Manalyze report for be87ec67b0b23d66a90d927e62a84e41

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2057-Feb-12 11:43:54
Debug artifacts	C:\Users\Raymond\source\repos\auto-updater-master\GenericAutoUpdater\obj\Release\DayZ Auto-Updater.pdb
Comments	DayZ Auto Updater
CompanyName	Blu-Games
FileDescription	DayZ Auto Updater
FileVersion	`1.0.8.0`
InternalName	DayZ Auto-Updater.exe
LegalCopyright	Copyright © 2021 Blu-Games
LegalTrademarks
OriginalFilename	DayZ Auto-Updater.exe
ProductName	DayZ Auto Updater
ProductVersion	`1.0.8.0`
Assembly Version	1.0.8.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Interesting strings found in the binary:	`Contains domain names: https://www.blu-tec.co.za https://www.blu-tec.co.za/blugames/patchlist.txt`
Malicious	VirusTotal score: 13/70 (Scanned on 2021-04-14 11:30:45)	`MicroWorld-eScan: Gen:Variant.Bulz.412082` `Cybereason: malicious.7b0b23` `Avast: Win32:DropperX-gen [Drp]` `BitDefender: Gen:Variant.Bulz.412082` `Ad-Aware: Gen:Variant.Bulz.412082` `Emsisoft: Gen:Variant.Bulz.412082 (B)` `FireEye: Gen:Variant.Bulz.412082` `GData: Gen:Variant.Bulz.412082` `MAX: malware (ai score=88)` `Arcabit: Trojan.Bulz.D649B2` `AhnLab-V3: Malware/Win32.RL_Generic.C4187393` `ALYac: Gen:Variant.Bulz.412082` `AVG: Win32:DropperX-gen [Drp]`

Hashes

MD5	`be87ec67b0b23d66a90d927e62a84e41`
SHA1	`eae95f78a3eca83908063897ddd72f2fcdead2ef`
SHA256	`cf76649856e27531240d3205d86c3685b0b49e0834fa3389845068a30bb8e085`
SHA3	`d456682601a288ec56418f791f467d6455a743c3b8c81be18685526e1b93a689`
SSDeep	`3072:Kvzc4qlXE3i8OVMXkX1fbT6UB1uXCEmcaRsq+hfqqidkX1tF77:ezcTVukFfNgSEmc4s3hwdkF77`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2057-Feb-12 11:43:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x20200`
SizeOfInitializedData	`0x5800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00022162 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x24000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2c000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e8469256e9bb2e29f17ba8f05b05a225`
SHA1	`a8f72409659ef2d950d310dfc5e685ec5b91d7e9`
SHA256	`f23ad2d0a77a9cafdb904dcea52335a51527bc68ed057c4378051daf9ebc7592`
SHA3	`6053e7704561a665c90c50ee5d0a7b2545259c489cae4064382378557bf877af`
VirtualSize	`0x20168`
VirtualAddress	`0x2000`
SizeOfRawData	`0x20200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.51449`

.rsrc

MD5	`f5765b02a59a7f9ca90649aef52b7df9`
SHA1	`de5a82dee931c5ed4d6e0684b3bf8cd1b2332803`
SHA256	`8926b5ec6b70e8ad489abe56ef278c0a2ee910ab94938f0cdc0048a720c44ff7`
SHA3	`451e8080f750cfef0997ebbaf60ee2d80bb9c877e5cdc47c184933c12b7eeaf8`
VirtualSize	`0x546c`
VirtualAddress	`0x24000`
SizeOfRawData	`0x5600`
PointerToRawData	`0x20400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.98949`

.reloc

MD5	`d93f8e800c5d6f0a42e0ef7a7ebe9daf`
SHA1	`4367c693d76f6f18bdc9f467260169a74345ca26`
SHA256	`bc917e69a825bf8a54ac086cd40c1d06f70294d72fa8d3277328d230a983ba32`
SHA3	`5b33f28443651df375394961200efc3d7820d06f6125df6017e05845056a4bb8`
VirtualSize	`0xc`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.91578`
MD5	`052431e54641cd7ceb23a76dc7020466`
SHA1	`0f768449e75e3e988eca952ed547a12686b1665f`
SHA256	`e55dd2aeaf2b335f91d50e083dfa407c3551c5498a4ff4b837c1c78cc5eb9a97`
SHA3	`2e74d165ef6b307450f38419455b43e66e23c356ddab0101f7013bb189271f64`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`3e1d980f0dc747eec9d946c155cb1498`
SHA1	`15414ced0202f709d400c957d441a8856dde8479`
SHA256	`027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd`
SHA3	`11e83c27ff3b8cca2c537273338202138c94fb4b10a6b2daf0f7d23d177cc049`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39859`
MD5	`1ab75bba320c38fbf88a1087a701d31e`
SHA1	`f1ed8882103f1dbd9cb1a58dd69f28490eb39f7e`
SHA256	`6d356772c1e8cccb440d032082db65265b0ea58f9a8dd8af8042e10ef4485f69`
SHA3	`ac2eca16365222bbf2262b0be63fdefde7904f6a91bf2a4164c6ee297cbe4253`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd59`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00719`
MD5	`0cc0ecadc8b598da178b79fdd88d336b`
SHA1	`25b39517498d8d3f6565d09d440236b212a2621f`
SHA256	`4d22bcf5f45177c90bec89b01fe4ea116da193a52ef8c2e633290656d310c3f6`
SHA3	`6f4f575477138f0f1391fbd621fe361b772ed9516d6f67b001b7aae71f6c5e98`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.8.0
ProductVersion	1.0.8.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	DayZ Auto Updater
CompanyName	Blu-Games
FileDescription	DayZ Auto Updater
FileVersion (#2)	1.0.8.0
InternalName	DayZ Auto-Updater.exe
LegalCopyright	Copyright © 2021 Blu-Games
LegalTrademarks
OriginalFilename	DayZ Auto-Updater.exe
ProductName	DayZ Auto Updater
ProductVersion (#2)	1.0.8.0
Assembly Version	1.0.8.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2094-May-24 11:46:00
Version	`0.0`
SizeofData	`127`
AddressOfRawData	`0x22090`
PointerToRawData	`0x20290`
Referenced File	C:\Users\Raymond\source\repos\auto-updater-master\GenericAutoUpdater\obj\Release\DayZ Auto-Updater.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

be87ec67b0b23d66a90d927e62a84e41

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors