Manalyze report for 0e954887fc791f668ce388f89bc3d6c6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2079-Nov-26 09:41:53
Detected languages	English - United States
Debug artifacts	MicrosoftEdgeCP.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft Edge Content Process
FileVersion	`11.00.18362.1 (WinBuild.160101.0800)`
InternalName	MicrosoftEdgeCP
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MicrosoftEdgeCP.exe
ProductName	Microsoft Edge Web Platform
ProductVersion	`11.00.18362.1`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .didat`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: NtQuerySystemInformation` `Can access the registry: RegEnumKeyExW RegSetValueExW RegQueryValueExW RegOpenKeyExW RegGetValueW RegCloseKey RegCreateKeyExW`
Safe	VirusTotal score: 0/69 (Scanned on 2019-11-16 13:29:05)	`All the AVs think this file is safe.`

Hashes

MD5	`0e954887fc791f668ce388f89bc3d6c6`
SHA1	`ecb05717e416d965255387f4edc196889aa12c67`
SHA256	`ee7174ee353e7d29ce17d29d66411b3623c39d9dec3f439e35af47a7e7a7c895`
SHA3	`16177779d3a5617bfada91ae8a0128e0678ae590c87685839ecbccb0ded139bd`
SSDeep	`1536:nnadCUC/KixG5bPc33lj8yC2aj+7KxxL2/m4nVrs6FhnP8Ru:nndL85gFjt1a6W2/tVg6F5P8Ru`
Imports Hash	`b71e6423a9684187aa4c390fe7976b74`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2079-Nov-26 09:41:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8600`
SizeOfInitializedData	`0xf000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000040A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x1c000`
SizeOfHeaders	`0x400`
Checksum	`0x1e050`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fc0790dbd09e04e99c0b96e346d269c4`
SHA1	`1110bab170e160a16c1c76520b3320080b17a1cf`
SHA256	`7c63a4752eac36a86674e7a44e9a73419f5e7a3e2ab9ad79afb7d69ea349a666`
SHA3	`90a2174a9492893845a3f8e1e75cc013437d6739f217d393c00d0b9122afb22b`
VirtualSize	`0x846a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.04241`

.rdata

MD5	`21d85ff7ff580a1ab73f5a3abc50b054`
SHA1	`c2b5a2c36e1c7d1b50d372bce1fea54f66a69f5f`
SHA256	`99454d2d0e8fefd71b93b0f81972ada363c06f2aded3839d622ccef2c57b4384`
SHA3	`5335373935da8ea27f95bfecde8c0d30cd4ef5c6d2b916fe5cddeb8ec5a6335b`
VirtualSize	`0x5eb8`
VirtualAddress	`0xa000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.53391`

.data

MD5	`b1e4467abec80f83b3eb732b9848559e`
SHA1	`10eb60f3e3ef516c950766cf5e07e560f9e10dfa`
SHA256	`dfc0323d303f793d58742e9e6438151f3202563728a53b2c5c1279effee59d61`
SHA3	`7d256737fd5dbd2375647e0299fd1dd4e5724665fdcd274b36336629843cf60f`
VirtualSize	`0xacd`
VirtualAddress	`0x10000`
SizeOfRawData	`0x400`
PointerToRawData	`0xea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.57851`

.pdata

MD5	`5b1fe821344b0f5e934ea6de16f6d834`
SHA1	`b1b51a441e99c8d63c5ea3ced2c8d9520cbf9565`
SHA256	`fb925a8387bd830eb030f4720b1188274b4fd4eda6bc849eee8baf4ab1d73be3`
SHA3	`5a56d720522b59b04d680acd50ecc3381d629e3f94adb087f55c55ad353bdc12`
VirtualSize	`0x924`
VirtualAddress	`0x11000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.25036`

.didat

MD5	`1fcec23bb7832d66634669217f4b90c3`
SHA1	`de07121f38ba1a73f017532ba44d1c77360d7d6d`
SHA256	`63f69e507266e29bcf107badaafac7b5fd0ece3edd4e65b78bf58c24c84058bd`
SHA3	`893b2d56aacf281009c5e68888369922331a591b71e5d2b14c8b1db13ba39c35`
VirtualSize	`0x58`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xf800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.537466`

.rsrc

MD5	`57b55260ed79492eec4adf444b76973e`
SHA1	`2313b8d89edd1c1933fc53e7d04ee6d06f9eba8e`
SHA256	`9b3f8388eb486f44065f6c94d44b9f2de037ab01aeedd9fda02835cb9b2e9ac2`
SHA3	`8dd75228ec12fc99ecfbc0b82a69c3ab6082408960271629bec519a4e1da176f`
VirtualSize	`0x7498`
VirtualAddress	`0x13000`
SizeOfRawData	`0x7600`
PointerToRawData	`0xfa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.37729`

.reloc

MD5	`367228d643d2c3464f09e7bf2aa0e1e2`
SHA1	`f39f35d1c06402f8728e9ea42ecfb1e7b5e9ceb7`
SHA256	`f664acca35b060c903a462a04feb472725a8b672b8b2cff191fe863a0d6b8310`
SHA3	`12d8a97f0a7f4bcfed7d173fc65976683adf8fdf4e69b682d8f552ad2e6ec9d3`
VirtualSize	`0x114`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x17000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.20508`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm`
api-ms-win-crt-string-l1-1-0.dll	`memset`
api-ms-win-crt-private-l1-1-0.dll	`_o__errno` `_o__exit` `_o__get_wide_winmain_command_line` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__invalid_parameter_noinfo` `_o__invalid_parameter_noinfo_noreturn` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `memmove` `_o__wcsicmp` `_o_exit` `_o_free` `_o_malloc` `_o_terminate` `__C_specific_handler` `_o___stdio_common_vsnprintf_s` `_o__crt_atexit` `_o__configure_wide_argv` `_o___std_exception_destroy` `_o___std_exception_copy` `_o__configthreadlocale` `_o___p__commode` `_o__cexit` `_o__callnewh` `wcschr` `_CxxThrowException` `__CxxFrameHandler3` `memcpy` `_o___stdio_common_vswprintf`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleW` `GetModuleHandleExW` `GetModuleFileNameA` `GetProcAddress`
api-ms-win-core-synch-l1-1-0.dll	`CreateMutexExW` `WaitForSingleObjectEx` `ReleaseMutex` `WaitForSingleObject` `ReleaseSemaphore` `CreateSemaphoreExW` `OpenSemaphoreW`
api-ms-win-core-heap-l1-1-0.dll	`HeapAlloc` `HeapSetInformation` `HeapFree` `GetProcessHeap`
api-ms-win-core-errorhandling-l1-1-0.dll	`SetLastError` `RaiseException` `GetLastError` `SetErrorMode` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter`
api-ms-win-eventing-provider-l1-1-0.dll	`EventWriteTransfer` `EventRegister` `EventSetInformation` `EventUnregister`
api-ms-win-core-processthreads-l1-1-0.dll	`GetCurrentProcessId` `GetCurrentThread` `GetCurrentProcess` `GetStartupInfoW` `GetCurrentThreadId` `TerminateProcess`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW`
api-ms-win-core-winrt-l1-1-0.dll	`RoInitialize` `RoGetActivationFactory` `RoUninitialize`
api-ms-win-core-debug-l1-1-0.dll	`DebugBreak` `OutputDebugStringW` `IsDebuggerPresent`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlLookupFunctionEntry` `RtlCaptureContext` `RtlVirtualUnwind`
api-ms-win-core-processthreads-l1-1-1.dll	`GetProcessMitigationPolicy` `SetProcessMitigationPolicy` `IsProcessorFeaturePresent`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemDirectoryW` `GetSystemTimeAsFileTime`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-com-l1-1-0.dll	`CoGetApartmentType` `CoCreateInstance` `CoInitializeSecurity`
edgeIso.dll	`#224`
msvcp_win.dll	`?_Xlength_error@std@@YAXPEBD@Z`
api-ms-win-core-string-l1-1-0.dll	`WideCharToMultiByte`
api-ms-win-core-processthreads-l1-1-3.dll	`SetThreadDescription`
api-ms-win-core-registry-l1-1-0.dll	`RegEnumKeyExW` `RegSetValueExW` `RegQueryValueExW` `RegOpenKeyExW` `RegGetValueW` `RegCloseKey` `RegCreateKeyExW`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsCreateStringReference`
api-ms-win-core-memory-l1-1-3.dll	`SetProcessValidCallTargets`
ntdll.dll	`NtQuerySystemInformation`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceExecuteOnce`
api-ms-win-core-processthreads-l1-1-2.dll	`SetProtectedPolicy`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
WINTRUST.dll	`WTGetSignatureInfo`
api-ms-win-core-errorhandling-l1-1-2.dll	`RaiseFailFastException`
iertutil.dll (delay-loaded)	`#797` `#124` `#791` `#650` `#870`

Delayed Imports

Attributes	`0x1`
Name	`iertutil.dll`
ModuleHandle	`0x10848`
DelayImportAddressTable	`0x12028`
DelayImportNameTable	`0xe988`
BoundDelayImportTable	`0xe9e0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO

Type	`EDPAUTOPROTECTIONALLOWEDAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09443`
MD5	`43c4cacb4b250346b136dcfaa76e7a60`
SHA1	`63a5547612f5c34f62d86427d331c0bb821f5595`
SHA256	`048c0e2e4cedb901b1fe1c5ed315ea2f20dd0000d84cf5b61ac67765f12b9c38`
SHA3	`7ff69fa4c9a7208e9c2c32fda4cbd929a5d9dbcd6650b80f31aaf5517480e89a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49709`
MD5	`eb0737324ab6df7d6845707aac4271a7`
SHA1	`158b3fd75456206a8abb82b75372789c3c350ea4`
SHA256	`705adcf493c70cf91433dfb03ffb3944281eadeb70864a7d608d4273073fe56f`
SHA3	`e2c3e6b1375b2a8233e853680ec65b4b2497d3715bfd7349861905dcaddfc0ee`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16077`
MD5	`9e183b31a60aacf8f496845f96e6fc9f`
SHA1	`da73c433cf7ca24bd9ed87af8b9d7e019ff33e0c`
SHA256	`678825c6222bf9f946555358f6e93940ef3c390ba4dcf1742b54689aebf4cb2c`
SHA3	`3427829070b60516e2f55113b1998cc94d94a22e403cd73dd8f5153b3c19e3fa`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52214`
MD5	`45fd6da2fdfeee0651c7091eae54b905`
SHA1	`4f8691c8a1477a4f3379a8734a66cab55a32e9cb`
SHA256	`89d90f32f81933e4120b5fe3a22f25ba5eaa4c9cd481f52c45c1cca3d681e80e`
SHA3	`eeef4739ac5d409bbc3c0180f48b4256a3168a2bb2429af2d0de5c2fa5b6b29d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70016`
MD5	`ae5df312045f2de2e3f015c5cc523092`
SHA1	`377b8b15f1b9d9568faf7f5300e532bedc6c5f8f`
SHA256	`f15623d1eeabc62f21c8b0832815c00fbc4243c023f2fb3cc0039697fdf3172e`
SHA3	`10cfa78a0120b05633184b4fd9c3950452b9bad3fa1d9497899cdc2b2be03f3f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97026`
MD5	`87b7c980370a5c3ad93d1689743f2275`
SHA1	`5e16deb4b90b22b59f9fb765bec449e2f4f0ebd5`
SHA256	`9b5486547d8ec59b5d846c0a71099f0ed21d6d94103e8aaec3a8ab2152547f7f`
SHA3	`adc41802eda811559c78c1e0abd381fdfdcf88e7183c1a3bc1a3aca66acbd5e7`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60488`
MD5	`683061b507c5ec060c77564d6fa6d4ff`
SHA1	`319d9ac3fda04f3f96cdd0fc5a8a8d24c26d6d5f`
SHA256	`83dfd0c9d84c628bf83cd5acfeae50a474ef36fb354ed51930d64ef93eb4149a`
SHA3	`38cc66ec6fbd849a4403cd80fa08c81e11bd89d6af503485c81da02150676e08`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.262`
MD5	`be48fb6dde4670555dcfa78c42873e05`
SHA1	`16c15aa2d8561ec162cbb6042de22b22b42f7e2c`
SHA256	`05c7c97d575040fc6df8310b68282902e48d342f5363041fe7bb71d67a647a3b`
SHA3	`f05ce2ff85b01caf7feaf15b6655fc60f520c4ca5801180fa960eaf922d57226`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x116a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75537`
Detected Filetype	PNG graphic file
MD5	`2d51864528e2786d5c438136c7802071`
SHA1	`cddfce6f8b390ec536b33c11cdaa5688e8faecba`
SHA256	`88e1749d529cd5dcd7bd5605f6070314c47a05ec39b7c0923f002d49c3402c6e`
SHA3	`8c57ec1a88bfab813bea83da0774d8880845ebef9d18701c5756bd4ad9fcf81f`

RES_ICO_FRAME

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84132`
Detected Filetype	Icon file
MD5	`e87e4918ba35e41b82e562da2c5ab99e`
SHA1	`4c63886ee8bde7803eb0dcdf0d9e701dc9e05877`
SHA256	`04a8814721ddd65b8d9fc639aeefed378b3b16c3092a7c06a52c1bfd56b56ba9`
SHA3	`9a8614f6e03a5bab74353697070adb53abd9fa4644dac34626e138d82f457baa`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49673`
MD5	`9555e8bad0f7ae40cb3899b22f615031`
SHA1	`edc389b1ff9ef8d67def2568461d08c99e62e979`
SHA256	`cc5182b24ee2bc9851e132586c067697fbf2331d22884e8d46d12f9c96b28789`
SHA3	`0c76c368fd1683c4066200187f1da65b2c16401a3616a28cd2c289a2c2a1afba`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	11.0.18362.1
ProductVersion	11.0.18362.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Microsoft Edge Content Process
FileVersion (#2)	11.00.18362.1 (WinBuild.160101.0800)
InternalName	MicrosoftEdgeCP
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MicrosoftEdgeCP.exe
ProductName	Microsoft Edge Web Platform
ProductVersion (#2)	11.00.18362.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2079-Nov-26 09:41:53
Version	`0.0`
SizeofData	`44`
AddressOfRawData	`0xd718`
PointerToRawData	`0xc118`
Referenced File	MicrosoftEdgeCP.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2079-Nov-26 09:41:53
Version	`0.0`
SizeofData	`1340`
AddressOfRawData	`0xd744`
PointerToRawData	`0xc144`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2079-Nov-26 09:41:53
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0xdc80`
PointerToRawData	`0xc680`

TLS Callbacks

Load Configuration

Size	`0x108`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400101a0`
GuardCFCheckFunctionPointer	`5368752248`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x70b964cc`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`81`
C objects (26715)	`10`
ASM objects (26715)	`3`
C++ objects (26715)	`31`
Total imports	`1192`
Imports (26715)	`6`
270 (26715)	`22`
253 (26715)	`1`
Resource objects (26715)	`1`
Linker (26715)	`1`

0e954887fc791f668ce388f89bc3d6c6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.didat

.rsrc

.reloc

Imports

Delayed Imports

MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO

1

2

3

4

5

6

7

8

9

RES_ICO_FRAME

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors