Manalyze report for 0dd5a7b23ecb062c4c2c0ea87ef35b05

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2015-Jul-10 03:18:47
Detected languages	English - United States
Debug artifacts	msv1_0.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft Authentication Package v1.0
FileVersion	`10.0.10240.16384 (th1.150709-1700)`
InternalName	MSV1_0.DLL
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MSV1_0.DLL
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.10240.16384`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .didat`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryExA GetProcAddress` `Functions which can be used for anti-debugging purposes: NtQuerySystemInformation NtQueryInformationProcess` `Can access the registry: RegCloseKey RegOpenKeyExA RegSetValueExW RegOpenKeyExW RegDeleteValueW RegQueryValueExA RegQueryValueExW RegNotifyChangeKeyValue` `Uses Windows's Native API: NtlmSharedInit NtlmSharedFree NtAllocateLocallyUniqueId NtDeleteValueKey NtCreateKey NtQueryValueKey NtSetValueKey NtOpenKey NtQuerySystemInformation NtOpenProcessToken NtQueryInformationToken NtSetSecurityObject NtDuplicateObject NtQueryInformationProcess NtDuplicateToken NtOpenProcess NtSetEvent NtOpenEvent NtWaitForSingleObject NtQuerySystemTime NtFilterToken NtClose NtSetInformationThread NtOpenThreadToken NtCreateEvent` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Functions related to the privilege level: CheckTokenMembership AdjustTokenPrivileges` `Manipulates other processes: OpenProcess NtOpenProcess`
Info	The PE is digitally signed.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011`
Safe	VirusTotal score: 0/71 (Scanned on 2019-05-18 08:12:24)	`All the AVs think this file is safe.`

Hashes

MD5	`0dd5a7b23ecb062c4c2c0ea87ef35b05`
SHA1	`c9061d7ceed3e2ae2bbb1510af0716088e7ede18`
SHA256	`3892fc66665128d846bee262e05dd7c09324b999b8e8b801af42b3c1b2933d5f`
SHA3	`12093bf8820bfc4543ae755b4b0585ca8101f8087f39410c51ce4833bc7865fa`
SSDeep	`6144:yI5tjinAtzh7pKTA/bTBA5z3psFTSsdj+J9U52yiJX7ZODszYwHu:yI8TAHrTSsd6K52j7ZW/`
Imports Hash	`07a3878ef862fa526259c7b98a8e600d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2015-Jul-10 03:18:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0x46200`
SizeOfInitializedData	`0x14c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000016420 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x5f000`
SizeOfHeaders	`0x400`
Checksum	`0x66cf6`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`48f9671ea983f3be469bbb3bde4837f2`
SHA1	`56c568f2cce5e6ebfb4930090c512da88b1cb678`
SHA256	`ef17289094f600314c2d237c2b82b8b6017a48d10a2872d714c83db7146edff6`
SHA3	`679a8561125252fcf0709def0666a741761121b4645878e3f1b0d5f4b10ab231`
VirtualSize	`0x46121`
VirtualAddress	`0x1000`
SizeOfRawData	`0x46200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.38965`

.rdata

MD5	`c2c70012bd5e3998dce0e98457469414`
SHA1	`313a884053b37358eaef8efbe2119b930decc9ba`
SHA256	`1097a8315eca73fcfbe3396473969509bd5bcfc7d78733c946aeab19e8df63df`
SHA3	`6fda97e48eb2a01114238f676443e8e5e3bacc22f41b84e159ccbcec9155211f`
VirtualSize	`0xc5a6`
VirtualAddress	`0x48000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x46600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23641`

.data

MD5	`12fd8de08c0f9ab848f9ca129daacbdd`
SHA1	`a667488954cf37f3a83d04e241afabfc75c7cac0`
SHA256	`ddafc44a83c8a945b9f49e957f8f5fcd4d602404f85b6b9321c0ae71953fd602`
SHA3	`b4defbfb27f90597aab5ccc2120dd780c6a336bfcd00c39551527dd7ee635cef`
VirtualSize	`0x3d48`
VirtualAddress	`0x55000`
SizeOfRawData	`0x600`
PointerToRawData	`0x52c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.02197`

.pdata

MD5	`a39a481781c177dbbe296d0cd3251b89`
SHA1	`302ffd257ed4ec3d363138dbfcfb764bee2b1060`
SHA256	`459d2b55dca5d18c2f7fcfe268c5ec30a267d833dbca970e76dbd7df2affc032`
SHA3	`d591581675a52cc43af578a55ba6c6360162a17512895d6f1adf9fa66dd0a659`
VirtualSize	`0x1f14`
VirtualAddress	`0x59000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x53200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.52792`

.didat

MD5	`46291e6183d3f6d809063f58dcc3fe77`
SHA1	`e93fd6aa469be2a063ddb622ba7a3d90f5aae0d9`
SHA256	`2f635293a191ea77bc9c6388ea9d7ca1f7aaba85fbca143b6f3ab33ecbcae60d`
SHA3	`5021eac7e4e5fe65220d336abd17323a0879cb389eee6c32d75f2861a7ed5143`
VirtualSize	`0x460`
VirtualAddress	`0x5b000`
SizeOfRawData	`0x600`
PointerToRawData	`0x55200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.14077`

.rsrc

MD5	`eb48bcb20d9c64b8dbf450439a78a994`
SHA1	`5cd28bafbe25a266fc06d6fed70bf5ff8cf633d2`
SHA256	`9c8297fb4f7f9ad98a6e13dd8fecb08e7a5bc5a1f10afaa7587862e76df29975`
SHA3	`fdc9521017c2bbe9732e2f3961b5735edbd5d4ee2d064dbe1aaa3bb4a71d75d9`
VirtualSize	`0x1de0`
VirtualAddress	`0x5c000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x55800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.6703`

.reloc

MD5	`27cef7c2efbe63dbf0e42ab2988d8fd5`
SHA1	`44082b153e16f3b6e8ef383ed948e536c72c2a1b`
SHA256	`1012a0c3c5060420c01d9fc5eb61773e564b24f4f47db37b6d794b4ec16df1de`
SHA3	`19ef1c683313072d816d53f90dc7aa077e8ff3ee6af1e56cbad0a55f062fbfe6`
VirtualSize	`0x36c`
VirtualAddress	`0x5e000`
SizeOfRawData	`0x400`
PointerToRawData	`0x57600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.9533`

Imports

msvcrt.dll	`memcmp` `memcpy` `_wcsicmp` `strcpy_s` `sprintf_s` `_vsnprintf_s` `wcsncat_s` `wcscat_s` `wcsncmp` `wcscpy_s` `wcsncpy_s` `memmove` `wcsrchr` `towupper` `strncmp` `wcschr` `_snwprintf_s` `swprintf_s` `_purecall` `??3@YAXPEAX@Z` `_XcptFilter` `_amsg_exit` `free` `_onexit` `__dllonexit` `_ultow` `_wsplitpath_s` `_unlock` `_lock` `__C_specific_handler` `_initterm` `malloc` `memset`
api-ms-win-security-base-l1-2-0.dll	`GetTokenInformation` `CheckTokenMembership` `RevertToSelf` `AdjustTokenPrivileges` `ImpersonateAnonymousToken`
api-ms-win-core-file-l1-2-1.dll	`WriteFile` `CreateFileW` `FlushFileBuffers` `CreateDirectoryW` `CompareFileTime` `SetFilePointer`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleW` `GetModuleFileNameW` `FreeLibrary` `LoadLibraryExW` `LoadLibraryExA` `DisableThreadLibraryCalls` `GetProcAddress`
api-ms-win-core-processthreads-l1-1-2.dll	`GetCurrentProcessId` `GetCurrentThread` `OpenProcess` `SetThreadToken` `GetCurrentThreadId` `SetThreadStackGuarantee` `TerminateProcess` `GetCurrentProcess`
api-ms-win-core-errorhandling-l1-1-1.dll	`SetLastError` `GetLastError` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter`
api-ms-win-core-sysinfo-l1-2-1.dll	`GetSystemTimeAsFileTime` `GetTickCount` `GetWindowsDirectoryW` `GetComputerNameExW` `GetVersionExW` `GetLocalTime` `GetSystemInfo`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-rtlsupport-l1-2-0.dll	`RtlCompareMemory` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext`
api-ms-win-core-registry-l1-1-0.dll	`RegCloseKey` `RegOpenKeyExA` `RegSetValueExW` `RegOpenKeyExW` `RegDeleteValueW` `RegQueryValueExA` `RegQueryValueExW` `RegNotifyChangeKeyValue`
api-ms-win-core-debug-l1-1-1.dll	`DebugBreak` `IsDebuggerPresent`
bcrypt.dll	`BCryptEncrypt` `BCryptFinishHash` `BCryptHashData` `BCryptDestroyHash` `BCryptExportKey` `BCryptGenerateSymmetricKey` `BCryptOpenAlgorithmProvider` `BCryptDuplicateKey` `BCryptCreateHash` `BCryptDestroyKey` `BCryptImportKey` `BCryptCloseAlgorithmProvider`
api-ms-win-core-heap-l2-1-0.dll	`LocalFree` `LocalAlloc`
api-ms-win-core-synch-l1-2-0.dll	`Sleep` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `CreateEventW`
api-ms-win-core-processenvironment-l1-2-0.dll	`ExpandEnvironmentStringsW` `SetCurrentDirectoryW` `GetCurrentDirectoryW`
api-ms-win-core-localization-l1-2-1.dll	`FormatMessageW` `FormatMessageA`
api-ms-win-core-psapi-l1-1-0.dll	`QueryFullProcessImageNameW`
RPCRT4.dll	`I_RpcMapWin32Status` `RpcExceptionFilter` `NdrClientCall3` `RpcStringFreeW` `RpcBindingFree` `RpcStringBindingComposeW` `RpcBindingFromStringBindingW`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-security-activedirectoryclient-l1-1-0.dll	`DsBindWithSpnExW` `DsCrackNamesW` `DsFreeNameResultW` `DsUnBindW`
api-ms-win-core-threadpool-private-l1-1-0.dll	`RegisterWaitForSingleObjectEx`
api-ms-win-core-threadpool-legacy-l1-1-0.dll	`CreateTimerQueueTimer` `ChangeTimerQueueTimer` `UnregisterWaitEx` `DeleteTimerQueueTimer`
api-ms-win-core-privateprofile-l1-1-1.dll	`GetProfileIntW`
NtlmShared.dll	`MsvpLm20GetNtlm3ChallengeResponse` `MsvpCompareCredentials` `MsvpCredentialToCachePasswords` `MsvpDecryptDpapiMasterKey` `MsvpUpdateSharedConfiguration` `NtlmSharedInit` `NtlmSharedFree` `MsvpMakeSecretPasswordNT5` `MsvpComputeSaltedHashedPassword` `MsvpLm3Response` `MsvpPutClearOwfsInPrimaryCredential` `MsvpCachePasswordsToCredential` `MsvpGMSACred` `MsvpPasswordValidate`
ntdll.dll	`RtlCheckTokenMembershipEx` `RtlCopyUnicodeString` `EtwEventWriteTransfer` `NtAllocateLocallyUniqueId` `RtlGetNtProductType` `RtlAvlInsertNodeEx` `RtlAvlRemoveNode` `RtlIntegerToUnicodeString` `NtDeleteValueKey` `NtCreateKey` `RtlDeleteResource` `NtQueryValueKey` `NtSetValueKey` `NtOpenKey` `NtQuerySystemInformation` `WinSqmSetDWORD` `EtwEventSetInformation` `RtlUpperChar` `EtwEventRegister` `EtwEventUnregister` `RtlFreeOemString` `RtlInitializeCriticalSection` `RtlCreateServiceSid` `RtlUpcaseUnicodeStringToOemString` `RtlOemStringToUnicodeString` `RtlNtStatusToDosError` `RtlCreateAcl` `RtlSetDaclSecurityDescriptor` `RtlAddAccessAllowedAce` `NtOpenProcessToken` `NtQueryInformationToken` `NtSetSecurityObject` `NtDuplicateObject` `RtlCreateSecurityDescriptor` `RtlNumberGenericTableElements` `RtlGetElementGenericTable` `RtlEnterCriticalSection` `RtlDeleteElementGenericTable` `NtQueryInformationProcess` `RtlLookupElementGenericTable` `RtlIpv6StringToAddressExW` `RtlLeaveCriticalSection` `NtDuplicateToken` `NtOpenProcess` `RtlInitializeGenericTable` `RtlInsertElementGenericTable` `RtlSystemTimeToLocalTime` `RtlEqualString` `RtlTimeToTimeFields` `EtwEventEnabled` `EtwEventWrite` `NtSetEvent` `RtlFreeHeap` `RtlAllocateHeap` `RtlImageNtHeader` `RtlAppendUnicodeStringToString` `NtOpenEvent` `RtlPrefixUnicodeString` `EtwEventActivityIdControl` `RtlConvertSharedToExclusive` `NtWaitForSingleObject` `RtlAppendUnicodeToString` `RtlCopySid` `RtlUpcaseUnicodeString` `EtwGetTraceLoggerHandle` `EtwUnregisterTraceGuids` `EtwRegisterTraceGuidsW` `EtwGetTraceEnableFlags` `EtwGetTraceEnableLevel` `RtlAcquireResourceExclusive` `RtlIntegerToChar` `RtlInitializeResource` `RtlLengthSid` `RtlSubAuthorityCountSid` `RtlInitializeSid` `EtwLogTraceEvent` `RtlEqualSid` `RtlDowncaseUnicodeString` `NtQuerySystemTime` `RtlIdentifierAuthoritySid` `WinSqmIncrementDWORD` `RtlLengthRequiredSid` `RtlSubAuthoritySid` `RtlAcquireResourceShared` `NtFilterToken` `RtlAllocateAndInitializeSid` `RtlDuplicateUnicodeString` `RtlReleaseResource` `NtClose` `RtlImpersonateSelf` `NtSetInformationThread` `RtlFreeUnicodeString` `RtlEqualDomainName` `RtlEqualUnicodeString` `NtOpenThreadToken` `RtlFreeSid` `RtlRunDecodeUnicodeString` `RtlEraseUnicodeString` `EtwTraceMessage` `RtlInitString` `RtlInitUnicodeString` `NtCreateEvent`
cryptdll.dll	`CDLocateCheckSum` `aesCTSDecryptMsg` `HMACwithSHA` `aesCTSEncryptMsg`
api-ms-win-eventing-controller-l1-1-0.dll	`StartTraceW` `ControlTraceW` `EnableTraceEx2`
api-ms-win-core-memory-l1-1-2.dll	`UnmapViewOfFile` `VirtualQuery` `VirtualProtect` `OpenFileMappingW` `CreateFileMappingW` `VirtualAlloc` `MapViewOfFileEx`
api-ms-win-core-file-l2-1-1.dll	`MoveFileExW`
api-ms-win-core-version-l1-1-0.dll	`GetFileVersionInfoExW` `GetFileVersionInfoSizeExW` `VerQueryValueW`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI` `DelayLoadFailureHook`
NETLOGON.dll (delay-loaded)	`NetILogonSamLogon` `I_NetLogonMixedDomain`

Delayed Imports

Attributes	`0x1`
Name	`NETLOGON.dll`
ModuleHandle	`0x55ac0`
DelayImportAddressTable	`0x5b1d0`
DelayImportNameTable	`0x50ba0`
BoundDelayImportTable	`0x51960`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

SpInitialize

Ordinal	`1`
Address	`0x14fa0`

MsvIsLocalhostAliases

Ordinal	`2`
Address	`0xe950`

SpLsaModeInitialize

Ordinal	`3`
Address	`0x14550`

SpUserModeInitialize

Ordinal	`4`
Address	`0x11d30`

DllMain

Ordinal	`5`
Address	`0x3d160`

LsaApCallPackage

Ordinal	`6`
Address	`0x12230`

LsaApCallPackagePassthrough

Ordinal	`7`
Address	`0x2b7a0`

LsaApCallPackageUntrusted

Ordinal	`8`
Address	`0x2b7f0`

LsaApInitializePackage

Ordinal	`9`
Address	`0x156a0`

LsaApLogonTerminated

Ordinal	`10`
Address	`0x1030`

LsaApLogonUserEx2

Ordinal	`11`
Address	`0x12bf0`

Msv1_0ExportSubAuthenticationRoutine

Ordinal	`12`
Address	`0x32940`

Msv1_0SubAuthenticationPresent

Ordinal	`13`
Address	`0x32a50`

MsvGetLogonAttemptCount

Ordinal	`14`
Address	`0x2f200`

MsvSamLogoff

Ordinal	`15`
Address	`0x2f210`

MsvSamValidate

Ordinal	`16`
Address	`0x2f220`

MsvValidateTarget

Ordinal	`17`
Address	`0x2f620`

SpInstanceInit

Ordinal	`32`
Address	`0x10b00`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78629`
MD5	`a40f12d370d0e25c182739fedf8a4ce3`
SHA1	`4aa8d2357ea5af5ef64c0de7981fdd0e0f57d62a`
SHA256	`5525edcb1c78edf8c786f4cf95c34d67879a819f777fad2549688504239071f3`
SHA3	`1780583be1aa2d42ed17a7f88c6be6dc9c19038b936dfcece5dc73f6a0adbafe`

1 (#2)

Type	`WEVT_TEMPLATE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1822`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66758`
MD5	`18f8a74b5f97884ca70782d4f2ff8206`
SHA1	`22e9732e23e842df9caec0001c0b46b0fdb6cb9e`
SHA256	`10d51e1cdd45ba4568e3e7c2f83a16ae8d69b2dd3e238fa53eb4b9ac0e7a8781`
SHA3	`64791ee265b95d5ac7e375db8ef93c515f044c0ebefce046c4d4eb1532f62683`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51221`
MD5	`ff6e3d87860780d75d73c536cd212a6b`
SHA1	`54130608dde5299e18894f79e53e22749733e2a5`
SHA256	`e9da07ed17eccb45c63a92c3ea922bf6ab00af66077df670c82e4e6f5c11cd26`
SHA3	`3d8fe70581ec8405a6a4695e91b65813fe684edd61e5e22ed460c39e0114cd42`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.10240.16384
ProductVersion	10.0.10240.16384
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Microsoft Authentication Package v1.0
FileVersion (#2)	10.0.10240.16384 (th1.150709-1700)
InternalName	MSV1_0.DLL
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MSV1_0.DLL
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.10240.16384

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2015-Jul-10 03:18:47
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0x4d2d8`
PointerToRawData	`0x4b8d8`
Referenced File	msv1_0.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2015-Jul-10 03:18:47
Version	`0.0`
SizeofData	`1416`
AddressOfRawData	`0x4d310`
PointerToRawData	`0x4b910`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180055010`
GuardCFCheckFunctionPointer	`6442748224`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x1f08ece7`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`54`
242 (40116)	`12`
241 (40116)	`3`
Total imports	`391`
239 (40116)	`9`
238 (40116)	`1`
251 (40116)	`39`
Imports (40116)	`1`
240 (40116)	`1`

Errors

[*] Warning: 14 invalid export(s) not shown.