Manalyze report for bb42110c654895a33a15508a575738397b2dcdd605868acc28cd50193c8ff8a1

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Feb-15 14:15:01
Debug artifacts	C:\projects\interpreterQ\IQMediaPlayer\obj\Release\IQMP.pdb
Comments
CompanyName	Televic Education
FileDescription	IQMP
FileVersion	`2.0.3.0`
InternalName	IQMP.exe
LegalCopyright	Copyright Â© 2022
LegalTrademarks
OriginalFilename	IQMP.exe
ProductName	interpreterQ Media Player
ProductVersion	`2.0.3.0`
Assembly Version	2.0.3.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %TEMP%` `Contains domain names: datacontract.org http://infralution.com http://licensing.televic-education.be http://licensing.televic-education.be/AuthenticationServer/AuthenticationService.asmx http://licensing.televic-education.be/updates/help.json http://schemas.datacontract.org http://schemas.datacontract.org/2004/07/Tedu.MediaServerT http://tempuri.org infralution.com schemas.datacontract.org tempuri.org`
Suspicious	VirusTotal score: 1/72 (Scanned on 2026-04-14 10:34:13)	`APEX: Malicious`

Hashes

MD5	`39f712e524d846e76aba542f96b37775`
SHA1	`20fdec1f1f21e991376272777344ce9a48c195aa`
SHA256	`bb42110c654895a33a15508a575738397b2dcdd605868acc28cd50193c8ff8a1`
SHA3	`40c07ca09ce71d72ff306cab7462876ee17139268ddd7f32b49cea4d464a1aee`
SSDeep	`12288:nR+JsqGUrnc05azzs+s8yLRcWe+V8noyfxs0BCw:nvqGochzs+s1LRVpByfxs0BCw`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-Feb-15 14:15:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x81400`
SizeOfInitializedData	`0x9a200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0008328A (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x84000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa0000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`265a5087bac2956462ab436496794439`
SHA1	`21abb0684e5817eaa3ecbcc3728438d086a5e106`
SHA256	`fb4d63684c426807fa332d05461d9d9b305558c3d66435126ee452aaf7bcd183`
SHA3	`6317363032fdb506504d22cbc506ba5b0c3e89e712255fa57348474960be7119`
VirtualSize	`0x81290`
VirtualAddress	`0x2000`
SizeOfRawData	`0x81400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.04616`

.reloc

MD5	`c27bea1c4a0040c19bfe61e628fb6946`
SHA1	`a62fe2ed44ea3d722b7e44c15d8d22fde516e625`
SHA256	`e01adfbf7d089971f40ae86e383b4aec6ba79257e2bee586fe1362635aaf0a47`
SHA3	`afbef28cc17ceba5bff0700ee8e979fbc6e65892f91da42ef1d03180543c26b0`
VirtualSize	`0xc`
VirtualAddress	`0x84000`
SizeOfRawData	`0x200`
PointerToRawData	`0x81600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

.rsrc

MD5	`d8a398419797a3e874e99bf1534f125b`
SHA1	`a5cf9d632dd50d4bb80b25e2c65055af068db8e4`
SHA256	`08cf91e13781b1d84ab12460f3d9628d446378da03419de9dce4ea82100a3495`
SHA3	`5e7ef24023a5736760c9bae203af425cda65fa9d4080e9ef1cc72b8a2a9b22a0`
VirtualSize	`0x18c74`
VirtualAddress	`0x86000`
SizeOfRawData	`0x18e00`
PointerToRawData	`0x81800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.21261`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.66352`
MD5	`1995e4e8c2cdf5261d4dfdcb2dcc083f`
SHA1	`aab1c20eea3b4e7d953f22deffe29fb0e433e1a0`
SHA256	`52dff78f86a41e56dde88d4a634ccfd17c28e9ddf6a1f72cee321f7c10a0a9f5`
SHA3	`d180262fe3199765b95adcfa49643bd72f7405b17ebc462d160592213d31dfbf`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90854`
MD5	`b28d3a7a7ba86798c29d7bc91a0d7600`
SHA1	`6e1334ed111721c41ce6063741599c501ec7f841`
SHA256	`57988e06022122a3530a8a49011a51dd9d92a2043a89396780d490f292dd181a`
SHA3	`c8b7ebff2c5724966af3e2cf37f484021e742b4a2537a9774c85e37b8768dec2`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52558`
MD5	`37857234a10a4764f267bac7b74675c2`
SHA1	`0a524831910b153ccc2d7c17e82fa0dc09103aa3`
SHA256	`092307a023bc7529b104051e17b71d5c31e216be549dcbf459184326fbca5857`
SHA3	`ee9ab6676551567d68e737fc954957662f7cab2e2d94f941c15f86310776a835`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32152`
MD5	`8b311bb4f623f6fd81cf968a89699322`
SHA1	`0f025f5def025d096f41dda49f46fb433783bdca`
SHA256	`b96c6408008366e69ff4743e6da0d94146078d9f3f536efc2a290ec9d225ad25`
SHA3	`3a5365124d5b2c87b1ba26924708c4121394c4defb7b7a1719e4b8dacd8f2d59`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94516`
MD5	`7a5eca001f8c8cd41369c7300a499026`
SHA1	`cf27e5787a5ce85cd1696ffce59679aea3e782d8`
SHA256	`3995b8acf85b5000954d1a2c2122aa4670089904cc8babf18af28525454e4ea3`
SHA3	`0e1c943c123ccc2b22b35fd54dfa439afd66fa945a1d06faed61ff4620fbf246`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80283`
Detected Filetype	Icon file
MD5	`da9b70665374e3394540c51191a2dfd6`
SHA1	`c91b3f6407149e322850f6a257923abb260adeb5`
SHA256	`9595be7d246f12c7356d15b8facc45ea482de63d316af484c99156170b9d7362`
SHA3	`d75e51b150e9bb574412de784a1ecf652c36717a52f920f529a2c01e2dfce6af`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31998`
MD5	`5506fddbb64779c08a34e55fbb37e85b`
SHA1	`f6dcf0b3339053decc320344d33c55edf7d38525`
SHA256	`63a420f45b8b69a18e9c84bd88f52dee07eb209df12a43b63462154492675ed3`
SHA3	`e0a109c6dc996fccd7c265b61bbe26b6411ed55443c4ee2ddcdcb9779479792f`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.3.0
ProductVersion	2.0.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Televic Education
FileDescription	IQMP
FileVersion (#2)	2.0.3.0
InternalName	IQMP.exe
LegalCopyright	Copyright Â© 2022
LegalTrademarks
OriginalFilename	IQMP.exe
ProductName	interpreterQ Media Player
ProductVersion (#2)	2.0.3.0
Assembly Version	2.0.3.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Feb-15 14:15:01
Version	`0.0`
SizeofData	`84`
AddressOfRawData	`0x5d714`
PointerToRawData	`0x5b914`
Referenced File	C:\projects\interpreterQ\IQMediaPlayer\obj\Release\IQMP.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.