Manalyze report for fbd41757921f018b176e60d1a7c6e84f

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2014-Sep-11 18:21:46
Debug artifacts	c:\users\baptiste\documents\visual studio 2012\Projects\CrackMe\CrackMe\obj\Release\CrackMe.pdb
FileDescription	CrackMe
FileVersion	`1.0.0.0`
InternalName	CrackMe.exe
LegalCopyright	Copyright © 2014
OriginalFilename	CrackMe.exe
ProductName	CrackMe
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious		`Unusual section name found: .sdata`
Malicious	VirusTotal score: 3/70 (Scanned on 2020-01-22 01:19:37)	`APEX: Malicious` `eGambit: Unsafe.AI_Score_95%` `CrowdStrike: win/malicious_confidence_60% (W)`

Hashes

MD5	`fbd41757921f018b176e60d1a7c6e84f`
SHA1	`5e9a1571de553c99063c359814bdae40e87703a2`
SHA256	`c17d7590cad13e4afa74c9319d220d484353340c2f63a0b967915287ced7409d`
SHA3	`4e6b93f448e57c6ff86c70c9bc93481d24a3ccaffcb1ed426c3c50e23fbd01a9`
SSDeep	`192:/fgPCqXMBVigPGUMi1hUW3kNZmiLKnloYU45itICD9/Cv8JiZZBr/VJMwd:/fgPCqX8PGUB1Z0ZLf45Sjp/a8wN9JM`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2014-Sep-11 18:21:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x3400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00004F3E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xe000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`27431ffea7a64cc18c3d141cdc7f94a6`
SHA1	`e5c48992fa8744d4f1823e2d8a3faea61ffbbdfc`
SHA256	`f106e279b749b580c37dc859db9f8732163ebe6c2cb4ac0f0c78d87c9f5beb64`
SHA3	`f7feba96d71949e7bd12e6fa761940cccc7d331ba4beda891b2842035aa312e8`
VirtualSize	`0x2f44`
VirtualAddress	`0x2000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.60559`

.sdata

MD5	`31d8f0b89d71e929027f9886f81c754e`
SHA1	`dfc95620d9f372c40bbf998f8999ad6bac117b6b`
SHA256	`d23452073fc5901962cfa12860b97a80aa830c095fdaef33b67ca15c8b1776c9`
SHA3	`bb5cc8078024c094a2a5895210b358877f113bfcf6650255a963a39e197e6efe`
VirtualSize	`0x138`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.1238`

.rsrc

MD5	`b9b7246538cf40fc2aa75116e35d2b9b`
SHA1	`172127e3d5a2f60c07f581421d7711f7ab84f24d`
SHA256	`528cc3b8b4cc36cd597c4d697c2c45c1864546bcb6389e30e5395b4cfc521c90`
SHA3	`aa24c989a55a11ae5c1c6ea6a1ed5e61f833a114319dfd2a040a1c2acfdee39a`
VirtualSize	`0x2e40`
VirtualAddress	`0x8000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.289`

.reloc

MD5	`48e3b5b0bf0df5120db9021cc2ab5c9a`
SHA1	`f1d7eb69d0f00725dfbd5c5fae52ff6291763490`
SHA256	`6867f2c9ba39d907bacc5949ea36f8af8fa08c040bd85b2d0206ac872108497b`
SHA3	`ba4f18cc3aba0ca6ebcff9820ad393437b0b031b49616d15438fe193e16cd0a0`
VirtualSize	`0xc`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0776332`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0843`
MD5	`105b81bd721715275df5b229be68f074`
SHA1	`d9f82fd4974afb06297b803c70381d79bed90f9a`
SHA256	`478fe62e420007abb1a697a24cb1b80ced0a8e0a335d6ce68606efe71c4afaa2`
SHA3	`c5cffeaf58994264ee32c847cfe8575d3d360caa128613a4d47c99a2a49f8375`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.04772`
MD5	`f3018f2b932e0949bf386acd81aea508`
SHA1	`2515ef70721a15a20410f44b2c6fd724b7a2e07f`
SHA256	`abdc6eaa0ea69a1c506edf070a07fb12071453e08ecf3c6e35f1397d3422051f`
SHA3	`a7a18654c47f77448da7853d9a7d7fb4eee42c9e0cd6fde09467d6ef9e556e2a`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76148`
MD5	`52b71dd210ac5cf0fe97a3f9ba9a3896`
SHA1	`ed8632d87b02c7ab7dceb17bac85c8d23982f82b`
SHA256	`dc2a1f63c0882b33321345f27c07ef9f8bdb87aa687f075a474be430a1135982`
SHA3	`1852ad0a2b764cd65724857c1d8b61ca8a44398ac0b545e65747de83c84d9780`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.71396`
MD5	`14dff9b6c56d206aca6add232d20b50a`
SHA1	`d0b685483ff7225729d953638fb65f7d72f333de`
SHA256	`accfee1287c9f7dc25ecb19548ed246ceae1652fef5ad532914d5bb9dc9299ef`
SHA3	`8a9f96e045cf78160e00bb388bf90e23483a77d3075982e33eb9ef4861999af8`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.72071`
MD5	`a81075dd2b656f081e035280f17e7a93`
SHA1	`2e05cabb4904b309c79c221eb187ac41c53183de`
SHA256	`b76fc9f2130962dfc25029a639848894feee7e9eb1a0fe5c680e3a90671741b1`
SHA3	`573f8978953f0e5bde7dac42120c262e47727a40c0904aee26cc8e88d99ec10b`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72257`
MD5	`8eb389e5fd517774f26c9d113315365d`
SHA1	`16a2a3489eb31857dff142f6ccbbe110e2b3a90b`
SHA256	`b0a40090c9bfdfdd8d2f77b68d7052d1eeceb41dc5ab2eaa9c85e15104984ef1`
SHA3	`2ce61f9e0b33eb6c7c04168b99a585cc6e346a715f0d0e66cf67d6a0b8a62710`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71964`
Detected Filetype	Icon file
MD5	`a29f9f54be50b15d74257a197464bfdc`
SHA1	`85107c8039c33fa53c80003ea45b9081ea1bcf1a`
SHA256	`05507c3c1ae2629aec59c1d7c14944b8aa1492eee696d1c825c5407c929ed1e1`
SHA3	`98706ece32a9cff781122b40a3ef44bfdc7eab732ec93fd42d6d8f3c7756693c`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27157`
MD5	`29478ed97b434efafaa2b318a5be3096`
SHA1	`2a1e482293cbf36ae4a6567402ef8ea19a569eda`
SHA256	`c337245266ab8a6765d98d5f7c3144968826366b2b4ac868540eda6e6105c909`
SHA3	`67e3ea0db241ab626fb280fe3e38f35339dacc9719419f1108fd5abc6d9e1c30`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription	CrackMe
FileVersion (#2)	1.0.0.0
InternalName	CrackMe.exe
LegalCopyright	Copyright © 2014
OriginalFilename	CrackMe.exe
ProductName	CrackMe
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2014-Sep-11 18:21:46
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x601c`
PointerToRawData	`0x341c`
Referenced File	c:\users\baptiste\documents\visual studio 2012\Projects\CrackMe\CrackMe\obj\Release\CrackMe.pdb

TLS Callbacks

Load Configuration

RICH Header

fbd41757921f018b176e60d1a7c6e84f

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.sdata

.rsrc

.reloc

Imports

Delayed Imports

2

3

4

5

6

7

32512

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors