×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date
2019-May-30 11:52:10
Debug artifacts
C:\Users\Andrei Streltsov\code\unslave\src\UnslaveConsole\bin\Debug\unslave.pdb
Comments
Modbus RTU / Modbus TCP Slave Emulator
CompanyName
Intellation Ltd.
FileDescription
Unslave
FileVersion
3.0.6
InternalName
UnslaveConsole.exe
LegalCopyright
Copyright © Intellation Ltd. 2017
OriginalFilename
UnslaveConsole.exe
ProductName
Unslave
ProductVersion
3.0.6
Assembly Version
3.0.6.0
Info
Interesting strings found in the binary:
Contains domain names:
http://james.newtonking.com
http://james.newtonking.com/projects/json
http://nlog-project.org
http://schemas.xmlsoap.org
http://schemas.xmlsoap.org/soap/envelope/
http://www.newtonsoft.com
http://www.newtonsoft.com/jsonschema
http://www.w3.org
http://www.w3.org/2000/xmlns/
http://www.w3.org/2003/05/soap-envelope
https://www.nuget.org
https://www.nuget.org/packages/Newtonsoft.Json.Bson
james.newtonking.com
newtonking.com
newtonsoft.com
nlog-project.org
nuget.org
project.org
schemas.xmlsoap.org
system.net
www.newtonsoft.com
www.nuget.org
www.w3.org
xmlsoap.org
Info
The PE is digitally signed.
Signer: Intellation Ltd.
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Safe
VirusTotal score: 0/73 (Scanned on 2020-04-20 23:30:01)
All the AVs think this file is safe.
MD5
866b519bf952f8b11d18be1a898d9219
SHA1
5ba4a870107be6b51567810471e5e0e53f0ab475
SHA256
0aef34c45b70d6aae44acbe2319ce71f31420521d49789e8e5ab92399bae91a0
SHA3
817f7d003c72d33e872e17d73d8ce0ebbf6667af1a11439880f2fe362819dd55
SSDeep
24576:m4D2Ue3ma5iQF4mmnnxILXaCUsQ4Gq89teK7IYdzXdKvd/F:m4ikeGq89teOh4lN
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2019-May-30 11:52:10
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
8.0
SizeOfCode
0x145600
SizeOfInitializedData
0xa00
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00147516 (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x148000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x14c000
SizeOfHeaders
0x200
Checksum
0x14d65f
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
80b0b4026b1c5eff6c98dddf557a5e8b
SHA1
26d0cbad4f1194f6bc871ca2859157fd65a6e091
SHA256
2ba146098e231b18c3a5f48342e8de7657aa1781782473c011283f4737b67113
SHA3
37611fe28e5a63706f1a0eb7de98da5062437af7ba9de8c7a61957ffa7daf8ef
VirtualSize
0x1455b0
VirtualAddress
0x2000
SizeOfRawData
0x145600
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
5.73267
MD5
fe93f86b3a8b7bc25ae5f9ffc77941b7
SHA1
c9435e132cb662d6daa55ad15778456a53b80b38
SHA256
ffcd5dae537b7e3efa2b54caf6e057efa70ff7d9224147d5a0c209329e8802c1
SHA3
93c8c7d98207d361cd46a3a389e47fe8ea158a11f54bf522c7add0422befe6a0
VirtualSize
0x60e
VirtualAddress
0x148000
SizeOfRawData
0x800
PointerToRawData
0x145800
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
3.46852
MD5
82815baccf793b5719bd2961beed6396
SHA1
bf1c611587b4948f17b080c93db2d2b8a2165963
SHA256
6b1d8a1ad24ee874aa9ea32a0ca93c6326bb5d08dd7e19ff59b3e611f0ebb471
SHA3
fa160558c7c15c583d109bf8a3920af360441e8b80f357cedea9d64110d6347a
VirtualSize
0xc
VirtualAddress
0x14a000
SizeOfRawData
0x200
PointerToRawData
0x146000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x384
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.38346
MD5
e23240fe624dffee0d0d8d6ecae4a478
SHA1
d1c55c0f5be8c2b2cd8084e7ab22bdf23732be7d
SHA256
b8ef8440aa80b4fa0a4fea7568bf164d79c3ca48416a4467b5155d6f490a534f
SHA3
94fe64e3315b27f91fcde816137d881cbeaf207a6ca7d5630cb8dc247c6c7067
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1
879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256
c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3
93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
3.0.6.0
ProductVersion
3.0.6.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
Modbus RTU / Modbus TCP Slave Emulator
CompanyName
Intellation Ltd.
FileDescription
Unslave
FileVersion (#2)
3.0.6
InternalName
UnslaveConsole.exe
LegalCopyright
Copyright © Intellation Ltd. 2017
OriginalFilename
UnslaveConsole.exe
ProductName
Unslave
ProductVersion (#2)
3.0.6
Assembly Version
3.0.6.0
Characteristics
0
TimeDateStamp
2019-May-30 11:52:10
Version
0.0
SizeofData
104
AddressOfRawData
0x147548
PointerToRawData
0x145748
Referenced File
C:\Users\Andrei Streltsov\code\unslave\src\UnslaveConsole\bin\Debug\unslave.pdb