Manalyze report for 2211a82d996183a61f95b5c05e2fa6e85e1b6cf5ffe9ca371974c563fa6e2703

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-06 10:05:52
Debug artifacts	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
CompanyName	LAND3 Simulations
FileDescription	vRAAS
FileVersion	`1.2.19.0`
InternalName	vRAAS.dll
LegalCopyright
OriginalFilename	vRAAS.dll
ProductName	vRAAS
ProductVersion	`1.2.19+dda05dc9a5276884e8dc52bf5ab657a31f90fb4f`
Assembly Version	1.2.19.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: go.microsoft.com https://aka.ms https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid microsoft.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegOpenKeyExW RegGetValueW RegCloseKey` `Possibly launches other programs: ShellExecuteW`
Info	The PE is digitally signed.	`Signer: Axel Reinemuth` `Issuer: Certum Code Signing 2021 CA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`65aac6d2e59c4e48f102a79eaffb86ed`
SHA1	`600b46030706078df338613a1b5839ac9b628567`
SHA256	`2211a82d996183a61f95b5c05e2fa6e85e1b6cf5ffe9ca371974c563fa6e2703`
SHA3	`1fb158663b780ea0e82b828fd29d698205f18b003c3711ec743a1c3555835b4c`
SSDeep	`6144:h6ok83LlMvvNIgdVpcmE7XSXdmfvEZ3mhh:h3LlAFVpcmE7XSXdmnEZ3mL`
Imports Hash	`bb3ac2c21e02c68abcad237dc3fa6d00`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Dec-06 10:05:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x16400`
SizeOfInitializedData	`0x31e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000011AB0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x4c000`
SizeOfHeaders	`0x400`
Checksum	`0x4b080`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3ed5512b293aa5ccb14a2730a5a29785`
SHA1	`df85598271374ab44b618dd3406484df92cd74ce`
SHA256	`b55ea7f36007bb04f989c752a29e245bead9bdfc3913702e9f05cc1b26272d3e`
SHA3	`eac0d6142726512bc274619ea3ba58da9a701cbd4d73d4a2d5ed47b15533630a`
VirtualSize	`0x1627c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x16400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.34417`

.rdata

MD5	`87c2f5897217e01976ff658e70cc68ef`
SHA1	`a45b803c5189e6a37cd5dce4c0cd427ed5bc7053`
SHA256	`8e066d0edb091c2c8948cd09703c967848a619c75dde73bf842cd5468b8d64a7`
SHA3	`91c00399ab832c2aea6d294fab3598725a755c00a7b601fc4de240b69d44a74a`
VirtualSize	`0xbd1e`
VirtualAddress	`0x18000`
SizeOfRawData	`0xbe00`
PointerToRawData	`0x16800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.8319`

.data

MD5	`23e386737dc2315d655df1d2dc4f97c9`
SHA1	`065accdea84e67479a08a51e83b6dd3bbdaab164`
SHA256	`243c2b09929b9d33defdf01f514505e3afb10d10480dfde8c77318d9b899dd94`
SHA3	`a43cbac44f9548f705e0fc021d9c243c1222d081e736c69fb5b734ea22f03c53`
VirtualSize	`0x1838`
VirtualAddress	`0x24000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x22600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.3687`

.pdata

MD5	`c20628de244b4ad26d738fc5023ef5c1`
SHA1	`c4b6e73956dda9cc2bfc4b9f53d3cc6e8b6181be`
SHA256	`26d28ab08308ebbe19dea4673b4bd8cd46120a4826971710fa82c36ef53f389e`
SHA3	`d76843777bf9942d2219f35c7159ac599bcae19ec5b1fe5d9dc464b35914811a`
VirtualSize	`0x141c`
VirtualAddress	`0x26000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x23000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84522`

.reloc

MD5	`37812f81534460a128d06d0d29b2cb00`
SHA1	`8dcae4bb04c6e5e5d5a68d9e1d0bdc85c923ad95`
SHA256	`7d1932eae9901ec74760eb2c44a2df4a20f3a8bfb1a595db5dd20e43af7c73cf`
SHA3	`fa934fd7324404a9d4dd0c78dee6a4cbae71cf80f9cf2820ab6a74fe3716a019`
VirtualSize	`0x338`
VirtualAddress	`0x28000`
SizeOfRawData	`0x400`
PointerToRawData	`0x24600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.80573`

.rsrc

MD5	`746c49b45983182d397c152f817bdd76`
SHA1	`3a0bf2a911b4b754be6e329e98911bd78d611d1e`
SHA256	`e7917ef206fdeb2de5e9fd67467323f8754fa3ee0ae6d50527a54999ad11046f`
SHA3	`237926628347fe3135f9a330e4160c03f1e457f4c3200876b4a32134d8f7f27b`
VirtualSize	`0x22ae8`
VirtualAddress	`0x29000`
SizeOfRawData	`0x22c00`
PointerToRawData	`0x24a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.99393`

Imports

KERNEL32.dll	`FreeLibrary` `LoadLibraryExW` `OutputDebugStringW` `FindFirstFileExW` `EnterCriticalSection` `GetFullPathNameW` `FindNextFileW` `GetCurrentProcess` `GetModuleHandleExW` `GetModuleFileNameW` `LeaveCriticalSection` `GetEnvironmentVariableW` `GetModuleHandleW` `MultiByteToWideChar` `GetFileAttributesExW` `LoadLibraryA` `DeleteCriticalSection` `WideCharToMultiByte` `IsWow64Process` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `GetProcAddress` `GetWindowsDirectoryW` `FindResourceW` `GetLastError` `ActivateActCtx` `FindClose` `CreateActCtxW` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetCurrentProcessId` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStringTypeW` `SwitchToThread` `GetCurrentThreadId` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `LCMapStringEx` `QueryPerformanceCounter` `GetSystemTimeAsFileTime`
USER32.dll	`MessageBoxW`
SHELL32.dll	`ShellExecuteW`
ADVAPI32.dll	`RegOpenKeyExW` `RegGetValueW` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `RegCloseKey`
api-ms-win-crt-runtime-l1-1-0.dll	`_invoke_watson` `__p___argc` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_errno` `_initialize_onexit_table` `abort` `_c_exit` `_register_thread_local_exe_atexit_callback` `terminate` `__p___wargv`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `_set_fmode` `fputwc` `__p__commode` `fputws` `_wfsopen` `fflush` `__stdio_common_vfwprintf` `__stdio_common_vsnwprintf_s` `__stdio_common_vswprintf` `setvbuf`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `_set_new_mode` `free` `_callnewh` `malloc`
api-ms-win-crt-string-l1-1-0.dll	`wcsncmp` `toupper` `strcmp` `strlen` `_wcsdup` `wcsnlen` `strcpy_s`
api-ms-win-crt-convert-l1-1-0.dll	`wcstoul` `_wtoi`
api-ms-win-crt-time-l1-1-0.dll	`wcsftime` `_gmtime64_s` `_time64`
api-ms-win-crt-locale-l1-1-0.dll	`___mb_cur_max_func` `_configthreadlocale` `___lc_codepage_func` `___lc_locale_name_func` `__pctype_func` `_lock_locales` `setlocale` `_unlock_locales`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.07896`
MD5	`621ce1d5750129dca1170aaea49fece1`
SHA1	`6427e5bb5da70bf441bb1f2bb988f4344889df3b`
SHA256	`e18173874c333d37c79b6bbe9fe5a73bd8fdd3ae029eada01ac0288b354cfbbb`
SHA3	`d4ba2b9b13bed1575a01d52a04bc50749c7f439180126f8adabd6d3ed4653a59`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.95526`
MD5	`11e149519a03a2e026943bf09a34c367`
SHA1	`878c582ee20b9479582f65bc45f2f7d4c05cb74f`
SHA256	`43a5c16884ba42d73e9433d8f61a867d3a3da7b5d25b62c0c46084d5c444c7dd`
SHA3	`d892aa88f3e57ff1f7644fc77c9b673a051d7b52f650185574cddd0c130ccbb4`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85812`
MD5	`002a1ea8caa88d63d963a6a7e35e38bb`
SHA1	`bf71ffbdb5c59c488772016cd31621b5e8c60e10`
SHA256	`42d0d1ed294af3c13f183ef143d326b276d2522981bb5685a70948bb1509ca44`
SHA3	`df7a023067439678f15b4a76bc0ff4cde57c54c3a44463adf75eb7914a28f04f`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32719`
MD5	`219c15fecfbab2b7974799bedf2e4dd5`
SHA1	`d63d9147706ae73fbc882ce168f7d0d6da53a6a9`
SHA256	`181d0e1bef439677b1c15b1092ee24b8c2eaf2bc45002305455f3e62a3cb270f`
SHA3	`699b0534e63262c22d221ccc226a8414c00099a3580d59a02fa1a20d91ac2d8b`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06642`
MD5	`633a359d66f17a1f080994cbfbdfc198`
SHA1	`d1f8202c5487bf28588d1bcfb41f77fa045a9ec1`
SHA256	`1402930d74266e313b0f4c112dbeb9ca1326a52ef4d827ca564943f14013f1e5`
SHA3	`ec388618cc91a8b9548e09e93771924521347a9ce3da702976923e20f4f8846b`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8511`
MD5	`89fec49177d1f440134d6500390c201e`
SHA1	`20e9d57afdbd5f8941256a3bdef06157983e4bb7`
SHA256	`c446596a11e5c55d5296b1871dfec84d3667df563644104d65979129473027bc`
SHA3	`3ab5be2204e27a52fd4fc5164f11a26990d2e5495f5c5d4b870553fe5fad8f08`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.69982`
MD5	`af7190b7b640f17bfa8a22307ae11ccf`
SHA1	`1a92610b296354aed3e664b40e0652d3e28644e8`
SHA256	`5b7b960fba91b2c438c760bae853f3bbf913fe28c5ac14c2d2e3b396286c55df`
SHA3	`89f4ac0eadf39c92c94116f2bc6b3c13cab73ef59272d875338e7c7836ede11d`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0112`
Detected Filetype	Icon file
MD5	`a5a66701ea54a5a504195e4a1594f5f2`
SHA1	`8a6533d058a07be5238810d0e0e4a8c6542b10f3`
SHA256	`d403242134cc2517ba1a8a978db1554832296fc6130b7f142ad0eb7435b4d5ce`
SHA3	`50a8e2a5bf26bf580fcacb3fc99774dbac59ba9254f3e7f1f7860b0f933b6c48`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x30a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46445`
MD5	`74558e0c973c0b5247fd3b08ba979a4b`
SHA1	`a02dedd8c8b76cf52d76de108ce39fcf944c4777`
SHA256	`ade5c51fd4a93c157c26c5d4c8af8a448459bd307c0f4e131d7d006cd24a8814`
SHA3	`871cb335028edcb70e3c728380960273a0812353324ce68d097ae223d1c00e22`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.19.0
ProductVersion	1.2.19.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	LAND3 Simulations
FileDescription	vRAAS
FileVersion (#2)	1.2.19.0
InternalName	vRAAS.dll
LegalCopyright
OriginalFilename	vRAAS.dll
ProductName	vRAAS
ProductVersion (#2)	1.2.19+dda05dc9a5276884e8dc52bf5ab657a31f90fb4f
Assembly Version	1.2.19.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Dec-06 22:42:45
Version	`0.0`
SizeofData	`109`
AddressOfRawData	`0x2079c`
PointerToRawData	`0x1ef9c`
Referenced File	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Dec-06 22:42:45
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2080c`
PointerToRawData	`0x1f00c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-06 22:42:45
Version	`0.0`
SizeofData	`988`
AddressOfRawData	`0x20820`
PointerToRawData	`0x1f020`

TLS Callbacks

StartAddressOfRawData	`0x140020c48`
EndAddressOfRawData	`0x140020c58`
AddressOfIndex	`0x140025820`
AddressOfCallbacks	`0x1400184f0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140024080`
GuardCFCheckFunctionPointer	`5368808480`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x55c582b4`
Unmarked objects	`0`
ASM objects (35207)	`10`
C objects (35207)	`12`
C++ objects (35207)	`87`
Imports (VS2008 SP1 build 30729)	`16`
Imports (33140)	`9`
Total imports	`204`
C++ objects (LTCG) (35217)	`10`
Linker (35217)	`1`

Errors

Leave a comment

No comments yet.