Manalyze report for 102f6069c9d69ff8ee404dc06c9cca6283c88c4a5705130964738cc2287b6e4e

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Mar-11 18:15:57
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	D:\Jenkins\workspace\N_CLSEngine-vs2022\bin\x64\Release\MBAMCore.pdb
CompanyName	Malwarebytes
FileDescription	Classification Engine Implementation
FileVersion	`3.1.0.214`
InternalName	MBAMCore.dll
LegalCopyright	(C) Malwarebytes. All rights reserved.
OriginalFilename	MBAMCore.dll
ProductName	Malwarebytes
ProductVersion	`3.1.0.214`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: RUNDLL32.EXE` `Tries to detect virtualized environments: Hardware\Description\System` `Looks for VMWare presence: VMWare VMware` `May have dropper capabilities: %AllUsersProfile% %TEMP% CURRENTCONTROLSET\SERVICES CurrentControlSet\Services CurrentVersion\Run Programs\Startup` `Accesses the WMI: ROOT\CIMV2` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: Exploit exploit` Contains domain names: 100-downloads.com brothersoft.com download.cnet.com download.com downloadcrew.com downloads.com downloads.zdnet.com filecluster.com filehippo.com filehorse.com fileour.com filepuma.com fosshub.com freedownloadcenter.com freewarefiles.com fullpcsoftware.com gomlab.com http://upx.sf.net http://www.oberhumer.com informer.com links.malwarebytes.com majorgeeks.com malwarebytes.com malwarebytes.org microsoft.com ninite.com nirsoft.net oberhumer.com snapfiles.com soft32.com softexia.org softonic.com softpedia.com software.informer.com sourceforge.net upx.sf.net videolan.org www.fosshub.com www.malwarebytes.org www.oberhumer.com www.soft32.com zdnet.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryA GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: RegUnLoadKeyW RegSetValueExW RegSaveKeyW RegRestoreKeyW RegLoadAppKeyW RegLoadKeyW RegEnumValueW RegEnumKeyW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegQueryValueExA RegOpenKeyExA RegQueryValueExW RegQueryInfoKeyW RegOpenKeyExW RegEnumKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW` Uses Microsoft's cryptographic API: CryptMsgClose CryptQueryObject CryptMsgGetParam CryptDecodeObjectEx CryptDecodeObject CryptAcquireContextW CryptReleaseContext CryptGetHashParam CryptEnumProvidersW CryptSignHashW CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptAcquireContextA CryptGenRandom CryptDestroyHash CryptHashData CryptCreateHash CryptCATCatalogInfoFromContext CryptCATAdminReleaseContext CryptCATAdminEnumCatalogFromHash CryptCATAdminCalcHashFromFileHandle CryptCATAdminReleaseCatalogContext CryptCATAdminAcquireContext `Can create temporary files: GetTempPathW CreateFileW` `Leverages the raw socket API to access the Internet: getservbyport sendto inet_ntoa inet_addr htons WSAGetLastError gethostbyname select ntohs recvfrom getsockopt getsockname ioctlsocket WSACleanup htonl getpeername shutdown socket setsockopt connect closesocket WSAStartup send recv WSASetLastError gethostbyaddr getservbyname` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Enumerates local disk drives: GetLogicalDriveStringsW GetDriveTypeW` `Manipulates other processes: OpenProcess ReadProcessMemory` `Changes object ACLs: SetSecurityInfo SetNamedSecurityInfoW` `Queries user information on remote machines: NetWkstaGetInfo` `Interacts with the certificate store: CertOpenSystemStoreW CertOpenStore`
Info	The PE is digitally signed.	`Signer: Malwarebytes Inc` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/71 (Scanned on 2026-03-19 13:17:22)	`All the AVs think this file is safe.`

Hashes

MD5	`850226b3fb571cde819d6fd88b072194`
SHA1	`115757ea7c034e959c41da7cc6c6b2ad4d1a57f7`
SHA256	`102f6069c9d69ff8ee404dc06c9cca6283c88c4a5705130964738cc2287b6e4e`
SHA3	`976974c3b14e85534e3af8d8b50b7c8812c350d87d5fcb0d258f3129ed0d3fa7`
SSDeep	`49152:V+oPoWueaSmIkvCShbgjylhLeHYIHP8R9Nzu+ZAGHIBj97YRdmIW2uDve91fSaw:do9IkqhelhycNM4dBuDvPusU+u7R2Qd`
Imports Hash	`51941ea1b115582c6a1087448867afa9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2026-Mar-11 18:15:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x4a6200`
SizeOfInitializedData	`0x3cb200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000003DE2F8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x876000`
SizeOfHeaders	`0x400`
Checksum	`0x888df2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`75348c94cbfc3d537176b8785c03c80d`
SHA1	`639cdd1f3fc1a001b029076127afa514ad8e34c1`
SHA256	`8980ee59afe458ce18016f715db94a3a4b9a7e0b957a75a684253ae9eec60a42`
SHA3	`4e73830fcc1f1bd7d47dd4cb2d112ddfeef932db049da53a7bf5507401651562`
VirtualSize	`0x4a619c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4a6200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47701`

.rdata

MD5	`03a05e2bbe40058379ccd41499e72b01`
SHA1	`a92e8130d87a5b0870313d8efb348dda89f1cb46`
SHA256	`0ec7ac23d6ee52fdaa355a0987ab5aad65a8e660ec7cfeeaf3db37875b0873a5`
SHA3	`a53de2d9e213e9f25928b85df7b4f45e467f10b0c49456fa3ff29664cc4795d7`
VirtualSize	`0x1efe50`
VirtualAddress	`0x4a8000`
SizeOfRawData	`0x1f0000`
PointerToRawData	`0x4a6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.34576`

.data

MD5	`66a3dd07fd9a6b2db581ad59c791027c`
SHA1	`2f738b5647a0875bd22728b74281859dc835a7d9`
SHA256	`5dff69e0c3cdece70cbe2df41d7d61df4cb8acce549e8c4e7e6ca918a2462df8`
SHA3	`a7cf230e9b67a27e7fa9cba7737c1272ce9333c518271788b29d678f312eedd8`
VirtualSize	`0x4d23c`
VirtualAddress	`0x698000`
SizeOfRawData	`0x3ea00`
PointerToRawData	`0x696600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.57559`

.pdata

MD5	`e17fd2242df557b083a14695f30e7434`
SHA1	`0c7fa56f19eca43c9f4c5a3e97a6854e4b8ba2ae`
SHA256	`0d5a3f7360cdcd233b767ad7dcf62fc5d35bacb7267f6372a9fa7feb140339b9`
SHA3	`e4bc63028d7c8a25f44f7586149508333d311586a8229ee020b27490e3536de6`
VirtualSize	`0x35a18`
VirtualAddress	`0x6e6000`
SizeOfRawData	`0x35c00`
PointerToRawData	`0x6d5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.3729`

_RDATA

MD5	`0ace417993b2a0fe37c84c6e5380af0d`
SHA1	`2b12aa7c9ef0d02bbf627a40dbd821c1918adcc9`
SHA256	`252f63fc09015852ae9f8a3c2d4e0fb3cf42a312f9fbe9ad1017ada94643a0a9`
SHA3	`1c4552f9c6434da3ca91818dea2a7d6fec302809487de89d15e91ffa35ba2207`
VirtualSize	`0x1f4`
VirtualAddress	`0x71c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x70ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.20569`

.rsrc

MD5	`479fc78d98184fc9805502e4b2c7764f`
SHA1	`78b2d7a1821e723d06e092a078f00097cbaf840f`
SHA256	`3ce99695a0c12ec8e5e7d6213d3f58b2abe9fbabb77877a1471085b0cf487103`
SHA3	`acc0b3c10c8fa1a0da082550400c15043e568f7fb270af29ed7d24007a141c4b`
VirtualSize	`0x1477e8`
VirtualAddress	`0x71d000`
SizeOfRawData	`0x147800`
PointerToRawData	`0x70ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.69929`

.reloc

MD5	`9769c0f967bacae7343099d80b57b823`
SHA1	`b4a58fca311231bcd3d7240a6c84ccfd172bff7b`
SHA256	`7d13f14025226cc68e94f0e63ffb5437d54011086a584d49a7913535f8e63d2a`
SHA3	`140e9dc5e1fede8568de2b870dc557aa78e3bd6b9f8a430ecdd69ffa438e7cba`
VirtualSize	`0x10654`
VirtualAddress	`0x865000`
SizeOfRawData	`0x10800`
PointerToRawData	`0x852600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44925`

Imports

sfc.dll	`SfcIsFileProtected`
CRYPT32.dll	`CertFreeCertificateChain` `CertGetCertificateChain` `CertDuplicateCertificateContext` `CryptMsgClose` `CryptQueryObject` `CryptMsgGetParam` `CertOpenSystemStoreW` `CertEnumCertificatesInStore` `CertGetCertificateContextProperty` `CertCloseStore` `CertOpenStore` `CertFreeCertificateContext` `CertFindCertificateInStore` `CryptDecodeObjectEx` `CryptDecodeObject` `CertGetNameStringW`
IPHLPAPI.DLL	`GetAdaptersInfo`
WS2_32.dll	`getservbyport` `sendto` `inet_ntoa` `inet_addr` `htons` `WSAGetLastError` `gethostbyname` `select` `ntohs` `recvfrom` `getsockopt` `getsockname` `ioctlsocket` `WSACleanup` `htonl` `getpeername` `shutdown` `socket` `setsockopt` `connect` `closesocket` `WSAStartup` `send` `recv` `WSASetLastError` `gethostbyaddr` `getservbyname`
MPR.dll	`WNetGetConnectionW`
KERNEL32.dll	`GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `GetStdHandle` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `GetConsoleMode` `GetTempPathW` `GetModuleHandleA` `OpenThread` `GetSystemDirectoryW` `GetWindowsDirectoryW` `GetLongPathNameW` `GetSystemFirmwareTable` `IsWow64Process` `GetNativeSystemInfo` `GetSystemInfo` `HeapFree` `CreateToolhelp32Snapshot` `Module32FirstW` `GetLogicalDriveStringsW` `QueryDosDeviceW` `CreateProcessW` `LoadLibraryW` `GetProcessHeap` `HeapAlloc` `GetTickCount` `GetSystemTime` `FileTimeToSystemTime` `GetTimeZoneInformation` `FlushFileBuffers` `SetFileAttributesW` `SetEndOfFile` `DeleteFileW` `GlobalAlloc` `GlobalFree` `VirtualQueryEx` `GetVersionExW` `InitializeCriticalSectionEx` `DecodePointer` `LocalAlloc` `RemoveDirectoryW` `GetDriveTypeW` `GetLogicalDrives` `GetSystemWindowsDirectoryW` `lstrcmpA` `GetCurrentDirectoryW` `InitializeCriticalSectionAndSpinCount` `GetExitCodeThread` `CreateMutexW` `WaitForMultipleObjects` `GetStartupInfoW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `CreateFileMappingW` `InitializeSRWLock` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `AcquireSRWLockExclusive` `AcquireSRWLockShared` `VerSetConditionMask` `GetFileType` `GetSystemDirectoryA` `FormatMessageA` `GetACP` `ReleaseSemaphore` `CreateSemaphoreA` `SetConsoleMode` `ReadConsoleA` `ReadConsoleW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `IsValidCodePage` `HeapSize` `HeapReAlloc` `CreateThread` `WideCharToMultiByte` `MultiByteToWideChar` `CopyFileW` `LoadLibraryA` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `FreeLibrary` `SetLastError` `GetFileSizeEx` `GetFileAttributesW` `CreateDirectoryW` `CreateHardLinkW` `MoveFileExW` `VirtualFree` `VirtualAlloc` `GetThreadId` `ResumeThread` `GetExitCodeProcess` `CreateEventW` `WaitForSingleObject` `DeleteCriticalSection` `InitializeCriticalSection` `WriteFile` `SetFilePointerEx` `SetFilePointer` `ReadFile` `GetFileSize` `FindNextFileW` `FindFirstFileW` `FindClose` `GetFinalPathNameByHandleW` `OpenFileById` `DeviceIoControl` `GetFileAttributesExW` `GetFileInformationByHandle` `GetCurrentProcess` `TerminateProcess` `RaiseException` `GetLastError` `GetCurrentThread` `SetThreadPriority` `ResetEvent` `SetEvent` `CompareFileTime` `CloseHandle` `GetFileTime` `CreateFileW` `GetSystemTimeAsFileTime` `LockResource` `SizeofResource` `LoadResource` `FindResourceW` `Sleep` `SwitchToThread` `LeaveCriticalSection` `EnterCriticalSection` `FindFirstFileExW` `FreeEnvironmentStringsW` `GetBinaryTypeW` `QueryPerformanceFrequency` `QueryPerformanceCounter` `SystemTimeToFileTime` `WriteConsoleW` `GetLocalTime` `GetCurrentThreadId` `GetCurrentProcessId` `GetFullPathNameW` `FormatMessageW` `LocalFree` `VerifyVersionInfoW` `OutputDebugStringW` `ExpandEnvironmentStringsW` `VirtualQuery` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `FlsFree` `FlsSetValue` `FlsGetValue` `EncodePointer` `LCMapStringEx` `CompareStringEx` `GetCPInfo` `SetFileInformationByHandle` `WTSGetActiveConsoleSessionId` `OpenProcess` `FlsAlloc` `GetConsoleOutputCP` `FreeLibraryAndExitThread` `ExitThread` `SetStdHandle` `SetConsoleCtrlHandler` `GetModuleHandleExW` `ExitProcess` `SystemTimeToTzSpecificLocalTime` `PeekNamedPipe` `LoadLibraryExW` `InterlockedFlushSList` `InterlockedPushEntrySList` `RtlPcToFileHeader` `RtlUnwind` `RtlUnwindEx` `InitializeSListHead` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `ReadProcessMemory` `RtlCaptureContext` `SleepConditionVariableSRW` `WakeAllConditionVariable` `TryAcquireSRWLockExclusive` `ReleaseMutex` `GetStringTypeW`
USER32.dll	`GetUserObjectInformationW` `MessageBoxW` `LoadStringW` `GetProcessWindowStation` `CharUpperW`
ADVAPI32.dll	`GetTokenInformation` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `CryptAcquireContextW` `CryptReleaseContext` `CryptGetHashParam` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `CryptEnumProvidersW` `CryptSignHashW` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptDestroyKey` `CryptAcquireContextA` `CreateWellKnownSid` `GetSidSubAuthority` `GetSidSubAuthorityCount` `AreAllAccessesGranted` `MapGenericMask` `ConvertStringSidToSidW` `ConvertSidToStringSidW` `RegUnLoadKeyW` `RegSetValueExW` `RegSaveKeyW` `RegRestoreKeyW` `RegLoadAppKeyW` `RegLoadKeyW` `RegEnumValueW` `RegEnumKeyW` `RegDeleteValueW` `RegDeleteKeyW` `RegCreateKeyExW` `TreeSetNamedSecurityInfoW` `SetSecurityInfo` `GetSecurityInfo` `SetNamedSecurityInfoW` `GetNamedSecurityInfoW` `SetEntriesInAclW` `DeleteAce` `GetExplicitEntriesFromAclW` `LsaNtStatusToWinError` `IsTextUnicode` `OpenThreadToken` `CryptGenRandom` `RegQueryValueExA` `RegOpenKeyExA` `RegQueryValueExW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegEnumKeyExW` `RegCloseKey` `SaferComputeTokenFromLevel` `SaferCloseLevel` `SaferCreateLevel` `SetTokenInformation` `GetLengthSid` `FreeSid` `EqualSid` `CreateRestrictedToken` `AllocateAndInitializeSid` `CreateProcessAsUserW` `CryptDestroyHash` `CryptHashData` `CryptCreateHash` `OpenProcessToken`
SHELL32.dll	`SHGetFolderPathW` `SHGetKnownFolderPath`
ole32.dll	`CoSetProxyBlanket` `CoInitializeEx` `CoUninitialize` `CoCreateInstance` `CoInitializeSecurity` `CoTaskMemFree`
OLEAUT32.dll	`VariantInit` `SysFreeString` `SysAllocString` `VariantClear` `SysStringLen`
WINTRUST.dll	`WTHelperGetProvSignerFromChain` `CryptCATCatalogInfoFromContext` `CryptCATAdminReleaseContext` `CryptCATAdminEnumCatalogFromHash` `WinVerifyTrust` `CryptCATAdminCalcHashFromFileHandle` `CryptCATAdminReleaseCatalogContext` `WTHelperProvDataFromStateData` `WTHelperGetProvCertFromChain` `CryptCATAdminAcquireContext`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
WTSAPI32.dll	`WTSQueryUserToken` `WTSEnumerateSessionsW` `WTSFreeMemory` `WTSQuerySessionInformationW`
imagehlp.dll	`UnDecorateSymbolName`
RPCRT4.dll	`RpcStringFreeW` `UuidToStringW`
PSAPI.DLL	`GetProcessImageFileNameW`
NETAPI32.dll	`NetApiBufferFree` `NetWkstaGetInfo`
AUTHZ.dll	`AuthzAccessCheck` `AuthzInitializeContextFromSid` `AuthzFreeContext` `AuthzFreeResourceManager` `AuthzInitializeResourceManager`
bcrypt.dll	`BCryptDestroyKey` `BCryptCreateHash` `BCryptVerifySignature` `BCryptOpenAlgorithmProvider` `BCryptFinishHash` `BCryptCloseAlgorithmProvider` `BCryptDestroyHash` `BCryptImportKeyPair` `BCryptHashData` `BCryptGetProperty`

Delayed Imports

MBAMClearEngineCaches

Ordinal	`1`
Address	`0x435990`

MBAMCoreClassifyObject

Ordinal	`2`
Address	`0x436b90`

MBAMCoreInitialize

Ordinal	`3`
Address	`0x436e00`

MBAMCoreSetLogCallback

Ordinal	`4`
Address	`0x438be0`

MBAMCoreSetMaxLogLevel

Ordinal	`5`
Address	`0x438bb0`

MBAMCoreShutdown

Ordinal	`6`
Address	`0x436d80`

MBAMFileSystemPathCreatedNotification

Ordinal	`7`
Address	`0x435ca0`

MBAMGetCoreEngineVersion

Ordinal	`8`
Address	`0x436660`

MBAMGetDDSSdkVersion

Ordinal	`9`
Address	`0x4369c0`

MBAMGetDDSSigFileVersion

Ordinal	`10`
Address	`0x436850`

MBAMGetRuleDetails

Ordinal	`11`
Address	`0x435d80`

MBAMInvalidateCacheEntry

Ordinal	`12`
Address	`0x4359f0`

MBAMIsProcessADSWhitelisted

Ordinal	`13`
Address	`0x435b30`

MBAMRefreshSystemPaths

Ordinal	`14`
Address	`0x435880`

MBAMSetDDSAggressiveMode

Ordinal	`15`
Address	`0x436270`

MBAMSetDDSGWClassification

Ordinal	`16`
Address	`0x4361e0`

MBAMSetDDSIGFiltersPathAdd

Ordinal	`17`
Address	`0x435710`

MBAMSetDDSIGFiltersPathEnabled

Ordinal	`18`
Address	`0x4355c0`

MBAMSetDDSIGFiltersPathRemove

Ordinal	`19`
Address	`0x435620`

MBAMSetDDSIGSilentMode

Ordinal	`20`
Address	`0x436360`

MBAMSetDisableDDSRescanWithAME

Ordinal	`21`
Address	`0x435ad0`

MBAMSetDotNetParsingEnabled

Ordinal	`22`
Address	`0x435920`

MBAMSetExclusionCheckCallback

Ordinal	`23`
Address	`0x435d10`

MBAMSetExpandedPathsCallback

Ordinal	`24`
Address	`0x436310`

MBAMSetForceIGFilterOverrideValues

Ordinal	`25`
Address	`0x435800`

MBAMSetGetRegistryStringValueCallback

Ordinal	`26`
Address	`0x436060`

MBAMSetIGFiltersOverride

Ordinal	`27`
Address	`0x436140`

MBAMSetLicenseEntitlementFeatures

Ordinal	`28`
Address	`0x436670`

MBAMSetLicenseState

Ordinal	`29`
Address	`0x4363c0`

MBAMSetProductDetails

Ordinal	`30`
Address	`0x436410`

MBAMSetShurikenAggressiveMode

Ordinal	`31`
Address	`0x436b30`

MBAMSetTestingMode

Ordinal	`32`
Address	`0x4360b0`

8

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.25444`
MD5	`245e21e2b9eaa2eed5342c91c2a75b1f`
SHA1	`1800a7ae39df0f4cc01dc425d1a24a9658ed0789`
SHA256	`219fd1b4888a812db5b41efa8a04bae720ad6b5b1f550491c9b12d1d57d7bfb6`
SHA3	`dff21806717a00e807a270c2063a74add43d658415402ecb346cbd334ed9d784`

110

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x33a83`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.54041`
MD5	`c3ac5413157a38346556b3d90b8ac12a`
SHA1	`27bc76d946c2484627426fc86d77568b493e67b0`
SHA256	`0ba65ee8f6b713cbf70670ba1010dbf56984f45077f94934237a28c343e252ce`
SHA3	`e171025c50eb77a74f26edb26e4f4ca1baad1cbd5f5c30a43d91428dc9050d52`

111

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x33a83`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.54041`
MD5	`c3ac5413157a38346556b3d90b8ac12a`
SHA1	`27bc76d946c2484627426fc86d77568b493e67b0`
SHA256	`0ba65ee8f6b713cbf70670ba1010dbf56984f45077f94934237a28c343e252ce`
SHA3	`e171025c50eb77a74f26edb26e4f4ca1baad1cbd5f5c30a43d91428dc9050d52`

112

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6fe1c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22496`
MD5	`0f03588378d0186d860df1eac7e0efc6`
SHA1	`35409660583a7edd790dc66811902bacb5003a25`
SHA256	`0998d3e695f4bdecdce49ac5ccfa089c5305705b80bdfd208663abcd8d0e8249`
SHA3	`907f323f3336f618e561681114734154b91b6b94b6c889f7705395b750f4ad12`

113

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6fe1c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22496`
MD5	`0f03588378d0186d860df1eac7e0efc6`
SHA1	`35409660583a7edd790dc66811902bacb5003a25`
SHA256	`0998d3e695f4bdecdce49ac5ccfa089c5305705b80bdfd208663abcd8d0e8249`
SHA3	`907f323f3336f618e561681114734154b91b6b94b6c889f7705395b750f4ad12`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38734`
MD5	`1277b320825e91295acb40ee6680af38`
SHA1	`85d8824537ac94a493800ae036748096cdeb2d40`
SHA256	`64d37012ae041d7a067469c46ac82b5f3b645b461b4f3e92becab70367afe830`
SHA3	`70a76f4b93d9a685802fd73f024eaedf76d8eaf4a9df71ec840f5bb3a6886cb4`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

String Table contents

1
1
0
1
0
0

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.1.0.214
ProductVersion	3.1.0.214
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Malwarebytes
FileDescription	Classification Engine Implementation
FileVersion (#2)	3.1.0.214
InternalName	MBAMCore.dll
LegalCopyright	(C) Malwarebytes. All rights reserved.
OriginalFilename	MBAMCore.dll
ProductName	Malwarebytes
ProductVersion (#2)	3.1.0.214

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Mar-11 18:15:57
Version	`0.0`
SizeofData	`93`
AddressOfRawData	`0x6479ac`
PointerToRawData	`0x645fac`
Referenced File	D:\Jenkins\workspace\N_CLSEngine-vs2022\bin\x64\Release\MBAMCore.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Mar-11 18:15:57
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x647a0c`
PointerToRawData	`0x64600c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Mar-11 18:15:57
Version	`0.0`
SizeofData	`1064`
AddressOfRawData	`0x647a20`
PointerToRawData	`0x646020`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Mar-11 18:15:57
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x180647e90`
EndAddressOfRawData	`0x180648a10`
AddressOfIndex	`0x1806dd430`
AddressOfCallbacks	`0x1804a9b80`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001803DE7C0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18069bc80`

RICH Header

XOR Key	`0x5e453e63`
Unmarked objects	`0`
C++ objects (30795)	`212`
Unmarked objects (#2)	`1`
253 (VS 2015-2022 runtime 33030)	`10`
C objects (VS 2015-2022 runtime 33030)	`16`
ASM objects (VS 2015-2022 runtime 33030)	`16`
C++ objects (VS 2015-2022 runtime 33030)	`104`
ASM objects (30795)	`13`
C objects (30795)	`38`
C objects (33134)	`848`
C++ objects (33134)	`86`
ASM objects (VS2022 Update 8 (17.8.3) compiler 33133)	`1`
Total imports	`483`
Imports (30795)	`43`
C++ objects (VS2022 Update 8 (17.8.3) compiler 33133)	`16`
C++ objects (LTCG) (33134)	`301`
Exports (33134)	`1`
Resource objects (33134)	`1`
151	`1`
Linker (33134)	`1`

Errors

Leave a comment

No comments yet.