Manalyze report for 22f4166f7039fb5adccb193989f18245

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Jan-16 18:58:29
TLS Callbacks	2 callback(s) detected.
Debug artifacts	D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb
CompanyName	NavaioSecurityTest
FileDescription	NavaioSecurityTest
FileVersion	`1.0.0.0`
InternalName	NavaioSecurityTest.dll
LegalCopyright
OriginalFilename	NavaioSecurityTest.dll
ProductName	NavaioSecurityTest
ProductVersion	`1.0.0+f06abc8f247547acebe552b1b7a02393211c0aff`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: schtask` `Contains references to security software: rshell.exe` `Looks for VMWare presence: vmtools vmware` `Looks for VirtualBox presence: vboxservice vboxtray` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com crl.microsoft.com genretrucklooksValueFrame.net github.com go.microsoft.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://go.microsoft.com http://go.microsoft.com/fwlink/?LinkId http://manifests.microsoft.com http://manifests.microsoft.com/win/2004/08/windows/events http://schemas.microsoft.com http://schemas.microsoft.com/win/2004/08/events http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlywindowsdevicegroup http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdeviceclaim http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdevicegroup http://schemas.microsoft.com/ws/2008/06/identity/claims/windowssubauthority http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsuserclaim http://schemas.xmlsoap.org http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pkiops/Docs/Repository.htm0 http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com0 http://www.style http://www.text-decoration http://www.w3.org http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema#boolean http://www.w3.org/2001/XMLSchema#integer64 http://www.w3.org/2001/XMLSchema#string http://www.w3.org/2001/XMLSchema#uinteger64 http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://aka.ms https://github.com https://go.microsoft.com https://go.microsoft.com/fwlink/?LinkID https://go.microsoft.com/fwlink/?linkid https://joshua-server.nl https://www.World https://www.recent joshua-server.nl manifests.microsoft.com microsoft.com microsoft.net schemas.microsoft.com schemas.xmlsoap.org server.nl thing.org www.microsoft.com www.w3.org xmlsoap.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .CLR_UEF` `Unusual section name found: Section`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryExA LoadLibraryW LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegGetValueW RegQueryValueExW RegOpenKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetKernelObjectSecurity`
Malicious	The PE is possibly a dropper.	`Resource MINIDUMP_EMBEDDED_AUXILIARY_PROVIDER detected as a PE Executable.`
Suspicious	The file contains overlay data.	`5161793 bytes of data starting at offset 0x933a00.`
Malicious	VirusTotal score: 3/73 (Scanned on 2025-03-12 20:56:00)	`APEX: Malicious` `Zillya: Trojan.Rozena.Win32.240132` `huorong: HEUR:Worm/Autorun.d`

Hashes

MD5	`22f4166f7039fb5adccb193989f18245`
SHA1	`fff5d9d406b57524235ed90a2b7c3fbf7595b1bc`
SHA256	`5f3673b86e3f8f3e2971ac6dc35dbb7ab813e01f086dd5152992846b50983de6`
SHA3	`41237c6efaed2f348602d386c5873111e1194e84d1ead615136bd77d9afe6736`
SSDeep	`196608:ImZavet9PsaBLD6bsGJdqdZ5PoUh5apyEh2ZBfHtmChHY1Cehs:Tge9saBAyPzapyD`
Imports Hash	`5545807884bf305f7eb9b76b85db6b0c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2025-Jan-16 18:58:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x613600`
SizeOfInitializedData	`0x320000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000005C92C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x950000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2b07668872858f4072130f237db11edb`
SHA1	`befbc1e7d828aece610916dda705f694c4f9eba9`
SHA256	`b5128cd619dc58e60f0f8810b2c3e099c0f170306f53a3ee86b54173dfda1ea3`
SHA3	`beaab1c83e777b89dc8c93ab5abaa8d7cea30faba2e95dbacbed07d9bf15e0d1`
VirtualSize	`0x6132cc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x613400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45461`

.CLR_UEF

MD5	`28d1112d67389e260dad5d56fc984ea7`
SHA1	`c7fcb8c61ce14180d9a5810b6b2c900c6ef348c1`
SHA256	`ee177fb99fbee69147a6bb1eadc007ad02e1db4eeaf75ad6778c3bbc0bde7acc`
SHA3	`7a5423b6af9b3046e2fd61fbe76c4b309f690629da3f35d217e8d10f889b9672`
VirtualSize	`0xdd`
VirtualAddress	`0x615000`
SizeOfRawData	`0x200`
PointerToRawData	`0x613800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.09994`

.rdata

MD5	`f1937a35ecdb42432410c7cca489cf8b`
SHA1	`54448139ea1efdfea2cbc06becc36ef15cead277`
SHA256	`35329ec5ac58afc82ee842e3fd180092ec13adf0a87b1d9ae2bd83f63bc234b9`
SHA3	`c3a63d325bc69fe5ae1cb0b34a8671de110457a1e946883249bf8a8667b5ff33`
VirtualSize	`0x17c692`
VirtualAddress	`0x616000`
SizeOfRawData	`0x17c800`
PointerToRawData	`0x613a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.66148`

.data

MD5	`924d28d64c641a48f4f8960393bd0e3b`
SHA1	`c9142e0d07ee0816850d7b18406ff56943516a42`
SHA256	`28e4509aeea76b825e4ad237d2d1dee766ab7ea867d1c01770beb965d1ee0a2c`
SHA3	`ddfb35d9d25e53691cde3b1673612cbcffb145b57558ccf83ff2fe44bad46ca0`
VirtualSize	`0x1ffc4`
VirtualAddress	`0x793000`
SizeOfRawData	`0x9800`
PointerToRawData	`0x790200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.32743`

.pdata

MD5	`033ffea11ade1e3d647dcfd2b0965390`
SHA1	`badf3fa2fe0bb8fd90174780a02a4e8171ad4fb8`
SHA256	`e49eada6a1891163c794731fa8e6fcec5bb8e7bba492c80ebcda805199c7f657`
SHA3	`94a8b69fa5c33b3de1ef40a9a45606958e26af718d810a6caed3ecdd98a264c5`
VirtualSize	`0x35fc4`
VirtualAddress	`0x7b3000`
SizeOfRawData	`0x36000`
PointerToRawData	`0x799a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.51241`

.didat

MD5	`bacf1be54ff164095b3a8799deb68ac7`
SHA1	`408334978b5542cb2a95d3e66e4b5a69fdf158ad`
SHA256	`0286fab7471f991d0d6e6e1b2148f59ec0f98075dfa729e1dbca6f4ba0e456bb`
SHA3	`535a5bbb0e7981ea379c2394251c2f06a5844c40157af3938baad243f9cf98f8`
VirtualSize	`0x38`
VirtualAddress	`0x7e9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7cfa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.42693`

Section

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x7ea000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7cfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

_RDATA

MD5	`617430a8cd708dda1865fee2910d8a1a`
SHA1	`b2d344e99eaf406f9d735221b7e4be4a00b5dc4c`
SHA256	`46fcf6f9bc3d68ed740f4c7a9ec00a525bf1567d1b3292ea60a0f225dec677f1`
SHA3	`4cb75c28b76b7e3356736ef0006976b6595b0fdd1d2e93a03ccae4ac27bb3445`
VirtualSize	`0x13208`
VirtualAddress	`0x7eb000`
SizeOfRawData	`0x13400`
PointerToRawData	`0x7cfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.48272`

.rsrc

MD5	`652f5d85f14b837b2d155beadfcc5fc6`
SHA1	`77696904f92e41c981523f1cc6765b29511d87b1`
SHA256	`fa1398f539260918b5858fe150ad4034a60eacd0fd5ec97145ecda1728c49af7`
SHA3	`575ecd1a46b28428bb715741ea53af08424406fe823e81ecaf558e6c2741fae8`
VirtualSize	`0x1487ac`
VirtualAddress	`0x7ff000`
SizeOfRawData	`0x148800`
PointerToRawData	`0x7e3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.35739`

.reloc

MD5	`f7116667d46f7a104e1a33fbfc34f890`
SHA1	`367644a19c7e9102a927f9b6e6e4886559a5858e`
SHA256	`5c021597ac4f2c3e56cddadc7cc0f7879d8cc4fd539b898e158980d4dc6010f0`
SHA3	`a3c0081690e5ec464275401cd6fe24822ec3f1f3d8b578fed5d740d5c6d86e49`
VirtualSize	`0x7e30`
VirtualAddress	`0x948000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x92ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44477`

Imports

KERNEL32.dll	`RaiseException` `FreeLibrary` `SetErrorMode` `RaiseFailFastException` `GetExitCodeProcess` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `AddVectoredExceptionHandler` `MultiByteToWideChar` `GetTickCount` `FlushInstructionCache` `QueryPerformanceFrequency` `QueryPerformanceCounter` `RtlLookupFunctionEntry` `LocateXStateFeature` `RtlDeleteFunctionTable` `InterlockedPushEntrySList` `InterlockedFlushSList` `InitializeSListHead` `GetTickCount64` `DuplicateHandle` `QueueUserAPC` `WaitForSingleObjectEx` `SetThreadPriority` `GetThreadPriority` `GetCurrentThreadId` `TlsAlloc` `GetCurrentThread` `GetCurrentProcessId` `CreateThread` `GetModuleHandleW` `WaitForMultipleObjectsEx` `SignalObjectAndWait` `RtlCaptureContext` `SetThreadStackGuarantee` `VirtualQuery` `WriteFile` `GetStdHandle` `GetConsoleOutputCP` `MapViewOfFileEx` `UnmapViewOfFile` `GetStringTypeExW` `InterlockedPopEntrySList` `ExitProcess` `Sleep` `CreateMemoryResourceNotification` `VirtualAlloc` `VirtualFree` `VirtualProtect` `SleepEx` `SwitchToThread` `SuspendThread` `ResumeThread` `InitializeContext` `SetXStateFeaturesMask` `RtlRestoreContext` `CloseThreadpoolTimer` `CreateThreadpoolTimer` `SetThreadpoolTimer` `ReadFile` `GetFileSize` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `CreateEventW` `SetEvent` `ResetEvent` `GetThreadContext` `SetThreadContext` `GetEnabledXStateFeatures` `CopyContext` `WerRegisterRuntimeExceptionModule` `RtlInstallFunctionTableCallback` `GetSystemDefaultLCID` `GetUserDefaultLCID` `RtlUnwind` `HeapAlloc` `HeapFree` `GetProcessHeap` `HeapCreate` `HeapDestroy` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `FormatMessageW` `CreateSemaphoreExW` `ReleaseSemaphore` `GetACP` `LCMapStringEx` `LocalFree` `VerSetConditionMask` `VerifyVersionInfoW` `QueryThreadCycleTime` `GetLogicalProcessorInformationEx` `SetThreadGroupAffinity` `GetThreadGroupAffinity` `GetProcessGroupAffinity` `GetCurrentProcessorNumberEx` `GetProcessAffinityMask` `QueryInformationJobObject` `CloseHandle` `GetSystemTimeAsFileTime` `GetModuleFileNameW` `CreateProcessW` `GetCPInfo` `LoadLibraryExW` `CreateFileW` `GetFileAttributesExW` `GetFullPathNameW` `LoadLibraryExA` `OutputDebugStringA` `OpenEventW` `ReleaseMutex` `ExitThread` `CreateMutexW` `HeapReAlloc` `CreateNamedPipeA` `WaitForMultipleObjects` `DisconnectNamedPipe` `CreateFileA` `CancelIoEx` `GetOverlappedResult` `ConnectNamedPipe` `FlushFileBuffers` `SetFilePointer` `MapViewOfFile` `GetActiveProcessorGroupCount` `GetSystemTime` `SetConsoleCtrlHandler` `GetLocaleInfoEx` `GetUserDefaultLocaleName` `RtlAddFunctionTable` `LoadLibraryW` `CreateDirectoryW` `RemoveDirectoryW` `CreateActCtxW` `ActivateActCtx` `FindResourceW` `GetWindowsDirectoryW` `GetFileSizeEx` `FindFirstFileExW` `FindNextFileW` `GetTempPathW` `FindClose` `LoadLibraryA` `GetCurrentDirectoryW` `IsWow64Process` `EncodePointer` `DecodePointer` `CreateFileMappingA` `TlsSetValue` `TlsGetValue` `GetSystemInfo` `GetCurrentProcess` `OutputDebugStringW` `IsDebuggerPresent` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `InitializeCriticalSection` `WideCharToMultiByte` `GetCommandLineW` `GetProcAddress` `GetModuleHandleExW` `SetThreadErrorMode` `FlushProcessWriteBuffers` `SetLastError` `DebugBreak` `WaitForSingleObject` `GetNumaHighestNodeNumber` `SetThreadAffinityMask` `SetThreadIdealProcessorEx` `GetThreadIdealProcessorEx` `VirtualAllocExNuma` `GetNumaProcessorNodeEx` `VirtualUnlock` `GetLargePageMinimum` `IsProcessInJob` `K32GetProcessMemoryInfo` `GetLogicalProcessorInformation` `GlobalMemoryStatusEx` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlVirtualUnwind` `IsProcessorFeaturePresent` `RtlUnwindEx` `InitializeCriticalSectionAndSpinCount` `TlsFree` `RtlPcToFileHeader` `TryAcquireSRWLockExclusive` `GetExitCodeThread` `GetStringTypeW` `InitializeCriticalSectionEx` `GetLastError` `CreateFileMappingW`
ADVAPI32.dll	`ReportEventW` `AdjustTokenPrivileges` `RegGetValueW` `SetKernelObjectSecurity` `GetSidSubAuthorityCount` `GetSidSubAuthority` `GetTokenInformation` `OpenProcessToken` `DeregisterEventSource` `RegisterEventSourceW` `RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `EventRegister` `SetThreadToken` `RevertToSelf` `OpenThreadToken` `EventWriteTransfer` `EventWrite` `LookupPrivilegeValueW`
ole32.dll	`CreateStreamOnHGlobal` `CoRevokeInitializeSpy` `CoGetClassObject` `CoGetContextToken` `CoGetObjectContext` `CoUnmarshalInterface` `CoMarshalInterface` `CoGetMarshalSizeMax` `CLSIDFromProgID` `CoReleaseMarshalData` `CoTaskMemFree` `CoTaskMemAlloc` `CoCreateGuid` `CoInitializeEx` `CoRegisterInitializeSpy` `CoWaitForMultipleHandles` `CoUninitialize` `CoCreateFreeThreadedMarshaler`
OLEAUT32.dll	`CreateErrorInfo` `SysFreeString` `GetErrorInfo` `SetErrorInfo` `SysStringLen` `SysAllocString` `SysAllocStringLen` `SafeArrayGetDim` `SafeArrayGetLBound` `SafeArrayDestroy` `QueryPathOfRegTypeLib` `LoadTypeLibEx` `SafeArrayGetVartype` `VariantChangeType` `VariantChangeTypeEx` `VariantClear` `VariantInit` `VarCyFromDec` `SafeArrayAllocDescriptorEx` `GetRecordInfoFromTypeInfo` `SafeArraySetRecordInfo` `SafeArrayAllocData` `SafeArrayGetElemsize` `SysStringByteLen` `SysAllocStringByteLen` `SafeArrayCreateVector` `SafeArrayPutElement` `LoadRegTypeLib`
USER32.dll	`LoadStringW` `MessageBoxW`
SHELL32.dll	`ShellExecuteW`
api-ms-win-crt-string-l1-1-0.dll	`strncat_s` `wcsncat_s` `strcmp` `wcsnlen` `wcscat_s` `towupper` `iswascii` `_strdup` `strncpy` `strnlen` `wcstok_s` `isdigit` `isupper` `isalpha` `towlower` `_wcsdup` `iswspace` `isspace` `islower` `strtok_s` `_wcsnicmp` `strcspn` `__strncnt` `strlen` `wcscpy_s` `toupper` `wcsncpy_s` `strcpy_s` `strcat_s` `strncpy_s` `_strnicmp` `tolower` `wcsncmp` `iswupper` `strncmp` `_stricmp` `_wcsicmp`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsscanf` `fflush` `__acrt_iob_func` `__stdio_common_vfprintf` `__stdio_common_vswprintf` `__stdio_common_vfwprintf` `fputws` `fputwc` `_get_stream_buffer_pointers` `_fseeki64` `fread` `fsetpos` `ungetc` `fgetpos` `fgets` `fgetc` `fputc` `_wfsopen` `_wfopen` `__p__commode` `_set_fmode` `__stdio_common_vsnprintf_s` `setvbuf` `_setmode` `_dup` `_fileno` `ftell` `fseek` `fputs` `__stdio_common_vsnwprintf_s` `__stdio_common_vsprintf_s` `fwrite` `_flushall` `fopen` `fclose`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `_register_onexit_function` `_configure_wide_argv` `_initialize_wide_environment` `_get_initial_wide_environment` `_initterm` `_initterm_e` `_exit` `_invalid_parameter_noinfo_noreturn` `__p___argc` `__p___wargv` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initialize_onexit_table` `_beginthreadex` `terminate` `_controlfp_s` `_wcserror_s` `_invalid_parameter_noinfo` `_errno` `exit` `abort`
api-ms-win-crt-convert-l1-1-0.dll	`_atoi64` `_ltow_s` `_wtoi` `strtoul` `_wcstoui64` `atol` `_itow_s` `strtoull` `wcstoul`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode` `calloc` `malloc` `realloc`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-math-l1-1-0.dll	`asinhf` `atanhf` `cbrtf` `acoshf` `cosh` `cbrt` `coshf` `exp` `expf` `acosh` `atanh` `floor` `floorf` `fma` `fmaf` `cosf` `_fdopen` `cos` `ceilf` `_copysignf` `_isnanf` `trunc` `truncf` `ilogb` `ilogbf` `tanhf` `ceil` `fmod` `fmodf` `atanf` `frexp` `atan2f` `atan2` `log` `log10` `log10f` `atan` `asinf` `log2` `log2f` `logf` `pow` `powf` `sin` `sinf` `asin` `sinh` `sinhf` `sqrt` `sqrtf` `tan` `tanf` `tanh` `acosf` `_copysign` `asinh` `_isnan` `_finite` `modf` `modff` `acos` `__setusermatherr`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `_gmtime64_s` `wcsftime`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-locale-l1-1-0.dll	`_unlock_locales` `setlocale` `__pctype_func` `___lc_locale_name_func` `_lock_locales` `___lc_codepage_func` `___mb_cur_max_func` `_configthreadlocale` `localeconv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_wrename` `_unlock_file` `_wremove` `_lock_file`
VERSION.dll (delay-loaded)	`VerQueryValueW` `GetFileVersionInfoExW` `GetFileVersionInfoSizeExW`

Delayed Imports

Attributes	`0x1`
Name	`VERSION.dll`
ModuleHandle	`0x79c800`
DelayImportAddressTable	`0x7e9000`
DelayImportNameTable	`0x78f5c0`
BoundDelayImportTable	`0x78f660`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

g_CLREngineMetrics

Ordinal	`2`
Address	`0x794de8`

CLRJitAttachState

Ordinal	`3`
Address	`0x7a8238`

DotNetRuntimeInfo

Ordinal	`4`
Address	`0x7955e0`

MetaDataGetDispenser

Ordinal	`5`
Address	`0x56a350`

g_dacTable

Ordinal	`6`
Address	`0x63d680`

CLRDEBUGINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21078`
MD5	`0638eb5d8c1bf1d2f94db236713cc5d2`
SHA1	`3b729db9c4c970cbb3190407d0f2cb91e60ba9ae`
SHA256	`52618d59a20e2fdffc7eb49ee809c37f98f08da6de3e9374243270f8f7730c2f`
SHA3	`56fca1759f24a95e60ec7e6a916a958b6cabc65796e9a32215c69c0e2ed904bb`

CLRDEBUGINFOWINDOWSAMD64

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21078`
MD5	`0638eb5d8c1bf1d2f94db236713cc5d2`
SHA1	`3b729db9c4c970cbb3190407d0f2cb91e60ba9ae`
SHA256	`52618d59a20e2fdffc7eb49ee809c37f98f08da6de3e9374243270f8f7730c2f`
SHA3	`56fca1759f24a95e60ec7e6a916a958b6cabc65796e9a32215c69c0e2ed904bb`

MINIDUMP_EMBEDDED_AUXILIARY_PROVIDER

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x148020`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35783`
Detected Filetype	PE Executable
MD5	`8a413f73e3cdebd821c5fb67647547e5`
SHA1	`780e75c70a257bc0892d14ce563f0864722445c1`
SHA256	`b0ee9f1e33324ed4e925f6af8b3f0d901a9ff06fca85440bd9d6f52254723244`
SHA3	`f7097814a139db0b51c647e939d3d76bec40fe970a767453d983318eb5442608`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x378`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33785`
MD5	`27858762d483dc5978442c189fa23e8a`
SHA1	`5402a652777d483c6ec5e627b003c6aaa349db0f`
SHA256	`67f5a5f73d152408e2f7098c12419696a6b1844dc9e5cf861c4798b16f91823e`
SHA3	`b0395b315fe48ddb7cfa5f303136a96455c70c563d4f77e3ee44190a3258ad3e`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86753`
MD5	`eb634395c2dcf1f5447633aed794b134`
SHA1	`ee8f2cc7efa46a47cccb2bfcc954e978d9b6c255`
SHA256	`038594b68d588af519cf9bdd5c62a3197dd84acacde115865e3b83b1b1e2083d`
SHA3	`784d9904993295d1eda72757dedd2fdb245e15baeb673623efb52f90d1fd1895`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	NavaioSecurityTest
FileDescription	NavaioSecurityTest
FileVersion (#2)	1.0.0.0
InternalName	NavaioSecurityTest.dll
LegalCopyright
OriginalFilename	NavaioSecurityTest.dll
ProductName	NavaioSecurityTest
ProductVersion (#2)	1.0.0+f06abc8f247547acebe552b1b7a02393211c0aff
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jan-16 18:58:29
Version	`0.0`
SizeofData	`116`
AddressOfRawData	`0x715d7c`
PointerToRawData	`0x71377c`
Referenced File	D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jan-16 18:58:29
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x715df0`
PointerToRawData	`0x7137f0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jan-16 18:58:29
Version	`0.0`
SizeofData	`1332`
AddressOfRawData	`0x715e04`
PointerToRawData	`0x713804`

TLS Callbacks

StartAddressOfRawData	`0x140716380`
EndAddressOfRawData	`0x14071656d`
AddressOfIndex	`0x14079c850`
AddressOfCallbacks	`0x140617028`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001405C8740` `0x00000001405C8F00`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140793040`
GuardCFCheckFunctionPointer	`5375094472`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x41ce4d1e`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
ASM objects (34321)	`20`
C objects (34321)	`18`
C++ objects (34321)	`96`
C objects (33138)	`8`
Imports (33138)	`13`
Total imports	`520`
ASM objects (34435)	`21`
C++ objects (LTCG) (34435)	`653`
Exports (34435)	`1`
Resource objects (34435)	`1`
Linker (34435)	`1`

Errors

[*] Warning: Raw bytes from section .text could not be obtained.