Manalyze report for 01fa37bdd09c15ed22799070cf4e5c7a52620176134b5891235aa56d691ac06c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-22 16:34:47
Detected languages	English - United States
Debug artifacts	E:\build\workdir\LinkTarget\Executable\updater.pdb

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegGetValueW RegQueryInfoKeyW RegEnumKeyExW RegQueryValueExW RegCloseKey RegCreateKeyExW RegSetValueExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessAsUserW CreateProcessW` `Uses Microsoft's cryptographic API: CryptQueryObject CryptImportPublicKeyInfo CryptMsgClose CryptMsgGetParam CryptDestroyHash CryptGetHashParam CryptReleaseContext CryptVerifySignatureA CryptAcquireContextA CryptCreateHash CryptHashData CryptDestroyKey` `Leverages the raw socket API to access the Internet: ntohl` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: QueryServiceConfigW OpenSCManagerA OpenServiceW QueryServiceStatusEx` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: Process32FirstW Process32NextW OpenProcess`
Info	The PE is digitally signed.	`Signer: The Document Foundation` `Issuer: Certum Code Signing 2021 CA`
Safe	VirusTotal score: 0/71 (Scanned on 2026-05-12 13:13:46)	`All the AVs think this file is safe.`

Hashes

MD5	`572473699b1bb6ed71f51d69694ab2fd`
SHA1	`7265a3182712d5c5b05c546764dd785424021276`
SHA256	`01fa37bdd09c15ed22799070cf4e5c7a52620176134b5891235aa56d691ac06c`
SHA3	`b1169cb499e9e62088bc67e61bd9c2a44f5142eb89b87ff4705c1ef50b3ebcd3`
SSDeep	`6144:M6MHXeM6dUEWPUIbp16OIahlO3PfcKrKywahZp:MfHX96dUEWPZBmdGyTF`
Imports Hash	`4f647d79443f77d82da9b90175c50526`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Mar-22 16:34:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1ea00`
SizeOfInitializedData	`0x27e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001D4C4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`0.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x4d000`
SizeOfHeaders	`0x400`
Checksum	`0x57c40`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`55988cd6086e6c9b25177d936a169c1e`
SHA1	`f69d568542d98c06bcde7ca572707c048939491e`
SHA256	`485f8fea933365128cd915a6c84b56fcf43c7a4b4e4241af64c9dc4cce77c455`
SHA3	`66c1195f302fecfda992e48f62b4ab3109cb04440d0a462e84496399a568af29`
VirtualSize	`0x1e9ee`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1ea00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.2047`

.rdata

MD5	`6c0bf22ed4503afa80600c014d089887`
SHA1	`9637dada3381261126928ccc4bf377806aaad1fa`
SHA256	`fb1655f11ae51dd76c20b6ee0212ddf68ada194cef6fc0189a7e5f2072eed948`
SHA3	`c185ab8d99c56513ef4b45b84e81746ae83105599e4c82a5c3f0114f1bd2237e`
VirtualSize	`0xda0c`
VirtualAddress	`0x20000`
SizeOfRawData	`0xdc00`
PointerToRawData	`0x1ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.93576`

.data

MD5	`151d23858be25cff51e3ae0fa906f196`
SHA1	`7e3a5e55e7c777849b4d4578bef0ede20f88c92c`
SHA256	`ed58b4e3bf06b8783bc00f97cabcdc9925f60be413124ffe04a9a7330494637d`
SHA3	`afb609e722cb54c8e4ed79ef0a6424ff27776ef8f3860760eaaf996496b36557`
VirtualSize	`0x26b8`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.27182`

.pdata

MD5	`8f26acdbef3f72e4080df0a01d6902cd`
SHA1	`e9b3c87fb00d7a83eb7a023008aff094844c8b1f`
SHA256	`6d1eafdad45e009bdf5742462fcb7ea118b155ab7c046f660c00ea10fc9b1f53`
SHA3	`2c96765f0124c081b6235ab021fb8608216e70ea3a332f964055214c0f5602e0`
VirtualSize	`0x2028`
VirtualAddress	`0x31000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x2ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.19552`

.rsrc

MD5	`702fc5c4304f7a9714a820f5bb20ff2b`
SHA1	`fcef09d733923335e206683e216c3b391595d59e`
SHA256	`c013545ed206c87808c224b96b8c6ca05a264b8f57532c8797e01adcf8c979ba`
SHA3	`bde3ca7fd3a258436649310d734e2a197b41ba8a043015ab45e2741625e1c2d3`
VirtualSize	`0x17980`
VirtualAddress	`0x34000`
SizeOfRawData	`0x17a00`
PointerToRawData	`0x2f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.57615`

.reloc

MD5	`da8e21915047a9ba8d8cc9ef658206d6`
SHA1	`e492b7e3baaa6730da0afcc2b5cc2a0e19512658`
SHA256	`6feaae7cd56aa3a9cf39edcc7011932c6a6bda29a807c823a3fd651a0acedf8a`
SHA3	`2f89cc65064208f063271736c4eb31aa74b2c27d7cba63156f7b2456e490d09c`
VirtualSize	`0x158`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x46a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.996`

Imports

COMCTL32.dll	`InitCommonControlsEx`
CRYPT32.dll	`CryptQueryObject` `CryptImportPublicKeyInfo` `CryptMsgClose` `CertCloseStore` `CryptMsgGetParam` `CertFindCertificateInStore` `CertGetNameStringW` `CertGetNameStringA` `CertFreeCertificateContext`
GDI32.dll	`SelectObject`
ole32.dll	`CoTaskMemFree`
RPCRT4.dll	`UuidCreate` `RpcStringFreeW` `UuidToStringW`
SHELL32.dll	`ShellExecuteExW` `SHGetKnownFolderPath`
SHLWAPI.dll	`PathUnquoteSpacesW` `PathStripPathW` `PathCanonicalizeW` `PathIsUNCServerShareW` `PathRemoveFileSpecW` `PathStripToRootW` `PathCommonPrefixW` `PathAppendW`
WS2_32.dll	`ntohl`
ADVAPI32.dll	`QueryServiceConfigW` `CryptDestroyHash` `CryptGetHashParam` `CryptReleaseContext` `RegGetValueW` `AdjustTokenPrivileges` `LookupPrivilegeValueA` `OpenProcessToken` `GetTokenInformation` `RegQueryInfoKeyW` `RegEnumKeyExW` `CloseServiceHandle` `OpenSCManagerA` `StartServiceW` `CreateProcessAsUserW` `OpenServiceW` `QueryServiceStatusEx` `RegQueryValueExW` `CryptVerifySignatureA` `CryptAcquireContextA` `CryptCreateHash` `CryptHashData` `CryptDestroyKey` `RegCloseKey` `RegCreateKeyExW` `RegSetValueExW` `RegOpenKeyExW`
WINTRUST.dll	`WinVerifyTrust`
USER32.dll	`LoadIconW` `GetClientRect` `GetDlgItem` `GetDC` `GetDesktopWindow` `SetTimer` `DialogBoxParamW` `ReleaseDC` `WaitForInputIdle` `GetWindowRect` `wsprintfW` `OffsetRect` `GetWindowLongPtrW` `CopyRect` `SetWindowTextW` `EndDialog` `SendMessageW` `ScreenToClient` `SetWindowLongPtrW` `GetParent` `SetWindowPos` `DrawTextW`
MSVCP140.dll	`?_Xlength_error@std@@YAXPEBD@Z`
USERENV.dll	`CreateEnvironmentBlock` `DestroyEnvironmentBlock`
KERNEL32.dll	`GetCurrentThreadId` `UnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `GetCurrentProcessId` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `InitializeSListHead` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `SleepConditionVariableSRW` `GetFullPathNameW` `DeviceIoControl` `WakeAllConditionVariable` `ReleaseSRWLockExclusive` `GetSystemTimeAsFileTime` `AcquireSRWLockExclusive` `LocalAlloc` `FreeLibrary` `LoadLibraryW` `GetDriveTypeW` `Process32FirstW` `DeleteFileW` `Process32NextW` `CreateToolhelp32Snapshot` `WriteFile` `CreateDirectoryW` `DeactivateActCtx` `GetModuleFileNameW` `ActivateActCtx` `CreateActCtxW` `LoadLibraryExW` `SetDllDirectoryW` `GetModuleHandleW` `GetProcAddress` `GetTickCount` `WideCharToMultiByte` `CopyFileW` `CreateProcessW` `MoveFileExW` `LocalFree` `UnlockFile` `CloseHandle` `GetLastError` `FormatMessageW` `Sleep` `GetPrivateProfileStringW` `MultiByteToWideChar` `QueryInformationJobObject` `FindFirstFileW` `SetLastError` `FindNextFileW` `GetLongPathNameW` `GetCurrentProcess` `TerminateProcess` `LockFile` `SetFilePointer` `SetEndOfFile` `FindClose` `WaitForSingleObject` `CreateFileW` `GetFileAttributesW` `GetSystemDirectoryW` `IsProcessInJob` `OpenProcess`
VCRUNTIME140.dll	`_CxxThrowException` `memset` `__std_type_info_destroy_list` `memmove` `memcpy` `__current_exception_context` `wcschr` `strchr` `__current_exception` `_purecall` `wcsstr` `__std_terminate` `wcsrchr` `__std_exception_destroy` `__std_exception_copy` `__C_specific_handler`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-string-l1-1-0.dll	`strtok` `strpbrk` `wcstok_s` `strncpy` `wcspbrk` `wcsnlen` `wcsncat` `_strdup` `_wcsdup` `_wcsnicmp` `_wcsicmp` `strcmp` `strncmp` `_wcslwr` `wcsncpy` `wcsncmp`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `_wtoi64` `wcstol`
api-ms-win-crt-stdio-l1-1-0.dll	`ftell` `_fseeki64` `_ftelli64` `rewind` `fgetc` `_wfopen_s` `fopen` `_fileno` `__stdio_common_vsprintf` `fclose` `__stdio_common_vswprintf` `fwrite` `_setmaxstdio` `_wfopen` `_set_fmode` `fflush` `__stdio_common_vfprintf` `fseek` `__stdio_common_vfwprintf` `fread` `__acrt_iob_func` `ferror` `__p__commode` `_get_osfhandle`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `__p___wargv` `__p___argc` `_beginthreadex` `exit` `_errno` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_cexit` `_register_thread_local_exe_atexit_callback` `_wperror` `_exit` `_set_app_type` `perror` `terminate` `_seh_filter_exe` `_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment` `_crt_at_quick_exit` `_initialize_onexit_table` `_invoke_watson` `_crt_atexit` `_register_onexit_function` `_execute_onexit_table`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `malloc` `free` `_callnewh`
api-ms-win-crt-filesystem-l1-1-0.dll	`_wchdir` `_waccess` `_wstat64i32` `_wrename` `_wchmod` `_wrmdir` `_wremove` `_fstat64i32` `_wmkdir`
api-ms-win-crt-environment-l1-1-0.dll	`getenv` `_putenv`
api-ms-win-crt-time-l1-1-0.dll	`strftime` `_time64` `_localtime64` `_mktime64`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93535`
MD5	`506863d4f4a6597c2fa36529b2ae336b`
SHA1	`0ecae2ce9e9d5aa3c8838370efefc81c479065f3`
SHA256	`358af96e501d406c5fe1efe786e16eb42c47b4cada085f0f3ec6f886b0ef5e0d`
SHA3	`93d77bc6ff433c633de67910f0c17650acd29cc82c1e5f0e64c48c121a93b350`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11959`
MD5	`dfad574025ca58250b6219d27424df71`
SHA1	`92b4c73f230d6b77982d8ea5ce64a4b3b41f6a36`
SHA256	`b861493cdd190fcd930dd83f16ef54ef8d2d7e77f89969e10e43bcc610937618`
SHA3	`6605d468dde9c23351ad88a381059f53bbfc4f6bd13b182fd2b5cf5d4ae42f80`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4335`
MD5	`179efe5120ef8e204e9596ae602f5e7d`
SHA1	`1b10aab197d312669b92b6af5d53a64f997a397c`
SHA256	`c6211d95a16a424713645e5436c810dc95896cf681000f1c91b55624a95fe668`
SHA3	`bc85a211af4ca02cb6d66d81174c0b0291871de7c8e28f989b891a93f7fe408f`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.99024`
MD5	`e6e67b9bf315a6ac54cd141b0875100f`
SHA1	`7801925eb6befa9a31d666d4173c93d50703d8e4`
SHA256	`32e2f57914f4d4cd576c7239f7063220c24e2b5aaff22f35b92be873b24b1cb6`
SHA3	`3b3465899c50aa5827b2e4c510d43c6520f364a57e0589240c3c41c1ef27b479`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89167`
MD5	`4bd71a80ea35d8b19edbcb8f5835c520`
SHA1	`a8b8053f33db8b98001338508dac2fb326910c9f`
SHA256	`3c279365af4fa01580d8c2f7a3a96fe701029a76b3da3e89e263ad0c17914de6`
SHA3	`9b0f1575e454d280ead1388e3112f346dc3665cfc9250969624b3166fa3306a3`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18415`
MD5	`6797fff03e8b0066ed50213658926baa`
SHA1	`3bbb4b059e50bb1605af241225ddaacc75b8bd58`
SHA256	`8c355e11c18fd547844f624dbf5c050187c3947eb4a3cbf6cef6e950c07d660f`
SHA3	`1b377c62b1d9f9832444a3bd1aca572b940dffce73ecd7af9ddf75588620c36f`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.06911`
MD5	`8002b30e103073d4a03cd71ba2406fd8`
SHA1	`386d24d37a7b46b29531c30e6c2a7fdd9c6eca40`
SHA256	`19492f1f0ae205e78fe50144d6f482ab6ee290daf326958fee36b02936f6c288`
SHA3	`57ae65607ea9b71362eb3a5704c7c73532cf0bf6ce109203076d519283c12922`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.55891`
MD5	`490728282164ef0f84b85524aa974f94`
SHA1	`e82a5bd641ffc0e76d51bf7d1c990e23d0965302`
SHA256	`9187825025dbd8284782be88e047db843d6c6ab110f2b1d177f6dc81a03816b2`
SHA3	`9fc2dd0fce2a21b61afd6fc8e837456bd99d5268903d4cf37c0d9b1bf53cc1bc`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19167`
MD5	`61338d339b6acb20a855fb3c5a36f8e8`
SHA1	`5073f3d5924c2a5d4a0e07409dc7f3cf5d9e4b66`
SHA256	`208223b3480706a4f53c0018ac6fd1cfc73020c0ac695a4541d7152156b6f618`
SHA3	`db5d8b42ca3ba0ec6cb32a19a68c9a82e5f0f9c5841e3bc733bd84fb3c40fc00`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.86325`
MD5	`0817e848c910a1ab977570c4cf2014cf`
SHA1	`bd99e84465564e4a01504401c60c4b1f38c771e5`
SHA256	`247a42a40bca6b41b3807a222087203b61340d38982e949b704d203e973653c5`
SHA3	`5b28a530ae09cd4ab5b0a029bcac425c93f4b531cc46048c56c49e8cb4b142a1`

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92348`
MD5	`b32d2d9f36e763b2bfed8e2a3e8e85f1`
SHA1	`833ddefb4c53d737b1962ca9e900d25c71867393`
SHA256	`cc82bbe03184f9b39f54a2da165b6ad893578b48361f002603d7fdc206207943`
SHA3	`493d1fd020af48199ed4367c00a09c94424d506e6eab3e752c796726ffc87245`

63

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56076`
MD5	`6d0c7575cd5367f8dd87e1e4dea98fae`
SHA1	`9be1a26074c0e7563443500af87e84b9aaa47c76`
SHA256	`3e5970a11a0d599cf13eb3e39df53c0790fc651545e5e4c732850aad54f34869`
SHA3	`4856e0b7ae64865a6166fba05a45d97220de5005be5909a679b6aceea6b93060`

1003

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96944`
Detected Filetype	Icon file
MD5	`2196874af173f3822219ae2e4ddfbd92`
SHA1	`3afa7a617882846fd414630aa3f653a05765da26`
SHA256	`8ee5f2ee4e2e5164310e1f5f8aef3cc5128d0425722664492782f220b8d670fd`
SHA3	`4240853e9d760084bf29509ba1b6b3b6dad3942cab08a788287054d0fb21f2ed`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.98028`
MD5	`641e007dbcafe6831ce0eae0b3b7faee`
SHA1	`73ffdbf290785136e7b96d988d5ea257933e4576`
SHA256	`15665a0031c379d2bf3d58d44f68c8ccf8608594461b23a18812966c5e927dfc`
SHA3	`040ea3c4df9ce020865a5b04bd64237f4606491928a8c3a9af757cc603a9848b`

17

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x66e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21025`
MD5	`2b48b37fd2d214c893d8d846157a8e0e`
SHA1	`ccd651ad30632483984b4e9400fca3bb4b551747`
SHA256	`ad0bfac8fe03e2116af7788a6114e0fdb1e00c4bd4b13c540c257f28794fc56d`
SHA3	`559e0ec6443930f0f1e312aedf52f5eb18afbc32c0cc43d3921faa4a5a470327`

String Table contents

moz-updater.exe-4cdccec4-5ee0-4a06-9817-4cd899a9db49

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-22 16:34:47
Version	`0.0`
SizeofData	`75`
AddressOfRawData	`0x284fc`
PointerToRawData	`0x272fc`
Referenced File	E:\build\workdir\LinkTarget\Executable\updater.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-22 16:34:47
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x28548`
PointerToRawData	`0x27348`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-22 16:34:47
Version	`0.0`
SizeofData	`964`
AddressOfRawData	`0x2855c`
PointerToRawData	`0x2735c`

TLS Callbacks

StartAddressOfRawData	`0x140028940`
EndAddressOfRawData	`0x140028948`
AddressOfIndex	`0x14002e9b8`
AddressOfCallbacks	`0x140020958`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14002e040`

RICH Header

XOR Key	`0x51767c94`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`20`
Imports (35207)	`6`
253 (35207)	`5`
ASM objects (35207)	`4`
C objects (35207)	`10`
C++ objects (35207)	`33`
C objects (CVTCIL) (30795)	`1`
Imports (30795)	`27`
Total imports	`255`
C++ objects (LTCG) (35224)	`22`
Resource objects (35224)	`1`
Linker (35224)	`1`

Errors

Leave a comment

No comments yet.