Manalyze report for fd5ef2b5a2ad4232863c35a5f1a83a8138925ee723a164b561a01f0711eb5611

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-28 14:38:05
Debug artifacts	D:\Work\Updaters 2.0\Updater_179_BOH-3\Updater\obj\Debug\BOHPTS.pdb
Comments
CompanyName	UpNova.ru
FileDescription	BOHPTS
FileVersion	`1.0.0.0`
InternalName	BOHPTS.exe
LegalCopyright	Copyright Â© 2020 UpNova.ru
LegalTrademarks	UpNova.ru
OriginalFilename	BOHPTS.exe
ProductName	UpNova.ru
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET DLL -> Microsoft` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: UpNova.ru adobe.com hardcodet.net http://ashjfbhjasgfujas.bohpts.site http://ashjfbhjasgfujas.bohpts.site/updtr1/ http://ns.adobe.com http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://purl.org http://rusashjfbhjasgfujas.bohpts.site http://rusashjfbhjasgfujas.bohpts.site/updtr1/ http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://www.hardcodet.net http://www.hardcodet.net/taskbar http://www.shinntype.com http://www.shinntype.com/ShinnType_EULA.pdf http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# microsoft.com ns.adobe.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org shinntype.com www.hardcodet.net www.shinntype.com www.w3.org
Suspicious	VirusTotal score: 1/70 (Scanned on 2026-05-12 17:52:22)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`0b86ea8ee935f70faea0960571a6b2b4`
SHA1	`dfb46b2c7333baf0d6c9e8fcedb7cb2c4e23b63e`
SHA256	`fd5ef2b5a2ad4232863c35a5f1a83a8138925ee723a164b561a01f0711eb5611`
SHA3	`366ad8b7b78de40fd40cb7affd37e7cf1f329ab43b47a657cdbd418c4003c681`
SSDeep	`49152:mzOb7zuBpZsxohH9zWZ5mvP05uAACuJpUs:RnspZsxQH96ZUquKe`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2026-Apr-28 14:38:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x2a2c00`
SizeOfInitializedData	`0x2c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002A243A (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x2a6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2ac000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9c4028b7b1b7bfe3ea61218d47afb4a3`
SHA1	`d51c1ce9b4842c485c56a44f38282b536679f4c9`
SHA256	`29b941dcf03c1fd16bdacb2b3120891913db01701ff76a7f02be621ecf505fb8`
SHA3	`fb7d001f6ba1dddcfe3eabbb6342bcfea4c39d28db53617d5bd88543cf742ba1`
VirtualSize	`0x2a2a20`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2a2c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.03766`

.rsrc

MD5	`865f4571cc49ce0f006f283a087a3fba`
SHA1	`eff5cff37cd7cc99ff80ef4ea10ded3aca7e0d42`
SHA256	`01e5f4b72bc3c41616051ac83a0ddca166af1e7c96f5f33c00d4ad0fef86693c`
SHA3	`26d574a5d0b950a62dc6aa3dbcbd80c902127a5a79b4ffe829d9d91599ec37dc`
VirtualSize	`0x2808`
VirtualAddress	`0x2a6000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x2a2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.3343`

.reloc

MD5	`bab903acc70067a13277c397d6e59741`
SHA1	`494552aefa869b4d2227bafa5f048e81d31eebbd`
SHA256	`54796ea8aaf15931042523022f7f72ef0696b4957e45c1ba6cdbd1b25b17071b`
SHA3	`bb9cc65faafd90018b19676e064368f65fe1a4e151a1839ebbeef5974bf4fe74`
VirtualSize	`0xc`
VirtualAddress	`0x2aa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2a5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.77483`
MD5	`db5985b70c6548a6509dbe1d5a15c9ff`
SHA1	`40b4bc1efee7f730c8a9fec75dda98e30dad05b0`
SHA256	`1935d0b07e64b9bcc72e7ae2542f36424e6a44a3f41b6cd5d86440c1b19fd875`
SHA3	`349275810e37936a9b5abf3497c3cbb49a4a291e4c03c37d8c63592f39a91eaf`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`3c55b244b9535cc3aae184f96a388ad2`
SHA1	`309dfbcf4c99cbf7c6a0153fddcfaf05f3541404`
SHA256	`160ced3238da5472a5eb09b338063783577b840a5c1c8cea6ed3a2d0faa13bd3`
SHA3	`6ffb53a5a5176701653c80a45d83c3b343c009bd716e22ec13de881097192215`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34948`
MD5	`f3c3a0d6a6c1fea282f93427c78f38d8`
SHA1	`a2abc56079c51722a390480d48e3dc9092c6c682`
SHA256	`a03a14128424f7203115c4f4f40d0631061a446d1b11f6746172f571b58a20d3`
SHA3	`8df41f04e5219660a923388c8f530a64485ba47a2de10564ecdcc76b2ea0220d`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01679`
MD5	`452b1ef3e99fb01988da3e2ee8841e4b`
SHA1	`7465bf5dd663bec3b3ced84cd5913ef50029d426`
SHA256	`fba4d3b77bc13dddc34f4018ee41097b0ce0287ad2695da33c0bfb46477e8675`
SHA3	`5b4db69ad6f49469e16e351acea6eb120128ca92f12a82b91d210c2478818663`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	UpNova.ru
FileDescription	BOHPTS
FileVersion (#2)	1.0.0.0
InternalName	BOHPTS.exe
LegalCopyright	Copyright Â© 2020 UpNova.ru
LegalTrademarks	UpNova.ru
OriginalFilename	BOHPTS.exe
ProductName	UpNova.ru
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-28 14:38:05
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x2a22cc`
PointerToRawData	`0x2a04cc`
Referenced File	D:\Work\Updaters 2.0\Updater_179_BOH-3\Updater\obj\Debug\BOHPTS.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.