Manalyze report for 3d84d108ddadf33dfd3e0142a5bf12d0

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Jun-17 19:57:39
Debug artifacts	D:\Git\SteamDesktopAuthenticator\Steam Desktop Authenticator\obj\x86\Release\Steam Desktop Authenticator.pdb
Comments	Desktop implementation of Steam's mobile authenticator app
CompanyName
FileDescription	Steam Desktop Authenticator
FileVersion	`1.0.8.1`
InternalName	Steam Desktop Authenticator.exe
LegalCopyright	Copyright 2017
LegalTrademarks
OriginalFilename	Steam Desktop Authenticator.exe
ProductName	Steam Desktop Authenticator
ProductVersion	`1.0.8.1`
Assembly Version	1.0.8.1

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: CMD.exe` `Contains domain names: api.github.com download.microsoft.com github.com https://api.github.com https://api.github.com/repos/Jessecar96/SteamDesktopAuthenticator/releases/latest https://download.microsoft.com https://download.microsoft.com/download/2/E/6/2E61CFA4-993B-4DD4-91DA-3737CD5CD6E3/vcredist_x86.exe https://github.com https://steamcommunity.com microsoft.com steamcommunity.com`
Suspicious	VirusTotal score: 1/73 (Scanned on 2024-06-01 03:19:35)	`MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`3d84d108ddadf33dfd3e0142a5bf12d0`
SHA1	`765f742cc81f89dd84c56aa5363f2b1e3029a38c`
SHA256	`279435291df5f98ab46d391192a5d20c154f7939e691e8383f485fc1e8e91dee`
SHA3	`e8dd1c39d1662df6b99e388509661b3ccff29895c869eda9531e7137fd606fb6`
SSDeep	`6144:KG8hdmwNebNDoT6nw10zIffT6nw10zIffT6nw10zIffT6nw10zIffT6nw10zIff:2U`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-Jun-17 19:57:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x14e600`
SizeOfInitializedData	`0x1a600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00150582 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x152000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x170000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b7043fbe813a56ad982bc50d2c02c17c`
SHA1	`3f9fab658c119751b188e593a111b9db25032d8d`
SHA256	`cb972591dc888ed8b8cfdf55c7f6b05426de27f5b23b11a402b6c2092baf6d35`
SHA3	`f52d29d89880c683527865f809b3b1432427f58518003dc302469d81dbb9cc31`
VirtualSize	`0x14e588`
VirtualAddress	`0x2000`
SizeOfRawData	`0x14e600`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.33663`

.rsrc

MD5	`1a45292bb27d5546167a9251ca47da66`
SHA1	`5421a3ecab28a4395590478627e6d6af0cda95eb`
SHA256	`4a5faf4181024f2368bca0a712ced0f96e66b8bc6a71be4e7f8ed46ab6f8f832`
SHA3	`4e8ce9e31052facf062737caafee42914db98b9f9d40e16fe4f0be2584918499`
VirtualSize	`0x1a288`
VirtualAddress	`0x152000`
SizeOfRawData	`0x1a400`
PointerToRawData	`0x14e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.08146`

.reloc

MD5	`549b366e2bef2ff880faa1df416d7080`
SHA1	`5b4c5676a797f073fdf0248040acccf288fe092d`
SHA256	`45f453d1f487d91890c598e8e4d9bba394440f3e8854e64c17b0fc66a9aa789e`
SHA3	`89d30af8ac0f1bbc3858f369daad1c5f8e144d67ea5da5da0f067f47a8c6b45e`
VirtualSize	`0xc`
VirtualAddress	`0x16e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x168c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72987`
MD5	`3f7871796b2b483bad24ef26902210fd`
SHA1	`fd48c3cbd615460fd32f66d0d674aaac331b18d0`
SHA256	`a9a8da7e17daa1ce5676041e6c68d013d0602cacb98fca50ae098c3ae26dbd18`
SHA3	`f2cb536aef538920b5e4ef254c8c6c28098c6a3e2812d9f230fb58ef3afbde5c`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68991`
MD5	`69f7c731dc646d981a6c91c16ba958f3`
SHA1	`094e439b3891074d2a1f7b7e915043dc486cda39`
SHA256	`6bed0c3c7a2b1f1ece51ac67d69d59df4d3b6a4b968b32988892fb3b27327a19`
SHA3	`583245d7d14e98849aa261c5759eec316497b32c0c14b7237be7ec76b62068c3`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x162f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.81587`
Detected Filetype	PNG graphic file
MD5	`bf137cc76b41544f48e9ff72d1fd7d04`
SHA1	`016f1c8024bc2798195a837c1881c13d23ae8467`
SHA256	`b7d77a75615bffd066f5a9d65c8512b6bce4ba42b0371bbd61a96249ed9fdad1`
SHA3	`a0f7d598a5db04d6304e7c20386d8ba5d5942e12f203c77c96803fad7bf9005f`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.2112`
MD5	`e71661e8e1eaf9d66a18a11018148a98`
SHA1	`9df438e74dbbd09f6a25733f72252c4fbbc4d0b4`
SHA256	`e2e6fcf797c4c60127056233cb62fd39c41bb7ad0e1753cf323b657c74b60f10`
SHA3	`89352d8955a1fb2525bffe511cfafd80ef98bcdec429fa65a9fb2196c3360592`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x246f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89437`
Detected Filetype	PNG graphic file
MD5	`d0e01a3000e7b9f648d0e200483d4cdc`
SHA1	`9bbfdcb1a63bf6a5c4e1234ae24cb2630587dbb2`
SHA256	`783f4e83bd26f0df77fef9d7936743d1cb6a532a9f262c3cf7249732bf647df6`
SHA3	`aee6edb140d9865d666e6ebbb7b41b6418c5d1bc93364adfbdc14c6b43d629fe`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9164`
MD5	`b5a21ea5278163cb073a88d2ea1b38b4`
SHA1	`c84b670ed2fc2f8afbcd8598f9ded020813af9a2`
SHA256	`bb99056712da545f06a8be61589aec57a82f13720a292183a9696893989c0269`
SHA3	`13ffcbdf2e26448e017b02998c0e6aba800685bc57358bc868067e7057c38d87`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68735`
Detected Filetype	Icon file
MD5	`5a0d50c3ed8d343f99cc8b9fb4b7dee3`
SHA1	`570a3bce0bdc74a57609da125b74ec2557ccec13`
SHA256	`91e3c075ef585e0256e0b3f5943d9f35bf242865d33997b298798eea4cf6c931`
SHA3	`c0cc1de85884564a96ae44ac897debbf8dee8a0aa85636e28224ca8925efa5e3`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x41c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33479`
MD5	`6c27ff52a29d684a0220e5adc9fce4fd`
SHA1	`934c3643bf0d9195f24698c7e85274410f1eae58`
SHA256	`2189d5e51833d8737066eb676c597f8113d22d8427e45f3457d141a95bd05417`
SHA3	`85bec90c2f4c1793f29f434cda2fa5c7a7582f25612ceb10fab30b3b1172bf55`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.8.1
ProductVersion	1.0.8.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Desktop implementation of Steam's mobile authenticator app
CompanyName
FileDescription	Steam Desktop Authenticator
FileVersion (#2)	1.0.8.1
InternalName	Steam Desktop Authenticator.exe
LegalCopyright	Copyright 2017
LegalTrademarks
OriginalFilename	Steam Desktop Authenticator.exe
ProductName	Steam Desktop Authenticator
ProductVersion (#2)	1.0.8.1
Assembly Version	1.0.8.1

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Jun-17 19:57:38
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x150414`
PointerToRawData	`0x14e614`
Referenced File	D:\Git\SteamDesktopAuthenticator\Steam Desktop Authenticator\obj\x86\Release\Steam Desktop Authenticator.pdb

TLS Callbacks

Load Configuration

RICH Header

3d84d108ddadf33dfd3e0142a5bf12d0

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors