Manalyze report for 5a81773437fc25ed46f00ac2e67f2f8a4643b868f21dc313418768cfe429b1c4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Dec-08 17:19:18
Detected languages	English - United Kingdom English - United States
Debug artifacts	C:\Users\Dmitry\source\test\pstoexe\Release\stub.pdb
CompanyName	TODO: <Company name>
FileDescription	TODO: <File description>
FileVersion	`1.0.0.1`
InternalName	stub.exe
LegalCopyright	Copyright (C) 2018
OriginalFilename	stub.exe
ProductName	TODO: <Product name>
ProductVersion	`1.0.0.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: rshell.exe`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW`
Suspicious	The file contains overlay data.	`595 bytes of data starting at offset 0x36f38.`
Info	The PE is digitally signed.	`Signer: APREL Tehnologija d.o.o.` `Issuer: Sectigo Public Code Signing CA EV R36`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7e7bb028db1ae0f2ca424f9016ee38a1`
SHA1	`a1eba76a3eaaa849bc7e6e1147d88c3c70ed8dac`
SHA256	`5a81773437fc25ed46f00ac2e67f2f8a4643b868f21dc313418768cfe429b1c4`
SHA3	`da6f0410fd2fd11eaac8512ec50ee8f31b437c08c15d68a1c7d0bef4c951ca04`
SSDeep	`3072:dM5rlsiqb4GeL8t6AqHH6NB4G3o5k8JCOCY2mf7AAYz+H3CMIjWtxyT:8qJ8GI8IHe3PO86QjWyT`
Imports Hash	`d0e8c0d6c31cc938d9805b476d223fc4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2022-Dec-08 17:19:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x13800`
SizeOfInitializedData	`0x21000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003ACA (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x15000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x39000`
SizeOfHeaders	`0x400`
Checksum	`0x443ec`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1d23904c67604e7077a096b7c55fea9e`
SHA1	`d3806e580b946e0c789cf633fc28319584de5cc3`
SHA256	`2f39482aa78ba2b3f7d8b579e983cb08950ea11c5f172aca9db2f75f57400cd2`
SHA3	`e670a8836e2b0c531b7241ac52c411e1b8b10b7b22558dc17f6c8a90f61cc519`
VirtualSize	`0x1360e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63551`

.rdata

MD5	`f4f24b64388fc3b8f2dab9edae81f4c3`
SHA1	`f19e2a0feff085d4a85cb96a383cf78a60472d52`
SHA256	`dde31ed8a16c1cd58fd4753722fc9c7f3ffb7187b0c145e467c39604ed774a75`
SHA3	`25de26e73ddfce7d81a1d8dfdae178f05ae68fcb281958c60a74a891ff609be3`
VirtualSize	`0x72b0`
VirtualAddress	`0x15000`
SizeOfRawData	`0x7400`
PointerToRawData	`0x13c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16428`

.data

MD5	`1f3a66356308a1d2e4baae180a3e0eb5`
SHA1	`853a1c5fc2d31ee4f191daa364ff8371123e30b2`
SHA256	`0963aab77023276511baeab0c961cf2d4e0cdfadd00ea9fe78116a6fd32a7cb8`
SHA3	`7fcc5e2cb4cac6875d88a60ff6ca3b2bd907faa57e24c04fdc54cb2e7fdedc9d`
VirtualSize	`0x15dc`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.30194`

.rsrc

MD5	`1e16b2abbf70ac2009a2bc95c2f4a9e7`
SHA1	`2c370a1934ab2dcf533cfc428a630a4421f98eb7`
SHA256	`948170f56208568da95883bf50492986c7bbd12bcc4c11ec4acf0906964e0c9a`
SHA3	`12fdcdbffc31d26c26525278f2c6661ea56155a9dfe6f5d5733b29dd8171539a`
VirtualSize	`0x17320`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x17400`
PointerToRawData	`0x1bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.05067`

.reloc

MD5	`8d4d0b70f7ee1ad260e35e7354a5fa8a`
SHA1	`fc910db277f4d45f5d5fb87254438bdca3d80776`
SHA256	`f1257929b328fc64033943b926f6b835b06efc0c38d3084753973a1fb74d91f7`
SHA3	`d9f40823b2033a6825efbb773d0d5756b6261fd550c24733839956c5bdd6f1dc`
VirtualSize	`0x11c8`
VirtualAddress	`0x37000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x33000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52627`

Imports

KERNEL32.dll	`HeapFree` `InitializeCriticalSectionEx` `HeapSize` `GetLastError` `HeapReAlloc` `RaiseException` `HeapAlloc` `DecodePointer` `HeapDestroy` `DeleteCriticalSection` `GetProcessHeap` `WideCharToMultiByte` `GetTempPathW` `GetTempFileNameW` `GetModuleFileNameW` `CreateFileW` `SetFilePointer` `ReadFile` `CloseHandle` `MoveFileW` `WriteFile` `ExpandEnvironmentStringsW` `CreateProcessW` `MultiByteToWideChar` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `FindResourceExW` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `IsDebuggerPresent` `OutputDebugStringW` `EnterCriticalSection` `LeaveCriticalSection` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `GetModuleHandleW` `GetProcAddress` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlUnwind` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `SetLastError` `EncodePointer` `ExitProcess` `GetModuleHandleExW` `GetStdHandle` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `SetStdHandle` `GetStringTypeW` `SetFilePointerEx` `WriteConsoleW`
USER32.dll	`MessageBoxW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x115a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40514`
Detected Filetype	PNG graphic file
MD5	`80effeaf0f7f73030c8c163b1d372a73`
SHA1	`2fe13eb3e7bca557f85fc8f9b9cae0bcc471b2b8`
SHA256	`fb2d880da70a3656bd101b0abef32bf9fa1cd534f722390a89726d6688a9b69a`
SHA3	`09fc211cee1c94a133ffcd534ee37fbf0cbc1361fd7597fdae82672b1a5ed951`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26975`
MD5	`f1116353e3532f47558905b9bf055ccd`
SHA1	`c811f9279167c9403f4ace49d15ea4903e111a4c`
SHA256	`8449d82e04180f53b51638f4be40711c0ec460a6d8974814281ca3ad023a6f7c`
SHA3	`8b370bb368464c8ef4b224957a67081802a791c011f3a79505fcbb00750bf58d`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.1346`
MD5	`556efe1176ce501c76135e739a4e351f`
SHA1	`8111ff3a50a39de110c9e7ec763b6e8ff7ee0ef2`
SHA256	`4d473837de08a8436ca2395d0c5f32c21520932efdeddc1901a10af5392f88d9`
SHA3	`5ee61c09e5a367b13359b017f3154d6b35c0ba5c7ca0b56adde22d7aa36b8507`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.398`
MD5	`837e52eb38d74315e357d8f125c4df81`
SHA1	`03c8def2cd7c7cb2ed4104ecddfe81b6ddd4e658`
SHA256	`98174f3472ca0f9554ba63205b25c32599203ed666ed11fe97b0ea8e139bfcbb`
SHA3	`e311783462de1ba36b6ee0703350bf7e2e1d4bdd64e4290fbc2ac4d4be1fb838`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x90b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34276`
Detected Filetype	PNG graphic file
MD5	`6ddb2971171f0cbb5a7a1e24daf9c058`
SHA1	`a92c044ebf614033ebcecb80ab7da6db5b0f47ba`
SHA256	`29f3cf41dd19aae1f411e6682ad4076909714abcec3c7604da2865d8781f4435`
SHA3	`4e91d648365b090fd3d80a8178669937da27063df98faebc1f0e9b2bcc9fd26e`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68124`
MD5	`020378554aef476bca9321efd923987b`
SHA1	`bf562d60d3cfcd46edc694b514067f794f889b4d`
SHA256	`f12c4d9291ec41fe83d9f607e7e5e97c9ad91d4b6ce630362c90a7bbb6a33f87`
SHA3	`5bdea54b791bb08ed05c13760559a65dc1094e9359b70070333f561218217d3c`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80715`
MD5	`ee6aab0d2a2a3b593c956cf42f77ae3a`
SHA1	`80eea6b72d811395a7ae8faa087f6c4e023113c1`
SHA256	`5d3accd3fffb51a126c51b31c8c702eb82d7d263adc40f79cef611505b657b2e`
SHA3	`10af8fd3eb86072414476d7292ca23b3cc81a97950e0b2de7c174c7fdc0b2829`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82161`
MD5	`754e2bdcacf6a45aeae73a4fe1e18874`
SHA1	`4201cb1e3adbad8d330ed3b4a5dbd93be8d7a23a`
SHA256	`26109c3d569485c1a47d9387a1c01c8ba80e5f72c5b3e68349e1fb445f3c8a91`
SHA3	`2b9b049adf2fa9fad570f5e40eaa1b32f374d686a03f2b3ca42dbd584e169a2e`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9458`
MD5	`049adcf7dae1847bdc61e2839c33815f`
SHA1	`63ed6cc6be6dfc49080de6a75c19fdda47bb6e4d`
SHA256	`6b75bee5cf9b91b5365172e6cec8710325aea24bfd15eb71343b1e4e048f5558`
SHA3	`20ce7114961ea521dc59b71b0cad68fc3896c90b7813b067e75a3174dd19a79b`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x115a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.40514`
Detected Filetype	PNG graphic file
MD5	`80effeaf0f7f73030c8c163b1d372a73`
SHA1	`2fe13eb3e7bca557f85fc8f9b9cae0bcc471b2b8`
SHA256	`fb2d880da70a3656bd101b0abef32bf9fa1cd534f722390a89726d6688a9b69a`
SHA3	`09fc211cee1c94a133ffcd534ee37fbf0cbc1361fd7597fdae82672b1a5ed951`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.26975`
MD5	`f1116353e3532f47558905b9bf055ccd`
SHA1	`c811f9279167c9403f4ace49d15ea4903e111a4c`
SHA256	`8449d82e04180f53b51638f4be40711c0ec460a6d8974814281ca3ad023a6f7c`
SHA3	`8b370bb368464c8ef4b224957a67081802a791c011f3a79505fcbb00750bf58d`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.1346`
MD5	`556efe1176ce501c76135e739a4e351f`
SHA1	`8111ff3a50a39de110c9e7ec763b6e8ff7ee0ef2`
SHA256	`4d473837de08a8436ca2395d0c5f32c21520932efdeddc1901a10af5392f88d9`
SHA3	`5ee61c09e5a367b13359b017f3154d6b35c0ba5c7ca0b56adde22d7aa36b8507`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.398`
MD5	`837e52eb38d74315e357d8f125c4df81`
SHA1	`03c8def2cd7c7cb2ed4104ecddfe81b6ddd4e658`
SHA256	`98174f3472ca0f9554ba63205b25c32599203ed666ed11fe97b0ea8e139bfcbb`
SHA3	`e311783462de1ba36b6ee0703350bf7e2e1d4bdd64e4290fbc2ac4d4be1fb838`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x90b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.34276`
Detected Filetype	PNG graphic file
MD5	`6ddb2971171f0cbb5a7a1e24daf9c058`
SHA1	`a92c044ebf614033ebcecb80ab7da6db5b0f47ba`
SHA256	`29f3cf41dd19aae1f411e6682ad4076909714abcec3c7604da2865d8781f4435`
SHA3	`4e91d648365b090fd3d80a8178669937da27063df98faebc1f0e9b2bcc9fd26e`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68124`
MD5	`020378554aef476bca9321efd923987b`
SHA1	`bf562d60d3cfcd46edc694b514067f794f889b4d`
SHA256	`f12c4d9291ec41fe83d9f607e7e5e97c9ad91d4b6ce630362c90a7bbb6a33f87`
SHA3	`5bdea54b791bb08ed05c13760559a65dc1094e9359b70070333f561218217d3c`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80715`
MD5	`ee6aab0d2a2a3b593c956cf42f77ae3a`
SHA1	`80eea6b72d811395a7ae8faa087f6c4e023113c1`
SHA256	`5d3accd3fffb51a126c51b31c8c702eb82d7d263adc40f79cef611505b657b2e`
SHA3	`10af8fd3eb86072414476d7292ca23b3cc81a97950e0b2de7c174c7fdc0b2829`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82161`
MD5	`754e2bdcacf6a45aeae73a4fe1e18874`
SHA1	`4201cb1e3adbad8d330ed3b4a5dbd93be8d7a23a`
SHA256	`26109c3d569485c1a47d9387a1c01c8ba80e5f72c5b3e68349e1fb445f3c8a91`
SHA3	`2b9b049adf2fa9fad570f5e40eaa1b32f374d686a03f2b3ca42dbd584e169a2e`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.9458`
MD5	`049adcf7dae1847bdc61e2839c33815f`
SHA1	`63ed6cc6be6dfc49080de6a75c19fdda47bb6e4d`
SHA256	`6b75bee5cf9b91b5365172e6cec8710325aea24bfd15eb71343b1e4e048f5558`
SHA3	`20ce7114961ea521dc59b71b0cad68fc3896c90b7813b067e75a3174dd19a79b`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80887`
Detected Filetype	Icon file
MD5	`3c05e220887a3ece785e94ba01ef2365`
SHA1	`58b72f9ecac3827e770a073030bf1c48de0e31f1`
SHA256	`b89482d2dfd349ed0465241aa76507fd25a49dfafed3c7233afd53a3ff36f6a7`
SHA3	`2cd355b6a0b659201c97af9c629791d1d7e083c8a4dca9ab93ce5582cae117ae`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85121`
Detected Filetype	Icon file
MD5	`761371fb444ffe3cba9630fa53a07e52`
SHA1	`09e05edf4a7a8d5b314e96d9aae9250fd86ea068`
SHA256	`ca27366c72f3cad07bc9e39d6626a6a059cb939d6985475e49dd8e5b93cbbe86`
SHA3	`32af3f3ea06c3d9cc09fb775f4610d3b91f2af87cb8a700b5d1b0ab04f95b0ce`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x2f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38092`
MD5	`d69bbe9e258f04692edb59002a082ae2`
SHA1	`bdaa56ea67bc96c464236e26560194de1cbf6544`
SHA256	`915737bd6ff36a4b4a9c272a71e5819af7db0a4e934086cb7cd69760fbf608f9`
SHA3	`784d913d2a197abe7eecc6ab77d8b2b32d4fa8901f169a6dfc54db3c05414275`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x280`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07176`
MD5	`0f3b71d0fa474d73aff7de9cdf842732`
SHA1	`7990f81c60b8ab722c5ad7367f69c85106be5ed5`
SHA256	`5055de34114f55b1bfafbbbda68ec60c4291109780b9c197557b7c222c9a4e09`
SHA3	`c819cff55bde393211a32de2e92c070f295200f1b580ba63c6d18be15e762375`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	TODO: <Company name>
FileDescription	TODO: <File description>
FileVersion (#2)	1.0.0.1
InternalName	stub.exe
LegalCopyright	Copyright (C) 2018
OriginalFilename	stub.exe
ProductName	TODO: <Product name>
ProductVersion (#2)	1.0.0.1

Resource LangID	English - United Kingdom

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Dec-08 17:19:18
Version	`0.0`
SizeofData	`77`
AddressOfRawData	`0x1b044`
PointerToRawData	`0x19c44`
Referenced File	C:\Users\Dmitry\source\test\pstoexe\Release\stub.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Dec-08 17:19:18
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1b094`
PointerToRawData	`0x19c94`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Dec-08 17:19:18
Version	`0.0`
SizeofData	`880`
AddressOfRawData	`0x1b0a8`
PointerToRawData	`0x19ca8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-Dec-08 17:19:18
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x41b428`
EndAddressOfRawData	`0x41b430`
AddressOfIndex	`0x41ddb0`
AddressOfCallbacks	`0x415190`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41d008`
SEHandlerTable	`0x41b020`
SEHandlerCount	`9`

RICH Header

XOR Key	`0x8b88f48d`
Unmarked objects	`0`
ASM objects (VS2017 v14.15 compiler 26715)	`10`
C++ objects (VS2017 v14.15 compiler 26715)	`139`
C objects (VS2017 v14.15 compiler 26715)	`18`
ASM objects (VS2017 v15.?.? build 25930)	`18`
C objects (VS2017 v15.?.? build 25930)	`20`
C++ objects (VS2017 v15.?.? build 25930)	`42`
Imports (VS2017 v14.15 compiler 26715)	`5`
Total imports	`99`
C++ objects (LTCG) (VS2017 v15.6.6 compiler 26131)	`2`
Resource objects (VS2017 v15.6.6 compiler 26131)	`1`
151	`1`
Linker (VS2017 v15.6.6 compiler 26131)	`1`

Errors

Leave a comment

No comments yet.