Manalyze report for 3447c113689f88677e677ca798431c27

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2105-Sep-27 21:24:24
Detected languages	English - United States
Debug artifacts	smartscreen.pdb
CompanyName	Microsoft Corporation
FileDescription	SmartScreen
FileVersion	`10.0.15063.0 (WinBuild.160101.0800)`
InternalName	smartscreen.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	smartscreen.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.15063.0`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	Contains domain names: 2f9a87615fa3-dc1-tip.cloudapp.net 474a-87ad-2f9a87615fa3-dc1-tip.cloudapp.net 87ad-2f9a87615fa3-dc1-tip.cloudapp.net api.smartscreen.microsoft.com ars.smartscreen.microsoft.com cdp1.public-trust.com cloudapp.net crl.microsoft.com cybertrust.omniroot.com dc1-tip.cloudapp.net feedback.smartscreen.microsoft.com http://cdp1.public-trust.com http://cdp1.public-trust.com/CRL/Omniroot2025.crl0 http://crl.microsoft.com http://crl.microsoft.com/pki/mscorp/crl/msitwww2.crl0p http://cybertrust.omniroot.com http://cybertrust.omniroot.com/repository.cfm0 http://mscrl.microsoft.com http://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl http://ocsp.msocsp.com0 http://ocsp.omniroot.com http://ocsp.omniroot.com/baltimoreroot0 http://www.microsoft.com http://www.microsoft.com/pki/mscorp/cps http://www.microsoft.com/pki/mscorp/msitwww2.crt0 https://api.smartscreen.microsoft.com https://api.smartscreen.microsoft.com/windows/system https://ars.smartscreen.microsoft.com https://ars.smartscreen.microsoft.com/windows/shell https://feedback.smartscreen.microsoft.com https://feedback.smartscreen.microsoft.com/feedback.aspx?t https://urs.smartscreen.microsoft.com https://urs.smartscreen.microsoft.com/windows/browser/edge microsoft.com mscrl.microsoft.com ocsp.omniroot.com omniroot.com public-trust.com smartscreen.microsoft.com tip.cloudapp.net trust.com urs.smartscreen.microsoft.com www.microsoft.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .didat`
Malicious	The PE contains functions mostly used by malware.	`Can access the registry: RegCloseKey RegGetValueW RegQueryValueExW RegOpenKeyExW RegSetKeyValueW` `Uses Microsoft's cryptographic API: CryptFindOIDInfo CryptMsgGetParam CryptImportPublicKeyInfoEx2 CryptDecodeObjectEx CryptProtectData CryptUnprotectData CryptBinaryToStringW CryptStringToBinaryW` `Leverages the raw socket API to access the Internet: WSAGetLastError InetPtonW InetNtopW` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess` `Interacts with the certificate store: CertSaveStore CertOpenStore`
Safe	VirusTotal score: 0/72 (Scanned on 2020-04-26 08:58:47)	`All the AVs think this file is safe.`

Hashes

MD5	`3447c113689f88677e677ca798431c27`
SHA1	`f1731009e26093f2155f258379f18540eefce739`
SHA256	`d2e44e1451548a136b84d04a755fe91690f0e14562fe466ca21ed8e9c4726bfe`
SHA3	`7b2adc28cc3260815e3b46877711be67c085a46c9e1fc85720fd523c506044d2`
SSDeep	`49152:Tbiq63bapfrdVjxB3C8MC8h8DUxWH5h/3DMrT:L6L81h/3K`
Imports Hash	`d4d1fd3a5782606d4c31cd97b2d61bc1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2105-Sep-27 21:24:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x147000`
SizeOfInitializedData	`0x154000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000012AF70 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x7ff7e5b40000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x29e000`
SizeOfHeaders	`0x400`
Checksum	`0x2a13cd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4dfd152729b4563da9e63f4a5c209127`
SHA1	`1087be894b649ac2a52bafb53a255f3eab4e066d`
SHA256	`52cc8536bdcb9a506fbd85025d4f08a7ae89db8e950949b7115072816d827584`
SHA3	`436fa66d93bf92398cfc2d8bb54d44a6ac2fda70c3c8d5b67040eb31779720f1`
VirtualSize	`0x146e65`
VirtualAddress	`0x1000`
SizeOfRawData	`0x147000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.90699`

.rdata

MD5	`45553be145fbc5c01fc0a8e18d05054e`
SHA1	`c5d4339b85f113497a1e0a45dcc38c6793f62add`
SHA256	`b025a853e3ce28eb1a718540759438d6e4fcd82cc6dd90d95af8a0c64464055d`
SHA3	`c30937a80296978ed92ba9d3e6baa210dbe1d1c9da145b5be1d051ce371f60f5`
VirtualSize	`0x9cc1a`
VirtualAddress	`0x148000`
SizeOfRawData	`0x9ce00`
PointerToRawData	`0x147400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.66509`

.data

MD5	`797e346eb0401675689cb3d8da268f86`
SHA1	`72e1eddf8840d5f54f5d47d79e8aaebf704e9086`
SHA256	`c1c2239d8ee8720c6fce695d0f544b6b76bb610aa020fefa06815e52eb831c87`
SHA3	`b6f53682c0f0ad41d45fde0b2ac6bf64e0686601e931d855d3399f8af01cea28`
VirtualSize	`0x9bde0`
VirtualAddress	`0x1e5000`
SizeOfRawData	`0x9b400`
PointerToRawData	`0x1e4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.34305`

.pdata

MD5	`30da5bd7ca9e9de70d1d64574f30f85d`
SHA1	`89991a4bbe3a43c5b38ae65a0103e09db0fb470d`
SHA256	`3e9b4babbd6726693cbb1d437491a085765f20ff74745c62cc7e0b2e201cc65f`
SHA3	`070f3c35e9f97bb06264d7c569f9efd5e7ee5fe639b98a8bd7372a755ec201c7`
VirtualSize	`0x17bb0`
VirtualAddress	`0x281000`
SizeOfRawData	`0x17c00`
PointerToRawData	`0x27f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.35286`

.didat

MD5	`a68def915e4bac01cf874efda3773eaf`
SHA1	`49d9b96c5a294adc87ad63967aec53bbfc53b4aa`
SHA256	`70d5c9d34985049501d4e5bf772bde92d4d459ab2553b8838217e35b58951e4a`
SHA3	`262bed1cd157a5d151157c325dd94350c675a37025c193718dd4b62b4b83c990`
VirtualSize	`0xf0`
VirtualAddress	`0x299000`
SizeOfRawData	`0x200`
PointerToRawData	`0x297200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.84047`

.rsrc

MD5	`3306ad61d696a5cf6c699f14813222cf`
SHA1	`7d7e440d98401482c50c7124dd41ef68799c282a`
SHA256	`aeaab9ab1867f3c725a773c21bf65ab9929e2c57394407578eb2d3961184259c`
SHA3	`667ab41d32b3c9884b11c6acac418b9c93b0855d60e3bf5376f3dbd0c29df6a7`
VirtualSize	`0x510`
VirtualAddress	`0x29a000`
SizeOfRawData	`0x600`
PointerToRawData	`0x297400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.91173`

.reloc

MD5	`4072783b8efb99a9e5817067d68f61c6`
SHA1	`7cb41fea50720b48be0c145e1473982b23e9ab77`
SHA256	`f3cc103136423a57975750907ebc1d367e2985ac6338976d4d5a439f50323f4a`
SHA3	`d81e93d78ee49e5510f5070123ead131699cce4f302a7573a3a68249f08c2499`
VirtualSize	`0x2e64`
VirtualAddress	`0x29b000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x297a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

msvcp_win.dll	`??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z` `?__ExceptionPtrAssign@@YAXPEAXPEBX@Z` `?__ExceptionPtrToBool@@YA_NPEBX@Z` `?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z` `?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z` `?_XGetLastError@std@@YAXXZ` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z` `_Xtime_get_ticks` `?_Random_device@std@@YAIXZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z` `?exceptions@ios_base@std@@QEAAXH@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?_Xinvalid_argument@std@@YAXPEBD@Z` `?is@?$ctype@G@std@@QEBA_NFG@Z` `??1_Locinfo@std@@QEAA@XZ` `??0_Locinfo@std@@QEAA@PEBD@Z` `??1facet@locale@std@@MEAA@XZ` `??0facet@locale@std@@IEAA@_K@Z` `?id@?$collate@G@std@@2V0locale@2@A` `_Wcsxfrm` `_Wcscoll` `?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z` `?tolower@?$ctype@G@std@@QEBAGG@Z` `?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z` `??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ` `?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?_Winerror_message@std@@YAKKPEADK@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z` `?uncaught_exception@std@@YA_NXZ` `?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z` `?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ` `??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z` `?_Winerror_map@std@@YAHH@Z` `?_Syserror_map@std@@YAPEBDH@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z` `??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??Bid@locale@std@@QEAA_KXZ` `??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ` `??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ` `?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z` `?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z` `?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z` `_Unlock_shared_ptr_spin_lock` `_Lock_shared_ptr_spin_lock` `?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ` `?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z` `?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ` `?__ExceptionPtrRethrow@@YAXPEBX@Z` `??0task_continuation_context@Concurrency@@AEAA@XZ` `_Cnd_wait` `?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ` `?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z` `?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ` `?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z` `?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z` `?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z` `?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ` `?_ReportUnobservedException@details@Concurrency@@YAXXZ` `?__ExceptionPtrCreate@@YAXPEAX@Z` `?__ExceptionPtrCurrentException@@YAXPEAX@Z` `?__ExceptionPtrCopy@@YAXPEAXPEBX@Z` `?__ExceptionPtrDestroy@@YAXPEAX@Z` `?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ` `?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A` `?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z` `?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z` `??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z` `?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z` `?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z` `?_Incref@facet@locale@std@@UEAAXXZ` `??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ` `??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `_Cnd_destroy_in_situ` `?_Xout_of_range@std@@YAXPEBD@Z` `_Cnd_init_in_situ` `?id@?$ctype@G@std@@2V0locale@2@A` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `_Cnd_broadcast` `?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `??0_Lockit@std@@QEAA@H@Z` `??1_Lockit@std@@QEAA@XZ` `?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z` `?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ` `?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ` `?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ` `?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z` `?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z` `?_BADOFF@std@@3_JB` `_Mtx_init_in_situ` `_Mtx_destroy_in_situ` `?_Xbad_function_call@std@@YAXXZ` `_Mtx_unlock` `?_Throw_C_error@std@@YAXH@Z` `??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ` `_Mtx_lock` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xbad_alloc@std@@YAXXZ`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm` `_initterm_e` `_c_exit` `_register_thread_local_exe_atexit_callback`
api-ms-win-crt-private-l1-1-0.dll	`_o__i64tow_s` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__invalid_parameter_noinfo` `_o__invalid_parameter_noinfo_noreturn` `_o__lock_file` `_o__purecall` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `_o__stricmp` `_o__ui64toa_s` `_o__ui64tow_s` `_o__unlock_file` `_o__wcsicmp` `memcpy` `_o_ceil` `_o_exit` `_o_fclose` `_o_fflush` `_o_fgetc` `_o_fgetpos` `_o_fputc` `_o_free` `_o_fsetpos` `_o_fwrite` `_o_iswspace` `_o_isxdigit` `_o_log2` `_o_malloc` `_o_memset` `_o_realloc` `_o_setvbuf` `_o_terminate` `_o_toupper` `_o_ungetc` `_o_wcstod` `_o_wcstoull` `__C_specific_handler` `_CxxThrowException` `_o__i64toa_s` `_o__exit` `_o__errno` `_o__get_stream_buffer_pointers` `_o__crt_atexit` `_o__configure_wide_argv` `_o__configthreadlocale` `_o__cexit` `_o__callnewh` `_o__get_initial_wide_environment` `_o___stdio_common_vswprintf_s` `_o___stdio_common_vswprintf` `_o___stdio_common_vsprintf_s` `_o___stdio_common_vsnwprintf_s` `_o___stdio_common_vsnprintf_s` `_o___std_exception_destroy` `_o___std_exception_copy` `_o__fseeki64` `_o___p__commode` `_o___p___wargv` `_o___p___argc` `__std_type_info_compare` `__std_terminate` `memmove` `__CxxFrameHandler3` `memcmp` `strchr`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleFileNameW` `LockResource` `GetModuleFileNameA` `GetModuleHandleExW` `FreeLibrary` `LoadResource` `FreeLibraryAndExitThread` `GetModuleHandleA` `SizeofResource` `GetModuleHandleW` `GetProcAddress`
api-ms-win-core-synch-l1-2-0.dll	`WaitForSingleObjectEx` `OpenSemaphoreW` `CreateMutexExW` `CreateEventExW` `AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `InitOnceInitialize` `ReleaseSRWLockShared` `ReleaseMutex` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `WaitForSingleObject` `SetEvent` `ResetEvent` `CreateEventW` `CreateMutexW` `ReleaseSemaphore` `AcquireSRWLockShared` `InitializeSRWLock` `InitOnceExecuteOnce` `CreateSemaphoreExW` `Sleep`
api-ms-win-core-heap-l1-2-0.dll	`HeapAlloc` `GetProcessHeap` `HeapFree`
api-ms-win-core-errorhandling-l1-1-1.dll	`SetUnhandledExceptionFilter` `GetLastError` `SetLastError` `RaiseException` `UnhandledExceptionFilter`
api-ms-win-core-processthreads-l1-1-2.dll	`IsProcessorFeaturePresent` `OpenProcess` `GetProcessId` `GetCurrentProcessId` `GetCurrentThreadId` `TlsFree` `OpenProcessToken` `GetCurrentThread` `TlsAlloc` `GetCurrentProcess` `TerminateProcess` `CreateThread` `TlsSetValue` `OpenThreadToken`
api-ms-win-core-localization-l1-2-1.dll	`GetUserPreferredUILanguages` `FormatMessageW` `GetSystemPreferredUILanguages` `SetThreadPreferredUILanguages` `GetThreadPreferredUILanguages` `GetLocaleInfoEx`
api-ms-win-core-debug-l1-1-1.dll	`IsDebuggerPresent` `OutputDebugStringW`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsDuplicateString` `WindowsGetStringRawBuffer` `WindowsStringHasEmbeddedNull` `WindowsIsStringEmpty` `WindowsDeleteString` `WindowsCreateString` `WindowsCreateStringReference`
api-ms-win-core-com-l1-1-1.dll	`CoCreateFreeThreadedMarshaler` `CoTaskMemFree` `RoGetAgileReference` `CoResumeClassObjects` `PropVariantClear` `CoInitializeEx` `CLSIDFromString` `CoCreateGuid` `CoRegisterClassObject` `CoImpersonateClient` `CoGetCallContext` `CoReleaseMarshalData` `CoTaskMemAlloc` `CoDecrementMTAUsage` `CoMarshalInterface` `CreateStreamOnHGlobal` `CoIncrementMTAUsage` `CoInitializeSecurity` `CoReleaseServerProcess` `CoAddRefServerProcess` `CoUninitialize` `CoWaitForMultipleHandles` `CoRevokeClassObject` `StringFromGUID2` `CoCreateInstance`
api-ms-win-core-winrt-l1-1-0.dll	`RoUninitialize` `RoRegisterActivationFactories` `RoGetActivationFactory` `RoActivateInstance` `RoRevokeActivationFactories` `RoInitialize`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoOriginateError` `SetRestrictedErrorInfo` `GetRestrictedErrorInfo` `RoTransformError` `RoOriginateErrorW`
api-ms-win-core-util-l1-1-0.dll	`DecodePointer` `EncodePointer`
api-ms-win-security-base-l1-2-0.dll	`GetLengthSid` `CopySid` `ImpersonateLoggedOnUser` `GetTokenInformation` `RevertToSelf`
api-ms-win-core-rtlsupport-l1-2-0.dll	`RtlVirtualUnwind` `RtlCaptureContext` `RtlLookupFunctionEntry`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-2-1.dll	`GetVersionExW` `GetSystemTimeAsFileTime` `GetSystemInfo` `GetTickCount`
api-ms-win-core-interlocked-l1-2-0.dll	`InitializeSListHead`
api-ms-win-shcore-thread-l1-1-0.dll	`SHSetThreadRef` `SHCreateThreadRef`
combase.dll	`#69`
api-ms-win-crt-string-l1-1-0.dll	`strnlen` `wcsnlen` `strcmp`
api-ms-win-eventing-provider-l1-1-0.dll	`EventWriteTransfer` `EventRegister` `EventSetInformation` `EventUnregister`
bcrypt.dll	`BCryptGetProperty` `BCryptGenRandom` `BCryptCloseAlgorithmProvider` `BCryptDestroyHash` `BCryptFinishHash` `BCryptCreateHash` `BCryptHashData` `BCryptOpenAlgorithmProvider` `BCryptDestroyKey` `BCryptVerifySignature`
CRYPT32.dll	`CryptFindOIDInfo` `CryptMsgGetParam` `CertGetCertificateContextProperty` `CertFreeCertificateContext` `CertDuplicateCertificateContext` `CertSaveStore` `CertFindCertificateInStore` `CertDuplicateStore` `CertOpenStore` `CertVerifyCertificateChainPolicy` `CertGetCertificateChain` `CertFreeCertificateChain` `CryptImportPublicKeyInfoEx2` `CryptDecodeObjectEx` `CryptProtectData` `CryptUnprotectData` `CertGetNameStringW` `CryptBinaryToStringW` `CertCloseStore` `CryptStringToBinaryW`
api-ms-win-core-heap-l2-1-0.dll	`LocalFree`
api-ms-win-core-registry-l1-1-0.dll	`RegOpenCurrentUser` `RegCloseKey` `RegGetValueW` `RegQueryValueExW` `RegOpenKeyExW`
api-ms-win-core-registry-l1-1-1.dll	`RegSetKeyValueW`
api-ms-win-core-processenvironment-l1-2-0.dll	`ExpandEnvironmentStringsW`
api-ms-win-security-sddl-l1-1-0.dll	`ConvertSidToStringSidW`
api-ms-win-core-threadpool-l1-2-0.dll	`TrySubmitThreadpoolCallback` `CreateThreadpoolTimer` `WaitForThreadpoolWorkCallbacks` `SetThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `CloseThreadpool` `CreateThreadpool` `SetThreadpoolThreadMinimum` `SetThreadpoolThreadMaximum` `CreateThreadpoolWork` `CloseThreadpoolTimer` `CallbackMayRunLong` `FreeLibraryWhenCallbackReturns` `SubmitThreadpoolWork` `CloseThreadpoolWork`
api-ms-win-core-synch-l1-2-1.dll	`CreateSemaphoreW`
api-ms-win-core-string-l1-1-0.dll	`CompareStringOrdinal` `WideCharToMultiByte`
api-ms-win-appmodel-runtime-l1-1-1.dll	`GetPackagesByPackageFamily` `GetPackageFullName`
api-ms-win-rtcore-ntuser-window-l1-1-0.dll	`TranslateMessage` `AllowSetForegroundWindow` `PostThreadMessageW` `DispatchMessageW` `PeekMessageW`
api-ms-win-rtcore-ntuser-synch-l1-1-0.dll	`MsgWaitForMultipleObjectsEx`
msdelta.dll	`DeltaFree` `ApplyDeltaB`
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	`PathFindFileNameW` `PathFileExistsW`
api-ms-win-core-fibers-l2-1-1.dll	`DeleteFiber` `ConvertFiberToThread` `ConvertThreadToFiber` `CreateFiberEx` `SwitchToFiber`
api-ms-win-core-path-l1-1-0.dll	`PathCchStripToRoot` `PathAllocCanonicalize` `PathCchRemoveFileSpec` `PathCchIsRoot` `PathAllocCombine`
api-ms-win-core-file-l1-2-1.dll	`SetFileInformationByHandle` `GetFinalPathNameByHandleW` `SetEndOfFile` `CreateFileW` `GetLongPathNameW` `GetFileSizeEx` `GetDriveTypeW` `SetFilePointerEx`
api-ms-win-core-psapi-l1-1-0.dll	`QueryFullProcessImageNameW`
api-ms-win-core-fibers-l1-1-1.dll	`IsThreadAFiber`
WS2_32.dll	`WSAGetLastError` `InetPtonW` `InetNtopW`
RPCRT4.dll	`UuidFromStringW`
api-ms-win-core-version-l1-1-1.dll	`GetFileVersionInfoW` `GetFileVersionInfoSizeW`
api-ms-win-core-version-l1-1-0.dll	`VerQueryValueW`
api-ms-win-core-memory-l1-1-2.dll	`MapViewOfFile` `OpenFileMappingW` `CreateFileMappingW` `UnmapViewOfFile`
api-ms-win-core-libraryloader-l1-2-2.dll	`FindResourceW`
api-ms-win-core-delayload-l1-1-1.dll	`DelayLoadFailureHook` `ResolveDelayLoadedAPI`
chakra.dll	`JsDisposeRuntime` `JsGetPropertyIdFromName` `JsGetValueType` `JsCreateContext` `JsCreateRuntime` `JsEnableRuntimeExecution` `JsDisableRuntimeExecution` `JsConstructObject` `JsRunScript` `JsSetPromiseContinuationCallback` `JsCreateObject` `JsSetObjectBeforeCollectCallback` `JsCreateFunction` `JsSetException` `JsNumberToInt` `JsGetAndClearException` `JsHasProperty` `#400` `JsCreateError` `JsPointerToString` `JsCallFunction` `JsSetProperty` `JsGetGlobalObject` `JsGetCurrentContext` `JsSetCurrentContext` `JsRelease` `JsAddRef` `JsStringToPointer` `JsGetProperty`
api-ms-win-core-apiquery-l1-1-0.dll	`ApiSetQueryApiSetPresence`
ntdll.dll	`RtlGetDeviceFamilyInfoEnum`
api-ms-win-shell-shdirectory-l1-1-0.dll	`#290`
WINTRUST.dll	`WinVerifyTrust` `WTGetSignatureInfo` `WTHelperGetProvSignerFromChain` `WTHelperProvDataFromStateData`
api-ms-win-security-lsalookup-l2-1-1.dll	`LookupAccountSidW`
api-ms-win-core-winrt-robuffer-l1-1-0.dll	`RoGetBufferMarshaler`
ext-ms-win-devmgmt-policy-l1-1-0.dll (delay-loaded)	`PolicyManager_FreeStringValue` `PolicyManager_GetPolicyString` `PolicyManager_IsPolicySetByMobileDeviceManager` `PolicyManager_GetPolicyInt`

Delayed Imports

Attributes	`0x1`
Name	`ext-ms-win-devmgmt-policy-l1-1-0.dll`
ModuleHandle	`0x2809f0`
DelayImportAddressTable	`0x299058`
DelayImportNameTable	`0x1def38`
BoundDelayImportTable	`0x1df188`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68683`
MD5	`2c33693b9994e5f8db30edf6d1496b5a`
SHA1	`11b510f86cc9bd6328e0fd3b6500af1d45c763c0`
SHA256	`00b03cee5cc328a99a0a345e5836098fd94601a22ff3a4ecb5015ded5b19abc5`
SHA3	`e3fb712fede2e21758d2365e8e4020cf9ba80b77ac2a3acaca34b7b607c98964`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42957`
MD5	`1c47cb25427e440b203e945297338640`
SHA1	`83bdd686e321330f7e13c72e5fefbed0b7c4541e`
SHA256	`184efe378a5c142bc31f08bb512f14ed9a7fc14bcc2e0674280e0a45616df7a4`
SHA3	`fbf4abc426e6dce91970f5fda985f8a0738f3a6700e56468e433dd12e7e9e902`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.15063.0
ProductVersion	10.0.15063.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	SmartScreen
FileVersion (#2)	10.0.15063.0 (WinBuild.160101.0800)
InternalName	smartscreen.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	smartscreen.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.15063.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2105-Sep-27 21:24:24
Version	`0.0`
SizeofData	`40`
AddressOfRawData	`0x18d1b4`
PointerToRawData	`0x18c5b4`
Referenced File	smartscreen.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2105-Sep-27 21:24:24
Version	`0.0`
SizeofData	`1280`
AddressOfRawData	`0x18d1dc`
PointerToRawData	`0x18c5dc`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2105-Sep-27 21:24:24
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x7ff7e5ccd700`
EndAddressOfRawData	`0x7ff7e5ccd70c`
AddressOfIndex	`0x7ff7e5dc09e8`
AddressOfCallbacks	`0x7ff7e5c93d80`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xf4`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x7ff7e5d2c020`
GuardCFCheckFunctionPointer	`140702688820280`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x37de01c1`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`118`
C objects (24610)	`13`
ASM objects (24610)	`4`
C++ objects (24610)	`34`
Total imports	`1566`
Imports (24610)	`9`
265 (24610)	`85`
253 (24610)	`1`
Resource objects (24610)	`1`
Linker (24610)	`1`

3447c113689f88677e677ca798431c27

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.didat

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors