| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2016-Nov-08 22:26:41 |
| Detected languages |
English - United States
|
| Debug artifacts |
D:\DOTNET-CLI-W002\_work\4\s\artifacts\win10-x86\corehost\cmake\cli\exe\RelWithDebInfo\dotnet.pdb
|
| CompanyName | Microsoft Corporation |
| FileDescription | dotnet |
| FileVersion | 1,1,001179,00,1.1.0, 928f77c4bc3f49d892459992fb6e1d5542cb5e86 built by: DOTNET-CLI-W002, UTC: 11/8/2016 10:26:21 PM |
| InternalName | dotnet |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | dotnet |
| ProductName | Microsoft® .NET Core Framework |
| ProductVersion | 1.1.0, 928f77c4bc3f49d892459992fb6e1d5542cb5e86 built by: DOTNET-CLI-W002, UTC: 11/8/2016 10:26:21 PM |
| Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Safe | VirusTotal score: 0/68 (Scanned on 2019-11-14 04:03:04) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 7 |
| TimeDateStamp | 2016-Nov-08 22:26:41 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0xe800 |
| SizeOfInitializedData | 0xa400 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000B581 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x10000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x1e000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x180000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
FindClose
FindFirstFileW FindFirstFileExW FindNextFileW GetFullPathNameW CloseHandle GetModuleFileNameW GetModuleHandleExW GetProcAddress LoadLibraryExW MultiByteToWideChar WideCharToMultiByte GetLastError GetEnvironmentVariableW FreeLibrary RtlUnwind RaiseException InitializeSListHead GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter TerminateProcess GetCurrentProcess SetUnhandledExceptionFilter UnhandledExceptionFilter IsDebuggerPresent IsProcessorFeaturePresent WaitForSingleObjectEx ResetEvent SetEvent LCMapStringW GetModuleHandleW GetStringTypeW EnterCriticalSection LeaveCriticalSection DeleteCriticalSection EncodePointer DecodePointer SetLastError InitializeCriticalSectionAndSpinCount CreateEventW TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime |
|---|---|
| api-ms-win-crt-runtime-l1-1-0.dll |
_c_exit
_invalid_parameter_noinfo_noreturn _errno __p___wargv __p___argc _exit exit _initterm_e abort _initterm _get_initial_wide_environment _initialize_wide_environment _configure_wide_argv _set_app_type _seh_filter_exe _cexit _controlfp_s terminate _crt_atexit _register_onexit_function _register_thread_local_exe_atexit_callback _initialize_onexit_table |
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
frexp |
| api-ms-win-crt-heap-l1-1-0.dll |
_callnewh
malloc calloc _calloc_base free _free_base _set_new_mode |
| api-ms-win-crt-convert-l1-1-0.dll |
wcstoul
_wtoi |
| api-ms-win-crt-stdio-l1-1-0.dll |
__stdio_common_vfwprintf
__stdio_common_vsprintf_s __acrt_iob_func fputws __p__commode _set_fmode |
| api-ms-win-crt-string-l1-1-0.dll |
strcpy_s
_wcsdup memset wcsnlen strcspn |
| api-ms-win-crt-locale-l1-1-0.dll |
___lc_codepage_func
setlocale _configthreadlocale __pctype_func _unlock_locales localeconv ___mb_cur_max_func _lock_locales ___lc_locale_name_func |
| ADVAPI32.dll |
SystemFunction036
|
| api-ms-win-crt-multibyte-l1-1-0.dll |
_ismbblead
|
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.1.0.1179 |
| ProductVersion | 1.1.0.1179 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_DLL
|
| Language | English - United States |
| CompanyName | Microsoft Corporation |
| FileDescription | dotnet |
| FileVersion (#2) | 1,1,001179,00,1.1.0, 928f77c4bc3f49d892459992fb6e1d5542cb5e86 built by: DOTNET-CLI-W002, UTC: 11/8/2016 10:26:21 PM |
| InternalName | dotnet |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | dotnet |
| ProductName | Microsoft® .NET Core Framework |
| ProductVersion (#2) | 1.1.0, 928f77c4bc3f49d892459992fb6e1d5542cb5e86 built by: DOTNET-CLI-W002, UTC: 11/8/2016 10:26:21 PM |
| Resource LangID | English - United States |
|---|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2016-Nov-08 22:26:41 |
| Version | 0.0 |
| SizeofData | 122 |
| AddressOfRawData | 0x152ec |
| PointerToRawData | 0x13eec |
| Referenced File | D:\DOTNET-CLI-W002\_work\4\s\artifacts\win10-x86\corehost\cmake\cli\exe\RelWithDebInfo\dotnet.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2016-Nov-08 22:26:41 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x15368 |
| PointerToRawData | 0x13f68 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2016-Nov-08 22:26:41 |
| Version | 0.0 |
| SizeofData | 992 |
| AddressOfRawData | 0x1537c |
| PointerToRawData | 0x13f7c |
| StartAddressOfRawData | 0x41a000 |
|---|---|
| EndAddressOfRawData | 0x41a008 |
| AddressOfIndex | 0x4189ac |
| AddressOfCallbacks | 0x4101fc |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x5c |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x418070 |
| SEHandlerTable | 0x415160 |
| SEHandlerCount | 53 |
| XOR Key | 0x8dc53327 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (23907) | 13 |
| C++ objects (23907) | 59 |
| C objects (23907) | 33 |
| Imports (VS2008 SP1 build 30729) | 18 |
| 244 (40116) | 1 |
| 239 (40116) | 7 |
| Total imports | 147 |
| C++ objects (VS2015 UPD2 build 23918) | 5 |
| Resource objects (VS2015 UPD2 build 23918) | 1 |
| 151 | 1 |
| Linker (VS2015 UPD2 build 23918) | 1 |