×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2016-Apr-15 02:07:41
Debug artifacts
D:\1-OP\EC\yeswin\yeswin2\RC-YSG\src\CLIENT\_CORE\YESHost\obj\Release\YESHost.pdb
Comments
元大越是贏系統
CompanyName
元大證券
FileDescription
yeswin 越是贏
FileVersion
3.0.5949.18230
InternalName
YESHost.exe
LegalCopyright
2004~, All Rights Reserved.
LegalTrademarks
yeswin
OriginalFilename
YESHost.exe
ProductName
YUANTA YESWIN
ProductVersion
3.0.5949.18230
Assembly Version
3.0.5949.18230
Info
Matching compiler(s):
.NET executable -> Microsoft
Suspicious
PEiD Signature:
HQR data file
Suspicious
Strings found in the binary may indicate undesirable behavior:
Contains references to system / monitoring tools:
Safe
VirusTotal score: 0/71 (Scanned on 2019-11-16 03:21:43)
All the AVs think this file is safe.
MD5
ea161ff53128a64cb18d7191cb0f824c
SHA1
43c3da0108c92e17eac74f331cd5daba07eee5a3
SHA256
a73844fd791f5e0cb7750e5d56c4977c44807223dda70590d77510111df5ffee
SHA3
202999f7495a6d27d41f62e5e54c95eec6077eaa1c81afdf0eafce1c3807321f
SSDeep
24576:ykoEZpJtfBCTsRsr0AKRW98E6VQWR9KGo4:1pJtfvRsr0AKRQ7gQWOG
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2016-Apr-15 02:07:41
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Magic
PE32
LinkerVersion
11.0
SizeOfCode
0x117000
SizeOfInitializedData
0x3000
SizeOfUninitializedData
0
AddressOfEntryPoint
0x0011807E (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x11a000
ImageBase
0x11000000
SectionAlignment
0x2000
FileAlignment
0x1000
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x11e000
SizeOfHeaders
0x1000
Checksum
0x11b88a
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
0a86c26ea1d48a21f65568a808d28c4a
SHA1
5ae0a23ccde86008b9752a0e9ff73ac8ae55227c
SHA256
079e9be27293097d0c642084ba218becf4f2265cd946cdb817925137fbe83d2f
SHA3
1d36a556bc2894c50636d169df7c7d66da2f91336f3e6ed23ab37b938b1042a1
VirtualSize
0x116084
VirtualAddress
0x2000
SizeOfRawData
0x117000
PointerToRawData
0x1000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
6.35191
MD5
1a81a1c6d5df52cff6f6dba7b0f8e69e
SHA1
3b7ec66cea142e74d69b153aaef96506201c50f5
SHA256
bbb69e6c9473717c03332e0801a68dbb33e22dc2e41c15e5de4e1c2b49641732
SHA3
3a81638abfca33c238aeade2601ebdbcb647a940ebe58c8219de1b421a67027d
VirtualSize
0x1768
VirtualAddress
0x11a000
SizeOfRawData
0x2000
PointerToRawData
0x118000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
3.63751
MD5
beabb053a5c811c7886236382d084da9
SHA1
9b7f6f427374e8857040df5e59dfc54e96e4e859
SHA256
7c601c0324937aa91d08acf8161bb45bff1ab1c6cf4dd9901a887d54616b6251
SHA3
46dda8eef548661827e84e83aa8baaf761e9436d0da4d55dc4b58b3c783e61db
VirtualSize
0xc
VirtualAddress
0x11c000
SizeOfRawData
0x1000
PointerToRawData
0x11a000
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0159202
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.73985
MD5
c2b254878ac497a50a290109c1aec4eb
SHA1
a47cfb0a8be24173477c25765c191085f6b695d5
SHA256
3fbfd014528206938932ff29dc4d446183ea26aea4ad42307ffcbbe7d1fa944f
SHA3
9980200e16f115095628801e331a8ed20f8ced2636e5b387b8c2d301ac9c7daf
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x14
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
1.94375
Detected Filetype
Icon file
MD5
d3bdbb19efa0630f837601a23f30ff3d
SHA1
f9513900fbb276100e1fcb1b798616c0ae0d4bc6
SHA256
852391035320228f8de3412c040f63d082abc6cc8ab8d715d1d5a92c243cbd97
SHA3
d64b14bf272ad71e0c7853722283bb1c1c821b983a886b63a7999ba1060420b6
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x384
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.69758
MD5
aacbda5770fe0bf050bec1b7532c5b94
SHA1
0c841887367a06bbab72c2ebdb8042860f6bb95c
SHA256
57752e5940bdf75e9ad86cccf4a377ab12b5b512151cdd0d3f7991890900108a
SHA3
612832138200ba169113b166fa1a895e2a978a1f0efe36368b3b3af66032e630
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1
879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256
c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3
93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
3.0.5949.18230
ProductVersion
3.0.5949.18230
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
元大越是贏系統
CompanyName
元大證券
FileDescription
yeswin 越是贏
FileVersion (#2)
3.0.5949.18230
InternalName
YESHost.exe
LegalCopyright
2004~, All Rights Reserved.
LegalTrademarks
yeswin
OriginalFilename
YESHost.exe
ProductName
YUANTA YESWIN
ProductVersion (#2)
3.0.5949.18230
Assembly Version
3.0.5949.18230
Characteristics
0
TimeDateStamp
2016-Apr-15 02:07:41
Version
0.0
SizeofData
106
AddressOfRawData
0x117fbc
PointerToRawData
0x116fbc
Referenced File
D:\1-OP\EC\yeswin\yeswin2\RC-YSG\src\CLIENT\_CORE\YESHost\obj\Release\YESHost.pdb