Manalyze report for 72d7b687bc2237b353193c3fff62bdc5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Jun-12 00:16:12
TLS Callbacks	2 callback(s) detected.
Debug artifacts	D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb
Comments
CompanyName	Dynastream Innovations
FileDescription	FitGen
FileVersion	`21.194.0.0`
InternalName	FitGen.dll
LegalCopyright	Copyright © Dynastream Innovations 2015
LegalTrademarks
OriginalFilename	FitGen.dll
ProductName	FitGen
ProductVersion	`production/release/21.194.0-0-g65135fc`
Assembly Version	21.194.0.0

Plugin Output

Info	Matching compiler(s):	`.NET DLL -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: exploit` Contains domain names: apache.org artifactory.garmin.com birthpopuptypesapplyImagebeinguppernoteseveryshowsmeansextramatchtrackknownearlybegansuperpapernorthlearngivennamedendedTermspartsGroupbrandusingwomanfalsereadyaudiotakeswhile.com central.sonatype.com connect-nexus.garmin.com consumer.garmin.com crl.microsoft.com developer.garmin.com forums.garmin.com garmin.com genretrucklooksValueFrame.net github.com go.microsoft.com http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://go.microsoft.com http://go.microsoft.com/fwlink/?LinkId http://manifests.microsoft.com http://manifests.microsoft.com/win/2004/08/windows/events http://maven.apache.org http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd http://schemas.microsoft.com http://schemas.microsoft.com/win/2004/08/events http://www.C http://www.a http://www.css http://www.hortcut http://www.icon http://www.interpretation http://www.language http://www.microsoft.com http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pkiops/Docs/Repository.htm0 http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crt0 http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crl0w http://www.microsoft.com0 http://www.style http://www.text-decoration http://www.unicode.org http://www.unicode.org/versions/Unicode8.0.0/ch03.pdf http://www.w3.org http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/shortcut http://www.wencodeURIComponent http://www.years https://aka.ms https://artifactory.garmin.com https://artifactory.garmin.com/ui/native/fitsdk-releases-garmin/ https://central.sonatype.com https://central.sonatype.com/artifact/com.garmin/fit https://connect-nexus.garmin.com https://connect-nexus.garmin.com/#browse/browse https://connect-nexus.garmin.com/#browse/search/maven https://developer.garmin.com https://developer.garmin.com/fit https://developer.garmin.com/fit/cookbook/ https://developer.garmin.com/fit/cookbook/decoding-activity-files/ https://developer.garmin.com/fit/cookbook/encoding-activity-files/ https://developer.garmin.com/fit/cookbook/encoding-course-files/ https://developer.garmin.com/fit/cookbook/encoding-workout-files/ https://developer.garmin.com/fit/fitcsvtool/ https://developer.garmin.com/fit/overview/ https://forums.garmin.com https://forums.garmin.com/developer/ https://github.com https://go.microsoft.com https://go.microsoft.com/fwlink/?LinkID https://itstash.garmin.com https://itstash.garmin.com/projects/FITSDK/repos/swift-sdk' https://itstash.garmin.com/projects/FITSDK/repos/swift-sdk/browse https://jira.consumer.garmin.com https://jira.consumer.garmin.com/browse/CA-76065 https://jira.consumer.garmin.com/browse/CA-86049 https://maven.apache.org https://maven.apache.org/what-is-maven.html https://mirrors.garmin.com https://mirrors.garmin.com/ui/packages/nuget https://mirrors.garmin.com/ui/packages/pypi https://pypi.org https://stackoverflow.com https://www.World https://www.java.com https://www.java.com/en/download/ https://www.npmjs.com https://www.npmjs.com/package/ https://www.nuget.org https://www.nuget.org/packages/Garmin.FIT.Sdk https://www.oracle.com https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html https://www.recent itstash.garmin.com jira.consumer.garmin.com manifests.microsoft.com maven.apache.org microsoft.com microsoft.net mirrors.garmin.com nexus.garmin.com npmjs.com nuget.org oracle.com python.org schemas.microsoft.com sonatype.com stackoverflow.com thing.org unicode.org www.java.com www.microsoft.com www.npmjs.com www.nuget.org www.oracle.com www.python.org www.unicode.org www.w3.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to RC5 or RC6`
Suspicious	The PE is possibly packed.	`Unusual section name found: .CLR_UEF` `Unusual section name found: Section`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryExA LoadLibraryW LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegGetValueW RegQueryValueExW RegOpenKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetKernelObjectSecurity`
Malicious	The PE is possibly a dropper.	`Resource MINIDUMP_EMBEDDED_AUXILIARY_PROVIDER detected as a PE Executable.`
Suspicious	The file contains overlay data.	`6559205 bytes of data starting at offset 0x937e00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`72d7b687bc2237b353193c3fff62bdc5`
SHA1	`97063a9c3043bc38834c784a9a9124a60f03df47`
SHA256	`0258a8ac951f6a3ded9d12fd24370ce09e7024dc9aa88f6651938c143aedb20b`
SHA3	`56ce9165dc0a8c740ce1696ebb252cc6f810935b41dfc47303e669c6b082b6d3`
SSDeep	`196608:e9RqywLxg3DdocGGV7NAfgvqyle7Rohj89D5o:qR6NgT1V7N3eihj8bo`
Imports Hash	`5545807884bf305f7eb9b76b85db6b0c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2025-Jun-12 00:16:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x614c00`
SizeOfInitializedData	`0x322e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000005CA0D0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x954000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`54360247fd41fdaccfac9352c3e262b2`
SHA1	`15e0e552f8b8e17230768e591266f8ef00f6809e`
SHA256	`f7513d852f25e2034865140ae114996e02c15545e8ca5d536c1367db0f3d737c`
SHA3	`17faac3ff6889e846ced8bed1a3474eac49721f8a6e7715dc70dab2bc0ab285f`
VirtualSize	`0x61488c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x614a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45355`

.CLR_UEF

MD5	`7363c89121829f7071ca61594376103b`
SHA1	`0795693d13e17fbc26cf643c01cf486355eb7607`
SHA256	`80a7214100dc0ac2ea66cb827d673e9d678e640afc74830779a21b45a11cc04b`
SHA3	`98caa16c0d053dbd8cd45be62636d4f634c47bfb9c54a5ded3603af3076d0a00`
VirtualSize	`0xdd`
VirtualAddress	`0x616000`
SizeOfRawData	`0x200`
PointerToRawData	`0x614e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.10918`

.rdata

MD5	`3854e847b60a1036eac811ba3fa24dcb`
SHA1	`5113a882e43b7244ddee8c333bb051955e331424`
SHA256	`b17ecc256548b77b51ed401c8a81c9cddaf63abbc44079df11274a878a6948a1`
SHA3	`31558bb80e8bea3a922a4771ad8954225080e3f0bd13b653d784686d56a7a814`
VirtualSize	`0x17ee92`
VirtualAddress	`0x617000`
SizeOfRawData	`0x17f000`
PointerToRawData	`0x615000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.67397`

.data

MD5	`17172f6742bcf69f7293198fb0ca167e`
SHA1	`a762f6d9fa138e3008d64c184e4937a95373c24b`
SHA256	`97dc428f6f15be2de4035136d4683fe882f579f8bf5e4520f25ceb974ab9bc6c`
SHA3	`7ad99ad7e0e9244001957ed3c831d2045761545a5f0f4f5cf63e16f5a482d178`
VirtualSize	`0x1ffd4`
VirtualAddress	`0x796000`
SizeOfRawData	`0x9800`
PointerToRawData	`0x794000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.33082`

.pdata

MD5	`7896b30bd0a080f93710f1fb08d4c0d5`
SHA1	`aa3a02e36befc780f7c21fcc3f88e81922ae6a96`
SHA256	`7365f6007eef7c8c1140b15d7f709dc78e427a1943c0ac0a374c335f200048ae`
SHA3	`95a68c8645fd70a37cda5f9dd93fd6517701e5ccd60b2d0d799158983a39a78c`
VirtualSize	`0x3633c`
VirtualAddress	`0x7b6000`
SizeOfRawData	`0x36400`
PointerToRawData	`0x79d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.50524`

.didat

MD5	`55b767b6d26ee0564e834957245a5de7`
SHA1	`de330847fa596fe9303171affed02c528194f23b`
SHA256	`9e08eadbac27fd096edd0f21f229fcca461fb8d5788c4e715fda324e7d3d4c00`
SHA3	`ba0f57a0c3491d0bfbb7ff592b716d9305df75df87e1313de3d59b42bc8541f8`
VirtualSize	`0x38`
VirtualAddress	`0x7ed000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7d3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.409831`

Section

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x7ee000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7d3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

_RDATA

MD5	`617430a8cd708dda1865fee2910d8a1a`
SHA1	`b2d344e99eaf406f9d735221b7e4be4a00b5dc4c`
SHA256	`46fcf6f9bc3d68ed740f4c7a9ec00a525bf1567d1b3292ea60a0f225dec677f1`
SHA3	`4cb75c28b76b7e3356736ef0006976b6595b0fdd1d2e93a03ccae4ac27bb3445`
VirtualSize	`0x13208`
VirtualAddress	`0x7ef000`
SizeOfRawData	`0x13400`
PointerToRawData	`0x7d4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.48272`

.rsrc

MD5	`85453ded7d3f065b366287ca805bc98b`
SHA1	`22ea4fcbe9107a2c9b6e9ad8dff175078db273eb`
SHA256	`52777f0183d2c2a6284c2d1f53ee111a1062e40a9e4d6b704018ce8f7a0358b8`
SHA3	`3365323b4c9d737c3ef6cf8be57a0afc23a302e3ebf78396997172ea552f54ad`
VirtualSize	`0x148948`
VirtualAddress	`0x803000`
SizeOfRawData	`0x148a00`
PointerToRawData	`0x7e7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.35362`

.reloc

MD5	`1af214cd2cecd0254b296703f6afb0de`
SHA1	`23ca52b6126b8d955b7e3fec21a139fd821406d4`
SHA256	`18d8a2e5c2cfc22fc13c37bf3b616be101a64fd41d680eabeb18622aa42df87e`
SHA3	`1c096608eedadb45bce07502ea43470b04bc6528ae7da0cadcf568e62e606164`
VirtualSize	`0x7e38`
VirtualAddress	`0x94c000`
SizeOfRawData	`0x8000`
PointerToRawData	`0x92fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.44852`

Imports

KERNEL32.dll	`RaiseException` `FreeLibrary` `SetErrorMode` `RaiseFailFastException` `GetExitCodeProcess` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `AddVectoredExceptionHandler` `MultiByteToWideChar` `GetTickCount` `FlushInstructionCache` `QueryPerformanceFrequency` `QueryPerformanceCounter` `RtlLookupFunctionEntry` `LocateXStateFeature` `RtlDeleteFunctionTable` `InterlockedPushEntrySList` `InterlockedFlushSList` `InitializeSListHead` `GetTickCount64` `DuplicateHandle` `QueueUserAPC` `WaitForSingleObjectEx` `SetThreadPriority` `GetThreadPriority` `GetCurrentThreadId` `TlsAlloc` `GetCurrentThread` `GetCurrentProcessId` `CreateThread` `GetModuleHandleW` `WaitForMultipleObjectsEx` `SignalObjectAndWait` `RtlCaptureContext` `SetThreadStackGuarantee` `VirtualQuery` `WriteFile` `GetStdHandle` `GetConsoleOutputCP` `MapViewOfFileEx` `UnmapViewOfFile` `GetStringTypeExW` `InterlockedPopEntrySList` `ExitProcess` `Sleep` `CreateMemoryResourceNotification` `VirtualAlloc` `VirtualFree` `VirtualProtect` `SleepEx` `SwitchToThread` `SuspendThread` `ResumeThread` `InitializeContext` `SetXStateFeaturesMask` `RtlRestoreContext` `CloseThreadpoolTimer` `CreateThreadpoolTimer` `SetThreadpoolTimer` `ReadFile` `GetFileSize` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `CreateEventW` `SetEvent` `ResetEvent` `GetThreadContext` `SetThreadContext` `GetEnabledXStateFeatures` `CopyContext` `WerRegisterRuntimeExceptionModule` `RtlInstallFunctionTableCallback` `GetSystemDefaultLCID` `GetUserDefaultLCID` `RtlUnwind` `HeapAlloc` `HeapFree` `GetProcessHeap` `HeapCreate` `HeapDestroy` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `FormatMessageW` `CreateSemaphoreExW` `ReleaseSemaphore` `GetACP` `LCMapStringEx` `LocalFree` `VerSetConditionMask` `VerifyVersionInfoW` `QueryThreadCycleTime` `GetLogicalProcessorInformationEx` `SetThreadGroupAffinity` `GetThreadGroupAffinity` `GetProcessGroupAffinity` `GetCurrentProcessorNumberEx` `GetProcessAffinityMask` `QueryInformationJobObject` `CloseHandle` `GetSystemTimeAsFileTime` `GetModuleFileNameW` `CreateProcessW` `GetCPInfo` `LoadLibraryExW` `CreateFileW` `GetFileAttributesExW` `GetFullPathNameW` `LoadLibraryExA` `OutputDebugStringA` `OpenEventW` `ReleaseMutex` `ExitThread` `CreateMutexW` `HeapReAlloc` `CreateNamedPipeA` `WaitForMultipleObjects` `DisconnectNamedPipe` `CreateFileA` `CancelIoEx` `GetOverlappedResult` `ConnectNamedPipe` `FlushFileBuffers` `SetFilePointer` `MapViewOfFile` `GetActiveProcessorGroupCount` `GetSystemTime` `SetConsoleCtrlHandler` `GetLocaleInfoEx` `GetUserDefaultLocaleName` `RtlAddFunctionTable` `LoadLibraryW` `CreateDirectoryW` `RemoveDirectoryW` `CreateActCtxW` `ActivateActCtx` `FindResourceW` `GetWindowsDirectoryW` `GetFileSizeEx` `FindFirstFileExW` `FindNextFileW` `GetTempPathW` `FindClose` `LoadLibraryA` `GetCurrentDirectoryW` `IsWow64Process` `EncodePointer` `DecodePointer` `CreateFileMappingA` `TlsSetValue` `TlsGetValue` `GetSystemInfo` `GetCurrentProcess` `OutputDebugStringW` `IsDebuggerPresent` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `InitializeCriticalSection` `WideCharToMultiByte` `GetCommandLineW` `GetProcAddress` `GetModuleHandleExW` `SetThreadErrorMode` `FlushProcessWriteBuffers` `SetLastError` `DebugBreak` `WaitForSingleObject` `GetNumaHighestNodeNumber` `SetThreadAffinityMask` `SetThreadIdealProcessorEx` `GetThreadIdealProcessorEx` `VirtualAllocExNuma` `GetNumaProcessorNodeEx` `VirtualUnlock` `GetLargePageMinimum` `IsProcessInJob` `K32GetProcessMemoryInfo` `GetLogicalProcessorInformation` `GlobalMemoryStatusEx` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlVirtualUnwind` `IsProcessorFeaturePresent` `RtlUnwindEx` `InitializeCriticalSectionAndSpinCount` `TlsFree` `RtlPcToFileHeader` `TryAcquireSRWLockExclusive` `GetExitCodeThread` `GetStringTypeW` `InitializeCriticalSectionEx` `GetLastError` `CreateFileMappingW`
ADVAPI32.dll	`ReportEventW` `AdjustTokenPrivileges` `RegGetValueW` `SetKernelObjectSecurity` `GetSidSubAuthorityCount` `GetSidSubAuthority` `GetTokenInformation` `OpenProcessToken` `DeregisterEventSource` `RegisterEventSourceW` `RegQueryValueExW` `RegOpenKeyExW` `RegCloseKey` `EventRegister` `SetThreadToken` `RevertToSelf` `OpenThreadToken` `EventWriteTransfer` `EventWrite` `LookupPrivilegeValueW`
ole32.dll	`CreateStreamOnHGlobal` `CoRevokeInitializeSpy` `CoGetClassObject` `CoGetContextToken` `CoGetObjectContext` `CoUnmarshalInterface` `CoMarshalInterface` `CoGetMarshalSizeMax` `CLSIDFromProgID` `CoReleaseMarshalData` `CoTaskMemFree` `CoTaskMemAlloc` `CoCreateGuid` `CoInitializeEx` `CoRegisterInitializeSpy` `CoWaitForMultipleHandles` `CoUninitialize` `CoCreateFreeThreadedMarshaler`
OLEAUT32.dll	`CreateErrorInfo` `SysFreeString` `GetErrorInfo` `SetErrorInfo` `SysStringLen` `SysAllocString` `SysAllocStringLen` `SafeArrayGetDim` `SafeArrayGetLBound` `SafeArrayDestroy` `QueryPathOfRegTypeLib` `LoadTypeLibEx` `SafeArrayGetVartype` `VariantChangeType` `VariantChangeTypeEx` `VariantClear` `VariantInit` `VarCyFromDec` `SafeArrayAllocDescriptorEx` `GetRecordInfoFromTypeInfo` `SafeArraySetRecordInfo` `SafeArrayAllocData` `SafeArrayGetElemsize` `SysStringByteLen` `SysAllocStringByteLen` `SafeArrayCreateVector` `SafeArrayPutElement` `LoadRegTypeLib`
USER32.dll	`LoadStringW` `MessageBoxW`
SHELL32.dll	`ShellExecuteW`
api-ms-win-crt-string-l1-1-0.dll	`strncat_s` `wcsncat_s` `strcmp` `wcsnlen` `wcscat_s` `towupper` `iswascii` `_strdup` `strncpy` `strnlen` `wcstok_s` `isdigit` `isupper` `isalpha` `towlower` `_wcsdup` `iswspace` `isspace` `islower` `strtok_s` `_wcsnicmp` `strcspn` `__strncnt` `strlen` `wcscpy_s` `toupper` `wcsncpy_s` `strcpy_s` `strcat_s` `strncpy_s` `_strnicmp` `tolower` `wcsncmp` `iswupper` `strncmp` `_stricmp` `_wcsicmp`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsscanf` `fflush` `__acrt_iob_func` `__stdio_common_vfprintf` `__stdio_common_vswprintf` `__stdio_common_vfwprintf` `fputws` `fputwc` `_get_stream_buffer_pointers` `_fseeki64` `fread` `fsetpos` `ungetc` `fgetpos` `fgets` `fgetc` `fputc` `_wfsopen` `_wfopen` `__p__commode` `_set_fmode` `__stdio_common_vsnprintf_s` `setvbuf` `_setmode` `_dup` `_fileno` `ftell` `fseek` `fputs` `__stdio_common_vsnwprintf_s` `__stdio_common_vsprintf_s` `fwrite` `_flushall` `fopen` `fclose`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_cexit` `_seh_filter_exe` `_set_app_type` `_register_onexit_function` `_configure_wide_argv` `_initialize_wide_environment` `_get_initial_wide_environment` `_initterm` `_initterm_e` `_exit` `_invalid_parameter_noinfo_noreturn` `__p___argc` `__p___wargv` `_c_exit` `_register_thread_local_exe_atexit_callback` `_initialize_onexit_table` `_beginthreadex` `terminate` `_controlfp_s` `_wcserror_s` `_invalid_parameter_noinfo` `_errno` `exit` `abort`
api-ms-win-crt-convert-l1-1-0.dll	`_atoi64` `_ltow_s` `_wtoi` `strtoul` `_wcstoui64` `atol` `_itow_s` `strtoull` `wcstoul`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode` `calloc` `malloc` `realloc`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-math-l1-1-0.dll	`asinhf` `atanhf` `cbrtf` `acoshf` `cosh` `cbrt` `coshf` `exp` `expf` `acosh` `atanh` `floor` `floorf` `fma` `fmaf` `cosf` `_fdopen` `cos` `ceilf` `_copysignf` `_isnanf` `trunc` `truncf` `ilogb` `ilogbf` `tanhf` `ceil` `fmod` `fmodf` `atanf` `frexp` `atan2f` `atan2` `log` `log10` `log10f` `atan` `asinf` `log2` `log2f` `logf` `pow` `powf` `sin` `sinf` `asin` `sinh` `sinhf` `sqrt` `sqrtf` `tan` `tanf` `tanh` `acosf` `_copysign` `asinh` `_isnan` `_finite` `modf` `modff` `acos` `__setusermatherr`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `_gmtime64_s` `wcsftime`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`
api-ms-win-crt-locale-l1-1-0.dll	`_unlock_locales` `setlocale` `__pctype_func` `___lc_locale_name_func` `_lock_locales` `___lc_codepage_func` `___mb_cur_max_func` `_configthreadlocale` `localeconv`
api-ms-win-crt-filesystem-l1-1-0.dll	`_wrename` `_unlock_file` `_wremove` `_lock_file`
VERSION.dll (delay-loaded)	`VerQueryValueW` `GetFileVersionInfoExW` `GetFileVersionInfoSizeExW`

Delayed Imports

Attributes	`0x1`
Name	`VERSION.dll`
ModuleHandle	`0x79f800`
DelayImportAddressTable	`0x7ed000`
DelayImportNameTable	`0x792dc0`
BoundDelayImportTable	`0x792e60`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

g_CLREngineMetrics

Ordinal	`2`
Address	`0x797dd8`

CLRJitAttachState

Ordinal	`3`
Address	`0x7ab278`

DotNetRuntimeInfo

Ordinal	`4`
Address	`0x7985d0`

MetaDataGetDispenser

Ordinal	`5`
Address	`0x56b1f0`

g_dacTable

Ordinal	`6`
Address	`0x640b80`

CLRDEBUGINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.13425`
MD5	`98b33e40b7be3458a008e2cf08a82e0e`
SHA1	`a65c6dd5bc011af7a2023a63dbe2918762195fb9`
SHA256	`a76fa24c261599cbdad58abf2fe1ed61fcde71a9c5abc7829fc35b8c8d4fdec8`
SHA3	`a75e29583de386bebc63b96e3ac85a1a785fd6652b09d49020d784fa40c0cba1`

CLRDEBUGINFOWINDOWSAMD64

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.13425`
MD5	`98b33e40b7be3458a008e2cf08a82e0e`
SHA1	`a65c6dd5bc011af7a2023a63dbe2918762195fb9`
SHA256	`a76fa24c261599cbdad58abf2fe1ed61fcde71a9c5abc7829fc35b8c8d4fdec8`
SHA3	`a75e29583de386bebc63b96e3ac85a1a785fd6652b09d49020d784fa40c0cba1`

MINIDUMP_EMBEDDED_AUXILIARY_PROVIDER

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x148180`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35437`
Detected Filetype	PE Executable
MD5	`bc5e626902310d92044aff87f624289b`
SHA1	`29738d273b85ca4ffa5cad84c77335b54a9a081a`
SHA256	`8c125121811d3d97c32f2c18f8f285c9be14e809c63d34eff8029fb77eb25794`
SHA3	`dc6a1b98a749269cdade84980dcd074cb4d09d785210afe51f7c2c470a218491`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3b2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33573`
MD5	`f82ed31621f6772efc518857d65c1677`
SHA1	`0b0e5e2b8c12e3e1b6feadc77a166da344260689`
SHA256	`7c5c2e6ad2f834df31f9054967dc4cff4607fc32eccd096b591293e875d0ec49`
SHA3	`3c47c0d39259f4d14de2e45787659bfcf2e8840ad21b4a87a02279e5aad04701`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	21.194.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	Dynastream Innovations
FileDescription	FitGen
FileVersion (#2)	21.194.0.0
InternalName	FitGen.dll
LegalCopyright	Copyright © Dynastream Innovations 2015
LegalTrademarks
OriginalFilename	FitGen.dll
ProductName	FitGen
ProductVersion (#2)	production/release/21.194.0-0-g65135fc
Assembly Version	21.194.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jun-12 00:16:12
Version	`0.0`
SizeofData	`116`
AddressOfRawData	`0x719250`
PointerToRawData	`0x717250`
Referenced File	D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jun-12 00:16:12
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x7192c4`
PointerToRawData	`0x7172c4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jun-12 00:16:12
Version	`0.0`
SizeofData	`1332`
AddressOfRawData	`0x7192d8`
PointerToRawData	`0x7172d8`

TLS Callbacks

StartAddressOfRawData	`0x140719860`
EndAddressOfRawData	`0x140719a4d`
AddressOfIndex	`0x14079f850`
AddressOfCallbacks	`0x140618028`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x00000001405C9550` `0x00000001405C9D10`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140796040`
GuardCFCheckFunctionPointer	`5375098568`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x70dd77e8`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
ASM objects (34321)	`20`
C objects (34321)	`18`
C++ objects (34321)	`96`
C objects (33140)	`8`
Imports (33140)	`13`
Total imports	`520`
ASM objects (34810)	`21`
C++ objects (LTCG) (34810)	`653`
Exports (34810)	`1`
Resource objects (34810)	`1`
Linker (34810)	`1`

72d7b687bc2237b353193c3fff62bdc5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.CLR_UEF

.rdata

.data

.pdata

.didat

Section

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

g_CLREngineMetrics

CLRJitAttachState

DotNetRuntimeInfo

MetaDataGetDispenser

g_dacTable

CLRDEBUGINFO

CLRDEBUGINFOWINDOWSAMD64

MINIDUMP_EMBEDDED_AUXILIARY_PROVIDER

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors