Manalyze report for e3729101b8ddfb81f00d60e5647f576b

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Dec-13 12:49:40
Comments
CompanyName
FileDescription	installer
FileVersion	`1.7.3.0`
InternalName	installer.exe
LegalCopyright	Copyright © Easy Ad Blocker 2019
LegalTrademarks
OriginalFilename	installer.exe
ProductName	installer
ProductVersion	`1.7.3.0`
Assembly Version	1.7.3.0

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Contains references to internet browsers: chrome.exe firefox.exe` `May have dropper capabilities: CurrentVersion\Run` `Miscellaneous malware strings: exploit` Contains domain names: apache.org eabdl.com eablist.com easyadblocker.com github.com gmail.com http://schemas.microsoft.com http://schemas.microsoft.com/windows/2004/02/mit/task http://scripts.sil.org http://scripts.sil.org/OFL http://scripts.sil.org/OFLMontserratSemiBold http://scripts.sil.org/OFLhttp http://www.apache.org http://www.apache.org/licenses/LICENSE-2.0 http://www.zkysky.com.ar http://www.zkysky.com.ar/This https://github.com https://update.eabdl.com https://update.eabdl.com/swup https://update.eablist.com https://update.eablist.com/alists/ https://update.eablist.com/almap https://update.eablist.com/rein https://update.eablist.com/swup https://update.eablist.com/upd-check https://www.easyadblocker.com https://www.easyadblocker.com/installed/?iid https://www.easyadblocker.com/uninstalled/?iid https://www.easyadblocker.com/weab/privacy-policy.html. microsoft.com pixelspread.com rfuenzalida.com schemas.microsoft.com scripts.sil.org update.eabdl.com update.eablist.com www.apache.org www.easyadblocker.com www.zkysky.com zkysky.com
Info	The PE is digitally signed.	`Signer: Innova Media internetne storitve d.o.o.` `Issuer: GlobalSign Extended Validation CodeSigning CA - SHA256 - G3`
Safe	VirusTotal score: 0/70 (Scanned on 2020-10-16 01:27:20)	`All the AVs think this file is safe.`

Hashes

MD5	`e3729101b8ddfb81f00d60e5647f576b`
SHA1	`4af6e60ef8bdc7a912a4dbef7f11af272640fe0e`
SHA256	`9caa60a3fcb1c3e9f0eb738b6e760c511564a31c6baabfad4d59b9ebf3322b09`
SHA3	`4f77b390983da9c28c67187ff47ad625b56d0cdc3be9c05177994c94c7f39e57`
SSDeep	`12288:O8RPpfnlc4t6iFN9kstg4sX4JJpT3yMI0GLrUqc:OeVlcsBPqw3yMIx7c`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Dec-13 12:49:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xf5a00`
SizeOfInitializedData	`0x1ce00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000F789E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xf8000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x118000`
SizeOfHeaders	`0x200`
Checksum	`0x122924`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8ce4705e83fe8adf49d3021296f64233`
SHA1	`37d79a2f621a796f4950ac9b64c15e001110db0c`
SHA256	`60e4cc762a8e3e01f41b924be107c44873d69b43100cd55aa1cc8d81df7c8e1a`
SHA3	`a93869264a5f6ac76885805c72e0bc421c85371b5b1c14cbf6a4c8f986641a99`
VirtualSize	`0xf58c4`
VirtualAddress	`0x2000`
SizeOfRawData	`0xf5a00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.04273`

.rsrc

MD5	`ade30c45194c1102900e324c3d1c2871`
SHA1	`1d1829bab36d1bcc4902c58f326e3f9a0b67ead3`
SHA256	`1c64d2ce2dd78f6e36d64e07cfbdc78c1f8d6413a25c1075a81c9451d2d74fb9`
SHA3	`5bedcfc277d086abfb41b616b076723f515ecb7689dd6ea83fd7559a447ec4d3`
VirtualSize	`0x1ca3c`
VirtualAddress	`0xf8000`
SizeOfRawData	`0x1cc00`
PointerToRawData	`0xf5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.5516`

.reloc

MD5	`2e6aa01f20124e50471773c29a74a48c`
SHA1	`ff10decb1d37f9ce5ea7b437fd4584643bacf6bd`
SHA256	`13df798e00717f24ce47618e3d67301da08b4694ca331ac1562de3e475d46848`
SHA3	`f17c86a829972d4e01a1369997d3ad4fd5200f93d37498981408609958db69f7`
VirtualSize	`0xc`
VirtualAddress	`0x116000`
SizeOfRawData	`0x200`
PointerToRawData	`0x112800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68226`
MD5	`808112e34a36a05ba01b5fdaf1aee8c5`
SHA1	`7438f90fef02e8bcea99fbe64633cd4930d7c2c7`
SHA256	`b5b5c0b0758af07a9027188a826daa05740fa2cff5c6c9a70c6b24688592161f`
SHA3	`54d0ef3df8e81abdb47f9a89613627a8d85203ff7e3c6020e8bc377667d11798`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49925`
MD5	`8b0c22b7817d93d4a60598127e9ed698`
SHA1	`6262cd61a56b784eb4c5a1cb73eff438ae60e6c1`
SHA256	`037e8a7afb566f54fc06cfc0c3051b308d2f79ae463aca4d2b830993adf9c38e`
SHA3	`1bc63801ffa97f53dcbaaa12a4f1aa97837f41de05d50a06864e92d201f6616a`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29328`
MD5	`1b3557dfe3467c5d13c2af63540bfaf2`
SHA1	`6941228403d174cb2d499570ab6d00d0908e96bf`
SHA256	`cd6d16fe96e0ba049985451d8232bdf86dfcecaa8cee61eb99689ad78c45286d`
SHA3	`fc352900b7f0d6fa6f296cfab8d240854a99a217cde9e26cf971b37dbae7f830`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9794`
MD5	`c6851385473fd4bd9d17621474253176`
SHA1	`bf41ecdab67089b81881efbefbbc2edb42b4b4f1`
SHA256	`81ca4e178d2b9691a9d566281b27a89e9e568e49b7626394ee074f2b53c1b9d3`
SHA3	`79a51e2d5944dc848336b39bbe5e230f84ed016df6df8ad5fe77de34bc125a91`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7581`
MD5	`25e80e75cf6b4baa775a801f5b698574`
SHA1	`e0910878d8a06668f7a4c370d54c8669fbc59b40`
SHA256	`791675f775715655cb7f6f9c1d8d6f4d0f0933b2a25951ca9ab2f132ae883f02`
SHA3	`530591b5033df96d36a4efac9c6e7e212bc2ed609b76a931897112c432e61c6c`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32268`
MD5	`b2c5e5f0886c6f9e806db690159840f5`
SHA1	`45b48c9b337477bf291b2ade542412d1f00d5ce9`
SHA256	`1fc273b8a95df0a02e257df6f029caad7f33dd8b065828ca059a0f0bdf4d7300`
SHA3	`357871413fb50ed3ad596f322d9fd4c282e3e0444b7e980e2984af2b1c78811a`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2898`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92758`
Detected Filetype	PNG graphic file
MD5	`6d96816b36d2fbf337b1b186240032bb`
SHA1	`6f8c6cd15d07a7e44d8061a1a50a9d393d05dd01`
SHA256	`4c102dbd2b6460f9300592683670b2ba232d220ea1cbdd11d53751bb3b8583f2`
SHA3	`35a0e651ddfd4459ac104d6cd8dc525d798f49628148cd593701c61a9713cd6d`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89253`
Detected Filetype	Icon file
MD5	`80667740cabf78419a903cdcd7620742`
SHA1	`010bd0c2656f05dbd53056158aa77419858ccfbe`
SHA256	`f886486b95d5fe1a81fead8ab43d7a8dd2b8a031f49655dd8ee0de354a4da3f9`
SHA3	`ae03f686a7bb751aea3e6026371820b77fd8d22d8b640726f29d5ce4d48d9d14`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x33c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32106`
MD5	`c9262867b32d85d40135dc28cb534338`
SHA1	`db9496f86eaedd0d5d2b908109ef02fcb464cf98`
SHA256	`928cc3c0a251b55af93d28447f45711542daf06772b6171205281aec522264c7`
SHA3	`89cfec578bc9e590a8aebcead56ea4bea9655430ba0866f1daa3d70e9e770a65`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd1a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71325`
MD5	`cfd74fdeb41c25df0e00f84abe916684`
SHA1	`b746896995cbd3f8c2ba1521896ad5db419a9636`
SHA256	`65937dc747ab23c83362cf38cda604d92468c1ed4fcaf7b22eacb25b057dbe0a`
SHA3	`d2471fdee42b7495a62e306c6f5ae00dc00c2076ccf391388a3e8bbacf1e5006`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.7.3.0
ProductVersion	1.7.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	installer
FileVersion (#2)	1.7.3.0
InternalName	installer.exe
LegalCopyright	Copyright © Easy Ad Blocker 2019
LegalTrademarks
OriginalFilename	installer.exe
ProductName	installer
ProductVersion (#2)	1.7.3.0
Assembly Version	1.7.3.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

e3729101b8ddfb81f00d60e5647f576b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

32512

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors