6f5c34ff4e3f080c686989c57b6583fe

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2052-May-24 13:19:29
Debug artifacts C:\ADE\aime_1\efcore\2.2\src\obj\Release\netstandard2.0\Oracle.EntityFrameworkCore.pdb
Comments Oracle Data Provider for Entity Framework Core (Beta).
CompanyName Oracle Corporation
FileDescription Oracle.EntityFrameworkCore
FileVersion 2.0.19.1
InternalName Oracle.EntityFrameworkCore.dll
LegalCopyright Copyright (C) Oracle Corporation 1998-2019. All Rights Reserved.
OriginalFilename Oracle.EntityFrameworkCore.dll
ProductName Oracle Data Provider for Entity Framework Core (Beta).
ProductVersion 2.0.19.1-20191007
Assembly Version 2.0.19.1

Plugin Output

Suspicious The PE is possibly packed. The PE only has 1 import(s).
Malicious The program tries to mislead users about its origins. The PE pretends to be from Oracle but is not signed!
Safe VirusTotal score: 0/69 (Scanned on 2019-11-19 10:15:32) All the AVs think this file is safe.

Hashes

MD5 6f5c34ff4e3f080c686989c57b6583fe
SHA1 39b6e6e52afc0fd2003891bbbb943828dd8edead
SHA256 31a0eaa746052ef7c1bef687d2d473a435a6ec2a1349beacad6fa52b8f0ad121
SHA3 ae4e9d916e6a1e60a80c68f09ef89d1476c7850325d465c234a9a7ce8710dd20
SSDeep 6144:S56JbAPT2mOnAjt6Ksg6dNm2sIqwSqYi6o53VC:t9APT2mOn8t6Ksg6bmQd7C
Imports Hash dae02f32a21e03ce65412f6e56942daa

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2052-May-24 13:19:29
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x43a00
SizeOfInitializedData 0x800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00045932 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x46000
ImageBase 0x10000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x4a000
SizeOfHeaders 0x200
Checksum 0x4561b
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 07c776005dfcb120f890e87552d6265e
SHA1 c48b53536c1b068fae8002ebf03238c478ec9389
SHA256 89623c8a4974e49d05283bc3392e508a70235194fb1ce497491d8dde9b7643ea
SHA3 5784f23592aaa3f2937b9272adb3c828ae320f1c23d755673630f08e085d3565
VirtualSize 0x43938
VirtualAddress 0x2000
SizeOfRawData 0x43a00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.98133

.rsrc

MD5 c26faac9abe28349df7c3942344572c4
SHA1 ca6f987e4f64155ca8148cee0972f8ee006ffdb9
SHA256 fc21956490b09304ffaface83be15a0917c387bfbbf059a984ec2303fabb2811
SHA3 5f9e2275b79d4b3a94357453bdfba073cce19669e336fdacb53f123770bf18e1
VirtualSize 0x520
VirtualAddress 0x46000
SizeOfRawData 0x600
PointerToRawData 0x43c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.95698

.reloc

MD5 59dcb4bf4ccedc665098b589f24f7173
SHA1 35d9aa3caba94dc71a631be6cd4d6d1c0bbc8449
SHA256 a197168ff34c75661a1b6079567239082d405cff478335c69628279a0ce1c3b5
SHA3 e1f636018b9acca1baf73641b7e05e74ee9c01c1b3ba07989c059256c0482e14
VirtualSize 0xc
VirtualAddress 0x48000
SizeOfRawData 0x200
PointerToRawData 0x44200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorDllMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x4c2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.42725
MD5 3dbc60428b1d342a46b5a131a445382a
SHA1 2baeffbc0eb67005890a932e464b311876095dba
SHA256 a79ee7158cfda31f3c96e7bdcd17774e6f19e48c97727e0614feb013aee3639d
SHA3 18cdd8163a6e4197a52b75b074d3c0ab863e0202556f5a81a5408e51f53e8cb7

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.0.19.1
ProductVersion 2.0.19.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_DLL
Language UNKNOWN
Comments Oracle Data Provider for Entity Framework Core (Beta).
CompanyName Oracle Corporation
FileDescription Oracle.EntityFrameworkCore
FileVersion (#2) 2.0.19.1
InternalName Oracle.EntityFrameworkCore.dll
LegalCopyright Copyright (C) Oracle Corporation 1998-2019. All Rights Reserved.
OriginalFilename Oracle.EntityFrameworkCore.dll
ProductName Oracle Data Provider for Entity Framework Core (Beta).
ProductVersion (#2) 2.0.19.1-20191007
Assembly Version 2.0.19.1
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2088-Aug-01 23:48:31
Version 256.20557
SizeofData 111
AddressOfRawData 0x45848
PointerToRawData 0x43a48
Referenced File C:\ADE\aime_1\efcore\2.2\src\obj\Release\netstandard2.0\Oracle.EntityFrameworkCore.pdb

UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 1.0
SizeofData 39
AddressOfRawData 0x458b7
PointerToRawData 0x43ab7

UNKNOWN (#2)

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->