Manalyze report for 24590bf74bbbbfd7d7ac070f4e3c44fd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-May-02 20:32:56
Detected languages	English - United States
Debug artifacts	cscript.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft ® Console Based Script Host
FileVersion	`5.812.10240.16384`
InternalName	cscript.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	cscript.exe
ProductName	Microsoft ® Windows Script Host
ProductVersion	`5.812.10240.16384`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryExW LoadLibraryW` `Can access the registry: RegCreateKeyA RegQueryValueExA RegSetValueExA RegOpenKeyExA RegEnumKeyExA RegCloseKey RegQueryValueExW RegOpenKeyExW RegSetValueExW RegCreateKeyExW RegCreateKeyExA` `Can create temporary files: CreateFileW CreateFileA GetTempPathA`
Safe	VirusTotal score: 0/69 (Scanned on 2022-02-10 14:28:40)	`All the AVs think this file is safe.`

Hashes

MD5	`24590bf74bbbbfd7d7ac070f4e3c44fd`
SHA1	`cdfe517d07f18623778829aa98d6bbadd3f294cd`
SHA256	`ae37fd1b642e797b36b9ffcec8a6e986732d011681061800c6b74426c28a9d03`
SHA3	`2adf4718eba4767d927ab4bad67c32690efd29ba331c9503412bc0277984ff44`
SSDeep	`3072:O4jcFp8lMpEXjBEezimaUcmm0R/MsDM9/KhjULtgiTt6IZxttN:jjcY+yXjBEeGmaNmmnCLUgEtfZhN`
Imports Hash	`2b44d2206b9865383429e9c1524f1cac`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2021-May-02 20:32:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x13800`
SizeOfInitializedData	`0x14200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002880 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x2c000`
SizeOfHeaders	`0x400`
Checksum	`0x2cc94`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x8000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`821d236b24a5e0db710b821ff2e94dd4`
SHA1	`40660684d0b1eb21cacee5e92e8a35c64346303e`
SHA256	`ac67a81bd1368fca264772e469759daceb35383f0c23e94f4938af5faec8fbdc`
SHA3	`0772773727cdc48f808f3e9168f820fafb75dc741f9acfd0192ef327d727a61d`
VirtualSize	`0x13763`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.12583`

.rdata

MD5	`7b07157de7062a506bba72a6d03bf385`
SHA1	`67a845859d1983535fb3383360067bc238866ef6`
SHA256	`bd7beeb86257a29d952a09463a7055648cc799c6a80afd0e649ee6374ee1c678`
SHA3	`ebdbe9453246ac9baac6b345dbd21f32694dba1c2b6ad8db4ad476eddcd59782`
VirtualSize	`0x9438`
VirtualAddress	`0x15000`
SizeOfRawData	`0x9600`
PointerToRawData	`0x13c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.45704`

.data

MD5	`1c37e1d080cf6e07a63f6c048559dac3`
SHA1	`4208b7108dc9fae3caac19c9c8baaefe5a2ac33e`
SHA256	`1c0b7679cf85ac6a0c7427624dfa26d3d46d9943918ca7f8895d67da76cce272`
SHA3	`31cf260692d6ececbc21654069602365bd8710edb11e176143b6ebb89d68181b`
VirtualSize	`0x878`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.24024`

.pdata

MD5	`8d03fb46f7de98a94caca1b2ce57b6f9`
SHA1	`5d9ea0e24d9b43dddf7e54229bbac3173f9d6d77`
SHA256	`778163e9eeaa751bc4d3fe63cea58923d710d749c6b26870bb826c7be6cc507c`
SHA3	`99ca5b5b88870e7542b705ce22406db0ec9bd88403282223d9e97a4bd190e1da`
VirtualSize	`0x11d0`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.05505`

.rsrc

MD5	`155e7ee0225e802ff0e347cd09f9eea5`
SHA1	`1e59926d182a15a5da0f2e4860dff955ee9113e7`
SHA256	`7da7e989e4d1d10dd532389632c9cbf3cfec729d4b59eff8135718ae1e9cca4b`
SHA3	`b041bd2213a5d16d47ab0123eebfee9421b083f7d819b89b2929dc9ea91f6880`
VirtualSize	`0x84d0`
VirtualAddress	`0x22000`
SizeOfRawData	`0x8600`
PointerToRawData	`0x1e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.34932`

.reloc

MD5	`729e5ba6e6ad92df5e23985f3e29e236`
SHA1	`b25a3e3757be04e3809f90154ea38efc74042ae7`
SHA256	`fb3c1d05487376414eb8d2017749fe4d4346bf0fc33cc0d61e10893cabfe4af4`
SHA3	`a0258cafb2f438d29cd02f5b29e23731e57008b40464941776963693fddc1f28`
VirtualSize	`0x9fc`
VirtualAddress	`0x2b000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x26c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.36086`

Imports

msvcrt.dll	`__C_specific_handler` `_vsnprintf` `_swab` `strcpy_s` `sprintf_s` `swprintf_s` `_itow` `_vsnwprintf` `_wcsicmp` `_wcsnicmp` `wcsncmp` `bsearch` `_itow_s` `wcscpy_s` `memmove` `free` `_callnewh` `malloc` `wcscat_s` `wcsrchr` `memcmp` `memcpy` `memset`
OLEAUT32.dll	`SysAllocStringLen` `VariantCopy` `VariantInit` `SetErrorInfo` `VariantChangeType` `SafeArrayGetElement` `LoadTypeLib` `SafeArrayCreate` `CreateErrorInfo` `SysAllocString` `VariantClear` `SafeArrayPutElement` `SafeArrayGetUBound` `SafeArrayDestroy` `LoadRegTypeLib` `SafeArrayCopy` `SysFreeString` `SafeArrayGetLBound` `SysStringLen`
KERNEL32.dll	`GetCommandLineA` `MultiByteToWideChar` `ExitProcess` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `GetTickCount` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `CreateFileMappingA` `UnmapViewOfFile` `CreateFileW` `GetPrivateProfileStringA` `GetPrivateProfileIntA` `GetFileSize` `GetCommandLineW` `GetPrivateProfileStringW` `MapViewOfFile` `WideCharToMultiByte` `GetPrivateProfileIntW` `WriteConsoleW` `GetProcessHeap` `HeapAlloc` `HeapReAlloc` `HeapFree` `GetLastError` `GetLocaleInfoA` `GetLocaleInfoW` `GetFullPathNameA` `GetFullPathNameW` `FlushFileBuffers` `GetTempFileNameA` `GetSystemDirectoryA` `CreateFileA` `GetTempPathA` `GetConsoleMode` `LoadLibraryExA` `LocalAlloc` `FormatMessageW` `GetUserDefaultLCID` `GetProcAddress` `LocalFree` `FormatMessageA` `LoadLibraryExW` `FindFirstFileW` `FindFirstFileA` `FindClose` `GetFileAttributesW` `GetACP` `GetFileAttributesA` `WriteFile` `GetCPInfo` `GetModuleFileNameA` `GetStdHandle` `CreateEventA` `GetModuleFileNameW` `CreateThread` `GetModuleHandleA` `InitializeCriticalSection` `SetEvent` `SearchPathW` `SetLastError` `CloseHandle` `GetVersionExA` `GetSystemDefaultUILanguage` `DeleteCriticalSection` `FreeLibrary` `CreateFileMappingW` `GetUserDefaultUILanguage` `LeaveCriticalSection` `GetVersionExW` `FindResourceExW` `LoadResource` `EnterCriticalSection` `LoadLibraryW`
OLE32.dll	`CoInitializeSecurity` `CoCreateInstance` `CLSIDFromString` `CoGetTreatAsClass` `CreateFileMoniker` `CoInitialize` `CoUninitialize` `CoRegisterMessageFilter` `CoGetClassObject` `CLSIDFromProgID` `MkParseDisplayName` `CreateBindCtx`
ADVAPI32.dll	`LookupAccountNameW` `GetUserNameW` `RegisterEventSourceW` `ReportEventW` `RegCreateKeyA` `RegQueryValueExA` `IsTextUnicode` `RegSetValueExA` `RegOpenKeyExA` `RegEnumKeyExA` `RegCloseKey` `ImpersonateLoggedOnUser` `DeregisterEventSource` `RegQueryValueExW` `RegOpenKeyExW` `RegSetValueExW` `RegCreateKeyExW` `RegCreateKeyExA`
VERSION.dll	`GetFileVersionInfoSizeA` `VerQueryValueA` `VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoA` `GetFileVersionInfoW`
USER32.dll	`GetMessageA` `DispatchMessageA` `GetParent` `IsWindowVisible` `PostMessageA` `GetClassNameA` `MsgWaitForMultipleObjects` `MsgWaitForMultipleObjectsEx` `SetWindowLongPtrA` `SetTimer` `GetActiveWindow` `LoadStringW` `LoadStringA` `RegisterClassA` `DefWindowProcA` `CreateWindowExA` `CharNextA` `TranslateMessage` `GetClassInfoA` `SendMessageA` `EnumThreadWindows` `PeekMessageA` `GetWindowLongPtrA` `KillTimer` `PostQuitMessage`

Delayed Imports

Ordinal	`1`
Address	`0x1890`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74798`
MD5	`1c4709fa9f15e6fa98e78fb1e56ae218`
SHA1	`3de61ccbe23c81ea7500c1f4b6c2aeeda02a2653`
SHA256	`91a280f57f137110b170f87d1d6f4dc3fb8c50c7552fccbb4b27a4d568db3739`
SHA3	`0647ffea316bd0de0d7dd32fbf91c4fdba56efe7a7d64c381bc67ba01c6dcd2f`

1 (#2)

Type	`TYPELIB`
Language	English - United States
Codepage	UNKNOWN
Size	`0x50cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.39996`
MD5	`ce7d8fd6d9d2a11bd8ecd222438347e0`
SHA1	`db58c20fc68adb959f354235aba8e592c177cc79`
SHA256	`5cd02c36195fda56132289730665209f2ec3d4be390d1985a17bd5d235105681`
SHA3	`e46494f9a36636c9af9acab963617dc011b0e5d5e91bbe0235d7ce4233acb1a2`

1 (#3)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56892`
MD5	`4c41ac8fd5d83d94e61ce6620f4487c4`
SHA1	`fb5327f240b5392359e3c384a477fd6c0a098975`
SHA256	`37190ca02d70f59fc1d38d34ea1888f5fad5bffc95dacc99a2f5cc78980620df`
SHA3	`c52790c7fdbec40c7140c9a4a1bf517e2dc76f385563661bdf3d15a257c2913f`

1 (#4)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x96`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72156`
MD5	`0598944a649da43a5825f38469cc904a`
SHA1	`934dca27d29cba1eb0af63a61aea0c58ef8eb641`
SHA256	`557dcec2027f33fb4d5931473542337deba4e92dfb1135a7d328688c71c3faa1`
SHA3	`78cebc0c8172733c83d431eefa57e563193c830a22ffb7efebc6ae4a83a35121`

2

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20172`
MD5	`a6de983a216ead058c9b2b3b4c0b4317`
SHA1	`ca2ad917abbaedc415cf2eb60bc51b93961eacf3`
SHA256	`daf8847ede76e765d7c0c4227bed3660cb4f3da1c2cb7176c96800df42e234b0`
SHA3	`4137d36258db7cebeef33fb58da34a14c35c2dfb453be5c9d6175caeab540d8b`

3

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.960953`
MD5	`0d9eb73abf7f810dd3a17b3cf0e094d5`
SHA1	`0b0f75b97636b0a87b99ede73a469712ccc1d93f`
SHA256	`3354c068580576a1bc7b92689859f50302bc850ddeacb3aa1bfa30617009a13c`
SHA3	`15e957460afaa6b2f018c655605271fbc6e1a8bfbad07e546bb1ef5f128050c1`

63

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x26`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.695987`
MD5	`2c39bf94a9395c581f275ab6d71c1dd9`
SHA1	`153a1aa53fc3013b58edb0953c53b0eb05e2882f`
SHA256	`e3b7a6ffa1b69daab4a080f2aa06b09a358ed966f2c9a1780542f438528f1516`
SHA3	`4344703532dd643d6baa1bc0307d89d5134a363b4c6af0c684b1d0dbc1e00bf2`

126

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xca6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28553`
MD5	`b0a71b86b3d9e2794d3106ffc4526533`
SHA1	`57120a48c3c5e0d1e8eed1fc0a71e7e3dc7afa79`
SHA256	`ef035254dc0d62b187e43f2ee52bbecdaed931ff4d995ecfd4f77c4e034d7592`
SHA3	`60e37d2241a6f4a8b75d137ddbd0acf8daf99f4996ced59b989a8199aecafc3f`

127

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x172`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30038`
MD5	`31ba4cb337c16dda299b59e006fecf87`
SHA1	`1b832ac7a2e27f923fc521a72f85d3b505490630`
SHA256	`577a29ec48876e55195ef058445558f0733b7796bea7ed1eabab6144c1264f72`
SHA3	`435823751326aea1330a08909b5ac40f725112d0cfcb703377562eef8e757849`

132

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x100`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05283`
MD5	`7d2beb6885f843074edfc7cd83edb321`
SHA1	`22f12211058a1da13c4b7add08d81c12b89c17d2`
SHA256	`fab330de06e051b8b8d17b7cc68c02d1ca7a19a12d836018fed2675a799768f1`
SHA3	`08cc13faf6c1e6cfd4b28ac4baa92113489fafaaba7885acce72ce45d95b87e8`

191

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x264`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12914`
MD5	`d26a9ae7c1ff5ff32142020766175b45`
SHA1	`a8af55e8824547083f13e67b817f3ad57090ff7f`
SHA256	`21d071c2c0f0c593b5fd4a8101c33120f34fddcdcee78888b321b486f2d7840f`
SHA3	`06554434b5b9625d6bab2a45340784310b52e1269e35981dd6ab3338686a15c4`

194

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09046`
MD5	`836fa5f9cba82442d1e2f0ad9da27b2b`
SHA1	`dfadd27ab3e352705cb61e274a821a83b67e2fb7`
SHA256	`ad25a46c6129a06a64a566482a07c6d6d5beff3e19f44e045c1a8a4e2e881c96`
SHA3	`2ef6bcf2407e1e4349d5f6978a93e9af56991aea6d0e13cd38c114da02a05c99`

201

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29694`
MD5	`337b84b779f910dac0c6fd15fa46017d`
SHA1	`2ff46bc77c2367db6ffb209845ccbd398c9fa215`
SHA256	`9aa87e211ba10ae31272cff4b9e988a517ff14d28da8d2396063ac24c494e6e8`
SHA3	`0fe7736ac9a176101e95f3cf2c42307395f86457afd2ca1deba8f9bf00ae9206`

207

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27711`
MD5	`f44ec3e938e56fd2821b603dabf035a1`
SHA1	`ba9b6a3efca66137583ab565a4ea89a479d21648`
SHA256	`6a1b3f84a1ce144c08b3c8fd5c8f14069704273760380459b25ae8e273187a82`
SHA3	`4df03103d47571604e28389a8d2f072afa5dd000007231905889621aa720f0da`

208

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x212`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26503`
MD5	`12721f1be451a8a32e3e92834d5c2908`
SHA1	`d0f6b1f326941fdf181cdfe04d7458841a6de063`
SHA256	`42e4c5ef9be69c9a9a4182c40a068a1344a519e5e300a984e86a8bded900d4d2`
SHA3	`ba38ec7b23a42469286f6302986fda3857102bba32958697114ea682ca56a961`

213

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79883`
MD5	`b0b66b841847d6c60922353dce970fa8`
SHA1	`0e55ad3804c259773710e428408b9722a030d402`
SHA256	`222f5e473131292334d97156b9148c7d728395418b1c98104071952faf7fd206`
SHA3	`7a04a59701f5d336ca1eee9e1ab5983c0d8ea6f2e449291659aa1de3a4d4a1bd`

219

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40523`
MD5	`fcb8f9deb56051b655ed1b8c778d2e94`
SHA1	`e3ecd9cea1040909496cf185b4667c580983bfee`
SHA256	`af10417c87c1180441904916de9287450f93ad2f0a14217640d218fbf321f984`
SHA3	`f8739710b6714e98c9160948527c53157b0fcdf8b4b90bc540a4239b2aa907a8`

1 (#5)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1 (#6)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x380`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50412`
MD5	`770f97af0ed28e5287244e905dc9818f`
SHA1	`029c51e6eabe023dd73eabb3d73f84f7609dff1f`
SHA256	`c2e1afb64e492933baea36de310eeee1f098186b23a2737214a5c2fd53f58eba`
SHA3	`ea6ffcb1eee19ec6dbc3cf512f3cfd1350c5f445f29181eb70153fa7de3f22a3`

1 (#7)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6a3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95454`
MD5	`9563a80cfee7f4d2d4e53e8cb6289eec`
SHA1	`8eb4a0803803fc4924d338cb0da14b04454c107f`
SHA256	`694b86661ffd3713ae3d8963cea501fc14422e4a43d8c049843cb150cb61c270`
SHA3	`f37f85e7b769eb97ba38324b8bf610d167ad0e56a1166c0d13ce0a8a1c0fc4e2`

String Table contents

Windows Script Host
Windows Script Host (debugging disabled)
Windows Script Host Error
Windows Script Host Input Error
This Unicode version of Windows Script Host will only execute under Windows NT.

Please use the ANSI version of Windows Script Host."
Usage:


Options:


value
wsh
Windows Script Host
Windows Script Host (debugging disabled)
Usage: CScript scriptname.extension [option...] [arguments...]

Options:
//B Batch mode: Suppresses script errors and prompts from displaying
//D Enable Active Debugging
//E:engine Use engine for executing script
//H:CScript Changes the default script host to CScript.exe
//H:WScript Changes the default script host to WScript.exe (default)
//I Interactive mode (default, opposite of //B)
//Job:xxxx Execute a WSF job
//Logo Display logo (default)
//Nologo Prevent logo display: No banner will be shown at execution time
//S Save current command line options for this user
//T:nn Time out in seconds: Maximum time a script is permitted to run
//X Execute script in debugger
//U Use Unicode for redirected I/O from the console
Usage: CScript scriptname.extension [option...] [arguments...]

Options:
//B Batch mode: Suppresses script errors and prompts from displaying
//D Enable Active Debugging
//E:engine Use engine for executing script
//H:CScript Changes the default script host to CScript.exe
//H:WScript Changes the default script host to WScript.exe (default)
//I Interactive mode (default, opposite of //B)
//Job:xxxx Execute a WSF job
//Logo Display logo (default)
//Nologo Prevent logo display: No banner will be shown at execution time
//S Save current command line options for this user
//T:nn Time out in seconds: Maximum time a script is permitted to run
//X Execute script in debugger

CScript Error
Input Error
This Unicode version of CScript will only execute under Windows NT.

Please use the ANSI version of CScript."
%1!ls!(%2!u!, %3!u!) %4!ls!: %5!ls!

Microsoft (R) Windows Script Host Version %1!u!.%2!u!
Copyright (C) Microsoft Corporation. All rights reserved.

The Windows Script Host settings have been reset to default.
Command line options are saved.
The default script host is now set to "wscript.exe".
The default script host is now set to "cscript.exe".
Successful execution of Windows Script Host.
Successful remote execution of Windows Script Host.
Script execution time was exceeded on script "%1!ls!".
Script execution was terminated.
Could not locate automation class named "%1!ls!".
Could not connect object.
Could not create object named "%1!ls!".
Initialization of the Windows Script Host failed.
Can't find script engine "%2!ls!" for script "%1!ls!".
Can't change default script host.
An attempt at saving your settings via the //S option failed.
Loading script "%1!ls!" failed (%2!ls!).
Loading your settings failed.
Execution of the Windows Script Host failed.
Unexpected error of the Windows Script Host.
Windows Script Host access is disabled on this machine. Contact your administrator for details.
Attempt to execute Windows Script Host while it is disabled.
Attempt to execute Windows Script Host remotely while remote execution is disabled.
//T option requires timeout value.
Invalid timeout value for //T option.
Unknown option "%1!ls!" specified.
Extra argument specified to option "%1!ls!".
There is no script file specified.
Command line option mismatch.
There is no file extension in "%1!ls!".
//H option requires host name.
Host name for //H option must be "cscript" or "wscript".
There is no script engine for file extension "%1!ls!".
Can not find script file "%1!ls!".
Invalid pathname.
Need -E option.
-E option requires name of script engine.
Can't read script from stdin.
//CP option requires code page value.
Invalid code page value for //CP option.
Missing job name.
Unicode is not supported on this platform.
Unable to find job "%1!ls!".
Script setting file "%1!ls!" is invalid.
Invalid #codepage directive.
Win32 Error 0x%X
%1!ls! (%2!ls!)

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.812.10240.16384
ProductVersion	5.812.10240.16384
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Microsoft ® Console Based Script Host
FileVersion (#2)	5.812.10240.16384
InternalName	cscript.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	cscript.exe
ProductName	Microsoft ® Windows Script Host
ProductVersion (#2)	5.812.10240.16384

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-May-02 20:32:56
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1b960`
PointerToRawData	`0x1a560`
Referenced File	cscript.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-May-02 20:32:56
Version	`0.0`
SizeofData	`800`
AddressOfRawData	`0x1b984`
PointerToRawData	`0x1a584`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2021-May-02 20:32:56
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1bca4`
PointerToRawData	`0x1a8a4`

TLS Callbacks

Load Configuration

Size	`0x118`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14001f1f0`
GuardCFCheckFunctionPointer	`5368810632`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x22152913`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
C objects (27412)	`17`
ASM objects (27412)	`3`
Total imports	`189`
Imports (27412)	`5`
C++ objects (27412)	`2`
269 (27412)	`38`
Exports (27412)	`1`
Resource objects (27412)	`1`
Linker (27412)	`1`

24590bf74bbbbfd7d7ac070f4e3c44fd

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

1 (#3)

1 (#4)

2

3

63

126

127

132

191

194

201

207

208

213

219

1 (#5)

1 (#6)

1 (#7)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors