1177bbf7bd66c6bba5dec2321b911ea2

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2016-Jun-10 01:12:36
Detected languages English - United States
Debug artifacts InstallUtil.pdb
CompanyName Microsoft Corporation
FileDescription .NET Framework installation utility
FileVersion 4.6.1586.0 built by: NETFXREL2
InternalName InstallUtil.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename InstallUtil.exe
ProductName Microsoft® .NET Framework
ProductVersion 4.6.1586.0
Comments Flavor=Retail
PrivateBuild DDBLD400

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info The PE is digitally signed. Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA
Safe VirusTotal score: 0/66 (Scanned on 2018-03-30 21:39:21) All the AVs think this file is safe.

Hashes

MD5 1177bbf7bd66c6bba5dec2321b911ea2
SHA1 3ab5cdeb62646e29c3bf388a8f75c78948c129cb
SHA256 4cdb61db32fbde586986927a9092b8306ee6f271fab4a1379275297b20029ae0
SHA3 4ad13fbed43c391265906ec901f3a1bd597b8f628747989d55d998ec85cce70a
SSDeep 384:9/xHdGK81tLhBLVKS7xdgX2KJ9Yl6dnPU3SERztmbqCJstdMardz/JikPZ+bPZCf:THj81t/0qdcN6Iq8/P/m/iHEBWoD5
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2016-Jun-10 01:12:36
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x5400
SizeOfInitializedData 0xc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00007222 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x200
Checksum 0x17c92
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3ff37280d58bb5e34f940bc14903b1e0
SHA1 d47b1983182ff8a27400a41056074e2e3b971539
SHA256 e013c8dae28181f7fc8f6ab5deff58799fb75327b59a72154e8f910f1438ab90
SHA3 ebd75ded38e0f1ea381e2b2f888e871029ed8b6ae42d87bc00d9de09a00610b3
VirtualSize 0x5228
VirtualAddress 0x2000
SizeOfRawData 0x5400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.89151

.rsrc

MD5 e0227c8942c1485018e473724b401afe
SHA1 3b6ab1c5fc697ac41fb6f1a5b74e1d0c0cb55426
SHA256 5b63f04b35e31e5a03ab2c449953b761952504877abd7aa9e593f43099a2a6da
SHA3 450d888d7a3a0ce622436cee760e86a91c87bef218f93a0477e2fd52f28d68e3
VirtualSize 0x918
VirtualAddress 0x8000
SizeOfRawData 0xa00
PointerToRawData 0x5600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.53174

.reloc

MD5 7a78378a454ad15f9cd4704ef545ecbc
SHA1 10dea7e22d3c0e6510094aea669b80e3805cb038
SHA256 7c210214a1fba54c21fab0a46695731f255df96e2198e4e42b5a8a3ebddb2ddf
SHA3 f21ac3013845dc46401a0b45b78a60dfef7d16780e485f7337670de3442f389d
VirtualSize 0xc
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x6000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x3fc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.49847
MD5 4175d3fc3c476da8a9a6b3577e0c90d0
SHA1 622141e6dcf0a8250a9c0c30fed35cfc8752ba63
SHA256 23a97793b9cb3b84fa2e0d220f702a260d0252f878a54af7193e870248a1defc
SHA3 06f7923ef326a9859c09e26b8884ee4176b85ce53380ba760cd424aa3a24397c

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x476
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.2084
MD5 6a63ae8c8bfc80499eed3fc3e811b39f
SHA1 32e3a61362179bbd7f52c741fc551e4f16e6cc20
SHA256 e6e2e7b937ccd740179ea744aa172a1033bc3724dc949fdfa58a26cc71682d00
SHA3 55c945d2ac881c4871147ae541917092acc5ec4e2ba479ae0cc94b21267d8dd6

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.6.1586.0
ProductVersion 4.0.30319.0
FileFlags VS_FF_PRIVATEBUILD
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription .NET Framework installation utility
FileVersion (#2) 4.6.1586.0 built by: NETFXREL2
InternalName InstallUtil.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename InstallUtil.exe
ProductName Microsoft® .NET Framework
ProductVersion (#2) 4.6.1586.0
Comments Flavor=Retail
PrivateBuild DDBLD400
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2016-Jun-10 01:12:36
Version 0.0
SizeofData 40
AddressOfRawData 0x70b4
PointerToRawData 0x52b4
Referenced File InstallUtil.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->