×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2021-Jun-17 14:29:03
Debug artifacts
C:\Buildserver\agent\_work\40\s\DotNet\STOPDjvu\obj\Release\decrypt_STOPDjvu.pdb
Comments
CompanyName
Emsisoft Ltd.
FileDescription
Emsisoft Decryptor for STOPDjvu
FileVersion
1.0.0.5
InternalName
decrypt_STOPDjvu.exe
LegalCopyright
© 2019 Emsisoft Ltd.
LegalTrademarks
OriginalFilename
decrypt_STOPDjvu.exe
ProductName
Emsisoft Decryptor for STOPDjvu
ProductVersion
1.0.0.5
Assembly Version
1.0.0.5
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
Suspicious
Strings found in the binary may indicate undesirable behavior:
May have dropper capabilities:
Contains domain names:
decrypter.emsisoft.com
emsisoft.com
https://decrypter.emsisoft.com
https://decrypter.emsisoft.com/keys/stopdjvu/
https://decrypter.emsisoft.com/submit/stopdjvu/
Info
The PE is digitally signed.
Signer: Emsisoft Ltd
Issuer: COMODO RSA Extended Validation Code Signing CA
Suspicious
VirusTotal score: 1/67 (Scanned on 2022-05-19 13:56:37)
Sangfor:
Suspicious.Win32.Save.a
MD5
a74dbc8fc2eeb7775a2384c7c0a3951b
SHA1
870256723b2f60d23cf1a9dcd6f5ddf799dd2978
SHA256
a09bc66ed2a838a7ecf0a35e8322d3e0433bac49462cc4756f2ff83e71b46a00
SHA3
d4143c936633c22eea36c62849c8da0ed55534732570e20693472039961154ba
SSDeep
24576:ouESZ2xVLTpHR52hfZJCYRVFe7b8MKHhSiOTr7pD9d9gW2Zj3YsDClQUPON:9Ehxlpx52pZJPVOKNOfVdP2J3Y2p3N
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2021-Jun-17 14:29:03
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
48.0
SizeOfCode
0x113e00
SizeOfInitializedData
0x7800
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00115C3E (Section: .text)
BaseOfCode
0x2000
BaseOfData
0
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x120000
SizeOfHeaders
0x200
Checksum
0x1229ba
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
0333cae006a084d9fb7c7f8a1bf195d0
SHA1
75ffcefed41e7abd1bf19dd1b870f09bf4a4133d
SHA256
afe036034d4ef9d0a921732c50b44af3cd5e3346220f2c79fff0db5078e2d881
SHA3
02a2e586e5021ae958988585d493e1d85da2da3e7b03f06814cc90458e5b58d2
VirtualSize
0x113c44
VirtualAddress
0x2000
SizeOfRawData
0x113e00
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
7.99217
MD5
ebc690c113a3f02e15a6dc0220c6b29d
SHA1
a35773c6d69e7281595f72761ec09c23c78e273a
SHA256
4200c25be5b4a7bfbc47448109a995d27ce134fc610bf681c10ba861771f8ac6
SHA3
aec74974b99afe6c55e3f07c7935f3b7b9ae0f375c22c2ce7f66f6ed38a67882
VirtualSize
0x7588
VirtualAddress
0x116000
SizeOfRawData
0x7600
PointerToRawData
0x114000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
6.2116
MD5
9a552f5d56884f7af889708c096c1315
SHA1
747c2e9378b0fdadf78256589f696dc9ff64dc55
SHA256
91ed9e5c14d6f999280e952a0ab691188e5fe9218b01348361efd91151555fef
SHA3
9bd7718cd9f38d80fa3329e9c3f87890bf447835d4f5658f908a223fa38d9e06
VirtualSize
0xc
VirtualAddress
0x11e000
SizeOfRawData
0x200
PointerToRawData
0x11b600
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x468
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.80521
MD5
d059d16842df35c1e5e275298962f0a8
SHA1
14985a21e7a0890bd5f1efc94b12e3d12ca937a7
SHA256
91ca89288a1fdfc04d259a3bdd8151cfa95331de42da379a91b93450ebf58160
SHA3
88247aa4606c1e0e4a690e58ae7cc3aa77c58448cdfadf7496aca6d729bcadf9
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x988
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.71209
MD5
fc7e6307b7f5fed5e42e9de32a2bd859
SHA1
04059a4b3c2e407a4046dca6cfe19f82f44271ab
SHA256
d0c78aa4df0d22ac4763b997e207ce42588bc73064c5e466bb75a75a72ab35db
SHA3
2ec3e358fb0c388422ca419a7fdc6214a3ccf789a4ec21cc27db2a3d86c8dcfd
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.56201
MD5
c789b753ace218b8babfc237081d2394
SHA1
b9907a8bc732e7f82a335f97c0fbbaa441ef8765
SHA256
02388fb5a5f59385a1a64ac2f96367040eef017858d825d6d7e85b72a3e3a7ee
SHA3
4ad585e49d3e0de7b5ea9e6f6e244bae30e2598112bf566d45b1242830f1ce64
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x25a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.20179
MD5
0113c80a69308c95b8d5f9d9da6e2ff5
SHA1
c03140b26c72cf3afb51d37899ef983a4501b75b
SHA256
ea6ecab32028ff32a7627bc623ebae9ac5fc18e21075ca8d4af67ea9e698d264
SHA3
8a9dd1544ed6498136f74d3aa48852cfd70ae9d060622d7caabe9d4cbff1837e
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ef1
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
7.90281
Detected Filetype
PNG graphic file
MD5
1ff53a4bf9655e13746adde018c622e2
SHA1
433ffd4792cd17e3ae051f741f437732aa0c8a8f
SHA256
58e59bce4cba4e707d03069e701dd9a2f5659f80a93d4fdc24c2b5dca3345569
SHA3
5f83d4239a03f9170268de79d8d5928233b7345363b5ab3dbad9d6a87b175da5
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x4c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
2.64638
Detected Filetype
Icon file
MD5
e8b148c5f468d34d832728aef0c4be64
SHA1
62103e6e7ccc4f0fd62406491ed8b51025f5764c
SHA256
bf2a9ca913fa32c37d33b502217b7d82cbccea214e584d87328f577d5b316d64
SHA3
c5749f6385d0f91a63a5aafe6c07ad37e446f239950a99b827c339f3f02f8ffb
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x3b4
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.40542
MD5
505861897ea8ed6ef26a89889f2f6011
SHA1
ae256a86ee6ecf9835883e477c3cb724e409f503
SHA256
76a315bb57f977ee5d4c20f100af8d514ffaeba1704d78fcdbecaddd99249a7c
SHA3
3d0faca7a092ab3fd762102ab9163aa413a7408c67b79df4a72241da99acb3eb
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0xc60
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00772
MD5
e0e4a019be8bfcf48b646ce2f98b627c
SHA1
c96a62055bcf99d90ad8e85f180ff98a2a8e9f72
SHA256
5cad9422b30296dc60ad088d66bda7fb0b5ce7bd57f780a5e044b68300e7bbd9
SHA3
9f3e1fce8557212d37bf9305fc64610b65b608f5b18749642ae8b550a31aba28
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.0.5
ProductVersion
1.0.0.5
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
Emsisoft Ltd.
FileDescription
Emsisoft Decryptor for STOPDjvu
FileVersion (#2)
1.0.0.5
InternalName
decrypt_STOPDjvu.exe
LegalCopyright
© 2019 Emsisoft Ltd.
LegalTrademarks
OriginalFilename
decrypt_STOPDjvu.exe
ProductName
Emsisoft Decryptor for STOPDjvu
ProductVersion (#2)
1.0.0.5
Assembly Version
1.0.0.5
Characteristics
0
TimeDateStamp
2021-Jun-17 14:29:03
Version
0.0
SizeofData
105
AddressOfRawData
0x115b84
PointerToRawData
0x113d84
Referenced File
C:\Buildserver\agent\_work\40\s\DotNet\STOPDjvu\obj\Release\decrypt_STOPDjvu.pdb