Manalyze report for bf33b1f5003516591d95e688922fe9ee

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Feb-27 15:02:11
Comments
CompanyName
FileDescription	WindowsFormsApp1
FileVersion	`1.0.0.0`
InternalName	WindowsFormsApp1.exe
LegalCopyright	Copyright © 2018
LegalTrademarks
OriginalFilename	WindowsFormsApp1.exe
ProductName	WindowsFormsApp1
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Malicious	VirusTotal score: 3/68 (Scanned on 2019-03-14 01:32:24)	`Cylance: Unsafe` `SentinelOne: DFI - Suspicious PE` `CrowdStrike: win/malicious_confidence_100% (D)`

Hashes

MD5	`bf33b1f5003516591d95e688922fe9ee`
SHA1	`60d6fa56e543919a210251546402a6f61a0ccb17`
SHA256	`6fcbf0e10928cf88daf049b5ce6c35e791308d5758f3208d2b1252cd478fea75`
SHA3	`933fc8663dff6fffc4dd02717bfb33fd05754925e1176e4961dd45bba6276aea`
SSDeep	`1536:Ii3YD4IVqAMRcbEZM2BbO7RLGHOUO07hDKhISr:L9IVqAMKbEZM0OCSr`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Feb-27 15:02:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x18e00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001ACAE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x1c000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x20000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5dfc25a0dec96955c574ffa3386fd424`
SHA1	`204fc45971ac0de87b6a2924f63a3bf97bc1459b`
SHA256	`48a4623ae2532575ef623a62077a5922c612eaec3ff5e1c1d9e91646150d5675`
SHA3	`b0ff72e7df0efbc9cc6e48e69e5ee0ac6a813afd57cadbab05b9b21b429ff4c3`
VirtualSize	`0x18cb4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x18e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.69198`

.rsrc

MD5	`37e3880febf67bb53c0b447ee1537b82`
SHA1	`212676b697024330a3c4eee75a65a74c0d8f013e`
SHA256	`e50cfe3b056701ca886e803717146acedf0f7dd36d71f3bb9a2e89db8484f48d`
SHA3	`bedbac5bfbf4a91ea17c32b48fb4f271cd0c300d3af13efa68ef09ca4d948576`
VirtualSize	`0x5ec`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x600`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1971`

.reloc

MD5	`ce373817f8e88690605f9d07fb2afe8e`
SHA1	`c020c5a79ca3a093238408938b658a293f26d5bb`
SHA256	`7bda2a1b36dafe37d10226eb7c6ac8b857dd0b7ef48573c7112227b81ec92657`
SHA3	`7c6f506fb67eee5107ddf59124799b002c8c0da322ce18379d5a337b798368fe`
VirtualSize	`0xc`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29486`
MD5	`652e0bee4a27bc55f0c3875a007e8249`
SHA1	`986183792968c30766b60282c06a3020ee63a2bb`
SHA256	`e33972377949d0af2934aa6248d566fffa020e6fd8b90ad27b9fd15a79783e7f`
SHA3	`a0c33b926e5424a0c7f275baebecaefc05ec7d95feaaa01a1dd8ba37ddd88f52`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	WindowsFormsApp1
FileVersion (#2)	1.0.0.0
InternalName	WindowsFormsApp1.exe
LegalCopyright	Copyright © 2018
LegalTrademarks
OriginalFilename	WindowsFormsApp1.exe
ProductName	WindowsFormsApp1
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

bf33b1f5003516591d95e688922fe9ee

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors