Manalyze report for 697a42de43b5e355657494c345fee5e5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Dec-13 13:36:13
Detected languages	English - United States
Debug artifacts	ApplicationFrameHost.pdb
CompanyName	Microsoft Corporation
FileDescription	Application Frame Host
FileVersion	`10.0.26100.3912 (WinBuild.160101.0800)`
InternalName	Application Frame Host
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	ApplicationFrameHost.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.26100.3912`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: fothk` `Unusual section name found: .imrsiv`
Info	The PE is digitally signed.	`Signer: Microsoft Windows` `Issuer: Microsoft Windows Production PCA 2011`
Safe	VirusTotal score: 0/72 (Scanned on 2026-01-29 00:27:58)	`All the AVs think this file is safe.`

Hashes

MD5	`697a42de43b5e355657494c345fee5e5`
SHA1	`a38504e563935883ba10b1845324275576ec6ae3`
SHA256	`83a5467e68d23292b55bf0d1e2cb22113776ae7b009c733f5010d7d1f7190ca7`
SHA3	`f97ededbbd56f3dad8f52ebdf5418270dc61fc34f55ea9d4807f96f8869e08d7`
SSDeep	`1536:tRvfjSn0ZeSQJYuqxS6GgbdWF6bI0/ZEBgC7nLLGFqFPzzwX:3TSzJYuHed66T/ZEBgC7LLGFqFb0X`
Imports Hash	`7d99554faba46e292d18c234fe0ffa0c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2008-Dec-13 13:36:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xb000`
SizeOfInitializedData	`0x9000`
SizeOfUninitializedData	`0x1000`
AddressOfEntryPoint	`0x00000000000036C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x16000`
SizeOfHeaders	`0x1000`
Checksum	`0x18f89`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7f864647bcfb5d71d5ce8b032eaf9fb9`
SHA1	`f27be51f1d2a2723b30ae267d8854499d0951127`
SHA256	`195094476acba6803ceff28817c398e2c209d9f6244e6cb68eefdf6b8af37eac`
SHA3	`cf8db12ceb29e25ffed03a1256a6e43467e191571c6243e2ea64a58b3e6a8654`
VirtualSize	`0x9bec`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.96565`

fothk

MD5	`92636ac4d5eaf4ac151dfa8dacd735c3`
SHA1	`0de1c35f6650af1c8a3dc3eba50e7f70bdd6816f`
SHA256	`54e575e3d35c132cfef5f3efcd562d466779d89e929ae3e1911e91a7b50cae00`
SHA3	`5d3ec3188d373131bbfb11566a65108d88ef7fdfcbdf17f268afcf3b69161e56`
VirtualSize	`0x1000`
VirtualAddress	`0xb000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0159202`

.imrsiv

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4`
VirtualAddress	`0xc000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`6e414b9933cee37a399eba936f8f91e3`
SHA1	`f2d44194f4402216e72dba6f8cc8908aac4bc8a0`
SHA256	`fba1a9a2e4c6d3b3bf4d5e6be57286fa0453e2e1ce1664a4182cf8764998704c`
SHA3	`b3cac59e9f4d8a9ebaa105cd53f09f95cc5f260b56a73f42136be982de811023`
VirtualSize	`0x3de0`
VirtualAddress	`0xd000`
SizeOfRawData	`0x4000`
PointerToRawData	`0xc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71102`

.data

MD5	`089589fb499c96c4a56189690faa4216`
SHA1	`178077d88095db2f16cdc17b8e80ea3d61560208`
SHA256	`f244979eec4d66fb6e6d6c50844ad3d7d165ed3dfdc5772ba71678628e6dbe6b`
SHA3	`1f181a9112eeeec2dedf6d3a9ca1845cc6a686da5bdde0fbb0af946852365257`
VirtualSize	`0xbc0`
VirtualAddress	`0x11000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.458038`

.pdata

MD5	`dd4253573a209813e235dc9d9c77899f`
SHA1	`94793d74e5fdbfec0c9574dc3474c9177891eefa`
SHA256	`5a7419a35f8ce47c10b0acb7baea4c3cf85aa831cde0ba279884b01d38aae745`
SHA3	`67d2c3467330efd3377f14a06ef19d46d6deb7496b6392ab1a296b5673f6f0d9`
VirtualSize	`0xb94`
VirtualAddress	`0x12000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.53131`

.didat

MD5	`2dee2e973e06350d3edc4ce879a9d2ed`
SHA1	`a6b785a4f72a42fb9e51eab381bb5a02088f2615`
SHA256	`d7d59ae0ee938ae5316c62ded1c294e91ecdf42ded861dcdcdada9ce96852288`
SHA3	`34cdee942bddfd5cfd0f736dd85b488cd3aa3061f8c60cc009dd9b7dc42512f6`
VirtualSize	`0x68`
VirtualAddress	`0x13000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x12000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.100256`

.rsrc

MD5	`8709238e06fe921691d3e33bdf78dbba`
SHA1	`80534a387226efce72c37b33f22d4e6a343b863a`
SHA256	`b2ca9b92775d0514c9258c2bcd0304b5bf33d66f9108c8d0feffe57abc3c2a86`
SHA3	`17f6dfdf082d445886679b8718862d96326da132b0385aabbe6b90e666ef6ce2`
VirtualSize	`0x810`
VirtualAddress	`0x14000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.74173`

.reloc

MD5	`125b8ea9d16a76cd8b5b7ad6c8e453b1`
SHA1	`3778dfa728d1712479aea83a52c3d4e16e39c9bd`
SHA256	`6596841afb155db3fd3f26e984efe52d392f4a80a4677c33e65fe62a11480703`
SHA3	`803950f1be76b8327f8ab0a2440f5ad06203184b3f0c00b817ca8eec5ba7d24b`
VirtualSize	`0x140`
VirtualAddress	`0x15000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x14000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.57339`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm_e` `_initterm`
api-ms-win-crt-private-l1-1-0.dll	`_o__callnewh` `_o__cexit` `_o__configthreadlocale` `_o__configure_wide_argv` `_o__crt_atexit` `_o__errno` `_o__exit` `_o__get_wide_winmain_command_line` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__invalid_parameter_noinfo` `_o__purecall` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `memmove` `_o_exit` `_o_free` `_o_malloc` `_o_terminate` `__C_specific_handler` `__current_exception` `__current_exception_context` `__CxxFrameHandler3` `_CxxThrowException` `_o___std_exception_destroy` `_o___std_exception_copy` `_o___stdio_common_vswprintf` `_o___p__commode` `__std_terminate` `__CxxFrameHandler4` `memcmp` `memcpy`
api-ms-win-crt-string-l1-1-0.dll	`memset`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleExW` `GetModuleHandleW` `GetProcAddress` `GetModuleFileNameA`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceBeginInitialize` `InitOnceComplete`
api-ms-win-core-synch-l1-1-0.dll	`AcquireSRWLockExclusive` `ReleaseMutex` `CreateSemaphoreExW` `EnterCriticalSection` `CreateEventExW` `DeleteCriticalSection` `AcquireSRWLockShared` `CreateMutexExW` `ReleaseSemaphore` `ReleaseSRWLockShared` `LeaveCriticalSection` `OpenSemaphoreW` `WaitForSingleObjectEx` `ReleaseSRWLockExclusive` `InitializeCriticalSectionEx` `WaitForSingleObject`
api-ms-win-core-heap-l1-1-0.dll	`HeapAlloc` `HeapFree` `GetProcessHeap`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `GetLastError` `SetLastError` `SetUnhandledExceptionFilter`
api-ms-win-eventing-provider-l1-1-0.dll	`EventSetInformation` `EventRegister` `EventWriteTransfer` `EventUnregister`
api-ms-win-core-threadpool-l1-2-0.dll	`CreateThreadpoolTimer` `SetThreadpoolTimer` `CloseThreadpoolTimer` `WaitForThreadpoolTimerCallbacks`
api-ms-win-core-processthreads-l1-1-0.dll	`SetProcessShutdownParameters` `TerminateProcess` `GetCurrentProcess` `GetStartupInfoW` `GetCurrentProcessId` `GetCurrentThreadId`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW`
api-ms-win-core-debug-l1-1-0.dll	`DebugBreak` `OutputDebugStringW` `IsDebuggerPresent`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-string-l1-1-0.dll	`WideCharToMultiByte`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTimeAsFileTime`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlCaptureContext`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent`
UxTheme.dll	`#135`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
api-ms-win-core-com-l1-1-0.dll (delay-loaded)	`CoCreateInstance` `CoRevokeClassObject` `CoCreateFreeThreadedMarshaler` `CoRegisterClassObject` `CoInitializeEx` `CoUninitialize`

Delayed Imports

Attributes	`0x1`
Name	`api-ms-win-core-com-l1-1-0.dll`
ModuleHandle	`0x11918`
DelayImportAddressTable	`0x13000`
DelayImportNameTable	`0xfa38`
BoundDelayImportTable	`0xfb60`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48291`
MD5	`bceec91ea2648b1968e901eb7363b624`
SHA1	`8e2d2c270f47c54e444c20cc94040c84bf994bff`
SHA256	`226ad2b57c57e52b72aee35b7b878b7fe4c3beaa20e533ec6bb89fe1a6828644`
SHA3	`bdf0ef8699354440b7221ec4795e91bd4a05806e1537b506cac3d6fbbc621e97`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x39b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73682`
MD5	`9f0da601d837413e4873c6da310d2192`
SHA1	`7374961bf37458555862a7b9993d7dd37047218d`
SHA256	`a0191279e440decf840452684ca7cd2362879bc9fa6a984d7643ac14fe6ae746`
SHA3	`75fbb830052a6c90839bddcd60ba042c367cffc835cdc2057d17f38ca429cb94`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.26100.3912
ProductVersion	10.0.26100.3912
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Application Frame Host
FileVersion (#2)	10.0.26100.3912 (WinBuild.160101.0800)
InternalName	Application Frame Host
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	ApplicationFrameHost.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.26100.3912

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2008-Dec-13 13:36:13
Version	`0.0`
SizeofData	`49`
AddressOfRawData	`0xe87c`
PointerToRawData	`0xd87c`
Referenced File	ApplicationFrameHost.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2008-Dec-13 13:36:13
Version	`0.0`
SizeofData	`1188`
AddressOfRawData	`0xe8b0`
PointerToRawData	`0xd8b0`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2008-Dec-13 13:36:13
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0xed7c`
PointerToRawData	`0xdd7c`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2008-Dec-13 13:36:13
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0xeda0`
PointerToRawData	`0xdda0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140011240`
GuardCFCheckFunctionPointer	`5368764128`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x8b6fc285`
Unmarked objects	`0`
Imports (33140)	`2`
Imports (VS2008 SP1 build 30729)	`45`
Total imports	`1145`
Unmarked objects (#2)	`1`
ASM objects (33140)	`5`
C++ objects (33140)	`31`
C objects (LTCG) (33140)	`5`
C objects (33140)	`12`
253 (33140)	`1`
Resource objects (33140)	`1`
Linker (33140)	`1`

Errors

[*] Warning: Section .imrsiv has a size of 0!