Manalyze report for 030bfbea61413f2af1196d957cb5dec0

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2013-Aug-22 10:19:59
Detected languages	English - United States
Debug artifacts	aaedge.pdb
CompanyName	Microsoft Corporation
FileDescription	Anywhere Access Edge
FileVersion	`6.3.9600.16384 (winblue_rtm.130821-1623)`
InternalName	aaedge.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	aaedge.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion	`6.3.9600.16384`

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegNotifyChangeKeyValue RegDeleteKeyW RegQueryInfoKeyW RegGetValueW RegEnumValueW RegEnumKeyExW RegSetValueExW RegCreateKeyExW RegDeleteValueW RegCloseKey RegOpenKeyExW RegQueryValueExW` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptAcquireCertificatePrivateKey CryptStringToBinaryA CryptSignMessage CryptVerifyMessageSignature CryptDecryptMessage CryptBinaryToStringW` `Leverages the raw socket API to access the Internet: WSASocketW #8 #9 #14 WSAAddressToStringW #116 #111 #115 #21 #2 #3 FreeAddrInfoW GetAddrInfoW GetNameInfoW WSAStringToAddressW InetNtopW WSAIoctl` `Functions related to the privilege level: DuplicateToken CheckTokenMembership DuplicateTokenEx OpenProcessToken` `Interacts with the certificate store: CertOpenStore`
Safe	VirusTotal score: 0/65 (Scanned on 2017-11-13 17:06:55)	`All the AVs think this file is safe.`

Hashes

MD5	`030bfbea61413f2af1196d957cb5dec0`
SHA1	`232787cc600ac7bec19a630d37ab76a360625dfd`
SHA256	`d258a1c4952d5058fe4b5c6295e6d678dee70e829f88ddc9d91c70a4fca74829`
SHA3	`1a598e4175fd149af510bdd3bee1eab60e604f0bf8b13d889857d9ead9fc07a4`
SSDeep	`12288:hoSOExXjV5FfRJWcE4T6HWGGYFzdm4kcmbOsYBVD9MbqV0I0mq5qC:hoCx55FfjzmHWGGuzdwOsmVD9MbqV0I`
Imports Hash	`59c6c4c3fd09369a8c6dbfd7c2b35e02`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2013-Aug-22 10:19:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`11.3`
SizeOfCode	`0x96e00`
SizeOfInitializedData	`0xd400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000902F4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.3`
ImageVersion	`6.3`
SubsystemVersion	`6.3`
Win32VersionValue	`0`
SizeOfImage	`0xa8000`
SizeOfHeaders	`0x400`
Checksum	`0xaa30b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`71e01231c7fa4e6fde47e2eddc636c08`
SHA1	`43e1d0be2db0e4798293984ef1089f3bedbeb6fc`
SHA256	`7d13f98fe22e8fffd92683f20522175ff3d6994d7d019bf71a51d1749c705e00`
SHA3	`ae2ab1cd2171f02ac985717bbdb22d08f48be283ef392ca89f9ae64ff1e0a710`
VirtualSize	`0x96cd9`
VirtualAddress	`0x1000`
SizeOfRawData	`0x96e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39044`

.data

MD5	`b5abde93433369533283d304e5a018eb`
SHA1	`fc5d3f9b4376f7a226e121a32274270f1c9bb172`
SHA256	`c8b31f5716c52b072b091f70d9b249dacda2986c2829e80c073818944d6cacd5`
SHA3	`06e664fff50307fe9236cb86c1e5ed78cc70663a2b1479796e1f4defdc18b26f`
VirtualSize	`0x1470`
VirtualAddress	`0x98000`
SizeOfRawData	`0x800`
PointerToRawData	`0x97200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.27161`

.pdata

MD5	`87d2b7e0419fc3af9eeace9acbfa5c80`
SHA1	`df4cdf1f489fdf698b5efb6f4da2712f090ee38f`
SHA256	`48b07348ada78e5dcbb038f52bb2fb061ae523d253189f6eb18eeb87af003830`
SHA3	`690a0f964139ef16172a6d9525d7a2f7c6e97c094c0c105e2fd56515a80ba4af`
VirtualSize	`0x3390`
VirtualAddress	`0x9a000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x97a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.80522`

.idata

MD5	`746b6fa25a5fc3bebed93981f9a7b36d`
SHA1	`9b89470c4bca80db0b9f004269bcc1b41fc8d2fc`
SHA256	`9f4414cb9921f2a1a80e8089408e34c84c1ca083ad567436e7152e14e41aa60c`
SHA3	`316314e8c1def8affd4011c36c6f3a47c86e7d698f52ff0a2eaecb2c573b5ecc`
VirtualSize	`0x358a`
VirtualAddress	`0x9e000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x9ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76871`

.rsrc

MD5	`0cf2844d2d7e17edf429f77a33a8a6ff`
SHA1	`d247f15bd4abc413b078ed526c8747120740f4f1`
SHA256	`45bff201f5cf90c53597d229eb034e8c2939059890f98ea5a60592ec7a8c4dcb`
SHA3	`43b5ff491405397d09b1da4408c7b9f30ec6df01165fd5be10811eda9e6a90f8`
VirtualSize	`0x3df8`
VirtualAddress	`0xa2000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x9e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.87323`

.reloc

MD5	`b437bcbc95670fbc8df89e3719088595`
SHA1	`229cd114643fed0e53594179888b646d50eea6a7`
SHA256	`396245f8618960930c6108b125b8c1b16e39ffe6ec79ba2c701fc6ccabe31085`
SHA3	`3ca514056c88844b5516d4616e3c08b7a5b36998cf9b4afd0be1edf552b49361`
VirtualSize	`0x14ec`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xa2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.00075`

Imports

msvcrt.dll	`memcpy_s` `wcstok` `wcsstr` `?terminate@@YAXXZ` `wcschr` `_itow` `_ui64tow` `_wtoi` `wcsrchr` `_stricmp` `_beginthreadex` `memset` `memcpy` `memcmp` `_wcsicmp` `strchr` `wcstok_s` `swscanf_s` `_ultow` `vswprintf_s` `memmove_s` `??0exception@@QEAA@XZ` `ldiv` `??0exception@@QEAA@AEBQEBD@Z` `_aligned_malloc` `_aligned_free` `_ui64tow_s` `wcsncat_s` `wcsncpy_s` `_purecall` `memmove` `wcscpy_s` `strncmp` `_vsnprintf` `_strcmpi` `_strnicmp` `atoi` `wcsncmp` `__CxxFrameHandler3` `??1type_info@@UEAA@XZ` `_onexit` `__dllonexit` `_unlock` `_lock` `__C_specific_handler` `_initterm` `_amsg_exit` `_XcptFilter` `_CxxThrowException` `_callnewh` `?what@exception@@UEBAPEBDXZ` `??1exception@@UEAA@XZ` `??0exception@@QEAA@AEBV0@@Z` `??0exception@@QEAA@AEBQEBDH@Z` `malloc` `free` `_vsnwprintf` `calloc` `wcscmp`
WS2_32.dll	`WSASocketW` `#8` `#9` `#14` `WSAAddressToStringW` `#116` `#111` `#115` `#21` `#2` `#3` `FreeAddrInfoW` `GetAddrInfoW` `GetNameInfoW` `WSAStringToAddressW` `InetNtopW` `WSAIoctl`
KERNEL32.dll	`VerSetConditionMask` `LoadLibraryExW` `TerminateProcess` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ResetEvent` `EnterCriticalSection` `GetModuleFileNameW` `LeaveCriticalSection` `InitializeCriticalSection` `GetProcessHeap` `GetModuleHandleExW` `HeapFree` `LocalReAlloc` `CreateTimerQueue` `DeleteTimerQueueEx` `SystemTimeToTzSpecificLocalTime` `CompareFileTime` `GetFileAttributesExW` `ReadFile` `InitializeSListHead` `InitializeSRWLock` `InterlockedPopEntrySList` `InterlockedFlushSList` `AcquireSRWLockShared` `ReleaseSRWLockShared` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `InterlockedPushEntrySList` `CreateThreadpoolIo` `StartThreadpoolIo` `HeapAlloc` `WaitForThreadpoolIoCallbacks` `CloseThreadpoolIo` `RtlCaptureContext` `GetTickCount` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `WaitForSingleObject` `QueryPerformanceCounter` `Sleep` `UnregisterWait` `SetEvent` `CloseHandle` `SetLastError` `GetCurrentProcess` `CreateEventW` `GetCurrentThread` `GetSystemTime` `SystemTimeToFileTime` `OutputDebugStringA` `PostQueuedCompletionStatus` `ExpandEnvironmentStringsW` `CreateTimerQueueTimer` `DeleteTimerQueueTimer` `RegisterWaitForSingleObject` `UnregisterWaitEx` `CreateIoCompletionPort` `GetQueuedCompletionStatus` `IsBadWritePtr` `SetWaitableTimer` `CreateWaitableTimerW` `GetVersionExW` `GetComputerNameExW` `DeleteFileW` `ChangeTimerQueueTimer` `MoveFileW` `FindFirstFileW` `FindNextFileW` `FindClose` `GetFileAttributesW` `CreateDirectoryW` `GetLastError` `SetUnhandledExceptionFilter` `GetModuleHandleExA` `GetProcAddress` `FreeLibrary` `DisableThreadLibraryCalls` `TryEnterCriticalSection` `GetComputerNameW` `WideCharToMultiByte` `LoadLibraryW` `CreateFileW` `SwitchToThread` `GetTickCount64` `CreateThread` `DeleteCriticalSection` `GetSystemInfo` `GetCurrentProcessId` `LocalAlloc` `GetModuleHandleW` `lstrcmpiW` `LocalFree` `WaitForMultipleObjects` `CancelThreadpoolIo` `MultiByteToWideChar`
ADVAPI32.dll	`ConvertSidToStringSidW` `LookupAccountNameW` `PerfStopProvider` `PerfStartProvider` `PerfSetCounterSetInfo` `PerfCreateInstance` `PerfSetCounterRefValue` `EventUnregister` `EventWrite` `EventRegister` `RegNotifyChangeKeyValue` `RegDeleteKeyW` `RegQueryInfoKeyW` `DuplicateToken` `IsValidSid` `RegGetValueW` `RegEnumValueW` `RegEnumKeyExW` `RegSetValueExW` `RegCreateKeyExW` `LookupAccountSidW` `EqualSid` `GetTokenInformation` `OpenThreadToken` `CheckTokenMembership` `CreateWellKnownSid` `ControlTraceW` `StartTraceW` `RegDeleteValueW` `EnableTraceEx2` `CopySid` `GetLengthSid` `DuplicateTokenEx` `CryptReleaseContext` `IsTextUnicode` `RegCloseKey` `RegOpenKeyExW` `RegQueryValueExW` `EventActivityIdControl` `OpenProcessToken` `SetServiceStatus` `RegisterServiceCtrlHandlerW` `TraceMessage` `UnregisterTraceGuids` `RegisterTraceGuidsW` `GetTraceEnableFlags` `GetTraceEnableLevel` `GetTraceLoggerHandle`
OLEAUT32.dll	`#6` `#9` `#4` `#2` `#7` `#23` `#24` `#149` `#8` `#150`
AUTHZ.dll	`AuthzFreeResourceManager` `AuthzFreeContext` `AuthzGetInformationFromContext` `AuthzInitializeContextFromSid` `AuthzInitializeResourceManager`
ntdll.dll	`RtlIpv4AddressToStringW` `RtlIpv6AddressToStringW` `RtlVerifyVersionInfo` `RtlGetLastNtStatus` `NtDuplicateObject` `WinSqmSetDWORD`
Secur32.dll	`GetComputerObjectNameW` `FreeCredentialsHandle` `SetContextAttributesW` `InitializeSecurityContextW` `InitSecurityInterfaceW` `QuerySecurityPackageInfoW` `QueryContextAttributesW` `EncryptMessage` `FreeContextBuffer` `AcquireCredentialsHandleW` `DecryptMessage` `GetUserNameExW` `AcceptSecurityContext` `DeleteSecurityContext`
ole32.dll	`IIDFromString` `CoInitializeEx` `StringFromGUID2` `CLSIDFromString` `CoCreateInstance` `CoInitialize` `CoUninitialize` `CoCreateGuid`
CRYPT32.dll	`CertCloseStore` `CertFindCertificateInStore` `CertOpenStore` `CryptAcquireCertificatePrivateKey` `CertGetCertificateContextProperty` `CryptStringToBinaryA` `CertFreeCertificateContext` `CryptSignMessage` `CryptVerifyMessageSignature` `CertGetEnhancedKeyUsage` `CertGetCertificateChain` `CertFreeCertificateChain` `CryptDecryptMessage` `CryptBinaryToStringW`
NETAPI32.dll	`DsRoleFreeMemory` `DsGetDcNameW` `NetApiBufferFree` `DsRoleGetPrimaryDomainInformation`
SLC.dll	`SLRegisterWindowsEvent`
VSSAPI.DLL	`CreateWriter`
SHLWAPI.dll	`PathFindFileNameW`
ACTIVEDS.dll	`#9` `#17` `#13` `#6` `#4` `#15` `#3` `#18` `#5`
WLDAP32.dll	`#73` `#170` `#41` `#26` `#79` `#14` `#16` `#18` `#46` `#142` `#210`
ualapi.dll	`UalStop` `UalInstrument` `UalStart` `UalRegisterProduct`
RPCRT4.dll	`I_RpcAsyncSetHandle` `RpcRevertToSelf` `RpcAsyncInitializeHandle` `RpcServerInqCallAttributesW` `I_RpcGetBuffer` `RpcServerSubscribeForNotification` `RpcServerUnsubscribeForNotification` `RpcMgmtWaitServerListen` `I_RpcReallocPipeBuffer` `I_RpcSend` `RpcImpersonateClient` `RpcServerUnregisterIfEx` `RpcAsyncAbortCall` `RpcSsContextLockExclusive` `RpcBindingInqAuthClientW` `NdrAsyncServerCall` `RpcServerTestCancel` `NdrServerCall2` `NdrServerCallAll` `RpcAsyncCompleteCall` `I_RpcExceptionFilter` `NDRSContextUnmarshall2` `NDRSContextMarshall2` `RpcBindingSetOption` `RpcBindingVectorFree` `RpcMgmtStopServerListening` `RpcRaiseException` `RpcCertGeneratePrincipalNameW` `RpcStringFreeW` `RpcServerRegisterAuthInfoW` `RpcServerInqDefaultPrincNameW` `RpcServerRegisterIfEx` `I_RpcServerUseProtseqEp2W` `RpcServerUseProtseqEpExW` `RpcServerListen` `RpcEpRegisterW` `RpcBindingFree` `RpcStringBindingParseW` `RpcBindingToStringBindingW` `RpcBindingServerFromClient` `RpcFreeAuthorizationContext` `RpcServerInqBindings` `RpcGetAuthorizationContextForClient`
HTTPAPI.dll	`HttpQueryServiceConfiguration` `HttpWaitForDisconnect` `HttpCancelHttpRequest` `HttpSendHttpResponse` `HttpTerminate` `HttpCloseServerSession` `HttpCloseRequestQueue` `HttpShutdownRequestQueue` `HttpCloseUrlGroup` `HttpRemoveUrlFromUrlGroup` `HttpReceiveRequestEntityBody` `HttpSendResponseEntityBody` `HttpReceiveHttpRequest` `HttpSetUrlGroupProperty` `HttpCreateRequestQueue` `HttpAddUrlToUrlGroup` `HttpCreateUrlGroup` `HttpSetServerSessionProperty` `HttpCreateServerSession` `HttpInitialize`

Delayed Imports

StandAloneMain

Ordinal	`1`
Address	`0x15ce0`

AddProtocolProcessor

Ordinal	`2`
Address	`0x15d08`

InitializeTestHooks

Ordinal	`3`
Address	`0x15d14`

ServiceMain

Ordinal	`4`
Address	`0x15c9c`

OpenKeyReader

Ordinal	`5`
Address	`0x15d30`

OpenKeyReaderWriter

Ordinal	`6`
Address	`0x15d3c`

SvchostPushServiceGlobals

Ordinal	`7`
Address	`0x161a4`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77324`
MD5	`4f51bdf27c7ac013cb9acca125d78deb`
SHA1	`21fd7cb24a08f1b8f1450d2549b5ac372569eb2e`
SHA256	`1b0f71059ec4d39f1c8a91ac8840157449b0bfa0717771fd6280d7a50df1affb`
SHA3	`686b6324afa07e1a47874add41b618e30039da38f4ca82c110fedf791167634c`

1 (#2)

Type	`WEVT_TEMPLATE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x385a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.87717`
MD5	`c5b16c013a6dc733b945f99411807f1b`
SHA1	`1b7636c590ddfcc8059c1acba6d96b28819ebb3d`
SHA256	`443c04164135d9206b228fc0d471e719168da0468b6f74384f960b5d98e37cb0`
SHA3	`f50a36d9f812c1459d5f033027e9f051a52f5b375701dde2d7918614232c0c80`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52917`
MD5	`579eff6682fa061069ace7df9c24036d`
SHA1	`b0a083babc3fa9b7dfa9f5c5688014a5d6470824`
SHA256	`ecf91b9631381073aad5899b8815c1ac647249faefda5c5d2ae4df677e737a42`
SHA3	`8999fd4c72e264e0acf95b48a239c1e187660a478f03f0fb216d4b908b1657df`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.3.9600.16384
ProductVersion	6.3.9600.16384
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Anywhere Access Edge
FileVersion (#2)	6.3.9600.16384 (winblue_rtm.130821-1623)
InternalName	aaedge.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	aaedge.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	6.3.9600.16384

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2013-Aug-22 10:19:59
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0x15964`
PointerToRawData	`0x14d64`
Referenced File	aaedge.pdb

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180098008`

RICH Header

XOR Key	`0x77de43d1`
Unmarked objects	`0`
C objects (65501)	`16`
ASM objects (65501)	`2`
Total imports	`447`
Imports (65501)	`45`
C++ objects (65501)	`7`
Exports (65501)	`1`
211 (65501)	`113`
Resource objects (65501)	`1`
Linker (65501)	`1`

030bfbea61413f2af1196d957cb5dec0

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.pdata

.idata

.rsrc

.reloc

Imports

Delayed Imports

StandAloneMain

AddProtocolProcessor

InitializeTestHooks

ServiceMain

OpenKeyReader

OpenKeyReaderWriter

SvchostPushServiceGlobals

1

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors