ColManPacks.exe - ColManPacks

info
MZ
PE
resources
imports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	ColManPacks.exe
size	58752 (0xe580)
md5	04aa3e6553ece283634c5e3c238ae6d1

type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x80

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	3
TimeDateStamp	0x57177ff0
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x102
Magic	0x10b
LinkerVersion	80.0
SizeOfCode	0xda00
SizeOfInitializedData	0x600
SizeOfUninitializedData	0
AddressOfEntryPoint	0xf95a
BaseOfCode	0x2000
BaseOfData	0x10000
ImageBase	0x400000
SectionAlignment	0x2000
FileAlignment	0x200
OperatingSystemVersion	4.0
ImageVersion	0.0
SubsystemVersion	4.0
Reserved1	0
SizeOfImage	0x14000
SizeOfHeaders	0x200
CheckSum	0x10f25
Subsystem	2
DllCharacteristics	0x8540
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C# / Basic .NET

Sections

name	va	vsize	raw size	flags
.text	0x2000	0xd960	0xda00	R-X CODE
.rsrc	0x10000	0x3ac	0x400	R-- IDATA
.reloc	0x12000	0xc	0x200	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0xf906	0x4f
RESOURCE	0x10000	0x3ac
EXCEPTION	0	0
SECURITY	0xe200	0x380
BASERELOC	0x12000	0xc
DEBUG	0xf864	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x2000	8
Delay_IAT	0	0
CLR_Header	0x2008	0x48

show previews

type	name	size	cp
VERSION	#1	848	0

module_name	hint	ord	function_name
mscoree.dll			_CorExeMain

StringTable 000004b0

Comments
CompanyName	Microsoft
FileDescription	ColManPacks
FileVersion	1.0.0.0
InternalName	ColManPacks.exe
LegalCopyright	Copyright © Microsoft 2012
LegalTrademarks
OriginalFilename	ColManPacks.exe
ProductName	ColManPacks
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

VS_FIXEDFILEINFO

FileVersion	1.0.0.0
ProductVersion	1.0.0.0
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	4
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /CN=\x00E\x00M\x00E\x00A\x00\\x00g\x00c\x00i\x00a\x00s\x00f

serial: 7CAF5E94DE64B5B9473ED15DA8C28A50

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:af:5e:94:de:64:b5:b9:47:3e:d1:5d:a8:c2:8a:50
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=\x00E\x00M\x00E\x00A\x00\\x00g\x00c\x00i\x00a\x00s\x00f
        Validity
            Not Before: Apr 13 08:22:18 2016 GMT
            Not After : Apr 13 14:22:18 2017 GMT
        Subject: CN=\x00E\x00M\x00E\x00A\x00\\x00g\x00c\x00i\x00a\x00s\x00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c9:8c:4b:ec:cc:37:7e:e9:ea:68:df:e9:c3:b7:
                    df:9f:27:78:07:b0:93:47:f7:e7:88:f3:66:36:b6:
                    d7:7c:60:4a:84:6e:18:65:ff:03:19:d4:77:4a:00:
                    e3:04:f7:9a:35:19:7b:16:d7:6e:4c:e5:f5:97:5c:
                    2a:56:14:61:7a:2a:ef:4f:5a:b2:46:c7:a3:1f:bc:
                    ab:69:2e:13:fa:cf:9c:58:d2:e4:cd:0e:60:00:cb:
                    29:13:73:74:74:6d:a6:6d:cb:e0:63:e3:fa:9b:c3:
                    85:f4:07:a8:01:42:7a:5a:a2:ba:08:b3:55:73:8e:
                    9c:4d:fd:2f:8e:77:56:c2:4d
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        61:13:06:23:45:50:83:fc:22:27:db:21:e3:bf:2c:34:78:86:
        49:3b:8f:ae:10:cb:e3:0d:7a:39:9a:d1:3a:24:65:a2:95:f7:
        90:dc:68:64:bf:3c:0e:23:82:9a:d2:fd:e1:d3:e9:af:74:c5:
        25:41:13:1c:52:c3:2c:4b:89:1b:c5:4f:cf:32:01:e1:10:c3:
        71:06:0b:33:bf:50:e8:76:60:de:a9:c4:83:37:49:f3:5b:b6:
        6b:c1:94:b0:72:ec:c1:ef:1b:7b:a0:66:89:08:39:5c:97:9c:
        65:64:75:28:59:e3:ef:89:0b:50:5b:78:86:9c:a9:a1:08:ab:
        10:98

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15
- :

SHA1

05 76 08 b9 4d d8 fc 02 f7 94 0a 61 4b df fb 3d |.v..M......aK..=| 67 64 eb a0 |gd.. |

2
- 7C:AF:5E:94:DE:64:B5:B9:47:3E:D1:5D:A8:C2:8A:50
- RSA-SHA1: nil
- CN:
```
00 45 00 4d 00 45 00 41  00 5c 00 67 00 63 00 69  |.E.M.E.A.\.g.c.i|
00 61 00 73 00 66                                 |.a.s.f          |
```
- 2016-04-13 08:22:18 UTC: 2017-04-13 14:22:18 UTC
- CN:
```
00 45 00 4d 00 45 00 41  00 5c 00 67 00 63 00 69  |.E.M.E.A.\.g.c.i|
00 61 00 73 00 66                                 |.a.s.f          |
```
- #5
  - rsaEncryption: nil
  - C9:8C:4B:EC:CC:37:7E:E9:EA:68:DF:E9:C3:B7:DF:9F:
    27:78:07:B0:93:47:F7:E7:88:F3:66:36:B6:D7:7C:60:
    4A:84:6E:18:65:FF:03:19:D4:77:4A:00:E3:04:F7:9A:
    35:19:7B:16:D7:6E:4C:E5:F5:97:5C:2A:56:14:61:7A:
    2A:EF:4F:5A:B2:46:C7:A3:1F:BC:AB:69:2E:13:FA:CF:
    9C:58:D2:E4:CD:0E:60:00:CB:29:13:73:74:74:6D:A6:
    6D:CB:E0:63:E3:FA:9B:C3:85:F4:07:A8:01:42:7A:5A:
    A2:BA:08:B3:55:73:8E:9C:4D:FD:2F:8E:77:56:C2:4D: 0x010001

RSA-SHA1:

61 13 06 23 45 50 83 fc  22 27 db 21 e3 bf 2c 34  |a..#EP.."'.!..,4|
78 86 49 3b 8f ae 10 cb  e3 0d 7a 39 9a d1 3a 24  |x.I;......z9..:$|
65 a2 95 f7 90 dc 68 64  bf 3c 0e 23 82 9a d2 fd  |e.....hd.<.#....|
e1 d3 e9 af 74 c5 25 41  13 1c 52 c3 2c 4b 89 1b  |....t.%A..R.,K..|
c5 4f cf 32 01 e1 10 c3  71 06 0b 33 bf 50 e8 76  |.O.2....q..3.P.v|
60 de a9 c4 83 37 49 f3  5b b6 6b c1 94 b0 72 ec  |`....7I.[.k...r.|
c1 ef 1b 7b a0 66 89 08  39 5c 97 9c 65 64 75 28  |...{.f..9\..edu(|
59 e3 ef 89 0b 50 5b 78  86 9c a9 a1 08 ab 10 98  |Y....P[x........|

CN:

00 45 00 4d 00 45 00 41  00 5c 00 67 00 63 00 69  |.E.M.E.A.\.g.c.i|
00 61 00 73 00 66                                 |.a.s.f          |

7C:AF:5E:94:DE:64:B5:B9:47:3E:D1:5D:A8:C2:8A:50

SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4

messageDigest:

42 9d ca 41 eb 63 78 85  7c 3a eb 30 25 73 49 65  |B..A.cx.|:.0%sIe|
ad 98 0d 90                                       |....            |

rsaEncryption:

83 af 08 f8 d3 7b 53 d6  fc cb 7f a1 9f 85 70 e1  |.....{S.......p.|
b7 21 33 6f f2 8b 7c 73  5e 4a a4 50 41 3f 9f 06  |.!3o..|s^J.PA?..|
2b 43 b2 ee 30 f7 24 ca  04 bf 67 17 13 df 4e 8b  |+C..0.$...g...N.|
2f bb 94 1b 55 cb ca fd  22 5a 1d 8e 60 fd aa f2  |/...U..."Z..`...|
07 34 27 ed ae 74 d9 a1  09 a1 b6 15 60 8c bd 1d  |.4'..t......`...|
d6 a9 fc 60 53 bd a8 d4  79 d5 70 42 1b ce cf fb  |...`S...y.pB....|
d4 b4 c1 4c 5c dd fd a2  ce 97 30 c0 8f 44 57 1a  |...L\.....0..DW.|
29 09 86 6e d8 e4 72 c4  60 46 00 4c 1c 4e 2c b5  |)..n..r.`F.L.N,.|