2867a3817c9245f7cf518524dfd18f28

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Feb-22 05:43:22
Detected languages English - United States
Debug artifacts RegSvcs.pdb
CompanyName Microsoft Corporation
FileDescription Microsoft .NET Services Installation Utility
FileVersion 4.7.3056.0 built by: NET472REL1
InternalName RegSvcs.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename RegSvcs.exe
ProductName Microsoft® .NET Framework
ProductVersion 4.7.3056.0
Comments Flavor=Retail
PrivateBuild DDBLD402

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info The PE is digitally signed. Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA
Safe VirusTotal score: 0/67 (Scanned on 2018-09-14 01:09:08) All the AVs think this file is safe.

Hashes

MD5 2867a3817c9245f7cf518524dfd18f28
SHA1 d7ba2a111cedd5bf523224b3f1cfe58eec7c2fdc
SHA256 43026dcff238f20cff0419924486dee45178119cfdd0d366b79d67d950a9bf50
SHA3 dea07fbac5585fa656579492fdc998b843457cacf476fc44b4f21b7a8453c214
SSDeep 768:bBbSoy+SdIBf0k2dsYyV6Iq87PiU9FViaLmf:EoOIBf0ddsYy8LUjVBC
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2018-Feb-22 05:43:22
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x6400
SizeOfInitializedData 0xc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00008356 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0xa000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xe000
SizeOfHeaders 0x200
Checksum 0x122a9
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 52e3c8808ce4fc09d60c3d970e8ad64d
SHA1 32db2717ff3974842f917f5e9672f65cc43b7c33
SHA256 904cca696df8fb6cda52db4a610cb5accd3ac079124104e413cdf39e26069387
SHA3 05dbd27649acc50c639f0caf3386e53f3877994a41d231d22cc950f05be06f19
VirtualSize 0x635c
VirtualAddress 0x2000
SizeOfRawData 0x6400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.10646

.rsrc

MD5 6a973df493ca87828c3bd9aa53c20fa1
SHA1 c9c322ffaae515fc8102cc71911178de781ff43e
SHA256 2f14d26b7a598d81c1dc6ad3dba2945e85d21210b7c7cbae25ed43132958cb1e
SHA3 e98fefb505f56ffeafd0bcea88ca69a1f8ff4c4fa87a98a20a7e45790b5b3be9
VirtualSize 0x938
VirtualAddress 0xa000
SizeOfRawData 0xa00
PointerToRawData 0x6600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.36126

.reloc

MD5 15d36e316cb9f1712da33d94556e8b5b
SHA1 963b23b29f68c55404c19d5428524a88ca8ff908
SHA256 b669ae0f2b7f2634ea091b1e216d7e5294eb3974465a960fad195258ee739219
SHA3 f167a5a174fbc6c0be16c931ef19b78a096fa591eacadc13b16cae233972db7a
VirtualSize 0xc
VirtualAddress 0xc000
SizeOfRawData 0x200
PointerToRawData 0x7000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x400
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.50305
MD5 23c632b898fc82b14060bc7d63e50753
SHA1 011eb944f720678ebc9ffc562f6c4ca89de7fcf9
SHA256 2cda3b440d1224978b076765143b19c4b5ab53d2414b33d5ffa8a4a380200797
SHA3 3337d4c75f08def428de4414179081e8926f31261fdc0d289a2a252793adb767

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x494
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.69746
MD5 c9e50ca0afbc09b67f31c37fff6dd77a
SHA1 b8c591859a2d5f9c736c6afae4907b8a003f8c03
SHA256 d48dbfc67fb19651347f11b98121d3bc6aba6d5c33c84e1b40a2c5b55633d5ca
SHA3 2a45dd5aa2ba790f897c39f0dba17916066fed63d52a7be949d62b8b3f7efc21

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.7.3056.0
ProductVersion 4.0.30319.0
FileFlags VS_FF_PRIVATEBUILD
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Microsoft .NET Services Installation Utility
FileVersion (#2) 4.7.3056.0 built by: NET472REL1
InternalName RegSvcs.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename RegSvcs.exe
ProductName Microsoft® .NET Framework
ProductVersion (#2) 4.7.3056.0
Comments Flavor=Retail
PrivateBuild DDBLD402
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Feb-22 05:43:22
Version 0.0
SizeofData 36
AddressOfRawData 0x81e8
PointerToRawData 0x63e8
Referenced File RegSvcs.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->