Manalyze report for 0e338c37b33ea74b3acb8591f8b5f8e65deb5a8730466a8756efe37b02d26fc4

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Apr-09 16:06:11
Comments	Cold Turkey Blocker
CompanyName	Cold Turkey Software Inc.
FileDescription	Cold Turkey Blocker
FileVersion	`4.6.0.0`
InternalName	Cold Turkey Blocker.exe
LegalCopyright	Copyright Â© 2025 Cold Turkey Software Inc.
LegalTrademarks
OriginalFilename	Cold Turkey Blocker.exe
ProductName	Blocker
ProductVersion	`4.6.0.0`
Assembly Version	4.6.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe firefox.exe iexplore.exe` `Contains domain names: dailymotion.com discord.com disneyplus.com facebook.com fandom.com getcoldturkey.com http://getcoldturkey.com https://getcoldturkey.com https://www.microsoft.com https://www.microsoft.com/edge/ https://www.mozilla.org https://www.mozilla.org/firefox/ imgur.com instagram.com linkedin.com microsoft.com mozilla.org netflix.com pinterest.com primevideo.com reddit.com tiktok.com tumblr.com whatsapp.com www.microsoft.com www.mozilla.org youtube.com`
Malicious	VirusTotal score: 3/71 (Scanned on 2026-04-26 23:25:11)	`APEX: Malicious` `VBA32: Trojan.MSIL.InfoStealer.gen.B` `VirIT: Trojan.Win32.MSIL_Heur.A`

Hashes

MD5	`65f2eabd599419adb4266303a0e7fe38`
SHA1	`1c76bebea4b3b801577080f736afc91b6cd574d9`
SHA256	`0e338c37b33ea74b3acb8591f8b5f8e65deb5a8730466a8756efe37b02d26fc4`
SHA3	`c023712b1b9e162b914731ccb0d76010dda9c17a5774f6d15579422869e2d828`
SSDeep	`12288:QcSxZzZNaVGikKuEWqTd4dTQLeXhRXFjuddizdiMG1e7ekToqhuMQdc4JzK8Ve7:Qtb5uMaK84b4`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2025-Apr-09 16:06:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`80.0`
SizeOfCode	`0xb7200`
SizeOfInitializedData	`0x10800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000B91CE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xba000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xce000`
SizeOfHeaders	`0x200`
Checksum	`0xcd960`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0331d37e1ebc75a1d925f5803ce2046c`
SHA1	`dd6e3bc7e47868de60c1f2e82bc2fca91975a369`
SHA256	`37b03c5c2201546800153a719f2df904dfed1697cf9e07bfa6b299baf01a6b84`
SHA3	`b847b723227e8e1ea56cf70e8b955b9d65f3283fc1d6a52f9284cff4e84c244a`
VirtualSize	`0xb71d4`
VirtualAddress	`0x2000`
SizeOfRawData	`0xb7200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.51666`

.rsrc

MD5	`ba16f11cf4800ead4b4cc55efbbc3b5f`
SHA1	`900b60e3727d13b5d4e53a42e7886782d977e041`
SHA256	`b2e97e379f6e42b6bea3e3d9e200cb00f5bef985d3b070df61d81c5679d93b9a`
SHA3	`f007848a3f1b1377a1bafa409a3b76e7e32b9e842b3e7151074991a9af0bb181`
VirtualSize	`0x10503`
VirtualAddress	`0xba000`
SizeOfRawData	`0x10600`
PointerToRawData	`0xb7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.49322`

.reloc

MD5	`4c394b4ccb05acfde86ce7a03a475f4c`
SHA1	`f2221da8882332bfba5b011dc720ec014a942a57`
SHA256	`87bee5a1133893feae21c7511b21e26cb0fec653b2d24a8e11f9b24962fc79bd`
SHA3	`c82f4d25fc9792aa01fedd103e93945198660fca6e8e96b979b570ebe06abfe2`
VirtualSize	`0xc`
VirtualAddress	`0xcc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84465`
MD5	`570b46927ac7ab6e0926936fb6166a56`
SHA1	`2ea25b270b6e76db6d42edb8a7af66aa6efadc7e`
SHA256	`1cc4482be6cd9b4386b5b3de4425b6c7f8fdd74564dbdd7515249157ff9991df`
SHA3	`2118803e2435f0b52433a0744a63ee641838dcb53d8c69fdb9218ef2e59e9e5a`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.61094`
MD5	`69a5e0f08393622d1c2c2b7e25928a58`
SHA1	`579d30bb86938465cfe29dc256b106af66eb2036`
SHA256	`50d4026174703cd25628b2a7fb5480cc02bf064ac91c04a6ace4dadfb7858967`
SHA3	`3971d48414b3d4424e3537ca818173eba2a31954a5eaf35f03076ecac3a54e2f`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23435`
MD5	`4a43cc8812c4682daca90a6dfc11e98d`
SHA1	`9f99e26fcb23a05366a2f6854aa7ebe8d95dd8f5`
SHA256	`6410fa3b1b5ff8e60d9b2123a33cf0d1af84952932e85ec96cc72642ac663c95`
SHA3	`b05fa6ee37ee9eddcf9582f0ecba95ab4e005a8f9fdcc09464ee685224392cbe`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71141`
MD5	`d772127fc24e2850761a72d70f32a909`
SHA1	`6d2f7b84a01fc5045892a60f14e626473b25cfaf`
SHA256	`c5f5245231929113f6aa057be290b27c91a21649eb352a9d2248d44c68457f64`
SHA3	`ace2d1e523b294adc3c4a0e824d56e7f7ed917fe2d9a5eb9232a3b3a296ce675`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xad57`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99`
Detected Filetype	PNG graphic file
MD5	`5195150ec95ea4ee1a4174e6cbae63c9`
SHA1	`9a250b5953e4b847a619db1953e8969d0707ce77`
SHA256	`358bc80334ca12b5df7ec20486442a59f56e70561701c8477be8139b4798cedd`
SHA3	`1b0e50bf3dbe8a42266418251ce94e07628dc23ab35063a5fef77ed2ac96e336`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64638`
Detected Filetype	Icon file
MD5	`9cbe86be22a71296167fc4390e880835`
SHA1	`e598a36f13c6ec6fc3f6c264b56d2e37c8c7e24e`
SHA256	`5b5b88b466d9584f209a63fe71ec0d6a05feb50db3df6a59993bae5c48450b47`
SHA3	`0a0482aa118a61f581922f2cd851f5c7ac3238c8814136aa372401d7b2d16ada`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38272`
MD5	`33a7cb736ffac3057f0e8af134be6468`
SHA1	`b3a3b9d7ddbd7c771485de78c4aea8100a1f2eca`
SHA256	`206fe3a701e2a9e2f0f0bc4786bd7f3e195dc161c5521c2b5ae3289f365dac0b`
SHA3	`e2679be23361aac558b83c20753ebe99673e3f23c8a6ff22f428fd26c0c58d67`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd53`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00692`
MD5	`f616e1715977dc3709c75c1beadfb04d`
SHA1	`1cfce527218746ff35e185a51e236549ecf875de`
SHA256	`91a278af780be137b02fab197d973fdcabf5818544b25bd95190494712c7bfcb`
SHA3	`c397897a1b2607ef3ee77ba9ff3f9fd39b39037a7559863f48d547080307ae5f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.6.0.0
ProductVersion	4.6.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Cold Turkey Blocker
CompanyName	Cold Turkey Software Inc.
FileDescription	Cold Turkey Blocker
FileVersion (#2)	4.6.0.0
InternalName	Cold Turkey Blocker.exe
LegalCopyright	Copyright Â© 2025 Cold Turkey Software Inc.
LegalTrademarks
OriginalFilename	Cold Turkey Blocker.exe
ProductName	Blocker
ProductVersion (#2)	4.6.0.0
Assembly Version	4.6.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.