Manalyze report for a89d9c05cae4bb501bcd0bd77f5750c6e5deaeef7daad9e7cf0a82f7eeefe044

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Sep-30 00:04:53
Comments	MSS5x Flash Tool
CompanyName	https://www.bimmertuningtools.com
FileDescription	MSS5x Quickflash
FileVersion	`1.54`
InternalName	MSS5x Quickflash.exe
LegalCopyright	Bimmer Tuning Tools, LLC
LegalTrademarks
OriginalFilename	MSS5x Quickflash.exe
ProductName	MSS5x Quickflash
ProductVersion	`1.54`
Assembly Version	1.54.0.0

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Suspicious	PEiD Signature:	`HQR data file`
Info	Interesting strings found in the binary:	Contains domain names: bimmertuningtools.com cert.ssl.com crls.ssl.com http://cert.ssl.com http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_ http://crls.ssl.com http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0 http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0 http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0 http://crls.ssl.com/ssl.com-rsa-RootCA.crl0 http://ocsps.ssl.com0 http://ocsps.ssl.com0? http://www.ssl.com http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0 http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0 https://www.bimmertuningtools.com https://www.ssl.com https://www.ssl.com/repository0 www.bimmertuningtools.com www.ssl.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Suspicious		`Unusual section name found: FLARE`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`379fb00ae22b633ad0d8477014fd551c`
SHA1	`ed7aa710a14e8f0cfa95ff1d891df494ffa542b4`
SHA256	`a89d9c05cae4bb501bcd0bd77f5750c6e5deaeef7daad9e7cf0a82f7eeefe044`
SHA3	`af7091dd9fd253bfe7d5e20181d4e34d09228bd158468a032166b4f6fff8850b`
SSDeep	`196608:UoR5zHQepMXhgzyw1ulQtISJcJgT6wQrPgxdP:r5zXMXhFlQfVTorPgxx`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2024-Sep-30 00:04:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x7cfe00`
SizeOfInitializedData	`0x7d1400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x007D1BAA (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x7d4000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x7d6000`
SizeOfHeaders	`0x400`
Checksum	`0x7d7bc0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`37eb9245954ba5ad7855a8db4c66595c`
SHA1	`4d59bb5fe98c0dccbd34ca86ec3962042c7d60ab`
SHA256	`418e4c20606547600a046dbf2190ce4fd3239439b0b8aefe37a4d0a21189809d`
SHA3	`df3764792bc08c4ef62006b4c6e1894a647aa2a968c26ddfa5124640e7aa3c6e`
VirtualSize	`0x7cfc7c`
VirtualAddress	`0x2000`
SizeOfRawData	`0x7cfe00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98628`

.rsrc

MD5	`825449ddafb5120502f1e840802899da`
SHA1	`200b758743e4d3845d469bda9ec1101bfdd9cd4a`
SHA256	`83d4f97b1875b3d1aa9f4ca12acf5f1901c6f3d384b201061b93a918c315c240`
SHA3	`d1d146578a4662c4828d85885b611e1bfd8cc1d83fc084c818dfdff9e71a4231`
VirtualSize	`0x156c`
VirtualAddress	`0x7d2000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x7d0200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.55646`

.reloc

MD5	`b2cca8cffaab1709b2386d03c5f0c82c`
SHA1	`7bc0d0d5635abb8198b44365e0536052cdc97a7e`
SHA256	`dada8d792c7882d4a1989ad4dd7b2135f388fa7387d5e04368a55b9d3cfd7df9`
SHA3	`5f73f3cd1cf745bc20ea556c6c78524edd421fb90729f0d40141cc7d5b81741c`
VirtualSize	`0xc`
VirtualAddress	`0x7d4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7d1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

FLARE

MD5	`828fdbb363c2f5474e0dcdf160c1f039`
SHA1	`870a28ca57b653f9cb24e05c99339274baf7ebec`
SHA256	`8750cf2277435cced2721f1df7f55a8228e4982202dbfb1d3fd47ef10b9a7b1b`
SHA3	`aedf29342c43a208499addcd3e02a5a87af54c6456fa66fac895cd8f326c4abc`
VirtualSize	`0x56b64`
VirtualAddress	`0x7d6000`
SizeOfRawData	`0x56c00`
PointerToRawData	`0x7d3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.4008`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.34946`
MD5	`d0501e32d0cfd0c99b8e911daadf80d0`
SHA1	`8a7c97c42106dfa2fc20dd487e358252ecd39b2c`
SHA256	`f7a18eae928baf33c44926a2ab8bd1cee76be5269cda2bb5b598a8abd7617623`
SHA3	`31b2dd2ac08d217140393c284fcce11709729fb32e3227afdcd92a559ac4631a`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40598`
MD5	`0518db7056ca9926f45de068bb93aa97`
SHA1	`75c93d855a9f70ef4fb4dbe0eb9e1fb4d4e36528`
SHA256	`341f3e2599e6a9797d49ade04d778c1cbf87651d256a287314a3ea3a511002a4`
SHA3	`04d001650637e2b84d6ff631c6260c90a2831da1b7ae228624c374a72b5ec27f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.54.0.0
ProductVersion	1.54.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	MSS5x Flash Tool
CompanyName	https://www.bimmertuningtools.com
FileDescription	MSS5x Quickflash
FileVersion (#2)	1.54
InternalName	MSS5x Quickflash.exe
LegalCopyright	Bimmer Tuning Tools, LLC
LegalTrademarks
OriginalFilename	MSS5x Quickflash.exe
ProductName	MSS5x Quickflash
ProductVersion (#2)	1.54
Assembly Version	1.54.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read PDB file information of invalid magic number.

Leave a comment

No comments yet.