Manalyze report for 826cd2da17c1585a9ee0c4acef1728c2

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2084-Oct-14 06:30:48
Detected languages	English - United States
Debug artifacts	WinBioStorageAdapter.pdb
CompanyName	Microsoft Corporation
FileDescription	WinBio Storage Adapter
FileVersion	`10.0.22000.653 (WinBuild.160101.0800)`
InternalName	WinBioStorageAdapter
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	WinBioStorageAdapter.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.22000.653`

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Info	The PE contains common functions which appear in legitimate applications.	`Uses Microsoft's cryptographic API: CryptProtectData CryptUnprotectData`
Safe	VirusTotal score: 0/70 (Scanned on 2022-12-15 21:05:30)	`All the AVs think this file is safe.`

Hashes

MD5	`826cd2da17c1585a9ee0c4acef1728c2`
SHA1	`f70141b087cf941d6e0ba047ee2168e9ceb8108c`
SHA256	`6bdc9d0f2e6255ba9df9eb70e8e5fe82645a0b00e8f3bf881f9841bc7c32a655`
SHA3	`48e8edf23f16355910ce2358bdd9b2297f43e153252486b8146f344395cc9efd`
SSDeep	`3072:Iajqp1ANTDUrbvf0shRkc6fq5xMwxb9vtW:/jqoNTDU11b9vt`
Imports Hash	`11ceefbbb068ad0e89ddee4f6ae21b46`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2084-Oct-14 06:30:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x16000`
SizeOfInitializedData	`0xa000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002610 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x21000`
SizeOfHeaders	`0x1000`
Checksum	`0x27b7a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`453e283dcfa04d7c98b7757b53c77cca`
SHA1	`e316f2ae1876df5c8a0aa90f5bf6359a728bcce7`
SHA256	`ab160dbce39dfc473ed62e7f7ace095bc5aaeedfe7964c0e95784ee7ade4393d`
SHA3	`c2011d68222325c44a4d4ed4d6985de51a6f63f416bc8d5571958776ae12b99c`
VirtualSize	`0x1523c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x16000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.04844`

.rdata

MD5	`61e888b798cca4ccba73b1044f87338b`
SHA1	`c1b3bb9f6c8f7bba6aed551823e1bf406c56ad7b`
SHA256	`61232f374b823ad4afe09d820c04f0e8d6c74f3b7ce96a6e86875c0ebd20f4a3`
SHA3	`aa2c115b3c17045afcd00f98e490f8d9433b5c8b914786f00fda431ee0bc909d`
VirtualSize	`0x5b50`
VirtualAddress	`0x17000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x17000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12871`

.data

MD5	`0d13909f747d0f3b0ba3d5537f783389`
SHA1	`bb1de5a113b8b98fa49690b4e8a501ae2f9f472b`
SHA256	`f1498efd4c613126068dc18613eb13d22808a2d2986dcf9d1f40c8f9b3c96503`
SHA3	`caa91be39cfa948255b8b3d459c63e7a027682b4e93c413a35f8543298c57f3e`
VirtualSize	`0xae0`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.798933`

.pdata

MD5	`3c3218132053e9adee50da0fb6584f8c`
SHA1	`6b90f43227ee54b64635d9eb13deaba12b55b7b3`
SHA256	`5e5638a1d37c5e9cc0e257a0805280bb76e3492a1b0fa1f9b7e1c527d95eb75c`
SHA3	`5b3d128452ac907ef6261579e5184c16a5ba1c9d0cca9fe897ed2021e0fea83f`
VirtualSize	`0xe88`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66873`

.rsrc

MD5	`1a6866b5cb92b2bab87c9fd0f22c8f77`
SHA1	`18602f00ecbebabebaa92e6c39f47863b0e70b32`
SHA256	`82165c89aa9bfb9a7d61a76f10341ef9739e5d3d06781356e5294c6ed5c32cde`
SHA3	`d3d2312e437c00f989a1386256ec3985542c738647a0b7ac8c27419dd191945e`
VirtualSize	`0x4c8`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.21948`

.reloc

MD5	`c0e52de30f10ced7a621a408d42ff996`
SHA1	`7a566295e2587924d9c35fdedf2ff3c146a3f366`
SHA256	`a4130270fbf172195016cc21d40414a381d59902838bb4c531a1a05941e835d3`
SHA3	`d198af1257ab7e977a4b4ecbee1ebb98a88767d5e8574338ba7ecdaf88779f3e`
VirtualSize	`0xd0`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x20000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.473954`

Imports

msvcp_win.dll	`?_Xlength_error@std@@YAXPEBD@Z`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `_initterm`
api-ms-win-crt-private-l1-1-0.dll	`_o__callnewh` `_o__cexit` `_o__configure_narrow_argv` `_o__crt_atexit` `_o__errno` `_o__execute_onexit_table` `_o__initialize_narrow_environment` `_o__initialize_onexit_table` `_o__invalid_parameter_noinfo` `_o__invalid_parameter_noinfo_noreturn` `_o__register_onexit_function` `_o__seh_filter_dll` `memmove` `_o_free` `_o_malloc` `_o_wcsncpy_s` `__C_specific_handler` `__CxxFrameHandler3` `_CxxThrowException` `_o___stdio_common_vswprintf` `_o___stdio_common_vsnprintf_s` `_o___std_type_info_destroy_list` `_o___std_exception_destroy` `_o___std_exception_copy` `__std_terminate` `__CxxFrameHandler4` `memcmp` `memcpy`
api-ms-win-crt-string-l1-1-0.dll	`memset`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetProcAddress` `GetModuleFileNameA` `GetModuleHandleExW` `GetModuleHandleW` `FindStringOrdinal`
api-ms-win-core-synch-l1-1-0.dll	`ReleaseSRWLockExclusive` `CreateMutexExW` `OpenSemaphoreW` `WaitForSingleObjectEx` `ReleaseMutex` `WaitForSingleObject` `ReleaseSemaphore` `CreateSemaphoreExW` `AcquireSRWLockExclusive`
api-ms-win-core-heap-l1-1-0.dll	`GetProcessHeap` `HeapSize` `HeapAlloc` `HeapFree`
api-ms-win-core-errorhandling-l1-1-0.dll	`GetLastError` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `SetLastError`
api-ms-win-core-processthreads-l1-1-0.dll	`GetCurrentThreadId` `TerminateProcess` `GetCurrentProcess` `GetCurrentProcessId`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW`
api-ms-win-core-debug-l1-1-0.dll	`DebugBreak` `OutputDebugStringW` `IsDebuggerPresent`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
bcrypt.dll	`BCryptDestroyHash` `BCryptFinishHash` `BCryptGenRandom` `BCryptHashData` `BCryptCreateHash` `BCryptGetProperty` `BCryptOpenAlgorithmProvider` `BCryptGenerateSymmetricKey` `BCryptExportKey` `BCryptDestroyKey` `BCryptImportKey` `BCryptSetProperty` `BCryptEncrypt` `BCryptDecrypt` `BCryptCloseAlgorithmProvider`
api-ms-win-core-file-l1-1-0.dll	`ReadFile` `LockFileEx` `DeleteFileW` `SetFilePointerEx` `SetEndOfFile` `GetFileSizeEx` `SetFileInformationByHandle` `FlushFileBuffers` `WriteFile` `CreateFileW` `CreateDirectoryW` `UnlockFileEx`
CRYPT32.dll	`CryptProtectData` `CryptUnprotectData`
api-ms-win-core-heap-l2-1-0.dll	`LocalFree`
api-ms-win-core-path-l1-1-0.dll	`PathCchSkipRoot`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetTickCount` `GetSystemTimeAsFileTime`
api-ms-win-core-file-l2-1-0.dll	`ReplaceFileW`
api-ms-win-eventing-provider-l1-1-0.dll	`EventRegister` `EventUnregister` `EventSetInformation` `EventWriteTransfer` `EventActivityIdControl`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceComplete` `InitOnceBeginInitialize`
api-ms-win-security-base-l1-1-0.dll	`EqualSid` `IsValidSid`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlVirtualUnwind` `RtlCaptureContext` `RtlLookupFunctionEntry`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`

Delayed Imports

WbioQueryStorageInterface

Ordinal	`1`
Address	`0x14880`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21101`
MD5	`e2dd2c124d977d3810383ee3f6709a3c`
SHA1	`cd64af7d58e5fed3333e5babe62b34f6ab77e0a7`
SHA256	`abdf8d2f6fa3889c6f1480fc1b5ea699c6048ef0db88c7dcece730b9a27ab142`
SHA3	`56f34e559cc8d65d773842fb4a1d6d161ae902fbbed32cce8aca847a3ff0c858`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48379`
MD5	`a3cb533df4795333379484104ba65966`
SHA1	`f7179fd17fd1a257d9eb017c1183843700acab76`
SHA256	`cad5f1c75b26bc02aa9d00803bf9d2e701e5b81da457e24729687618613f4335`
SHA3	`255b769f34b87cb3049d4a7bc78192c6719fb20df286f45d376f40b26582b381`

String Table contents

WinBio Storage Adapter DLL

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.22000.653
ProductVersion	10.0.22000.653
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	WinBio Storage Adapter
FileVersion (#2)	10.0.22000.653 (WinBuild.160101.0800)
InternalName	WinBioStorageAdapter
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	WinBioStorageAdapter.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.22000.653

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2084-Oct-14 06:30:48
Version	`0.0`
SizeofData	`49`
AddressOfRawData	`0x19b70`
PointerToRawData	`0x19b70`
Referenced File	WinBioStorageAdapter.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2084-Oct-14 06:30:48
Version	`0.0`
SizeofData	`928`
AddressOfRawData	`0x19ba4`
PointerToRawData	`0x19ba4`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2084-Oct-14 06:30:48
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x19f44`
PointerToRawData	`0x19f44`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2084-Oct-14 06:30:48
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x19f68`
PointerToRawData	`0x19f68`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18001d230`
GuardCFCheckFunctionPointer	`6442546888`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x859f3d33`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`50`
C objects (29395)	`8`
ASM objects (29395)	`4`
C++ objects (29395)	`22`
Total imports	`1157`
Imports (29395)	`3`
Exports (29395)	`1`
C objects (LTCG) (29395)	`11`
253 (29395)	`1`
Resource objects (29395)	`1`
Linker (29395)	`1`

826cd2da17c1585a9ee0c4acef1728c2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

WbioQueryStorageInterface

7

1

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

UNKNOWN (#2)

TLS Callbacks

Load Configuration

RICH Header

Errors