Manalyze report for 08eb78e5be019df044c26b14703bd1fa

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2098-Nov-02 01:44:16
Detected languages	English - United States
Debug artifacts	dllhost.pdb
CompanyName	Microsoft Corporation
FileDescription	COM Surrogate
FileVersion	`10.0.19041.546 (WinBuild.160101.0800)`
InternalName	dllhost.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	dllhost.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.19041.546`

Plugin Output

Info	The PE is digitally signed.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011`
Safe	VirusTotal score: 0/67 (Scanned on 2021-05-01 04:35:42)	`All the AVs think this file is safe.`

Hashes

MD5	`08eb78e5be019df044c26b14703bd1fa`
SHA1	`2ce12a317bebf8293f3544433a55d972a5967996`
SHA256	`e7fc40b41aa8b83841a0b96d169eaf0800aa784733e636935374d56536253f10`
SHA3	`196bcbfeacab19fb8f6d041eb9c55264a80d91e5b15401064b5dce06a7405603`
SSDeep	`384:lJRXcksOiPxc+rWw5Ww78hDBRJXP+CcWlGsaX:lJR7cxcEKh1PfwL`
Imports Hash	`cf79fce90fced31836373f3e48251a5d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2098-Nov-02 01:44:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1200`
SizeOfInitializedData	`0x2200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000014E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0xbf5f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x8000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a4f1523b79cfc0ee32b2b0c6d1187077`
SHA1	`1eb25bb670c1981a502b18369cc8510919e1692b`
SHA256	`8b14a83cd217bb60760acb5ad66dd4726fa6daf6f4045caf776b27f0beff238c`
SHA3	`47f0d844a21f27f91debcf5587b13dfa57a94c0fb1c1a1ad6c83cdcbcafe7397`
VirtualSize	`0x1164`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.66665`

.rdata

MD5	`6bd38137aca4950d2eae3031cd060579`
SHA1	`7c14d75de8f8e25e49af15eaf16689add2f65d41`
SHA256	`0130071a5a8cf602b9b98fecec134b9ae8bb7844eb5b3f4dab02f3fd106b655e`
SHA3	`e9db740b21e61137d9b82546db14a9bedecfea67095b0a96aa06e5394a147ac8`
VirtualSize	`0x112a`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.16303`

.data

MD5	`db11eb632a2efbef76bebd3c951b36a8`
SHA1	`c2665419732bdd96d5bd60e48e025963ebeb2273`
SHA256	`ee6899764c801c456d38c448ad87ae5ca0237153cbccac81072818a705d4489c`
SHA3	`2fef60f9dc3e1d6324fa91cd2448fe6a7f04f95708fb51d6ac81f8e206c7c2fc`
VirtualSize	`0x6b8`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.374797`

.pdata

MD5	`41e543a890aeded5a85b5254e1cce01b`
SHA1	`cbf103f581cf2ebd6a101752fb3a026247bc6017`
SHA256	`10ca3151af515d9f9a273af125b84d41deff2730a992dcd5eb5ee939297c2921`
SHA3	`2f0adc636113cf5c1fd413f36f7f02ac3c57a615d0d796f913f2ef0d8cfe5701`
VirtualSize	`0x1a4`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.19903`

.rsrc

MD5	`be12023ba4cf60a5b01cb7ffdb63e664`
SHA1	`d974b63a91bf1a5eba07614a56193aadb98b488f`
SHA256	`81b90f0e0aaeb70d5a5ad0524501c16cbb2efb83f73f21bc752e308372fc6228`
SHA3	`550d9240a928c94bdc569829378ac98437a753882da8539c19714c10f722e1d4`
VirtualSize	`0x3e8`
VirtualAddress	`0x7000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.30182`

.reloc

MD5	`4c1e1dc0def1a4dafb7df6b34041e125`
SHA1	`062a2853beec6f034aef6fb15099f3cee4729e13`
SHA256	`13ca1c54c95d51eb48da8b72291c6c44e9b2a9a84c68fb9be5c8be6bbb2a4ce8`
SHA3	`6d2f64acf9f19c7ad8e688d173aeb33661e049dd594afe99b4ba31af314fa3b7`
VirtualSize	`0x28`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.520464`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm_e` `_initterm`
api-ms-win-crt-private-l1-1-0.dll	`_o__cexit` `_o__configthreadlocale` `_o__configure_wide_argv` `_o__crt_atexit` `_o__exit` `_o__get_wide_winmain_command_line` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `_o__wcsicmp` `_o_exit` `_o_terminate` `__C_specific_handler` `_o___p__commode`
api-ms-win-crt-string-l1-1-0.dll	`memset`
ntdll.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlCaptureContext`
api-ms-win-core-com-private-l1-1-0.dll	`CoRegisterSurrogateEx`
api-ms-win-core-processthreads-l1-1-0.dll	`GetStartupInfoW` `GetCurrentThreadId` `GetCurrentProcessId` `GetCurrentProcess` `TerminateProcess`
api-ms-win-core-com-l1-1-0.dll	`CoUninitialize` `IIDFromString` `CoInitializeEx`
api-ms-win-core-heap-l1-1-0.dll	`HeapSetInformation`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTimeAsFileTime`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-debug-l1-1-0.dll	`IsDebuggerPresent`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `SetUnhandledExceptionFilter`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleW`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x388`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49375`
MD5	`69643ec873ce7948e5c7a9eb0eab98da`
SHA1	`fc2559aee8d05b6ffac8134ffd6916353ec82b2e`
SHA256	`04c3ffb4056f9fa3c22f32c3eb5a9bdede3b4172a675999ec215fa5e8c5dccbc`
SHA3	`d36e14d548d5be2d7abeaf9c6ae5b2bcdf7aca2e85f19f7aa308218b70f683b8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.19041.546
ProductVersion	10.0.19041.546
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	COM Surrogate
FileVersion (#2)	10.0.19041.546 (WinBuild.160101.0800)
InternalName	dllhost.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	dllhost.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.19041.546

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2098-Nov-02 01:44:16
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x3434`
PointerToRawData	`0x1a34`
Referenced File	dllhost.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2098-Nov-02 01:44:16
Version	`0.0`
SizeofData	`696`
AddressOfRawData	`0x3458`
PointerToRawData	`0x1a58`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2098-Nov-02 01:44:16
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x3710`
PointerToRawData	`0x1d10`

TLS Callbacks

Load Configuration

Size	`0x118`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005000`
GuardCFCheckFunctionPointer	`5368722176`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x7ccd0f32`
Unmarked objects	`0`
Imports (27412)	`2`
Imports (VS2008 SP1 build 30729)	`29`
Total imports	`1066`
C objects (27412)	`9`
ASM objects (27412)	`2`
264 (27412)	`3`
C++ objects (27412)	`20`
253 (27412)	`1`
Resource objects (27412)	`1`
Linker (27412)	`1`

08eb78e5be019df044c26b14703bd1fa

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors