Manalyze report for 407fef7fd844295a10827ec8607241b6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2015-Oct-30 02:29:07
Detected languages	English - United States
Debug artifacts	Windows.Media.Ocr.pdb
CompanyName	Microsoft Corporation
FileDescription	Windows OCR Runtime DLL
FileVersion	`10.0.10586.0 (th2_release.151029-1700)`
InternalName	Windows.Media.Ocr.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	Windows.Media.Ocr.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.10586.0`

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Functions related to the privilege level: OpenProcessToken` `Manipulates other processes: OpenProcess`
Safe	VirusTotal score: 0/69 (Scanned on 2019-11-18 11:10:46)	`All the AVs think this file is safe.`

Hashes

MD5	`407fef7fd844295a10827ec8607241b6`
SHA1	`2caf3bf0315918514f1d90f47aa7fb8f11ffe0d9`
SHA256	`8adefc24605e7a2bfb5a86362e117441368054dd620a9a7202a9bff5cbc9cea4`
SHA3	`1d1c1eced4a2d65c9ca59d8829997d24bc9430b9674451fa4faf466c75d42e30`
SSDeep	`12288:qybNcxJpjS9kHcS4XM4c/ETAAtFD1fiC1iIhvQDXcPpq0Amuc:qzxq9k8jXM4WiAAtFRfiCWcBq0p`
Imports Hash	`3228c07ae916a01aff5f74a71dfca12d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2015-Oct-30 02:29:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0xa8000`
SizeOfInitializedData	`0x49400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000009D8A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0xf5000`
SizeOfHeaders	`0x400`
Checksum	`0xf169e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`49e38af3c388c5d1b012767865a8c83b`
SHA1	`b3ca23ee239ec4d1b66dbde356ee68759aff2e77`
SHA256	`fc665702fac28795b2690fbfd30af0b659e213d2070157c03dcd498ce7e6a3bd`
SHA3	`8968c910fe991feae99d461e55ac3928f9780a64b4fbeb9a7263c7411e505128`
VirtualSize	`0xa7f1c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa8000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45288`

.rdata

MD5	`601394eeb50d455c1375386ee922daf4`
SHA1	`37eb4d0e4e07c455759f3f135479165d061a202a`
SHA256	`4822a39b820c014b167fdc060f59634a70ecc503cc6a7f1403fa3e2ab6bea787`
SHA3	`b339ab579ad5876406924f047db7c72836cf96ff1da2bee5d52df4d584579a08`
VirtualSize	`0x3bc02`
VirtualAddress	`0xa9000`
SizeOfRawData	`0x3be00`
PointerToRawData	`0xa8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.26139`

.data

MD5	`6aa701443dba68c2ee0a136594a362b4`
SHA1	`ec1d99e6bdd3dd382bfbd0ba8303be6111065d0a`
SHA256	`78fb93850944ae43918bcfba1b36616fe65864928941ea7f7e58677c709def4c`
SHA3	`99bb8c166906af887c5afa0f978c34e44a531c555c1eac35b3b0ae7a16e830bb`
VirtualSize	`0x3950`
VirtualAddress	`0xe5000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0xe4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.93458`

.pdata

MD5	`880cb8d8fadb8bc8824addd24839f6e5`
SHA1	`925d4eadfa289469f4a069e42362388aa6611501`
SHA256	`42a35ee3c54ee2f7218c12d9b5fb1209f10d0f856827c777bc1ef3f546991a67`
SHA3	`0d54d1f31624601939f4fa714130e4145567aaf9d2ca09d21b9386d640de5249`
VirtualSize	`0x7cd4`
VirtualAddress	`0xe9000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0xe7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.95709`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x9`
VirtualAddress	`0xf1000`
SizeOfRawData	`0x200`
PointerToRawData	`0xeee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`d64a32127ca2a01e923040fa795998a9`
SHA1	`f23b3861d0e58d33b14f4de1b652d9d6bc4a135a`
SHA256	`5b2e8ed260a56041e5974b4b9937dd319c835473639c135852f528d576c0ff91`
SHA3	`e5f4b8fad4213e3119f0fe2327999f80a6c5b22aa46bf5ec45472a545d58a11c`
VirtualSize	`0x430`
VirtualAddress	`0xf2000`
SizeOfRawData	`0x600`
PointerToRawData	`0xef000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52179`

.reloc

MD5	`805a45fe4bba1c4f24abf71e2e52f0c6`
SHA1	`5cf9fcc387d57c1a1e09270fb3fd784ab75e4540`
SHA256	`e220f4aea783d6c40529e86a5c8919e8c49ac69e9e3f06879ec30626802de681`
SHA3	`68e621ff5591212446efa4b4d921610d54a653bec095c0ab2a5501336b56f08e`
VirtualSize	`0x14f4`
VirtualAddress	`0xf3000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xef600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.39128`

Imports

msvcp110_win.dll	`?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ` `?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ` `?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z` `?uncaught_exception@std@@YA_NXZ` `?_Winerror_map@std@@YAPEBDH@Z` `?_BADOFF@std@@3_JB` `?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?_Orphan_all@_Container_base0@std@@QEAAXXZ` `?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z` `?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z` `?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?_Xbad_function_call@std@@YAXXZ` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `?_Add_vtordisp1@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `_FInf` `?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z` `??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ` `??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?_Xbad_alloc@std@@YAXXZ` `?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?_Syserror_map@std@@YAPEBDH@Z` `??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z` `??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ`
msvcrt.dll	`??1type_info@@UEAA@XZ` `realloc` `??0exception@@QEAA@AEBV0@@Z` `??0exception@@QEAA@AEBQEBD@Z` `??1exception@@UEAA@XZ` `_vsnwprintf` `towlower` `memmove_s` `wcschr` `__CxxFrameHandler3` `_onexit` `__dllonexit` `_unlock` `?what@exception@@UEBAPEBDXZ` `__ExceptionPtrCurrentException` `__ExceptionPtrCopy` `__ExceptionPtrDestroy` `__ExceptionPtrCreate` `__ExceptionPtrRethrow` `fseek` `_wfopen_s` `feof` `strerror_s` `_errno` `fread` `??0exception@@QEAA@AEBQEBDH@Z` `ftell` `fclose` `??0exception@@QEAA@XZ` `_lock` `?terminate@@YAXXZ` `__C_specific_handler` `_initterm` `_amsg_exit` `_XcptFilter` `_callnewh` `_aligned_free` `_aligned_malloc` `_towupper_l` `_iswupper_l` `_create_locale` `_iswlower_l` `_towlower_l` `_iswpunct_l` `_iswdigit_l` `_wcsnicmp` `calloc` `malloc` `??3@YAXPEAX@Z` `_purecall` `??_V@YAXPEAX@Z` `free` `memmove` `_CxxThrowException` `ceil` `ceilf` `cos` `exp` `expf` `log` `memcmp` `memcpy` `memset` `powf` `sin` `sqrt` `sqrtf`
api-ms-win-core-com-l1-1-1.dll	`CoInitializeEx` `CoWaitForMultipleHandles` `CoReleaseMarshalData` `CoCreateFreeThreadedMarshaler` `CoGetInterfaceAndReleaseStream` `CreateStreamOnHGlobal` `CoUninitialize` `CoGetApartmentType` `CoCreateInstance` `CoMarshalInterface` `RoGetAgileReference` `CoTaskMemAlloc`
api-ms-win-core-util-l1-1-0.dll	`DecodePointer` `EncodePointer`
api-ms-win-core-winrt-string-l1-1-0.dll	`HSTRING_UserMarshal64` `WindowsCreateString` `HSTRING_UserSize` `WindowsDuplicateString` `WindowsGetStringRawBuffer` `HSTRING_UserFree64` `HSTRING_UserMarshal` `WindowsStringHasEmbeddedNull` `WindowsCreateStringReference` `HSTRING_UserUnmarshal` `HSTRING_UserUnmarshal64` `WindowsDeleteString` `HSTRING_UserFree` `HSTRING_UserSize64` `WindowsIsStringEmpty`
api-ms-win-core-libraryloader-l1-2-0.dll	`LoadResource` `SizeofResource` `LockResource` `LoadLibraryExW` `GetModuleHandleExW` `GetModuleHandleW` `GetProcAddress` `GetModuleFileNameA` `FreeLibrary` `FreeLibraryAndExitThread`
api-ms-win-core-synch-l1-2-0.dll	`InitializeCriticalSection` `InitOnceExecuteOnce` `ReleaseSemaphore` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `SetEvent` `ReleaseSRWLockShared` `WaitForSingleObject` `AcquireSRWLockShared` `Sleep` `LeaveCriticalSection` `InitOnceBeginInitialize` `InitializeSRWLock` `OpenSemaphoreW` `CreateEventExW` `InitOnceComplete` `DeleteCriticalSection` `EnterCriticalSection`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoOriginateError` `RoOriginateErrorW` `IsErrorPropagationEnabled` `GetRestrictedErrorInfo` `SetRestrictedErrorInfo` `RoReportFailedDelegate` `RoGetMatchingRestrictedErrorInfo` `RoTransformError`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-processthreads-l1-1-2.dll	`TlsAlloc` `GetCurrentProcess` `TerminateProcess` `TlsFree` `GetCurrentThreadId` `OpenProcess` `TlsSetValue` `GetCurrentProcessId` `TlsGetValue` `OpenProcessToken` `IsProcessorFeaturePresent` `CreateThread`
api-ms-win-core-sysinfo-l1-2-1.dll	`GetSystemWindowsDirectoryW` `GetTickCount` `GetSystemInfo` `GetSystemTimeAsFileTime`
api-ms-win-core-rtlsupport-l1-2-0.dll	`RtlCaptureContext` `RtlVirtualUnwind` `RtlLookupFunctionEntry`
api-ms-win-core-errorhandling-l1-1-1.dll	`RaiseException` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetLastError`
Bcp47Langs.dll	`Bcp47GetDistance` `GetUserLanguages`
api-ms-win-core-kernel32-legacy-l1-1-1.dll	`WaitForMultipleObjects` `FindResourceW` `CreateSemaphoreW`
api-ms-win-core-threadpool-l1-2-0.dll	`CreateThreadpoolTimer` `CloseThreadpoolTimer` `CallbackMayRunLong` `SetThreadpoolTimer` `FreeLibraryWhenCallbackReturns` `TrySubmitThreadpoolCallback` `WaitForThreadpoolTimerCallbacks`
api-ms-win-core-file-l1-2-1.dll	`FindFirstFileW` `FindNextFileW` `FindClose` `FindFirstFileExW`
api-ms-win-eventing-provider-l1-1-0.dll	`EventWriteTransfer` `EventUnregister` `EventRegister` `EventSetInformation`
api-ms-win-security-base-l1-2-0.dll	`GetTokenInformation`
api-ms-win-core-debug-l1-1-1.dll	`OutputDebugStringW`
api-ms-win-core-winrt-l1-1-0.dll	`RoGetActivationFactory`
api-ms-win-core-localization-l1-2-1.dll	`FormatMessageW`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
RPCRT4.dll	`CStdStubBuffer_IsIIDSupported` `CStdStubBuffer_Disconnect` `CStdStubBuffer_DebugServerRelease` `CStdStubBuffer_Invoke` `CStdStubBuffer_Connect` `NdrStubCall3` `NdrCStdStubBuffer_Release` `IUnknown_AddRef_Proxy` `CStdStubBuffer_QueryInterface` `CStdStubBuffer_DebugServerQueryInterface` `IUnknown_Release_Proxy` `NdrDllCanUnloadNow` `CStdStubBuffer_CountRefs` `NdrCStdStubBuffer2_Release` `NdrDllGetClassObject` `CStdStubBuffer_AddRef` `NdrOleAllocate` `IUnknown_QueryInterface_Proxy` `NdrOleFree` `NdrStubForwardingFunction`
api-ms-win-core-com-midlproxystub-l1-1-0.dll	`ObjectStublessClient14` `NdrProxyForwardingFunction4` `ObjectStublessClient10` `ObjectStublessClient6` `ObjectStublessClient9` `CStdStubBuffer2_CountRefs` `NdrProxyForwardingFunction5` `ObjectStublessClient16` `CStdStubBuffer2_Connect` `ObjectStublessClient12` `CStdStubBuffer2_Disconnect` `NdrProxyForwardingFunction3` `ObjectStublessClient17` `ObjectStublessClient13` `ObjectStublessClient11` `ObjectStublessClient8` `ObjectStublessClient15` `ObjectStublessClient7` `CStdStubBuffer2_QueryInterface` `ObjectStublessClient3`
api-ms-win-rtcore-ntuser-synch-l1-1-0.dll	`MsgWaitForMultipleObjectsEx`
api-ms-win-rtcore-ntuser-window-l1-1-0.dll	`DispatchMessageW` `TranslateMessage` `PeekMessageW` `PostThreadMessageW`
api-ms-win-shcore-thread-l1-1-0.dll	`SHCreateThreadRef` `SHSetThreadRef` `SHGetThreadRef`

