Manalyze report for f6e7c00397bdd2daabe3a3b291f1c92ef6cf1d4ea07974fca993e342cbf8a27b

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2041-Dec-02 05:17:39
Debug artifacts	MobiInstaller.pdb
CompanyName	MobiInstaller
FileDescription	MobiOffice
FileVersion	`1.9.15801.1`
InternalName	MobiInstaller.exe
LegalCopyright
OriginalFilename	MobiInstaller.exe
ProductName	MobiOffice
ProductVersion	`1.9.65801.0+483b82f85611f4096a7bba7d8b63c12807c413ac`
Assembly Version	1.9.15801.1

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: AppCenter.Resources.AppResources.de AppCenter.Resources.AppResources.es AppCenter.Resources.AppResources.fr AppCenter.Resources.AppResources.it AppCenter.Resources.AppResources.ru AppResources.de AppResources.es AppResources.fr AppResources.it AppResources.ru MobiInstaller.de MobiInstaller.es MobiInstaller.fr MobiInstaller.it MobiInstaller.ru MobiSystems.AppCenter.Resources.AppResources.de MobiSystems.AppCenter.Resources.AppResources.es MobiSystems.AppCenter.Resources.AppResources.fr MobiSystems.AppCenter.Resources.AppResources.it MobiSystems.AppCenter.Resources.AppResources.ru Resources.AppResources.de Resources.AppResources.es Resources.AppResources.fr Resources.AppResources.it Resources.AppResources.ru cfg.mobisystems.com crl.microsoft.com googleapis.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.microsoft.com/winfx/2006/xaml/presentation/options http://schemas.microsoft.com/xaml/behaviors http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://www.microsoft.com http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pkiops/Docs/Repository.htm0 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.microsoft.com0 https://cfg.mobisystems.com https://cfg.mobisystems.com/_data/banners/ https://cfg.mobisystems.com/update/Dependencies/Microsoft.VCLibs.140.00.UWPDesktop/14.0.33728.0/x64/Microsoft.VCLibs.x64.14.00.Desktop.appx https://cfg.mobisystems.com/update/Dependencies/Microsoft.VCLibs.140.00/14.0.33519.0/x64/Microsoft.VCLibs.x64.14.00.appx https://cfg.mobisystems.com/update/Dependencies/Microsoft.WindowsAppRuntime.1.5/5001.70.1338.0/x64/Microsoft.WindowsAppRuntime.1.5.msix https://mobisystems.com https://storage.googleapis.com https://storage.googleapis.com/ms-apps-bucket-exp/_data/banners/ https://storage.googleapis.com/ms-apps-bucket-test/_data/banners/ https://support.mobisystems.com https://support.mobisystems.com/hc/articles/24994358001821-Troubleshoot-Common-Installation-Errors?platform https://support.mobisystems.com/hc/articles/28194250940061-How-to-Deploy-MobiSystems-Products-in-a-Windows-Corporate-Environment#h_01JXYT3PKWQSAYC4MKYJ8TT190 https://support.mobisystems.com/hc/requests/new https://www.mobisystems.com https://www.mobisystems.com/wpf microsoft.com mobisystems.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org sentry.mobisystems.com storage.googleapis.com support.mobisystems.com www.microsoft.com www.mobisystems.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Info	The PE is digitally signed.	`Signer: MobiSystems` `Issuer: Microsoft ID Verified CS AOC CA 03`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`6752109f30788e1b64df3674eddcccb0`
SHA1	`9bfb308f1edcd4c53d93369ccc5777193005cf0d`
SHA256	`f6e7c00397bdd2daabe3a3b291f1c92ef6cf1d4ea07974fca993e342cbf8a27b`
SHA3	`39a90bff7a98b50daad4e77dc334b5901b051f74f5890b4f1035c22f4c5095de`
SSDeep	`98304:5eeDOS/pV1/6xbkqXf0F4zWXGWAAkQLTjPT+O:5FxV1/6xbkSI4zW2W/LD+O`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2041-Dec-02 05:17:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x33d800`
SizeOfInitializedData	`0x25e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0033F60E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x368000`
SizeOfHeaders	`0x200`
Checksum	`0x3712f1`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8439871fe4b04de396bfad2b839a8bb9`
SHA1	`ff684d2b5ebfb3d8469413326e416a7a5cffd893`
SHA256	`4187e5dd9b2a85b40772712d84748c0e121ab542b8b2df89e22c6768a462a7ef`
SHA3	`c8b4e599beda867ce7903003afd31e2d14e825feecce881f46d8c5b3eef838c5`
VirtualSize	`0x33d614`
VirtualAddress	`0x2000`
SizeOfRawData	`0x33d800`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.77606`

.rsrc

MD5	`2172513ba5b32fbba3b7da99ef666c53`
SHA1	`a6f2206238afabab14118f709640ceacbc993cfa`
SHA256	`9b52f5e3cc24ec6a8ff12ea2cff1e22def1485febc61a982193cd4722ad9a6d3`
SHA3	`001102831e655af3c3f9cf75d241f83a65174f8ef8f3480fce688cce5f064559`
VirtualSize	`0x25a18`
VirtualAddress	`0x340000`
SizeOfRawData	`0x25c00`
PointerToRawData	`0x33da00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.17788`

.reloc

MD5	`5b967a54bc4d7989457803c435e4d6c3`
SHA1	`f1e2509364b479ed4acaf79cdf9cf583244fc470`
SHA256	`3dec727d245550212dca694363c5c2d2e4070bef25861389ff2f75558b5828b4`
SHA3	`be72affcd7cc11d64a2e1b9d3651782d5e419e77bc51020fc3e7bf894047017b`
VirtualSize	`0xc`
VirtualAddress	`0x366000`
SizeOfRawData	`0x200`
PointerToRawData	`0x363600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.96564`
MD5	`0b7e3ecff048f9ee067d5e8d91b5a5eb`
SHA1	`e7384c18ea82a48a3aef1a7e2f75d1a7f6030c2f`
SHA256	`8b4dbc33d5bb1d8ab5f3ac65d527744a47daa5b839c1a9f5b2e0b8f0b9e5c575`
SHA3	`07ef83eb7c7c638a61bb244be294d59c69d982cea0ac9ce46b8a98dc4581c235`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.79356`
MD5	`c0ae6d44d77504f3ecfd1144b66c7213`
SHA1	`6d4621e7ccf1725dd4a5dae125a47d795ca95afa`
SHA256	`8da82bb579e44f66208a37ebf3cc3f5475e0cad830022b4ec3b371553cebae23`
SHA3	`b8011a9183a8816e622c334bf9e67a27bd509405914f5a494e1633c6bcda28e6`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76002`
MD5	`1a32efdaf7b8d1771b462b21621f080e`
SHA1	`ecce6aa692c0b98aac12a1ed45ffb49caa1b6fd2`
SHA256	`b332f0422b92f558888897c28a1f5f1100c987052d16d566af8d799cf8d7e363`
SHA3	`8e18e0445fd5fd4514d5842b7f451e10ec48777d99bb0b5a5f2d0c0709f3ff21`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.60323`
MD5	`2c347c3b20692ab68256ee915a2a6720`
SHA1	`e0654ac6b7c1b939b5198ad1c99e30dd6baf70ed`
SHA256	`78f3eea85ce5972c0cd7b9cd7f37047a9c18cd68652cef0d409c9891cfc2826d`
SHA3	`be3e8179713ac2a3aba88d836f9a95dbab577e5641f5fcdc462df7fac8e84e6e`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09314`
MD5	`a70d6cbdd1f5cadb2d5c7cc07c07799e`
SHA1	`2fd6d50e021a03850da61fafeabd1053eac83c3e`
SHA256	`06843865bf39840c93c9496a09f64b3a6385498d1c9e0baf2f75ca6f543950ee`
SHA3	`491464f1a3c2b8df3e2fe47a54896aae25591a281d7784d0649744eb0df217b2`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87659`
MD5	`c8cc7a678b29e8106f2642356f26df45`
SHA1	`1e27aec86f43b09bc4766d0486128051988a3050`
SHA256	`4a7ca45c46f54cb1ff2858cfd090f913f08a5b6f3a67f910af0b7e0b33e4f15f`
SHA3	`5ebbc4c3cda10b8298bf9e586ab1c2c34b7515b584763bcf31ffb23e85cbd469`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61203`
MD5	`947cf860f0e582290bbc24b2d77af1c3`
SHA1	`592a7bd8a96099427cd5001c4e22ebf0b3ce13c0`
SHA256	`0029370cf1a18099b2feddda6f52c182c7d00c77fdddf1cc717ec8fded2b8e8e`
SHA3	`2aecd683b53fd77de4adf7e044e509cae50d6071ddfff249fdfdef0c9a156ce0`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6374`
MD5	`1e23026df8239d742a69bcd937465e9d`
SHA1	`a57a00a378dadfdd5e2aa6fd6559a72111502848`
SHA256	`af02d958c46f5d80ebc0fbdbe261a081204ef1149debe285ff10cb3e68adf235`
SHA3	`cb66ec15e778dabec679bca84150df66fcb46e5f5812199f8179992eeab9a4e7`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59374`
MD5	`fc95700029c59e9d29d93a8ce7bbc976`
SHA1	`a1dbd0bf298e36394fa8690cf958f902bbdd22cd`
SHA256	`629a459cc83407b3e0478c588ace094da734a10565c7c24b53d6c70bbf0e8fe8`
SHA3	`b38e907c5fb021249ef2ae9560da599d16087d120bc151ec66e0a265120d35e2`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x67e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60598`
MD5	`ca3784a9130e2bd90e390d139e82f356`
SHA1	`a51de88ac06da661558676056970587eaf3983df`
SHA256	`dd4519df98631f525e614e9fea94d90f73b32d12410598df64314b90e99f9568`
SHA3	`4d75fdabcc7b4f0f1279b4fe4c2ec2a715f3e47f4b49ba25579ab41c28150ff3`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.33675`
MD5	`630d3346a29e13da8ce29c4fe6ac35da`
SHA1	`59f026ba4c63e2ad0542fb47a60a935715059c52`
SHA256	`cb6e02ada1cd94496392810fe98420a37a9217cfc90ef661d631e138df7e6bb6`
SHA3	`9263120d601d57486ce894b0050239488e79e63c6aa8e32652944699d354ab66`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1994`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.86954`
Detected Filetype	PNG graphic file
MD5	`cb703d20f2ad2c89243591370e640707`
SHA1	`96079de93e8b8e7f3cf869994df406b74a24d6a5`
SHA256	`6431a739937c38a83e4a347dcd5980028f1325474ddab7ecd803d1031a2569f5`
SHA3	`a940c44bf5a6fc716df2b739f0ad55d0e72d2d2dc6015e478699e994df6ef0d9`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20218`
Detected Filetype	Icon file
MD5	`ebaff9a06854fd834bf57a481d87797a`
SHA1	`ed257f39550351fca1237f579fe41047633eb61a`
SHA256	`569652f6c57fafa0832d2d0891dbfd9494a5331cbf4ff5709daf9955f66c70c8`
SHA3	`06a965b54ac8315e4bd79e211de6a3f089acd32ab4aaed42c8dcaf893aa7ac41`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x350`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45987`
MD5	`504a18a7cf8bed1d3b37c19f0ea8d972`
SHA1	`d0fb7ea82d6617f259d0b0b946edb61ed74a6bcb`
SHA256	`5ae4153195dba1cbd4088ba0a508151786493804425877100f73a85b751a2835`
SHA3	`64a6a1ff2b86bdce6ba08aff8ffb0bc55a70c7beae208dc955aaec116b499fcf`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x658`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8216`
MD5	`83a281746c6a84c991fd38999e2be9d1`
SHA1	`a5952a3bd0ef5dc8a8e821bfdd2c3c497f698414`
SHA256	`b60b6ab7a292063f2195f646db2a7aa2462faf765029cddb9a9c98c140033877`
SHA3	`80471ad3530cb07ff3c483baabcc82fb46bfa8a85abbee16c1b9dd68500b8b6d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.9.15801.1
ProductVersion	1.9.265.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	MobiInstaller
FileDescription	MobiOffice
FileVersion (#2)	1.9.15801.1
InternalName	MobiInstaller.exe
LegalCopyright
OriginalFilename	MobiInstaller.exe
ProductName	MobiOffice
ProductVersion (#2)	1.9.65801.0+483b82f85611f4096a7bba7d8b63c12807c413ac
Assembly Version	1.9.15801.1

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2041-Dec-02 05:17:39
Version	`256.20557`
SizeofData	`42`
AddressOfRawData	`0x320c18`
PointerToRawData	`0x31ee18`
Referenced File	MobiInstaller.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`256.256`
SizeofData	`125303`
AddressOfRawData	`0x320c42`
PointerToRawData	`0x31ee42`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0x33d7b9`

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.