Manalyze report for ea161ff53128a64cb18d7191cb0f824c

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Apr-15 02:07:41
Debug artifacts	D:\1-OP\EC\yeswin\yeswin2\RC-YSG\src\CLIENT\_CORE\YESHost\obj\Release\YESHost.pdb
Comments	元大越是贏系統
CompanyName	元大證券
FileDescription	yeswin 越是贏
FileVersion	`3.0.5949.18230`
InternalName	YESHost.exe
LegalCopyright	2004~, All Rights Reserved.
LegalTrademarks	yeswin
OriginalFilename	YESHost.exe
ProductName	YUANTA YESWIN
ProductVersion	`3.0.5949.18230`
Assembly Version	3.0.5949.18230

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regedit.exe`
Safe	VirusTotal score: 0/71 (Scanned on 2019-11-16 03:21:43)	`All the AVs think this file is safe.`

Hashes

MD5	`ea161ff53128a64cb18d7191cb0f824c`
SHA1	`43c3da0108c92e17eac74f331cd5daba07eee5a3`
SHA256	`a73844fd791f5e0cb7750e5d56c4977c44807223dda70590d77510111df5ffee`
SHA3	`202999f7495a6d27d41f62e5e54c95eec6077eaa1c81afdf0eafce1c3807321f`
SSDeep	`24576:ykoEZpJtfBCTsRsr0AKRW98E6VQWR9KGo4:1pJtfvRsr0AKRQ7gQWOG`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2016-Apr-15 02:07:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x117000`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0011807E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x11a000`
ImageBase	`0x11000000`
SectionAlignment	`0x2000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x11e000`
SizeOfHeaders	`0x1000`
Checksum	`0x11b88a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0a86c26ea1d48a21f65568a808d28c4a`
SHA1	`5ae0a23ccde86008b9752a0e9ff73ac8ae55227c`
SHA256	`079e9be27293097d0c642084ba218becf4f2265cd946cdb817925137fbe83d2f`
SHA3	`1d36a556bc2894c50636d169df7c7d66da2f91336f3e6ed23ab37b938b1042a1`
VirtualSize	`0x116084`
VirtualAddress	`0x2000`
SizeOfRawData	`0x117000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35191`

.rsrc

MD5	`1a81a1c6d5df52cff6f6dba7b0f8e69e`
SHA1	`3b7ec66cea142e74d69b153aaef96506201c50f5`
SHA256	`bbb69e6c9473717c03332e0801a68dbb33e22dc2e41c15e5de4e1c2b49641732`
SHA3	`3a81638abfca33c238aeade2601ebdbcb647a940ebe58c8219de1b421a67027d`
VirtualSize	`0x1768`
VirtualAddress	`0x11a000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x118000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.63751`

.reloc

MD5	`beabb053a5c811c7886236382d084da9`
SHA1	`9b7f6f427374e8857040df5e59dfc54e96e4e859`
SHA256	`7c601c0324937aa91d08acf8161bb45bff1ab1c6cf4dd9901a887d54616b6251`
SHA3	`46dda8eef548661827e84e83aa8baaf761e9436d0da4d55dc4b58b3c783e61db`
VirtualSize	`0xc`
VirtualAddress	`0x11c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x11a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0159202`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.73985`
MD5	`c2b254878ac497a50a290109c1aec4eb`
SHA1	`a47cfb0a8be24173477c25765c191085f6b695d5`
SHA256	`3fbfd014528206938932ff29dc4d446183ea26aea4ad42307ffcbbe7d1fa944f`
SHA3	`9980200e16f115095628801e331a8ed20f8ced2636e5b387b8c2d301ac9c7daf`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.94375`
Detected Filetype	Icon file
MD5	`d3bdbb19efa0630f837601a23f30ff3d`
SHA1	`f9513900fbb276100e1fcb1b798616c0ae0d4bc6`
SHA256	`852391035320228f8de3412c040f63d082abc6cc8ab8d715d1d5a92c243cbd97`
SHA3	`d64b14bf272ad71e0c7853722283bb1c1c821b983a886b63a7999ba1060420b6`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x384`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69758`
MD5	`aacbda5770fe0bf050bec1b7532c5b94`
SHA1	`0c841887367a06bbab72c2ebdb8042860f6bb95c`
SHA256	`57752e5940bdf75e9ad86cccf4a377ab12b5b512151cdd0d3f7991890900108a`
SHA3	`612832138200ba169113b166fa1a895e2a978a1f0efe36368b3b3af66032e630`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.5949.18230
ProductVersion	3.0.5949.18230
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	元大越是贏系統
CompanyName	元大證券
FileDescription	yeswin 越是贏
FileVersion (#2)	3.0.5949.18230
InternalName	YESHost.exe
LegalCopyright	2004~, All Rights Reserved.
LegalTrademarks	yeswin
OriginalFilename	YESHost.exe
ProductName	YUANTA YESWIN
ProductVersion (#2)	3.0.5949.18230
Assembly Version	3.0.5949.18230

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-Apr-15 02:07:41
Version	`0.0`
SizeofData	`106`
AddressOfRawData	`0x117fbc`
PointerToRawData	`0x116fbc`
Referenced File	D:\1-OP\EC\yeswin\yeswin2\RC-YSG\src\CLIENT\_CORE\YESHost\obj\Release\YESHost.pdb

TLS Callbacks

Load Configuration

RICH Header

ea161ff53128a64cb18d7191cb0f824c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

2

32512

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors