Manalyze report for a74dbc8fc2eeb7775a2384c7c0a3951b

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jun-17 14:29:03
Debug artifacts	C:\Buildserver\agent\_work\40\s\DotNet\STOPDjvu\obj\Release\decrypt_STOPDjvu.pdb
Comments
CompanyName	Emsisoft Ltd.
FileDescription	Emsisoft Decryptor for STOPDjvu
FileVersion	`1.0.0.5`
InternalName	decrypt_STOPDjvu.exe
LegalCopyright	© 2019 Emsisoft Ltd.
LegalTrademarks
OriginalFilename	decrypt_STOPDjvu.exe
ProductName	Emsisoft Decryptor for STOPDjvu
ProductVersion	`1.0.0.5`
Assembly Version	1.0.0.5

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` `Contains domain names: decrypter.emsisoft.com emsisoft.com https://decrypter.emsisoft.com https://decrypter.emsisoft.com/keys/stopdjvu/ https://decrypter.emsisoft.com/submit/stopdjvu/`
Info	The PE is digitally signed.	`Signer: Emsisoft Ltd` `Issuer: COMODO RSA Extended Validation Code Signing CA`
Suspicious	VirusTotal score: 1/67 (Scanned on 2022-05-19 13:56:37)	`Sangfor: Suspicious.Win32.Save.a`

Hashes

MD5	`a74dbc8fc2eeb7775a2384c7c0a3951b`
SHA1	`870256723b2f60d23cf1a9dcd6f5ddf799dd2978`
SHA256	`a09bc66ed2a838a7ecf0a35e8322d3e0433bac49462cc4756f2ff83e71b46a00`
SHA3	`d4143c936633c22eea36c62849c8da0ed55534732570e20693472039961154ba`
SSDeep	`24576:ouESZ2xVLTpHR52hfZJCYRVFe7b8MKHhSiOTr7pD9d9gW2Zj3YsDClQUPON:9Ehxlpx52pZJPVOKNOfVdP2J3Y2p3N`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2021-Jun-17 14:29:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x113e00`
SizeOfInitializedData	`0x7800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00115C3E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x120000`
SizeOfHeaders	`0x200`
Checksum	`0x1229ba`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0333cae006a084d9fb7c7f8a1bf195d0`
SHA1	`75ffcefed41e7abd1bf19dd1b870f09bf4a4133d`
SHA256	`afe036034d4ef9d0a921732c50b44af3cd5e3346220f2c79fff0db5078e2d881`
SHA3	`02a2e586e5021ae958988585d493e1d85da2da3e7b03f06814cc90458e5b58d2`
VirtualSize	`0x113c44`
VirtualAddress	`0x2000`
SizeOfRawData	`0x113e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99217`

.rsrc

MD5	`ebc690c113a3f02e15a6dc0220c6b29d`
SHA1	`a35773c6d69e7281595f72761ec09c23c78e273a`
SHA256	`4200c25be5b4a7bfbc47448109a995d27ce134fc610bf681c10ba861771f8ac6`
SHA3	`aec74974b99afe6c55e3f07c7935f3b7b9ae0f375c22c2ce7f66f6ed38a67882`
VirtualSize	`0x7588`
VirtualAddress	`0x116000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x114000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.2116`

.reloc

MD5	`9a552f5d56884f7af889708c096c1315`
SHA1	`747c2e9378b0fdadf78256589f696dc9ff64dc55`
SHA256	`91ed9e5c14d6f999280e952a0ab691188e5fe9218b01348361efd91151555fef`
SHA3	`9bd7718cd9f38d80fa3329e9c3f87890bf447835d4f5658f908a223fa38d9e06`
VirtualSize	`0xc`
VirtualAddress	`0x11e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x11b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80521`
MD5	`d059d16842df35c1e5e275298962f0a8`
SHA1	`14985a21e7a0890bd5f1efc94b12e3d12ca937a7`
SHA256	`91ca89288a1fdfc04d259a3bdd8151cfa95331de42da379a91b93450ebf58160`
SHA3	`88247aa4606c1e0e4a690e58ae7cc3aa77c58448cdfadf7496aca6d729bcadf9`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71209`
MD5	`fc7e6307b7f5fed5e42e9de32a2bd859`
SHA1	`04059a4b3c2e407a4046dca6cfe19f82f44271ab`
SHA256	`d0c78aa4df0d22ac4763b997e207ce42588bc73064c5e466bb75a75a72ab35db`
SHA3	`2ec3e358fb0c388422ca419a7fdc6214a3ccf789a4ec21cc27db2a3d86c8dcfd`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56201`
MD5	`c789b753ace218b8babfc237081d2394`
SHA1	`b9907a8bc732e7f82a335f97c0fbbaa441ef8765`
SHA256	`02388fb5a5f59385a1a64ac2f96367040eef017858d825d6d7e85b72a3e3a7ee`
SHA3	`4ad585e49d3e0de7b5ea9e6f6e244bae30e2598112bf566d45b1242830f1ce64`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20179`
MD5	`0113c80a69308c95b8d5f9d9da6e2ff5`
SHA1	`c03140b26c72cf3afb51d37899ef983a4501b75b`
SHA256	`ea6ecab32028ff32a7627bc623ebae9ac5fc18e21075ca8d4af67ea9e698d264`
SHA3	`8a9dd1544ed6498136f74d3aa48852cfd70ae9d060622d7caabe9d4cbff1837e`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ef1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.90281`
Detected Filetype	PNG graphic file
MD5	`1ff53a4bf9655e13746adde018c622e2`
SHA1	`433ffd4792cd17e3ae051f741f437732aa0c8a8f`
SHA256	`58e59bce4cba4e707d03069e701dd9a2f5659f80a93d4fdc24c2b5dca3345569`
SHA3	`5f83d4239a03f9170268de79d8d5928233b7345363b5ab3dbad9d6a87b175da5`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64638`
Detected Filetype	Icon file
MD5	`e8b148c5f468d34d832728aef0c4be64`
SHA1	`62103e6e7ccc4f0fd62406491ed8b51025f5764c`
SHA256	`bf2a9ca913fa32c37d33b502217b7d82cbccea214e584d87328f577d5b316d64`
SHA3	`c5749f6385d0f91a63a5aafe6c07ad37e446f239950a99b827c339f3f02f8ffb`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40542`
MD5	`505861897ea8ed6ef26a89889f2f6011`
SHA1	`ae256a86ee6ecf9835883e477c3cb724e409f503`
SHA256	`76a315bb57f977ee5d4c20f100af8d514ffaeba1704d78fcdbecaddd99249a7c`
SHA3	`3d0faca7a092ab3fd762102ab9163aa413a7408c67b79df4a72241da99acb3eb`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00772`
MD5	`e0e4a019be8bfcf48b646ce2f98b627c`
SHA1	`c96a62055bcf99d90ad8e85f180ff98a2a8e9f72`
SHA256	`5cad9422b30296dc60ad088d66bda7fb0b5ce7bd57f780a5e044b68300e7bbd9`
SHA3	`9f3e1fce8557212d37bf9305fc64610b65b608f5b18749642ae8b550a31aba28`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.5
ProductVersion	1.0.0.5
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Emsisoft Ltd.
FileDescription	Emsisoft Decryptor for STOPDjvu
FileVersion (#2)	1.0.0.5
InternalName	decrypt_STOPDjvu.exe
LegalCopyright	© 2019 Emsisoft Ltd.
LegalTrademarks
OriginalFilename	decrypt_STOPDjvu.exe
ProductName	Emsisoft Decryptor for STOPDjvu
ProductVersion (#2)	1.0.0.5
Assembly Version	1.0.0.5

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Jun-17 14:29:03
Version	`0.0`
SizeofData	`105`
AddressOfRawData	`0x115b84`
PointerToRawData	`0x113d84`
Referenced File	C:\Buildserver\agent\_work\40\s\DotNet\STOPDjvu\obj\Release\decrypt_STOPDjvu.pdb

TLS Callbacks

Load Configuration

RICH Header

a74dbc8fc2eeb7775a2384c7c0a3951b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors