830a210026a9c47da75ca0cc460d491d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Feb-23 05:41:05
Debug artifacts C:\SanctionedMedia\Svy\SanctionedMedia\Smad\obj\Release\Smad.pdb
CompanyName PCProtect
FileDescription RecSave
FileVersion 5.0.0.0
InternalName Smad.exe
LegalCopyright
OriginalFilename Smad.exe
ProductName MyPCProtect
ProductVersion 5.0.0.0
Assembly Version 5.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
Suspicious The file contains overlay data. 221696 bytes of data starting at offset 0xba00.
The overlay data has an entropy of 7.99917 and is possibly compressed or encrypted.
Overlay data amounts for 82.3194% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 830a210026a9c47da75ca0cc460d491d
SHA1 771b53cb41aae55b9aa17e69985a785edff84bdd
SHA256 b40c269a7321fc136772ff1e473146554587166c39adfef0b89b4f154c51e232
SHA3 54d00c483d0b0dd43bcc26c2d995663a71e0926c421477345e8f2cfec84c0acd
SSDeep 6144:A0lV/QafLKMRnBtTwtcDDZFDZdpcQXZ7HRK9L1Z9fv4:A0DIaTKMpBtIiF/pfXS9H9fQ
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2012-Feb-23 05:41:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0xa800
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000C64E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0xe000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x12000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 03b9f57d935df58873b10095356c35fb
SHA1 b384ef8ae8af2cb8675bd91003150a08760550cc
SHA256 443270a42069b8709dc0890675b5d50f21643a553b0e988ad5d2756fa13e1662
SHA3 2d50f745edfc28a5a0c69cce2a3d9844ddbaddb6cc47db3d1624bde87e25a4c4
VirtualSize 0xa664
VirtualAddress 0x2000
SizeOfRawData 0xa800
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.60763

.rsrc

MD5 b2c994ba858df6470dff6ef80cee723f
SHA1 d760bb921fdf40b467dced751b6675fbe0c8164e
SHA256 5280c0739de49c250103ecaa2c2539537b18285ae9cde61216bcec373348ff23
SHA3 5b904bcf0b62cf14b555e65d16fbd000c3e2d7c5cc115ae1917a62d8d9830f2d
VirtualSize 0xd20
VirtualAddress 0xe000
SizeOfRawData 0xe00
PointerToRawData 0xaa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.82434

.reloc

MD5 591071dcbd12d37e26b8bd6738c72a52
SHA1 336cbab7b4426b08e68a6785d760e5c37cd7f99f
SHA256 eedee62120b2ac1590e31f54d970ed2bd19606b09b2b4c4512d987b8e5d37ced
SHA3 e3477b4da9c1c74d948d778137ae433780e5e6cbe9e40971fd456999aed4dbe3
VirtualSize 0xc
VirtualAddress 0x10000
SizeOfRawData 0x200
PointerToRawData 0xb800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x2b4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25888
MD5 0a6b26236b39461aa9e409f09cd14182
SHA1 c7bd6b51bfc8553ff3724e1c6303f18ab4ba164f
SHA256 f4b23206363218dd4446d463027d5d971b1819380b099b09715bf8c2299729d8
SHA3 05679bafcbbdc406dee9b9d138e18d8dd155589a166b6c22d7326f504ea4a111

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x9c6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.95036
MD5 425f59302dfe9292fface0020c1bcb09
SHA1 a4cc75d23701872ae70a131b4fa1c2a46034f8d9
SHA256 921da12fe860f7a89309a4170bd6c95f56241f68d30cd3aaca6c47e4b5ef690d
SHA3 5dcad46bf92159eb85860bb80c2313f514cf4abf1ab6c5a97665e7e567df46f9

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.0.0.0
ProductVersion 5.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName PCProtect
FileDescription RecSave
FileVersion (#2) 5.0.0.0
InternalName Smad.exe
LegalCopyright
OriginalFilename Smad.exe
ProductName MyPCProtect
ProductVersion (#2) 5.0.0.0
Assembly Version 5.0.0.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2012-Feb-23 05:41:05
Version 0.0
SizeofData 89
AddressOfRawData 0xc5a4
PointerToRawData 0xa7a4
Referenced File C:\SanctionedMedia\Svy\SanctionedMedia\Smad\obj\Release\Smad.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->