866b519bf952f8b11d18be1a898d9219

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2019-May-30 11:52:10
Debug artifacts C:\Users\Andrei Streltsov\code\unslave\src\UnslaveConsole\bin\Debug\unslave.pdb
Comments Modbus RTU / Modbus TCP Slave Emulator
CompanyName Intellation Ltd.
FileDescription Unslave
FileVersion 3.0.6
InternalName UnslaveConsole.exe
LegalCopyright Copyright © Intellation Ltd. 2017
OriginalFilename UnslaveConsole.exe
ProductName Unslave
ProductVersion 3.0.6
Assembly Version 3.0.6.0

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • http://james.newtonking.com
  • http://james.newtonking.com/projects/json
  • http://nlog-project.org
  • http://schemas.xmlsoap.org
  • http://schemas.xmlsoap.org/soap/envelope/
  • http://www.newtonsoft.com
  • http://www.newtonsoft.com/jsonschema
  • http://www.w3.org
  • http://www.w3.org/2000/xmlns/
  • http://www.w3.org/2003/05/soap-envelope
  • https://www.nuget.org
  • https://www.nuget.org/packages/Newtonsoft.Json.Bson
  • james.newtonking.com
  • newtonking.com
  • newtonsoft.com
  • nlog-project.org
  • nuget.org
  • project.org
  • schemas.xmlsoap.org
  • system.net
  • www.newtonsoft.com
  • www.nuget.org
  • www.w3.org
  • xmlsoap.org
Info The PE is digitally signed. Signer: Intellation Ltd.
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Safe VirusTotal score: 0/73 (Scanned on 2020-04-20 23:30:01) All the AVs think this file is safe.

Hashes

MD5 866b519bf952f8b11d18be1a898d9219
SHA1 5ba4a870107be6b51567810471e5e0e53f0ab475
SHA256 0aef34c45b70d6aae44acbe2319ce71f31420521d49789e8e5ab92399bae91a0
SHA3 817f7d003c72d33e872e17d73d8ce0ebbf6667af1a11439880f2fe362819dd55
SSDeep 24576:m4D2Ue3ma5iQF4mmnnxILXaCUsQ4Gq89teK7IYdzXdKvd/F:m4ikeGq89teOh4lN
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2019-May-30 11:52:10
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x145600
SizeOfInitializedData 0xa00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00147516 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x148000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x14c000
SizeOfHeaders 0x200
Checksum 0x14d65f
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 80b0b4026b1c5eff6c98dddf557a5e8b
SHA1 26d0cbad4f1194f6bc871ca2859157fd65a6e091
SHA256 2ba146098e231b18c3a5f48342e8de7657aa1781782473c011283f4737b67113
SHA3 37611fe28e5a63706f1a0eb7de98da5062437af7ba9de8c7a61957ffa7daf8ef
VirtualSize 0x1455b0
VirtualAddress 0x2000
SizeOfRawData 0x145600
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.73267

.rsrc

MD5 fe93f86b3a8b7bc25ae5f9ffc77941b7
SHA1 c9435e132cb662d6daa55ad15778456a53b80b38
SHA256 ffcd5dae537b7e3efa2b54caf6e057efa70ff7d9224147d5a0c209329e8802c1
SHA3 93c8c7d98207d361cd46a3a389e47fe8ea158a11f54bf522c7add0422befe6a0
VirtualSize 0x60e
VirtualAddress 0x148000
SizeOfRawData 0x800
PointerToRawData 0x145800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.46852

.reloc

MD5 82815baccf793b5719bd2961beed6396
SHA1 bf1c611587b4948f17b080c93db2d2b8a2165963
SHA256 6b1d8a1ad24ee874aa9ea32a0ca93c6326bb5d08dd7e19ff59b3e611f0ebb471
SHA3 fa160558c7c15c583d109bf8a3920af360441e8b80f357cedea9d64110d6347a
VirtualSize 0xc
VirtualAddress 0x14a000
SizeOfRawData 0x200
PointerToRawData 0x146000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x384
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38346
MD5 e23240fe624dffee0d0d8d6ecae4a478
SHA1 d1c55c0f5be8c2b2cd8084e7ab22bdf23732be7d
SHA256 b8ef8440aa80b4fa0a4fea7568bf164d79c3ca48416a4467b5155d6f490a534f
SHA3 94fe64e3315b27f91fcde816137d881cbeaf207a6ca7d5630cb8dc247c6c7067

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1 879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256 c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3 93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.0.6.0
ProductVersion 3.0.6.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments Modbus RTU / Modbus TCP Slave Emulator
CompanyName Intellation Ltd.
FileDescription Unslave
FileVersion (#2) 3.0.6
InternalName UnslaveConsole.exe
LegalCopyright Copyright © Intellation Ltd. 2017
OriginalFilename UnslaveConsole.exe
ProductName Unslave
ProductVersion (#2) 3.0.6
Assembly Version 3.0.6.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-May-30 11:52:10
Version 0.0
SizeofData 104
AddressOfRawData 0x147548
PointerToRawData 0x145748
Referenced File C:\Users\Andrei Streltsov\code\unslave\src\UnslaveConsole\bin\Debug\unslave.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors