Manalyze report for 8b1be36719a144d2fa2b39fd1b107333

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2009-May-07 08:09:27
FileDescription
FileVersion	`1.0.3414.29083`
InternalName	Vibe.exe
LegalCopyright
OriginalFilename	Vibe.exe
ProductVersion	`1.0.3414.29083`
Assembly Version	1.0.3414.29083

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	`Contains domain names: .eeearena.com .eeestorage.com eeearena.com eeestorage.com http://192.168.1.201 http://192.168.1.201/eeemagic/asus_support/ http://sp.yostore.net sp.yostore.net yostore.net`
Suspicious	The PE is possibly a dropper.	`Resources amount for 91.8894% of the executable.`
Suspicious	VirusTotal score: 1/66 (Scanned on 2018-06-02 09:02:29)	`Cylance: Unsafe`

Hashes

MD5	`8b1be36719a144d2fa2b39fd1b107333`
SHA1	`3bb39d9a1cd3c8d845db554c319c76c515ba5e84`
SHA256	`f39aeeef4d02166fa102c38225959b145b456403f97d8db801957aa98ad8610a`
SHA3	`45ab18786c8694233270158c56b2ad74ee9d3ea0e671ced136f3986c202775b6`
SSDeep	`6144:ZRnMhFgYBBm4QXSFZr8aWtoZPnECTshNfKU:XnMjgYBBmHSbr8aWtoZPnEo`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2009-May-07 08:09:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x67000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00007E2E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x8000`
ImageBase	`0x11000000`
SectionAlignment	`0x2000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x70000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`78c487cbf00aed757d859da6416c6fea`
SHA1	`9d8b098370994e941773ec47214f2f9a1b59c298`
SHA256	`14143d012157ed76ae22829a8496618882b791294f9029434bed2ca5753284e3`
SHA3	`5a3cae998737477b235e867f858db235d584655de064d239b196e6520d3d79c7`
VirtualSize	`0x5e34`
VirtualAddress	`0x2000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.35342`

.rsrc

MD5	`da53fd85757b745cf44285db185b29d0`
SHA1	`0d6e050ad9584596425a7e42d10ba83d58fc15fc`
SHA256	`c013e5bbee8d262298f1254def754e8ec1d6656d7565e4924f1aa9ba3530ed60`
SHA3	`43ecf2269220f0d71cbd125b1c2acd7b209a7e5f3ce6ff8f963fdb33608568cb`
VirtualSize	`0x65398`
VirtualAddress	`0x8000`
SizeOfRawData	`0x66000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.27394`

.reloc

MD5	`1168ccb22d18490edd223acb8580df36`
SHA1	`dedaed8c6dca1ea9acba1414d21aacf9e5c08125`
SHA256	`9a2c5cd01ee8c93c34af0a510e095c30873c0fa62786c79eaa066cb6cab144e6`
SHA3	`d17dcba7bc1252c9b655875cb5cfc8109e95a722a426b35ff7ad384df9f6e4d5`
VirtualSize	`0xc`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0131269`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87275`
MD5	`3fabce1c5e52fcb50846ecbb439f3eb3`
SHA1	`1c1133f724cc7c5e3249b308bcb080e7edb29b4f`
SHA256	`251c6cabbee63e7add6f159a5b43cec01b918346a6aab2eb04c98f270e83a26b`
SHA3	`ddc584a958e75019e1e3d9d37eafe635b1a85d143e699e642de7009a8af01a75`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75507`
MD5	`e17883d72f0a5390abe89a4835fc5555`
SHA1	`7856cb321e8dd6a05dd3572c5534b3d24a27f1c3`
SHA256	`2274dffdf5b5ab7feafccd6ceca71a985f3abed2bb967278fdc3f8bd7f9f7c22`
SHA3	`8984fd5962689723a53c1940ae4d60037772e971e3e60be773180199901f76ef`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46488`
MD5	`511ba43b13872dc66043d216d06c021b`
SHA1	`1bc5dd9324f50c88ad5971964218b36a2140bc05`
SHA256	`593610da1ab429c1fe9f25d4ae3790c120e239ddfa6119e38d13711d8babdbd5`
SHA3	`059222c2305636f68269de88e682ecb0aa773cd9363b6ec5bf4a9d64ed7ce494`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.41655`
MD5	`03d917636c04d5ed96fde8f2878fbede`
SHA1	`6f90ce71c95eebb5ca201c80da808cbd7d1963cb`
SHA256	`700b5a6d58659abc2a9ab27ecfa602bba94e05af49411ba272e5a95990f6f0ce`
SHA3	`c81674d2f2031ed0c96965c497f09666357f8810721bb3b5cfb5e9902d79b443`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33168`
MD5	`86b9532cef123d3c2c1190aa57048942`
SHA1	`7a39e41350cb985375309612aa5593bf4aa17998`
SHA256	`3eae0ca479b6b1295ad0e85442f58d57bae75bd6eae38f22a242eb02b2ebda31`
SHA3	`257ef4c751a6b003542c625e500be5440fca79e07016ca5fb8265341189863c1`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.25956`
MD5	`e2863f8b8cb32529e971f5ac6f65f95c`
SHA1	`6a2963e81b116046ca10d2b1536a42607a5e2fc9`
SHA256	`3ed4cac3023b090ffb231cfb84c04f9be68df98192cd98cdd39a1230d748a470`
SHA3	`a9bbb49c260e2677f63911107a487c0b3e3c8b217b545b852c1b365f2e3e21a9`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16738`
MD5	`1544f0cc778b2d5b75097ff9d7638a8a`
SHA1	`74fdf4077e9e507e1942307ad45b62d779593156`
SHA256	`5183409fc2e8efa5c8772cd7126bd734ecf9e77f2d25b744138132a0ae7c5db1`
SHA3	`0184e012c896c695e70b09fee404030ef3ee4cefefa3641151a4eaea01928fdb`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8894`
Detected Filetype	Icon file
MD5	`3e89e9b2b74b41855f59ac66785ce44b`
SHA1	`9c9d480277580c67cab92427cb38302aac85ba8b`
SHA256	`67f7ded71374af99ef04b2f287d5fe0b52f4ea54493b92189ee944f0191d361a`
SHA3	`f9ef80409ccc7dbc7533da18614cd8e2b45659b0c566566a319fabd2eb7ab0b9`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x26c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34528`
MD5	`8d1811ee8dafa176343b463566c0b7a6`
SHA1	`32c9b5b344e0c2386f23a80eaf58f86c51612281`
SHA256	`c8205d3304761498a83c85f5a30fa5a12aa7ce7dc6baaf445e20de8b6b30b1d3`
SHA3	`ead777be18bc797abd635aa2b410edb3f20d5ca1e62d31a84ee828a5ca0dbab0`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1495`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28775`
MD5	`83a3be4a568f02894d586749742a997c`
SHA1	`e268cb82fe0f25f7b669133856021f627caeebe7`
SHA256	`799fc36d5b715d4b32d2282113ed1b9f1f9189041a0e91f9915966cc394080c0`
SHA3	`28bcd23c3728c2bc09bf39349f9360482eedba9c681e7e22272d5d8f1a8de484`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.3414.29083
ProductVersion	1.0.3414.29083
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	1.0.3414.29083
InternalName	Vibe.exe
LegalCopyright
OriginalFilename	Vibe.exe
ProductVersion (#2)	1.0.3414.29083
Assembly Version	1.0.3414.29083

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

8b1be36719a144d2fa2b39fd1b107333

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

2

3

4

5

6

7

8

32512

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors