| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2023-Apr-06 16:40:35 |
| Detected languages |
English - United States
|
| Debug artifacts |
D:\a\1\s\exe\x64\Release\TcpView64.pdb
|
| CompanyName | Sysinternals - www.sysinternals.com |
| FileDescription | Sysinternals TcpView |
| FileVersion | 4.19 |
| InternalName | TcpView |
| LegalCopyright | Copyright © 1996-2023 Mark Russinovich & Bryce Cogswell |
| LegalTrademarks | Copyright (C) 1996-2023 Mark Russinovich & Bryce Cogswell |
| OriginalFilename | TcpView.exe |
| ProductName | TcpView |
| ProductVersion | 4.19 |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA 2011 |
| Safe | VirusTotal score: 0/72 (Scanned on 2026-04-23 03:42:19) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2023-Apr-06 16:40:35 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x6a000 |
| SizeOfInitializedData | 0xaee00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000040F3C (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x11c000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x10995b |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
CreateThread
GetSystemTimeAsFileTime FileTimeToLocalFileTime GetTickCount64 FileTimeToSystemTime SetFilePointerEx GetFileSizeEx GetConsoleOutputCP FlushFileBuffers SetStdHandle FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineA GetOEMCP GetACP IsValidCodePage FindNextFileW FindFirstFileExW FindClose ReadConsoleInputW SetConsoleMode GetConsoleMode EnumSystemLocalesW GetUserDefaultLCID IsValidLocale LCMapStringW FlsFree FlsSetValue FlsGetValue FlsAlloc GetConsoleCP ExitProcess lstrcmpiW TlsFree TlsSetValue TlsGetValue TlsAlloc RtlPcToFileHeader RtlUnwindEx GetCPInfo LCMapStringEx AcquireSRWLockShared AcquireSRWLockExclusive ReleaseSRWLockShared ReleaseSRWLockExclusive GetStringTypeW LoadLibraryExA VirtualFree FlushInstructionCache InterlockedPushEntrySList InterlockedPopEntrySList EncodePointer OutputDebugStringW InitializeSListHead QueryPerformanceCounter GetStartupInfoW IsDebuggerPresent IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext CreateEventW WaitForSingleObjectEx ResetEvent SetEvent InitializeCriticalSectionAndSpinCount GetCurrentProcessId Process32NextW Process32FirstW CreateToolhelp32Snapshot QueryFullProcessImageNameW OpenProcess DecodePointer VerifyVersionInfoW lstrcmpW VirtualQuery SetPriorityClass SetThreadPriority GetCurrentThread CreateDirectoryW VerSetConditionMask GetNumberFormatEx GetLocaleInfoW GetTimeFormatW GetDateFormatW FormatMessageW GetModuleHandleExW GetModuleFileNameA DebugBreak WideCharToMultiByte MultiByteToWideChar TrySubmitThreadpoolCallback VirtualAlloc lstrlenW MulDiv LoadLibraryW FreeLibrary GetThreadId CloseHandle GetTempPathW WriteFile GetTempFileNameW DeleteFileW CreateFileW GetModuleFileNameW GetCurrentThreadId DeleteCriticalSection InitializeCriticalSectionEx LeaveCriticalSection TerminateProcess EnterCriticalSection GetLastError WritePrivateProfileStructW GetPrivateProfileStructW WriteConsoleW WritePrivateProfileStringW GetPrivateProfileStringW GetPrivateProfileIntW GetFileAttributesW GetCurrentProcess FindResourceW SizeofResource LockResource LoadResource FindResourceExW GetProcessHeap HeapSize HeapFree HeapReAlloc HeapAlloc HeapDestroy RaiseException GlobalLock GlobalUnlock GlobalAlloc LocalFree LocalAlloc GetProcAddress GetModuleHandleW GetFileType GetCommandLineW GetStdHandle LoadLibraryExW GetVersionExW RtlUnwind SetLastError |
|---|---|
| USER32.dll |
AppendMenuW
GetMenuItemID GetSubMenu CreatePopupMenu LoadMenuW LoadAcceleratorsW GetKeyState CharNextW CharLowerW PostQuitMessage GetMessagePos PeekMessageW DispatchMessageW RemoveMenu GetMessageW DrawFrameControl SetRectEmpty RegisterWindowMessageW LoadStringA LoadIconW EnableWindow MonitorFromPoint MessageBoxW LockWindowUpdate GetMenuItemInfoW TrackPopupMenuEx ModifyMenuW GetMenuItemCount GetMenuInfo SetMenuDefaultItem MessageBeep GetCursorPos TranslateMessage WindowFromPoint GetWindowThreadProcessId SendMessageW DialogBoxIndirectParamW EndDialog GetDlgItem SetWindowTextW SetCursor CheckMenuRadioItem DrawEdge SetMenuInfo GetMenuStringW SetMenu GetMenu TranslateAcceleratorW GetActiveWindow GetDlgCtrlID DialogBoxParamW CreateDialogParamW SetWindowPlacement GetWindowPlacement DestroyWindow GetSysColorBrush InflateRect LoadCursorW OpenClipboard CloseClipboard SetClipboardData EmptyClipboard DestroyMenu SetMenuItemInfoW GetSysColor LoadImageW IsMenu IsWindow LoadStringW GetWindow MapWindowPoints GetWindowRect SetDlgItemTextW GetAncestor DrawIconEx DefWindowProcW CallWindowProcW UnregisterClassW RegisterClassExW GetClientRect GetClassInfoExW CreateWindowExW SetFocus GetFocus SetTimer KillTimer DrawTextW BeginPaint EndPaint InvalidateRect GetWindowTextW GetWindowModuleFileNameW GetMonitorInfoW MonitorFromWindow SystemParametersInfoW GetScrollInfo SetScrollInfo DestroyIcon CallNextHookEx UnhookWindowsHookEx SetWindowsHookExW GetClassNameW SetClassLongPtrW SetWindowLongW GetWindowLongW PtInRect OffsetRect CopyRect FrameRect FillRect DrawFocusRect ScreenToClient ShowScrollBar SetScrollPos RedrawWindow ReleaseDC GetWindowDC GetDC UpdateWindow GetSystemMetrics IsWindowEnabled IsZoomed IsWindowVisible SetWindowPos MoveWindow ShowWindow IsChild PostMessageW GetParent SetWindowLongPtrW GetWindowLongPtrW GetWindowTextLengthW |
| GDI32.dll |
ExcludeClipRect
CreatePatternBrush PatBlt SetBrushOrgEx CreateBitmap CreateDIBSection GetCurrentObject Polyline TextOutW MoveToEx SetTextAlign Rectangle GetDeviceCaps SetMapMode StartDocW EndDoc StartPage EndPage BitBlt CreateCompatibleBitmap CreateCompatibleDC DeleteDC DeleteObject SelectObject SetBkColor ExtTextOutW CreateFontIndirectW SetBkMode SetTextColor GetObjectW CreateSolidBrush CreatePen GetStockObject LineTo GetTextExtentPoint32W |
| COMDLG32.dll |
ChooseFontW
GetSaveFileNameW GetOpenFileNameW PrintDlgW |
| ADVAPI32.dll |
ControlTraceW
RegCreateKeyW RegOpenKeyW RegOpenKeyExW RegQueryValueExW RegSetValueExW RegGetValueW OpenProcessToken GetTokenInformation RegCreateKeyExW RegDeleteKeyW RegDeleteValueW ProcessTrace OpenTraceW RegCloseKey StartTraceW RegQueryInfoKeyW RegEnumKeyExW |
| SHELL32.dll |
SHGetFolderPathW
ShellExecuteW ExtractIconExW ExtractIconW |
| ole32.dll |
CoUninitialize
CoCreateInstance CoTaskMemAlloc CoInitialize CoTaskMemFree CoTaskMemRealloc |
| OLEAUT32.dll |
VarUI4FromStr
|
| COMCTL32.dll |
ImageList_Destroy
ImageList_DrawEx ImageList_GetIconSize ImageList_Create ImageList_GetImageCount ImageList_ReplaceIcon ImageList_DrawIndirect CreateStatusWindowW InitCommonControlsEx ImageList_Draw |
| UxTheme.dll |
SetWindowTheme
IsThemeActive IsAppThemed |
| VERSION.dll |
GetFileVersionInfoW
VerQueryValueW GetFileVersionInfoSizeW |
| dwmapi.dll |
DwmSetWindowAttribute
DwmDefWindowProc |
| IPHLPAPI.DLL |
GetOwnerModuleFromTcpEntry
GetExtendedUdpTable GetOwnerModuleFromUdpEntry GetOwnerModuleFromTcp6Entry GetOwnerModuleFromUdp6Entry SetTcpEntry GetExtendedTcpTable |
| WS2_32.dll |
WSAGetLastError
getservbyport getaddrinfo send recv htons connect closesocket ntohs freeaddrinfo GetNameInfoW WSAStartup gethostname socket |
| tdh.dll |
TdhGetEventInformation
TdhGetPropertySize |
| TCPView - Sysinternals: www.sysinternals.com |
| TCPView |
| Refresh |
| Refresh |
| Toggle always on top |
| Always on Top |
| Show process properties |
| Process Properties |
| Terminate selected process |
| Terminate Process |
| Resolve IP addresses |
| Resolve Addresses |
| Change font |
| Font |
| Show whois information |
| Whois Information |
| Close the selected connection |
| Close Connection |
| Pause/Resume updates |
| Pause / Resume |
| TCP v4 |
| TCP v4 |
| TCP v6 |
| TCP v6 |
| UDP v4 |
| UDP v4 |
| UDP v6 |
| UDP v6 |
| Quick find |
| Quick Find |
| Reset all options to their defaults |
| Reset Options |
| States Filter |
| States Filter |
| Save the connection list |
| Save |
| Save the active document with a new name |
| Save As |
| Erase the selection |
| Erase |
| Erase everything |
| Erase All |
| Copy the selection and put it on the Clipboard |
| Copy |
| Cut the selection and put it on the Clipboard |
| Cut |
| Find the specified text |
| Find |
| Insert Clipboard contents |
| Paste |
| Select the entire document |
| Select All |
| Split the active window into panes |
| Split |
| Display program information, version number and copyright |
| About |
| Quit the application |
| Exit |
| Show or hide the toolbar |
| Toggle ToolBar |
| Show or hide the status bar |
| Toggle StatusBar |
| Change the window size |
| Change the window position |
| Reduce the window to an icon |
| Enlarge the window to full size |
| Switch to the next document window |
| Switch to the previous document window |
| Close the active window and prompts to save the documents |
| Restore the window to normal size |
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 4.19.0.0 |
| ProductVersion | 4.19.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_DLL
|
| Language | English - United States |
| CompanyName | Sysinternals - www.sysinternals.com |
| FileDescription | Sysinternals TcpView |
| FileVersion (#2) | 4.19 |
| InternalName | TcpView |
| LegalCopyright | Copyright © 1996-2023 Mark Russinovich & Bryce Cogswell |
| LegalTrademarks | Copyright (C) 1996-2023 Mark Russinovich & Bryce Cogswell |
| OriginalFilename | TcpView.exe |
| ProductName | TcpView |
| ProductVersion (#2) | 4.19 |
| Resource LangID | English - United States |
|---|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2023-Apr-06 16:40:35 |
| Version | 0.0 |
| SizeofData | 63 |
| AddressOfRawData | 0x892a4 |
| PointerToRawData | 0x886a4 |
| Referenced File | D:\a\1\s\exe\x64\Release\TcpView64.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2023-Apr-06 16:40:35 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x892e4 |
| PointerToRawData | 0x886e4 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2023-Apr-06 16:40:35 |
| Version | 0.0 |
| SizeofData | 1040 |
| AddressOfRawData | 0x892f8 |
| PointerToRawData | 0x886f8 |
| StartAddressOfRawData | 0x140089730 |
|---|---|
| EndAddressOfRawData | 0x140089b54 |
| AddressOfIndex | 0x1400a7c58 |
| AddressOfCallbacks | 0x14006bdd8 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x140093648 |
| XOR Key | 0x7a734ed3 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (30795) | 10 |
| C++ objects (30795) | 170 |
| C++ objects (VS 2015-2022 runtime 31823) | 88 |
| C objects (VS 2015-2022 runtime 31823) | 19 |
| ASM objects (VS 2015-2022 runtime 31823) | 10 |
| C objects (30795) | 20 |
| Imports (30795) | 31 |
| Total imports | 411 |
| C objects (31943) | 2 |
| C++ objects (31943) | 31 |
| Resource objects (31943) | 1 |
| 151 | 1 |
| Linker (31943) | 1 |
No comments yet.