Manalyze report for 103f3020004a91c96b344e5e952ddfe02327547f5ad86d19cd10fca4f7be8a4e

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2070-Sep-11 10:30:56
Debug artifacts	D:\Dropbox\2020\wintools\blacknotepad\prog-blacknotepad\blacknotepad\obj\Release\blacknotepad.pdb
Comments	https://www.wintools.info
CompanyName	WinTools.Info
FileDescription	Black NotePad
FileVersion	`2.3.2.31`
InternalName	blacknotepad.exe
LegalCopyright	Peter Panisz
LegalTrademarks	WinTools.Info
OriginalFilename	blacknotepad.exe
ProductName	Black NotePad
ProductVersion	`2.3.2.31`
Assembly Version	2.3.2.31

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: duckduckgo.com google.com http://venusgirls.tistory.com http://www.layout.com.br http://www.w3.org http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance https://duckduckgo.com https://translate.google.com https://www.bing.com https://www.bing.com/search?q https://www.google.com https://www.google.com/search?q https://www.wintools.info https://www.wintools.info/index.php/black-notepad https://www.wintools.info/index.php/black-notepad-activation https://www.wintools.info/index.php/wintools-info-translation https://www.youtube.com https://www.youtube.com/c/RedFlameFox layout.com.br tistory.com translate.google.com venusgirls.tistory.com wintools.info www.bing.com www.google.com www.layout.com.br www.w3.org www.wintools.info www.youtube.com youtube.com
Info	The PE is digitally signed.	`Signer: Peter Panisz` `Issuer: Certum Code Signing 2021 CA`
Safe	VirusTotal score: 0/72 (Scanned on 2026-03-01 02:01:27)	`All the AVs think this file is safe.`

Hashes

MD5	`7261ff76899d34078dc79f56dc84cce9`
SHA1	`a7ae12ed383d2b07211e768bdeb6891050933e8e`
SHA256	`103f3020004a91c96b344e5e952ddfe02327547f5ad86d19cd10fca4f7be8a4e`
SHA3	`0180fbadd822a65721ebb82e011d501f6561ab1fb120eb60f2c35a540dca70b2`
SSDeep	`6144:8KzcE8Ss4OdSHTyvirVfP8I9Uosfm73XjxS2YjJap8QjdY0B7A7PGxGM8GH1A6qQ:LzcE8S93TwirZjAQ3udNXM9D+gC0`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2070-Sep-11 10:30:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xae400`
SizeOfInitializedData	`0x1a000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000B02C2 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0xb2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xce000`
SizeOfHeaders	`0x200`
Checksum	`0xd7df0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d15858c57fecface5b606f5eede932b8`
SHA1	`4e7a9f38ddf624620a0c2bf359b5caccf5e14430`
SHA256	`bd7e654ceed3f554e4d1b641a1c2c85a056161b17ef0cf2a40c086c16bc731ec`
SHA3	`4163f41177cdf08369ee95f93f2b31928987aa39e5254f7598d0ae06a7667b4c`
VirtualSize	`0xae2d8`
VirtualAddress	`0x2000`
SizeOfRawData	`0xae400`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.9631`

.rsrc

MD5	`a2bcfa2bf1d87ae2bea75c02ff8d145d`
SHA1	`0e128b76b4d9f57843512904e40a05eded807d33`
SHA256	`9328a9d846d5a82dc2da12d68d5a5e6111f04b54217a69c7def707b4d21a3a65`
SHA3	`445e98dbca5f779e59767d6ab02ccef2ddab708c2b380eca6757fbe17d16293a`
VirtualSize	`0x19c58`
VirtualAddress	`0xb2000`
SizeOfRawData	`0x19e00`
PointerToRawData	`0xae600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.04077`

.reloc

MD5	`68a6d82d1e5972d39697f99d87eb4627`
SHA1	`31d062e32f2d642a07eb23fc55662328616adac4`
SHA256	`5bfa2d0679abac66ffc94304520631cf86981a24afa62a3817857d2e49b7d80b`
SHA3	`790ed0cc366959d2ab7b9d8ec2538c329b3b140f256b3c6d71400185ba7492a0`
VirtualSize	`0xc`
VirtualAddress	`0xcc000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf43`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88765`
Detected Filetype	PNG graphic file
MD5	`cd8b0928c99cce8516a08ac53a7bafd9`
SHA1	`4c0871d6fd060b4b1be2e52f140342447c1400b0`
SHA256	`2c474d138e608d96dbb6541ca714a2e0be541b29b418650a4c2bcda942ce8eb8`
SHA3	`b1c9799568e7915fcd0e7babb5e41c75cc35e9578f0079fcc2a83e850a9d3135`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.36617`
MD5	`5b267e691848e41261670c81b4003041`
SHA1	`b4b6623b355e6d96501d07bd78609da110a94c25`
SHA256	`1e90468b41e8db4d39d5fe20206838fe62555df741990575c8df9bab06abdda8`
SHA3	`0d9ecc223b331181d635c6efd475cf30554f69e235d4171b5eecf9e42667ea61`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.64145`
MD5	`72a97e346128a65c390fa14d8a843694`
SHA1	`8784156574e0b51234dd51f3784fe475312b6fdf`
SHA256	`6c075dfc3f4ecafe70a30b0def4f912f3b4df0a740dc05d81c6fe10239daa195`
SHA3	`e6673faba035d25d6a8d4d80d0ed9e2a3460d77a1a93b90c0096d79d627cceff`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.8142`
MD5	`3113c39a4267232005bda16d8262ea97`
SHA1	`39ec9afbfd9a1f197a0420acb43e621e553daa4d`
SHA256	`d59a7b2edc813b3137416fef3fbaa5af1e9c044affca12767d73556441108b03`
SHA3	`7654f2b4dc11e18bc824ad7eb601206635d1cac1f31b8c5a810bf2d8ad26a508`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.11797`
MD5	`fa459f6cf615d3b131e061dc7bac50cb`
SHA1	`f46fa68be152d004114c13c5ca45da8e57c58741`
SHA256	`62fdde51a96d1a5c999b275b752a596d79d129e0c90916dc49c785d0deab7a00`
SHA3	`396bdb24f1055e8246f30d4fb02416715bd1fa1ee0724d756a8f9329578770e8`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78622`
MD5	`c74e4dbb6b05e532acb098dc5c360441`
SHA1	`9602771a80082c487e40708bcfdac95d19592bbb`
SHA256	`a7de1aab9fa4b04977bbbd65e0bb704161a91a5796455b218f9999dcf4a45b60`
SHA3	`a1c36247c36e167573e0fc23c668f4e916f6abf74114f5357828a07c5bad975f`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`1548cc2067b44e391094ef1d7afd21da`
SHA1	`76eea9779f60969434f09c33ef754b5300bc8e88`
SHA256	`f2a8892fbc0c6b1e87b032e2725c0ad627eea46dff4fe8b3149d1ee12b109e25`
SHA3	`06db2948ddb3880124c5c9fdf6c93c19793ec79e1fbe7d23cc17ca4d8e494566`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x39e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41493`
MD5	`fe617000e043cb51c9831cadcecdcf3f`
SHA1	`c1e5588b6b0fa6924ef84cc43859ff961a50df0e`
SHA256	`c41e7393813777e4304de47d17678dc20dcc4b1a63b9f2a327a3e6a44f5afe54`
SHA3	`4f2d7fbcfd40766203d825fb16eb39ba9807ed3a2982472a5b3563eba144766e`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.3.2.31
ProductVersion	2.3.2.31
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	https://www.wintools.info
CompanyName	WinTools.Info
FileDescription	Black NotePad
FileVersion (#2)	2.3.2.31
InternalName	blacknotepad.exe
LegalCopyright	Peter Panisz
LegalTrademarks	WinTools.Info
OriginalFilename	blacknotepad.exe
ProductName	Black NotePad
ProductVersion (#2)	2.3.2.31
Assembly Version	2.3.2.31

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2041-Jul-16 23:10:43
Version	`0.0`
SizeofData	`122`
AddressOfRawData	`0xb01f4`
PointerToRawData	`0xae3f4`
Referenced File	D:\Dropbox\2020\wintools\blacknotepad\prog-blacknotepad\blacknotepad\obj\Release\blacknotepad.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.