Manalyze report for 1b3c21ac0771c8a7e71d38b7cf5bf816

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Dec-09 20:12:49
Detected languages	English - United States
Debug artifacts	C:\MeshAgent\MeshAgent\Release\MeshService64.pdb
FileDescription	MeshCentral Background Service Agent
FileVersion	`2022-Dec-2 11:42:16-0800`
LegalCopyright	Apache 2.0 License
ProductName	MeshCentral Agent
ProductVersion	`Commit: 2022-Dec-2 11:42:16-0800`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: alumni.caltech.edu apache.org caltech.edu github.com http://opensource.org http://www.apache.org http://www.apache.org/licenses/LICENSE-2.0 http://www.zlib.net https://github.com meshcentral.com opensource.org swarm.meshcentral.com www.apache.org www.zlib.net`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA LoadLibraryExW` `Can access the registry: RegCreateKeyW RegSetValueExA RegDeleteKeyA RegCloseKey RegOpenKeyExA RegSetValueExW` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW` `Uses Windows's Native API: ntohs ntohl` `Uses Microsoft's cryptographic API: CryptAcquireCertificatePrivateKey CryptMsgClose CryptMsgUpdate CryptExportPublicKeyInfo CryptMsgOpenToEncode CryptSignAndEncodeCertificate CryptMsgGetParam CryptEncodeObject CryptMsgCalculateEncodedLength CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptAcquireContextW CryptReleaseContext CryptDestroyKey` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Uses functions commonly found in keyloggers: CallNextHookEx MapVirtualKeyA GetForegroundWindow` `Leverages the raw socket API to access the Internet: WSACloseEvent htons htonl gethostname ntohs ntohl WSAGetLastError ioctlsocket recv WSASetLastError send getsockname WSASocketW listen closesocket bind accept __WSAFDIsSet setsockopt socket sendto getsockopt recvfrom connect shutdown WSAIoctl GetAddrInfoW WSAResetEvent WSAEventSelect WSAStartup WSACreateEvent WSACleanup FreeAddrInfoW select` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges DuplicateTokenEx CheckTokenMembership` `Interacts with services: OpenServiceA OpenSCManagerA QueryServiceStatus` `Enumerates local disk drives: GetDriveTypeA GetDriveTypeW` `Manipulates other processes: OpenProcess` `Can take screenshots: GetDC BitBlt CreateCompatibleDC` `Interacts with the certificate store: CertAddEncodedCertificateToStore CertAddCertificateContextToStore CertOpenStore` `Can shut the system down or lock the screen: ExitWindowsEx InitiateSystemShutdownA`
Info	The PE is digitally signed.	`Signer: un-configured-6e1b5f` `Issuer: MeshCentralRoot-c567d2`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`1b3c21ac0771c8a7e71d38b7cf5bf816`
SHA1	`9923780cee3f33f611932fa71912acb15fb779a6`
SHA256	`4aa183bebfa76051622aa6a76f6c770bda9d0ffcca1723bcd38c7b09c3b02fd7`
SHA3	`139ed5fce539ab0eb387e1c3cf82f3b8a784bbe976c4d489da3c22ba7ae9bd51`
SSDeep	`49152:JX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QA:JlRsZ47/QXoHUOfAoj1x6A`
Imports Hash	`fb0a8b4a81655f744a37af985e009476`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Dec-09 20:12:49
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x206200`
SizeOfInitializedData	`0x168200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000001D9D8C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x373000`
SizeOfHeaders	`0x400`
Checksum	`0x35568e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`61ef5177eba6130a3fd876ca9c97e395`
SHA1	`4de16c8194e94bedf69ab7cbd528b1c0c6630913`
SHA256	`db5308a4b46fa928d6ac4472b23e3e3dca22a13901cc17c8d6d662585c63f634`
SHA3	`2db0929709b485c0b80eb0de2398fae2060f0eff3cb5cd9ff8524459bde18937`
VirtualSize	`0x2060ca`
VirtualAddress	`0x1000`
SizeOfRawData	`0x206200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45965`

.rdata

MD5	`2a0425dff84a2c6852bf8be4b3576f2f`
SHA1	`1c6daa97807e7746ff9e9802be9607b59c42e189`
SHA256	`cf41cb1e4a103a4c7ad01065cd14a236066ee9c61fa1d68b951502d814f331d1`
SHA3	`06cd5a48b0d805e2318378c080a3fe637b5f87d83fa6cf13ce522a97f949a0fe`
VirtualSize	`0xf5546`
VirtualAddress	`0x208000`
SizeOfRawData	`0xf5600`
PointerToRawData	`0x206600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.44725`

.data

MD5	`a6ac2de61fcdf1e8b1a30c04da1f3109`
SHA1	`bf9ffa66ea3a65cb5bcf79d20373944288c420cf`
SHA256	`8d684a464cbb203921610fd1aa20432cfb5a4f30266af34888c7b9fd7069b241`
SHA3	`935ff563a4b73c2bae36836d1fe5ef7fe95afbc9d95cb3c1d721aca5ab26c009`
VirtualSize	`0x325b8`
VirtualAddress	`0x2fe000`
SizeOfRawData	`0x9c00`
PointerToRawData	`0x2fbc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.67846`

.pdata

MD5	`b2b8cc8dbf57aedafad1b3deff52a6e1`
SHA1	`3a7208352fe7b5d83779b4645600af40f72bccef`
SHA256	`e915eb92161d3a05cafa4b785314f1dd61d62d2b97e60c0347fa7f2475d2e44a`
SHA3	`d87a66488d4db25c4991b0995cb758b825471d43c24868126151d4046ef9a607`
VirtualSize	`0x196c8`
VirtualAddress	`0x331000`
SizeOfRawData	`0x19800`
PointerToRawData	`0x305800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.23683`

.gfids

MD5	`c364119319510ab284dd8c825423e31c`
SHA1	`016f075b11702afd2e03d5502c59e63ceb90e15e`
SHA256	`e657f6bc8c1d29a38123f2f7e2a3953efd8eed4480222f2d729669ffd8dfaff0`
SHA3	`8d0e9a5914898822de621554a9ec3e273ffc5dfaaff5242d1878b2a8cf894dc3`
VirtualSize	`0xc4`
VirtualAddress	`0x34b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x31f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.91969`

.rsrc

MD5	`de38e270229029b66bd311aed0cbdc73`
SHA1	`bfde6f45a25a3b3557cb3cedfea58a5831c5dd32`
SHA256	`5eb91aa711a5ee96eab1dd57cb1961847d39eb80374864b2c99cd46306dcda96`
SHA3	`38e07f79541e87ced345ce330260282dbc436099aef413289ff443fbb56159cb`
VirtualSize	`0x21fa0`
VirtualAddress	`0x34c000`
SizeOfRawData	`0x22000`
PointerToRawData	`0x31f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.02622`

.reloc

MD5	`4453da810a515f399600807f085992b1`
SHA1	`1233194429bf5387f6a6a9a97ff7eed2628043de`
SHA256	`413983a300ae7182455f6b6854180fa4f3898e5dc8da718cc1c10015979f791c`
SHA3	`457cd9b8771a29cce363b7cdd186ef6ee83e459bd110b30b70c885609cdbf8d5`
VirtualSize	`0x4b8c`
VirtualAddress	`0x36e000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x341200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45316`

Imports

COMCTL32.dll	`InitCommonControlsEx`
dbghelp.dll	`SymInitialize` `SymGetModuleBase64` `SymGetLineFromAddr64` `SymFunctionTableAccess64` `SymFromAddr` `StackWalk64` `MiniDumpWriteDump`
IPHLPAPI.DLL	`GetAdaptersAddresses` `SendARP` `ConvertLengthToIpv4Mask` `GetAdaptersInfo`
WS2_32.dll	`WSACloseEvent` `htons` `htonl` `gethostname` `ntohs` `ntohl` `WSAGetLastError` `ioctlsocket` `recv` `WSASetLastError` `send` `getsockname` `WSASocketW` `listen` `closesocket` `bind` `accept` `__WSAFDIsSet` `setsockopt` `socket` `sendto` `getsockopt` `recvfrom` `connect` `shutdown` `WSAIoctl` `GetAddrInfoW` `WSAResetEvent` `WSAEventSelect` `WSAStartup` `WSACreateEvent` `WSACleanup` `FreeAddrInfoW` `select`
CRYPT32.dll	`CertFindCertificateInStore` `CertDuplicateCertificateContext` `CertDeleteCertificateFromStore` `CryptAcquireCertificatePrivateKey` `CertAddEncodedCertificateToStore` `CryptMsgClose` `CryptMsgUpdate` `CryptExportPublicKeyInfo` `CertCreateSelfSignCertificate` `CertFreeCertificateContext` `CryptMsgOpenToEncode` `CertAddCertificateContextToStore` `PFXExportCertStore` `CryptSignAndEncodeCertificate` `CertCloseStore` `CertStrToNameA` `CryptMsgGetParam` `CryptEncodeObject` `CertSetCertificateContextProperty` `CertGetCertificateContextProperty` `CryptMsgCalculateEncodedLength` `CertOpenStore` `CertStrToNameW` `CertEnumCertificatesInStore`
gdiplus.dll	`GdipGetImageEncoders` `GdiplusShutdown` `GdipCloneImage` `GdipAlloc` `GdipDisposeImage` `GdipFree` `GdipGetImageEncodersSize` `GdipLoadImageFromStream` `GdipSaveImageToStream` `GdiplusStartup`
ncrypt.dll	`NCryptCreatePersistedKey` `NCryptFreeObject` `NCryptSetProperty` `BCryptCloseAlgorithmProvider` `BCryptGenRandom` `NCryptOpenStorageProvider` `BCryptOpenAlgorithmProvider` `NCryptFinalizeKey`
KERNEL32.dll	`InitializeSListHead` `GetStartupInfoW` `RtlUnwindEx` `GetFullPathNameW` `GetStdHandle` `WriteFile` `LoadLibraryExA` `GetModuleFileNameW` `GetSystemPowerStatus` `OpenProcess` `MultiByteToWideChar` `Sleep` `GetLastError` `CloseHandle` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `GetProcAddress` `SetEnvironmentVariableA` `CreateProcessW` `FreeLibrary` `WideCharToMultiByte` `GetCurrentThreadId` `GetModuleHandleA` `WaitForSingleObjectEx` `CreateThread` `QueueUserAPC` `OpenThread` `ReadFile` `LoadLibraryA` `SleepEx` `SetSystemPowerState` `GetCurrentProcess` `SetThreadExecutionState` `HeapFree` `HeapAlloc` `GetProcessHeap` `SystemTimeToFileTime` `GetSystemTime` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `QueryPerformanceCounter` `ReleaseSemaphore` `WaitForSingleObject` `CreateSemaphoreA` `CancelIo` `FindFirstFileW` `FindNextFileW` `RemoveDirectoryW` `GetFinalPathNameByHandleW` `GetDriveTypeA` `SetFilePointer` `FindFirstVolumeA` `FindClose` `CreateFileW` `GetVolumePathNamesForVolumeNameA` `GetFileAttributesExW` `ReadDirectoryChangesW` `FindNextVolumeA` `FindVolumeClose` `GetDiskFreeSpaceExA` `CreateEventA` `GetModuleHandleExA` `WaitForMultipleObjectsEx` `CreateNamedPipeA` `DisconnectNamedPipe` `CreateFileA` `CancelIoEx` `LocalFree` `ConnectNamedPipe` `SetConsoleMode` `GetConsoleMode` `SetConsoleOutputCP` `IsDebuggerPresent` `TerminateProcess` `GetTempPathW` `CancelSynchronousIo` `SetEvent` `ResetEvent` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `CopyFileW` `RtlCaptureContext` `SuspendThread` `ResumeThread` `DuplicateHandle` `GetTickCount64` `GetCurrentThread` `GetOverlappedResult` `GetThreadContext` `WTSGetActiveConsoleSessionId` `GetExitCodeProcess` `SetEndOfFile` `DeleteFileW` `SetFilePointerEx` `SetConsoleCtrlHandler` `FreeConsole` `LoadLibraryExW` `SetLastError` `GetFileType` `GetModuleHandleW` `SwitchToFiber` `DeleteFiber` `CreateFiber` `GetSystemTimeAsFileTime` `ConvertFiberToThread` `ConvertThreadToFiber` `GetEnvironmentVariableW` `ReadConsoleA` `ReadConsoleW` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `ExitProcess` `GetModuleHandleExW` `CreateDirectoryW` `GetConsoleCP` `MoveFileExW` `SetEnvironmentVariableW` `GetTimeZoneInformation` `SetStdHandle` `GetDriveTypeW` `PeekNamedPipe` `GetCommandLineA` `GetCommandLineW` `GetACP` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetStringTypeW` `HeapReAlloc` `FlushFileBuffers` `WriteConsoleW` `GetCPInfo` `FindFirstFileExW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlLookupFunctionEntry` `GetThreadId` `RtlVirtualUnwind` `IsValidCodePage` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `RaiseException` `HeapSize` `RtlPcToFileHeader` `QueryPerformanceFrequency` `EncodePointer`
USER32.dll	`EndDialog` `SetWindowTextW` `GetWindowPlacement` `ShowWindow` `GetDlgCtrlID` `SetWindowPlacement` `SetWindowTextA` `IsDlgButtonChecked` `GetDlgItem` `CheckDlgButton` `DialogBoxParamW` `EnableWindow` `MessageBeep` `ExitWindowsEx` `GetUserObjectInformationA` `EnumDisplayMonitors` `GetSystemMetrics` `SetThreadDesktop` `GetThreadDesktop` `CloseDesktop` `BlockInput` `GetMonitorInfoA` `OpenInputDesktop` `GetKeyState` `GetMessageA` `GetMessageExtraInfo` `SendMessageW` `LoadCursorA` `DestroyWindow` `GetDC` `PostMessageA` `GetIconInfo` `CallNextHookEx` `GetCursorInfo` `SetWindowsHookExA` `MapVirtualKeyA` `GetForegroundWindow` `UnhookWindowsHookEx` `DefWindowProcA` `CreateWindowExA` `TranslateMessage` `UnregisterClassA` `DrawIconEx` `SetWinEventHook` `RegisterClassExA` `UnhookWinEvent` `SetForegroundWindow` `ReleaseDC` `SendInput` `SetProcessDPIAware` `MessageBoxW` `GetUserObjectInformationW` `GetProcessWindowStation` `DispatchMessageA` `CreateWindowExW` `GetWindowRect`
GDI32.dll	`SetBkMode` `SetBkColor` `CreateSolidBrush` `BitBlt` `StretchBlt` `DeleteDC` `SetStretchBltMode` `CreateCompatibleBitmap` `GetObjectA` `SelectObject` `CreateCompatibleDC` `GetDIBits` `DeleteObject` `SetTextColor` `GetStockObject`
ADVAPI32.dll	`CloseServiceHandle` `AllocateAndInitializeSid` `CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `CryptCreateHash` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptAcquireContextW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `StartServiceCtrlDispatcherA` `RegCreateKeyW` `RegSetValueExA` `RegDeleteKeyA` `RegCloseKey` `RegOpenKeyExA` `OpenProcessToken` `InitiateSystemShutdownA` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `CryptReleaseContext` `RegSetValueExW` `CryptDestroyKey` `InitializeSecurityDescriptor` `SetEntriesInAclA` `SetSecurityDescriptorDacl` `DuplicateTokenEx` `CreateProcessAsUserW` `SetTokenInformation` `OpenServiceA` `CheckTokenMembership` `FreeSid` `RegisterServiceCtrlHandlerExA` `OpenSCManagerA` `SetServiceStatus` `QueryServiceStatus`
SHELL32.dll	`ShellExecuteExW`
ole32.dll	`CoInitializeEx` `CreateStreamOnHGlobal` `CoUninitialize`

Delayed Imports

103

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

111

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

108

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d4e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02969`
MD5	`fbea7bd8f964843026170092c46166c5`
SHA1	`a7b4b4aff0fe2a2600ce351aabbf1f06a3ba6081`
SHA256	`8186d5bfc6ffd913de46849fcd30af2450197f033b014081f0766a5af9d6fc00`
SHA3	`90694d80f1feb093862b8e01f13b0fc09d22074db44936683ed7a322df28e3bf`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00712`
MD5	`5f0695c678bef5499bb5ec4f9db13776`
SHA1	`5d1495cc292b8e100dbbed75f0a409f45f99ba3f`
SHA256	`79910f03fd95b85e967ab66e19f32236e48de2bf575973836cc5e77522f3c80e`
SHA3	`e52fd9947ceb8f2606cf18d906940a3d035953d4165305ba77cac7729c8603dd`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49455`
MD5	`a49ab999acb6dd89c03842de46e5d61f`
SHA1	`1383a3c5af3366bd1882440c40fd56b514b15aee`
SHA256	`f4a66649f464900adb21c521cceeb12a1407ad9a98d6a43ca9b34e3a5951fd90`
SHA3	`e49e01760746de0f108799a9d2bdbf1b5f7d8552309089246b86f4cea005f4d6`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33196`
MD5	`4f1b463e8801a5bfcde7b809db0b27b8`
SHA1	`8ab4fcefdd8c0ae5da28ffda5f84a900bf94982e`
SHA256	`544ff916efbd39d8fc9df1012940eeb4bf9dd60130da3b722c6c6da85e37a196`
SHA3	`3ad97dcf0e520169d9edf8d839852606e2bf029eedeb8872d02e7c51a8105d51`

103 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28483`
MD5	`b3a306d4cb3f9c86e4cb4730c1e1fdce`
SHA1	`9b181e6646100b4279b047399d99e9d4008221ed`
SHA256	`997d4cb0e49965e35d4011681f1c424252b46e6f7d98df67aa939bb266b33d7a`
SHA3	`0a761e2e50c78be59142efcaf3c3af3572a4cffc926e7e877ad1b609595bdbeb`

111 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19863`
MD5	`cd062dd2f21924b1b7ae0999e17e77f7`
SHA1	`d968393e50a86ff688998de858bf42fc2247282c`
SHA256	`e7acc6716fff9783e38b2fda08d47d9fbd5080e586ceb74d895b23ffc662de99`
SHA3	`609fb19d573f5197ba021da9b5a42f26380b476d0de8fff4c2e1df371dc6f45d`

113

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45849`
Detected Filetype	Icon file
MD5	`1ec6a7b3300970378c29695a6cc13d36`
SHA1	`99ce74251d19d800608e30bed6e0d793931da56e`
SHA256	`77a1efb6136f52dd2372987b13bf486aa75baeacb93bad009aa3e284c57b8694`
SHA3	`7a94ba315b3ab461cec9dad3048599d32b0e597047f9655159bd6dfdc694e4a3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x29c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37092`
MD5	`cd97d9cc10ef0f4fc7c0ac364897d3a3`
SHA1	`12e8f3374fd80ef4675313371233847f02a59533`
SHA256	`5c8e5ca6549fe8aa7f3f9fb6b4eb96124035b998a2b903c5c92f751722fc2cde`
SHA3	`110ff556f13af6a3d3453e2230fd87c29fd10e978332029de1cc256f1b3fb345`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x32a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13808`
MD5	`49313f90a913af591a096a14f9b6076f`
SHA1	`e12e40e226f7be9600745b9c234af1b2f04297d2`
SHA256	`953fed19953e6a62dc14313af29bc22a8ed10edca835f944b0fadd00e316802d`
SHA3	`40438553c09909e0d51a024cf281d6d17fa8945c6e5a0ec9446bc6aea0addc6b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	MeshCentral Background Service Agent
FileVersion (#2)	2022-Dec-2 11:42:16-0800
LegalCopyright	Apache 2.0 License
ProductName	MeshCentral Agent
ProductVersion (#2)	Commit: 2022-Dec-2 11:42:16-0800

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Dec-09 20:12:49
Version	`0.0`
SizeofData	`73`
AddressOfRawData	`0x2e58cc`
PointerToRawData	`0x2e3ecc`
Referenced File	C:\MeshAgent\MeshAgent\Release\MeshService64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Dec-09 20:12:49
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2e5918`
PointerToRawData	`0x2e3f18`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Dec-09 20:12:49
Version	`0.0`
SizeofData	`776`
AddressOfRawData	`0x2e592c`
PointerToRawData	`0x2e3f2c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-Dec-09 20:12:49
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140301ed0`

RICH Header

XOR Key	`0xce077f6f`
Unmarked objects	`0`
241 (40116)	`20`
243 (40116)	`176`
242 (40116)	`38`
199 (41118)	`1`
ASM objects (VS2015 UPD3 build 24123)	`10`
C++ objects (VS2015 UPD3 build 24123)	`33`
C objects (VS2015 UPD3 build 24123)	`25`
C objects (VS2015 UPD3.1 build 24215)	`496`
209 (65501)	`1`
208 (65501)	`1`
Imports (65501)	`29`
Total imports	`398`
C objects (LTCG) (VS2015 UPD3.1 build 24215)	`53`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

Errors

[*] Warning: [plugin_authenticode] Hashing algorithm 2.16.840.1.101.3.4.2.2 is not supported.