Manalyze report for 62a90875f58af4719c42e486b889398a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jul-16 13:50:11
Detected languages	English - United States Swedish - Sweden
CompanyName	Mojang
FileDescription	Minecraft launcher
FileVersion	`1.0.1.0`
InternalName	MinecraftLauncher
LegalCopyright	Copyright (C) 2016 Mojang
OriginalFilename	MinecraftLauncher.exe
ProductName	Minecraft
ProductVersion	`1.0.1.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegEnumKeyExA RegCloseKey RegQueryValueExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptQueryObject CryptStringToBinaryA CryptGenRandom CryptDestroyHash CryptHashData CryptCreateHash CryptGetHashParam CryptReleaseContext CryptAcquireContextA` `Can create temporary files: GetTempPathW CreateFileW CreateFileA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: WinHttpGetIEProxyConfigForCurrentUser` `Leverages the raw socket API to access the Internet: #17 #57 #11 #10 WSAIoctl #21 #15 #9 #7 #6 #5 #4 #3 #2 #19 #16 #111 #112 #18 #151 #23 #14 #116 #115 #8` `Enumerates local disk drives: GetDriveTypeW` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Malicious	The PE is possibly a dropper.	`Resource 4 detected as a PE Executable.`
Info	The PE is digitally signed.	`Signer: Mojang AB` `Issuer: Symantec Class 3 SHA256 Code Signing CA`
Suspicious	VirusTotal score: 2/67 (Scanned on 2019-09-15 23:44:01)	`VBA32: BScope.Trojan.Swrort` `Cylance: Unsafe`

Hashes

MD5	`62a90875f58af4719c42e486b889398a`
SHA1	`01df0b05b6740e4208a047ab68c84054297fe060`
SHA256	`9a9a57ac90644dda77cc80f14501350fee2eace8619725c5ab1916622ebbe11d`
SHA3	`e893776a11e856822ec7b9d666509a6efb6a0bd15c05fd30f1381ba0558197c8`
SSDeep	`49152:CgEvWK2aiV+qD88x2+ZtldPD//ITtSMfQQAoaAUNbw8:tEvNiV++8y2Il5A21nlt`
Imports Hash	`96eb294cf02cadca31bfefedb4d94bdc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2019-Jul-16 13:50:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xec800`
SizeOfInitializedData	`0x127e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000A548E (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xee000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x219000`
SizeOfHeaders	`0x400`
Checksum	`0x223cf4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4f20ab1ff31be4cae76be32b97f276ee`
SHA1	`60e9bcfb746a21c622c5fc17405e3884721ae8e7`
SHA256	`b2e9bf235645a9695f04bfc319a895313af1bf1b0f8c1aa0d31ea0232975851f`
SHA3	`8d203ed3744ceba30a6d9123a2460fcab2a7a13fd0e29fe102cd8a7d1dfe5500`
VirtualSize	`0xec7df`
VirtualAddress	`0x1000`
SizeOfRawData	`0xec800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57433`

.rdata

MD5	`9a9f294f8524caf2ee7036ffc1539b80`
SHA1	`4634c0ad801e2d6f56601827694b629fa19afda5`
SHA256	`0d13c1f8285e0448dfc90d368ac32a9c701892455e6d067f5531046b43b1cf8c`
SHA3	`8966d5bc3892a286fd3dc1c34a4400e0dfc63fa25183986bcd1ea479d93ebeec`
VirtualSize	`0x397e2`
VirtualAddress	`0xee000`
SizeOfRawData	`0x39800`
PointerToRawData	`0xecc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.49077`

.data

MD5	`360f31bf0f3cb3a3ebe9dfbb8960d3cd`
SHA1	`aec53df0261ea8deac77271fc0c654352b8b0b33`
SHA256	`884d5ede8469b748221530d97eba494e6f8e7c48c47be3640c3e79bbe7785c04`
SHA3	`79ff8bb5dfef50e3d4583cdada99d96dece41c5ced95d3dc25704fdfb95029cd`
VirtualSize	`0xc034`
VirtualAddress	`0x128000`
SizeOfRawData	`0xa200`
PointerToRawData	`0x126400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.20106`

.gfids

MD5	`841311c34019fe6ae141ccdefeb80021`
SHA1	`d6ae4e197fd0a8b6cec80382764fb600b80973af`
SHA256	`92cf71e1273050440899269e271b2a12eef4791c2922964c073e8dbb5415e4a0`
SHA3	`3c9cabe51c482da906606ce16f7ddc86395ede002220b3b52faf75faaf7b37f4`
VirtualSize	`0xb88`
VirtualAddress	`0x135000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x130600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.81504`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x136000`
SizeOfRawData	`0x200`
PointerToRawData	`0x131200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`0d4882b5be8cd1a702f83825d14a0ae3`
SHA1	`33c4dbef8f15d9210a0202a153125980018d663f`
SHA256	`bd15bb87e2aefbe2ec82df925e2b19780f86c628ce105a117733422097d01238`
SHA3	`d0f97949ef9122a2832b899269ee11ca3782feda52f719a5ad5c5b761a76bbd4`
VirtualSize	`0xd4818`
VirtualAddress	`0x137000`
SizeOfRawData	`0xd4a00`
PointerToRawData	`0x131400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.3417`

.reloc

MD5	`c99dc9b61dcb2cd59095da7e195ca43e`
SHA1	`dc3e507b4576528b64f5e46375b2b7f0223f19b1`
SHA256	`48607724f6301382e59ebd39fccc89eeda06daa18ddc5d95a3d92c488e0b4655`
SHA3	`17c5db89c15401ba7cdbf64ae9b218efc605bf870c90e8c83a9b35b12b599650`
VirtualSize	`0xcb78`
VirtualAddress	`0x20c000`
SizeOfRawData	`0xcc00`
PointerToRawData	`0x205e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61211`

Imports

WINHTTP.dll	`WinHttpGetIEProxyConfigForCurrentUser`
COMCTL32.dll	`#17`
WS2_32.dll	`#17` `#57` `#11` `#10` `WSAIoctl` `#21` `#15` `#9` `#7` `#6` `#5` `#4` `#3` `#2` `#19` `#16` `#111` `#112` `#18` `#151` `#23` `#14` `#116` `#115` `#8`
CRYPT32.dll	`CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertCreateCertificateChainEngine` `CryptQueryObject` `CertGetNameStringA` `CertAddCertificateContextToStore` `CryptStringToBinaryA` `CertFreeCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore` `CertFreeCertificateChain`
KERNEL32.dll	`GetConsoleCP` `GetDateFormatW` `GetTimeFormatW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `FlushFileBuffers` `SetFilePointerEx` `SetStdHandle` `GetProcessHeap` `GetTimeZoneInformation` `ReadConsoleW` `FindFirstFileExA` `GetLastError` `SetEvent` `OpenEventW` `GetCommandLineW` `GlobalFree` `LockResource` `LoadResource` `SizeofResource` `FindResourceW` `CloseHandle` `CreateMutexA` `GetExitCodeProcess` `WaitForSingleObject` `CreateProcessW` `GetProcAddress` `GetCurrentProcess` `GetModuleFileNameW` `GetModuleHandleW` `GetVersionExW` `GetFileSizeEx` `DeviceIoControl` `IsValidCodePage` `GetTempPathW` `SetCurrentDirectoryW` `GetCurrentDirectoryW` `CreateDirectoryW` `GetFullPathNameW` `CreateFileW` `GetFileAttributesW` `DeleteFileW` `FindFirstFileW` `FindNextFileW` `MoveFileExW` `FreeLibrary` `LoadLibraryExW` `VirtualAlloc` `VirtualFree` `Sleep` `SleepEx` `GetTickCount` `VerSetConditionMask` `GetSystemDirectoryA` `GetModuleHandleA` `LoadLibraryA` `VerifyVersionInfoA` `ExpandEnvironmentStringsA` `SetLastError` `FormatMessageA` `CreateFileA` `ReadFile` `LoadLibraryW` `GetVersionExA` `GetWindowsDirectoryA` `GetConsoleMode` `GetACP` `WriteFile` `GetStdHandle` `GetModuleFileNameA` `ExitProcess` `HeapReAlloc` `GetModuleHandleExW` `ExitThread` `HeapFree` `HeapAlloc` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `PeekNamedPipe` `GetFileType` `GetDriveTypeW` `RtlUnwind` `GetOEMCP` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableA` `SetEndOfFile` `GetFileAttributesExW` `WriteConsoleW` `RemoveDirectoryW` `FindNextFileA` `HeapSize` `FindClose` `WideCharToMultiByte` `FormatMessageW` `EncodePointer` `DecodePointer` `RaiseException` `EnterCriticalSection` `LeaveCriticalSection` `TryEnterCriticalSection` `DeleteCriticalSection` `GetCurrentThreadId` `QueueUserWorkItem` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `DuplicateHandle` `WaitForSingleObjectEx` `GetCurrentThread` `GetExitCodeThread` `MultiByteToWideChar` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetCPInfo` `GetStringTypeW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `ResetEvent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsDebuggerPresent` `GetStartupInfoW` `GetCurrentProcessId` `InitializeSListHead` `CreateTimerQueue` `SignalObjectAndWait` `SwitchToThread` `CreateThread` `SetThreadPriority` `GetThreadPriority` `GetLogicalProcessorInformation` `CreateTimerQueueTimer` `ChangeTimerQueueTimer` `DeleteTimerQueueTimer` `GetNumaHighestNodeNumber` `GetProcessAffinityMask` `SetThreadAffinityMask` `RegisterWaitForSingleObject` `UnregisterWait` `GetThreadTimes` `FreeLibraryAndExitThread` `VirtualProtect` `ReleaseSemaphore` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `InterlockedFlushSList` `QueryDepthSList` `UnregisterWaitEx`
USER32.dll	`MessageBoxW` `LoadIconW` `SetWindowLongW` `GetWindowLongW` `SetWindowTextW` `GetDlgItem` `EndDialog` `CreateDialogParamW` `ShowWindow` `DestroyWindow` `SendMessageW` `DispatchMessageW` `TranslateMessage` `GetMessageW`
SHELL32.dll	`SHGetFolderPathW` `CommandLineToArgvW`
ADVAPI32.dll	`CryptGenRandom` `RegQueryValueExA` `RegOpenKeyExA` `RegEnumKeyExA` `RegCloseKey` `CryptDestroyHash` `CryptHashData` `CryptCreateHash` `CryptGetHashParam` `CryptReleaseContext` `CryptAcquireContextA` `RegQueryValueExW` `RegOpenKeyExW`

Delayed Imports

4

Type	`BIN`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x79580`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.58811`
Detected Filetype	PE Executable
MD5	`c998c0a93170a663cfe139481d9047a8`
SHA1	`54b3c5b743d2d3575309dff85ad24ad42ee68408`
SHA256	`c7e0428ab9d3b9875f2b2178a61adef63b4d360872ef1f27ad0b5af97f7b707d`
SHA3	`3c18675c5117c9c1022f9f2e646ba69c9ff119c571bd7a8a00a554bb93091347`

1

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.91706`
MD5	`ca42724eeaa8e59176698622a5e9bdf5`
SHA1	`059df150825f57dacdb666f2ae1a44ceff6831f7`
SHA256	`8b5dc853931ff530e0a9dffdbdd636544a80743db6dbadf5414c9c2dc277b6dd`
SHA3	`9cb0bea873647849e65ea7f72d168f172203b943067f3875ca1b9d840d8cd2ab`

2

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70087`
MD5	`fd0e9a5a2fe7442ab7d55a25d9c971a7`
SHA1	`4b29c976fd268feba1504455912b0e29069235ba`
SHA256	`2ba678b803a1c7916ab37c6d011e602b2e86b1c6c3a7d37489ba71ecd95bc0c9`
SHA3	`e890a1fdef14bc185ba551c42b851561864444d9eac1bf9b2ee4335173d21ed9`

3

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.56546`
MD5	`f7d1883e4dbffa5fd31690855e6fce08`
SHA1	`7f71047a3d76c5ad00dbf724eb6f4695cd841f5f`
SHA256	`a7606c12d61c32543665043ce67084d1a194ecb125c497561aaceeb69f1284c6`
SHA3	`4be2c0b0b27393c6a731ec25186d450b713e3643162f3995f5b671ddf030df94`

4 (#2)

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46909`
MD5	`6a248dcfe44c4fe720c15e203d664a15`
SHA1	`4c95ae527a3474b26c441eb2fdac58918e12457f`
SHA256	`b23bd072ed2c085d27caee78afafbe711745cbb65e5e1812c5a2c00e158193a1`
SHA3	`808b52315f0960b9ee75baa98ebf3dd17fa7f4765353dcc953f3c4902741b7d9`

5

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.26597`
MD5	`8adc156604a164b3557ff4836b3d05bc`
SHA1	`6d0af66d4006a7f5ce980e9fec559c91a5f1777d`
SHA256	`fbbb03e9532956dfc2eab22f59fddd20236e577dd3cfb798cb349cd870dd34a5`
SHA3	`111e6f89075b2097df31e08ae53a8c1a82a60beebcb34d97a80b7211b3e9727d`

6

Type	`RT_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.18146`
MD5	`490d03038fa281c3825229385384036a`
SHA1	`04cdf6e70bdad3a391197e2670fa565d053b20e6`
SHA256	`1bf690f38715ca94a563ea84ef742e2128fac4e04ef2be689beedd7e103a20c8`
SHA3	`e5aaf3ae8f5abd19a751c730c7302003ec1f3ed28f2d4808df105ae29dbd941f`

9

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x148`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18894`
MD5	`a9fb2bc9f9cc0499e9470dafb48faced`
SHA1	`53e7902d4b434aaac9ddf0481ba220e185ceeba5`
SHA256	`0afaa7bc08ebbde3a7024fbb5609aad8c3b840ed3d563529229fac9a6083bc73`
SHA3	`1035b4fb1c0addb0775d7c9524100eb9ffb5ff5829c7845d1ddd4b3f6a30bdfc`

101

Type	`RT_GROUP_ICON`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76511`
Detected Filetype	Icon file
MD5	`61e58469fe660c213ebc6e2cc66cbafc`
SHA1	`c47479da87d8390f935b337e91bdbedcc739b3eb`
SHA256	`c369bebe3271775e43301281caa7efcd03938e3bc1f620212d6c5617edaad403`
SHA3	`7c04647ad931cbf1b5c005cebc686d11b461a50e14ba9aa560e6cc1749adcb2f`

1 (#2)

Type	`RT_VERSION`
Language	Swedish - Sweden
Codepage	UNKNOWN
Size	`0x2e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34071`
MD5	`96d4b3aa204f7c6fc33eb29b3287291c`
SHA1	`74ba5c8c385552ffdf0a9b5562fe4b005f10ca6d`
SHA256	`ef08454ebaccd5e50b4b073680bf7e42afde84e3fdf4b36f4d13ee8e8ed33a71`
SHA3	`128782715532070bbe1962252301e1dee220b8fafd87fd7ec89bccb74754afca`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x613`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00927`
MD5	`dc8dcb28be9a9fdc6f73a2b7cb44af30`
SHA1	`5a49c3bc27b0854f97ec2d688a64dfe632e2aadb`
SHA256	`da5b503b9ccec89964fd51a660fd34d90b52a54c1b443de14527695bfa174665`
SHA3	`b6878ce68385aa3ae4c083b8d583ad8c07fd43cb5160341a8528323f1a8ce741`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.1.0
ProductVersion	1.0.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Mojang
FileDescription	Minecraft launcher
FileVersion (#2)	1.0.1.0
InternalName	MinecraftLauncher
LegalCopyright	Copyright (C) 2016 Mojang
OriginalFilename	MinecraftLauncher.exe
ProductName	Minecraft
ProductVersion (#2)	1.0.1.0

Resource LangID	Swedish - Sweden

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Jul-16 13:50:11
Version	`0.0`
SizeofData	`980`
AddressOfRawData	`0x119d7c`
PointerToRawData	`0x11897c`

TLS Callbacks

StartAddressOfRawData	`0x536000`
EndAddressOfRawData	`0x536008`
AddressOfIndex	`0x533434`
AddressOfCallbacks	`0x4ee4a0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x528168`
SEHandlerTable	`0x5193b0`
SEHandlerCount	`627`

RICH Header

XOR Key	`0x7afc2ea8`
Unmarked objects	`0`
241 (40116)	`22`
243 (40116)	`174`
242 (40116)	`31`
199 (41118)	`6`
ASM objects (VS2015 UPD3 build 24123)	`26`
C++ objects (VS2015 UPD3 build 24123)	`125`
C objects (VS2015 UPD3 build 24123)	`38`
C objects (VS2015 UPD3 build 24213)	`111`
Imports (VS2008 SP1 build 30729)	`17`
Total imports	`239`
C++ objects (VS2015 UPD3 build 24213)	`50`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3 build 24213)	`1`

62a90875f58af4719c42e486b889398a

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.gfids

.tls

.rsrc

.reloc

Imports

Delayed Imports

4

1

2

3

4 (#2)

5

6

9

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors