×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2020-Feb-11 04:48:54
Comments
CompanyName
FileDescription
BlueStacksTweaker5
FileVersion
5.16.1.0
InternalName
BlueStacksTweaker5.exe
LegalCopyright
Copyright © AJacobs 2016
LegalTrademarks
OriginalFilename
BlueStacksTweaker5.exe
ProductName
BlueStacksTweaker5
ProductVersion
5.16.1.0
Assembly Version
5.16.1.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info
Interesting strings found in the binary:
Contains domain names:
Vodafone.de
adobe.com
bstweaker.tk
http://127.0.0.1
http://ns.adobe.com
http://ns.adobe.com/exif/1.0/
http://ns.adobe.com/photoshop/1.0/
http://ns.adobe.com/tiff/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://purl.org
http://www.w3.org
http://www.w3.org/1999/02/22-rdf-syntax-ns#
inkscape.org
ns.adobe.com
www.inkscape.org
www.w3.org
Malicious
VirusTotal score: 3/72 (Scanned on 2020-05-23 23:32:37)
CrowdStrike:
win/malicious_confidence_60% (W)
APEX:
Malicious
VBA32:
CIL.HeapOverride.Heur
MD5
bcea2cb38e00193dc5d55dac4bcb9d73
SHA1
d105c924f088e7a464a7449e7fd3f1bfd22a43d7
SHA256
e5f89d20152438bd8106a1ce15019b9dcd83e1e5b65d10f0a0a00770d0b60a11
SHA3
25787ff82eb22c5da0dd08f8a045524b07a953614201df4a39944bfaa704fa45
SSDeep
12288:CKJxMaOOOOOOOOOO1HHYozE29a4V2PBLy3oU:CYbHvL9zGBLy3/
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2020-Feb-11 04:48:54
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
48.0
SizeOfCode
0x63c00
SizeOfInitializedData
0x5a00
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00065B3E (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x66000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x6e000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
42507381eea760cc78315eaa9bd661b0
SHA1
b729506a7613e1b9d421ccffe3b3750f74b32a3b
SHA256
ed349d0393a9ebe832634a8a7f984a985b40d6f4b970d41f6204cbdf33a711ed
SHA3
c653e7b4d176f964390aedd87024ff8e37d40fa251cccfdca1f04d9937f4c4ff
VirtualSize
0x63b44
VirtualAddress
0x2000
SizeOfRawData
0x63c00
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
6.62796
MD5
1429731d9eb950360da69508e530b05d
SHA1
f1f141d070ab8212fc33654be4c952c2e127f263
SHA256
598dffc232c43fca3960182251c5a52ba1905428ce1cd8ba7eed1dd90e94748e
SHA3
ed80b3d3ce7a6ca2b3e67dc5b484ceff0a7d0572e231746e4d26415fca52093d
VirtualSize
0x5680
VirtualAddress
0x66000
SizeOfRawData
0x5800
PointerToRawData
0x63e00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
5.9458
MD5
129f3080d5f75160b229908b871dd8b8
SHA1
3fcf44636142e1592fadfc4eb4ce6c148a2113d4
SHA256
395afb25073e8c1448ca3d05707e131648d60664c3635f2213e8319a44a1c99e
SHA3
1bea23a501c491d1a6333b118a57f728ce4be5f23d13ab8a635a0d0a2c21b589
VirtualSize
0xc
VirtualAddress
0x6c000
SizeOfRawData
0x200
PointerToRawData
0x69600
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.10191
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x4228
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.67484
MD5
47e9e24c749b0fd41bd8c6839e57c07c
SHA1
a81018f0b90a72aa70dcf7e901f6129d38d8462f
SHA256
23db16eb771ea7020b260020291f749a16aeff5e7611e26a915328a96ebf39b4
SHA3
31768a761ef0894450caa17c9332785d8602cb68e2c815024f3faec48adc38e3
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x14
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.91924
Detected Filetype
Icon file
MD5
3e1d980f0dc747eec9d946c155cb1498
SHA1
15414ced0202f709d400c957d441a8856dde8479
SHA256
027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd
SHA3
11e83c27ff3b8cca2c537273338202138c94fb4b10a6b2daf0f7d23d177cc049
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x386
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.35478
MD5
be1c60a37f6f4b2dc1f67e24e436402d
SHA1
a4af1b87925a3f3135b5644f06d93f1f044d378e
SHA256
906166588b8db00cd332f9706f8846496ff31c29cb56925b30b795a10dbd03d7
SHA3
cc6f97726fb6f6644ef1b14d5e852e0116efbb28e454e1800179aa31cae41fd4
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0xf8c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.43024
MD5
fbc0e90a742b7d449967346160f28637
SHA1
d8b2b8989ad9f0ad2b8c1434d9f7f193a595172b
SHA256
e4efe55e1d18d7452e1ded3846d91b1b4d1318cb5546f7c2e4ad2eb052d9d129
SHA3
49cbb1e4135501a5345493771d2c5117e67c8dfef7fd1ab9998018594dbc170f
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
5.16.1.0
ProductVersion
5.16.1.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
FileDescription
BlueStacksTweaker5
FileVersion (#2)
5.16.1.0
InternalName
BlueStacksTweaker5.exe
LegalCopyright
Copyright © AJacobs 2016
LegalTrademarks
OriginalFilename
BlueStacksTweaker5.exe
ProductName
BlueStacksTweaker5
ProductVersion (#2)
5.16.1.0
Assembly Version
5.16.1.0