Manalyze report for bcea2cb38e00193dc5d55dac4bcb9d73

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Feb-11 04:48:54
Comments
CompanyName
FileDescription	BlueStacksTweaker5
FileVersion	`5.16.1.0`
InternalName	BlueStacksTweaker5.exe
LegalCopyright	Copyright © AJacobs 2016
LegalTrademarks
OriginalFilename	BlueStacksTweaker5.exe
ProductName	BlueStacksTweaker5
ProductVersion	`5.16.1.0`
Assembly Version	5.16.1.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	`Contains domain names: Vodafone.de adobe.com bstweaker.tk http://127.0.0.1 http://ns.adobe.com http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://purl.org http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# inkscape.org ns.adobe.com www.inkscape.org www.w3.org`
Malicious	VirusTotal score: 3/72 (Scanned on 2020-05-23 23:32:37)	`CrowdStrike: win/malicious_confidence_60% (W)` `APEX: Malicious` `VBA32: CIL.HeapOverride.Heur`

Hashes

MD5	`bcea2cb38e00193dc5d55dac4bcb9d73`
SHA1	`d105c924f088e7a464a7449e7fd3f1bfd22a43d7`
SHA256	`e5f89d20152438bd8106a1ce15019b9dcd83e1e5b65d10f0a0a00770d0b60a11`
SHA3	`25787ff82eb22c5da0dd08f8a045524b07a953614201df4a39944bfaa704fa45`
SSDeep	`12288:CKJxMaOOOOOOOOOO1HHYozE29a4V2PBLy3oU:CYbHvL9zGBLy3/`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Feb-11 04:48:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x63c00`
SizeOfInitializedData	`0x5a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00065B3E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x66000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6e000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`42507381eea760cc78315eaa9bd661b0`
SHA1	`b729506a7613e1b9d421ccffe3b3750f74b32a3b`
SHA256	`ed349d0393a9ebe832634a8a7f984a985b40d6f4b970d41f6204cbdf33a711ed`
SHA3	`c653e7b4d176f964390aedd87024ff8e37d40fa251cccfdca1f04d9937f4c4ff`
VirtualSize	`0x63b44`
VirtualAddress	`0x2000`
SizeOfRawData	`0x63c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62796`

.rsrc

MD5	`1429731d9eb950360da69508e530b05d`
SHA1	`f1f141d070ab8212fc33654be4c952c2e127f263`
SHA256	`598dffc232c43fca3960182251c5a52ba1905428ce1cd8ba7eed1dd90e94748e`
SHA3	`ed80b3d3ce7a6ca2b3e67dc5b484ceff0a7d0572e231746e4d26415fca52093d`
VirtualSize	`0x5680`
VirtualAddress	`0x66000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x63e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.9458`

.reloc

MD5	`129f3080d5f75160b229908b871dd8b8`
SHA1	`3fcf44636142e1592fadfc4eb4ce6c148a2113d4`
SHA256	`395afb25073e8c1448ca3d05707e131648d60664c3635f2213e8319a44a1c99e`
SHA3	`1bea23a501c491d1a6333b118a57f728ce4be5f23d13ab8a635a0d0a2c21b589`
VirtualSize	`0xc`
VirtualAddress	`0x6c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x69600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.67484`
MD5	`47e9e24c749b0fd41bd8c6839e57c07c`
SHA1	`a81018f0b90a72aa70dcf7e901f6129d38d8462f`
SHA256	`23db16eb771ea7020b260020291f749a16aeff5e7611e26a915328a96ebf39b4`
SHA3	`31768a761ef0894450caa17c9332785d8602cb68e2c815024f3faec48adc38e3`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`3e1d980f0dc747eec9d946c155cb1498`
SHA1	`15414ced0202f709d400c957d441a8856dde8479`
SHA256	`027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd`
SHA3	`11e83c27ff3b8cca2c537273338202138c94fb4b10a6b2daf0f7d23d177cc049`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x386`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35478`
MD5	`be1c60a37f6f4b2dc1f67e24e436402d`
SHA1	`a4af1b87925a3f3135b5644f06d93f1f044d378e`
SHA256	`906166588b8db00cd332f9706f8846496ff31c29cb56925b30b795a10dbd03d7`
SHA3	`cc6f97726fb6f6644ef1b14d5e852e0116efbb28e454e1800179aa31cae41fd4`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.43024`
MD5	`fbc0e90a742b7d449967346160f28637`
SHA1	`d8b2b8989ad9f0ad2b8c1434d9f7f193a595172b`
SHA256	`e4efe55e1d18d7452e1ded3846d91b1b4d1318cb5546f7c2e4ad2eb052d9d129`
SHA3	`49cbb1e4135501a5345493771d2c5117e67c8dfef7fd1ab9998018594dbc170f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.16.1.0
ProductVersion	5.16.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	BlueStacksTweaker5
FileVersion (#2)	5.16.1.0
InternalName	BlueStacksTweaker5.exe
LegalCopyright	Copyright © AJacobs 2016
LegalTrademarks
OriginalFilename	BlueStacksTweaker5.exe
ProductName	BlueStacksTweaker5
ProductVersion (#2)	5.16.1.0
Assembly Version	5.16.1.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

bcea2cb38e00193dc5d55dac4bcb9d73

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors