Manalyze report for 6575157e16f99dad71022f79507d9858df3823db73daaf9fb0ab10ccd595f194

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-20 14:41:05
Detected languages	English - United States
Debug artifacts	C:\build\endpoint\bin\x64\Release\ServiceHost.exe.pdb
FileVersion	`8.26.6.643`
ProductVersion	`8.26.6.643 - #1c87cf23`
FileDescription	Host for Endpoint Security
InternalName	ServiceHost.exe
OriginalFilename	ServiceHost.exe
CompanyName	Bitdefender
LegalCopyright	Â© 1997-2026, Bitdefender
ProductName	Endpoint Security

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	The PE is possibly a dropper.	`Resources amount for 77.9668% of the executable.`
Info	The PE is digitally signed.	`Signer: Bitdefender SRL` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/71 (Scanned on 2026-06-12 11:54:12)	`All the AVs think this file is safe.`

Hashes

MD5	`32db1cb1e9c01bae6bfc91d231643a5f`
SHA1	`68a3d8a9026cd7726ef33cf34f09a843ce394d7b`
SHA256	`6575157e16f99dad71022f79507d9858df3823db73daaf9fb0ab10ccd595f194`
SHA3	`267a89f356aae5d8c94f1b300f92d3b3095d6f540f92c60b742858c65d32e899`
SSDeep	`1536:5qXCWFSISbaHeW7a0fjj+59zJHdx+tLh7Yj26sIl:8CWFS/bYf25ZALhkj2dIl`
Imports Hash	`cd40d5dd63c9c5e91eb5dcbe723dd345`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-May-20 14:41:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2e00`
SizeOfInitializedData	`0x21600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000003548 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x28000`
SizeOfHeaders	`0x400`
Checksum	`0x311cd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cfc447d210b32245c2741e5387a33c09`
SHA1	`2547494bac25d03302cdc63862b41facc824730c`
SHA256	`9033e3752b2868d40b3a288c939f4a893e037dac02e6456ff6050bb80562fc44`
SHA3	`ebdf526b5773fb73abda56351598ef1988343904aab6396a090f43d3a12f0acd`
VirtualSize	`0x2d8c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20264`

.rdata

MD5	`0eaa9870a50c61871d1c3334800c0df4`
SHA1	`eab689f9a62c7fa713a2268d1b255431531115e9`
SHA256	`1b72bbf587445931ec2bc3e542ae0d947cdc0c785ff0f11ac38064d7e2b7245b`
SHA3	`04950d6d404a2bdd9f01b19fcf8675786f790bd3ac32ea62fe2659b8e3c17efe`
VirtualSize	`0x1d28`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.07455`

.data

MD5	`d6018b78510c816ddf5b4078aee1d0ff`
SHA1	`566b96847bd7b6ad7813672dfecc109544939ce7`
SHA256	`b6a2c77bb0a76a109dd7e34e643d6078407bc8603b029ef4378cfa0c5cc5c922`
SHA3	`0f878f99a92d81f34b32ed6cc939b833cc596762ace56fc9a82df8714584404d`
VirtualSize	`0x2f8`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.32383`

.pdata

MD5	`74827c8d5d3a633797aa264d0e817ca4`
SHA1	`7a33e7152c1cb10f88e3e7b307e53d907675016e`
SHA256	`6f11d4812ed3510ee1225099a4bf8323d703e4eb171120f19293a7a961cc2af7`
SHA3	`a19d640ce6d027bc80275d6fc54011c1b32abcebf59256c1e032249b4db88447`
VirtualSize	`0x348`
VirtualAddress	`0x7000`
SizeOfRawData	`0x400`
PointerToRawData	`0x5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.47452`

.rsrc

MD5	`e89542ca01113c6a39d09ed6540f426c`
SHA1	`daec9e005a2c1ee299edb3ee84241c4712bbe341`
SHA256	`a99a1d3192dac42e7a8aa91ad6f3632d74221c4c535098b2500a4115f2b4eee0`
SHA3	`0d2b198f70439338059efc6fbed2969fcfa3c00efe1ab1f97ac53713995a3c32`
VirtualSize	`0x1ef08`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1f000`
PointerToRawData	`0x5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.00175`

.reloc

MD5	`d1d25c415732c76265f12ecffa84957d`
SHA1	`62d54917288a9bb6c18455adee06a9f465b4e8cb`
SHA256	`00f319063aad805206853cc4a294b484c88c2805dd1326a2934324afd7101fff`
SHA3	`ce11105df5d36a89fee0f90388ce79d16878b5d930e5b81bc64d56aa43287b81`
VirtualSize	`0x6c`
VirtualAddress	`0x27000`
SizeOfRawData	`0x200`
PointerToRawData	`0x24600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.52007`

Imports

KERNEL32.dll	`GetLastError` `InitializeCriticalSectionEx` `DeleteCriticalSection` `GetModuleHandleW` `GetProcAddress` `LoadLibraryExW` `GetSystemDirectoryW` `GetModuleFileNameW` `FreeLibrary` `GetModuleHandleA` `SetEnvironmentVariableW` `QueryPerformanceCounter` `GetStartupInfoW` `SetUnhandledExceptionFilter` `OutputDebugStringW` `IsDebuggerPresent` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetCurrentProcessId`
MSVCP140.dll	`?_Xlength_error@std@@YAXPEBD@Z`
SHLWAPI.dll	`PathRemoveFileSpecW` `PathIsRelativeW` `PathAddBackslashW`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `_CxxThrowException` `__C_specific_handler` `memset` `memmove` `__std_exception_destroy` `__std_terminate` `__std_exception_copy` `memcpy`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `realloc` `_set_new_mode` `_callnewh` `free`
api-ms-win-crt-environment-l1-1-0.dll	`_wdupenv_s` `_wputenv_s`
api-ms-win-crt-runtime-l1-1-0.dll	`_exit` `_configure_wide_argv` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm` `exit` `_seh_filter_exe` `terminate` `_get_wide_winmain_command_line` `_cexit` `_set_app_type` `_crt_atexit` `_initterm_e` `_register_onexit_function` `_initialize_onexit_table` `_initialize_wide_environment`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-string-l1-1-0.dll	`wcslen`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x12eb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.64117`
Detected Filetype	PNG graphic file
MD5	`823fdc00033cc2d6fd649f7636708466`
SHA1	`579bc2c5e21afa3fafca95f2ed2cbf0425dddcfa`
SHA256	`145c93f75a77519935ccb62a69e04b5082df2566101ac0777f06e2ca7f9cee1f`
SHA3	`af56deee6155a9ff89395e06864b9f960e3165e05a1c314d9933ee5827de6c29`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92818`
MD5	`4fca409c354937d5ba8c14d5450602dd`
SHA1	`f907f57a6d0ac56fa1b0fbd2fcd67204e7cd4211`
SHA256	`d119da9cbbd4422a80be308ccb4fc662304f03bf67628a303cd5ca16e5350f00`
SHA3	`48dca6c33b2a82e75fb6a2b28f5ea489d2ab5d61ba16f510a65df704a03827d0`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4c28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.2674`
MD5	`f03f0705b6caf020b437bbfd7dd7c6fc`
SHA1	`8ec1fa6ad14648543b325aeb4f812327430ec015`
SHA256	`7cccd28d03ea523def084c3edf0b5341f0fb6179a53edfab0d4eda4d42009c06`
SHA3	`23d334e27f299dbfccef7846dc3276a6ad0f2a4a4c1c415173d5aec9708134cf`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.89878`
MD5	`a1f821f64b9601ffe58f3b5d485d6966`
SHA1	`78424d1430bd86e7cd7b68e7016422d625630035`
SHA256	`91fec2a4fd6ec98aa73e63cf6282e9475dc7f9e8e4f4c2994dbc18aec18ff415`
SHA3	`c31c5b5a4691a86ad03f60d39d26f1138bca69f9bfc8beab4ccf3f47246c7119`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1628`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71767`
MD5	`727d008490f13a87d3e667bb0973b33e`
SHA1	`cbcb3d3ce50bc60c4454c921ec8671b6784920fa`
SHA256	`27f95b7895551da1fe130ad927c9106ef1dd44d9d3bf72e808a5222e3657f34a`
SHA3	`7645fd15ffa7c4efb8cbec44e30208461916bc5aa5037d32285cbaf3054ff889`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92191`
MD5	`94311bd85104a383d8ac16de9bd523f3`
SHA1	`5759fea0580389a85330e98bc3eb88fe66636fac`
SHA256	`d2cc95ae4494705082b62c24b69479bdea0fff9666c52dc203aff1ec8ea7a284`
SHA3	`de56a90823aa81f920f211ea9a77b22a3adbe22b8a5cbb3bf1ed8d915db94221`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00643`
MD5	`c8b98461e12c4bfcfe4680885a8b643d`
SHA1	`891a121e8b57244b05ac0f2bd53f8a893c6ae628`
SHA256	`8e4a4e03699d58b570946a869cfe99741e063213066d16d8c720539bdc592b9e`
SHA3	`4f9b25fc1a7a680da07703238a4891dda3a6401349e41cf91cf864e8de738dd2`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79378`
MD5	`7aaa415838254f1201f36a3d8d7bcf69`
SHA1	`53d400a451110ac5be1896f7cce6611ae7f10754`
SHA256	`0e50a28050af95de2e7d6b4b391428e771e72c3b5f693472d35e8b5424f56482`
SHA3	`2139a23782ad7210b4350663f39ddf7e5a521683ec5d0a13532ff0c1ed0adcfd`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.45797`
MD5	`6f26dcd6e9d979df47c4533215c176c5`
SHA1	`1846b5a7da49f4f91de79164fe984e6d374d1d06`
SHA256	`970208dd7711701e22c20e36271ef337fad6bbd5a2b48fe694bdeda2f109498b`
SHA3	`9d1aac8a33a5bbd15cbfb632f0306a254822d3b1ce1ffd95c49be45e489c224f`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87199`
Detected Filetype	Icon file
MD5	`1c7b40e6f529b53846ee786e7b825c9c`
SHA1	`95371200e5fca3ba2601c79711c6a776472e7aad`
SHA256	`d73697f231bbc8fc4e8803d911662606e018c48a2f340a5a53e21874ad2c8bef`
SHA3	`ace6220e5b3bb7a10572bfe103d672747b9a73a83f9e9a2de336a2b15d832fe5`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45799`
MD5	`7745c1be57aef346fdb7fb513fe5a9d8`
SHA1	`5d76fe0437675b13cc0a618f4ff26d6d6edf1bf9`
SHA256	`cc711954ed9d79c0e4f493f219070c412883fe38a5d3c60a21f83d0278c030b4`
SHA3	`36eee7ecda705d4be7c81f1d0f6f8183e13a83bae7e85ef323cb41fdb3b19954`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x334`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46673`
MD5	`b3dab65cb9e4c83809216f0acc9b0bb5`
SHA1	`252da6974e78da92f820ce71a70605e012ff925b`
SHA256	`81f7f00a4b097d5fdabaa38ae453ef475385c58416d4ca7cc1cb2af1c0916840`
SHA3	`3b6c52eb19d4799ffa56d72a15590df371ef4187976297a4bad7bd619527d2e7`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x336`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3298`
MD5	`73faacbcdc7822a038c4e3786814611d`
SHA1	`287208b33c407a0b361d0ce2767111875e20a9f3`
SHA256	`411d4b3df3807e19bca735fd7415be9bbbfa9a87293a2d16bc53dda75845e50f`
SHA3	`0b3da7eac75b1a2f67eeda09933c30f1ff2415251fcfab020566826e9a344c08`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-May-20 14:41:05
Version	`0.0`
SizeofData	`78`
AddressOfRawData	`0x4b9c`
PointerToRawData	`0x3d9c`
Referenced File	C:\build\endpoint\bin\x64\Release\ServiceHost.exe.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-May-20 14:41:05
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x4bec`
PointerToRawData	`0x3dec`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-20 14:41:05
Version	`0.0`
SizeofData	`780`
AddressOfRawData	`0x4c00`
PointerToRawData	`0x3e00`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-May-20 14:41:05
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140006040`

RICH Header

XOR Key	`0xc31acabb`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
ASM objects (35403)	`3`
C objects (35403)	`10`
C++ objects (35403)	`27`
Imports (35403)	`6`
Imports (33145)	`7`
Total imports	`77`
C++ objects (LTCG) (35729)	`2`
Resource objects (35729)	`1`
151	`1`
Linker (35729)	`1`

Errors

[*] Warning: Multiple nodes using the name Version Info in a dictionary.

Leave a comment

No comments yet.