Manalyze report for 7bb8f3efd6ff2e2b1e4228582134f5290df53e5a7abf34147410ab34d628d3c3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Oct-24 21:59:47
Debug artifacts	C:\BuildRelease\SimNextGen\SIMNext\SIMNext.View\obj\x64\Release\SIMNext.pdb
Comments	SIM Next
FileDescription	SIMNext
FileVersion	`1.23.6.1024`
InternalName	SIMNext.exe
LegalCopyright
LegalTrademarks
OriginalFilename	SIMNext.exe
ProductName	SIM Next
ProductVersion	`1.23.6.1024`
Assembly Version	1.23.6.1024

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: IEXPLORE.EXE chrome.exe firefox.exe iexplore.exe` `May have dropper capabilities: CurrentVersion\Run` `Miscellaneous malware strings: cmd.exe` Contains domain names: adobe.com ajuda.yahoo.com bellard.org br.ajuda.yahoo.com codeplex.com cronos.intelbras.com.br ffmpeg.org google.com http://cronos.intelbras.com.br http://cronos.intelbras.com.br/download/SW/FFMPEGSN/prod/FFMPEGSN-4.2.2-829d56f158832dbf669b5b417af48060.bz2 http://ffmpeg.org http://ns.adobe.com http://ns.adobe.com/camera-raw-settings/1.0/ http://ns.adobe.com/exif/1.0/ http://ns.adobe.com/photoshop/1.0/ http://ns.adobe.com/tiff/1.0/ http://ns.adobe.com/xap/1.0/ http://ns.adobe.com/xap/1.0/mm/ http://ns.adobe.com/xap/1.0/sType/ResourceEvent# http://ns.adobe.com/xap/1.0/sType/ResourceRef# http://purl.org http://schemas.microsoft.com http://schemas.microsoft.com/expression/2010/controls http://schemas.microsoft.com/expression/2010/interactions http://schemas.microsoft.com/expression/2010/interactivity http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.microsoft.com/winfx/2006/xaml/presentation/shell http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://schemas.xceed.com http://schemas.xceed.com/wpf/xaml/toolkit http://wpfanimatedgif.codeplex.com http://wpflocalizeextension.codeplex.com http://www.bellard.org http://www.bellard.org/ http://www.gnu.org http://www.gnu.org/licenses/old-licenses/gpl-2.0.html http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html http://www.w3.org http://www.w3.org/1999/02/22-rdf-syntax-ns# https://br.ajuda.yahoo.com https://br.ajuda.yahoo.com/kb/SLN27791.html https://br.ajuda.yahoo.com/kb/SLN27791.html? https://intelbras.com https://support.google.com https://support.google.com/accounts/answer/6010255?hl inkscape.org intelbras.com intelbras.com.br microsoft.com ns.adobe.com openxmlformats.org paint.net schemas.microsoft.com schemas.openxmlformats.org schemas.xceed.com support.google.com wpfanimatedgif.codeplex.com wpflocalizeextension.codeplex.com www.bellard.org www.gnu.org www.inkscape.org www.w3.org xceed.com yahoo.com
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: INTELBRAS SA INDUSTRIA DE TELECOMUNICACAO ELETRONICA BRASILEIRA` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/73 (Scanned on 2024-07-15 15:27:02)	`All the AVs think this file is safe.`

Hashes

MD5	`c3e32ac1b7ae24df7a675a3a730ca8bc`
SHA1	`983da326528e72c7c82b005b6b659f4b04389879`
SHA256	`7bb8f3efd6ff2e2b1e4228582134f5290df53e5a7abf34147410ab34d628d3c3`
SHA3	`b5ca2171d2c02a7d730cf6eb2710673d90f304064279ce4eabce8d81dfecd51d`
SSDeep	`98304:xZhBcaHbJTsdtA0kMWgrRcyEgAYnMJ5TWkf:lBca7JTotpWgr8FJ5TWkf`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2023-Oct-24 21:59:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`48.0`
SizeOfCode	`0x486c00`
SizeOfInitializedData	`0x32a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x140000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x4be000`
SizeOfHeaders	`0x200`
Checksum	`0x4bf4f2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ad5bf069d73e93ebfdce6ad838f76eba`
SHA1	`933351078be27cfbe872fd1768a1b5e12cc10765`
SHA256	`7eec2a2340f7b27bfedc355feeef790185a9f4cc1dee39a3f0a9f3511a051071`
SHA3	`589f87e6c5ce71ca038052caaae95ee0293716e40a64eccfdb855e915eb045aa`
VirtualSize	`0x486b00`
VirtualAddress	`0x2000`
SizeOfRawData	`0x486c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.3555`

.rsrc

MD5	`62a56a10173ab56ab0a6ddbfcc176bf6`
SHA1	`f772d860078e88237f157ec58bde342eb5ab07ca`
SHA256	`7cb747e5784e0b94973f08e687a8f0802521fae15ea036dd3a56ee3e73e42e55`
SHA3	`14dbac34e1d192c5f320421020fc0c3e1967ab355586e91baf2edd2d8f56ca68`
VirtualSize	`0x32824`
VirtualAddress	`0x48a000`
SizeOfRawData	`0x32a00`
PointerToRawData	`0x486e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.36695`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x16632`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99225`
Detected Filetype	PNG graphic file
MD5	`75fd85dc3c31cb435c685025fafe5369`
SHA1	`f4febd7c009d404bf1cf280415d1eb2708744cb5`
SHA256	`afda1043975bc09676cbefc81d389719eef98814c48a4e74af296462fb7a20cb`
SHA3	`9f755bf8c4038abec3ca24031f382d00a3414dfacdf86d1895c80806b67e351f`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.42068`
MD5	`4250f9f960bd23395265f99cd350620f`
SHA1	`338abb52828e312f338ec534b0fc6754c8953c98`
SHA256	`384c62d99af63cbdf821f17199024a3b16ceca7aff6095afebdc7739684fa677`
SHA3	`47644b1c1a7027f2104200c2ab0aa5b788cf8d01bdb6c3e11295e12786158cce`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.4574`
MD5	`c8c4c2ddabdcddc91a7daa6d734a54e3`
SHA1	`768ce99ba336cbe2881a6f05a3f949dfe6f5c131`
SHA256	`44ef598574fffbae5d31ae6264c5746aa74223d7c98fff7ebceb8e9183cacd9c`
SHA3	`2d09b9737824b7db1c7e49bfd77cc8a350335e23e2be99d3cf280a324cca99de`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.48111`
MD5	`2c1d25502f475cca4ca64b5e94930977`
SHA1	`9c654e922940035781fd8eac65bc29ed247af79f`
SHA256	`3a1e05deba8780e99aac61f14aa698388c493f5d660e21a0b040f4848aa7fb53`
SHA3	`26e150bb53efe890988c33a1607c4d4efd387c8032cbaa73bafe10c7e9fd5931`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.45389`
MD5	`6c05e9de567f0cc0cce6dae359b5e594`
SHA1	`f37b6e6d4529000ca4cb45ec69aee226646aef56`
SHA256	`cb691267d43925a3ba897acf081e60293b29365b2702b84f306dfb164a5e2551`
SHA3	`7a451bcd6ae4e623a948ef5207487e980969c0624bfe6ff57f95119ce2372e1b`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.48899`
MD5	`2fb822e1c7eb117e2c092ac94a87cfc2`
SHA1	`57a9fcffddce74c407ad84fac720e935db6b3c26`
SHA256	`48231b6c81e0bed33219b3a946d1bb37c8288ddb9a930a416f9715c052d7f338`
SHA3	`f7cad28b35627b036f5eacc675a3490e194cd1a5d8f90da9ef0d93ede551d611`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.36789`
MD5	`40a68ea4e0387ec048cc71672853b235`
SHA1	`ebd27caf7b39224b76ed883872f22eff0f978729`
SHA256	`214f34ce7ed58722bdc6a4319f9b81f84fb74f819cf6a09202711b3ce8b8ba27`
SHA3	`6bb0d6c9df8aa91a1a5becf30d92a56ad805cb9deea1d29345eb9385d69ce5e9`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.32234`
MD5	`e3db03bc3cc03b2b030871c4caf154bd`
SHA1	`b706fd28ff8c29b05e3457c38e2101c6d3924545`
SHA256	`95f02c1b93f164a3475b59c1673051d0668983d5a6dc1ff52eee0882aad7b224`
SHA3	`3a770372e5d177a989ffb227bcc32b802b77ddc7c2c7f2cb86d84e8d0272502c`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.14285`
MD5	`352ab12fe5e90d820f6e96a724dc2bdc`
SHA1	`686221533e05a127d6c7880bcbab5921a720fde7`
SHA256	`1c2f5529783bbaaf6e3d60520727f5970c23f0462acf1af05864d6a226747900`
SHA3	`e049836d41a57f0f14db0fe67f73e201cef6ce3d3e3798d484a2b26544bfd869`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02851`
Detected Filetype	Icon file
MD5	`120458c1e898c2a44391951f4cc00716`
SHA1	`59099b0346e938d7ede7c0598882d62c0bda5b7c`
SHA256	`8030930ce73dc4726df5f62d5e488780a9e26fd8bdde387767ddb17e98b6a689`
SHA3	`a7684a9004baac356b293ef58dce6a2bd4c1beb6dc6290084745ebe160cf0215`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37314`
MD5	`904083b22e0f3ef2855dab193c753356`
SHA1	`a2185862f87a49f15d4351a6ff07c67beed641f9`
SHA256	`b4ce8e29be3f8c2a79409636edef46b80de247a291241ba4ab1791913acaa1ae`
SHA3	`21d34dfcbe463023a9704cfe0520473079a531532f3ee1df6812151806b96ccc`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc11`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00665`
MD5	`52e6d4433fc6eef6522703b3e8027f62`
SHA1	`4964b848eafea9df56ec446a6c187f2ec540b378`
SHA256	`90ac4883badf1e8c6593f50f31018ab498087465a00a5f8508a64accea92a61a`
SHA3	`86468f04353a8097063af67f9e0d52cb5e4134e9410f75692963c0cee2d019ab`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.23.6.1024
ProductVersion	1.23.6.1024
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	SIM Next
FileDescription	SIMNext
FileVersion (#2)	1.23.6.1024
InternalName	SIMNext.exe
LegalCopyright
LegalTrademarks
OriginalFilename	SIMNext.exe
ProductName	SIM Next
ProductVersion (#2)	1.23.6.1024
Assembly Version	1.23.6.1024

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Oct-24 21:59:46
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x4889e4`
PointerToRawData	`0x486be4`
Referenced File	C:\BuildRelease\SimNextGen\SIMNext\SIMNext.View\obj\x64\Release\SIMNext.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.