Manalyze report for cef341e2c66aa6c51d75ef126350d73d

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-May-16 07:21:12
CompanyName	Setup
FileDescription	Setup
FileVersion	`2.58.8.0`
InternalName	Setup.exe
LegalCopyright	Copyright © Vector Informatik GmbH 2024
OriginalFilename	Setup.exe
ProductName	Vector Informatik Installation
ProductVersion	`2.58.8+409fed36`
Assembly Version	2.58.8.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware` `May have dropper capabilities: CurrentVersion\Run` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: cacerts.digicert.com code.msdn.microsoft.com codekicker.de crl.microsoft.com crl3.digicert.com crl4.digicert.com digicert.com docs.microsoft.com github.com http://cacerts.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0 http://codekicker.de http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T http://crl3.digicert.com http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0 http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F http://crl4.digicert.com http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0 http://james.newtonking.com http://james.newtonking.com/projects/json http://ocsp.digicert.com0A http://ocsp.digicert.com0C http://ocsp.digicert.com0O http://ocsp.digicert.com0X http://schemas.microsoft.com http://schemas.microsoft.com/expression/2010/interactivity http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://www.digicert.com http://www.digicert.com/CPS0 http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.microsoft.com0 http://www.w3.org http://www.w3.org/2000/xmlns/ http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance https://code.msdn.microsoft.com https://code.msdn.microsoft.com/CSUACSelfElevation-5736ee90/sourcecode?fileId https://code.msdn.microsoft.com/windowsapps/CSUACSelfElevation-644673d3 https://docs.microsoft.com https://docs.microsoft.com/en-us/windows/win32/msi/machine-policies&lt https://docs.microsoft.com/en-us/windows/win32/msi/machine-policies&quot https://github.com https://ithoughthecamewithyou.com https://portal.vector.com https://portal.vector.com/ https://portal.vector.com/delegate/memberarea/services/document_library/Service%20Packs/PND https://social.msdn.microsoft.com https://social.msdn.microsoft.com/Forums/vstudio/de-DE/bfa45a8b-7092-4779-b829-49ecfd997418/uac-shield-in-button-anzeigen?forum https://stackoverflow.com https://support.microsoft.com https://support.microsoft.com/en-us/help/981778/how-to-self-elevate-an-application-to-a-high-privilege-level-under-uac https://www.newtonsoft.com https://www.newtonsoft.com/json https://www.newtonsoft.com/jsonschema https://www.nuget.org https://www.nuget.org/packages/Newtonsoft.Json.Bson ithoughthecamewithyou.com james.newtonking.com microsoft.com msdn.microsoft.com newtonking.com newtonsoft.com nuget.org openxmlformats.org paint.net portal.vector.com schemas.microsoft.com schemas.openxmlformats.org social.msdn.microsoft.com stackoverflow.com support.microsoft.com vector.com www.digicert.com www.microsoft.com www.newtonsoft.com www.nuget.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256`
Info	The PE is digitally signed.	`Signer: Vector Informatik GmbH` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`cef341e2c66aa6c51d75ef126350d73d`
SHA1	`4e9caa8ba44e90e39ed7f6dafb10e398de0bd511`
SHA256	`dfc683693ec8dca3b1ecc6d4084dc370e9a4a870d6816b169a5138f43e883915`
SHA3	`3694e9ca67167e44466e868c3941bececa4f3cda8927af5c9f8547e49d5b6a56`
SSDeep	`24576:Hfg6EhZ0Df/nCaqdm1AjXxXeL2T52qwVxRecapUo3VBA/ZTvQD0XY0AJBSjRlXPT:H/4gf/nCa11AISF2qqRnauolEAJBSjhV`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2024-May-16 07:21:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x259c00`
SizeOfInitializedData	`0x3c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0025BB1E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x262000`
SizeOfHeaders	`0x200`
Checksum	`0x26a85f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`da6879a807c3e60c479ac9c22d682825`
SHA1	`9f6c5ecfd70cdc4f333cd7173465549fbf7d51b3`
SHA256	`492047fb02f5bfc581aaff967d529cb0b9f234b5ceb0c72a0fe65cafab709c9f`
SHA3	`7a496df28545987f83beac4b81d2fa3aaddcc7b74b8b6184b1d63b9f7e24b88f`
VirtualSize	`0x259b24`
VirtualAddress	`0x2000`
SizeOfRawData	`0x259c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67149`

.rsrc

MD5	`82d210235e6cf309c252306198e5ccf5`
SHA1	`992629a9af0ad726625a2d48b856cd50f2b5cc85`
SHA256	`cc11e774ac4e634756d587db7a0db6ea2395253ff7d993ea8772e30a9002d1ac`
SHA3	`c7c1cd41b7286be46391391c641232ee8ef7a8055d071c74b6023db0519c747e`
VirtualSize	`0x3a00`
VirtualAddress	`0x25c000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x259e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.93055`

.reloc

MD5	`399b348e74896787bb25939e859a5c3e`
SHA1	`4e82651e50b5ff5474561d5e61b17be0e7358859`
SHA256	`3e9bb10de34f64c728b98bef64d1c6cccd8222a89747224bf627be8f32ed7329`
SHA3	`b194a3ff3132f76ae567a048e3bb91d5a7b62455ee5f57d0bdfaa43fd6f1bba2`
VirtualSize	`0xc`
VirtualAddress	`0x260000`
SizeOfRawData	`0x200`
PointerToRawData	`0x25d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25755`
MD5	`c5af786bfd9fd1c53c8fe9f0bd9ce38b`
SHA1	`4f6f7d9973b47063aa5353225a2bc5a76aa2a96a`
SHA256	`f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b`
SHA3	`e178a71f02edb18e31bf550d484b2cba8d865e1e9796065addb07855ce5627f9`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47151`
MD5	`0a451222f7037983439a58e3b44db529`
SHA1	`6881cba71174502883d53a8885fb90dad81fd0c0`
SHA256	`dc785b2a3e4ea82bd34121cc04e80758e221f11ee686fcfd87ce49f8e6730b22`
SHA3	`d5599c242df5383add3fb330d42b31f1751594b36bbf52195e7d1dd564e7f0e3`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91708`
MD5	`90ed3aac2a942e3067e6471b32860e77`
SHA1	`b849a2b9901473810b5d74e6703be78c3a7e64e3`
SHA256	`ca8fc96218d0a7e691dd7b95da05a27246439822d09b829af240523b28fd5bb3`
SHA3	`3f02085a0d69091556ede0b585f45145adce9849e175d8177c2f0fe0891a1bd8`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91366`
MD5	`af05dd5bd4c3b1fc94922c75ed4f9519`
SHA1	`f54685a8a314e6f911c75cf7554796212fb17c3e`
SHA256	`3bbacbad1458254c59ad7d0fd9bea998d46b70b8f8dcfc56aad561a293ffdae3`
SHA3	`150dba8cc825d5c0e9ff3c59015533288d19931847210338a3ef7cdc390c0e78`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.02252`
MD5	`0a32af36e9f3ff2bfb686892dbc76e7f`
SHA1	`4d2cc068f7b71244190a174e2ec4595d6d9a2614`
SHA256	`8a5df9bfd804a125d891bd567e7b0890b508950cc54130066d97175d1f826e4e`
SHA3	`8e14d73e5daaf1e9fecaa8816a14ece135fd6353aed61d71fe452053d43cf60e`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.62911`
MD5	`10e4a9330ed641c05b4999444bfc3fbd`
SHA1	`453247eb70fec1eb7d95cf2561945d38ca5533d6`
SHA256	`64ea64ed88dc134f22303dd615f02cfb747dd74317f6d1822f2477c2352ddeb7`
SHA3	`e097ab28a4244abf7a390414c536f109ddfd07d42157641598a36d4bf7d72fb8`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86669`
Detected Filetype	Icon file
MD5	`a36bfe9720c6b3e28e2e7f36948102eb`
SHA1	`44d4f7438416bd4634bd699fd3dbd21492dda23c`
SHA256	`a2fa837c8040b5541e0978df87c47b627cad06b4ea1234b8ffbacbb88d1f12cf`
SHA3	`4254fefaa0e78f3799434b3c5887cafa2e8b475c84452f7600427ed28358f394`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x332`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41682`
MD5	`a91c5530b597bc97d9871a83e86a6af5`
SHA1	`54341bac81ad56f7b0890e2436372e92a2a2d957`
SHA256	`4ce35886fc25f84fafa3a790f60b04ad1e810013bb523219c325a7ca4daa42ff`
SHA3	`a6efb58343321e806ebcf9a69550cb0dc586fc5d78aaa69925940e34f15836aa`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xbc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04542`
MD5	`b07600aea7a098b3747aa4c22efa05ae`
SHA1	`27f73021b7b907add168257ea44f475371b7ab38`
SHA256	`42fcda1803160c25ffca77ddd17091806717ba1372bda42a7b06006f90132aa8`
SHA3	`6d405ae7df8f02377ed710708bb40d4137c0a7af56ab559678f304b12061bb4a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.58.8.0
ProductVersion	2.58.8.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Setup
FileDescription	Setup
FileVersion (#2)	2.58.8.0
InternalName	Setup.exe
LegalCopyright	Copyright © Vector Informatik GmbH 2024
OriginalFilename	Setup.exe
ProductName	Vector Informatik Installation
ProductVersion (#2)	2.58.8+409fed36
Assembly Version	2.58.8.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

cef341e2c66aa6c51d75ef126350d73d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors