Manalyze report for 41839df4cc0fecf3630c7516bca740d6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2001-May-14 17:16:24
Detected languages	English - United States
Debug artifacts	WpcMon.pdb
CompanyName	Microsoft Corporation
FileDescription	Family Safety Monitor
FileVersion	`10.0.19041.906 (WinBuild.160101.0800)`
InternalName	WpcMon.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	WpcMon.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.19041.906`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: family.microsoft.com go.microsoft.com https://go.microsoft.com https://go.microsoft.com/fwlink/?LinkId https://login.microsoft.com login.microsoft.com microsoft.com public.settings.family.microsoft.com sdx.microsoft.com settings.family.microsoft.com`
Suspicious	The PE is possibly packed.	`Unusual section name found: .imrsiv` `Unusual section name found: .didat`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCreateKeyExW RegOpenKeyExW RegCloseKey RegGetValueW RegEnumKeyExW RegEnumValueW RegDeleteValueW RegSetValueExW RegQueryValueExW` `Possibly launches other programs: CreateProcessAsUserW ShellExecuteW` `Functions related to the privilege level: DuplicateTokenEx OpenProcessToken` `Interacts with services: QueryServiceStatusEx OpenServiceW OpenSCManagerW`
Info	The PE is digitally signed.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011`
Safe	VirusTotal score: 0/67 (Scanned on 2021-04-30 23:06:52)	`All the AVs think this file is safe.`

Hashes

MD5	`41839df4cc0fecf3630c7516bca740d6`
SHA1	`13bd7151b1c1f90f73f438eb186302046418ae03`
SHA256	`5ae1b93ade705798bbf20eaf1b1678689ce07e683b6dbbdf2d376924908ee8a4`
SHA3	`bd26904b3431b8e4719f6478495204cb1f8946b57cc4e19c549285d839bd8bec`
SSDeep	`24576:3DZxAcD18yEs9fRCkoZvTg2SjE2FG7Ah:3McJnPItvM2WE2`
Imports Hash	`cce91986efad0824ef8430008cfa8a22`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2001-May-14 17:16:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa4800`
SizeOfInitializedData	`0x7ac00`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x0000000000097CC0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x125000`
SizeOfHeaders	`0x400`
Checksum	`0x12d4c1`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a8cba493557119ea0a4f0a800cc2e7d3`
SHA1	`799d5e70063e14cfa1207feda26574b86bdcdee3`
SHA256	`ff6c58f077a18004ecf9ae29ad42393d5d301238d8b87139e1b1ca3f706aadd6`
SHA3	`ba8e4522bf3fa20b40d45886711f688cec23a577c834c103592c960f791f8a88`
VirtualSize	`0xa467c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa4800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.16195`

.imrsiv

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4`
VirtualAddress	`0xa6000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`d1231de391ee9647f6ba4453ebac8aab`
SHA1	`23a617625e36b6cca3428f64a7921d193ec2ac01`
SHA256	`28cbf818f5364d078a4372eba29c95c18bddc20b6559e2f32cfe0a2f804cd5fd`
SHA3	`350584140cba016c12388447dd0145ee259fad22765bb0358b15462ff3657007`
VirtualSize	`0x40aaa`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x40c00`
PointerToRawData	`0xa4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.742`

.data

MD5	`cc5e0e84a6d50a32f53cf53b0d40dc38`
SHA1	`a9858c96d47a87ee602fe1a698445c6a18cb355f`
SHA256	`0b64854a2bf9117b9d7be5813a14786b10a466bedc48a920ad98b4dda05622e8`
SHA3	`c2bb127b379df357491db6809bf69aa042b02d8348d3a4347758226cc48ca329`
VirtualSize	`0x1fed0`
VirtualAddress	`0xe8000`
SizeOfRawData	`0x1e200`
PointerToRawData	`0xe5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.07114`

.pdata

MD5	`9b3cf337cf85c5ff84a69b4f811900f5`
SHA1	`8f3d4f557aea557a953df5d9b323c51af5c329c1`
SHA256	`6d48a5fb32c38020225fb28ed9e28bfb916122f85c5118c3208504c91a97821f`
SHA3	`23cd6c87a361b80084e5de1d52e4531cd4b5508917efbc06d10c381fb6787a33`
VirtualSize	`0x8064`
VirtualAddress	`0x108000`
SizeOfRawData	`0x8200`
PointerToRawData	`0x103a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.87046`

.didat

MD5	`3757b832243a65d4c6d05095fca60f5e`
SHA1	`715c7414e11803f50a4585da87eec32aab3c1c98`
SHA256	`e1ef1c41e727b1eb5658360cce8dd441214c935c61434ae83aca409e281462b0`
SHA3	`efc44a86fae0558a615c8c2aacc38540fef43a01f988b3741039e3bcec660507`
VirtualSize	`0x578`
VirtualAddress	`0x111000`
SizeOfRawData	`0x600`
PointerToRawData	`0x10bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.2729`

.rsrc

MD5	`eb7dae70e1356df8b4887f9aaa44c5f5`
SHA1	`8fce501ea05cf1ef76e8915b2b7ce0364748c4db`
SHA256	`eedcd0b7b4a76cebf20d61d8360c31bc24464e1c468589a5767a6936b562b5aa`
SHA3	`a76eb9e6d8b1eb2a5ae74c9a8d7b9c303504020b6cb07a78dab8e10fff74b4b4`
VirtualSize	`0xf1b8`
VirtualAddress	`0x112000`
SizeOfRawData	`0xf200`
PointerToRawData	`0x10c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.66988`

.reloc

MD5	`66b16bf133f34c3cfc3a9b46c2410e02`
SHA1	`9286fab763c94b74205b862e5d24db6df64fbbb1`
SHA256	`60c724a8bae18af564bf62c59db53308c387e36f111a00570c23ab66e085d587`
SHA3	`4f19fd62ebf720321f65ee7bb2207e0a129ade6ddc41fd7061336d505847b718`
VirtualSize	`0x24ac`
VirtualAddress	`0x122000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x11b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.39082`

Imports

ADVAPI32.dll	`EventActivityIdControl` `QueryServiceStatusEx` `GetLengthSid` `OpenServiceW` `EventUnregister` `UnregisterTraceGuids` `RegisterTraceGuidsW` `StartServiceW` `GetTraceEnableLevel` `IsValidSid` `GetTraceEnableFlags` `GetTraceLoggerHandle` `EventSetInformation` `TraceMessage` `OpenSCManagerW` `EventRegister` `CloseServiceHandle` `EventWriteTransfer` `RegCreateKeyExW` `RegOpenKeyExW` `RegCloseKey` `RegGetValueW` `RegEnumKeyExW` `RegEnumValueW` `RegDeleteTreeW` `RegDeleteValueW` `RegSetValueExW` `RegQueryValueExW` `DuplicateTokenEx` `SetTokenInformation` `OpenProcessToken` `OpenThreadToken` `GetTokenInformation` `GetSidLengthRequired` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `CopySid` `ConvertSidToStringSidW` `ConvertStringSidToSidW` `LookupAccountNameW` `CreateWellKnownSid` `CreateProcessAsUserW` `IsTextUnicode`
KERNEL32.dll	`GetErrorMode` `GetProcAddress` `CreateMutexExW` `LocalFree` `AcquireSRWLockShared` `DeleteCriticalSection` `GetCurrentProcessId` `GetProcessHeap` `GetModuleHandleW` `SleepEx` `DebugBreak` `HeapSetInformation` `RegisterApplicationRestart` `IsDebuggerPresent` `ResolveDelayLoadedAPI` `HeapAlloc` `GetTickCount` `GetFileSizeEx` `SetFilePointerEx` `ReadFile` `CreateFileW` `GetComputerNameW` `CreateMutexW` `IsWow64Process` `GetCurrentThread` `ReleaseSRWLockShared` `CreateEventExW` `InitOnceInitialize` `InitOnceExecuteOnce` `GetThreadPreferredUILanguages` `GetPackagesByPackageFamily` `GetPackagePath` `PackageIdFromFullName` `FindFirstChangeNotificationW` `FindCloseChangeNotification` `FindNextChangeNotification` `GetFileAttributesW` `CreateDirectoryW` `GetFileAttributesExW` `LocaleNameToLCID` `FileTimeToLocalFileTime` `LocalFileTimeToFileTime` `GetDynamicTimeZoneInformation` `GetDateFormatEx` `GetTimeFormatEx` `GetTimeFormatW` `GetDateFormatW` `CompareFileTime` `FileTimeToSystemTime` `GetLocaleInfoEx` `OpenEventW` `IsThreadpoolTimerSet` `WaitForThreadpoolWaitCallbacks` `CallbackMayRunLong` `SetThreadpoolWait` `CreateThreadpoolWait` `TrySubmitThreadpoolCallback` `CloseThreadpool` `SetThreadpoolThreadMaximum` `SetThreadpoolThreadMinimum` `CreateThreadpool` `InitializeConditionVariable` `SleepConditionVariableSRW` `WakeAllConditionVariable` `CloseThreadpoolWait` `WaitForMultipleObjectsEx` `ConvertFiberToThread` `QueueUserAPC` `OpenThread` `MultiByteToWideChar` `WideCharToMultiByte` `SetThreadpoolTimer` `CloseHandle` `OpenSemaphoreW` `WaitForSingleObjectEx` `AcquireSRWLockExclusive` `InitOnceComplete` `CloseThreadpoolTimer` `OutputDebugStringW` `ReleaseSRWLockExclusive` `UpdateProcThreadAttribute` `GetLastError` `FormatMessageW` `ReleaseMutex` `GetCurrentThreadId` `WaitForSingleObject` `WaitForThreadpoolTimerCallbacks` `InitializeCriticalSectionEx` `SetErrorMode` `LeaveCriticalSection` `SetProcessShutdownParameters` `InitializeProcThreadAttributeList` `GetModuleHandleExW` `ReleaseSemaphore` `EnterCriticalSection` `SetLastError` `HeapFree` `CreateSemaphoreExW` `SetHandleInformation` `InitOnceBeginInitialize` `GetModuleFileNameA` `CreateThreadpoolTimer` `DelayLoadFailureHook`
msvcp_win.dll	`?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?id@?$ctype@G@std@@2V0locale@2@A` `??Bid@locale@std@@QEAA_KXZ` `?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z` `?_Xbad_alloc@std@@YAXXZ` `?id@?$collate@G@std@@2V0locale@2@A` `?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z` `?tolower@?$ctype@G@std@@QEBAGG@Z` `?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z` `?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ` `?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z` `?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ` `?uncaught_exception@std@@YA_NXZ` `?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z` `?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z` `?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z` `?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z` `??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ` `??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ` `?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z` `?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z` `?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z` `?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ` `?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z` `??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z` `?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A` `?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ` `?swap@?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAXAEAV12@@Z` `??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ` `??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z` `?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ` `??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z` `??0_Locinfo@std@@QEAA@PEBD@Z` `?__ExceptionPtrAssign@@YAXPEAXPEBX@Z` `?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ` `?_ReportUnobservedException@details@Concurrency@@YAXXZ` `?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z` `??1_Lockit@std@@QEAA@XZ` `??1_Locinfo@std@@QEAA@XZ` `?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ` `?is@?$ctype@G@std@@QEBA_NFG@Z` `?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Incref@facet@locale@std@@UEAAXXZ` `_Wcscoll` `_Wcsxfrm` `?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `_Cnd_destroy_in_situ` `_Cnd_broadcast` `_Mtx_unlock` `_Cnd_wait` `_Mtx_init_in_situ` `?__ExceptionPtrRethrow@@YAXPEBX@Z` `?__ExceptionPtrCurrentException@@YAXPEAX@Z` `_Mtx_lock` `?__ExceptionPtrDestroy@@YAXPEAX@Z` `_Mtx_destroy_in_situ` `?__ExceptionPtrToBool@@YA_NPEBX@Z` `?_XGetLastError@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Throw_C_error@std@@YAXH@Z` `??1facet@locale@std@@MEAA@XZ` `?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ` `?_Xbad_function_call@std@@YAXXZ` `?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z` `?__ExceptionPtrCopy@@YAXPEAXPEBX@Z` `_Cnd_init_in_situ` `?__ExceptionPtrCreate@@YAXPEAX@Z` `??0task_continuation_context@Concurrency@@AEAA@XZ` `?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z` `??0facet@locale@std@@IEAA@_K@Z` `?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z` `?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z` `?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ` `?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z` `?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z` `?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ`
api-ms-win-crt-runtime-l1-1-0.dll	`_register_thread_local_exe_atexit_callback` `_c_exit` `_initterm` `_initterm_e`
api-ms-win-crt-private-l1-1-0.dll	`_o__get_wide_winmain_command_line` `_o__i64tow_s` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__invalid_parameter_noinfo` `_o__invalid_parameter_noinfo_noreturn` `_o__itoa_s` `_o__lock_file` `_o__purecall` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `_o__ui64tow_s` `_o__unlock_file` `_o__wcsicmp` `_o__wcstoi64` `_o__wcstoui64` `_o_exit` `_o_fclose` `_o_fflush` `_o_fgetc` `_o_fgetpos` `_o_fgetwc` `_o_fputwc` `_o_free` `_o_fsetpos` `_o_fwrite` `_o_isspace` `_o_iswascii` `_o_iswdigit` `_o_iswlower` `_o_iswspace` `_o_iswxdigit` `_o_malloc` `_o_realloc` `_o_setvbuf` `_o_terminate` `_o_towlower` `_o_ungetc` `_o_ungetwc` `_o_wcscpy_s` `_o_wcsncpy_s` `_o_wcstol` `__C_specific_handler` `__CxxFrameHandler3` `_CxxThrowException` `_o__fseeki64` `_o__exit` `_o__errno` `wcschr` `strchr` `__std_type_info_compare` `_o___stdio_common_vswprintf` `_o___stdio_common_vsprintf_s` `_o___stdio_common_vsnwprintf_s` `_o___stdio_common_vsnprintf_s` `_o___std_type_info_name` `_o___std_exception_destroy` `_o___std_exception_copy` `_o___p__commode` `__std_terminate` `__CxxFrameHandler4` `_o__crt_atexit` `_o__configure_wide_argv` `_o__configthreadlocale` `_o__cexit` `_o__callnewh` `memcmp` `memcpy` `memmove`
api-ms-win-crt-string-l1-1-0.dll	`strncmp` `memset`
SHLWAPI.dll	`PathRemoveFileSpecW` `SHCreateStreamOnFileEx` `SHStrDupW` `PathCombineW` `UrlEscapeW`
api-ms-win-core-com-l1-1-0.dll	`CoWaitForMultipleHandles` `CLSIDFromString` `CoInitializeEx` `CoUninitialize` `CoCreateInstance` `CoTaskMemFree` `CoCreateFreeThreadedMarshaler` `CoTaskMemAlloc` `PropVariantClear`
api-ms-win-core-synch-l1-1-0.dll	`InitializeSRWLock` `SetEvent` `InitializeCriticalSection` `CreateEventW` `InitializeCriticalSectionAndSpinCount` `ResetEvent`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `RaiseException`
api-ms-win-core-processthreads-l1-1-0.dll	`CreateThread` `TlsSetValue` `TlsFree` `TlsGetValue` `GetCurrentProcess` `TerminateProcess` `TlsAlloc` `GetStartupInfoW`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTime` `GetSystemTimeAsFileTime`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-winrt-error-l1-1-0.dll	`RoOriginateError` `GetRestrictedErrorInfo` `SetRestrictedErrorInfo`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsCreateString` `WindowsDeleteString` `WindowsCreateStringReference` `WindowsGetStringRawBuffer`
api-ms-win-core-winrt-l1-1-0.dll	`RoUninitialize` `RoActivateInstance` `RoGetActivationFactory` `RoInitialize`
api-ms-win-core-synch-l1-2-0.dll	`Sleep`
api-ms-win-core-timezone-l1-1-0.dll	`SystemTimeToFileTime`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoOriginateLanguageException` `RoGetMatchingRestrictedErrorInfo`
api-ms-win-core-libraryloader-l1-2-0.dll	`FreeLibrary` `LoadLibraryExW`
api-ms-win-core-processenvironment-l1-1-0.dll	`ExpandEnvironmentStringsW`
ntdll.dll	`EtwTraceMessage` `RtlSubscribeWnfStateChangeNotification` `RtlUnsubscribeWnfNotificationWaitForCompletion` `NtQueryWnfStateData`
api-ms-win-shcore-scaling-l1-1-2.dll	`GetDpiForShellUIComponent`
SHELL32.dll	`ShellExecuteExW` `ShellExecuteW` `CommandLineToArgvW` `SHGetFolderPathW` `SHGetKnownFolderPath` `Shell_NotifyIconW`
RPCRT4.dll	`UuidCreate`
api-ms-win-core-localization-l1-2-0.dll	`IdnToAscii`
USERENV.dll	`CreateEnvironmentBlock` `DestroyEnvironmentBlock`
api-ms-win-security-lsalookup-l2-1-0.dll	`LookupAccountSidW`
samcli.dll	`NetUserGetInfo`
IMM32.dll	`ImmDisableLegacyIME`
api-ms-win-crt-math-l1-1-0.dll	`ceilf`
OLEAUT32.dll (delay-loaded)	`VariantInit` `SysFreeString` `SysAllocString` `VariantClear` `SysStringLen`

Delayed Imports

Attributes	`0x1`
Name	`OLEAUT32.dll`
ModuleHandle	`0x106700`
DelayImportAddressTable	`0x1112f8`
DelayImportNameTable	`0xe1b90`
BoundDelayImportTable	`0xe3708`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

OVERLAYIMAGE_128

Type	`IMAGE`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa0b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80413`
Detected Filetype	PNG graphic file
MD5	`cb89f5a45171f167010f4910efe45858`
SHA1	`449baf13b1c7d6a2520a9ab25e67c12a08984bf5`
SHA256	`475dec84eae633caf857fcca15369033d566487b4fb6fcb28a85dadfd50ca8cf`
SHA3	`c0504f053584c98c5e457c6f0bd97b5f8ff330c5555ff6d9a9d983431db52533`

OVERLAYIMAGE_16

Type	`IMAGE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.59885`
Detected Filetype	PNG graphic file
MD5	`3410c2b6bb1b50ecf2c610a2eee02d89`
SHA1	`3882cd0045b174c389bb9b1db40b38f73575b1b0`
SHA256	`949f06c3caabaab2d34461a4a400939d103e47f247f6bbf7e5bdd9acfc12858d`
SHA3	`197654e18689922371655dd1b9edc88624cd783f3dafc5f897256ef43bc1bb15`

OVERLAYIMAGE_24

Type	`IMAGE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1d1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.17927`
Detected Filetype	PNG graphic file
MD5	`a2dae7ba0ba155e613c213fde801b08b`
SHA1	`95d5ceb644353d122e5c1bb9d46513d6fff640b7`
SHA256	`f302c10c2dd1dd21e488c6cca211031404d598aacf95f9d6ef12638e7e78f734`
SHA3	`d91fb12b76f0ec8ddef2e5b40f0b8468a64a4a384cc0436420532c137fc1ed8e`

OVERLAYIMAGE_256

Type	`IMAGE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1457`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76829`
Detected Filetype	PNG graphic file
MD5	`08526266c7987b067c749e57263a0604`
SHA1	`a3ec4c0ec060258e08a3a421a5a8ee10fb8aebd7`
SHA256	`6aded64d3b1db10ab821933fc4c180e76947ddd87f406899491eb3de273f9fee`
SHA3	`ad7a1c65fed5f108cd720939a5877b69fe987cc267164efcb02b39dd7529c2df`

OVERLAYIMAGE_32

Type	`IMAGE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.23009`
Detected Filetype	PNG graphic file
MD5	`8026715ed5763c01e7e22aeb39e736e5`
SHA1	`8f0f1436b2d645f20e75938c2973d40bdaf2c7c5`
SHA256	`f36632f833cc9d8a6f53c3bfd96e6107dbf81e471d3cdecc12aa6a8a51fed766`
SHA3	`12a4e9ee0de8b76af3592a9305fb0c9c52c226209a4bd75e35c46be820881e2f`

OVERLAYIMAGE_48

Type	`IMAGE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.45538`
Detected Filetype	PNG graphic file
MD5	`a88c9b93f7af5d8482bfaa661850f2ab`
SHA1	`6da23267d520e1d2e4338eab5cbb94efe14cab54`
SHA256	`2a17fc5ccb61116bce4d028058ea2bfb0c0d7679802a8b0f3f74f70161df58cf`
SHA3	`e30042672674c633a21928d56991f9f5dcbe738f24668fa4f7e03de0969571e5`

OVERLAYIMAGE_64

Type	`IMAGE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.60828`
Detected Filetype	PNG graphic file
MD5	`95bef21fc6d795a3f9020994a36d38d4`
SHA1	`c92d1cf011e1063cc823877b745c3f7fe808eed6`
SHA256	`abfaf77e784a02ce0ef108bdc4428b1cedd617134c13302b70ab3a8c42f82b50`
SHA3	`1ee8d0470dfab400ce1b8bf3178b74d4490fc26cce553f5eaf7c4eaf8f6f00c4`

OVERLAYIMAGE_96

Type	`IMAGE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.63056`
Detected Filetype	PNG graphic file
MD5	`7b970ae374281f4249c56060f4741045`
SHA1	`e44ee51cd9123ffc3d3398f411549c025dbfb952`
SHA256	`8328d2ca195c9c521b6634648be6730e6212ee07ba7ca8424f8e1b0279e550da`
SHA3	`a1fee39e05e570d685702f6e583d264fbc187b5634a98c594c30cd38d482c775`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7993`
MD5	`13ea98874740fb84513294b6dfdffd5f`
SHA1	`9ebf9f7185a2284c8c44adfd109a00de449f5d14`
SHA256	`4f42b508e95af80db78f1365d000a438919fbd43c2131f024c95d741d29dd731`
SHA3	`4ab2f8f9f7653d09d1e071c6a514f46882380ec083ef607fdf9040db5cad7f29`

1400

Type	`UIFILE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x185`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06952`
MD5	`7d8a9d1b9df6b9e354f1d59c6e63e0c6`
SHA1	`f3a72ef323a198c5abc0ba85078e12022b9ce6bb`
SHA256	`0375870d25f7bdc616947d3b197ee1b237aa1f89bd1baab540dffff73089dc42`
SHA3	`64f75636e7d300995c88140a1da0e7f02105db270365455b26fe07476bf9bf2a`

1500

Type	`UIFILE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x129`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02751`
MD5	`39af918cff15ab3e63060597720a19b1`
SHA1	`a0ebd037e0cce580e0c88a58ed4f1aaa6f939c40`
SHA256	`0f274eb875cc7266291a79ff902b92a456850b81113b0902d61e2ba7ebbf2b16`
SHA3	`1ee0d822943f271e64243cf3a518a42651ee0686fd5c79df00d6ca3702cebc16`

1520

Type	`UIFILE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x733`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05163`
MD5	`136ab97cb505d4565f54748a9ea57fac`
SHA1	`791e233b816e962b1eed91abcd59ed126b86e4e9`
SHA256	`16da5bca9bf65c64dc54002c2ef6bac3db0ef6875fb8242c86d79bf82d14b4c6`
SHA3	`ffd2b40d0a1e878d500415df97cc37af664a26c29efb731dda22af3c2661e802`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.03611`
MD5	`166b24203ab4a0faae5181fbb602507b`
SHA1	`587f656a56d64f1f6099c359ee81052ed064a10c`
SHA256	`dd0700dd0f7d53a76e288dc9a4b84b383bc385824674b27b63c6fb30fde3bfbb`
SHA3	`a9496628ad91fdea77ed04e11779857b4f6e4847d0e3a9436ad582e462e3f3b1`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.17365`
MD5	`309a5be5c2bde7c5ed52b4f72a44328e`
SHA1	`2ca6e582ad7e56adb303ccfa51681c28798ce2c3`
SHA256	`07d89c8458d10617e1c6c5d854189070ae0ce57baa929f2346c347fc626a59bd`
SHA3	`bcc9a48e65c53cee1888cfe54871c7ee458c96c3b88ff84e5c1da1985d388dfa`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.22107`
MD5	`d4911dd4748ae1f3aca16ccd72edb15b`
SHA1	`c1615dfb6cba292c11b99a44b98c278fd97d39f5`
SHA256	`2f0bd3f2f5d4df6beb75301d2558dc33e821be2c5fad695cf592f21552276a12`
SHA3	`7fd0606f094be559657a95bdde8faa3c600bf2e505b49afa25f7668075ab22ad`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.25387`
MD5	`401b5ebacce519ff1f7fb34169f18e01`
SHA1	`85dc68779cc3c34e0af16f91ab0fd29237cf15bb`
SHA256	`fc516847037c89797b4e1a8c926a15e3e4dc5ed5c1ac474a5256e2734908d87b`
SHA3	`c26ab70f4d336fc19a6fd544b4dadca873f6290e8b57d4431d55937bd39ff778`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.4157`
MD5	`9f38bfe1cfbdc91332d8d28ea8c53891`
SHA1	`a4109de69a74e143a582a577ab16ad818eb01b50`
SHA256	`ef0c50ef5cf9a124c9d96122dbba986db4d0cf9c23941857372b0cc49ec4d901`
SHA3	`3aca228218b03271c68bfc4641fda2853b95eea1a8d7809ae62de9347655b6e2`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.35805`
MD5	`d3fc5ba7e5df6b2e9f7d58a5fb38d29f`
SHA1	`ac6f9eaeba2adb55ddd6ddc654a81aab55bfb141`
SHA256	`036a55364e47ff50b157c64c94d07f1e72b53be67d26a2f95250eca51668bd0a`
SHA3	`c4958c51b3aafc1cb0a462707092f8ef8e7403985216f5dd2ca2277504595939`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.59826`
MD5	`64604b12db8071b1e536f5d6c0372153`
SHA1	`bdf7693c1c92206b7ddc5f57c54acdb747b3ce80`
SHA256	`271099f97633cf7efb6fea91bd1d7fb26926010acedcf04a5007b696ec3ac4cd`
SHA3	`e90df6125154828625cbdc5c01a363811d5b85c70f9f3d51b6e7b39b20cac8e5`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96825`
Detected Filetype	Icon file
MD5	`8d73010b7cbf282f2b4f09ff48348599`
SHA1	`7df0a6da88d69663f84fdcaafcf2d70e6ba3ec48`
SHA256	`d3c4afccd00e8ba799c5c358a3c2ae89ce20c2eb02b408095d5b8eb34ef6bb7b`
SHA3	`043731ff906ecc3a06524cae5d4bc7ff94d05e380e2ba0bb0d0dd29b1124ee30`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47519`
MD5	`0bda3170b72af28649d194c9ab47f98d`
SHA1	`8372d4ea1bd7e7c08795f10deec9b60ddde33dcc`
SHA256	`8ca99c29b43471960a05ae69bfb6ce21d9c97171024e9d781d465cb301a1bf46`
SHA3	`971194df2ce140b53f75cee267875bb99e5a099ba23f59987d9d4d66ec16162f`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x514`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91082`
MD5	`8c4141d80940ebf92932e3297e38289c`
SHA1	`1ef53943403503f79e7e4d03d9d0a593ba9a2534`
SHA256	`528a278a0bccc64cfacc7fcac2d8a69b3987e57549212965d79927f7ca0fb795`
SHA3	`30bc4f102e73d7536227bf2807104af1278b604d7b068d41d094bcde888ba2d0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.19041.906
ProductVersion	10.0.19041.906
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Family Safety Monitor
FileVersion (#2)	10.0.19041.906 (WinBuild.160101.0800)
InternalName	WpcMon.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	WpcMon.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.19041.906

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2001-May-14 17:16:24
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0xcef00`
PointerToRawData	`0xccb00`
Referenced File	WpcMon.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2001-May-14 17:16:24
Version	`0.0`
SizeofData	`1236`
AddressOfRawData	`0xcef24`
PointerToRawData	`0xccb24`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2001-May-14 17:16:24
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0xcf3f8`
PointerToRawData	`0xccff8`

TLS Callbacks

StartAddressOfRawData	`0x1400cf440`
EndAddressOfRawData	`0x1400cf448`
AddressOfIndex	`0x1401066f4`
AddressOfCallbacks	`0x1400ae878`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x118`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140105a28`
GuardCFCheckFunctionPointer	`5369422880`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xcaf3423e`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`66`
C objects (27412)	`13`
ASM objects (27412)	`3`
Imports (27412)	`21`
Total imports	`1684`
264 (27412)	`106`
C++ objects (27412)	`37`
253 (27412)	`1`
Resource objects (27412)	`1`
Linker (27412)	`1`

Errors

[*] Warning: Section .imrsiv has a size of 0!