Manalyze report for fcdb986833fce78d4d2ff2f794d206e5

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Dec-26 21:13:43
Debug artifacts	C:\Workspace\CryptoTester\CryptoTester\obj\Release\CryptoTester.pdb
Comments	Tool for testing encryption algorithms.
CompanyName
FileDescription	CryptoTester
FileVersion	`1.3.0.8`
InternalName	CryptoTester.exe
LegalCopyright	Copyright © Demonslay335
LegalTrademarks
OriginalFilename	CryptoTester.exe
ProductName	CryptoTester
ProductVersion	`1.3.0.8`
Assembly Version	1.3.0.8

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES` `Uses constants related to Blowfish`
Suspicious	VirusTotal score: 2/72 (Scanned on 2020-01-03 09:19:29)	`CrowdStrike: win/malicious_confidence_60% (W)` `Trapmine: malicious.moderate.ml.score`

Hashes

MD5	`fcdb986833fce78d4d2ff2f794d206e5`
SHA1	`de42496a818cbc3d25f7b9af94c5d4b3324abb45`
SHA256	`8dc4fe32e88f3d05a659bbec290e348c37786e36f38b206cb6b23d2e81e84869`
SHA3	`da2ed16f6082e52dfd17ba6d52c0f4b4d290585cee9d0915885abb56e39ce5b9`
SSDeep	`196608:DtlobhCUWgatP9H2+w2xOtVKj26o2JFVCk/hMrTJ:Tsh2nP9H2+nUVik2nE`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Dec-26 21:13:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x613200`
SizeOfInitializedData	`0x6400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0061519E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x620000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ea6c14e8458025fbb63418ac2545db9c`
SHA1	`3dcb4e177099c2944a795909defd480f9c450f9b`
SHA256	`519e066c168805627af25844bd6832a2e955b57607c4954c89a4a6f11c0294b4`
SHA3	`a906f88c6d14da29f33eeda60c5c5d8db5c91a45c4f0c02f74234383571263ec`
VirtualSize	`0x6131a4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x613200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.96292`

.rsrc

MD5	`04abb1ffabc847e353a6f36244ce78f8`
SHA1	`0dfd42e640cbdc4652bcd6a8f0c9471c2ee13d44`
SHA256	`2a0ce0a8f6e453836928a5c92bea7d27caf4ba3251bcc6edd5e71a3b059302c6`
SHA3	`20737d16893ccb243de5834ae09164554f3837cd23d9f011f7164bd28081dba8`
VirtualSize	`0x6098`
VirtualAddress	`0x616000`
SizeOfRawData	`0x6200`
PointerToRawData	`0x613400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.82411`

.reloc

MD5	`53d2aa1b8da5283d040eeb20963aecf9`
SHA1	`3a6e923785ae1e0ea652c8f34a51c4a74904c38a`
SHA256	`3823867610ebfcede2d8e1aa2fa88a61b9d02817c010353a5b0cac38014f3811`
SHA3	`ce65f444d194fde17f136dd9dec1e7515680d1d9d0b7051031c8fed5897a4330`
VirtualSize	`0xc`
VirtualAddress	`0x61e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x619600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x59cb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96154`
Detected Filetype	PNG graphic file
MD5	`836e03b1b983519332ddd166f6f46faf`
SHA1	`4d8372603c2046edf449fe1535c2246e1794768b`
SHA256	`4bc0e4919f6108d387e9fa5984884a80003d4aa57be3a755b958596f2ac484b7`
SHA3	`fddae41b482a5a252320ca5ac051bde67191324cdbe7770b397a8acf26c5f7f6`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.51664`
Detected Filetype	Icon file
MD5	`73a356eb7a9dbb2cae4b69e45a4ec048`
SHA1	`e908e738a80f2c9e37fe6b82d0194b5792a3b342`
SHA256	`a914a90e305c5882751e867f30b26b049f718055578cd651dfddaceceb18cb06`
SHA3	`61b29e5676c373ea24abaee32a1e0e34e0c0d373d4b24b14fd8d89d962e6e3a6`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31788`
MD5	`8adde2da93bea7058e79e24b3f8b2e26`
SHA1	`6789f97eeeddf5861e361261620f868df41d55c2`
SHA256	`bb2f997a3768a21ed284cdd4ff208dd1541cb118af89ca0ac7fa82a0c0deeb5d`
SHA3	`efce689a9573002f8d02f0dac821fe0037afef0c32bfec471ea9ed48568b492d`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.0.8
ProductVersion	1.3.0.8
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Tool for testing encryption algorithms.
CompanyName
FileDescription	CryptoTester
FileVersion (#2)	1.3.0.8
InternalName	CryptoTester.exe
LegalCopyright	Copyright © Demonslay335
LegalTrademarks
OriginalFilename	CryptoTester.exe
ProductName	CryptoTester
ProductVersion (#2)	1.3.0.8
Assembly Version	1.3.0.8

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Dec-26 21:13:43
Version	`0.0`
SizeofData	`92`
AddressOfRawData	`0x6150ec`
PointerToRawData	`0x6132ec`
Referenced File	C:\Workspace\CryptoTester\CryptoTester\obj\Release\CryptoTester.pdb

TLS Callbacks

Load Configuration

RICH Header

fcdb986833fce78d4d2ff2f794d206e5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors