filenameColManPacks.exe
size58752 (0xe580)
md504aa3e6553ece283634c5e3c238ae6d1
typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x57177ff0
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x102
Magic0x10b
LinkerVersion80.0
SizeOfCode0xda00
SizeOfInitializedData0x600
SizeOfUninitializedData0
AddressOfEntryPoint0xf95a
BaseOfCode0x2000
BaseOfData0x10000
ImageBase0x400000
SectionAlignment0x2000
FileAlignment0x200
OperatingSystemVersion4.0
ImageVersion0.0
SubsystemVersion4.0
Reserved10
SizeOfImage0x14000
SizeOfHeaders0x200
CheckSum0x10f25
Subsystem2
DllCharacteristics0x8540
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C# / Basic .NET

Sections

namevavsizeraw sizeflags
.text0x20000xd9600xda00R-X CODE
.rsrc0x100000x3ac0x400R-- IDATA
.reloc0x120000xc0x200R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT00
IMPORT0xf9060x4f
RESOURCE0x100000x3ac
EXCEPTION00
SECURITY0xe2000x380
BASERELOC0x120000xc
DEBUG0xf8640x1c
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT0x20008
Delay_IAT00
CLR_Header0x20080x48
typenamesizecp
VERSION#18480
module_namehintordfunction_name
mscoree.dll_CorExeMain

StringTable 000004b0

Comments
CompanyNameMicrosoft
FileDescriptionColManPacks
FileVersion1.0.0.0
InternalNameColManPacks.exe
LegalCopyrightCopyright © Microsoft 2012
LegalTrademarks
OriginalFilenameColManPacks.exe
ProductNameColManPacks
ProductVersion1.0.0.0
Assembly Version1.0.0.0

VS_FIXEDFILEINFO

FileVersion1.0.0.0
ProductVersion1.0.0.0
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS4
FileType1
FileSubtype0

Signers (1)

issuer: /CN=\x00E\x00M\x00E\x00A\x00\\x00g\x00c\x00i\x00a\x00s\x00f
serial: 7CAF5E94DE64B5B9473ED15DA8C28A50

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:af:5e:94:de:64:b5:b9:47:3e:d1:5d:a8:c2:8a:50
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=\x00E\x00M\x00E\x00A\x00\\x00g\x00c\x00i\x00a\x00s\x00f
        Validity
            Not Before: Apr 13 08:22:18 2016 GMT
            Not After : Apr 13 14:22:18 2017 GMT
        Subject: CN=\x00E\x00M\x00E\x00A\x00\\x00g\x00c\x00i\x00a\x00s\x00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (1024 bit)
                Modulus:
                    00:c9:8c:4b:ec:cc:37:7e:e9:ea:68:df:e9:c3:b7:
                    df:9f:27:78:07:b0:93:47:f7:e7:88:f3:66:36:b6:
                    d7:7c:60:4a:84:6e:18:65:ff:03:19:d4:77:4a:00:
                    e3:04:f7:9a:35:19:7b:16:d7:6e:4c:e5:f5:97:5c:
                    2a:56:14:61:7a:2a:ef:4f:5a:b2:46:c7:a3:1f:bc:
                    ab:69:2e:13:fa:cf:9c:58:d2:e4:cd:0e:60:00:cb:
                    29:13:73:74:74:6d:a6:6d:cb:e0:63:e3:fa:9b:c3:
                    85:f4:07:a8:01:42:7a:5a:a2:ba:08:b3:55:73:8e:
                    9c:4d:fd:2f:8e:77:56:c2:4d
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         61:13:06:23:45:50:83:fc:22:27:db:21:e3:bf:2c:34:78:86:
         49:3b:8f:ae:10:cb:e3:0d:7a:39:9a:d1:3a:24:65:a2:95:f7:
         90:dc:68:64:bf:3c:0e:23:82:9a:d2:fd:e1:d3:e9:af:74:c5:
         25:41:13:1c:52:c3:2c:4b:89:1b:c5:4f:cf:32:01:e1:10:c3:
         71:06:0b:33:bf:50:e8:76:60:de:a9:c4:83:37:49:f3:5b:b6:
         6b:c1:94:b0:72:ec:c1:ef:1b:7b:a0:66:89:08:39:5c:97:9c:
         65:64:75:28:59:e3:ef:89:0b:50:5b:78:86:9c:a9:a1:08:ab:
         10:98
pkcs7-signedData
  • 1
    • SHA1: nil
    • 1.3.6.1.4.1.311.2.1.4
      • #0
        • 1.3.6.1.4.1.311.2.1.15
          • :
        • SHA1
          • 05 76 08 b9 4d d8 fc 02  f7 94 0a 61 4b df fb 3d  |.v..M......aK..=|
67 64 eb a0                                       |gd..            |
    • #2
      • 2
        • 7C:AF:5E:94:DE:64:B5:B9:47:3E:D1:5D:A8:C2:8A:50
        • RSA-SHA1: nil
        • CN: 
          00 45 00 4d 00 45 00 41  00 5c 00 67 00 63 00 69  |.E.M.E.A.\.g.c.i|
00 61 00 73 00 66                                 |.a.s.f          |
        • 2016-04-13 08:22:18 UTC: 2017-04-13 14:22:18 UTC
        • CN: 
          00 45 00 4d 00 45 00 41  00 5c 00 67 00 63 00 69  |.E.M.E.A.\.g.c.i|
00 61 00 73 00 66                                 |.a.s.f          |
        • #5
          • rsaEncryption: nil
          • C9:8C:4B:EC:CC:37:7E:E9:EA:68:DF:E9:C3:B7:DF:9F:
            27:78:07:B0:93:47:F7:E7:88:F3:66:36:B6:D7:7C:60:
            4A:84:6E:18:65:FF:03:19:D4:77:4A:00:E3:04:F7:9A:
            35:19:7B:16:D7:6E:4C:E5:F5:97:5C:2A:56:14:61:7A:
            2A:EF:4F:5A:B2:46:C7:A3:1F:BC:AB:69:2E:13:FA:CF:
            9C:58:D2:E4:CD:0E:60:00:CB:29:13:73:74:74:6D:A6:
            6D:CB:E0:63:E3:FA:9B:C3:85:F4:07:A8:01:42:7A:5A:
            A2:BA:08:B3:55:73:8E:9C:4D:FD:2F:8E:77:56:C2:4D            : 0x010001
      • RSA-SHA1: 
        61 13 06 23 45 50 83 fc  22 27 db 21 e3 bf 2c 34  |a..#EP.."'.!..,4|
78 86 49 3b 8f ae 10 cb  e3 0d 7a 39 9a d1 3a 24  |x.I;......z9..:$|
65 a2 95 f7 90 dc 68 64  bf 3c 0e 23 82 9a d2 fd  |e.....hd.<.#....|
e1 d3 e9 af 74 c5 25 41  13 1c 52 c3 2c 4b 89 1b  |....t.%A..R.,K..|
c5 4f cf 32 01 e1 10 c3  71 06 0b 33 bf 50 e8 76  |.O.2....q..3.P.v|
60 de a9 c4 83 37 49 f3  5b b6 6b c1 94 b0 72 ec  |`....7I.[.k...r.|
c1 ef 1b 7b a0 66 89 08  39 5c 97 9c 65 64 75 28  |...{.f..9\..edu(|
59 e3 ef 89 0b 50 5b 78  86 9c a9 a1 08 ab 10 98  |Y....P[x........|
    • 1
      • #0
        • CN: 
          00 45 00 4d 00 45 00 41  00 5c 00 67 00 63 00 69  |.E.M.E.A.\.g.c.i|
00 61 00 73 00 66                                 |.a.s.f          |
        • 7C:AF:5E:94:DE:64:B5:B9:47:3E:D1:5D:A8:C2:8A:50
      • SHA1: nil
      • #2
        • 1.3.6.1.4.1.311.2.1.12
          • nil
        • contentType: 1.3.6.1.4.1.311.2.1.4
        • messageDigest: 
          42 9d ca 41 eb 63 78 85  7c 3a eb 30 25 73 49 65  |B..A.cx.|:.0%sIe|
ad 98 0d 90                                       |....            |
      • rsaEncryption: 
        83 af 08 f8 d3 7b 53 d6  fc cb 7f a1 9f 85 70 e1  |.....{S.......p.|
b7 21 33 6f f2 8b 7c 73  5e 4a a4 50 41 3f 9f 06  |.!3o..|s^J.PA?..|
2b 43 b2 ee 30 f7 24 ca  04 bf 67 17 13 df 4e 8b  |+C..0.$...g...N.|
2f bb 94 1b 55 cb ca fd  22 5a 1d 8e 60 fd aa f2  |/...U..."Z..`...|
07 34 27 ed ae 74 d9 a1  09 a1 b6 15 60 8c bd 1d  |.4'..t......`...|
d6 a9 fc 60 53 bd a8 d4  79 d5 70 42 1b ce cf fb  |...`S...y.pB....|
d4 b4 c1 4c 5c dd fd a2  ce 97 30 c0 8f 44 57 1a  |...L\.....0..DW.|
29 09 86 6e d8 e4 72 c4  60 46 00 4c 1c 4e 2c b5  |)..n..r.`F.L.N,.|
offsetsizetypecomment
057856EXE04/20/2016 13:11:12#
15c115HTM#
baf52551PNG(32 x 32)#
c58f2469PNG(32 x 32)#
cfd72693PNG(32 x 32)#
e200896PKCS7Authenticode Signature#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







everything is OK