Manalyze report for 7b494f161e7ff6b88e28591d264fb0c5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Feb-16 01:10:30
Debug artifacts	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
CompanyName	Albus Bit SIA
FileDescription	ADTestDataGenerator
FileVersion	`0.0.3.0`
InternalName	ADTestDataGenerator.dll
LegalCopyright	Copyright © 2023 Albus Bit SIA
OriginalFilename	ADTestDataGenerator.dll
ProductName	ADTestDataGenerator
ProductVersion	`0.0.3`
Assembly Version	0.0.3.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: go.microsoft.com https://aka.ms https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid microsoft.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA` `Can access the registry: RegOpenKeyExW RegGetValueW RegCloseKey` `Possibly launches other programs: ShellExecuteW`
Info	The PE is digitally signed.	`Signer: ALBUS BIT SIA` `Issuer: Sectigo Public Code Signing CA R36`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7b494f161e7ff6b88e28591d264fb0c5`
SHA1	`aed1e0465d1e21287e5a2b96201f58e576a10d7b`
SHA256	`39fe0520e12e3a3f623c53b441355546f29728e4e214c6a611be9c089a51e454`
SHA3	`18c65130d04ce03189fe7111ac47619c0294af44f3c5b31d00d31b8d2cb0c6fe`
SSDeep	`3072:N8vbzyQ6Y1YXrbNK+3FNxacPEMk6rRQAgTWYCqi6BMTaGvycxl/AKy6tpcH2Comb:NszAXNK+3FVHRQLTWY0xPOPWmMe`
Imports Hash	`6dbf27f4c70fe2c8ed3e0122ba75d641`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Feb-16 01:10:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x17e00`
SizeOfInitializedData	`0x2a600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000013750 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x48000`
SizeOfHeaders	`0x400`
Checksum	`0x4d1a9`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1e45f5fea4e9767b001816cb81d8c172`
SHA1	`ae5143d9373076a24c600075d8d4dd2873dc06df`
SHA256	`1ffcaf093b711d31bd4e7956fa41e0b1f54692b6b8e616f35f9b66dd99e38e40`
SHA3	`d666b9b514fd3e5d5e91eeedebe4ed8c3002315e6ef722d8499b9b8b53f7701a`
VirtualSize	`0x17cec`
VirtualAddress	`0x1000`
SizeOfRawData	`0x17e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32672`

.rdata

MD5	`bcf3f757825fb5b1d29b8abeceeb8be9`
SHA1	`7dd068d410eb2afecdf8cac6f189634d1b9704af`
SHA256	`188a2909f1727800d18952e7706e0506715a3d46aece25212b69f0941239ef82`
SHA3	`2fd999b31dd6559db10162487b5ffd247d9a9b105ff466e2003400c24bef5ac7`
VirtualSize	`0x92ca`
VirtualAddress	`0x19000`
SizeOfRawData	`0x9400`
PointerToRawData	`0x18200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.52131`

.data

MD5	`9f6de42e333c0d27f1809a70ffd89a20`
SHA1	`34f32163dee2afd654e3139339133a2249a1d770`
SHA256	`4191d00e89b33b3824f32effc92b346234b7ff8f521b685bae975c2810c2a3be`
SHA3	`830e6bb552fbd5b3cc68c7ccb1b2c5d5f40d2681fd33cf9f9ba468aaa7383d9c`
VirtualSize	`0x14f8`
VirtualAddress	`0x23000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x21600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.49132`

.pdata

MD5	`df28e302a63772846fc062e836a155b8`
SHA1	`1a2ef8968886ecc6f555db6053db072094bcc2ac`
SHA256	`b015a9eeea43665b4f9775614aad3d755c6d0d97d55c4bb40f26c46b0b8d12f6`
SHA3	`7d8decd1352c5a76d36cebd4475c2b5f8636a31661a2478fc36fa7803817a42a`
VirtualSize	`0x1428`
VirtualAddress	`0x25000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x22000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.82441`

_RDATA

MD5	`0c2832fb1deeac948ca9ef0b008b1e29`
SHA1	`1827eac70d76328f3a80aa40c7d92c2b599b58fb`
SHA256	`1264e60446084c4d36f9e17acbdcc10569b17bdd217f96eadc12979a5a83fe01`
SHA3	`845b17dcaee6f6d034b4c12b9bf9f0f31a2906872dc158ed28d8b249b8c05aa4`
VirtualSize	`0xf4`
VirtualAddress	`0x27000`
SizeOfRawData	`0x200`
PointerToRawData	`0x23600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.46982`

.rsrc

MD5	`e2c099933bddcfa2484a061918796877`
SHA1	`85a820f38823bea4522c5dc4dbd892a86e027f06`
SHA256	`8ab83c75b3d9ebe014afe4c78e046e50f35c54490efe2d98e83826b6c3e13883`
SHA3	`33531bad2b1b33de3ff0e24a8c1d5b3067db2097276db902777a3f9b44592f01`
VirtualSize	`0x1ea08`
VirtualAddress	`0x28000`
SizeOfRawData	`0x1ec00`
PointerToRawData	`0x23800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31464`

.reloc

MD5	`0c507064cc9a2b6ba8f40830713e13ff`
SHA1	`04f2e3b3cafe72fc9086fc02bda21533d48fa049`
SHA256	`ef5cbf707ddc396a426b68df4923a1deda895ae0f34355b08a1129afa6c34b8d`
SHA3	`9bcefa3c5ceb5140bee854c1ecd1a2c815bf7fbea17b020ac8d3136bc71e16a9`
VirtualSize	`0x318`
VirtualAddress	`0x47000`
SizeOfRawData	`0x400`
PointerToRawData	`0x42400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.69289`

Imports

KERNEL32.dll	`FindNextFileW` `GetCurrentProcess` `GetModuleHandleExW` `GetModuleFileNameW` `LeaveCriticalSection` `InitializeCriticalSection` `GetEnvironmentVariableW` `FindClose` `MultiByteToWideChar` `GetLastError` `GetFileAttributesExW` `GetFullPathNameW` `GetProcAddress` `DeleteCriticalSection` `WideCharToMultiByte` `IsWow64Process` `LoadLibraryExW` `FreeLibrary` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `EnterCriticalSection` `FindFirstFileExW` `OutputDebugStringW` `LoadLibraryA` `GetModuleHandleW` `InitializeCriticalSectionAndSpinCount` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `LCMapStringEx` `DecodePointer` `EncodePointer` `InitializeCriticalSectionEx` `GetStringTypeW`
USER32.dll	`MessageBoxW`
SHELL32.dll	`ShellExecuteW`
ADVAPI32.dll	`RegOpenKeyExW` `RegGetValueW` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `RegCloseKey`
api-ms-win-crt-runtime-l1-1-0.dll	`_exit` `__p___argc` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_invalid_parameter_noinfo_noreturn` `_initialize_wide_environment` `_configure_wide_argv` `_initialize_onexit_table` `_set_app_type` `__p___wargv` `_seh_filter_exe` `_register_onexit_function` `_cexit` `terminate` `_errno` `exit` `abort` `_crt_atexit` `_c_exit` `_register_thread_local_exe_atexit_callback`
api-ms-win-crt-stdio-l1-1-0.dll	`setvbuf` `fflush` `_wfopen` `__stdio_common_vswprintf` `__stdio_common_vfwprintf` `_set_fmode` `__stdio_common_vsprintf_s` `__acrt_iob_func` `fputwc` `fputws` `__p__commode`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `_callnewh` `free` `malloc` `calloc`
api-ms-win-crt-string-l1-1-0.dll	`wcsnlen` `strcpy_s` `_wcsdup` `strcspn` `wcsncmp` `toupper`
api-ms-win-crt-convert-l1-1-0.dll	`_wtoi` `wcstoul`
api-ms-win-crt-locale-l1-1-0.dll	`setlocale` `___lc_locale_name_func` `localeconv` `_unlock_locales` `_lock_locales` `___mb_cur_max_func` `_configthreadlocale` `__pctype_func` `___lc_codepage_func`
api-ms-win-crt-math-l1-1-0.dll	`frexp` `__setusermatherr`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64_s` `_time64` `wcsftime`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5d41`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97864`
Detected Filetype	PNG graphic file
MD5	`908db06e96ae3a42e87393a59b11ba5d`
SHA1	`2c028b3ae5f973954e4e6eabe4c8dedd654e2854`
SHA256	`a382547eb64216794f6c806856a8bf8f4f986aa0109cc79b6168841cd957eca0`
SHA3	`6accdd3fce2a36c4d701e0a44ae433513c91e6fc6d97f1a9e991354ed693b7d6`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.82097`
MD5	`c4957bb716ed2f8d2dd7c75cbc2fac74`
SHA1	`ae5ad0c235df93dddadbd63ccf681c8105bf7f77`
SHA256	`236fb07b70f542780ad4b229c1b230a2751e96401a8abba1975d54c090ce15ad`
SHA3	`ae6c5f787102735afc14d0a45b0619719054dc50628f76de13c5e5e8d797fda3`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.32406`
MD5	`c5b4e500b434cadbede2770c89e88615`
SHA1	`7afb954b537fa648a30772d9e2c84b806b32845a`
SHA256	`65d6c89f599558292701b58441bed24338d6f1dc2cc36f30b9a6132effd0856c`
SHA3	`1b80b371c4cb44df61a07cfa602d61a1b3982819ba962f51e1b5b2daa21a2878`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.6833`
MD5	`8beb54b1a7380b67346b4cd96b325d69`
SHA1	`6ac1e3c8335c737cc830e292b2e710d6e30c7f5f`
SHA256	`dff8ead5c9ed1e972a82edc70265df83f311bd5597ecf372fdae08ff6ae0f873`
SHA3	`8c8e54702a5a5f6e3081294bd1bd8869ff0061ab1b7d4427622ddf9c6a35d792`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05551`
MD5	`cd6111d8dc649447fd73919fad725343`
SHA1	`c5bbe70a3cfc25f0f37a1edb62ccac9d0630fba8`
SHA256	`22cec2ad0bc7566e1c15a7fb1610085690bd75f5cd799e97cdfe5f298c946bf3`
SHA3	`189dd2dadebf301cedc10f6e6a15d89764bf8be9dffc2897802cfe6a69183d60`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.57473`
MD5	`b3e99a818d30bc55872c8c4135ccca44`
SHA1	`6586cc9845f0cfab4cdd021687f59d2cc86669d1`
SHA256	`90ad3758819da959665ca40f15bfc706ff2a13d42926d7fc168f0e36cee2eb19`
SHA3	`d1c04040db3a7302529b1c86f25024cf4da84f9a0779e6a901bad6954c7bfb65`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79908`
Detected Filetype	Icon file
MD5	`c4c8b31b883485d36b0b01ad5341047f`
SHA1	`1fbe590d8e5dc0ad465f10879240777f340314b8`
SHA256	`85106068288ae477fcdae4ad512ae67c10aac23ea7df370d1355e94eee929966`
SHA3	`4665ccc49fbf3913f2a0903cfff463bd4458dc82b89cd656b687590dd772489b`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x354`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33598`
MD5	`58391d5710a0972414c0c2c03ba7eb9f`
SHA1	`9d6225e268c85e5716c07168eda581d82bb251dc`
SHA256	`3ee1da86cec9bab8944ae6e33daefcc4841d987fc5e0edf7af3db1073daea91f`
SHA3	`0cc0972b71be7abb8cd9d4dc1661f8938cf8f1e38aafadfc1c85733828ee2332`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.3.0
ProductVersion	0.0.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Albus Bit SIA
FileDescription	ADTestDataGenerator
FileVersion (#2)	0.0.3.0
InternalName	ADTestDataGenerator.dll
LegalCopyright	Copyright © 2023 Albus Bit SIA
OriginalFilename	ADTestDataGenerator.dll
ProductName	ADTestDataGenerator
ProductVersion (#2)	0.0.3
Assembly Version	0.0.3.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Feb-16 01:10:30
Version	`0.0`
SizeofData	`109`
AddressOfRawData	`0x1eba0`
PointerToRawData	`0x1dda0`
Referenced File	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Feb-16 01:10:30
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1ec10`
PointerToRawData	`0x1de10`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Feb-16 01:10:30
Version	`0.0`
SizeofData	`944`
AddressOfRawData	`0x1ec24`
PointerToRawData	`0x1de24`

TLS Callbacks

StartAddressOfRawData	`0x14001eff8`
EndAddressOfRawData	`0x14001f008`
AddressOfIndex	`0x1400244e0`
AddressOfCallbacks	`0x1400194d0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140023020`
GuardCFCheckFunctionPointer	`5368812552`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x2ef27a74`
Unmarked objects	`0`
C objects (30034)	`12`
ASM objects (30034)	`10`
C++ objects (30034)	`77`
Imports (VS2008 SP1 build 30729)	`16`
Imports (29395)	`9`
Total imports	`162`
C++ objects (LTCG) (30147)	`10`
Linker (30147)	`1`

7b494f161e7ff6b88e28591d264fb0c5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors