Manalyze report for 4e9f28a6a3db2b5289231a33d7dc353a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Feb-29 07:18:28
Detected languages	English - United States
Debug artifacts	h:\Build\BestCrypt\2016.02.29_BC_9.02.9_BCFNT_v.2.84\Projects\WinExe\Release\BCWipe.pdb
CompanyName	Jetico
FileDescription	BCWipe command line utility.
FileVersion	`3.10.6`
InternalName	BCWipe.exe
LegalCopyright	Copyright © 1997-2015
OriginalFilename	BCWipe.exe
ProductName	BCWipe.exe
ProductVersion	`3.10.6`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: SCHTASK`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryExA LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegDeleteKeyA RegDeleteKeyW RegOpenKeyExA RegQueryValueExA RegCreateKeyExW RegSetValueExA RegDeleteValueA RegCloseKey RegSetValueExW RegDeleteValueW RegOpenKeyExW RegQueryValueExW RegEnumValueW RegEnumKeyExW RegQueryInfoKeyA RegCreateKeyW` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileA GetTempPathW CreateFileW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken DuplicateTokenEx` `Enumerates local disk drives: GetVolumeInformationW GetDriveTypeW GetLogicalDriveStringsW` `Manipulates other processes: OpenProcess` `Can take screenshots: FindWindowW GetDC BitBlt CreateCompatibleDC` `Can shut the system down or lock the screen: ExitWindowsEx`
Malicious	The PE's digital signature is invalid.	`Signer: Jetico Inc. Oy` `Issuer: DigiCert SHA2 High Assurance Code Signing CA` `The file was modified after it was signed.`
Safe	VirusTotal score: 0/70 (Scanned on 2019-11-16 17:07:24)	`All the AVs think this file is safe.`

Hashes

MD5	`4e9f28a6a3db2b5289231a33d7dc353a`
SHA1	`9aadd1ade67050a17a5b43014f05652efc41eb1d`
SHA256	`2056f534e71bf46c7b810bc4470e5eb3207753973b369874505efb99cfea52e1`
SHA3	`47c8ee05f5bfc49b56737f932fd851a0526c311d2dc13e90b7fbce3da1f03993`
SSDeep	`12288:JRCyc92N9c+TbLqMotnNqjAJ4eIG9tAdBASokDJE:HCJO6BMotnNqsJ4eIG9VSok2`
Imports Hash	`64a2fcad6a99473dc13f86f424d00ce2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Feb-29 07:18:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x48400`
SizeOfInitializedData	`0x61400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000227EB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xad000`
SizeOfHeaders	`0x400`
Checksum	`0xb43d4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ccf8c61596bd0ad9b3b55e3e41642e57`
SHA1	`8f60bc065f5c82e5b0f568671ee89731f64b51ee`
SHA256	`118eb62fe7cd6664d2d15ac30f8cb79e8eaea6219e781466652ba0f892b50d69`
SHA3	`62e4e9ab11047197626c70a7061d002312a2e7bf37be212050133bbda3a19ed6`
VirtualSize	`0x48298`
VirtualAddress	`0x1000`
SizeOfRawData	`0x48400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.5937`

.rdata

MD5	`ec264989d69a9278d28c66e118198c29`
SHA1	`48390bd39b6bdc8b63218706361828932ce6bae9`
SHA256	`3abf53dc92fab88bb8aec2452eec616e07aeea592a46fdaf63866e92b1b2eb0f`
SHA3	`6cbf8bb125f31837409e40a658896fc3c5f6eb22cfeb22a3b333cad1f235dc44`
VirtualSize	`0xc436`
VirtualAddress	`0x4a000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x48800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.67835`

.data

MD5	`f0edd85a2ef797ff2e08383803585740`
SHA1	`d3ff92a5395a6d002b01026b073fd1a91d3bb024`
SHA256	`f71db8899f9f25c2e173ec9fc4a96e4da65ca52b1d3a5717aa9b4d36a6cd0ab6`
SHA3	`49ecb94172ffe1d3f4ef112f4be8fdbc3fbd30501891b5102822385bec2eff8b`
VirtualSize	`0x8204`
VirtualAddress	`0x57000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x54e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.92565`

.rsrc

MD5	`94453389dd503221607b35a364c73b9f`
SHA1	`7aa0e3baba5627044d71bbb56c35233f089df730`
SHA256	`f1f156651841390111d96de81b9b0bccf8ac12795bc6be77bafd05fd36de543a`
SHA3	`906308ef7db5e16821d7f9994bc99076835b704923c834dd47e6c0f6324bfad3`
VirtualSize	`0x48fa8`
VirtualAddress	`0x60000`
SizeOfRawData	`0x49000`
PointerToRawData	`0x56800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.57358`

.reloc

MD5	`6383bed76dba6723e68610c0aa49f601`
SHA1	`727d3c649aeb50a94bc0b5cd7845a59f7d0e62cb`
SHA256	`9f80ed864af55130da9cc10b670bda1060a8f6616c0b17fe35f8cf239cc8e91f`
SHA3	`0f3e98bf8de5c239e16373d739e25e6c2ef90249b5fcb4e048f4cff22b5602a5`
VirtualSize	`0x38c0`
VirtualAddress	`0xa9000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x9f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.48871`

Imports

VERSION.dll	`GetFileVersionInfoSizeA` `GetFileVersionInfoA` `VerQueryValueA` `VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
KERNEL32.dll	`SetFilePointer` `CreateFileA` `ReadFile` `SetEndOfFile` `VirtualFree` `VirtualAlloc` `GetFileSize` `GetWindowsDirectoryW` `IsBadStringPtrW` `SetLastError` `GetVersionExA` `CreateThread` `DuplicateHandle` `GetCurrentThread` `SetErrorMode` `FindClose` `FindNextFileW` `Sleep` `GetFullPathNameW` `GetExitCodeThread` `CreateDirectoryW` `GetTempPathW` `GetVolumeInformationW` `GetLongPathNameW` `GetCurrentDirectoryW` `GetLocaleInfoA` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `FindFirstFileA` `DeviceIoControl` `GetTimeFormatW` `GetDateFormatW` `GetLocalTime` `GetModuleHandleA` `CreateFileW` `GetFileAttributesW` `FindFirstFileW` `CopyFileW` `SetFileAttributesW` `DeleteFileW` `MoveFileExW` `GetShortPathNameW` `GetFileInformationByHandle` `GetLogicalDrives` `FormatMessageW` `GetFileAttributesExW` `RemoveDirectoryW` `GetCompressedFileSizeW` `GetExitCodeProcess` `ResumeThread` `CreateProcessW` `CreateDirectoryExW` `SetFileTime` `GetCommandLineW` `GetDriveTypeW` `GetLogicalDriveStringsW` `GetCurrentThreadId` `HeapAlloc` `HeapFree` `WriteFile` `InitializeCriticalSection` `DeleteCriticalSection` `GetComputerNameW` `GetDiskFreeSpaceW` `GlobalFree` `GlobalAlloc` `RtlUnwind` `GetFileAttributesA` `GetSystemTimeAsFileTime` `GetModuleHandleW` `ExitProcess` `GetCommandLineA` `GetStartupInfoA` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `InterlockedIncrement` `InterlockedDecrement` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `RaiseException` `HeapSize` `HeapCreate` `HeapDestroy` `FatalAppExitA` `GetSystemInfo` `GetStdHandle` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `LCMapStringA` `LCMapStringW` `GetTimeZoneInformation` `SetConsoleCtrlHandler` `InterlockedExchange` `InitializeCriticalSectionAndSpinCount` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `QueryPerformanceCounter` `GetTickCount` `GetStringTypeA` `GetStringTypeW` `GetTimeFormatA` `GetDateFormatA` `GetUserDefaultLCID` `EnumSystemLocalesA` `IsValidLocale` `GetConsoleCP` `GetConsoleMode` `GetLocaleInfoW` `SetStdHandle` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `ExpandEnvironmentStringsA` `UnmapViewOfFile` `MapViewOfFile` `CreateFileMappingA` `WideCharToMultiByte` `MultiByteToWideChar` `LeaveCriticalSection` `EnterCriticalSection` `ReleaseSemaphore` `WaitForSingleObject` `OpenSemaphoreW` `FreeLibrary` `LoadLibraryExW` `LoadLibraryExA` `LoadLibraryA` `GetModuleFileNameA` `GetCurrentProcessId` `OpenProcess` `CreateSemaphoreW` `CreateMutexW` `LocalAlloc` `CreateNamedPipeW` `LocalFree` `GetCurrentProcess` `FlushFileBuffers` `CloseHandle` `GetModuleFileNameW` `GetVersion` `GetLastError` `GetProcAddress` `GetProcessHeap` `HeapReAlloc`
USER32.dll	`GetActiveWindow` `SetWindowPos` `LoadStringA` `GetParent` `FindWindowW` `PostMessageA` `FindWindowExA` `LoadStringW` `SetDlgItemTextW` `GetWindowTextLengthW` `LoadImageA` `GetDlgItemTextW` `GetWindowTextA` `GetDlgItem` `GetDesktopWindow` `MessageBoxW` `GetWindowLongW` `SetWindowLongW` `SetClassLongW` `SendMessageA` `GetDC` `DrawTextW` `GetMenuItemInfoW` `GetMenuItemID` `GetMenuState` `ModifyMenuW` `SendMessageW` `GetWindowTextW` `IsWindow` `PeekMessageA` `TranslateMessage` `DispatchMessageW` `LoadCursorA` `SetCursor` `ExitWindowsEx` `MessageBoxA`
GDI32.dll	`CreateCompatibleBitmap` `BitBlt` `ExtTextOutW` `DeleteObject` `SelectObject` `CreateCompatibleDC`
COMDLG32.dll	`CommDlgExtendedError` `GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`FreeSid` `RegDeleteKeyA` `RegDeleteKeyW` `RegOpenKeyExA` `RegQueryValueExA` `RegCreateKeyExW` `AdjustTokenPrivileges` `LookupPrivilegeValueA` `OpenProcessToken` `RegSetValueExA` `RegDeleteValueA` `OpenThreadToken` `DuplicateTokenEx` `RevertToSelf` `ImpersonateNamedPipeClient` `RegCloseKey` `RegSetValueExW` `RegDeleteValueW` `RegOpenKeyExW` `RegQueryValueExW` `DecryptFileW` `RegEnumValueW` `RegEnumKeyExW` `RegQueryInfoKeyA` `SetThreadToken` `RegCreateKeyW`
SHELL32.dll	`SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetSpecialFolderLocation` `#155` `SHGetFileInfoW` `SHGetFolderLocation` `ShellExecuteExW` `SHGetSpecialFolderPathA` `ShellExecuteW` `SHGetDesktopFolder` `SHGetMalloc`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02439`
MD5	`5f17c95ac6693cf09928b4c037db80b5`
SHA1	`dd8c4b115699fcf90ea1aa07dc1762af6a43f845`
SHA256	`f6aff1b336e300ea70d269ae2898303fc844d893f92541eb263df030aa2a567f`
SHA3	`8e695cf489dc6c6e06ee9ba8c02fa98137441361f60cb21c37a95f6f67b9abfb`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.60407`
MD5	`54c1deb59d3d2de18bbdc5cad179a8bf`
SHA1	`7382865fa8a6e9bacf704cbac0d3b8a7139478ac`
SHA256	`1029b527f29f0eb6356be0d486df42a0526e1dfb3f7aa32a3da41a578e23afd5`
SHA3	`b29b79c4b59384cc5e05bec5b19b6973003395dbe5fa1f306c80216b1a6ce8dc`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.43309`
MD5	`93023cc206d759e2f441a4f65e9a514d`
SHA1	`99d61af36c882bfd1680d0183ac23fd58b2a4a0f`
SHA256	`ffd2035214ca9652ddb04fdf1eead242370f45fad5a5f6c626a1f7be05bbb4e7`
SHA3	`aa75087c020ee419fe738cc92f9cba0e84420674d78014ab018f8f85afd61723`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85488`
MD5	`4ea18d34ecfb188913f0593593eb74e3`
SHA1	`6baf2470b53db138af55fc6d41c16e3078fcb1e1`
SHA256	`c937b14ef8fb1c9336fc6d8971f545dad0c468f380d431cac3e176dc058be02f`
SHA3	`cf7be875e9b437a445dd8202e641c8f9e054c6e0f8ae72cc70f015bf385c04e0`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49451`
MD5	`c9b3fde804d30fb9d7b0c19fdd6732c8`
SHA1	`eb2a1cf7cb8d65c89bed42e417707093df7d7ce2`
SHA256	`20562426a6cc3596a0b2044f1672efd682b5f5272af01c7d393784aba17c6c5e`
SHA3	`e504ed526f7f085ff316c8936df33487ba85502a6c6378dce09a6f1fb35faf27`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.15628`
MD5	`7f72f436f4f95fca915eaf2ac2d02850`
SHA1	`004b34f199c0310790fd89e11688a8081efe61e2`
SHA256	`94d340fe73926c1dce81d22ede41230cf191ea45013aa4a1b154c1a43614a5d8`
SHA3	`4c89a8e3c60921c74cabc9f89be378a294460c5a6537941bcb0f80c14c234509`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.29403`
MD5	`e1e1ef895d47d3075cc3d382f4774d9d`
SHA1	`a9042cc6bb88ec4949d3c3e609fa88dacd3342f5`
SHA256	`4720d5ef317e89b77a8dc9baaadef8d829c441cef13498f839e3b88fd79ceded`
SHA3	`0f06d186137ea2f4bb6a32d387d186b6c964d537f2a02db9d806e7f77d4b7a59`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.16127`
MD5	`ce1a82f686d738faedf66befe20ab7d6`
SHA1	`2fe1c26bfc5e35ed79e0dd65842a08cdfa5db6b7`
SHA256	`e8345d35af0f63e2fc22271c18f26882495051ec96a3582258ab8f9b7e6b8b6c`
SHA3	`8bf5dc19a120c36751845b6bede4e68b4ff192c24f6a2f96bcda548c0c33e93d`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.12058`
MD5	`15c220395cb26c6e8e938c1e88e7f4ba`
SHA1	`bad455e45d72b6d453eeefb8810c368b0c63da3e`
SHA256	`8ae29b3d0d71591ea6c12a1aa5980ef86618eefeeff25f094ccc72d8f678c78c`
SHA3	`161f3ae60df22afac1e4ccdc18bd9f9552c3b1ac82a6cf061f0538486e25e2be`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15351`
MD5	`c77ff83aaecc8587e705f0dd73c179d5`
SHA1	`587ac46fc6ce73439f94a763cb5e4022fea729b6`
SHA256	`330e5c7a0f05b01558725e1d9c354bbc6575ff9d6f161aac1bc0a142cd0493b6`
SHA3	`c34a5103a2a64ea3ce53c862f66b705a82e80cb8f3c7d60952931a98340013ce`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86371`
Detected Filetype	Icon file
MD5	`465c248d41f45ab5baaf1554d41c0796`
SHA1	`1a39e3a09c508fdb6f5723dd94b0cbf881b0c208`
SHA256	`b76123085b10545a8b050af79f596b11c425baf46a12bad1dc5231918879b82c`
SHA3	`f71fb40094e3247fd29e8a7d8761db6d8e75f31d258a9ad530425997c0176aa6`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3997`
MD5	`d4dc0439ccf851aa0a6089329efffe1f`
SHA1	`e8a4b63e7468c9b087595c29092a73ad1f0e6255`
SHA256	`4c8de2b4559c81732bdcc880a9b0aa8966ed2a7b24e2d68aa6dc06d24c236a79`
SHA3	`df8a58d9abfe61ca0f293e4ec56e2fd678493586de1c081405522cabaac183fa`

String Table contents

BCWipe command line utility
Help hile is not found in current location.
Do you want to browse it in another folders right now?
Choose drive for free space wiping
Choose help file
HTML Help files (*.chm)

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.10.6.0
ProductVersion	3.10.6.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Jetico
FileDescription	BCWipe command line utility.
FileVersion (#2)	3.10.6
InternalName	BCWipe.exe
LegalCopyright	Copyright © 1997-2015
OriginalFilename	BCWipe.exe
ProductName	BCWipe.exe
ProductVersion (#2)	3.10.6

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-Feb-29 07:18:28
Version	`0.0`
SizeofData	`112`
AddressOfRawData	`0x50dc0`
PointerToRawData	`0x4f5c0`
Referenced File	h:\Build\BestCrypt\2016.02.29_BC_9.02.9_BCFNT_v.2.84\Projects\WinExe\Release\BCWipe.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x457610`
SEHandlerTable	`0x4514a0`
SEHandlerCount	`235`

RICH Header

XOR Key	`0x57937b89`
Unmarked objects	`0`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`1`
ASM objects (VS2008 SP1 build 30729)	`26`
C objects (VS2008 SP1 build 30729)	`143`
Imports (VS2012 build 50727 / VS2005 build 50727)	`15`
Total imports	`245`
C++ objects (VS2008 SP1 build 30729)	`88`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

4e9f28a6a3db2b5289231a33d7dc353a

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

7 (#2)

101

1 (#2)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors