Manalyze report for 3da437b642468eafab7cd1b9dcf2cdf838b44c63fd73dae8e3e4d06ec187c0f3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2067-Feb-26 11:36:31
Detected languages	English - United States
Debug artifacts	smartscreen.pdb
CompanyName	Microsoft Corporation
FileDescription	Windows Defender SmartScreen
FileVersion	`10.0.19041.6456 (WinBuild.160101.0800)`
InternalName	smartscreen.exe
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	smartscreen.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	`10.0.19041.6456`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: VIRUS Virus` Contains domain names: 000xxx000-harddrivefailure.xyz 2f9a87615fa3-dc1-tip.cloudapp.net 474a-87ad-2f9a87615fa3-dc1-tip.cloudapp.net 87ad-2f9a87615fa3-dc1-tip.cloudapp.net Sex-with-hot-wifes-for-fun.com api.smartscreen.microsoft.com checkappexec.microsoft.com cloudapp.net dc1-tip.cloudapp.net error-000xxx000-harddrivefailure.xyz europe.smartscreen.microsoft.com feedback.smartscreen.microsoft.com for-fun.com harddrivefailure.xyz hdunek.info hot-wifes-for-fun.com https://api.smartscreen.microsoft.com https://checkappexec.microsoft.com https://europe.smartscreen.microsoft.com https://feedback.smartscreen.microsoft.com https://feedback.smartscreen.microsoft.com/feedback.aspx?t https://nav.smartscreen.microsoft.com https://unitedkingdom.smartscreen.microsoft.com https://unitedstates.smartscreen.microsoft.com https://x.urs.microsoft.com https://x.urs.microsoft.com/ssrs.asmx?MSURS-Client-Key microsoft.com nav.smartscreen.microsoft.com smartscreen.microsoft.com tip.cloudapp.net unitedkingdom.smartscreen.microsoft.com unitedstates.smartscreen.microsoft.com urs.microsoft.com vhsvhdn-hdunek.info wifes-for-fun.com with-hot-wifes-for-fun.com x.urs.microsoft.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegCloseKey RegGetValueW RegSetKeyValueW` `Uses Windows's Native API: NtQuerySection NtCreateSection ntohs` `Uses Microsoft's cryptographic API: CryptStringToBinaryW CryptFindOIDInfo CryptUnprotectData CryptProtectData CryptMsgGetParam CryptBinaryToStringW` `Leverages the raw socket API to access the Internet: htons ntohs` `Functions related to the privilege level: OpenProcessToken` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess`
Safe	VirusTotal score: 0/71 (Scanned on 2026-04-08 17:26:05)	`All the AVs think this file is safe.`

Hashes

MD5	`729b70c3f7099783cc0b2c26431cc866`
SHA1	`bba424ebc06474c4151e940810cf1795b7d169c7`
SHA256	`3da437b642468eafab7cd1b9dcf2cdf838b44c63fd73dae8e3e4d06ec187c0f3`
SHA3	`23596466cb7ba55ff36c6e0374a209151743f4dbad61b06081996abe8ec1dd52`
SSDeep	`49152:QwYVj023ZnLfRUvAMG3XsUNQO4108vYpCbJJYMZY45q/g8r37UnxND:QtLfRKFyPr37eN`
Imports Hash	`0c5c3d59f4ed22082e9d83958a6b3c13`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2067-Feb-26 11:36:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x133c00`
SizeOfInitializedData	`0x113000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000001177C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x24b000`
SizeOfHeaders	`0x400`
Checksum	`0x253fa7`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8c7739db76abd74f9f770b3305fbfe5f`
SHA1	`dfd6cd406e4bd0ba8bd7e135573bb9544882c3c6`
SHA256	`cd24971c9f76187491d1da8109d3be822df7bd8f67670b4014e1d049a6fd9eed`
SHA3	`76e9e3e1c534ae5aa62b4026acf4f94a9a3fb2283a5c28571a4733435366dcd8`
VirtualSize	`0x133aa9`
VirtualAddress	`0x1000`
SizeOfRawData	`0x133c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22099`

.rdata

MD5	`c3e175b62b116bf74a356f31646d9874`
SHA1	`7e3e3801a598aeed8d69bcfb543e19ac94cc18e2`
SHA256	`cc2924836f1332144810c2a30307cd3eae981e44f26d4276cacc90b526a5e11f`
SHA3	`906d51c250cb0027280f282114ac15d3c6a32a5c3e9f737117790459fd26ec7f`
VirtualSize	`0x3d4f8`
VirtualAddress	`0x135000`
SizeOfRawData	`0x3d600`
PointerToRawData	`0x134000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.86091`

.data

MD5	`8a74fbb8ac93d49c5c84809b3c7f11e0`
SHA1	`6e59701b5afb5e4a6ac489f0769a319965f1a091`
SHA256	`6451a44484e16bd1029815e5c2b613d79d01cdc92f29d97446b026b1eac7c8c8`
SHA3	`ad4c527771cd9723a93ed7630ccb179bc74f38910ae158ed12759ce7233270c8`
VirtualSize	`0xc4370`
VirtualAddress	`0x173000`
SizeOfRawData	`0xc2600`
PointerToRawData	`0x171600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.96539`

.pdata

MD5	`8130acea0e2f57913b7fcdcdc04a6496`
SHA1	`58fe4aa537e58dcf263a0fe0844a5825c5452de9`
SHA256	`cc7dc50fbe7fb7d8d400fac731efe25bd58fb269812042c63c8e509c81511628`
SHA3	`203fbd33826086a06b7d8861a3aa552acf2e4675f5608de43de5c64a2f2562c8`
VirtualSize	`0xccc0`
VirtualAddress	`0x238000`
SizeOfRawData	`0xce00`
PointerToRawData	`0x233c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.99829`

.didat

MD5	`44c4084dbcd00f8d182e1625bcacc4bc`
SHA1	`5e76a0d47259385bae87dbaff495cce2469f5ea7`
SHA256	`cc1dcffef8db021831434ce446d7cfa2f8eea40501329fde714bd5fb2835dbb9`
SHA3	`0363500455b96fa42d87bc9a1b70b4a9063d76533628b6c5278440f9cbd31259`
VirtualSize	`0xc8`
VirtualAddress	`0x245000`
SizeOfRawData	`0x200`
PointerToRawData	`0x240a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.19605`

.rsrc

MD5	`766195acf97335cec5ce3a16f532db37`
SHA1	`928bd4fa4a6bc881c0539be7282e9d6df530fbb2`
SHA256	`5ccd0a96de468e49d0e64bf63f24d692218a511465eb4668e9ab325917579b8b`
SHA3	`1e72058d6a1510735d0c44e4c13072a526a1510ec4dbeb8dbb7cd59c2960b647`
VirtualSize	`0x16f0`
VirtualAddress	`0x246000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x240c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.5677`

.reloc

MD5	`45a7554f0233a0784f8863d6782343be`
SHA1	`1e3db6110e22675b88f2c73f4ec442d866ceba56`
SHA256	`fc5e5a13506aeb65a874e4fac6a9df718fd37a4a6081d95616c3feac4be8e129`
SHA3	`2aa9e4eb8676448cc70308159579e89c9c2c63b21009c636c3218c96e146daea`
VirtualSize	`0x2d1c`
VirtualAddress	`0x248000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x242400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42626`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`_get_initial_wide_environment` `_initterm` `_initterm_e` `exit` `_exit` `__p___argc` `__p___wargv` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_configure_wide_argv` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `abort` `_initialize_wide_environment` `_beginthreadex` `terminate` `_invalid_parameter_noinfo_noreturn` `_set_app_type` `_errno` `_seh_filter_exe` `_invalid_parameter_noinfo`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsnprintf_s` `__stdio_common_vswprintf` `fputc` `fwrite` `fseek` `_wfsopen` `_set_fmode` `__p__commode` `__stdio_common_vsnwprintf_s` `__stdio_common_vsprintf_s` `__stdio_common_vswprintf_s` `fgetc` `ungetc` `fclose` `_get_stream_buffer_pointers` `fflush` `setvbuf` `fsetpos` `_fseeki64` `fgetpos` `fread`
api-ms-win-crt-string-l1-1-0.dll	`towlower` `strnlen` `wcsnlen` `strcpy_s` `strcspn` `isxdigit` `iswspace` `_stricmp` `iswupper` `iswlower` `_wcsdup` `_wcsicmp` `iswascii` `tolower` `iswxdigit` `iswdigit` `toupper` `wcscmp` `isupper` `islower` `__strncnt`
api-ms-win-crt-heap-l1-1-0.dll	`_malloc_base` `_callnewh` `_calloc_base` `_set_new_mode` `_free_base` `free` `malloc` `realloc` `calloc`
ntdll.dll	`NtQuerySection` `RtlGetVersion` `NtCreateSection` `RtlIpv6AddressToStringExW` `RtlIpv4StringToAddressExW` `RtlIpv4AddressToStringExW` `RtlUnwindEx` `RtlLookupFunctionEntry` `RtlPcToFileHeader` `RtlGetDeviceFamilyInfoEnum` `RtlFreeHeap` `RtlIpv6StringToAddressExW`
api-ms-win-core-fibers-l2-1-0.dll	`DeleteFiber` `ConvertThreadToFiber` `ConvertFiberToThread` `SwitchToFiber`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleFileNameW` `LoadLibraryExW` `GetModuleHandleW` `FreeLibrary` `LoadStringW` `GetModuleFileNameA` `GetProcAddress` `SizeofResource` `LockResource` `LoadResource` `GetModuleHandleA` `GetModuleHandleExW`
api-ms-win-core-synch-l1-1-0.dll	`AcquireSRWLockExclusive` `ReleaseSRWLockExclusive` `ResetEvent` `InitializeCriticalSectionAndSpinCount` `ReleaseSRWLockShared` `WaitForSingleObjectEx` `AcquireSRWLockShared` `OpenSemaphoreW` `CreateMutexExW` `SetEvent` `ReleaseMutex` `InitializeSRWLock` `TryAcquireSRWLockExclusive` `WaitForSingleObject` `CreateSemaphoreExW` `CreateEventExW` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `ReleaseSemaphore` `CreateMutexW`
api-ms-win-core-heap-l1-1-0.dll	`GetProcessHeap` `HeapFree` `HeapAlloc`
api-ms-win-core-errorhandling-l1-1-0.dll	`RaiseException` `SetLastError` `GetLastError`
api-ms-win-core-processthreads-l1-1-0.dll	`GetExitCodeThread` `GetProcessId` `GetCurrentThreadId` `OpenProcessToken` `GetCurrentThread` `OpenThreadToken` `GetCurrentProcess` `GetCurrentProcessId` `GetProcessTimes`
api-ms-win-core-localization-l1-2-0.dll	`IdnToAscii` `SetThreadPreferredUILanguages` `GetSystemPreferredUILanguages` `GetUserPreferredUILanguages` `LCMapStringEx` `FormatMessageW` `GetLocaleInfoEx` `GetThreadPreferredUILanguages`
api-ms-win-core-debug-l1-1-0.dll	`DebugBreak` `IsDebuggerPresent` `OutputDebugStringW`
api-ms-win-core-handle-l1-1-0.dll	`DuplicateHandle` `CloseHandle`
api-ms-win-core-fibers-l1-1-0.dll	`FlsAlloc` `FlsGetValue` `FlsFree` `FlsSetValue`
api-ms-win-eventing-provider-l1-1-0.dll	`EventWriteTransfer` `EventRegister` `EventSetInformation` `EventUnregister` `EventProviderEnabled`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsStringHasEmbeddedNull` `WindowsCreateString` `WindowsDeleteString` `WindowsIsStringEmpty` `WindowsDuplicateString` `WindowsCreateStringReference` `WindowsGetStringRawBuffer`
api-ms-win-core-com-l1-1-0.dll	`CoReleaseMarshalData` `CoCreateInstance` `StringFromGUID2` `CoWaitForMultipleObjects` `CoCreateFreeThreadedMarshaler` `CreateStreamOnHGlobal` `CoDecrementMTAUsage` `CoMarshalInterface` `CoTaskMemAlloc` `CoResumeClassObjects` `CoRegisterClassObject` `PropVariantClear` `CoRevokeClassObject` `CoAddRefServerProcess` `CoReleaseServerProcess` `CoCreateGuid` `CoTaskMemRealloc` `CoInitializeSecurity` `CoIncrementMTAUsage` `CoImpersonateClient` `CoTaskMemFree` `CoGetCallContext` `CoRevertToSelf`
api-ms-win-core-synch-l1-2-0.dll	`InitializeConditionVariable` `SleepConditionVariableCS` `SleepConditionVariableSRW` `InitOnceExecuteOnce` `WakeAllConditionVariable` `WakeConditionVariable` `Sleep`
api-ms-win-core-winrt-l1-1-0.dll	`RoUninitialize` `RoGetActivationFactory` `RoRevokeActivationFactories` `RoRegisterActivationFactories` `RoInitialize` `RoActivateInstance`
api-ms-win-core-winrt-error-l1-1-0.dll	`RoOriginateErrorW` `RoTransformError` `GetRestrictedErrorInfo` `SetRestrictedErrorInfo` `RoOriginateError`
api-ms-win-core-util-l1-1-0.dll	`EncodePointer` `DecodePointer`
api-ms-win-core-string-l1-1-0.dll	`CompareStringOrdinal` `GetStringTypeW` `WideCharToMultiByte` `MultiByteToWideChar`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-2-0.dll	`GetSystemTimePreciseAsFileTime`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemInfo` `GetSystemDirectoryW` `GetSystemTimeAsFileTime` `GetVersionExW` `GetTickCount`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
combase.dll	`#69`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_locale_name_func` `_configthreadlocale` `___lc_codepage_func` `___mb_cur_max_func` `localeconv` `__pctype_func` `_unlock_locales` `_lock_locales` `setlocale`
api-ms-win-crt-convert-l1-1-0.dll	`_i64toa_s` `_itow_s` `wcstol` `wcstoll` `wcstod` `_ui64tow_s` `_i64tow_s` `_ui64toa_s` `wcstoull`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-math-l1-1-0.dll	`log2` `ceil` `frexp` `ceilf`
api-ms-win-crt-utility-l1-1-0.dll	`rand_s`
bcrypt.dll	`BCryptHashData` `BCryptOpenAlgorithmProvider` `BCryptCreateHash` `BCryptFinishHash` `BCryptDestroyHash` `BCryptGenRandom` `BCryptCloseAlgorithmProvider`
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	`PathFindExtensionW` `PathFileExistsW` `PathFindFileNameW`
api-ms-win-core-fibers-l2-1-1.dll	`CreateFiberEx`
api-ms-win-core-threadpool-l1-2-0.dll	`CreateThreadpoolTimer` `CreateThreadpoolWork` `WaitForThreadpoolWorkCallbacks` `SetThreadpoolThreadMaximum` `CreateThreadpool` `CloseThreadpool` `SubmitThreadpoolWork` `CloseThreadpoolWork` `SetThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `CloseThreadpoolTimer`
api-ms-win-core-file-l1-1-0.dll	`FindFirstFileW` `GetDriveTypeW` `GetFileAttributesW` `GetFileSizeEx` `GetLongPathNameW` `DeleteFileW` `SetEndOfFile` `SetFilePointerEx` `CreateFileW` `FindClose` `FindNextFileW` `GetFinalPathNameByHandleW`
api-ms-win-core-fibers-l1-1-1.dll	`IsThreadAFiber`
CRYPT32.dll	`CryptStringToBinaryW` `CryptFindOIDInfo` `CertFreeCertificateContext` `CertVerifyCertificateChainPolicy` `CertGetCertificateChain` `CertFreeCertificateChain` `CertGetCertificateContextProperty` `CertGetNameStringW` `CryptUnprotectData` `CryptProtectData` `CryptMsgGetParam` `CryptBinaryToStringW`
api-ms-win-core-com-l1-1-1.dll	`RoGetAgileReference`
api-ms-win-core-processthreads-l1-1-1.dll	`GetProcessMitigationPolicy` `OpenProcess`
api-ms-win-security-base-l1-1-0.dll	`ImpersonateLoggedOnUser` `GetTokenInformation` `GetLengthSid` `RevertToSelf` `CopySid`
api-ms-win-eventing-classicprovider-l1-1-0.dll	`TraceMessage`
api-ms-win-core-path-l1-1-0.dll	`PathCchStripToRoot` `PathAllocCombine` `PathCchRemoveFileSpec` `PathCchFindExtension` `PathAllocCanonicalize` `PathCchIsRoot`
api-ms-win-core-heap-l2-1-0.dll	`LocalAlloc` `LocalFree`
api-ms-win-core-psapi-l1-1-0.dll	`QueryFullProcessImageNameW`
WS2_32.dll	`htons` `ntohs`
api-ms-win-core-registry-l1-1-0.dll	`RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `RegGetValueW` `RegOpenCurrentUser`
api-ms-win-core-registry-l1-1-1.dll	`RegSetKeyValueW`
api-ms-win-core-processenvironment-l1-1-0.dll	`ExpandEnvironmentStringsW`
api-ms-win-core-version-l1-1-1.dll	`GetFileVersionInfoW` `GetFileVersionInfoSizeW`
api-ms-win-core-version-l1-1-0.dll	`VerQueryValueW`
api-ms-win-core-memory-l1-1-0.dll	`OpenFileMappingW` `MapViewOfFile` `CreateFileMappingW` `UnmapViewOfFile`
api-ms-win-security-lsalookup-l2-1-0.dll	`LookupAccountSidW`
api-ms-win-security-sddl-l1-1-0.dll	`ConvertSidToStringSidW`
api-ms-win-core-libraryloader-l1-2-1.dll	`FindResourceW`
api-ms-win-core-winrt-robuffer-l1-1-0.dll	`RoGetBufferMarshaler`
api-ms-win-core-featurestaging-l1-1-0.dll	`SubscribeFeatureStateChangeNotification` `RecordFeatureUsage` `UnsubscribeFeatureStateChangeNotification`
api-ms-win-shell-shdirectory-l1-1-0.dll	`#290`
api-ms-win-shcore-taskpool-l1-1-0.dll	`SHTaskPoolAllowThreadReuse` `SHTaskPoolQueueTask`
api-ms-win-rtcore-ntuser-window-l1-1-0.dll	`AllowSetForegroundWindow`
api-ms-win-shcore-stream-winrt-l1-1-0.dll	`CreateStreamOverRandomAccessStream`
api-ms-win-core-url-l1-1-0.dll	`PathIsURLW`
urlmon.dll	`CoInternetCreateSecurityManager`
api-ms-win-appmodel-runtime-l1-1-0.dll	`GetPackageFullName` `GetPackagesByPackageFamily`
WINTRUST.dll	`WinVerifyTrust` `WTGetSignatureInfo` `WTHelperProvDataFromStateData` `WTHelperGetProvSignerFromChain`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
api-ms-win-core-apiquery-l1-1-0.dll	`ApiSetQueryApiSetPresence`
wkscli.dll (delay-loaded)	`NetGetJoinInformation`

Delayed Imports

Attributes	`0x1`
Name	`wkscli.dll`
ModuleHandle	`0x235d48`
DelayImportAddressTable	`0x2450b8`
DelayImportNameTable	`0x16eb80`
BoundDelayImportTable	`0x16ed08`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80038`
MD5	`de1fb18446f43b0f38c8af45c0beab49`
SHA1	`774730c363a62f62a86c5462651207f083104a7c`
SHA256	`5aa7594850c57349e9499972311bfa8018e6584b43bbfda2e0620258a7ced1a1`
SHA3	`4f7b19817afc395813ea58a463920b60f08db2f9826acd250727efb6ec7d7d49`

1 (#2)

Type	`WEVT_TEMPLATE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1132`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69667`
MD5	`870706d1c374bf1e4a7d75bb12d1a76a`
SHA1	`ad4613f60f89943242e936e15541ec5a79be77de`
SHA256	`faac556adca1375d3087fdb4dda5a60f69b5b92c504e98306a7a6916b5aede05`
SHA3	`e03f4e5749eaf091f268d71bf7eb04b3bd2291655cae914067348919de200567`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4956`
MD5	`d77d2a9c723956517fe9951e4252e216`
SHA1	`445aee5487017c489d82734cb38722e0f43f2e02`
SHA256	`2c29c3587ffe2379aacf3748d511217325fa659dffb6e7a8c9fa1f6a3293803f`
SHA3	`dfa372127c5f570bb010745e168e075e82b951a26475ddf00cbb69314ffaba94`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.19041.6456
ProductVersion	10.0.19041.6456
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows Defender SmartScreen
FileVersion (#2)	10.0.19041.6456 (WinBuild.160101.0800)
InternalName	smartscreen.exe
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	smartscreen.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion (#2)	10.0.19041.6456

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2067-Feb-26 11:36:31
Version	`0.0`
SizeofData	`40`
AddressOfRawData	`0x1503f0`
PointerToRawData	`0x14f3f0`
Referenced File	smartscreen.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2067-Feb-26 11:36:31
Version	`0.0`
SizeofData	`1336`
AddressOfRawData	`0x150418`
PointerToRawData	`0x14f418`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2067-Feb-26 11:36:31
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x150950`
PointerToRawData	`0x14f950`

TLS Callbacks

StartAddressOfRawData	`0x140150998`
EndAddressOfRawData	`0x1401509a8`
AddressOfIndex	`0x140235d40`
AddressOfCallbacks	`0x140140700`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x118`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140179590`
GuardCFCheckFunctionPointer	`5370020872`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x22e09ef`
Unmarked objects	`0`
Imports (27412)	`6`
C objects (27412)	`21`
ASM objects (27412)	`8`
Imports (VS2008 SP1 build 30729)	`169`
Total imports	`544`
C objects (LTCG) (27412)	`179`
C++ objects (27412)	`58`
Resource objects (27412)	`1`
Linker (27412)	`1`

Errors

Leave a comment

No comments yet.