Manalyze report for 07ff1c36f7fa9f830ed256b63e7647375c80b586f618bdbc897f3e52aeba2680

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Comments	KeePass Password Safe
CompanyName	Dominik Reichl
FileDescription	KeePass
FileVersion	`2.57.0.0`
InternalName	KeePass
LegalCopyright	Copyright Â© 2003-2024 Dominik Reichl
LegalTrademarks
OriginalFilename	KeePass.exe
ProductName	KeePass
ProductVersion	`2.57.0.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains references to internet browsers: IEXPLORE.EXE chrome.exe firefox.exe iexplore.exe` `Looks for VMWare presence: VMware` `May have dropper capabilities: CurrentVersion\Run` `Miscellaneous malware strings: backdoor` Contains domain names: Spamex.com dominik-reichl.de example.com ftp.example.com ftp://ftp.example.com ftp://ftp.example.com/pub/Database.kdbx http://www.w3.org http://www.w3.org/1999/xhtml http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance https://keepass.info https://msdn.microsoft.com https://msdn.microsoft.com/en-us/library/8kb3ddd4.aspx https://www.dominik-reichl.de https://www.dominik-reichl.de/ https://www.dominik-reichl.de/update/version2x.txt.gz https://www.spamex.com https://www.spamex.com/tool/ https://www.spamex.com/tool/aliasinfo.cfm?v https://www.spamex.com/tool/listaliases.cfm keepass.info microsoft.com msdn.microsoft.com reichl.de spamex.com www.dominik-reichl.de www.spamex.com www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Suspicious		`Unusual section name found: .sdata`
Malicious	VirusTotal score: 4/72 (Scanned on 2025-08-04 12:16:27)	`APEX: Malicious` `McAfeeD: ti!07FF1C36F7FA` `VBA32: CIL.StupidPInvoker-2.Heur` `VirIT: Trojan.Win32.MSIL_Heur.A`

Hashes

MD5	`b9a68fc5bfac078f03e22ad151b32aff`
SHA1	`377583e3bd0db2f04bbc6f75ef66776c261dd856`
SHA256	`07ff1c36f7fa9f830ed256b63e7647375c80b586f618bdbc897f3e52aeba2680`
SHA3	`3e610493d17ce147a32e66d0a800d505cb20ee5902b0aeed34978edaaa04e8f4`
SSDeep	`49152:w5RRyAjgw+m5dO1xttujlS6RkIhJRrJT40lNP9ZafqS:w5TyiN+mc/ujlS6OG`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x322e00`
SizeOfInitializedData	`0x11000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00324DDE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x326000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x33c000`
SizeOfHeaders	`0x400`
Checksum	`0x338927`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e8ef0f7cdaf23eb6dbfa922db44627df`
SHA1	`17d2edecd391453e7178646c59fcc405c1fd9cfa`
SHA256	`77994df02442097eab6611d421ca3a5e3e816aa7a080792574c6377be5c42afd`
SHA3	`ebc2afd2ee0c1844b2a8447eb5982ca784e6f71dc756233f6f8ac12ea64c9354`
VirtualSize	`0x322de4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x322e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56922`

.sdata

MD5	`7cef328611905f7f86fd8e4f98cc804c`
SHA1	`d3bb54bd052b719255c63501115031b9adceb304`
SHA256	`02b7e236bdb16b273f3c74a06803de79b1500b22223d3d8f298edd9d86ec36c8`
SHA3	`8db9d12ee24da5f5d1fdd92af254e2683708ce71131876794a9ec322fd12a75c`
VirtualSize	`0x9f0`
VirtualAddress	`0x326000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x323200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.12241`

.rsrc

MD5	`dde3d03137392a13a7b0261b97d0ad07`
SHA1	`ca93d537e75786153eec826ac6e1d088588edbad`
SHA256	`56a82d607ad104844cdf9b8c5cd7bfeb4ea6b1454245bbbf3c441279a6037cdc`
SHA3	`f805d4a1125a4bf19b7b5dede3a4c4a8997243e46d396f2a66fa5905e7627666`
VirtualSize	`0x1027c`
VirtualAddress	`0x328000`
SizeOfRawData	`0x10400`
PointerToRawData	`0x323c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16469`

.reloc

MD5	`86ab88555eec9d0056c23c00e73e960f`
SHA1	`e9756e02296a7d8852e5c5fe36c2a9b7b1265fc6`
SHA256	`290cd79e44d07bb56aa8561771cfc656a4b66cbfb01bc2997180bcb0ab83c604`
SHA3	`302334611ce1c5f6fc7a659f69cbf6abf8de3b8b5cff803db20974a9b27426e5`
VirtualSize	`0xc`
VirtualAddress	`0x33a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x334000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10839`
MD5	`bc4d982e21acae3ec3baa68ce4385fd4`
SHA1	`512a8632e033243e9a2306d30c434c75ce0da9c8`
SHA256	`caa551eca3f40f1d15c0a2c21c6b700865a8c9854ceec7228cab511c58dbde4f`
SHA3	`cdece8f23fb697769d83715f550ca1a0c1c3be2779dfb0262e2e3ba2596f00cd`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75074`
MD5	`a3cc58169c0497c238756cfe4a78f984`
SHA1	`4af2d9ff84bab3e49b843d39ffdbad99d2d7aa9c`
SHA256	`7b5c3afaa48ca79d22d72f6a543f7886cdaf671f7e7003d266cd2cc6cfa299b4`
SHA3	`2bd27cdb7e870c87afd6be54ddee9d30113badd76c4c7913d5305e7b9f5d358d`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77375`
MD5	`5a02ec9d2c2c8049e0e10131d86f71fd`
SHA1	`56a9e35f43fcfa8c8289e7117a42c5d9351fae62`
SHA256	`90421e0dd7a17131560bb248a06155a1d7afa687bb030218488d7d2054e2be6b`
SHA3	`e9c496a1cd6e1fd579861cbae91247873d65ead50262dfc8c51d7ed3f7ea493d`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25579`
MD5	`6252e8576b25b47aa13265eec93a15c0`
SHA1	`d5cbc23fdec6c4a02b135392e0690d7402c8bb58`
SHA256	`36d80014c41e62e911ef47e1c30a3e9843eef5e779b378d8c27e109fec05146e`
SHA3	`24f7121d9794b66b3330131dc0e30115c1102e9b5372787acc034fba972f8107`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7266`
MD5	`48decc4040c45f652b5309eef33bb183`
SHA1	`01cfa22e6ca77831aaad56c31564e9be2b5b61ec`
SHA256	`559e26a42e684c829d72f2bd029bb3bcfba4aaf04666bfa46bcf476a825a3e8f`
SHA3	`eaec9f9510b4c297096f488a62e435ff8538394a74228ed97c9c03f3b815e6cc`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4dab`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95283`
Detected Filetype	PNG graphic file
MD5	`cb48944fbdfc1d37613dbb3677233ee3`
SHA1	`d40d3ad653a9b4ae3888b821d83f9b99d49d89b1`
SHA256	`c8efdbc84f5a0dc0d606671f0611e929d89613db68047f98e50911fc40e49aaa`
SHA3	`1500ba65cd89c3174c52743da3a4fd8c2cffa46a9b201cf1134eae68e33af1be`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65575`
MD5	`f93e0ef2608ff40127a42bddc8a8206a`
SHA1	`857279c4739c77f31c254cc1db54d2ecda430b10`
SHA256	`6bf60ab32bb32b2047dbeb0f1e5d49fee8a9e6902d397add1622bdf617364836`
SHA3	`a60c1d1e2c58f074f2b962a71916d83e2043cf5ee98e13d58b2cb83b54cf8743`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83026`
MD5	`ed1cc69ef6301adefd5541e4eb5bde33`
SHA1	`71af794b2b6ac8cf66cb4523bd6dd9ef0788ec1d`
SHA256	`d74452758cbf685c54503f75bc73b44845aaf41d670f81da458eee5a95327feb`
SHA3	`de0c83aecd9adc2f686f20c04a69b3b69154e9bac0e9969cefb1ab50a0c4c49b`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21791`
MD5	`71650038bda1490027a83fc665b48618`
SHA1	`2365e1e111fd07212ac69f4f249a18476631d305`
SHA256	`d573a7593f83cf94cc3e20e5bc4be6dd6b3b077708826bcbd78f15c2141f7c91`
SHA3	`95a125f91e8880321fdd2b4f050ecf873dbb120833437c7b30d1799b36e293f7`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.18537`
MD5	`ed3eddc0b5a55f15e5e1b5ecd1a2aed8`
SHA1	`2c946eadb2cc291155392a85b65cae547d4b585e`
SHA256	`615fa06e4f9d3fb0cc6360b7edb00ad3d1aa88ac1e08706a2a08645286b3482e`
SHA3	`94076f74fbcc3fbb020b668b5fbed6da00d01361c6aa4c268f19b415299d04c0`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.40695`
MD5	`e166d5adef30deb52e71a0d70a38d8e7`
SHA1	`54a57e1811bd76004f51e12fa659f935c0c12fb4`
SHA256	`7f29f1b1089b0570822aa2a0cb498445f151486011c3abb4dbd287cb944e2f29`
SHA3	`94afda39e676d0c756881b6a74d929e2e83dc220e8b1addf916aff997b3f85dd`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.59555`
MD5	`69a51d8dfb869b4d19a52906373edb2e`
SHA1	`f78bfdfa151d0d5a9bef2753c6980a251980b542`
SHA256	`422b2caaa2a62ee2030f3ddaf1aac3fb654de2991e3e6e62d62947098464f882`
SHA3	`b11070cb3afe17d7c260de39e6a4f5fa346431aab78ee9e9db20b0ac1fbf906e`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10974`
Detected Filetype	Icon file
MD5	`40932c4de49e9ffc179386ab07ef5c76`
SHA1	`a3feb4d7747496aaf38031c928023930fabc271d`
SHA256	`b1a490635a447285bd0cd7438a819b8ef8abb306c94395371b8edd31166f42e4`
SHA3	`266c2a9be0401954d92840fe6ae4288b147e8be2cf05962713f158986dd2ea40`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x340`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35674`
MD5	`de7487c1668b0188db7e3d93bf810f13`
SHA1	`778944870c66f755d1ff920bb7ecd3780049d00c`
SHA256	`4bf4f246cf4a9917d8fc6f10f4eac7d217c2263222acd34dab3ea76798b92317`
SHA3	`bc7a5ec13840ed7c501f92c98b2a5c422a7701d93b7d00070a7487c215e6e0b1`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.57.0.0
ProductVersion	2.57.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments	KeePass Password Safe
CompanyName	Dominik Reichl
FileDescription	KeePass
FileVersion (#2)	2.57.0.0
InternalName	KeePass
LegalCopyright	Copyright Â© 2003-2024 Dominik Reichl
LegalTrademarks
OriginalFilename	KeePass.exe
ProductName	KeePass
ProductVersion (#2)	2.57.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.