670e27f78f56260a53589662228e5169

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Sep-13 13:35:21
Detected languages English - United States
Debug artifacts C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb

Plugin Output

Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
 Uses Microsoft's cryptographic API:
  • CryptMsgGetParam
  • CryptQueryObject
 Interacts with the certificate store:
  • CertAddCertificateContextToStore
  • CertOpenSystemStoreA
Info The PE is digitally signed. Signer: Connectwise
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 670e27f78f56260a53589662228e5169
SHA1 5ce3a2f42f3d0dc6a66046636c12fc27646ceedc
SHA256 071a791cc9445ada027cc4ef8dfe1a9d1a6aa18e0452dd01c63a9f042f5fc96a
SHA3 1a11d3be3274db581d694d700db801aa1d914b594eab93a069ae3e37d096f3d2
SSDeep 1536:hoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdaJPBJYYf7Qexs:benkyfPAwiMq0RqRfbaJZJYYfUH
Imports Hash 37d5c89163970dd3cc69230538a1b72b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2024-Sep-13 13:35:21
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x9e00
SizeOfInitializedData 0x8000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001489 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x15000
SizeOfHeaders 0x400
Checksum 0x21686
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 bae4521030709e187bdbe8a34d7bf731
SHA1 9bc3d112de1fbefdee16047d2837e219f9a7caa4
SHA256 fdda5da438fe7ce881c55a44df1c7f0493adf7b43ce5c54d154c739c920472bc
SHA3 9f370957db61a3591d3e3727281f8f59b1d9891b9712f43e2e8999e9ec424c76
VirtualSize 0x9cf8
VirtualAddress 0x1000
SizeOfRawData 0x9e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.58146

.rdata

MD5 50d7316bf204f3002e6553c3d9fcfe74
SHA1 9f323840108fc1ce3ee6b2ddc753c89f711506a4
SHA256 faaf97e3aae83944c849449e21d85f6e3813ece019c03cbe7a4aaaf8f1eb54fb
SHA3 994ea023b9a6b5561d405f17a495d9c37cb97cb7d620e1310c7e31c7664bbc1c
VirtualSize 0x5d58
VirtualAddress 0xb000
SizeOfRawData 0x5e00
PointerToRawData 0xa200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.84264

.data

MD5 04a548a5c04675d08166d3823a6bf61b
SHA1 9444473ca29b3a924cf071cf5e9b545c1e75e35a
SHA256 22a14695f1091c491edfcd4988edae3c9d5e694d2ca4286324865c6504a00ea1
SHA3 caa9eeee92e1b81b803d9f33c58c852c186e11be099ec54c33b8f4bfefc122b6
VirtualSize 0x11cc
VirtualAddress 0x11000
SizeOfRawData 0x800
PointerToRawData 0x10000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.01208

.rsrc

MD5 aa256780346be2e1ee49ac6d69d2faff
SHA1 df33f145fc47be371d31d7b6c2850b1ed4a59415
SHA256 9328e697c8bda5c3dd6ed49c803a3dd3a479ab9a77458bedfd31afef5874645b
SHA3 1e1be91606721d298a71e56c733dcd443c17dfbbaf4a211ccecf80d5ea36e546
VirtualSize 0x1e0
VirtualAddress 0x13000
SizeOfRawData 0x200
PointerToRawData 0x10800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70372

.reloc

MD5 908329e10a1923a3c4938a10d44237d9
SHA1 d66759fb839b4d1de1f4cac694fca2d08335b735
SHA256 fa10fd47128b05663a01f3967308940902cc8f0c187ec28d81a91ba5ade78564
SHA3 69a28d281c0031198fef40ceba08e35cb4039968e04e996c5af8ea4c3b4499f9
VirtualSize 0xddc
VirtualAddress 0x14000
SizeOfRawData 0xe00
PointerToRawData 0x10a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.4957

Imports

KERNEL32.dll LocalFree
GetProcAddress
LoadLibraryA
Sleep
LocalAlloc
GetModuleFileNameW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
CloseHandle
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
CRYPT32.dll CertDeleteCertificateFromStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertAddCertificateContextToStore
CertFindAttribute
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenSystemStoreA

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2024-Sep-13 13:35:21
Version 0.0
SizeofData 99
AddressOfRawData 0xff50
PointerToRawData 0xf150
Referenced File C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2024-Sep-13 13:35:21
Version 0.0
SizeofData 20
AddressOfRawData 0xffb4
PointerToRawData 0xf1b4

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Sep-13 13:35:21
Version 0.0
SizeofData 680
AddressOfRawData 0xffc8
PointerToRawData 0xf1c8

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2024-Sep-13 13:35:21
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x411000
SEHandlerTable 0x40fec0
SEHandlerCount 2

RICH Header

XOR Key 0x1a0d1864
Unmarked objects 0
241 (40116) 10
243 (40116) 122
242 (40116) 24
C++ objects (33218) 37
C objects (33218) 18
ASM objects (33218) 18
Imports (VS2008 SP1 build 30729) 5
Total imports 97
C objects (LTCG) (33523) 1
Resource objects (33523) 1
Linker (33523) 1

Errors

<-- -->