Manalyze report for 4b760ef1ddede7ee55f6ca0381af18e989247e8888850cee252140751d66e1e9

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1977-May-02 21:20:20
Detected languages	English - United States
Debug artifacts	dllhost.pdb
CompanyName	Microsoft Corporation
FileDescription	COM Surrogate
FileVersion	`10.0.26100.8328 (WinBuild.160101.0800)`
InternalName	dllhost.exe
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	dllhost.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	`10.0.26100.8328`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: fothk`
Info	The PE is digitally signed.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011`
Safe	VirusTotal score: 0/71 (Scanned on 2026-05-24 21:04:32)	`All the AVs think this file is safe.`

Hashes

MD5	`46006f038b90fd5d9698059360e89535`
SHA1	`da63fa01a215ce5979f9cd1d1ddfcb26ffecd5bf`
SHA256	`4b760ef1ddede7ee55f6ca0381af18e989247e8888850cee252140751d66e1e9`
SHA3	`b29061457394f0efb91a7e7e599747ff9e830efffbc88f57d3d4da0af5c7d5e8`
SSDeep	`1536:9Xgo475+d+/h0NzWEziflKUPcJOY0UJ+rSxYPTZzqo:9QH75R35t6JOXUJWSxYLZWo`
Imports Hash	`796b776ac798e3e406820b5ae752c421`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	1977-May-02 21:20:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x7000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001530 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x12000`
SizeOfHeaders	`0x1000`
Checksum	`0x2354d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x8000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`450937b8af3410f3969deb3c5cc56ad0`
SHA1	`91e130ffc340a79a567738c9910ea89eb9377187`
SHA256	`632fea3ea632928340a60aff46ddc08f521d5ed31efbbe9744f00daa7f10ea11`
SHA3	`88697a8c4563ec8d26b78fc793c60ab0936f056bd56cc45861b100e065992dd8`
VirtualSize	`0x8e1c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.09613`

fothk

MD5	`3a2ed1c04fd0d1c7418a6cad4159b1e8`
SHA1	`55d59c61fdf2537e38f545d442482bfa0ea3998f`
SHA256	`53997b84468d7cc82674fdd2c983d78c465e5e5d7b57177c6979063395fd0892`
SHA3	`66d710246e19b0cbeadb247250fadd182b9da9a5df30777ab515fe29cc70dc11`
VirtualSize	`0x1000`
VirtualAddress	`0xa000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0159202`

.rdata

MD5	`15103ecb9b4de5a069ae4cb78249ebf8`
SHA1	`f99fe310408bdef1017d88d9e91d1af927c70495`
SHA256	`4f598a2db8ed664c4e71f489d5f30e476a9f265de3b74e99c3b00db3190b33ac`
SHA3	`743d1010dbd0a1aa9f2be2d792ea4f08a7042c2e77e0d0e338a4b9ba4c175e52`
VirtualSize	`0x273c`
VirtualAddress	`0xb000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.22656`

.data

MD5	`1dbbb00fe0ca44a66c63f7d334587a7e`
SHA1	`879470c3f27b21f9a269dd037ffb39d01732769d`
SHA256	`7c6e49c7f2e2e4efdf17a2b2398f95f3d8b9943ec6ed86798027b8730a56b942`
SHA3	`43115589a47ef8f67b0029204a82557cacdc3d02763a43090939f4dfd64f1f6c`
VirtualSize	`0xb60`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0975201`

.pdata

MD5	`644c1915433aa9b70a80141a8a8fcbc6`
SHA1	`6b84fa3b4e05a1a09ae799d81c24d35de479bbc7`
SHA256	`ce16b1e368372bf73ccab78072f7f9c7751d280f0f5c854d241e69bbe2c6def9`
SHA3	`2b44a5393e5474420a76084cdce0cf64bbee23aea812a9ced1e1d468af90caaf`
VirtualSize	`0x75c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.36431`

.rsrc

MD5	`0d2ec5bdf16bbee197d61971fd6c919f`
SHA1	`14bdcfbdc6be5b0f1cbbd157da0043e1a6d41866`
SHA256	`6ccc753c232d1eb89651807edd241cafddec07d673f0dfe447b9e9c2e2367d72`
SHA3	`52a40f850483154086bb53aaf60f67a75c202f4d40a73c04ed4d5b5932cbcfbe`
VirtualSize	`0x3e8`
VirtualAddress	`0x10000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.06631`

.reloc

MD5	`2587c79e8341115ca547fd0ad187bd12`
SHA1	`9be5a665cec0ecd983736f4b01daf3bdb5747375`
SHA256	`435c6e4698d203aec69823d1699f168fb3d060185107e0449f9982a69c6f6375`
SHA3	`7886f1473e6f616e494070158465183b4a0a7545a7b66f811e0d6e5e0b27ded8`
VirtualSize	`0xc8`
VirtualAddress	`0x11000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.305826`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm`
api-ms-win-crt-private-l1-1-0.dll	`_o__cexit` `_o__configthreadlocale` `_o__configure_wide_argv` `_o__crt_atexit` `_o__errno` `_o__exit` `_o__get_wide_winmain_command_line` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__invalid_parameter_noinfo` `_o__purecall` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `memmove` `_o__wcsicmp` `_o_exit` `_o_free` `_o_terminate` `__C_specific_handler` `__current_exception` `__current_exception_context` `_o___stdio_common_vswprintf` `_o___p__commode` `memcmp` `memcpy`
api-ms-win-crt-string-l1-1-0.dll	`memset`
ntdll.dll	`RtlLookupFunctionEntry` `RtlCaptureContext` `RtlVirtualUnwind`
api-ms-win-core-com-private-l1-1-0.dll	`CoRegisterSurrogateEx`
api-ms-win-security-base-l1-1-0.dll	`GetTokenInformation`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleExW` `GetModuleFileNameA` `GetModuleHandleW` `GetProcAddress`
api-ms-win-core-synch-l1-1-0.dll	`EnterCriticalSection` `ReleaseSemaphore` `DeleteCriticalSection` `CreateSemaphoreExW` `ReleaseSRWLockShared` `WaitForSingleObjectEx` `ReleaseMutex` `AcquireSRWLockExclusive` `CreateMutexExW` `LeaveCriticalSection` `OpenSemaphoreW` `WaitForSingleObject` `ReleaseSRWLockExclusive` `InitializeCriticalSectionEx` `AcquireSRWLockShared`
api-ms-win-core-heap-l1-1-0.dll	`HeapFree` `GetProcessHeap` `HeapSetInformation` `HeapAlloc`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `SetLastError` `GetLastError`
api-ms-win-core-processthreads-l1-1-0.dll	`GetStartupInfoW` `GetCurrentProcess` `TerminateProcess` `GetCurrentThreadId` `GetCurrentProcessId`
api-ms-win-core-com-l1-1-0.dll	`CoInitializeEx` `IIDFromString` `CoUninitialize`
api-ms-win-core-threadpool-l1-2-0.dll	`CreateThreadpoolTimer` `CloseThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `SetThreadpoolTimer`
api-ms-win-core-processthreads-l1-1-1.dll	`SetProcessMitigationPolicy` `IsProcessorFeaturePresent`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW`
api-ms-win-core-debug-l1-1-0.dll	`IsDebuggerPresent` `OutputDebugStringW` `DebugBreak`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTimeAsFileTime`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x388`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50897`
MD5	`488dbacadef02ec8457d9a8eda516b1f`
SHA1	`2b2efc425dc5417d67256abfac3a115a1f98d6f7`
SHA256	`d498b8f03feb236ae64b0cf35862442aec1e680b4b988f8eb0341caba0e1edc4`
SHA3	`c322cf8ca0f0cea0c1229f5c188a843ff1a6fcf438813469b5fcd508d03a81e5`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.26100.8328
ProductVersion	10.0.26100.8328
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	COM Surrogate
FileVersion (#2)	10.0.26100.8328 (WinBuild.160101.0800)
InternalName	dllhost.exe
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	dllhost.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion (#2)	10.0.26100.8328

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1977-May-02 21:20:20
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0xbdc0`
PointerToRawData	`0xbdc0`
Referenced File	dllhost.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	1977-May-02 21:20:20
Version	`0.0`
SizeofData	`924`
AddressOfRawData	`0xbde4`
PointerToRawData	`0xbde4`

UNKNOWN

Characteristics	`0`
TimeDateStamp	1977-May-02 21:20:20
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0xc1a8`
PointerToRawData	`0xc1a8`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1977-May-02 21:20:20
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0xc1cc`
PointerToRawData	`0xc1cc`

TLS Callbacks

Load Configuration

Size	`0x148`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14000e140`
GuardCFCheckFunctionPointer	`5368755456`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x754aa7a7`
Unmarked objects	`0`
Imports (33145)	`2`
Imports (VS2008 SP1 build 30729)	`39`
Total imports	`1126`
Unmarked objects (#2)	`1`
C objects (33145)	`10`
ASM objects (33145)	`5`
C++ objects (33145)	`22`
C objects (LTCG) (33145)	`3`
253 (33145)	`1`
Resource objects (33145)	`1`
Linker (33145)	`1`

Errors

Leave a comment

No comments yet.