Manalyze report for 128d50b7860bd4191966a08143487e2b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Apr-21 07:42:17
Detected languages	English - United States
Debug artifacts	W:\Work2\Projects_VideoSoftDev\common\ExecuteHelper\x64\Release\ExecuteHelper.pdb

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegDeleteKeyW RegCreateKeyExW RegCloseKey RegSetValueExW`
Info	The PE is digitally signed.	`Signer: FLASH-INTEGRO LLC` `Issuer: Sectigo Public Code Signing CA R36`
Safe	VirusTotal score: 0/72 (Scanned on 2022-11-26 20:23:07)	`All the AVs think this file is safe.`

Hashes

MD5	`128d50b7860bd4191966a08143487e2b`
SHA1	`9d7cc2640d72cfa2926cbf55cc93235e888e39d4`
SHA256	`3d25b5b611bc6cb74399a7b5072fad9303265e98f90cbd21407ee3284e89c8cb`
SHA3	`7de06042ec2cbc3b8aefc675a01ebf66464b8ceed1da80c6d692ba72661380c8`
SSDeep	`3072:SbHfkLeZKf9tKPBTxW3A7y+VcBjNeqZhXi3X+Ad0vS0izlph4QfnmDX:SbHF0VMPBTxW3e3Vieq/XgtJzlH5fnOX`
Imports Hash	`843c1ef141b3ddedf932a8f4f92440d5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2022-Apr-21 07:42:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x20c00`
SizeOfInitializedData	`0x10000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000008BE8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x35000`
SizeOfHeaders	`0x400`
Checksum	`0x3e797`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ded6ba335fb1bc87e475e06b4c89e8f3`
SHA1	`50e5849b62b800190665873ba536d9dfff04ac82`
SHA256	`94c2057b563ec8cde4f2d298db97faaef5c4771efd1c645f54f7be62650849bd`
SHA3	`f5320de3cedc139edebe6a9a896e82e4f6319d8198a7078dfdbb6fd9fb668aa7`
VirtualSize	`0x20b04`
VirtualAddress	`0x1000`
SizeOfRawData	`0x20c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46298`

.rdata

MD5	`6a40f58f83cfe5afb5fc2bc7b302af86`
SHA1	`64860957a93eb2cc891924e44a231d0104b73444`
SHA256	`f2a4d962c0cb0ed34fd5ecd3d303199a5cdf30d0223d253cf4358860af0e51d1`
SHA3	`b57f1468911864a6b728601ddc719f224764ad58661c72e2f54038ce3cdcc171`
VirtualSize	`0xc298`
VirtualAddress	`0x22000`
SizeOfRawData	`0xc400`
PointerToRawData	`0x21000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.05025`

.data

MD5	`0dfd45e4aab9cc97a7dc629a4ef5ba38`
SHA1	`6091387cdf279bd2fafbc7518db25bdbd57425f9`
SHA256	`cd5f57741fc40a374571c40e6ed5f122f1529a5dda8488eb1184e85c2b23536f`
SHA3	`46b210a457e4917ddeb71e629cd118eb6befaa700767cbcb04e84f7d196babe2`
VirtualSize	`0x1fdc`
VirtualAddress	`0x2f000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x2d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.46648`

.pdata

MD5	`d37b0e46348bf335e2d307fcd76853b1`
SHA1	`3c438f4bf48a77254926b50d5c56f0532f8c721f`
SHA256	`df583ce64bc5e84b75dfca668c15b84f30edf459fc673aca3cd573cdba9eb540`
SHA3	`a75943f438c7c3256370a085cdd93dab62a9764502ee312a42c4d269db7a2afb`
VirtualSize	`0x17f4`
VirtualAddress	`0x31000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x2e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.24448`

_RDATA

MD5	`437ce93db503a18e2337fab0072266e0`
SHA1	`e11346272993d1580613a711dc8833a732ac1069`
SHA256	`29513192e3da78c617ee68a7c55288085d15ef8e54ecbdd5ce207e23899b7bf5`
SHA3	`5bd4591089c939c0f7168d8d4195f8f5886ce549a8411913a0195039d9b816d5`
VirtualSize	`0xf4`
VirtualAddress	`0x33000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.00335`

.rsrc

MD5	`1b99276507c6356b24a31f63887375df`
SHA1	`770a7ce5dad244ee5088744680dfadc8e3515886`
SHA256	`fac8960ce1ae094d50138adc8f1db077f911141ed84fd3bc75f0fc12dbd1bc48`
SHA3	`038963f7d33bb638839cb839b8cda22ffe1e50899b98cdcf56c6e97ccf80a72e`
VirtualSize	`0x1e0`
VirtualAddress	`0x34000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2fa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71768`

Imports

KERNEL32.dll	`LoadResource` `LockResource` `SizeofResource` `FindResourceW` `MultiByteToWideChar` `lstrlenW` `FindResourceExW` `GetLastError` `InitializeCriticalSectionEx` `DeleteCriticalSection` `WriteConsoleW` `CreateFileW` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `RaiseException` `HeapDestroy` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `SetFilePointerEx` `GetStringTypeW` `SetStdHandle` `LCMapStringW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `WideCharToMultiByte` `GetCommandLineW` `GetCommandLineA` `IsDebuggerPresent` `OutputDebugStringW` `EnterCriticalSection` `LeaveCriticalSection` `LocalFree` `CloseHandle` `InitializeCriticalSectionAndSpinCount` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `GetModuleHandleW` `GetProcAddress` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcess` `TerminateProcess` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlPcToFileHeader` `RtlUnwindEx` `SetLastError` `EncodePointer` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo`
USER32.dll	`GetDesktopWindow`
ADVAPI32.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegDeleteKeyW` `RegCreateKeyExW` `RegCloseKey` `RegSetValueExW`
SHELL32.dll	`SHGetFolderPathW`
ole32.dll	`CoUninitialize` `OleRun` `CoCreateInstance` `CoInitialize`
OLEAUT32.dll	`VariantClear` `SysFreeString` `SysAllocString` `GetErrorInfo`
SHLWAPI.dll	`PathFileExistsW`
MSVFW32.dll	`ICClose` `ICOpen` `ICSendMessage`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Apr-21 07:42:17
Version	`0.0`
SizeofData	`106`
AddressOfRawData	`0x2b528`
PointerToRawData	`0x2a528`
Referenced File	W:\Work2\Projects_VideoSoftDev\common\ExecuteHelper\x64\Release\ExecuteHelper.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Apr-21 07:42:17
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2b594`
PointerToRawData	`0x2a594`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Apr-21 07:42:17
Version	`0.0`
SizeofData	`988`
AddressOfRawData	`0x2b5a8`
PointerToRawData	`0x2a5a8`

TLS Callbacks

StartAddressOfRawData	`0x14002b9a8`
EndAddressOfRawData	`0x14002b9b0`
AddressOfIndex	`0x14002fd48`
AddressOfCallbacks	`0x140022408`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14002f028`

RICH Header

XOR Key	`0x26844a84`
Unmarked objects	`0`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`146`
C objects (30034)	`17`
ASM objects (30034)	`9`
C++ objects (30034)	`49`
C objects (VS2017 v14.15 compiler 26715)	`11`
Imports (VS2017 v14.15 compiler 26715)	`17`
Total imports	`128`
C++ objects (VS2019 Update 11 (16.11.10) compiler 30140)	`3`
Resource objects (VS2019 Update 11 (16.11.10) compiler 30140)	`1`
Linker (VS2019 Update 11 (16.11.10) compiler 30140)	`1`

128d50b7860bd4191966a08143487e2b

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors