Manalyze report for 13dc47ceae717032cc9ff23d18f98e3b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_EFI_APPLICATION`
Compilation Date	2018-Oct-25 03:09:02
Detected languages	English - United States
Debug artifacts	bootmgfw.pdb
CompanyName	Microsoft Corporation
FileDescription	Boot Manager
FileVersion	`10.0.14393.2608 (rs1_release.181024-1742)`
InternalName	bootmgr.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	bootmgr.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.14393.2608`

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to AES`
Suspicious	The PE is possibly packed.	`Unusual section name found: INITDATA` `The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011`
Safe	VirusTotal score: 0/65 (Scanned on 2019-02-15 22:24:52)	`All the AVs think this file is safe.`

Hashes

MD5	`13dc47ceae717032cc9ff23d18f98e3b`
SHA1	`a38afc49c12fb05cfbd6843b0ecf715b71cfd770`
SHA256	`9a8cdaca53cfe4ac43aa09c32023188ab700605d45f663fe30a0acfd041e4eb0`
SHA3	`940fcca1c09385e6380ba976de95157a7660a80bfcb849f1a4a6f425ce7517a2`
SSDeep	`24576:5oIYQL2r7NwiwsCloJ9DnsLxdzZ7FcggYus2WSrq2An57uv+7:2yMNwiwA7sldzLguPp`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2018-Oct-25 03:09:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x106800`
SizeOfInitializedData	`0x1a800`
SizeOfUninitializedData	`0xe00`
AddressOfEntryPoint	`0x0000000000017800 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`0.0`
ImageVersion	`0.0`
SubsystemVersion	`1.0`
Win32VersionValue	`0`
SizeOfImage	`0x15f000`
SizeOfHeaders	`0x400`
Checksum	`0x128e3b`
Subsystem	`IMAGE_SUBSYSTEM_EFI_APPLICATION`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3628709d906659aa630dbcfdf44d3a5e`
SHA1	`2d7c9f81e99aebe0447f290c32117987549124cb`
SHA256	`efaa46158ad5cb29f67b8ac0e8d1d90499a9f147c95adb4cd8aba0592cf2d06d`
SHA3	`b5241ae339eb89bc37fe1b911b3231eacd3bd984d70a390688d544b508a104ee`
VirtualSize	`0x1067d4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x106800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51353`

INITDATA

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xde4`
VirtualAddress	`0x108000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.data

MD5	`05b5d80c4df56ba53dea325ad9e6bce8`
SHA1	`a3d9d72b2f0375386901cb582812792c7431693a`
SHA256	`065346c947f69ae49fac85050cf2d8e9be9d52006bff799ba9d9e4d61c317e04`
SHA3	`f2e51ab6340129fa6b6b4560fed4d8ffe764d803fe13366506ba1bc8b81a3e53`
VirtualSize	`0x3a9e1`
VirtualAddress	`0x109000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x106c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.9228`

.pdata

MD5	`a1c14929a0835566298b7e46e57b8516`
SHA1	`9cd6e047065f18a92ba30a42aa42c962ac788c1c`
SHA256	`7d89d75dbf69ff87e37aeec14708513ae02993ce2ca414a1c57fe359f8479c32`
SHA3	`76c93ca39345d9b20e21dbc034069129d446fad7a3717963e8254d91e6666b01`
VirtualSize	`0x8634`
VirtualAddress	`0x144000`
SizeOfRawData	`0x8800`
PointerToRawData	`0x107600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.01004`

.gfids

MD5	`be3eccb82bcc94349d4a4e168bfeb36f`
SHA1	`66bc796f78b19125151927247a14446eb8b0df20`
SHA256	`97a1509f4c7c38578a5ccfaa6cc85d7f4d6e20d41345e07f27a892f3d5fb5cf4`
SHA3	`ad573fa7df792f2b22a81adb10f8087770581326021d6e2875096ec866eebeb4`
VirtualSize	`0xb54`
VirtualAddress	`0x14d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x10fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.15781`

.rsrc

MD5	`2498b860a3223e70ee4a7ab6f782f743`
SHA1	`fc427b20c9000b7175bb62fea4e3704c692af85a`
SHA256	`30feb1443d4977c84ba1158a66902100271eac51a2d5faaedb31aaa3a47feab5`
SHA3	`7adc6538e9dd5b77c29502ceae03d5b219dd2f384c80673282e7692bc86fa94f`
VirtualSize	`0xff10`
VirtualAddress	`0x14e000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x110a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.49651`

.reloc

MD5	`2f8ae5149efe62d65154a2161173113a`
SHA1	`b1e7ca1d652e180fd028b25962aa83f13995e01e`
SHA256	`bd735a9665a8809e82f603366aec60d2d56e2d372ce299981581c60e20aa4cf3`
SHA3	`784381cc5c4255e36ff013fa21c0dc6b495d7cbc5a932661c999cdf2b77c6b7e`
VirtualSize	`0x898`
VirtualAddress	`0x15e000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x120a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.09556`

Imports

Delayed Imports

1

Type	`MUI`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63793`
MD5	`1662acef3f323ec6517afcb5dd143fc3`
SHA1	`66b04ef72abe7997e08d407a62c50e95ad2d4c2d`
SHA256	`42e7781f63b683ce65d5134f8b06fe95ec70bd92eb80a8ded5b85d034905a67c`
SHA3	`ca48e0c0375744ba44be52e1271896c6fe37b4fd776c45edbc54953f71dd9bcb`

SECURITYVERSIONNUMBER

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.811278`
MD5	`4352d88a78aa39750bf70cd6f27bcaa5`
SHA1	`3c585604e87f855973731fea83e21fab9392d2fc`
SHA256	`67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450`
SHA3	`295cd1698c6ac5bd804a09e50f19f8549475e52db1c6ebd441ed0c7b256e1ddf`

1 (#2)

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x190`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14752`
MD5	`1d3f4454cecffa70ff65188a33c542f7`
SHA1	`dc1c5095ea731495ea0ac572fd8f6be54c726579`
SHA256	`c8600dc5ed573a39547d11bb82fcd0390dd3d805e23cd11320ede902d146d49b`
SHA3	`3431c8c642c057e608e4abf3b8f886f2d1934dbb7135955f36a07571a1a5f348`

1 (#3)

Type	`RT_MESSAGETABLE`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35693`
MD5	`f1b772c8c11bc175cb6c0daa81adbfd9`
SHA1	`e243d79a8c860e81b4e0cce5d8384698f9599449`
SHA256	`427e46139867a9008684742dc529b13de4995c6696abeeabca8966ae517447b6`
SHA3	`3af76d0c5ee8b007d0a010860b21282702286fa08901c957401e7862e18b6111`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x390`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49967`
MD5	`9d3d6b70d97dd220c5080d5b85b34959`
SHA1	`bbd1dbac792a579401f00f85dd529733666e0825`
SHA256	`d278eee42da7f1aa1623ad6f8b411938952710dc09f59044e0fe25eded0a5931`
SHA3	`6b083fc53dacdb64fffa1902cee456f6526823310f06fae36aa8180c44a52b04`

BOOTMGR.XSL

Type	`RT_HTML`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xc6f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40102`
MD5	`e8f60a73bd13b1913a4416afbcb038bf`
SHA1	`336ccfd1a0475b6b8154066228440b9012f67618`
SHA256	`e94be629cb4d03c3fd0632b2e278df3fdce1b285b5152a7ee116fb75da29a7fa`
SHA3	`be9d30a47f8ac1e130861f45826add493a41685b4419f87b76d965172dcdcdaf`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.14393.2608
ProductVersion	10.0.14393.2608
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Boot Manager
FileVersion (#2)	10.0.14393.2608 (rs1_release.181024-1742)
InternalName	bootmgr.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	bootmgr.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.14393.2608

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Oct-25 03:09:02
Version	`0.0`
SizeofData	`37`
AddressOfRawData	`0x1751c`
PointerToRawData	`0x1691c`
Referenced File	bootmgfw.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Oct-25 03:09:02
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1758c`
PointerToRawData	`0x1698c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Oct-25 03:09:02
Version	`0.0`
SizeofData	`464`
AddressOfRawData	`0x175a0`
PointerToRawData	`0x169a0`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xccb17b1`
Unmarked objects	`0`
C objects (23917)	`41`
C++ objects (23917)	`15`
ASM objects (23917)	`23`
264 (23917)	`452`
Exports (23917)	`1`
Resource objects (23917)	`1`
Linker (23917)	`1`

Errors

[*] Warning: Section INITDATA has a size of 0!