Manalyze report for 860170ddb590048898c7d816562b5ec2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Oct-20 04:53:11
Debug artifacts	Microsoft.Web.Administration.pdb
CompanyName	Microsoft Corporation
FileDescription
FileVersion	`10.0.19041.3636`
InternalName	Microsoft.Web.Administration.dll
LegalCopyright	Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename	Microsoft.Web.Administration.dll
ProductName	Internet Information Services
ProductVersion	`10.0.19041.3636`
Assembly Version	7.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `.NET DLL -> Microsoft`
Suspicious	The PE is possibly packed.	`The PE only has 1 import(s).`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`860170ddb590048898c7d816562b5ec2`
SHA1	`7a2408a5d426a344b359251ac535f2c97face17b`
SHA256	`1076360b2ac7b47736bee92bcac005d7ea6fe5a5c95de841ce071584ee55ddcd`
SHA3	`c806ef8029f7a7ad6d90c28eb414b080debd1328a28214cc7d6acf7bf9563e5c`
SSDeep	`1536:zlFYtfSUfS1N28UeYiqBhYcyCDjdxTVBqVIj3kSwcNDaNGF4yLuskJwoOe86CrF:zlCFSX4FHNxhB1tzJ08BrFDwPTE+Ld`
Imports Hash	`dae02f32a21e03ce65412f6e56942daa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2023-Oct-20 04:53:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x21000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00022A7E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x24000`
ImageBase	`0x10000000`
SectionAlignment	`0x2000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x28000`
SizeOfHeaders	`0x1000`
Checksum	`0x2adc0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2497dbbf1fb93e223efd6d3323926aad`
SHA1	`41cb907bbe0950801875d4a7b644dbc5559d222d`
SHA256	`41e4720ced17e1f064a5c8d8cdb196a8a930204da83747929de99b07b374234f`
SHA3	`16eb2243bcaa2b97afd7292f0aafdca232c22660eb5cee049826ff6904e11a97`
VirtualSize	`0x20a84`
VirtualAddress	`0x2000`
SizeOfRawData	`0x21000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.95661`

.rsrc

MD5	`fab5b71c6428072ce6da654e6a85a5f3`
SHA1	`5bea1aa2ee9f02f80bd1e2ecec0e41a2db67ac11`
SHA256	`6e698201b0d28f86d4b82a0566c9ed46e8c6b402b7c969a2e64475f44bfdb896`
SHA3	`10d485f348b73e40cc2c1147f2a5baba474b8ee7a49f83bcde276034b6970ecf`
VirtualSize	`0x438`
VirtualAddress	`0x24000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x22000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.12388`

.reloc

MD5	`ece8e071e141a51dabbfb9772174f9f5`
SHA1	`143b6fb7b0e8ca262bec578419ed1dbda4b24bb1`
SHA256	`34346de59e0d4efbc92cc73bf6c0ef15490a65a776a9a9fefb2604acbe56f6f9`
SHA3	`08a3862adb6a61440a2b88e38aa059040cd6bea7a12366f0e2457e1a992b6617`
VirtualSize	`0xc`
VirtualAddress	`0x26000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x23000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0164085`

Imports

mscoree.dll	`_CorDllMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42737`
MD5	`b0282386355db1a32184286fa841b21d`
SHA1	`ee0e05ac43f51b49e3cad5b3fd98e368fbadc111`
SHA256	`2992b962e55e1a4e5234d82316290bde76f0ce1fa57fef50e3c6ed365e15a3b1`
SHA3	`062d1e7bd028898be29c6e71d4463c7bcc1dc478f9baee7bad4bc68ce79398c9`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.19041.3636
ProductVersion	10.0.19041.3636
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
CompanyName	Microsoft Corporation
FileDescription
FileVersion (#2)	10.0.19041.3636
InternalName	Microsoft.Web.Administration.dll
LegalCopyright	Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename	Microsoft.Web.Administration.dll
ProductName	Internet Information Services
ProductVersion (#2)	10.0.19041.3636
Assembly Version	7.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Oct-20 04:53:11
Version	`0.0`
SizeofData	`57`
AddressOfRawData	`0x229a0`
PointerToRawData	`0x219a0`
Referenced File	Microsoft.Web.Administration.pdb

TLS Callbacks

Load Configuration

RICH Header

860170ddb590048898c7d816562b5ec2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors