3f9bede7ea578a950f506d067568c366

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Jun-13 14:19:44
Debug artifacts D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
CompanyName IEPSCalculator
FileDescription IEPSCalculator
FileVersion 1.0.0.0
InternalName IEPSCalculator.dll
LegalCopyright
OriginalFilename IEPSCalculator.dll
ProductName IEPSCalculator
ProductVersion 1.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • go.microsoft.com
  • https://aka.ms
  • https://go.microsoft.com
  • https://go.microsoft.com/fwlink/?linkid
  • microsoft.com
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
 Can access the registry:
  • RegOpenKeyExW
  • RegGetValueW
  • RegCloseKey
 Possibly launches other programs:
  • ShellExecuteW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 3f9bede7ea578a950f506d067568c366
SHA1 95ddbc24edb525d8daeee2526ce533d0e5192fb8
SHA256 67222c18d2ef21192cdafffdb5d663271a79232586fd3f9e7479cee0bb662e8f
SHA3 55e28b7c1bb1a8f80e8afc5ee9056b0b65131d9a5d037e17c15be83061f501d0
SSDeep 3072:CAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJ18lWY:CAi4pxpRkyHRZa0Gl278IVNcbcW
Imports Hash 6a91eb82bfd19d2706c7d43c46f7064e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2024-Jun-13 14:19:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x16a00
SizeOfInitializedData 0xd000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000011360 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x29000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x180000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7686fed8e498738623d126176eb8df02
SHA1 b11d93db3c7ab73668c8afcf1e043b833857be8e
SHA256 822cbf045dae22059a0ea7e79d8c326557cdb921fb37a75648bd840a125476d2
SHA3 798a2cc2c335d8b18ab2aa5dd24d0116a85066b1178e850ca98c07e0782739b8
VirtualSize 0x1695c
VirtualAddress 0x1000
SizeOfRawData 0x16a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.37174

.rdata

MD5 a3e820dad194427577f5c974d2c715c8
SHA1 98787c253ac586e823f72a87511283d8fffd1671
SHA256 90091fc009503596d1796cc23cd32e44924c64da0eda88797f5fea85a9507370
SHA3 df429d377eb2be87632c4ff205d3954c49e082837eb10e98184189c72658065c
VirtualSize 0x95de
VirtualAddress 0x18000
SizeOfRawData 0x9600
PointerToRawData 0x16e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.49056

.data

MD5 3760c1fb6ad5560856429ff4ec69d4d7
SHA1 a1f4644e1998c66eb075f57f8d8ad66434a9a26e
SHA256 d1577089c3e9a6cf2352715f13887ce8b8c1d4c13c048807753f2b17dfa1e8dd
SHA3 74df1948fc18245715c21b05cf67865c30d2b6e90c850fa056c8378042dbe1d1
VirtualSize 0x1858
VirtualAddress 0x22000
SizeOfRawData 0xa00
PointerToRawData 0x20400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.35909

.pdata

MD5 58b5c0ba22a038ca54d885829ab5f06d
SHA1 c51368b74ee6b258c16be30200d8f5df143f8e5f
SHA256 52361b3c46d4eb026eccfd768df081dd77cac91d74d5f84aa8dfaf1607b6d7e6
SHA3 d3504d45f9a1c42ea5e405c1a23d1ba65464842235b9c88e51b7d7d09b93b2d9
VirtualSize 0x13bc
VirtualAddress 0x24000
SizeOfRawData 0x1400
PointerToRawData 0x20e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.9833

_RDATA

MD5 f03e9bc08417a2c7013707183af3d6f7
SHA1 71bee5fe0c24b393899d13c3c2e3267b23f6de8e
SHA256 7a66534bd1ecead54ce21ecbe29ec7dcad84e0e4b7195df405c009d422d1c613
SHA3 5fa991e3dd29f0819c10d2611a7b35d1a029c3eb9281d70d662669ffc7ffb5ee
VirtualSize 0x1f4
VirtualAddress 0x26000
SizeOfRawData 0x200
PointerToRawData 0x22200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.20663

.reloc

MD5 373814e3aa75bacedd47b10d2b34ac1b
SHA1 83da5a329808a15709db4bf088ff9c1983bba1f4
SHA256 5a7d064a742430e08087004174a6ec386bbe555730ffa1bc8e2454e5561a7c13
SHA3 36c70ac2754c29e85c5d6a9d156393012196db1717c71cd0b1db6e551e5df104
VirtualSize 0x318
VirtualAddress 0x27000
SizeOfRawData 0x400
PointerToRawData 0x22400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.70614

.rsrc

MD5 85de554952aae5425459803c6f2f390b
SHA1 2654084ac37d5bdc7f6abd18ac874a647dcd9d2f
SHA256 6b8de8774d0bd76720edf1c62642cccfec2086264e85ccf9be3ae0be12f2ed49
SHA3 ce45a302dce21ce7cb5ebc2637f3f07965eb1a9029f0c8be8e2a2b7e6053845e
VirtualSize 0x588
VirtualAddress 0x28000
SizeOfRawData 0x600
PointerToRawData 0x22800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.07368

Imports

KERNEL32.dll FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
USER32.dll MessageBoxW
SHELL32.dll ShellExecuteW
ADVAPI32.dll RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
api-ms-win-crt-runtime-l1-1-0.dll _invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
abort
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
__p___argc
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
fputwc
__p__commode
_set_fmode
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf
api-ms-win-crt-heap-l1-1-0.dll calloc
_set_new_mode
free
_callnewh
malloc
api-ms-win-crt-string-l1-1-0.dll toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s
api-ms-win-crt-convert-l1-1-0.dll wcstoul
_wtoi
api-ms-win-crt-time-l1-1-0.dll _gmtime64_s
_time64
wcsftime
api-ms-win-crt-locale-l1-1-0.dll setlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
_unlock_locales
api-ms-win-crt-math-l1-1-0.dll __setusermatherr

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2fc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.22891
MD5 f0df222f539452fd6de954f726502bfa
SHA1 a36ce522e973b86c43c4f709da46a86558724f7a
SHA256 fd5ac67037e5fafa0221e2f8842b3a6bd66262bf24b2b1be8bdb9807a93276b1
SHA3 80eee1de39769d80fca5fb60d0520ad6f7b03ef6182ab36f606b5d9a2a0fe6ed

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName IEPSCalculator
FileDescription IEPSCalculator
FileVersion (#2) 1.0.0.0
InternalName IEPSCalculator.dll
LegalCopyright
OriginalFilename IEPSCalculator.dll
ProductName IEPSCalculator
ProductVersion (#2) 1.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2024-Jun-13 19:45:12
Version 0.0
SizeofData 109
AddressOfRawData 0x1e190
PointerToRawData 0x1cf90
Referenced File D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2024-Jun-13 19:45:12
Version 0.0
SizeofData 20
AddressOfRawData 0x1e200
PointerToRawData 0x1d000

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Jun-13 19:45:12
Version 0.0
SizeofData 1004
AddressOfRawData 0x1e214
PointerToRawData 0x1d014

TLS Callbacks

StartAddressOfRawData 0x14001e648
EndAddressOfRawData 0x14001e658
AddressOfIndex 0x140023840
AddressOfCallbacks 0x1400184e0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140022040
GuardCFCheckFunctionPointer 5368808464
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0xecfe021e
Unmarked objects 0
Unmarked objects (#2) 1
C objects (33218) 12
ASM objects (33218) 18
C++ objects (33218) 86
Imports (VS2008 SP1 build 30729) 16
Imports (30795) 9
Total imports 201
C++ objects (LTCG) (33523) 10
Linker (33523) 1

Errors