fe1de9ba4ac06363a112a8ce9f64fe2c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Dec-12 04:47:34
CompanyName Microsoft
FileDescription exceltodbf
FileVersion 1.0.0.0
InternalName exceltodbf.exe
LegalCopyright Copyright © Microsoft 2017
OriginalFilename exceltodbf.exe
ProductName exceltodbf
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Suspicious Unusual section name found: .sdata
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 fe1de9ba4ac06363a112a8ce9f64fe2c
SHA1 14e24d99f68f506453542a332333fea74ea23253
SHA256 9fc360a6d3a307064e92ed8feb96de6fd9d72eafa34b7825cd3daa41befd9c0a
SHA3 ff514f8c857e9666b01f11e76e7198db9f7ca14c91263522136201898f46c1dc
SSDeep 768:BuXnmR8w0FtFdqLqDbD1EIU6q44636wieteANQVMk48HcTakhJ9ZPB2Ge+:BuXnU0jeWDb5aXa6DoRNQr43Takvg+
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2017-Dec-12 04:47:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0xd800
SizeOfInitializedData 0xa00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000F79E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x10000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x16000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 15

.text

MD5 36dc98d44b2410dc586c7ef1a429e4c1
SHA1 95ec01d347706d940fc73d0c2bbb6b918a634082
SHA256 5fd46c56de0c18ae7420af58a9a97f48742d514688fa6bcb44d1552000e8bbd2
SHA3 ea0a5c660747a3d6d4a5a52ce2d18b0cc7b50f03beae6137fca1a02872a52173
VirtualSize 0xd7a4
VirtualAddress 0x2000
SizeOfRawData 0xd800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.82337

.sdata

MD5 b4e2d902b1b26b4d33db8ba3ad94b5b9
SHA1 d9854a79f2549656063d581f132bd8004b516571
SHA256 f1d6352009da65de11a9d0da17e74567e280bf87a45bf14dda7a18da8c57183e
SHA3 9e0a4ab7db3c18cf72c217da88148e12288f199dde3be41c711d2d0aae203368
VirtualSize 0x1e8
VirtualAddress 0x10000
SizeOfRawData 0x200
PointerToRawData 0xdc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.60747

.rsrc

MD5 db3661574df29e32e2b4f699e3e47148
SHA1 603d236eb53cbdb40150487528b2eb3d7b79d2ef
SHA256 9751f4983c66f51c2fc060ee7d27217c463836bd01e3f7cd7d15d5ffb6c90935
SHA3 826adf564388c867090a4b2e730ba983a3faa39c58c2f73434c236f8aeb44749
VirtualSize 0x594
VirtualAddress 0x12000
SizeOfRawData 0x600
PointerToRawData 0xde00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.04206

.reloc

MD5 ad0401756654395ca3f89b43f1d6839f
SHA1 e2410a9d6feafce8bf893142ab1606331b597578
SHA256 2904d0de5560c36946705cd946870c528d5617642894b04ebd2d17c93d9e98ec
SHA3 aaa2f145ff7a79c95ec1447bfd77c6f50995bb0121d011d5b1f69685f8b74e95
VirtualSize 0xc
VirtualAddress 0x14000
SizeOfRawData 0x200
PointerToRawData 0xe400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x308
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.2791
MD5 315e4f31b356958d964cbd638dcae011
SHA1 b95bcd239862554d9ad4dcab07093ebf8e149ded
SHA256 bd9ce299e434effe1002bddb2786027350455855721494201dcf5594bce6f557
SHA3 635bb1ad66d2dd3a566babd54d6e9c3a389e404176e70f0138252379f337c92d

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1 879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256 c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3 93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Microsoft
FileDescription exceltodbf
FileVersion (#2) 1.0.0.0
InternalName exceltodbf.exe
LegalCopyright Copyright © Microsoft 2017
OriginalFilename exceltodbf.exe
ProductName exceltodbf
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->