Manalyze report for 1799854d01a89d141fecc4c4548b01e51fa57118c9b18eac66a752f3bbe98c02

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2018-Apr-19 21:48:06
Debug artifacts	E:\A\_work\2107\s\bin\obj\ref\netstandard\2.0.0.0\netstandard.pdb
Comments	netstandard
CompanyName	Microsoft Corporation
FileDescription	netstandard
FileVersion	`1.0.26419.02`
InternalName	netstandard.dll
LegalCopyright	.NET Foundation and Contributors
OriginalFilename	netstandard.dll
ProductName	MicrosoftÂ® .NET Framework
ProductVersion	`1.0.26419.02 @BuiltBy: dlab-DDVSOWINAGE001 @Branch: HEAD @Commit: 18a36291e48808fa7ef2d00a764ceb1ec95645a5`
Assembly Version	2.0.0.0

Plugin Output

Info	Matching compiler(s):	`.NET DLL -> Microsoft`
Info	Interesting strings found in the binary:	Contains domain names: go.microsoft.com http://go.microsoft.com http://go.microsoft.com/fwlink/?LinkID http://go.microsoft.com/fwlink/?linkid http://schemas.microsoft.com http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod http://schemas.microsoft.com/ws/2008/06/identity/claims/cookiepath http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlywindowsdevicegroup http://schemas.microsoft.com/ws/2008/06/identity/claims/dsa http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration http://schemas.microsoft.com/ws/2008/06/identity/claims/expired http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/ispersistent http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber http://schemas.microsoft.com/ws/2008/06/identity/claims/userdata http://schemas.microsoft.com/ws/2008/06/identity/claims/version http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdeviceclaim http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdevicegroup http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsfqbnversion http://schemas.microsoft.com/ws/2008/06/identity/claims/windowssubauthority http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsuserclaim http://schemas.xmlsoap.org http://schemas.xmlsoap.org/claims/UPN http://schemas.xmlsoap.org/claims/dns http://schemas.xmlsoap.org/ws/2005/05/identity/claims/anonymous http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecision http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/hash http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid http://schemas.xmlsoap.org/ws/2005/05/identity/claims/spn http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/system http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname http://schemas.xmlsoap.org/ws/2009/09/identity/claims/actor http://www.w3.org http://www.w3.org/2000/09/xmldsig#DSAKeyValue http://www.w3.org/2000/09/xmldsig#KeyInfo http://www.w3.org/2000/09/xmldsig#RSAKeyValue http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema#base64Binary http://www.w3.org/2001/XMLSchema#base64Octet http://www.w3.org/2001/XMLSchema#boolean http://www.w3.org/2001/XMLSchema#date http://www.w3.org/2001/XMLSchema#dateTime http://www.w3.org/2001/XMLSchema#double http://www.w3.org/2001/XMLSchema#fqbn http://www.w3.org/2001/XMLSchema#hexBinary http://www.w3.org/2001/XMLSchema#integer http://www.w3.org/2001/XMLSchema#integer32 http://www.w3.org/2001/XMLSchema#integer64 http://www.w3.org/2001/XMLSchema#sid http://www.w3.org/2001/XMLSchema#string http://www.w3.org/2001/XMLSchema#time http://www.w3.org/2001/XMLSchema#uinteger32 http://www.w3.org/2001/XMLSchema#uinteger64 http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/TR/2002/WD-xquery-operators-20020816#dayTimeDuration http://www.w3.org/TR/2002/WD-xquery-operators-20020816#yearMonthDuration microsoft.com schemas.microsoft.com schemas.xmlsoap.org www.w3.org xmlsoap.org
Suspicious	The PE is possibly packed.	`The PE only has 1 import(s).`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA`
Safe	VirusTotal score: 0/71 (Scanned on 2026-05-28 02:00:07)	`All the AVs think this file is safe.`

Hashes

MD5	`ba3408bebbcd7eb67ec979cee7b60498`
SHA1	`2a9110892b7ab0b2eb20cd737414f69d26c77317`
SHA256	`1799854d01a89d141fecc4c4548b01e51fa57118c9b18eac66a752f3bbe98c02`
SHA3	`2d4be24c31ad89921cd2bf84f2aae06b83cf8bccd73c9040dad5e34c9d76908a`
SSDeep	`24576:YJBrYUiTAVnKcdNk4pjkzdLnIHluUXc3QS6BYtJR:y4I1viQS6BYHR`
Imports Hash	`dae02f32a21e03ce65412f6e56942daa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-Apr-19 21:48:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x13da00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0013F8B6 (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x140000`
ImageBase	`0x10000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x144000`
SizeOfHeaders	`0x200`
Checksum	`0x150177`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1c17b5bca1ee67d1f1e2b29e7c97f08c`
SHA1	`4fbfe098820a73e040738d29fb4b9d3aeb025794`
SHA256	`93053c48a6c8577605c2551d4114050dad3274a4d3914ea8c1f8196ff8f02caa`
SHA3	`b6b05caaa14133f0f4a6f2b84c6c727b6ccbf276f38158768ba5e0c3af5f467f`
VirtualSize	`0x13d8bc`
VirtualAddress	`0x2000`
SizeOfRawData	`0x13da00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.52444`

.rsrc

MD5	`14422b49cc88738dfbe9fa1271ef0968`
SHA1	`67856b7f16baf41c11ff03c2319cc00f7f572c05`
SHA256	`acfb56fe967c7992291766c65514209bce6c88d68103cd173071ca9d2c155e93`
SHA3	`bc372b6c7d4f3edcc8fc8541fcf3eb42385d5af1bc4cd4068a55172b4fd95197`
VirtualSize	`0x4a8`
VirtualAddress	`0x140000`
SizeOfRawData	`0x600`
PointerToRawData	`0x13dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.80237`

.reloc

MD5	`fc9b588ea981a7d8691195c85bfaba90`
SHA1	`dd0dc81e55a92c67f14cc092cf459a96bd81e70c`
SHA256	`459f02d2980100822c736dbcf6c77abf4fe65f098b73c8051c8d5901c179b8b4`
SHA3	`2d12f52b65b919d49c9b995221520e19acfce71411be9893bb6a61d02995729c`
VirtualSize	`0xc`
VirtualAddress	`0x142000`
SizeOfRawData	`0x200`
PointerToRawData	`0x13e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorDllMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x44c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52718`
MD5	`ac18d6ddfa6b63acb703c1fd6efcc9e5`
SHA1	`3ec9e1e220db4e27f84957461761529a474b265c`
SHA256	`ee430d1b27d1cf63a37e3c9066c65bea8e4973db3d936976d2de68a68326e712`
SHA3	`a7be2b4b814c723c850ab3b7bd012afe550a15cfb18a65c6e3839f709456f324`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.26419.2
ProductVersion	1.0.26419.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments	netstandard
CompanyName	Microsoft Corporation
FileDescription	netstandard
FileVersion (#2)	1.0.26419.02
InternalName	netstandard.dll
LegalCopyright	.NET Foundation and Contributors
OriginalFilename	netstandard.dll
ProductName	MicrosoftÂ® .NET Framework
ProductVersion (#2)	1.0.26419.02 @BuiltBy: dlab-DDVSOWINAGE001 @Branch: HEAD @Commit: 18a36291e48808fa7ef2d00a764ceb1ec95645a5
Assembly Version	2.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Apr-19 21:48:05
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x13f748`
PointerToRawData	`0x13d948`
Referenced File	E:\A\_work\2107\s\bin\obj\ref\netstandard\2.0.0.0\netstandard.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.