Delayed Imports

DllCanUnloadNow

Ordinal	`1`
Address	`0x3880`

DllGetActivationFactory

Ordinal	`2`
Address	`0x35e0`

DllGetClassObject

Ordinal	`3`
Address	`0x3780`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4642`
MD5	`a06835dd081827b6caea328880e2459f`
SHA1	`5a1c384f17529f18bd59917f2dcaf4ca9b0eecb9`
SHA256	`7f2ce5582f685eafececed3695ce4c0ae34a6a9d70f3388ad3afcb447dbbf359`
SHA3	`380d1ea0920dc08f1fe66a4f556d666273739bcffe322d82b783eec211b5c8b9`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.10586.0
ProductVersion	10.0.10586.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows OCR Runtime DLL
FileVersion (#2)	10.0.10586.0 (th2_release.151029-1700)
InternalName	Windows.Media.Ocr.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	Windows.Media.Ocr.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.10586.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2015-Oct-30 02:29:07
Version	`0.0`
SizeofData	`46`
AddressOfRawData	`0xc769c`
PointerToRawData	`0xc6a9c`
Referenced File	Windows.Media.Ocr.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2015-Oct-30 02:29:07
Version	`0.0`
SizeofData	`872`
AddressOfRawData	`0xc76e0`
PointerToRawData	`0xc6ae0`

TLS Callbacks

StartAddressOfRawData	`0x1800f1000`
EndAddressOfRawData	`0x1800f1008`
AddressOfIndex	`0x1800e8918`
AddressOfCallbacks	`0x1800a9ab0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1800e5008`
GuardCFCheckFunctionPointer	`6443145512`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x8917c9af`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`52`
241 (40116)	`3`
242 (40116)	`15`
Total imports	`290`
239 (40116)	`7`
243 (40116)	`10`
238 (40116)	`1`
247 (40116)	`138`
Imports (40116)	`1`
240 (40116)	`1`

407fef7fd844295a10827ec8607241b6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.tls

.rsrc

.reloc

Imports

Delayed Imports

DllCanUnloadNow

DllGetActivationFactory

DllGetClassObject

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors