Manalyze report for 4b179d7c6aa9424831847ba6bacdb260

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2049-Mar-24 13:52:15
Detected languages	English - United States
Debug artifacts	CLBCatQ.pdb
CompanyName	Microsoft Corporation
FileDescription	COM+ Configuration Catalog
FileVersion	`2001.12.10941.16384 (WinBuild.160101.0800)`
InternalName	CLBCATQ.DLL
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	CLBCATQ.DLL
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.18362.1`

Plugin Output

Suspicious	PEiD Signature:	`HQR data file`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: RunDll32.exe`
Suspicious	The PE is possibly packed.	`Unusual section name found: .didat`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: NtQueryInformationProcess` `Can access the registry: RegQueryValueExW RegQueryInfoKeyW RegCreateKeyExW RegOpenKeyExW RegDeleteKeyExW RegFlushKey RegSetValueExW RegEnumKeyExW RegEnumValueW RegDeleteValueW RegCloseKey` `Possibly launches other programs: CreateProcessAsUserW CreateProcessW` `Uses Windows's Native API: NtQueryEvent NtOpenEvent NtQueryInformationProcess` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Functions related to the privilege level: DuplicateTokenEx OpenProcessToken`
Info	The PE is digitally signed.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011`
Safe	VirusTotal score: 0/71 (Scanned on 2020-01-29 12:24:18)	`All the AVs think this file is safe.`

Hashes

MD5	`4b179d7c6aa9424831847ba6bacdb260`
SHA1	`7de7c7e87cfa639e8c4df269e38fb69a391d6790`
SHA256	`f0541b07d7b00c8d09bc72df7e2d974f83482e42cd88b4e8260b832b7a71682e`
SHA3	`fef45bc41fd20e48952028737cd1433009671338854b1ec729085ef0e3b46acd`
SSDeep	`12288:OW5xq598iWckFFeyJrcV4pLFgHZOtjh8R6R:OW5xq59+1FFeyJrcVkLFhtjh8Ri`
Imports Hash	`7421ace070d0aeabac362cc51ec7af4e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2049-Mar-24 13:52:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x63600`
SizeOfInitializedData	`0x3a200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000004160 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0xa2000`
SizeOfHeaders	`0x400`
Checksum	`0xa702b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8f059d7bfd4a0d7e19fdc40be1daf8e3`
SHA1	`da8239b99412335a15a82dbcff0894eed16319f9`
SHA256	`081457087aa654b7007400f6852fe53dcde7bbdce0ed028f9b096d17132e83aa`
SHA3	`cb13614183002545fdf1ef6748f5149176d9b41fb394ccc540c9c3e6af1d7ed2`
VirtualSize	`0x635f9`
VirtualAddress	`0x1000`
SizeOfRawData	`0x63600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.23074`

.rdata

MD5	`419d549452cd4b72c2031645f26a21a9`
SHA1	`fa77bb64b7d42a89619a4d339bacc0a0be3b7155`
SHA256	`d6a8c75e1fb04cbf4e4c6152c394e0b6f7d61ae959430ee6c8947fb0c5c14498`
SHA3	`6674c89af4b6a8872c1d59c6e3bdd1468db3da169ebdfef087c1b2d379fb342d`
VirtualSize	`0x2cb76`
VirtualAddress	`0x65000`
SizeOfRawData	`0x2cc00`
PointerToRawData	`0x63a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.59262`

.data

MD5	`389e42be225ef0ea70ed445ec1248a97`
SHA1	`19983f9df385f54ad481c4e92682dff97b372328`
SHA256	`ee1d60c26219571382c8f24aeed81d73291bef67b17408096111d2fe8fc0c57c`
SHA3	`c13c34e7718a9a6cd7f869950319d6252c387092cacad01ddd89735e5305a38d`
VirtualSize	`0x5342`
VirtualAddress	`0x92000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x90600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.17984`

.pdata

MD5	`e27d2e753a52ea3be0a3ac51286524cc`
SHA1	`fa9925bbe412a3fcada276859e750bbc279c1d25`
SHA256	`94bc31fc1287b780127119d218e4f5a04487183464bdbf691aa3dc0bed8f397e`
SHA3	`e591d8c04de9fb2c6937a67f949e02f61c9aed7713c6b32919c34050d715ccb1`
VirtualSize	`0x411c`
VirtualAddress	`0x98000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x91800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.67456`

.didat

MD5	`a47534f292adf1d03ef78f8929ec8ef4`
SHA1	`5184c0b822339889e7974b34979f5b96b84b9cd1`
SHA256	`9bb943a8ec3c1d0bd82eae0d7ad98456bb83521293c6aac287d3c866be97603c`
SHA3	`efb0c9848ff7503b8aea1369c1b1e63ec33b4e287a1eb3ea4291940d668fd1ea`
VirtualSize	`0x100`
VirtualAddress	`0x9d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x95a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.48574`

.rsrc

MD5	`fe86e26669dadd15aee3d8b2a4c93da0`
SHA1	`39b09206fecbc4d3538355116712eef6176d6510`
SHA256	`24ca930fe9c880875d21db888fd679c618e32c02859f587fccc7e38835e27865`
SHA3	`4a0f5888dee1d1ba87eeabf1c849c34be2f5dc01e34ad713b75dcb1caf534f65`
VirtualSize	`0x1f00`
VirtualAddress	`0x9e000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x95c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.09092`

.reloc

MD5	`eb652f9f824687b3e0c9e09bcdd2f376`
SHA1	`735215ca22a1406774b4a8ce0d1843151f93b4f0`
SHA256	`1938859f2f1e4fd9ae44ae1432aff010e48e1ebe8bf92f022bbbf1cedf72038d`
SHA3	`a535e065fa45e85420bdb62717626cad50207862d9ef119f9b0e82337a31a6a2`
VirtualSize	`0x1c3c`
VirtualAddress	`0xa0000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x97c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.35766`

Imports

msvcrt.dll	`__CxxFrameHandler3` `??1type_info@@UEAA@XZ` `free` `_lock` `_vsnprintf` `_i64tow_s` `realloc` `_onexit` `?terminate@@YAXXZ` `memmove` `memcpy` `_purecall` `memcmp` `qsort` `malloc` `_initterm` `_wcsnicmp` `wcsrchr` `memset` `_stricmp` `_wmakepath_s` `_wstrtime` `_waccess` `_wstrdate` `_wtol` `_ltow` `wcschr` `_vsnprintf_s` `_local_unwind` `??0exception@@QEAA@AEBV0@@Z` `_CxxThrowException` `wcstombs` `mbstowcs` `towupper` `wcsstr` `_wcslwr` `wcstol` `_wsplitpath_s` `_XcptFilter` `wcsncmp` `??0exception@@QEAA@XZ` `??1exception@@UEAA@XZ` `__dllonexit` `_unlock` `_wcsicmp` `memcpy_s` `_vsnwprintf` `__C_specific_handler` `_amsg_exit` `wcscmp`
ntdll.dll	`RtlAllocateHeap` `NtQueryEvent` `RtlInitUnicodeString` `NtOpenEvent` `RtlImageNtHeader` `RtlFreeHeap` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RtlWow64IsWowGuestMachineSupported` `NtQueryInformationProcess` `WinSqmSetDWORD`
api-ms-win-core-registry-l1-1-0.dll	`RegQueryValueExW` `RegQueryInfoKeyW` `RegCreateKeyExW` `RegOpenKeyExW` `RegDeleteKeyExW` `RegFlushKey` `RegDeleteTreeW` `RegSetValueExW` `RegEnumKeyExW` `RegEnumValueW` `RegDeleteValueW` `RegCloseKey`
api-ms-win-core-com-l1-1-0.dll	`CoCreateInstanceEx` `CoTaskMemFree` `CoTaskMemAlloc` `CLSIDFromString` `CoCreateInstance` `CoTaskMemRealloc` `StringFromCLSID` `CoSetProxyBlanket` `CoGetObjectContext` `StringFromGUID2` `CoGetCallContext` `CoGetMalloc` `CreateStreamOnHGlobal` `CoImpersonateClient` `CoRevertToSelf` `CoCreateGuid`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleExW` `FreeLibrary` `DisableThreadLibraryCalls` `GetModuleFileNameW` `FindResourceExW` `LoadLibraryExW` `GetModuleHandleW` `GetModuleFileNameA` `LoadStringW` `LockResource` `GetProcAddress` `LoadResource`
api-ms-win-core-synch-l1-1-0.dll	`InitializeCriticalSectionAndSpinCount` `EnterCriticalSection` `WaitForSingleObject` `DeleteCriticalSection` `LeaveCriticalSection`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `GetLastError` `SetUnhandledExceptionFilter`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-heap-l2-1-0.dll	`LocalAlloc` `LocalFree`
api-ms-win-eventing-classicprovider-l1-1-0.dll	`GetTraceEnableFlags` `TraceMessage` `GetTraceEnableLevel` `RegisterTraceGuidsW` `UnregisterTraceGuids` `GetTraceLoggerHandle`
api-ms-win-security-base-l1-1-0.dll	`GetLengthSid` `SetSecurityDescriptorGroup` `AddAccessAllowedAce` `InitializeAcl` `InitializeSecurityDescriptor` `AddAccessDeniedAce` `SetSecurityDescriptorOwner` `SetSecurityDescriptorDacl` `GetAclInformation` `GetTokenInformation` `DuplicateTokenEx` `GetSecurityDescriptorDacl` `GetSecurityDescriptorLength`
api-ms-win-core-processthreads-l1-1-0.dll	`GetCurrentThread` `GetCurrentThreadId` `CreateProcessAsUserW` `OpenProcessToken` `GetExitCodeProcess` `GetCurrentProcessId` `TerminateProcess` `GetCurrentProcess` `OpenThreadToken` `SetThreadToken` `CreateProcessW` `SetThreadStackGuarantee`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceExecuteOnce` `Sleep`
api-ms-win-core-heap-l1-1-0.dll	`HeapFree` `HeapAlloc` `GetProcessHeap`
api-ms-win-core-processenvironment-l1-1-0.dll	`GetCurrentDirectoryW` `ExpandEnvironmentStringsW`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetVersionExW` `GetSystemDirectoryW` `GetTickCount` `GetSystemTimeAsFileTime` `GlobalMemoryStatusEx` `GetSystemInfo` `GetLocalTime`
api-ms-win-core-wow64-l1-1-1.dll	`GetSystemWow64DirectoryW`
api-ms-win-core-localization-l1-2-0.dll	`IsDBCSLeadByte` `GetSystemDefaultLCID` `FormatMessageW`
api-ms-win-core-debug-l1-1-0.dll	`DebugBreak` `OutputDebugStringW` `IsDebuggerPresent`
api-ms-win-core-sysinfo-l1-2-0.dll	`GetNativeSystemInfo`
api-ms-win-core-memory-l1-1-0.dll	`UnmapViewOfFile` `OpenFileMappingW` `VirtualProtect` `VirtualAlloc` `VirtualFree` `VirtualQuery` `MapViewOfFile` `CreateFileMappingW`
api-ms-win-core-file-l2-1-0.dll	`MoveFileExW` `MoveFileWithProgressW`
api-ms-win-core-file-l1-1-0.dll	`FindNextFileW` `FindFirstFileW` `CreateDirectoryW` `CreateFileW` `SetFilePointer` `WriteFile` `SetFileAttributesW` `DeleteFileW` `FindClose` `GetLongPathNameW` `FlushFileBuffers` `GetFileAttributesW` `GetTempFileNameW` `SetEndOfFile` `ReadFile` `GetFileSizeEx` `GetFileType`
api-ms-win-core-string-l1-1-0.dll	`MultiByteToWideChar` `WideCharToMultiByte` `CompareStringW`
api-ms-win-core-string-l2-1-0.dll	`CharNextW` `CharLowerW`
api-ms-win-core-file-l1-2-0.dll	`GetTempPathW`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-localization-obsolete-l1-2-0.dll	`CompareStringA`
api-ms-win-security-base-private-l1-1-0.dll	`MakeAbsoluteSD2`
api-ms-win-core-com-private-l1-1-0.dll	`CLSIDFromOle1Class` `CoGetModuleType`
RPCRT4.dll	`UuidFromStringW`
api-ms-win-core-version-l1-1-0.dll	`VerQueryValueW`
api-ms-win-core-processthreads-l1-1-1.dll	`GetThreadContext`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
KERNEL32.dll	`GetComputerNameW`
OLEAUT32.dll (delay-loaded)	`#411` `#149` `#150` `#8` `#6` `#4` `#183` `#162` `#2` `#9` `#12`

Delayed Imports

Attributes	`0x1`
Name	`OLEAUT32.dll`
ModuleHandle	`0x93780`
DelayImportAddressTable	`0x9d050`
DelayImportNameTable	`0x8f600`
BoundDelayImportTable	`0x8f800`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

ActivatorUpdateForIsRouterChanges

Ordinal	`1`
Address	`0x13df0`

CoRegCleanup

Ordinal	`2`
Address	`0x1a880`

DeleteAllActivatorsForClsid

Ordinal	`3`
Address	`0x14270`

DowngradeAPL

Ordinal	`4`
Address	`0x15750`

GetGlobalBabyJITEnabled

Ordinal	`5`
Address	`0x8d60`

UpdateFromAppChange

Ordinal	`6`
Address	`0x14be0`

UpdateFromComponentChange

Ordinal	`7`
Address	`0x151e0`

CLSIDFromStringByBitness

Ordinal	`8`
Address	`0x13a00`

CheckMemoryGates

Ordinal	`9`
Address	`0x12be0`

ComPlusEnablePartitions

Ordinal	`10`
Address	`0x7fa0`

ComPlusEnableRemoteAccess

Ordinal	`11`
Address	`0x8080`

ComPlusMigrate

Ordinal	`12`
Address	`0x175b0`

ComPlusPartitionsEnabled

Ordinal	`13`
Address	`0x8130`

ComPlusRemoteAccessEnabled

Ordinal	`14`
Address	`0x8250`

CreateComponentLibraryEx

Ordinal	`15`
Address	`0x1b310`

DllCanUnloadNow

Ordinal	`16`
Address	`0x3030`

DllGetClassObject

Ordinal	`17`
Address	`0x8340`

DllRegisterServer

Ordinal	`18`
Address	`0x8460`

DllUnregisterServer

Ordinal	`19`
Address	`0x8520`

GetCatalogObject

Ordinal	`20`
Address	`0x2830`

GetCatalogObject2

Ordinal	`21`
Address	`0x2a00`

GetComputerObject

Ordinal	`22`
Address	`0x8570`

GetSimpleTableDispenser

Ordinal	`23`
Address	`0x8590`

InprocServer32FromString

Ordinal	`24`
Address	`0x13b90`

OpenComponentLibraryEx

Ordinal	`25`
Address	`0x1b3a0`

OpenComponentLibraryOnMemEx

Ordinal	`26`
Address	`0x1b440`

OpenComponentLibraryOnStreamEx

Ordinal	`27`
Address	`0x1b4d0`

ServerGetApplicationType

Ordinal	`28`
Address	`0x13c40`

SetSetupOpen

Ordinal	`29`
Address	`0x13db0`

SetSetupSave

Ordinal	`30`
Address	`0x13dc0`

SetupOpen

Ordinal	`31`
Address	`0x13dd0`

SetupSave

Ordinal	`32`
Address	`0x13de0`

1

Type	`TYPELIB`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1aa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20952`
MD5	`f710b470e1fb13ea85201ed0841a5d4a`
SHA1	`4297d5db535f1a5a954143db1f81d2074cc66c35`
SHA256	`52c9eacc5813f348d06a0aecbf7eff529593e5636fa28375231685156f711422`
SHA3	`3d16bdd48567163b6dacab3319e4b93d728c512742a311c971feaf9c838770bf`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55116`
MD5	`0822ab0bfa534dab332e60bfbcf50491`
SHA1	`8bc4a9c1132af7339de3145406cd71b9ddefd75c`
SHA256	`9c14e98dd91be8993d6108237b000896e3f8ab226e3948b718c405ffeec025df`
SHA3	`264e3437ae95be7f536502a732c10b0574576e79ce8bbeafd8e5c07bc6c12fc3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2001.12.10941.16384
ProductVersion	10.0.18362.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	COM+ Configuration Catalog
FileVersion (#2)	2001.12.10941.16384 (WinBuild.160101.0800)
InternalName	CLBCATQ.DLL
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	CLBCATQ.DLL
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.18362.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2049-Mar-24 13:52:15
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x8a300`
PointerToRawData	`0x88d00`
Referenced File	CLBCatQ.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2049-Mar-24 13:52:15
Version	`0.0`
SizeofData	`1116`
AddressOfRawData	`0x8a324`
PointerToRawData	`0x88d24`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2049-Mar-24 13:52:15
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x8a780`
PointerToRawData	`0x89180`

TLS Callbacks

Load Configuration

Size	`0x108`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180093128`
GuardCFCheckFunctionPointer	`6442919776`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x5d4811c9`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`68`
C++ objects (26715)	`4`
C objects (26715)	`18`
ASM objects (26715)	`3`
Total imports	`267`
Imports (26715)	`9`
Exports (26715)	`1`
270 (26715)	`128`
Resource objects (26715)	`1`
Linker (26715)	`1`

4b179d7c6aa9424831847ba6bacdb260

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.didat

.rsrc

.reloc

Imports

Delayed Imports

ActivatorUpdateForIsRouterChanges

CoRegCleanup

DeleteAllActivatorsForClsid

DowngradeAPL

GetGlobalBabyJITEnabled

UpdateFromAppChange

UpdateFromComponentChange

CLSIDFromStringByBitness

CheckMemoryGates

ComPlusEnablePartitions

ComPlusEnableRemoteAccess

ComPlusMigrate

ComPlusPartitionsEnabled

ComPlusRemoteAccessEnabled

CreateComponentLibraryEx

DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

GetCatalogObject

GetCatalogObject2

GetComputerObject

GetSimpleTableDispenser

InprocServer32FromString

OpenComponentLibraryEx

OpenComponentLibraryOnMemEx

OpenComponentLibraryOnStreamEx

ServerGetApplicationType

SetSetupOpen

SetSetupSave

SetupOpen

SetupSave

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors