Manalyze report for 5308fbc768655d474ae9d78ab36195c4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2080-Aug-08 02:52:28
Detected languages	English - United States
Debug artifacts	WinBioVsmStorageAdapter.pdb
CompanyName	Microsoft Corporation
FileDescription	WinBio VSM Storage Adapter
FileVersion	`10.0.22000.653 (WinBuild.160101.0800)`
InternalName	WinBioVsmStorageAdapter
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	WinBioVsmStorageAdapter.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.22000.653`

Plugin Output

Safe	VirusTotal score: 0/70 (Scanned on 2022-12-14 21:22:23)	`All the AVs think this file is safe.`

Hashes

MD5	`5308fbc768655d474ae9d78ab36195c4`
SHA1	`1dbbec385defd2850110e1f284d220f5d40b6d23`
SHA256	`8cd3e706f056a0fdc60fd3f929fa7a5de93231ab3a42046e532425644a3a0ab2`
SHA3	`dc9aa824cf18047ca8841151595d02a963a85d579f66794f544389164b568897`
SSDeep	`1536:zP7V1FQgCpCTsR5vzicW4E9XD0MjlcfuTGQacVS6kw7MiwtGxxPOS:r7lGpPb+c6rj+2TGQ/Vrkwpwt4xPb`
Imports Hash	`f47ef5f566a1135f7d1d2e39cbd80dfa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2080-Aug-08 02:52:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x11000`
SizeOfInitializedData	`0x9000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002320 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x1b000`
SizeOfHeaders	`0x1000`
Checksum	`0x2a19d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`86720532bef9dd820115209721c586d6`
SHA1	`e8d6514869fe6888ab9a69d755e1f3bb83786591`
SHA256	`89f7ffee03a7ecdcbd8b946922c1a45b16de869504bde925bb95ab6df080b3b2`
SHA3	`dd97b17ecf0b514563fe87925afc1f3ae097a712f15f72f4fe86720ae32f82b0`
VirtualSize	`0x1001c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.98315`

.rdata

MD5	`8832f729dafd74e5fc45eff6b5cc2594`
SHA1	`70f308f1376f65a2777796c0e35ffdd09f5ed329`
SHA256	`2ddb7dc69e56413c0d5ba68106ac3fb61363c299a3e6b6678fe034132361901e`
SHA3	`234eb814f98a50c5e3f8fd5d20c9ba74bb37239ebd9d15d3aba44b6afb089bfb`
VirtualSize	`0x4c4a`
VirtualAddress	`0x12000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x12000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.89035`

.data

MD5	`232933b6c97f30344469e9bd69b0e515`
SHA1	`f13c160d4e637cf147f0b6327e3fa685387055e3`
SHA256	`92a58b38ba82c64dbf61564f745c8c2a0ef8ce75a32517039ae342db1c7bc164`
SHA3	`3d476bd14ccff70b6566ac990063465026be037fcb434269e3ecbe8bd0bb260b`
VirtualSize	`0xb00`
VirtualAddress	`0x17000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.772921`

.pdata

MD5	`3be135233ef74a63fa5b656a348bb478`
SHA1	`81b19ac0b54dc8885f2ea90a734e9b019ce4dcc7`
SHA256	`a52eb754b1a160d5c40914f3d95fe22220412f2a44d447d6e851af0e33a2c2fc`
SHA3	`b6a902360b9cc843ec3e74a862290663e157f5ec68de52bbc0b7a85585a03380`
VirtualSize	`0xca8`
VirtualAddress	`0x18000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.19818`

.rsrc

MD5	`4e5d418df29271f3cb05bbee5db99b21`
SHA1	`f909f7accfefd86847398815d16f54a844ded9be`
SHA256	`375d3b3d0c3368e61a8307facb73f430663f5a70f41ec94f2e455360795c1f16`
SHA3	`d1d9ede46237c0cd5ad3cfa6eac1e5cf7d3f7b013c37fab3ac425c64341265f5`
VirtualSize	`0x440`
VirtualAddress	`0x19000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.14896`

.reloc

MD5	`d3f2ca033770633b86c8fff41722338f`
SHA1	`2a21d53116438200fe0e224256f43db77cf12f90`
SHA256	`d474ca4ea2e386570af0371e275b156380bdccb3aa74cbc1a02b3db43aa7ca8e`
SHA3	`6a6a3269a45eac2c799644d368538e4e8bdaaf0ccd4324e98601fe5f534b2686`
VirtualSize	`0xc4`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.445324`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_initterm`
api-ms-win-crt-private-l1-1-0.dll	`_o__callnewh` `_o__cexit` `_o__configure_narrow_argv` `_o__crt_atexit` `_o__errno` `_o__execute_onexit_table` `_o__initialize_narrow_environment` `_o__initialize_onexit_table` `_o__invalid_parameter_noinfo` `_o__invalid_parameter_noinfo_noreturn` `_o__register_onexit_function` `_o__seh_filter_dll` `memmove` `_o_free` `_o_malloc` `_o_wcscpy_s` `_o_wcsncpy_s` `__C_specific_handler` `__CxxFrameHandler3` `_CxxThrowException` `_o___std_type_info_destroy_list` `_o___std_exception_destroy` `_o___std_exception_copy` `_o___stdio_common_vswprintf` `_o___stdio_common_vsnprintf_s` `__std_terminate` `__CxxFrameHandler4` `memcmp` `memcpy`
api-ms-win-crt-string-l1-1-0.dll	`memset`
api-ms-win-core-libraryloader-l1-2-0.dll	`DisableThreadLibraryCalls` `FindStringOrdinal` `GetProcAddress` `GetModuleHandleExW` `GetModuleFileNameA` `GetModuleHandleW`
api-ms-win-core-synch-l1-1-0.dll	`ReleaseSRWLockExclusive` `CreateMutexExW` `OpenSemaphoreW` `WaitForSingleObjectEx` `ReleaseMutex` `AcquireSRWLockExclusive` `WaitForSingleObject` `ReleaseSemaphore` `CreateSemaphoreExW`
api-ms-win-core-heap-l1-1-0.dll	`HeapFree` `HeapAlloc` `GetProcessHeap`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetLastError` `SetLastError`
api-ms-win-core-processthreads-l1-1-0.dll	`GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `TerminateProcess`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW`
api-ms-win-core-debug-l1-1-0.dll	`DebugBreak` `IsDebuggerPresent` `OutputDebugStringW`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-heap-l2-1-0.dll	`LocalFree` `LocalAlloc`
api-ms-win-core-path-l1-1-0.dll	`PathCchSkipRoot`
api-ms-win-core-file-l1-1-0.dll	`DeleteFileW` `SetFileInformationByHandle` `ReadFile` `CreateFileW` `CreateDirectoryW` `SetFilePointerEx` `UnlockFileEx` `LockFileEx` `WriteFile`
api-ms-win-eventing-provider-l1-1-0.dll	`EventActivityIdControl` `EventSetInformation` `EventRegister` `EventUnregister` `EventWriteTransfer`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceComplete` `InitOnceBeginInitialize`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlCaptureContext`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetTickCount` `GetSystemTimeAsFileTime`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-file-l2-1-0.dll	`ReplaceFileW`
api-ms-win-security-base-l1-1-0.dll	`EqualSid`
api-ms-win-core-heap-obsolete-l1-1-0.dll	`LocalSize`
msvcp_win.dll	`?_Xlength_error@std@@YAXPEBD@Z`

Delayed Imports

WbioQueryStorageInterface

Ordinal	`1`
Address	`0xf1f0`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50377`
MD5	`52afec5b1dd78d68f2f135e68a6b0d61`
SHA1	`77cb5cd94c66fc8957923c6f16cfb8603ca2d4da`
SHA256	`a84bdbd3f6ab270bcfc9b427bdf2dbd92ac216412314c6eb164f71b1a9710408`
SHA3	`f9a2894bde74a3c7ae65b4325688e7eae84e7861253b3cd14262f37d2db781fd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.22000.653
ProductVersion	10.0.22000.653
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	WinBio VSM Storage Adapter
FileVersion (#2)	10.0.22000.653 (WinBuild.160101.0800)
InternalName	WinBioVsmStorageAdapter
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	WinBioVsmStorageAdapter.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.22000.653

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2080-Aug-08 02:52:28
Version	`0.0`
SizeofData	`52`
AddressOfRawData	`0x14338`
PointerToRawData	`0x14338`
Referenced File	WinBioVsmStorageAdapter.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2080-Aug-08 02:52:28
Version	`0.0`
SizeofData	`928`
AddressOfRawData	`0x1436c`
PointerToRawData	`0x1436c`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2080-Aug-08 02:52:28
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1470c`
PointerToRawData	`0x1470c`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2080-Aug-08 02:52:28
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x14730`
PointerToRawData	`0x14730`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180017230`
GuardCFCheckFunctionPointer	`6442526192`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x6f9c24c0`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`49`
C objects (29395)	`8`
ASM objects (29395)	`4`
C++ objects (29395)	`22`
Total imports	`1138`
Imports (29395)	`2`
Exports (29395)	`1`
C objects (LTCG) (29395)	`10`
253 (29395)	`1`
Resource objects (29395)	`1`
Linker (29395)	`1`

5308fbc768655d474ae9d78ab36195c4

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

WbioQueryStorageInterface

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

UNKNOWN (#2)

TLS Callbacks

Load Configuration

RICH Header

Errors