7864763b087bbf4800f5274384c1e065

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2104-Nov-17 06:31:18
Detected languages English - United States
Debug artifacts version.pdb
CompanyName Microsoft Corporation
FileDescription Version Checking and File Installation Libraries
FileVersion 10.0.18362.1 (WinBuild.160101.0800)
InternalName version
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename VERSION.DLL
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.18362.1

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
Info The PE is digitally signed. Signer: Microsoft Windows
Issuer: Microsoft Windows Production PCA 2011
Safe VirusTotal score: 0/70 (Scanned on 2020-02-11 15:32:37) All the AVs think this file is safe.

Hashes

MD5 7864763b087bbf4800f5274384c1e065
SHA1 8108450cbcad9fc79198fc9cc9c5ba1c417900f5
SHA256 93f8f296fc05e60230925e5836372c8e3b9edee0a275c765daee55dde5c3de58
SHA3 f92f716e7549323ceff9d61d5e5b8cae135b734acb3357121d582b6c58bc2cc8
SSDeep 768:Mzz94+LSZDqb9HrlzQNmckVPxIiTOS7xqMw0yK2XlzxA36bP3FpXj1Py:Mzp4+LSZDqb96NmckVPxIiT7qMw02Xl
Imports Hash 950ba747df1e77df20ca4983a22e450b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2104-Nov-17 06:31:18
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x2a00
SizeOfInitializedData 0x1c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000017F0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4000
ImageBase 0x52180000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x400
Checksum 0xd7f2
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4dc812484367ad30fa113d0efb840d07
SHA1 ea8c92a88fa64144297c7d46f58541d94ec23343
SHA256 a0ba2a8939a997e5f0c6f928c2ee66e2ea673cd155dad7d96b6a3540226be6d2
SHA3 edd4568e61936dedd5943f75aa33e4b7f6f83d2b6a1d82f542c22630526d7b5d
VirtualSize 0x288f
VirtualAddress 0x1000
SizeOfRawData 0x2a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.1052

.data

MD5 dd79530708be7837e6e5f4b429ae000b
SHA1 4fd34458a3285b26470df1e31da2576c832179dc
SHA256 1b9d32e14103c95356695467153a42995b10b71f21799e02934f3636e51d174b
SHA3 83f5287dac0f82cf201c147c30d3dd7633692962d5491165b35b06c26259a80d
VirtualSize 0x368
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.278747

.idata

MD5 88c68c48d466d377ae6af57212abd0a4
SHA1 c462f9e7ac14be9af7e20ca64d258f26e3a12bb2
SHA256 f0f949814e5c9cef4e18a7515e275b3d732408cb591c6583c4d5e0fe59fe3821
SHA3 1d5fada2cbe4b4328bcd6e4b93b5cd72ac3111db8576ff4d0ca06d9690c7a833
VirtualSize 0xc68
VirtualAddress 0x5000
SizeOfRawData 0xe00
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.49605

.rsrc

MD5 bad0f72b3427a6ccb5f07c3d1492d0b6
SHA1 bff21c6474f7e06d02ff0c05119f5dcf7896a7ed
SHA256 d3fa0e2afb0d73a2f0037e978520e97f88507919b2cbf94edec4f3cb2e24cd3c
SHA3 fb7913b8451c5f887dad2852b06cfb40c94f4ace038ecee3ece41cd272c87943
VirtualSize 0x428
VirtualAddress 0x6000
SizeOfRawData 0x600
PointerToRawData 0x3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.51063

.reloc

MD5 fedafda14e1d3900e2d292c83b3b736d
SHA1 b01f3ba1320bcb4d7d5ea22b15dfc942cbf2f4b6
SHA256 24bc19001244fadd5d8de8b5387ccd85491a8c00528f6d23c1baa4c9b356e85c
SHA3 2a3196dcee7ce2990a7b2aee43bc0ab0390d838d546a43396bbca69fadd81442
VirtualSize 0x334
VirtualAddress 0x7000
SizeOfRawData 0x400
PointerToRawData 0x4400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.8124

Imports

msvcrt.dll _vsnprintf
_vsnwprintf
_XcptFilter
_amsg_exit
free
malloc
_initterm
_except_handler4_common
api-ms-win-core-errorhandling-l1-1-0.dll UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-version-l1-1-0.dll VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
api-ms-win-core-localization-l1-2-0.dll IsDBCSLeadByte
api-ms-win-core-version-l1-1-1.dll GetFileVersionInfoW
GetFileVersionInfoSizeW
api-ms-win-core-file-l1-1-0.dll CreateFileW
DeleteFileW
GetFileAttributesW
DeleteFileA
GetFileSize
GetFullPathNameA
SetFileTime
GetFileTime
api-ms-win-core-handle-l1-1-0.dll CloseHandle
api-ms-win-core-processthreads-l1-1-0.dll TlsSetValue
GetCurrentThreadId
TlsFree
TerminateProcess
GetCurrentProcessId
TlsGetValue
TlsAlloc
GetCurrentProcess
api-ms-win-core-libraryloader-l1-2-0.dll FreeLibrary
GetProcAddress
api-ms-win-core-heap-l2-1-0.dll LocalAlloc
LocalFree
api-ms-win-core-libraryloader-l1-2-1.dll LoadLibraryW
api-ms-win-core-string-l1-1-0.dll WideCharToMultiByte
api-ms-win-core-synch-l1-2-0.dll Sleep
api-ms-win-core-profile-l1-1-0.dll QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-versionansi-l1-1-0.dll GetFileVersionInfoExA
VerQueryValueA
GetFileVersionInfoSizeExA
VerFindFileA
api-ms-win-core-versionansi-l1-1-1.dll GetFileVersionInfoSizeA
GetFileVersionInfoA
api-ms-win-core-version-private-l1-1-0.dll GetFileVersionInfoByHandle
KERNELBASE.dll lstrcmpiA
lstrcmpiW
lstrlenW
ntdll.dll RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag
KERNEL32.dll _lread
MoveFileW
LZClose
LZCopy
LZInit
LZCloseFile
LZCreateFileW
_llseek
_lwrite
_lclose
_lopen
_lcreat

Delayed Imports

GetFileVersionInfoA

Ordinal 1
Address 0x14f0

GetFileVersionInfoByHandle

Ordinal 2
Address 0x22e0

GetFileVersionInfoExA

Ordinal 3
Address 0x1f40

GetFileVersionInfoExW

Ordinal 4
Address 0x1570

GetFileVersionInfoSizeA

Ordinal 5
Address 0x1510

GetFileVersionInfoSizeExA

Ordinal 6
Address 0x1f60

GetFileVersionInfoSizeExW

Ordinal 7
Address 0x1590

GetFileVersionInfoSizeW

Ordinal 8
Address 0x15b0

GetFileVersionInfoW

Ordinal 9
Address 0x15d0

VerFindFileA

Ordinal 10
Address 0x1f80

VerFindFileW

Ordinal 11
Address 0x2470

VerInstallFileA

Ordinal 12
Address 0x1fa0

VerInstallFileW

Ordinal 13
Address 0x2f40

VerLanguageNameA

Ordinal 14
Address 0x382c
ForwardName KERNEL32.VerLanguageNameA

VerLanguageNameW

Ordinal 15
Address 0x3857
ForwardName KERNEL32.VerLanguageNameW

VerQueryValueA

Ordinal 16
Address 0x1530

VerQueryValueW

Ordinal 17
Address 0x1550

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x3c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.46449
MD5 42240640195dec552db320a5e21690d0
SHA1 9dfa7d38df91ebd9a60b40975ca39d4905002b20
SHA256 3ee4abf0a6d22f20c71d4aaffe8de0d21426edacbbde2e86a9e91512fbf03548
SHA3 ad9fec1621896d724793281c058ebf8de8631f0176b4c7a7dc4862adad478af7

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.18362.1
ProductVersion 10.0.18362.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName Microsoft Corporation
FileDescription Version Checking and File Installation Libraries
FileVersion (#2) 10.0.18362.1 (WinBuild.160101.0800)
InternalName version
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename VERSION.DLL
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.18362.1
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2104-Nov-17 06:31:18
Version 0.0
SizeofData 36
AddressOfRawData 0x124c
PointerToRawData 0x64c
Referenced File version.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2104-Nov-17 06:31:18
Version 0.0
SizeofData 584
AddressOfRawData 0x1270
PointerToRawData 0x670

UNKNOWN

Characteristics 0
TimeDateStamp 2104-Nov-17 06:31:18
Version 0.0
SizeofData 36
AddressOfRawData 0x14b8
PointerToRawData 0x8b8

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x52184004
SEHandlerTable 0x521811b0
SEHandlerCount 1
GuardCFCheckFunctionPointer 1377325436
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x6a671830
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 34
ASM objects (26715) 1
C objects (26715) 12
Total imports 79
Imports (26715) 9
Exports (26715) 1
270 (26715) 8
Resource objects (26715) 1
Linker (26715) 1

Errors

<-- -->