6d71d213eba86637b2c973f5b7296207

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2022-Apr-07 18:55:57
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.
Debug artifacts C:\buildbot\src\android\emu-31-stable-release\out\build\debug_info\emulator.pdb

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious Strings found in the binary may indicate undesirable behavior: Looks for VMWare presence:
  • VMWare
  • VMware
Looks for Qemu presence:
  • QEMU
  • qemu
Miscellaneous malware strings:
  • cmd.exe
Contains domain names:
  • Z-google.golang.org
  • android.com
  • bellard.org
  • bootchart.org
  • clients2.google.com
  • curl.haxx.se
  • developer.android.com
  • dither.noise.ch
  • dl.google.com
  • example.com
  • ffmpeg.org
  • ftp://upload.ffmpeg.org
  • ftp://upload.ffmpeg.org/incoming/
  • gcc.gnu.org
  • golang.org
  • google.com
  • google.golang.org
  • googleapis.com
  • googleprod.com
  • http://bellard.org
  • http://libusb.info
  • http://msdn.microsoft.com
  • http://msdn.microsoft.com/en-us/library/ms792901.aspx
  • http://relaxng.org
  • http://www.bootchart.org
  • http://www.bootchart.org/
  • http://www.oasis-open.org
  • http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd
  • http://www.w3.org
  • http://www.w3.org/2000/xmlns
  • http://www.w3.org/2000/xmlns/
  • http://www.w3.org/2001/XInclude
  • http://www.w3.org/2001/XMLSchema
  • http://www.w3.org/2001/XMLSchema-datatypes
  • http://www.w3.org/2001/XMLSchema-instance
  • http://www.w3.org/2002/08/xquery-functions
  • http://www.w3.org/2003/XInclude
  • http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd
  • http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
  • http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
  • http://www.w3.org/XML/1998/namespace
  • https://clients2.google.com
  • https://clients2.google.com/cr/report
  • https://curl.haxx.se
  • https://curl.haxx.se/docs/http-cookies.html
  • https://developer.android.com
  • https://developer.android.com/studio/run/emulator-acceleration#vm-windows
  • https://developer.android.com/studio/run/emulator-acceleration.
  • https://dl.google.com
  • https://dl.google.com/dl/android/studio/metadata/emulator-feature-flags.protobuf
  • https://dl.google.com/dl/android/studio/metadata/emulator-feature-flags.protobuf.bin
  • https://gcc.gnu.org
  • https://gcc.gnu.org/wiki/AutoFDO.
  • https://pki.google.com
  • https://pki.google.com/roots.pem.
  • https://play.googleapis.com
  • https://play.googleapis.com/log?format
  • https://source.android.com
  • https://source.android.com/devices/tech/config/uicc
  • irWqeYlfrZ5.it
  • libusb.info
  • microsoft.com
  • midbuf.ch
  • msdn.microsoft.com
  • noise.ch
  • oasis-open.org
  • pki.google.com
  • play.googleapis.com
  • relaxng.org
  • source.android.com
  • type.googleapis.com
  • type.googleprod.com
  • upload.ffmpeg.org
  • www.bootchart.org
  • www.oasis-open.org
  • www.qemu.org
  • www.w3.org
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to RC5 or RC6
Uses known Mersenne Twister constants
Microsoft's Cryptography API
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExA
  • LoadLibraryExW
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
  • SwitchToThread
Can access the registry:
  • RegCloseKey
  • RegEnumKeyExA
  • RegEnumValueW
  • RegGetValueA
  • RegGetValueW
  • RegOpenKeyExA
  • RegOpenKeyW
  • RegQueryInfoKeyW
  • RegQueryValueExA
Possibly launches other programs:
  • CreateProcessW
Uses Windows's Native API:
  • ntohl
  • ntohs
Uses Microsoft's cryptographic API:
  • CryptAcquireContextA
  • CryptCreateHash
  • CryptDestroyHash
  • CryptDestroyKey
  • CryptEncrypt
  • CryptGenRandom
  • CryptGetHashParam
  • CryptHashData
  • CryptImportKey
  • CryptReleaseContext
  • CryptQueryObject
  • CryptStringToBinaryA
Can create temporary files:
  • CreateFileA
  • CreateFileW
  • GetTempPathW
Leverages the raw socket API to access the Internet:
  • WSACleanup
  • WSAEventSelect
  • WSAGetLastError
  • WSAIoctl
  • WSASetLastError
  • WSAStartup
  • __WSAFDIsSet
  • accept
  • bind
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostname
  • getnameinfo
  • getpeername
  • getsockname
  • getsockopt
  • htonl
  • htons
  • inet_ntop
  • ioctlsocket
  • listen
  • ntohl
  • ntohs
  • recv
  • recvfrom
  • select
  • send
  • sendto
  • setsockopt
  • shutdown
  • socket
Interacts with services:
  • OpenSCManagerA
  • OpenServiceA
  • QueryServiceStatusEx
Manipulates other processes:
  • OpenProcess
  • Process32First
  • Process32Next
Interacts with the certificate store:
  • CertAddCertificateContextToStore
  • CertOpenStore
Safe VirusTotal score: 0/68 (Scanned on 2022-04-23 03:13:10) All the AVs think this file is safe.

Hashes

MD5 6d71d213eba86637b2c973f5b7296207
SHA1 e5fbc5e66fde46a8dfade4031b46a295258ad0c6
SHA256 3553426e94aa9c2cbc038df708d018d5386b57b969583a72261df30a16284736
SHA3 be20698cd479f7febe6c28e7f4b1808b1e7f6015acc61d3cf28a5e9b1fb8b7e8
SSDeep 196608:8uT02CFx9AFlvJUfYSrYSYly5nzhpPt61wE0bbB5:nT01Fx9yvJEYSbzhplAJ0x5
Imports Hash 3abc9f5a22c31f6e7902b0c074a45b7d

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 10
TimeDateStamp 2022-Apr-07 18:55:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x1007000
SizeOfInitializedData 0x559a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000010052E4 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1d97000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 24ac60e93b54e71cdc1266f73d27276a
SHA1 9c1f272b83a35d933e06edb4fb5939abd1b3aeb1
SHA256 1042898d4a1523a1df6aa1e5e4cfbb05b4ba91505c85e5ad708bc6389841e108
SHA3 10229a96a378e73c16ad42e0ddfdadf76b91c25f48ba8dbf933e964465917556
VirtualSize 0x1006f36
VirtualAddress 0x1000
SizeOfRawData 0x1007000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.61538

.rdata

MD5 f972a6c7c97c0b25d860305f08978722
SHA1 8742a1f22e03568b92b4c7f6c4045042d3853851
SHA256 55233b53d446c89c15010e209c74a97bf2c7dac7f0d288afa80acf6038397796
SHA3 d3a65ce8372e674c54afdf773542e384046966e77f79ff988c9b48c258d23e95
VirtualSize 0x450794
VirtualAddress 0x1008000
SizeOfRawData 0x450800
PointerToRawData 0x1007400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.46871

.data

MD5 90e2f63651bc84efb7377c38c285a831
SHA1 4edf6568a172c19bb83927f27f46ec20663c01cf
SHA256 0d970075c9713ccfcdcf7a68545bee1f6203bf3d11f8bdbeab60d6bf64a7d51b
SHA3 a40ef60304efa05177e48b11cb5d0bf41dfdc1bf7dc3daf4c2c858d384168830
VirtualSize 0x860408
VirtualAddress 0x1459000
SizeOfRawData 0x30a00
PointerToRawData 0x1457c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.20395

.pdata

MD5 95e4932d3d03e88c47d03b964d2a2836
SHA1 b1927ee225bf85670509770d7dab0ea5c800355e
SHA256 29884ec92fc5eb5e42010ee3b8ae3e8497c708bf485955e07460a5900082dc5b
SHA3 61b195616b6ec5b38b379df38f03c9605aa159dda35cd25fcc98b0d27791ea2e
VirtualSize 0x7c89c
VirtualAddress 0x1cba000
SizeOfRawData 0x7ca00
PointerToRawData 0x1488600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.81895

.00cfg

MD5 a92bc37db320aa57c41adce661585792
SHA1 c803e4fd3f5f88fd4ee2e8d40771ed518884d030
SHA256 801b681c46fbd50909851bfae3598deeb9aa843328fa4b227d2015f7521a5a18
SHA3 7209d223d6dff1062c5c494b63b74da3efa9d4196d46ed37e9f78fdfbfff0b70
VirtualSize 0x28
VirtualAddress 0x1d37000
SizeOfRawData 0x200
PointerToRawData 0x1505000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.386578

.rodata

MD5 89744bdbc40ddf45c63010d555b9c938
SHA1 acda427dfeea63fe122db0639dd3c52dae3f2ee1
SHA256 9b2db4db9f6f0fb653b01b951d6a69aeb92a2c2a2e73c0677789462ac3ba7d1b
SHA3 15e553af1734e10db1ff1d7be81924b641528bcbfa248b23c7dae45bc0438424
VirtualSize 0x97b0
VirtualAddress 0x1d38000
SizeOfRawData 0x9800
PointerToRawData 0x1505200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.4108

.tls

MD5 4beb78eb37e038b49784d97374d95db5
SHA1 08a99a704f6d401e13241ee5feb2f3d91f6b84c4
SHA256 5c10f84f27ffa5621f89e2c5532bce5a08e46da56f35572b26813a5bb2227b9e
SHA3 97a0f6746d1d3330c2494f636107fc5f24ab0b8089171726165d1713485581df
VirtualSize 0x181
VirtualAddress 0x1d42000
SizeOfRawData 0x200
PointerToRawData 0x150ea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.136464

_RDATA

MD5 0bcb1860013959ee7ab8fdd0673e3264
SHA1 e5bec00a3af840f1d9a52d0a1147d24b3b53c100
SHA256 4e5dd4bdb3745d911b0494974dc86cc45c8a11715d8d7a194f02e1133e4843e8
SHA3 209fccc7d6981bea3f2bd2cc7b8cac64d674f76e09fc510f61273b036d6e6cea
VirtualSize 0x37310
VirtualAddress 0x1d43000
SizeOfRawData 0x37400
PointerToRawData 0x150ec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.91985

.rsrc

MD5 8059478af2d9c6f883970a2baa9b4441
SHA1 e4d2be9eda14705168892813364d10079b07f392
SHA256 1eacbc4729f2fe3683bd61faba47569c354bc67371f51d64aba6b5f370cbc22f
SHA3 3d9fd6bdb4336fa6a77654afd41d6effff685506de52b9bd53000f8c87e8c6c5
VirtualSize 0xd608
VirtualAddress 0x1d7b000
SizeOfRawData 0xd800
PointerToRawData 0x1546000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.3342

.reloc

MD5 cf5a4b15465ff5cdf81e6ced72341641
SHA1 69c4e0b9709cdb6c04161bd6a062a8b1e250a2e1
SHA256 4489f560abe94458dfa8d90403d48301525378940e7e7decaabab37770a3175b
SHA3 41671b6840c836f1776c61c967432903e06053b47b3f79daac2fcd9def5552bf
VirtualSize 0xd4b8
VirtualAddress 0x1d89000
SizeOfRawData 0xd600
PointerToRawData 0x1553800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.49497

Imports

KERNEL32.dll AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AreFileApisANSI
CancelIoEx
CancelWaitableTimer
CloseHandle
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWaitableTimerExA
DebugBreak
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitThread
ExpandEnvironmentStringsA
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeConsole
FreeLibrary
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessId
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadTimes
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
GlobalMemoryStatusEx
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
K32GetProcessMemoryInfo
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
OpenThread
PeekNamedPipe
PostQueuedCompletionStatus
Process32First
Process32Next
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SearchPathW
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetLastError
SetNamedPipeHandleState
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SleepEx
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoA
VirtualLock
VirtualProtect
VirtualQueryEx
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
MSVCP140.dll ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0facet@locale@std@@IEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?bad@ios_base@std@@QEBA_NXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?eof@ios_base@std@@QEBA_NXZ
?fail@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?init@?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAAXPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@_N@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?uncaught_exception@std@@YA_NXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
_Cnd_init_in_situ
_Cnd_register_at_thread_exit
_Cnd_signal
_Cnd_timedwait
_Cnd_unregister_at_thread_exit
_Cnd_wait
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_unlock
_Query_perf_counter
_Query_perf_frequency
_Strcoll
_Strxfrm
_Thrd_id
_Thrd_join
_Thrd_sleep
_Xtime_get_ticks
SETUPAPI.dll SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
ADVAPI32.dll CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
RegCloseKey
RegEnumKeyExA
RegEnumValueW
RegGetValueA
RegGetValueW
RegOpenKeyExA
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExA
SHELL32.dll SHGetFolderPathW
USER32.dll EnumDisplayDevicesW
GetDesktopWindow
GetSystemMetrics
ole32.dll CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoWaitForMultipleHandles
WS2_32.dll WSACleanup
WSAEventSelect
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
RPCRT4.dll RpcStringFreeA
UuidCreate
UuidCreateSequential
UuidFromStringA
UuidToStringA
d3d9.dll Direct3DCreate9
CRYPT32.dll CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringA
CertOpenStore
CryptQueryObject
CryptStringToBinaryA
WLDAP32.dll #301
#45
#22
#32
#26
#30
#35
#143
#200
#41
#33
#27
#50
#211
#60
#217
#46
#79
Normaliz.dll IdnToAscii
IdnToUnicode
IPHLPAPI.DLL GetAdaptersAddresses
GetInterfaceInfo
GetNetworkParams
VCRUNTIME140.dll _CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__intrinsic_setjmp
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
_purecall
_set_purecall_handler
longjmp
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr
wcsrchr
VCRUNTIME140_1.dll __CxxFrameHandler4
api-ms-win-crt-time-l1-1-0.dll _W_Getdays
_W_Getmonths
_gmtime64
_localtime64
_mktime64
_time64
clock
strftime
api-ms-win-crt-locale-l1-1-0.dll ___lc_codepage_func
_configthreadlocale
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf_s
_chsize_s
_close
_dup
_dup2
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_get_stream_buffer_pointers
_getcwd
_isatty
_lseek
_lseeki64
_mktemp_s
_open
_read
_set_fmode
_setmode
_sopen
_wfopen
_wfopen_s
_wfsopen
_wopen
_wpopen
_write
_wsopen_dispatch
_wsopen_s
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fputc
fputs
fread
fseek
fsetpos
ftell
fwrite
setvbuf
ungetc
api-ms-win-crt-runtime-l1-1-0.dll __p___argc
__p___argv
__sys_nerr
_beginthread
_beginthreadex
_c_exit
_cexit
_configure_narrow_argv
_crt_at_quick_exit
_crt_atexit
_endthread
_errno
_execute_onexit_table
_exit
_get_initial_narrow_environment
_getpid
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_dll
_seh_filter_exe
_set_app_type
_set_invalid_parameter_handler
_wassert
abort
exit
strerror
terminate
api-ms-win-crt-filesystem-l1-1-0.dll _access
_findclose
_fstat64
_lock_file
_stat64
_stat64i32
_unlink
_unlock_file
_waccess
_wchdir
_wchmod
_wfindfirst64i32
_wfindnext64i32
_wfullpath
_wmkdir
_wstat64
_wstat64i32
_wunlink
remove
rename
api-ms-win-crt-heap-l1-1-0.dll _aligned_free
_aligned_malloc
_aligned_realloc
_callnewh
_set_new_mode
calloc
free
malloc
realloc
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
_dclass
_dsign
_dtest
_fdclass
_fdtest
_isnan
acos
asin
atan
atan2
atan2f
atanf
cbrt
cbrtf
ceil
ceilf
cos
cosf
cosh
exp
exp2
exp2f
expf
fabs
floor
fmod
frexp
hypot
ldexp
llrint
llrintf
log
log10
log10f
log2
log2f
logf
lrint
lrintf
pow
powf
rint
round
roundf
sin
sinf
sinh
sqrt
sqrtf
tan
tanf
tanh
trunc
truncf
api-ms-win-crt-string-l1-1-0.dll _strdup
_stricmp
_strnicmp
_wcsdup
isalpha
isprint
ispunct
isspace
isupper
iswalpha
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
strtok
strtok_s
tolower
toupper
wcscmp
wcslen
api-ms-win-crt-environment-l1-1-0.dll __p__environ
_wgetenv
_wputenv
getenv
api-ms-win-crt-process-l1-1-0.dll _wspawnv
api-ms-win-crt-convert-l1-1-0.dll atoi
strtod
strtol
strtoll
strtoul
strtoull
wcstombs
api-ms-win-crt-utility-l1-1-0.dll _byteswap_uint64
_byteswap_ulong
_byteswap_ushort
bsearch
qsort
rand

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal 1
Address 0x1459d14

NvOptimusEnablement

Ordinal 2
Address 0x1459d10

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.64517
MD5 a494f5083c8e3b0410da405ecc5f5bf7
SHA1 ad8f5cf874d9fa1c3bc4ef70d63dd38210f571e1
SHA256 ca29a41f8fdce1476d73f5831c021efd709e53d67a331eb0f8b09351cd6c73ab
SHA3 76dbd04120a626971b83e81c794ff9cba9a5d4c6b98f7281fdbc7a1eb2f2845e

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.9915
MD5 a2900c987044699cee0b2ec6fb3f46f4
SHA1 341d40210533f49fbc075c635b6346b3977f008f
SHA256 4ad2f4d5fa403db39de13791d983a6fac161b9b1a68eeba54a810c5da52b45dc
SHA3 de18b68f1333d6510431a72b0ad1e916bb2dae9b0b3378fd1f48be24647fce2d

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.07933
MD5 20c6be73f01e5a71c70baf89e366fc70
SHA1 4373e81fd79f09bbe4b5e79eb9fc203973229a46
SHA256 c3971e0434b6208dd45ea98801883ac104c80d3b16e8795004cb7593495a68a8
SHA3 fd24ff0eba5c64023f6d900ea0a665a4d128c6f0786c5f7970fdbff7dd16a6f3

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.74404
MD5 2efb0299daf23c0a0fd8c9adf25d9b20
SHA1 5bf017cbff1a545bdb6672f509524e3ad91f49a4
SHA256 cbf15b259153d0526c329acdf1adfd22b04826e3be3e50401d0be55faafe15e1
SHA3 736b79e1afaf2dfe285fac2c513cbd1cf2c1497af851f9403c19b0f23480c292

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.42869
MD5 ca777f5aadd131bde461c6fac01730fb
SHA1 8c295d6930268884fc27a0f203c8c385579a5032
SHA256 862af957d742ca38dbbbfc17e8128bc8a4eb02080fd41f782577af980c5d6b0d
SHA3 ab350a7e6b641eff85689dc7282845db3a9ee28326287f839685efdf466baf27

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.61897
MD5 7a28a3886f3050366fd079b2afeaf791
SHA1 4de37759d254687fee50cacf53e070d20ad11981
SHA256 1a267a78f44ca72e53e796f0d778f0af134755a3fdf3afaf8266d7d15a626fe8
SHA3 273b25fa0414a8d0a5771ee74bff14700befa49ccff0a374793d5af464705d79

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.76617
MD5 a12a2584120c9491dfc7b5479bfbefe2
SHA1 64bd6badadfb5f52eff036fef5195ac04b55ce25
SHA256 2d0773f1d92ca11450ecdd1dde6c3f9a01ea3c34ea0f96ec01f84709cdfe97ba
SHA3 1e3397c5386b1588a4390e1d32477093ffc245719048c3e6a5ff1489117f0db9

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.528
MD5 76ed71525c4e2f270d77b61764fd5875
SHA1 b5ce53633fbd7a7bcef70b5f2cc77a9ba3e8a777
SHA256 6c359a7846dccf206c3d086a8c0c112cd7161ff6b5b1c9b081af350c71c782b6
SHA3 3683caba35224723213a4b875fff29fb4d8046685d5590add01876e33cab3b56

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1bd9
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.64575
Detected Filetype PNG graphic file
MD5 653581c4d3fd2b57ce9c1382acc4d8ee
SHA1 7a5c1193b4c49fba08c753c23cc6c36264ddbb50
SHA256 76a620907e40d47ead08bf6674932b12f24246e3f311719321341fe80bcb2986
SHA3 86ff6f1dca476e12e9feaaa024136485ff4a06ec6f8e4274be77b88b86fed686

10

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.85848
MD5 e8673f52dd0e0380471f61077c202055
SHA1 6da0978ef7139db4de2017b09cae39dbcb3a9855
SHA256 f94a5ce6297c2e58e3c7ab215a140f866f4e67151c2563ce69084f1f40ce7f5b
SHA3 16669684789400b1fbf2720810c3079188c9de35202be965e2732b010d182b8b

11

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.46289
MD5 2c9102faa718976d669133743d9011e1
SHA1 93c3b0990bb4564cd3f7f9671a5a07f55d464fb1
SHA256 230b54692db8ebe1f4376f3bd57a56dd7686d9c8ae5f9b8770eecc2fcf46fc87
SHA3 c251bab848ba928f031b1f84753ebc606f95d061ac7225e2d2280a855fce0e50

12

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.16431
MD5 ba5c0b7a5704929cb6a2c744c5272ebe
SHA1 49a8ad7018061257e3d5d9c5688957c321a27bed
SHA256 67f4bd736ee50557466dd4118951c8bb1535b58a5a1c007a598ab8e814082619
SHA3 9c6cc5660a40006a21fb5271a4170a9338eac69e1aeb23e9ce5e0dc97376b6ef

13

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.8592
MD5 f27fc158dbf9903b03a6b5a4d40a5fc6
SHA1 c02db824e1a2309ab25f6cf5b570ac7fa879158a
SHA256 8ea8be752539836d8a4858ed6c4b56d9afb72970b1d38a8353f2f8121ecaf27e
SHA3 d636817daa0436f73d161b04ac9d524b540e0ebda909918e326b002eaceea13d

14

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.70281
MD5 60b531e257fe8a33ec4fcc79d747e0d5
SHA1 9d64f83b78cd33b1b0664ca2c82a483747e04b7d
SHA256 54825226674985b868cd00e36b5c44e1379b4c48be377bb752ca8d506e71a15d
SHA3 2e3d5253ec5267413a7121485bf9a4402d82cdd5d61e4135a2017943639486ad

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0xca
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.11949
Detected Filetype Icon file
MD5 7fcccbd021e1f2d5cd6b564261f23fdd
SHA1 db7184cf504e715f6a227929003c86926ac780d0
SHA256 b8bbc86b467ece60a9d0c2a0497ee23b11957a0592e85f4d161ce7d2022d0657
SHA3 42d5eb4f3d6239bc8689d028e9b0a86c2c6aaa2125479eea2cf95910850ff56e

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2022-Apr-07 18:55:57
Version 0.0
SizeofData 104
AddressOfRawData 0x1353548
PointerToRawData 0x1352948
Referenced File C:\buildbot\src\android\emu-31-stable-release\out\build\debug_info\emulator.pdb

TLS Callbacks

StartAddressOfRawData 0x141d42000
EndAddressOfRawData 0x141d42180
AddressOfIndex 0x14148a3b8
AddressOfCallbacks 0x141353688
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_64BYTES
Callbacks 0x0000000140524C58

Load Configuration

Size 0x138
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x141459238

RICH Header

Errors

[*] Warning: 1 invalid export(s) not shown.
<-- -->