Manalyze report for 03c21928b3b0c76d36ef663c7c3832a3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Dec-20 22:07:27
Detected languages	English - United States
Debug artifacts	C:\Users\labuser\source\CCXProcessRedirect\Release\CCXProcessRedirect.pdb

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: CreateProcessW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 81.2905% of the executable.`
Info	The PE is digitally signed.	`Signer: Adobe Inc.` `Issuer: DigiCert EV Code Signing CA (SHA2)`
Safe	VirusTotal score: 0/69 (Scanned on 2020-12-22 20:52:18)	`All the AVs think this file is safe.`

Hashes

MD5	`03c21928b3b0c76d36ef663c7c3832a3`
SHA1	`9db445b4bac178ff4cc74a5e80e841f937dbaf02`
SHA256	`7773c44cf15111e49e3a5815388fc14e39c1bfef217da35eebcf7502a4992b96`
SHA3	`0494ef5e8fc30be2120d4d96d5aae5c43e655dc8872dfa0f4d8108be5817b282`
SSDeep	`384:1J04+O9j0+VHFJGib9ORASgudZL99Sjvb99SjvWpSOZvNk0nZsHLsJPDgf2h7:M4b9YUHFV2/tdb9Sbh9Sbce0EgUf2h7`
Imports Hash	`c839662e69e66e1ffff183812e9f1f35`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Dec-20 22:07:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1400`
SizeOfInitializedData	`0x18e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000017EC (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1e000`
SizeOfHeaders	`0x400`
Checksum	`0x26f71`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6555b9ff97a48b9654ddcb71e48fa840`
SHA1	`71707ef7a271cfc04d7b21908bd6366f78bec65a`
SHA256	`926ba610d6ae97b9cd1f434a59bd3c9d7d2d6aa15f8324fc9174b3dd5b60b9ac`
SHA3	`1c503d3e3af37a0db33650c91d1bd8cea110932d8273e238a3ff2422e0bac623`
VirtualSize	`0x1349`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25435`

.rdata

MD5	`4240235215a4cabd3b078cc7d0cc314b`
SHA1	`d520f1bf58eccaf0775ead4508b9af5727825508`
SHA256	`050bcf2e3c1daa509d59b97fe3b08cee3a69e1fa0d74d5d334c94cd088ae8015`
SHA3	`a6e71134e4f38e506da8d723ff528627ca41d526ab5afaf21be3c23cfcc3b7ef`
VirtualSize	`0xf92`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.53394`

.data

MD5	`08cf310c1c74e99ea88dc544bdbef09a`
SHA1	`4cb748eb8669bed3cbcd09817eca692930ee7ae8`
SHA256	`261c160cc815d59d413727f53a6341da7b9a7768e6d3b0eb7b1ccde60c0427ec`
SHA3	`bc68059bce3d0a9b8482135020c0b4f872c0fa35c8dac3d16f19e6400993f42a`
VirtualSize	`0x404`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.77599`

.rsrc

MD5	`d19eb0c4cc70f896c3033114752590e3`
SHA1	`2f9f94b5c3b688f895bbd34ff416a6dcd4fb935d`
SHA256	`4fb23872c035a79149e05338d7067950820971cf2752902abf8bd457ad3318b5`
SHA3	`cd283c3568ea6662fe930d01cd68446854e4ef76fc0f8d179eaa93a3914d0bba`
VirtualSize	`0x17238`
VirtualAddress	`0x5000`
SizeOfRawData	`0x17400`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.01994`

.reloc

MD5	`ae1cb1ead3a66d75e73b24532e9d3468`
SHA1	`3ad80f5a72dede2ae429847de90a030fec783a4a`
SHA256	`05c4181e9c2526899b801c35fd96aee9f884aa81850ae9d362fd73d5236e0c52`
SHA3	`0f2f4e79997ce02d0872ca2b4da4da501df1043e2a3eb0171c20bfa0d7d2a77a`
VirtualSize	`0x210`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x400`
PointerToRawData	`0x19e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.0342`

Imports

KERNEL32.dll	`Wow64DisableWow64FsRedirection` `GetEnvironmentVariableW` `GetLastError` `CreateProcessW` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `GetStartupInfoW` `GetModuleHandleW`
MSVCP140.dll	`?_Xlength_error@std@@YAXPBD@Z`
VCRUNTIME140.dll	`__std_exception_destroy` `memset` `_CxxThrowException` `__std_exception_copy` `memcpy` `_except_handler4_common` `memmove`
api-ms-win-crt-string-l1-1-0.dll	`wcscat_s`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_controlfp_s` `_register_thread_local_exe_atexit_callback` `_invalid_parameter_noinfo_noreturn` `_seh_filter_exe` `_c_exit` `_cexit` `exit` `_initterm_e` `_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_configure_wide_argv` `_exit` `_set_app_type` `terminate`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `_callnewh` `free` `malloc`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x115a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40514`
Detected Filetype	PNG graphic file
MD5	`80effeaf0f7f73030c8c163b1d372a73`
SHA1	`2fe13eb3e7bca557f85fc8f9b9cae0bcc471b2b8`
SHA256	`fb2d880da70a3656bd101b0abef32bf9fa1cd534f722390a89726d6688a9b69a`
SHA3	`09fc211cee1c94a133ffcd534ee37fbf0cbc1361fd7597fdae82672b1a5ed951`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26975`
MD5	`f1116353e3532f47558905b9bf055ccd`
SHA1	`c811f9279167c9403f4ace49d15ea4903e111a4c`
SHA256	`8449d82e04180f53b51638f4be40711c0ec460a6d8974814281ca3ad023a6f7c`
SHA3	`8b370bb368464c8ef4b224957a67081802a791c011f3a79505fcbb00750bf58d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.1346`
MD5	`556efe1176ce501c76135e739a4e351f`
SHA1	`8111ff3a50a39de110c9e7ec763b6e8ff7ee0ef2`
SHA256	`4d473837de08a8436ca2395d0c5f32c21520932efdeddc1901a10af5392f88d9`
SHA3	`5ee61c09e5a367b13359b017f3154d6b35c0ba5c7ca0b56adde22d7aa36b8507`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.398`
MD5	`837e52eb38d74315e357d8f125c4df81`
SHA1	`03c8def2cd7c7cb2ed4104ecddfe81b6ddd4e658`
SHA256	`98174f3472ca0f9554ba63205b25c32599203ed666ed11fe97b0ea8e139bfcbb`
SHA3	`e311783462de1ba36b6ee0703350bf7e2e1d4bdd64e4290fbc2ac4d4be1fb838`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x90b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34276`
Detected Filetype	PNG graphic file
MD5	`6ddb2971171f0cbb5a7a1e24daf9c058`
SHA1	`a92c044ebf614033ebcecb80ab7da6db5b0f47ba`
SHA256	`29f3cf41dd19aae1f411e6682ad4076909714abcec3c7604da2865d8781f4435`
SHA3	`4e91d648365b090fd3d80a8178669937da27063df98faebc1f0e9b2bcc9fd26e`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68124`
MD5	`020378554aef476bca9321efd923987b`
SHA1	`bf562d60d3cfcd46edc694b514067f794f889b4d`
SHA256	`f12c4d9291ec41fe83d9f607e7e5e97c9ad91d4b6ce630362c90a7bbb6a33f87`
SHA3	`5bdea54b791bb08ed05c13760559a65dc1094e9359b70070333f561218217d3c`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80715`
MD5	`ee6aab0d2a2a3b593c956cf42f77ae3a`
SHA1	`80eea6b72d811395a7ae8faa087f6c4e023113c1`
SHA256	`5d3accd3fffb51a126c51b31c8c702eb82d7d263adc40f79cef611505b657b2e`
SHA3	`10af8fd3eb86072414476d7292ca23b3cc81a97950e0b2de7c174c7fdc0b2829`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82161`
MD5	`754e2bdcacf6a45aeae73a4fe1e18874`
SHA1	`4201cb1e3adbad8d330ed3b4a5dbd93be8d7a23a`
SHA256	`26109c3d569485c1a47d9387a1c01c8ba80e5f72c5b3e68349e1fb445f3c8a91`
SHA3	`2b9b049adf2fa9fad570f5e40eaa1b32f374d686a03f2b3ca42dbd584e169a2e`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9458`
MD5	`049adcf7dae1847bdc61e2839c33815f`
SHA1	`63ed6cc6be6dfc49080de6a75c19fdda47bb6e4d`
SHA256	`6b75bee5cf9b91b5365172e6cec8710325aea24bfd15eb71343b1e4e048f5558`
SHA3	`20ce7114961ea521dc59b71b0cad68fc3896c90b7813b067e75a3174dd19a79b`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x115a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40514`
Detected Filetype	PNG graphic file
MD5	`80effeaf0f7f73030c8c163b1d372a73`
SHA1	`2fe13eb3e7bca557f85fc8f9b9cae0bcc471b2b8`
SHA256	`fb2d880da70a3656bd101b0abef32bf9fa1cd534f722390a89726d6688a9b69a`
SHA3	`09fc211cee1c94a133ffcd534ee37fbf0cbc1361fd7597fdae82672b1a5ed951`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26975`
MD5	`f1116353e3532f47558905b9bf055ccd`
SHA1	`c811f9279167c9403f4ace49d15ea4903e111a4c`
SHA256	`8449d82e04180f53b51638f4be40711c0ec460a6d8974814281ca3ad023a6f7c`
SHA3	`8b370bb368464c8ef4b224957a67081802a791c011f3a79505fcbb00750bf58d`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.1346`
MD5	`556efe1176ce501c76135e739a4e351f`
SHA1	`8111ff3a50a39de110c9e7ec763b6e8ff7ee0ef2`
SHA256	`4d473837de08a8436ca2395d0c5f32c21520932efdeddc1901a10af5392f88d9`
SHA3	`5ee61c09e5a367b13359b017f3154d6b35c0ba5c7ca0b56adde22d7aa36b8507`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.398`
MD5	`837e52eb38d74315e357d8f125c4df81`
SHA1	`03c8def2cd7c7cb2ed4104ecddfe81b6ddd4e658`
SHA256	`98174f3472ca0f9554ba63205b25c32599203ed666ed11fe97b0ea8e139bfcbb`
SHA3	`e311783462de1ba36b6ee0703350bf7e2e1d4bdd64e4290fbc2ac4d4be1fb838`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x90b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34276`
Detected Filetype	PNG graphic file
MD5	`6ddb2971171f0cbb5a7a1e24daf9c058`
SHA1	`a92c044ebf614033ebcecb80ab7da6db5b0f47ba`
SHA256	`29f3cf41dd19aae1f411e6682ad4076909714abcec3c7604da2865d8781f4435`
SHA3	`4e91d648365b090fd3d80a8178669937da27063df98faebc1f0e9b2bcc9fd26e`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68124`
MD5	`020378554aef476bca9321efd923987b`
SHA1	`bf562d60d3cfcd46edc694b514067f794f889b4d`
SHA256	`f12c4d9291ec41fe83d9f607e7e5e97c9ad91d4b6ce630362c90a7bbb6a33f87`
SHA3	`5bdea54b791bb08ed05c13760559a65dc1094e9359b70070333f561218217d3c`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80715`
MD5	`ee6aab0d2a2a3b593c956cf42f77ae3a`
SHA1	`80eea6b72d811395a7ae8faa087f6c4e023113c1`
SHA256	`5d3accd3fffb51a126c51b31c8c702eb82d7d263adc40f79cef611505b657b2e`
SHA3	`10af8fd3eb86072414476d7292ca23b3cc81a97950e0b2de7c174c7fdc0b2829`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82161`
MD5	`754e2bdcacf6a45aeae73a4fe1e18874`
SHA1	`4201cb1e3adbad8d330ed3b4a5dbd93be8d7a23a`
SHA256	`26109c3d569485c1a47d9387a1c01c8ba80e5f72c5b3e68349e1fb445f3c8a91`
SHA3	`2b9b049adf2fa9fad570f5e40eaa1b32f374d686a03f2b3ca42dbd584e169a2e`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9458`
MD5	`049adcf7dae1847bdc61e2839c33815f`
SHA1	`63ed6cc6be6dfc49080de6a75c19fdda47bb6e4d`
SHA256	`6b75bee5cf9b91b5365172e6cec8710325aea24bfd15eb71343b1e4e048f5558`
SHA3	`20ce7114961ea521dc59b71b0cad68fc3896c90b7813b067e75a3174dd19a79b`

109

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71163`
MD5	`2886ccd7dc1bd6dec8413a00b53046a0`
SHA1	`a09dea8ae745541a9d191d42d68510db8f648b5d`
SHA256	`a29831e4a3fac395e2aa86df5a0906ed2beebda018745be869477d636148f7af`
SHA3	`fc89873b946c12a8b176b7eff05b2c4445b56a96c045e40e9d49ecc09a4d0fcb`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x15c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22919`
MD5	`6c86eca14c65510a130e645f787c59df`
SHA1	`513c0a23778c31abf710a9f1d8a4a00fbdb053a1`
SHA256	`d48bcb978d74900d1ab5aee37b8ddafba5bf3912c6fec387a3746b024e778a8b`
SHA3	`0c24062d207cf6f9329cfb1b237ef9c194277a8d88c14ce1bbdc3e98056cea5c`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41246`
MD5	`760e55abefd0eef5f47a3b7e7f548cdd`
SHA1	`7de78382ca95f797b6ff9cb4e1b705f8d9b02cf7`
SHA256	`ae24ec887452f0a2be353779ae909abde77f983ba7503f4fae82fb08d595b081`
SHA3	`771c023bae6b4678496a1ac2a782bfc2603351f84d33259e8eea3dc4b05861ed`

109 (#2)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80887`
Detected Filetype	Icon file
MD5	`3c05e220887a3ece785e94ba01ef2365`
SHA1	`58b72f9ecac3827e770a073030bf1c48de0e31f1`
SHA256	`b89482d2dfd349ed0465241aa76507fd25a49dfafed3c7233afd53a3ff36f6a7`
SHA3	`2cd355b6a0b659201c97af9c629791d1d7e083c8a4dca9ab93ce5582cae117ae`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85121`
Detected Filetype	Icon file
MD5	`761371fb444ffe3cba9630fa53a07e52`
SHA1	`09e05edf4a7a8d5b314e96d9aae9250fd86ea068`
SHA256	`ca27366c72f3cad07bc9e39d6626a6a059cb939d6985475e49dd8e5b93cbbe86`
SHA3	`32af3f3ea06c3d9cc09fb775f4610d3b91f2af87cb8a700b5d1b0ab04f95b0ce`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

String Table contents

CCXProcessRedirect
CCXPROCESSREDIRECT

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Dec-20 22:07:27
Version	`0.0`
SizeofData	`98`
AddressOfRawData	`0x34f4`
PointerToRawData	`0x1cf4`
Referenced File	C:\Users\labuser\source\CCXProcessRedirect\Release\CCXProcessRedirect.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Dec-20 22:07:27
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3558`
PointerToRawData	`0x1d58`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Dec-20 22:07:27
Version	`0.0`
SizeofData	`632`
AddressOfRawData	`0x356c`
PointerToRawData	`0x1d6c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Dec-20 22:07:27
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x404004`
SEHandlerTable	`0x4034f0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x52c94a02`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
C++ objects (VS 2015/2017 runtime 26706)	`23`
C objects (VS 2015/2017 runtime 26706)	`12`
ASM objects (VS 2015/2017 runtime 26706)	`2`
Imports (VS 2015/2017 runtime 26706)	`4`
Imports (26213)	`3`
Total imports	`60`
265 (VS2017 v15.9.11 compiler 27030)	`1`
Resource objects (VS2017 v15.9.11 compiler 27030)	`1`
151	`1`
Linker (VS2017 v15.9.11 compiler 27030)	`1`

03c21928b3b0c76d36ef663c7c3832a3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

109

103

7 (#2)

109 (#2)

107

108

1 (#2)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors