Manalyze report for b7907ea1b4a213de503a633f1c8c7503

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Jan-04 20:21:28
Comments	Best tool to manage Windows Firewall with Advanced Security
CompanyName	Malwarebytes
FileDescription	Malwarebytes Windows Firewall Control - Setup
FileVersion	`6.1.0.0`
InternalName	wfc6setup.exe
LegalCopyright	© 2020 Malwarebytes. All Rights Reserved.
LegalTrademarks
OriginalFilename	wfc6setup.exe
ProductName	Malwarebytes Windows Firewall Control - Setup
ProductVersion	`6.1.0.0`
Assembly Version	6.1.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: sc.exe` `May have dropper capabilities: CurrentVersion\Run` `Contains domain names: BiniSoft.org binisoft.org http://schemas.microsoft.com http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation https://binisoft.org microsoft.com schemas.microsoft.com`
Info	The PE is digitally signed.	`Signer: Malwarebytes Inc` `Issuer: DigiCert Assured ID Code Signing CA-1`
Safe	VirusTotal score: 0/73 (Scanned on 2020-06-22 04:59:37)	`All the AVs think this file is safe.`

Hashes

MD5	`b7907ea1b4a213de503a633f1c8c7503`
SHA1	`d3c3da6f1e35e923918d3d70fe5b347a87318479`
SHA256	`bc929e6642656c49071519248de410d4da5dff7c667e6e88fd2619f761413b8c`
SHA3	`af1539d0fe91e9b313215d6d54c47e04a9baca2144658a5fd93ba0006b025b66`
SSDeep	`49152:/hq7UMHVJ9pOd88v9gyv/MD/sTbi707qXnmo7Qn3c6NIftzQIWbKelA51:Y71VJjE8O+yv/IUbi4wJ44EI/eS`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Jan-04 20:21:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x2a6c00`
SizeOfInitializedData	`0x5400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002A8BD2 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2aa000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2b2000`
SizeOfHeaders	`0x200`
Checksum	`0x2b02f0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d476388c71ae007d79a7afde098e10b6`
SHA1	`49d4234a2e76621fbbc5e672c76dcb6d1da64ef2`
SHA256	`b3e8c76bc7aaa1b095d1bc0ff7f6558fb4c59bf0a7aecbcbc09ba09d40ad9ab3`
SHA3	`013e01109f5f0674435354a3c5a3efdfe4eb184dac30147235901811b83af165`
VirtualSize	`0x2a6bd8`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2a6c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98491`

.rsrc

MD5	`3f8c6c356ae8bb7845bbb9e18428c85f`
SHA1	`711fbefaade76f01641d536a45441fa507d9e7d6`
SHA256	`997e70e4f50112b1c69ceaafa3e276f59bb5660e2d79f80f2afd37324dbe2797`
SHA3	`f92d56e581b1cf5adb931293f9e88407f792d4c01b80db1143203744d831fb7e`
VirtualSize	`0x5180`
VirtualAddress	`0x2aa000`
SizeOfRawData	`0x5200`
PointerToRawData	`0x2a6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.2254`

.reloc

MD5	`5a82fbc6e66c8e6f8c6beda7b8e44c02`
SHA1	`21c2a8d8b143887c882984659f21225e990b2fca`
SHA256	`ec9ac0880eebaa3f69c09d4c08c6216369c581cbfc1ffbeeb426f3c4fa1af152`
SHA3	`665123c0d47c164ad2e84c23f6cbeb59e5fecf62b7f17fcf195e2e0e051b4fbd`
VirtualSize	`0xc`
VirtualAddress	`0x2b0000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2ac000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33822`
MD5	`9f3efa5fc45a905f4340cf83f9695451`
SHA1	`d75195a31dbc18056f501484026a65a916ede0cb`
SHA256	`5156eba61ca2e3ec8d14b15e5c261a00ab1565ea61e6c89d4e4c790f32d0b289`
SHA3	`9446baeb7e2294ef25abf028553e9338ba999173a9e4c45d4a2c4f84ed5e9814`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.29655`
MD5	`9efb12adfad882f2e7d3bdb20b0453e7`
SHA1	`ceabe2c1b9543640c46990be451230ef7f9a8385`
SHA256	`c085c067f1ab86ae23fa525af308a808d6e629ea34d4a46e29e2504f328340f5`
SHA3	`791d70102c1d7dc0b85777a71ece56c5412fb961e9839a1fe4b35b5e6bd070a9`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37041`
MD5	`cddacff6321b96fe39d3642f653b1ea8`
SHA1	`73a3f68f795f8792763192719c0aafb09996671e`
SHA256	`eb7da90417f3d4038692ab4f83c15d448b1b7b4541257980f3b7a0db7b0176fd`
SHA3	`b33f6b90058e204b5e396d583ca084753d621ef531c89474bcdb1df7b95d1af0`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82607`
MD5	`1c48c83db3aaf031eae36c7d499ff18e`
SHA1	`4938eaa8c7afe3a7c9933bb7a43aa51f70f80e85`
SHA256	`e1a81e163f0189e4934de0e5f07c4aad34bfce97728f97b9a99059133a6eb33a`
SHA3	`ecd3c9856368a1f12f80a807c0db76459083bbe142a6e6f42742b530ade0dbc5`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62308`
Detected Filetype	Icon file
MD5	`5c84b5099ac46312565be1aa2e21eff0`
SHA1	`25f00759b0e6641f9b423e6a52556c2e4e2796c3`
SHA256	`816cc8c77a0adb35a7432b2bac047e9834bfd21b0ef96c612e5f8bc4f0986620`
SHA3	`17e6deff600599725f4cf3c95b7472cf6ca993cdc40907ae04b6209f5619547f`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4091`
MD5	`18cc6cdcf08029af3af0878080f26074`
SHA1	`f0fb6d6ead0bd7ab0d67e60524a5de274d59b236`
SHA256	`dd864d34717993533b94be45bfee9afd8a651ea96525b3ee9907330267db7c99`
SHA3	`c37f2e2d9731d753e07fae5ba6ad95640e406c11e1fa11f68495976173360a47`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6d1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07521`
MD5	`b7a8b4b89a9c0398eb03fbb2505e9f30`
SHA1	`9b66994a9ff18ab63210954ceac6e48bb2d5d7de`
SHA256	`e0e32bfc210b100ad9c0a9f5d904def3a3bb475219919a8172212f4c0e228f19`
SHA3	`ee41a8ca60d8ae8a664b68701c7fc264105785f10316f5d9e9476b90509300bf`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.1.0.0
ProductVersion	6.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Best tool to manage Windows Firewall with Advanced Security
CompanyName	Malwarebytes
FileDescription	Malwarebytes Windows Firewall Control - Setup
FileVersion (#2)	6.1.0.0
InternalName	wfc6setup.exe
LegalCopyright	© 2020 Malwarebytes. All Rights Reserved.
LegalTrademarks
OriginalFilename	wfc6setup.exe
ProductName	Malwarebytes Windows Firewall Control - Setup
ProductVersion (#2)	6.1.0.0
Assembly Version	6.1.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

b7907ea1b4a213de503a633f1c8c7503

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors