f18ab4ba164f
SHA256
f4b23206363218dd4446d463027d5d971b1819380b099b09715bf8c2299729d8
SHA3
05679bafcbbdc406dee9b9d138e18d8dd155589a166b6c22d7326f504ea4a111
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x9c6
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.95036
MD5
425f59302dfe9292fface0020c1bcb09
SHA1
a4cc75d23701872ae70a131b4fa1c2a46034f8d9
SHA256
921da12fe860f7a89309a4170bd6c95f56241f68d30cd3aaca6c47e4b5ef690d
SHA3
5dcad46bf92159eb85860bb80c2313f514cf4abf1ab6c5a97665e7e567df46f9
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
5.0.0.0
ProductVersion
5.0.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
CompanyName
PCProtect
FileDescription
RecSave
FileVersion (#2)
5.0.0.0
InternalName
Smad.exe
LegalCopyright
OriginalFilename
Smad.exe
ProductName
MyPCProtect
ProductVersion (#2)
5.0.0.0
Assembly Version
5.0.0.0
Characteristics
0
TimeDateStamp
2012-Feb-23 05:41:05
Version
0.0
SizeofData
89
AddressOfRawData
0xc5a4
PointerToRawData
0xa7a4
Referenced File
C:\SanctionedMedia\Svy\SanctionedMedia\Smad\obj\Release\Smad.pdb