Manalyze report for 7236759f5be794db8cee82c13591b43d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2016-Dec-09 02:34:22
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows PowerShell
FileVersion	`10.0.14409.1005 (rs1_srvoob.161208-1155)`
InternalName	POWERSHELL
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	PowerShell.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.14409.1005`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: rShell.EXE`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Suspicious	The PE is possibly a dropper.	`Resources amount for 80.8231% of the executable.`
Suspicious	VirusTotal score: 1/66 (Scanned on 2019-07-24 16:01:48)	`CrowdStrike: win/malicious_confidence_60% (W)`

Hashes

MD5	`7236759f5be794db8cee82c13591b43d`
SHA1	`285cf047cecc32a155d679ded641ebd3397fd807`
SHA256	`a987dfaaa60615b2e29058ca6a830382782d9968e17b81a3be33c7bdda926a85`
SHA3	`d8e79ad22874de7609f0b4def395f06bb9f3f3d8cedc98647968a519559bca7a`
SSDeep	`192:oG066GspudUCzwlBbD4OdKCKB3xWSlkW:oG066bpupzsbDrnKBBWSlkW`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2016-Dec-09 02:34:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x8200`
SizeOfInitializedData	`0x64800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000007C50 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x13feb0000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x70000`
SizeOfHeaders	`0x400`
Checksum	`0x708dd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d16e5b9aa888c3c6d83c2773d1f46017`
SHA1	`9bfc766a0600666bc97abfd999360feb47769090`
SHA256	`72ffff370b5cc9b0e1af8e25bab0cad9aaae520db88c98f09adc529e0b368a8e`
SHA3	`5153d54f22b69f1417e39cc4a02bf0857f9a40e9df2c14e90b123a6bc3a03159`
VirtualSize	`0x800a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.rdata

MD5	`6e2b94aa0541bd23fa4a27e03eafa7ba`
SHA1	`c32bc076c8dd9c97f5b4ec15ef86eebf6347dc0e`
SHA256	`be1b54d967e7a8483c9c9fc44b3561e29b55fd29a85423b2a9c362175a38c105`
SHA3	`cde98f8a8c6061429b7f0515e7dbfaea5ccc6ee3f5c13673d6dd3cec25461283`
VirtualSize	`0xa750`
VirtualAddress	`0xa000`
SizeOfRawData	`0xa800`
PointerToRawData	`0x8600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.451033`

.data

MD5	`53e979547d8c2ea86560ac45de08ae25`
SHA1	`53ea2cb716f312714685c92b6be27e419f8c746c`
SHA256	`80422bc3d307b4a25bdafcc84ac7fb01cb55a09810e8b0f37bb12e0edb5c48ca`
SHA3	`98b444d887d755b7913e4a144d8a6ac6d1f2d7f0c3db6ba026997ec5f45d9573`
VirtualSize	`0xe58`
VirtualAddress	`0x15000`
SizeOfRawData	`0x600`
PointerToRawData	`0x12e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`c99a74c555371a433d121f551d6c6398`
SHA1	`605db3fdbaff4ba13729371ad0c4fbab3889378e`
SHA256	`e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad`
SHA3	`463c61ad03873aa9e82581205205acc3d3c8346c7037c43e4e241ee529f2dc27`
VirtualSize	`0x654`
VirtualAddress	`0x16000`
SizeOfRawData	`0x800`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.rsrc

MD5	`9c0b67767e2f529e78d9eb7dda519f50`
SHA1	`64384c7564007206603dce6b12ee62ba19c54725`
SHA256	`25d06bf6d055ede0b9b05d1caddd16f9eeee31f92fa672bfffa95562e1d29493`
SHA3	`fa68a80659b5cc49abe11d0c831d0fa38ad6dfae744da0042018f23013f8b855`
VirtualSize	`0x57d88`
VirtualAddress	`0x17000`
SizeOfRawData	`0x57e00`
PointerToRawData	`0x13c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.216839`

.reloc

MD5	`a371492f16c0940507435909603efe88`
SHA1	`4358194749214d739152fa635bff9e886e4d692b`
SHA256	`8ce8ba8e726ee8925e6560d86ac35be1097691d1cfac888e6bd20e804ea9eb15`
SHA3	`79e8b1af8bfad02c4b388db91dd31d7c372948ae681a5e87e6514725e44174a8`
VirtualSize	`0x920`
VirtualAddress	`0x6f000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x6ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

Delayed Imports

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64596`
MD5	`384ee455d497f326d51d154b074aaf2e`
SHA1	`ad45ed96ef7ce71a7fee19e05cf31b2ae3e14f9f`
SHA256	`4f5fe6829e022189fba9840744209445dd82d0b325c2c89cd2e22c3ea2f9b95d`
SHA3	`1b77c3e04c83ea044ae452fa08047c70c35f51fab195a5907bd831e829f14758`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2fbe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.943052`
Detected Filetype	PNG graphic file
MD5	`7cf0c323ca343f4ef5122f139f27f4ec`
SHA1	`25395c81784ed8b94335ffc7e379ce41b2a5aefd`
SHA256	`353d86b89e89a270c135412cb32e0416b5b5912933ec8f7ab1938f998d29aac2`
SHA3	`4ec80a277b9e1e7c15b71d0fd7072de2ff5564dc07138f73ccb886bed9b759c4`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a1d853a12d3da57bf855c0f18064673a`
SHA1	`dc0a53b1c9e4ed1a37de014b2dcba5bdcb476ae3`
SHA256	`93a6b7009aad69e3fe1e8f9657cbe707fbeded604bf2b21b355389a02e10719b`
SHA3	`d19b6f97424ae6ad723894ca5f975cd766cbd541a8ab0ed9aee90232a13f5084`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`5f47a9d9640cc99d066c5784ba9df434`
SHA1	`816875cae3e19301f90358469c53cdd91d33af34`
SHA256	`559eb05d39a8e243be3e4b051e94f6572a487cc6f90c4847f333d61fe887b28d`
SHA3	`fc26364868396d506e74e7070d46e4704b69e6b1a2a50ac14c10542c18892e76`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`43eea724fa1895db138351b18c847aa8`
SHA1	`1e35513d074fef2b1be911a61b098108b03cb9d3`
SHA256	`c004f95b3975a21140b986774b9d3a2264305eb45af662b40575cc2981e4824f`
SHA3	`0306d3757888f7955a27ed79ee7b64857ccaedb0426d5ce4f35bf8062628df0b`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`90d19bb4d7b1bd1f5622b062bc0891cf`
SHA1	`91510007472b7a3315cedbda969a5be3b5cde65d`
SHA256	`6389684b4c4ad12dc53c8cbbce4cf65f283c8fb4d8b98d90df7485a9424873fa`
SHA3	`d14149dadcdecf72a0be141f3642cceaf76d53cdf92bc5558735d47dd9b03805`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`3462b7a2cb5f489f9e9012eb56787cc8`
SHA1	`7f3770ad113e424f8191654cd2fc5ff451a46ad9`
SHA256	`e3341c3186e13ce5b81511d3aa442c73c704a38f108b73cb41e1ae3490ceb346`
SHA3	`2f2a3475eab6b1ad1854fa88088f456fa5dc0ba3ae36c27c68b07835c76a2f54`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`540f34fd91d826aed8a7db434b3e58f2`
SHA1	`4110d0aa3e365645f498341a04e7818ff007fab6`
SHA256	`7f940f388dff02a4f956e483bb83d796c6b7e80d40704e13c67505a1cdf779b0`
SHA3	`96b66d01659b38cc4eaaa843f94970fe9977d9f4d075aa2d4d2c54201ec2a870`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7e1b34650fb04bc15a494a1d712cffee`
SHA1	`43e1808e4308baf093556946552f4fabc05278d8`
SHA256	`3731b0a75ab19d96b774da62d37eccacd517c6593af20aa66525dc0b951cdba9`
SHA3	`79a9c096a1a56ae4f98f1e8ad4c44fa5c08e5d98e745898df9031e3b3a13c46c`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`7371e95ba5fa6610d14c061379672043`
SHA1	`b89b3859959484bf522a89e5fbb1f3b2f328c348`
SHA256	`b8883734e15688eb76e149e782b649a1cb93e3d651423484cc2b2a3594154aa8`
SHA3	`4d4a9ae220fbfcb549d40c2cc59ca08fe518cec24373667670031b6cd105ec1b`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`809457c05fe696f5d34ac5ac8768cdd4`
SHA1	`a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9`
SHA256	`1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be`
SHA3	`002d1b10f28d74c7572fc7c5b403eb32f2a0540c4958d7878ef67edfd17c8109`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`cc47869e3b4a5dedfc1831bb15dee3a9`
SHA1	`b3eca1862c3ea0da9b9a5ebba1f2f9d1789f0e9f`
SHA256	`f8afcaf4ddde4b7d144069a66a2a5f6ee05b9652f6de33095ae49251486216af`
SHA3	`7efdc4ef6ed4576da2626bf5cf624812cc945e6c8957f51a10d463337ca2a462`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`982079681d7ad12766abc44f06946f3e`
SHA1	`50f73ed0787bf5911bb907e487efbc84a9714e48`
SHA256	`250f52cb2d6f1966a29f6ac771fa1cd185b8f8531396c8a4026c0fe635617e0c`
SHA3	`b8805d45012d79cfa8bb45e23c9b4a4421cd91538d569e58437efa0f545cf4d4`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`0d3a12fd3f68decc694da04b57e61d8c`
SHA1	`f73d4d591f6ef0b2b04fc90d2e840329f7590743`
SHA256	`ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76`
SHA3	`42ec79da319d9c0b1f8ee21fbb28002d15857d9af0c8a1f2db5e41f6c5e23c88`

14

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`28f8d082df931688124f25f23c688904`
SHA1	`2f057655ecdd3ab25cfe985714e270786ce16cae`
SHA256	`4e7a8c59942ff527ff680aa88cc66bb8c8e7b6c02a018bc85ba36794e278670f`
SHA3	`99f004163a598b6df87372bd9b7d5e7704dbfdf7cfb3ec96da9e31c0275f7465`

15

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a2820cae8201eadc4f97314c0f38bd56`
SHA1	`d07ccf6e76d35ccc35ac3b00afb9013717a6f6bc`
SHA256	`5143e23147bfac51c54586986c429d702b87f5dffb2cc307ddb1b54a0b082250`
SHA3	`623edf57cca3dd10a5f11fb085687467b014a13dccd5ca59907eddecc41bb6a8`

16

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`a42b23f1c58701e073db2e9de0b27333`
SHA1	`f22232cbadff165ceb212527a6d77124312d0688`
SHA256	`e253c6a87bdd62e771c0ef1b9850dbc9523c51408ca282f994d3530dbbad9b11`
SHA3	`bc93a26ac3218cac12b89fa3242b509e44b087d2c22a54d9a47c63692dc8dc57`

17

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`3e8f9320aa57fef5d0039fa180e59cda`
SHA1	`ffe4e0be0d9741b9af2b03a7354c9ddf61a7e216`
SHA256	`2139ff93e03565ba4c5f03920d69c0cd49ef4542a36e823280fbc2e01952e123`
SHA3	`100c8d5ec0eb273fd2793e1400dabed061eb5b4073b10ad73b2e18e697592b6b`

18

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`5f47a9d9640cc99d066c5784ba9df434`
SHA1	`816875cae3e19301f90358469c53cdd91d33af34`
SHA256	`559eb05d39a8e243be3e4b051e94f6572a487cc6f90c4847f333d61fe887b28d`
SHA3	`fc26364868396d506e74e7070d46e4704b69e6b1a2a50ac14c10542c18892e76`

19

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`90d19bb4d7b1bd1f5622b062bc0891cf`
SHA1	`91510007472b7a3315cedbda969a5be3b5cde65d`
SHA256	`6389684b4c4ad12dc53c8cbbce4cf65f283c8fb4d8b98d90df7485a9424873fa`
SHA3	`d14149dadcdecf72a0be141f3642cceaf76d53cdf92bc5558735d47dd9b03805`

20

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00041`
MD5	`d1f8cbb27d4c601fe9a0848613257943`
SHA1	`cea3e36fdf151d7f34dce3b2aa30c6277e7cab61`
SHA256	`97d339f77e1fd90b196d6897a91b2e15d0d4ef48137cd8dcd212153ddc9aed3d`
SHA3	`6be9134e73216a0fc5d7baa736ffab5959eadfeb06b6f780f8978d959c9cf444`

21

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58762`
MD5	`2170f60038cfb7b61ef307bdf990e683`
SHA1	`8d64b7058e7ed75c867f30c853d840a1bb61d60c`
SHA256	`381aa9842cb77786dd2bc252c72a4176f4286fa398f964d3e893e98bad3c3a98`
SHA3	`aa7a7b64dc1a98e3d8f2907a64d3f1e14e3928b5505327e004311be259ae88c8`

MSH_MAIN

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`1a6bf84723f4e07dc1f35f162acec19b`
SHA1	`13ac7900e24c5183b00479e52a43dc11663bbacf`
SHA256	`017ab4b70ea129c29e932d44baddc185ad136bf719c4ada63a10b5bf796af91e`
SHA3	`2d3e6092d11f20eea76af37b4a5402ec1c5843bb867a0f2f816b9493de2ea6b8`

MSH_SECURITY

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1232`
Detected Filetype	Icon file
MD5	`237321df738bbd3e4f28d466f1373e2d`
SHA1	`f556140fbd7e26a098652228976c4ab20f0d8f24`
SHA256	`ac86dab55aac4069bb30fb3c0af4f5ec80a384b3ef24300b67af6fdd76f065f5`
SHA3	`197282d449732803dbe09e523d766316c7f497d8731183c7fdb6950b3a5c2d2a`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5287`
MD5	`acaf2dee081dc87a87ad39bf438e978a`
SHA1	`3df5713ee3d5b3ee0b2109e26363416e6b4adfca`
SHA256	`9e7708d998f181e5e4a6d7123b8d9651ea2a5a746cb7d3ca5eb503690a955068`
SHA3	`ba133b6efb0677f1f062b7f9bbea4b49ec45cc0993dabf04ef7773441e3b9579`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6a3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09576`
MD5	`866de8e3ef941d3cfc4b390448c5d9a8`
SHA1	`4b4c56a92eda4089b8944b7f676e5d836545e417`
SHA256	`e9c90370d42bbbc667e06a41ad0c37e452b7fff648a360ffb2d3239d0629dd92`
SHA3	`b9447d6e2f12e62dd78dd147e79e02f64bee5babdc544ad12588f9bfd161d6cd`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.14409.1005
ProductVersion	10.0.14409.1005
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows PowerShell
FileVersion (#2)	10.0.14409.1005 (rs1_srvoob.161208-1155)
InternalName	POWERSHELL
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	PowerShell.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.14409.1005

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

IMAGE_DEBUG_TYPE_UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`
GuardCFCheckFunctionPointer	`0`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x494105e8`
Unmarked objects	`0`
Imports (VS2008 build 21022)	`2`
ASM objects (23917)	`2`
C objects (23917)	`20`
C++ objects (23917)	`8`
Imports (23917)	`15`
Total imports	`129`
265 (23917)	`13`
Resource objects (23917)	`1`
Linker (23917)	`1`

7236759f5be794db8cee82c13591b43d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

MSH_MAIN

MSH_SECURITY

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_UNKNOWN

IMAGE_DEBUG_TYPE_UNKNOWN (#2)

TLS Callbacks

Load Configuration

RICH Header

Errors