Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2021-Jul-21 08:39:39 |
TLS Callbacks | 1 callback(s) detected. |
Debug artifacts |
C:\Users\chronicallyunfunny\xboxlive-auth\target\release\deps\xboxlive_auth.pdb
|
Info | Matching compiler(s): | MASM/TASM - sig1(h) |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/68 (Scanned on 2021-07-21 10:09:49) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 5 |
TimeDateStamp | 2021-Jul-21 08:39:39 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x2f3a00 |
SizeOfInitializedData | 0x1ec000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000002E8B60 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x4e3000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ntdll.dll |
RtlVirtualUnwind
RtlNtStatusToDosError RtlLookupFunctionEntry RtlCaptureContext NtCreateFile NtDeviceIoControlFile NtCancelIoFileEx |
---|---|
ADVAPI32.dll |
SystemFunction036
RegOpenKeyExW RegQueryValueExW RegCloseKey |
CRYPT32.dll |
CertDuplicateCertificateChain
CertFreeCertificateChain CertEnumCertificatesInStore CertGetCertificateChain CertVerifyCertificateChainPolicy CertFreeCertificateContext CertDuplicateCertificateContext CertAddCertificateContextToStore CertDuplicateStore CertCloseStore CertOpenStore |
KERNEL32.dll |
InitializeSListHead
IsDebuggerPresent UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentThreadId ReleaseSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockShared AcquireSRWLockShared GetCurrentProcessId SleepConditionVariableSRW GetSystemInfo SetFileCompletionNotificationModes WriteFile ReadFile CloseHandle CreateIoCompletionPort GetQueuedCompletionStatusEx PostQueuedCompletionStatus GetStdHandle GetConsoleMode GetFileInformationByHandleEx InitializeCriticalSection LeaveCriticalSection ReleaseMutex GetLastError SwitchToThread GetCurrentProcess GetCurrentThread GetProcAddress SetLastError GetCurrentDirectoryW GetEnvironmentVariableW GetCommandLineW EnterCriticalSection WaitForSingleObject WakeAllConditionVariable WakeConditionVariable TryEnterCriticalSection QueryPerformanceCounter GetSystemTimeAsFileTime TlsGetValue TlsSetValue TlsAlloc HeapAlloc GetProcessHeap HeapFree HeapReAlloc AddVectoredExceptionHandler SetThreadStackGuarantee WaitForSingleObjectEx LoadLibraryA CreateMutexA IsProcessorFeaturePresent GetFinalPathNameByHandleW SetHandleInformation GetModuleHandleW FormatMessageW GetModuleFileNameW ExitProcess CreateThread QueryPerformanceFrequency GetModuleHandleA WriteConsoleW ReadConsoleW |
Secur32.dll |
FreeCredentialsHandle
AcquireCredentialsHandleA EncryptMessage InitializeSecurityContextW AcceptSecurityContext FreeContextBuffer DecryptMessage ApplyControlToken DeleteSecurityContext QueryContextAttributesW |
WS2_32.dll |
send
WSASend getsockopt setsockopt WSAIoctl closesocket WSAGetLastError WSAStartup freeaddrinfo WSACleanup getaddrinfo recv shutdown getpeername ioctlsocket connect bind WSASocketW |
VCRUNTIME140.dll |
__C_specific_handler
_CxxThrowException __current_exception_context memcmp memcpy memmove __CxxFrameHandler3 memset __current_exception |
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
api-ms-win-crt-runtime-l1-1-0.dll |
_get_initial_narrow_environment
_initterm _initterm_e exit _exit _initialize_narrow_environment _configure_narrow_argv __p___argc __p___argv _cexit _c_exit _register_thread_local_exe_atexit_callback _set_app_type _seh_filter_exe terminate _initialize_onexit_table _register_onexit_function _crt_atexit |
api-ms-win-crt-stdio-l1-1-0.dll |
_set_fmode
__p__commode |
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
api-ms-win-crt-heap-l1-1-0.dll |
free
_set_new_mode |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jul-21 08:39:39 |
Version | 0.0 |
SizeofData | 104 |
AddressOfRawData | 0x42479c |
PointerToRawData | 0x42359c |
Referenced File | C:\Users\chronicallyunfunny\xboxlive-auth\target\release\deps\xboxlive_auth.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jul-21 08:39:39 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x424804 |
PointerToRawData | 0x423604 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jul-21 08:39:39 |
Version | 0.0 |
SizeofData | 812 |
AddressOfRawData | 0x424818 |
PointerToRawData | 0x423618 |
StartAddressOfRawData | 0x140424b70 |
---|---|
EndAddressOfRawData | 0x140424ce8 |
AddressOfIndex | 0x1404af070 |
AddressOfCallbacks | 0x1402f55a8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
|
Callbacks |
0x00000001402D0240
|
Size | 0x138 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1404aece8 |
XOR Key | 0xe3481d6f |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 12 |
Imports (VS2019 Update 9 (16.9.2-3) compiler 29913) | 2 |
C++ objects (VS2019 Update 9 (16.9.2-3) compiler 29913) | 22 |
C objects (VS2019 Update 9 (16.9.2-3) compiler 29913) | 9 |
ASM objects (VS2019 Update 9 (16.9.2-3) compiler 29913) | 3 |
Imports (27412) | 17 |
Total imports | 241 |
Unmarked objects (#2) | 524 |
Linker (VS2019 Update 9 (16.9.5) compiler 29915) | 1 |