Manalyze report for 0e642f44a66a824348b4f5e72caf949b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Feb-17 10:52:31
Detected languages	Chinese - PRC English - United States
Debug artifacts	D:\Jenkins\.jenkins\workspace\master_lu\diagnosetools\tcp_connecter\Release\Diagnose.pdb
FileDescription	问题验证
FileVersion	`5.1022.1000.217`
InternalName	Diagnose.tpi
LegalCopyright	版权所有(C)2008-2022
OriginalFilename	Diagnose.tpi
ProductName	问题验证
ProductVersion	`5.1022.1000.217`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: taskmgr.exe` Contains domain names: ali-dl.fireemulator.com ali-dl.qiyujiasu.com ali-file-shc.shanhutech.cn ali.conchdesktop.com api.conchdesktop.com apil.3zwx.cn birdpaper.cn cdn-ali-dl.fireemulator.com cdn-ali-dl.qiyujiasu.com cdn-ali-file-shc.shanhutech.cn cdn-ali.conchdesktop.com cdn-file.iquicksee.com cdn-file.ludashi.com cdn-file.taojike.com.cn conchdesktop.com coupon996.com diagnosis.ludashi.com dl.fireemulator.com dl.qiyujiasu.com file-shc.shanhutech.cn file.iquicksee.com file.ludashi.com file.pdfxd.com file.taojike.com.cn fireemulator.com http://api.conchdesktop.com http://api.conchdesktop.com/api/service/cfg.php?from http://apil.3zwx.cn http://apil.3zwx.cn/api/service/cfg.php?from http://cdn-ali-dl.fireemulator.com http://cdn-ali-dl.fireemulator.com/cms/project_37/cfg_center/mod_list.js http://cdn-ali-dl.qiyujiasu.com http://cdn-ali-dl.qiyujiasu.com/cms/project_37/cfg_center/mod_list.js http://cdn-ali-file-shc.shanhutech.cn http://cdn-ali-file-shc.shanhutech.cn/cms/project_20/cfg_center/mod_list.js http://cdn-ali.conchdesktop.com http://cdn-ali.conchdesktop.com/cms/project_54/cfg_center/mod_list.js http://cdn-file.iquicksee.com http://cdn-file.iquicksee.com/cms/project_94/cfg_center/mod_list.js http://cdn-file.ludashi.com http://cdn-file.ludashi.com/cms/project_16/cfg_center/mod_list.js http://cdn-file.ludashi.com/cms/project_21/cfg_center/mod_list.js http://cdn-file.ludashi.com/cms/project_24/cfg_center/mod_list.js http://cdn-file.ludashi.com/cms/project_40/cfg_center/mod_list.js http://cdn-file.taojike.com.cn http://cdn-file.taojike.com.cn/cms/project_70/cfg_center/mod_list.js http://intf-pc.conchdesktop.com http://intf-pc.conchdesktop.com/cfg/desktop_detail.php http://intf-pc.fireemulator.com http://intf-pc.fireemulator.com/cfg/mikan_detail.php http://intf-pc.iquicksee.com http://intf-pc.iquicksee.com/cfg/kantu_detail.php http://intf-pc.ludashi.com http://intf-pc.ludashi.com/cfg/coupon_detail.php http://intf-pc.ludashi.com/cfg/detail.php http://intf-pc.ludashi.com/cfg/mgame_detail.php http://intf-pc.ludashi.com/cfg/xiaolu_detail.php http://intf-pc.pdfxd.com http://intf-pc.pdfxd.com/cfg/pdf_detail.php http://intf-pc.qiyujiasu.com http://intf-pc.qiyujiasu.com/cfg/detail.php http://intf-pc.shanhutech.cn http://intf-pc.shanhutech.cn/cfg/bizhi_detail.php http://intf-pc.taojike.com.cn http://intf-pc.taojike.com.cn/cfg/jikewan_detail.php http://l.public.3zwx.cn http://l.public.3zwx.cn/pc/updata/dump http://l.public.conchdesktop.com http://l.public.conchdesktop.com/pc/updata/dump http://l.public.fireemulator.com http://l.public.fireemulator.com/pc/updata/dump http://l.public.iquicksee.com http://l.public.iquicksee.com/pc/updata/dump http://l.public.ludashi.com http://l.public.ludashi.com/pc/updata/dump http://pdf-file.pdfxd.com http://pdf-file.pdfxd.com/lds/cms/project_16/cfg_center/mod_list.js http://s.3zwx.cn http://s.3zwx.cn/browser?pid http://s.birdpaper.cn http://s.birdpaper.cn/bizhi?pid http://s.conchdesktop.com http://s.conchdesktop.com/desktop?pid http://s.coupon996.com http://s.coupon996.com/couponmaster?pid http://s.fireemulator.com http://s.fireemulator.com/apkmagicemu?pid http://s.fireemulator.com/mikan?pid http://s.iquicksee.com http://s.iquicksee.com/quicksee?pid http://s.ludashi.com http://s.ludashi.com/ent?pid http://s.ludashi.com/mgame?pid http://s.ludashi.com/url2?pid http://s.ludashi.com/url3?pid http://s.ludashi.com/url4?pid http://s.pdfxd.com http://s.pdfxd.com/pdf?pid http://s.qiyujiasu.com http://s.qiyujiasu.com/nssgame?pid http://s.taojike.com.cn http://s.taojike.com.cn/jikewan?pid http://ss.shanhutech.cn http://ss.shanhutech.cn/bizhi?pid http://update.fireemulator.com http://update.fireemulator.com/api/service/cfg.php?from http://update.iquicksee.com http://update.iquicksee.com/api/service/cfg.php?from http://update.qiyujiasu.com http://update.qiyujiasu.com/api/service/cfg.php?from http://update.taojike.com.cn http://update.taojike.com.cn/api/service/cfg.php?from http://www.ludashi.com http://www.ludashi.com/api/service/cfg.php?from http://www1.shanhutech.cn http://www1.shanhutech.cn/api/service/cfg.php?from https://diagnosis.ludashi.com https://diagnosis.ludashi.com/api/ws/connection intf-pc.conchdesktop.com intf-pc.fireemulator.com intf-pc.iquicksee.com intf-pc.ludashi.com intf-pc.pdfxd.com intf-pc.qiyujiasu.com intf-pc.shanhutech.cn intf-pc.taojike.com.cn iquicksee.com l.public.3zwx.cn l.public.conchdesktop.com l.public.fireemulator.com l.public.iquicksee.com l.public.ludashi.com ludashi.com openssl.org pc.conchdesktop.com pc.fireemulator.com pc.iquicksee.com pc.ludashi.com pc.pdfxd.com pc.qiyujiasu.com pc.shanhutech.cn pc.taojike.com.cn pdf-file.pdfxd.com pdfxd.com public.3zwx.cn public.conchdesktop.com public.fireemulator.com public.iquicksee.com public.ludashi.com qiyujiasu.com s.3zwx.cn s.birdpaper.cn s.conchdesktop.com s.coupon996.com s.fireemulator.com s.iquicksee.com s.ludashi.com s.pdfxd.com s.qiyujiasu.com s.taojike.com.cn shanhutech.cn shc.shanhutech.cn ss.shanhutech.cn taojike.com.cn update.fireemulator.com update.iquicksee.com update.qiyujiasu.com update.taojike.com.cn www.ludashi.com www1.shanhutech.cn
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to Blowfish`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryExA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegOpenKeyExA RegEnumKeyExA RegQueryValueExW RegSetValueExW RegQueryInfoKeyW RegOpenKeyExW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegCloseKey RegQueryValueExA SHGetValueW SHGetValueA` `Has Internet access capabilities: InternetGetConnectedState URLDownloadToCacheFileW URLDownloadToFileW` `Functions related to the privilege level: OpenProcessToken`
Info	The PE is digitally signed.	`Signer: Chengdu Qilu Technology Co. Ltd.` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Suspicious	VirusTotal score: 1/68 (Scanned on 2022-03-28 14:24:28)	`ESET-NOD32: a variant of Win32/Qihoo360.O potentially unwanted`

Hashes

MD5	`0e642f44a66a824348b4f5e72caf949b`
SHA1	`cca7a13c94a1ed60213b39079ca297d9b1e37d5b`
SHA256	`d176f1198da33ddf806fdbf4f09c3920ca964bd7d32bc88aa31e5a7fb67cf9ef`
SHA3	`f8d86c93e6b0f8d844653192903225b04c77a2e862ca75cfe3e6b4e9fcf265ae`
SSDeep	`12288:C31xV+CEr7Rf4aVa5frL02u/rPNisfzc+ze59e0:C3vwZ5wab2GrPNBf4se5o`
Imports Hash	`7e9a91bd275660e12d2ecaa67d58b5b3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2022-Feb-17 10:52:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5b200`
SizeOfInitializedData	`0x2fa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000154CD (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5d000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x8e000`
SizeOfHeaders	`0x400`
Checksum	`0x9a474`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`02c3b775e17e565d8609820149094531`
SHA1	`a37cba93585a300582a234c5a23b3d1056928a72`
SHA256	`4255ffc0967f42ce4ab3328c6f4aac094361428a10b35a51b2fb85b7d11272bb`
SHA3	`54d8b41e214f0df91eb9aa0fea8db65cc35303a3ed61ff2fc9a25a5033fba6ac`
VirtualSize	`0x5b15c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5b200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.65543`

.rdata

MD5	`7d634f21aebd53db8e729cce3476400a`
SHA1	`3fe3572a88d71e7bde711718889959236e6ed123`
SHA256	`a065018a7c7c5d04dbe46a0707ef464417db0202eedcf724677a1d49e7595122`
SHA3	`b7c90be1a04284f6a7daa110a5106c5aad35be956c4f4536e90524bacea478bf`
VirtualSize	`0x25c46`
VirtualAddress	`0x5d000`
SizeOfRawData	`0x25e00`
PointerToRawData	`0x5b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.90503`

.data

MD5	`efaf14820889903824acae66545b6f64`
SHA1	`23f2ba3218a884e51ec436463301a41bdc04428c`
SHA256	`152fe73ac25baecd50a03f3b2275fbedd0e1e67aa9ebcec916b456c7d555360d`
SHA3	`c12e23fc22500367a36d380a7babe1ac2d759df56a47b995fa165739fc427077`
VirtualSize	`0x49c0`
VirtualAddress	`0x83000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x81400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.13094`

.rsrc

MD5	`ba40fca832d783e41b6dcb26e71143af`
SHA1	`fcf99ac7f1fe348a7011a6a67b2c123d29d3f116`
SHA256	`eeef50aa9f81d97402c56dcdfc59e2351ce9c8c2fd35b95018139403f6ac5391`
SHA3	`cf296d664ff2cd3607c497430919c7137e1d0e072c772b8c55081b5b0b883d03`
VirtualSize	`0x4a8`
VirtualAddress	`0x88000`
SizeOfRawData	`0x600`
PointerToRawData	`0x84400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.68339`

.reloc

MD5	`034638f8a035cd2b2157b6ccc52e8a46`
SHA1	`040008b6741b7017abf71b2df9152f77148bdccd`
SHA256	`1bf9552b9c55fa806a5dbe4c34525324533dee0de325363dbdbb39191091f585`
SHA3	`6a5d9a7be6295a2cc2f0e5f5db28bea7f9d6b10ccaade886ca288c4b7d8d1dbd`
VirtualSize	`0x4aac`
VirtualAddress	`0x89000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x84a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59471`

Imports

KERNEL32.dll	`lstrcmpiW` `CreateEventW` `LoadLibraryExW` `GetModuleFileNameW` `GetModuleHandleW` `DeleteFileW` `CreateMutexW` `GetPrivateProfileIntW` `SetEvent` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `SetLastError` `GetCurrentThreadId` `GetProcAddress` `FreeLibrary` `InterlockedDecrement` `InterlockedIncrement` `MultiByteToWideChar` `FindResourceExW` `FindResourceW` `CreateFileA` `GetSystemDirectoryW` `lstrcmpiA` `lstrcmpA` `DeviceIoControl` `CloseHandle` `SizeofResource` `LoadResource` `WaitForSingleObject` `GetExitCodeProcess` `LockResource` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `GetLastError` `GetSystemWindowsDirectoryW` `FreeResource` `Sleep` `InterlockedCompareExchange` `WriteConsoleW` `ReadConsoleW` `SetEndOfFile` `SetStdHandle` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `RaiseException` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `GetOEMCP` `IsValidCodePage` `FindNextFileA` `FindFirstFileExA` `FindClose` `EnumSystemLocalesW` `HeapDestroy` `DecodePointer` `IsDebuggerPresent` `OutputDebugStringW` `EncodePointer` `InitializeSListHead` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `GetCurrentProcess` `FlushInstructionCache` `IsProcessorFeaturePresent` `VirtualAlloc` `VirtualFree` `LoadLibraryExA` `WideCharToMultiByte` `GetStringTypeW` `FormatMessageW` `SwitchToThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetTickCount` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetCPInfo` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `LoadLibraryW` `GetVersionExW` `ReadFile` `CreateFileW` `LocalFree` `ReleaseMutex` `WritePrivateProfileStringW` `WriteFile` `FlushFileBuffers` `WaitForMultipleObjects` `RtlUnwind` `InterlockedFlushSList` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetModuleFileNameA` `GetFileType` `SetFilePointerEx` `GetConsoleCP` `GetConsoleMode` `GetTimeZoneInformation` `GetACP` `GetStdHandle` `IsValidLocale` `GetUserDefaultLCID`
USER32.dll	`PostQuitMessage` `LoadCursorW` `SetWindowLongW` `CharNextW` `DestroyWindow` `IsWindow` `CreateWindowExW` `GetClassInfoExW` `RegisterClassExW` `PostMessageW` `PeekMessageW` `DispatchMessageW` `TranslateMessage` `GetMessageW` `UnregisterClassW` `CallWindowProcW` `SetTimer` `wsprintfW` `DefWindowProcW` `GetWindowLongW`
ADVAPI32.dll	`RegOpenKeyExA` `RegEnumKeyExA` `GetTokenInformation` `OpenProcessToken` `RegQueryValueExW` `RegSetValueExW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegEnumKeyExW` `RegDeleteValueW` `RegDeleteKeyW` `RegCreateKeyExW` `RegCloseKey` `RegQueryValueExA`
SHELL32.dll	`#165` `SHGetSpecialFolderPathW` `SHCreateDirectoryExW` `ShellExecuteExW`
ole32.dll	`CoTaskMemAlloc` `CoCreateInstance` `CoTaskMemFree` `CoTaskMemRealloc` `CoInitialize` `CoCreateGuid`
OLEAUT32.dll	`VarUI4FromStr`
SHLWAPI.dll	`PathAppendW` `PathRemoveFileSpecW` `SHGetValueW` `PathCombineW` `StrStrIW` `StrStrIA` `SHGetValueA` `PathFileExistsW` `StrCmpIW` `StrCmpNIW` `StrTrimA` `SHSetValueA`
CRYPT32.dll	`CertGetNameStringW`
WINTRUST.dll	`WTHelperProvDataFromStateData` `WinVerifyTrust`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
WININET.dll	`InternetGetConnectedState`
IPHLPAPI.DLL	`GetAdaptersInfo`
urlmon.dll	`URLDownloadToCacheFileW` `URLDownloadToFileW`

Delayed Imports

CreateTrayClient

Ordinal	`1`
Address	`0x3650`

1

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.625`
MD5	`f06c210dec966a5463692ce7bceb9d99`
SHA1	`2e2a9ec00f49dd0b50000682b31119ebf8a97e8d`
SHA256	`d074e8ec4375ae4ad68e7af68fe1bdd940652d4c42ec07484cc5a327adf0900e`
SHA3	`e3d88298b97cfedbebb52ef255351f8f5af5746f62b30eb6e30754c74bf4f0d7`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.1022.1000.217
ProductVersion	5.1022.1000.217
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
FileDescription	问题验证
FileVersion (#2)	5.1022.1000.217
InternalName	Diagnose.tpi
LegalCopyright	版权所有(C)2008-2022
OriginalFilename	Diagnose.tpi
ProductName	问题验证
ProductVersion (#2)	5.1022.1000.217

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Feb-17 10:52:31
Version	`0.0`
SizeofData	`113`
AddressOfRawData	`0x7d654`
PointerToRawData	`0x7bc54`
Referenced File	D:\Jenkins\.jenkins\workspace\master_lu\diagnosetools\tcp_connecter\Release\Diagnose.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Feb-17 10:52:31
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x7d6c8`
PointerToRawData	`0x7bcc8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Feb-17 10:52:31
Version	`0.0`
SizeofData	`924`
AddressOfRawData	`0x7d6dc`
PointerToRawData	`0x7bcdc`

TLS Callbacks

StartAddressOfRawData	`0x1007da88`
EndAddressOfRawData	`0x1007da90`
AddressOfIndex	`0x100879ac`
AddressOfCallbacks	`0x1005d3cc`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10083190`
SEHandlerTable	`0x1007d310`
SEHandlerCount	`209`

RICH Header

XOR Key	`0x34819bc4`
Unmarked objects	`0`
C objects (LTCG) (VS2017 v15.9.12-13 compiler 27031)	`2`
Unmarked objects (#2)	`1`
C++ objects (VS2017 v15.7.5 compiler 26433)	`10`
241 (40116)	`17`
243 (40116)	`157`
242 (40116)	`30`
C++ objects (VS2017 v15.9.14-15 compiler 27032)	`6`
ASM objects (VS 2015/2017 runtime 26706)	`25`
C objects (VS 2015/2017 runtime 26706)	`33`
C++ objects (VS 2015/2017 runtime 26706)	`64`
C objects (VS2008 SP1 build 30729)	`2`
Imports (VS2008 SP1 build 30729)	`27`
Total imports	`235`
C++ objects (VS2017 v15.9.12-13 compiler 27031)	`24`
Exports (VS2017 v15.9.12-13 compiler 27031)	`1`
Resource objects (VS2017 v15.9.12-13 compiler 27031)	`1`
151	`1`
Linker (VS2017 v15.9.12-13 compiler 27031)	`1`

0e642f44a66a824348b4f5e72caf949b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

CreateTrayClient

1

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors