Manalyze report for 866b519bf952f8b11d18be1a898d9219

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-May-30 11:52:10
Debug artifacts	C:\Users\Andrei Streltsov\code\unslave\src\UnslaveConsole\bin\Debug\unslave.pdb
Comments	Modbus RTU / Modbus TCP Slave Emulator
CompanyName	Intellation Ltd.
FileDescription	Unslave
FileVersion	`3.0.6`
InternalName	UnslaveConsole.exe
LegalCopyright	Copyright © Intellation Ltd. 2017
OriginalFilename	UnslaveConsole.exe
ProductName	Unslave
ProductVersion	`3.0.6`
Assembly Version	3.0.6.0

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: http://james.newtonking.com http://james.newtonking.com/projects/json http://nlog-project.org http://schemas.xmlsoap.org http://schemas.xmlsoap.org/soap/envelope/ http://www.newtonsoft.com http://www.newtonsoft.com/jsonschema http://www.w3.org http://www.w3.org/2000/xmlns/ http://www.w3.org/2003/05/soap-envelope https://www.nuget.org https://www.nuget.org/packages/Newtonsoft.Json.Bson james.newtonking.com newtonking.com newtonsoft.com nlog-project.org nuget.org project.org schemas.xmlsoap.org system.net www.newtonsoft.com www.nuget.org www.w3.org xmlsoap.org
Info	The PE is digitally signed.	`Signer: Intellation Ltd.` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Safe	VirusTotal score: 0/73 (Scanned on 2020-04-20 23:30:01)	`All the AVs think this file is safe.`

Hashes

MD5	`866b519bf952f8b11d18be1a898d9219`
SHA1	`5ba4a870107be6b51567810471e5e0e53f0ab475`
SHA256	`0aef34c45b70d6aae44acbe2319ce71f31420521d49789e8e5ab92399bae91a0`
SHA3	`817f7d003c72d33e872e17d73d8ce0ebbf6667af1a11439880f2fe362819dd55`
SSDeep	`24576:m4D2Ue3ma5iQF4mmnnxILXaCUsQ4Gq89teK7IYdzXdKvd/F:m4ikeGq89teOh4lN`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-May-30 11:52:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x145600`
SizeOfInitializedData	`0xa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00147516 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x148000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x14c000`
SizeOfHeaders	`0x200`
Checksum	`0x14d65f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`80b0b4026b1c5eff6c98dddf557a5e8b`
SHA1	`26d0cbad4f1194f6bc871ca2859157fd65a6e091`
SHA256	`2ba146098e231b18c3a5f48342e8de7657aa1781782473c011283f4737b67113`
SHA3	`37611fe28e5a63706f1a0eb7de98da5062437af7ba9de8c7a61957ffa7daf8ef`
VirtualSize	`0x1455b0`
VirtualAddress	`0x2000`
SizeOfRawData	`0x145600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.73267`

.rsrc

MD5	`fe93f86b3a8b7bc25ae5f9ffc77941b7`
SHA1	`c9435e132cb662d6daa55ad15778456a53b80b38`
SHA256	`ffcd5dae537b7e3efa2b54caf6e057efa70ff7d9224147d5a0c209329e8802c1`
SHA3	`93c8c7d98207d361cd46a3a389e47fe8ea158a11f54bf522c7add0422befe6a0`
VirtualSize	`0x60e`
VirtualAddress	`0x148000`
SizeOfRawData	`0x800`
PointerToRawData	`0x145800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.46852`

.reloc

MD5	`82815baccf793b5719bd2961beed6396`
SHA1	`bf1c611587b4948f17b080c93db2d2b8a2165963`
SHA256	`6b1d8a1ad24ee874aa9ea32a0ca93c6326bb5d08dd7e19ff59b3e611f0ebb471`
SHA3	`fa160558c7c15c583d109bf8a3920af360441e8b80f357cedea9d64110d6347a`
VirtualSize	`0xc`
VirtualAddress	`0x14a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x146000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x384`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38346`
MD5	`e23240fe624dffee0d0d8d6ecae4a478`
SHA1	`d1c55c0f5be8c2b2cd8084e7ab22bdf23732be7d`
SHA256	`b8ef8440aa80b4fa0a4fea7568bf164d79c3ca48416a4467b5155d6f490a534f`
SHA3	`94fe64e3315b27f91fcde816137d881cbeaf207a6ca7d5630cb8dc247c6c7067`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.6.0
ProductVersion	3.0.6.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Modbus RTU / Modbus TCP Slave Emulator
CompanyName	Intellation Ltd.
FileDescription	Unslave
FileVersion (#2)	3.0.6
InternalName	UnslaveConsole.exe
LegalCopyright	Copyright © Intellation Ltd. 2017
OriginalFilename	UnslaveConsole.exe
ProductName	Unslave
ProductVersion (#2)	3.0.6
Assembly Version	3.0.6.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-May-30 11:52:10
Version	`0.0`
SizeofData	`104`
AddressOfRawData	`0x147548`
PointerToRawData	`0x145748`
Referenced File	C:\Users\Andrei Streltsov\code\unslave\src\UnslaveConsole\bin\Debug\unslave.pdb

TLS Callbacks

Load Configuration

RICH Header

866b519bf952f8b11d18be1a898d9219

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors