| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2025-Dec-31 19:20:48 |
| TLS Callbacks | 1 callback(s) detected. |
| Debug artifacts |
DirectStorageFix.pdb
|
| Suspicious | The PE is possibly packed. |
Unusual section name found: .fptable
Unusual section name found: .retplne |
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Suspicious | VirusTotal score: 1/64 (Scanned on 2026-06-02 03:41:12) | Cynet: Malicious (score: 100) |
| e_magic | MZ |
|---|---|
| e_cblp | 0x78 |
| e_cp | 0x1 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0 |
| e_ss | 0 |
| e_sp | 0 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x78 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 9 |
| TimeDateStamp | 2025-Dec-31 19:20:48 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x6b400 |
| SizeOfInitializedData | 0x25000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000045094 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x180000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x9a000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
AcquireSRWLockExclusive
AreFileApisANSI CloseHandle CompareStringW CreateDirectoryW CreateFileA CreateFileW CreateThread CreateToolhelp32Snapshot DecodePointer DeleteCriticalSection DeviceIoControl EncodePointer EnterCriticalSection EnumSystemLocalesW ExitProcess ExitThread FileTimeToSystemTime FindClose FindFirstFileExW FindFirstFileW FindNextFileW FlsAlloc FlsFree FlsGetValue FlsSetValue FlushFileBuffers FlushInstructionCache FormatMessageA FreeEnvironmentStringsW FreeLibrary FreeLibraryAndExitThread GetACP GetCPInfo GetCommandLineA GetCommandLineW GetConsoleMode GetConsoleOutputCP GetConsoleScreenBufferInfo GetCurrentDirectoryW GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDateFormatW GetDriveTypeW GetDynamicTimeZoneInformation GetEnvironmentStringsW GetExitCodeThread GetFileAttributesExW GetFileInformationByHandle GetFileInformationByHandleEx GetFileSizeEx GetFileType GetFullPathNameW GetLastError GetLocaleInfoEx GetLocaleInfoW GetModuleFileNameA GetModuleFileNameW GetModuleHandleA GetModuleHandleExW GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetStartupInfoW GetStdHandle GetStringTypeW GetSystemInfo GetSystemTimeAsFileTime GetThreadContext GetTickCount64 GetTimeFormatW GetTimeZoneInformation GetUserDefaultLCID GetVolumeNameForVolumeMountPointA GetVolumePathNameA HeapAlloc HeapCreate HeapDestroy HeapFree HeapReAlloc HeapSize InitializeCriticalSectionAndSpinCount InitializeCriticalSectionEx InitializeSListHead InterlockedFlushSList IsDebuggerPresent IsProcessorFeaturePresent IsValidCodePage IsValidLocale K32GetModuleInformation LCMapStringEx LCMapStringW LeaveCriticalSection LoadLibraryExW LocalFree MultiByteToWideChar OpenThread PeekNamedPipe QueryPerformanceCounter QueryPerformanceFrequency RaiseException ReadConsoleW ReadFile ReleaseSRWLockExclusive ResumeThread RtlCaptureContext RtlLookupFunctionEntry RtlPcToFileHeader RtlUnwind RtlUnwindEx RtlVirtualUnwind SetConsoleTextAttribute SetEndOfFile SetEnvironmentVariableW SetFileInformationByHandle SetFilePointerEx SetLastError SetStdHandle SetThreadContext SetUnhandledExceptionFilter Sleep SleepConditionVariableSRW SuspendThread SystemTimeToTzSpecificLocalTime TerminateProcess Thread32First Thread32Next TlsAlloc TlsFree TlsGetValue TlsSetValue TryAcquireSRWLockExclusive UnhandledExceptionFilter VirtualAlloc VirtualFree VirtualProtect VirtualQuery WaitForSingleObjectEx WakeAllConditionVariable WakeConditionVariable WideCharToMultiByte WriteConsoleA WriteConsoleW WriteFile |
|---|---|
| SHELL32.dll |
SHGetKnownFolderPath
|
| ole32.dll |
CoTaskMemFree
|
| ADVAPI32.dll |
RegCloseKey
RegOpenKeyExA RegQueryValueExA |
| VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoW VerQueryValueW |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2025-Dec-31 19:20:48 |
| Version | 0.0 |
| SizeofData | 45 |
| AddressOfRawData | 0x7ddcc |
| PointerToRawData | 0x7c5cc |
| Referenced File | DirectStorageFix.pdb |
| StartAddressOfRawData | 0x180097000 |
|---|---|
| EndAddressOfRawData | 0x180097140 |
| AddressOfIndex | 0x18008c858 |
| AddressOfCallbacks | 0x18007dec0 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
|
| Callbacks |
0x000000018002FA50
|
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x18008b300 |
No comments yet.