Manalyze report for 898d62b22583f3b85e769bc65f160a04

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Jul-15 07:15:12
Debug artifacts	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
CompanyName	AvRunaway
FileDescription	AvRunaway
FileVersion	`1.0.0.0`
InternalName	AvRunaway.dll
LegalCopyright
OriginalFilename	AvRunaway.dll
ProductName	AvRunaway
ProductVersion	`1.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: go.microsoft.com https://aka.ms https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid microsoft.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegOpenKeyExW RegGetValueW RegCloseKey` `Possibly launches other programs: ShellExecuteW`
Safe	VirusTotal score: 0/72 (Scanned on 2026-02-13 20:05:47)	`All the AVs think this file is safe.`

Hashes

MD5	`898d62b22583f3b85e769bc65f160a04`
SHA1	`57cbcd8f93da77e07883de0b1eff1c8ba5397868`
SHA256	`1921ff5c934b3fb38e303100bd9a25b7b56d40edcca492bb5d80820842f531af`
SHA3	`dacb132e69d9bc58d22f571b327205607d1ee8bb0203ed69aa2987f39fe339ef`
SSDeep	`3072:K4ym4smLLFEFKMaFFBLb+bVQjhznh7Kd1JC3YkkaZGK:Klm4sqMaFFBniJfBa4`
Imports Hash	`6a91eb82bfd19d2706c7d43c46f7064e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Jul-15 07:15:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x16000`
SizeOfInitializedData	`0xf600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000011810 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x29000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`49e9f5633a6244b24bd3b46caf9d2fdb`
SHA1	`dfe88140deee1182d66070776139193653246403`
SHA256	`e76ce991f13c7c7e7ca375811d73d9cb201b26e4a60b13afe5ae823a2833ada1`
SHA3	`6d432acbb432dc4a4f34697e6698ea44871d35ae44ef9939c9063a0bfed756d6`
VirtualSize	`0x15efc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x16000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33023`

.rdata

MD5	`52f7e56450fef6f443d67bed7efbbec1`
SHA1	`3e00b8b707d02d3c9e99a051048a4f807f1713cd`
SHA256	`4ec34a9d916b85661d3b49efb521127c9a7baf3e6f07f12a074abf095b8aa7ba`
SHA3	`4d06368dc88169f11f80ae8142cf3ec00f31b9798acc923ffa3d9d56acca58ad`
VirtualSize	`0xbcb6`
VirtualAddress	`0x17000`
SizeOfRawData	`0xbe00`
PointerToRawData	`0x16400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.82801`

.data

MD5	`f4e26a21c0ca792ce38053ff6db92a9f`
SHA1	`ce79a2374767df7dc5909410dddb926e53f4a576`
SHA256	`670a6dbac2055663b248e89e8d4b76f8d8ff826f03aac2cd110741e8b491478b`
SHA3	`78ba16178036690b2e31fe692c85fea81aa8ce1a5e844dfa31ef86f9c20171ed`
VirtualSize	`0x18a0`
VirtualAddress	`0x23000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x22200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.37998`

.pdata

MD5	`0b8f489dcd91a9f252bf6af0c48beb36`
SHA1	`f14c849067791617039a99e3628b196c9d5ab4ef`
SHA256	`05c0dd6e449b523df8ab71069d67140ec6efce4cd51883c620714373e8cdbe4c`
SHA3	`ae3fed4d90d9a4a8450dca00f7b17c0ddf1d9866023dbe4a2fd66c18a1e23b50`
VirtualSize	`0x13ec`
VirtualAddress	`0x25000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x22c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.09909`

.reloc

MD5	`50228d4425809e80768545aabad4e58e`
SHA1	`96dfd6030e2fc675708d71d4ab7504a08edd063a`
SHA256	`d73a2403bcb293c903df806cdd12f01a23c94cb520aad323cbac1618ed031afb`
SHA3	`3303d20668de9e988a8def62c403493617aea42d7f1f8e49b9d40d2b0e74b868`
VirtualSize	`0x330`
VirtualAddress	`0x27000`
SizeOfRawData	`0x400`
PointerToRawData	`0x24000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.78417`

.rsrc

MD5	`f4cb8c7cb34c6412bad3191ab019dbdd`
SHA1	`9a9afcbbf4b5f3b9be97e1165189f42cb38b595c`
SHA256	`139d3febaf0a8072d48b4894427322f3f464b17a34f787ad4dc84581ee427674`
SHA3	`0b76bbbe54fb4b33182fb182c762c6b8fe49651bc8b66a03f8352fd216d5f2bf`
VirtualSize	`0x54c`
VirtualAddress	`0x28000`
SizeOfRawData	`0x600`
PointerToRawData	`0x24400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.99511`

Imports

KERNEL32.dll	`FreeLibrary` `LoadLibraryExW` `OutputDebugStringW` `FindFirstFileExW` `EnterCriticalSection` `GetFullPathNameW` `FindNextFileW` `GetCurrentProcess` `GetModuleHandleExW` `GetModuleFileNameW` `LeaveCriticalSection` `GetEnvironmentVariableW` `GetModuleHandleW` `MultiByteToWideChar` `GetFileAttributesExW` `LoadLibraryA` `DeleteCriticalSection` `WideCharToMultiByte` `IsWow64Process` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `GetProcAddress` `GetWindowsDirectoryW` `FindResourceW` `GetLastError` `ActivateActCtx` `FindClose` `CreateActCtxW` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetCurrentProcessId` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStringTypeW` `SwitchToThread` `GetCurrentThreadId` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `LCMapStringEx` `QueryPerformanceCounter` `GetSystemTimeAsFileTime`
USER32.dll	`MessageBoxW`
SHELL32.dll	`ShellExecuteW`
ADVAPI32.dll	`RegOpenKeyExW` `RegGetValueW` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `RegCloseKey`
api-ms-win-crt-runtime-l1-1-0.dll	`_invalid_parameter_noinfo_noreturn` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_errno` `abort` `__p___wargv` `_c_exit` `_register_thread_local_exe_atexit_callback` `terminate` `__p___argc`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `fputwc` `__p__commode` `_set_fmode` `fputws` `_wfsopen` `fflush` `__stdio_common_vfwprintf` `__stdio_common_vsnwprintf_s` `__stdio_common_vswprintf` `setvbuf`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `_set_new_mode` `free` `_callnewh` `malloc`
api-ms-win-crt-string-l1-1-0.dll	`toupper` `_wcsdup` `wcsncmp` `wcsnlen` `strcpy_s`
api-ms-win-crt-convert-l1-1-0.dll	`wcstoul` `_wtoi`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64_s` `_time64` `wcsftime`
api-ms-win-crt-locale-l1-1-0.dll	`setlocale` `___mb_cur_max_func` `_configthreadlocale` `___lc_codepage_func` `___lc_locale_name_func` `__pctype_func` `_lock_locales` `_unlock_locales`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27774`
MD5	`bb08b2aa9e389cc2a28cfb23108fd461`
SHA1	`88aa3ce786e045d312c29c1a1a35bc8c216cd5ee`
SHA256	`8e5e9c00a5aa9afe784a31323108a280492593cbd5baab9481106dd7c8bdf01b`
SHA3	`e907aad4276cf9698a4a42858126cfead552b1189dc9c364428dd3411f2316a5`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	AvRunaway
FileDescription	AvRunaway
FileVersion (#2)	1.0.0.0
InternalName	AvRunaway.dll
LegalCopyright
OriginalFilename	AvRunaway.dll
ProductName	AvRunaway
ProductVersion (#2)	1.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jul-15 17:56:48
Version	`0.0`
SizeofData	`109`
AddressOfRawData	`0x1f79c`
PointerToRawData	`0x1eb9c`
Referenced File	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jul-15 17:56:48
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1f80c`
PointerToRawData	`0x1ec0c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Jul-15 17:56:48
Version	`0.0`
SizeofData	`988`
AddressOfRawData	`0x1f820`
PointerToRawData	`0x1ec20`

TLS Callbacks

StartAddressOfRawData	`0x14001fc48`
EndAddressOfRawData	`0x14001fc58`
AddressOfIndex	`0x140024888`
AddressOfCallbacks	`0x1400174e0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140023080`
GuardCFCheckFunctionPointer	`5368804368`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x8c79eb85`
Unmarked objects	`0`
ASM objects (34321)	`10`
C objects (34321)	`12`
C++ objects (34321)	`87`
Imports (VS2008 SP1 build 30729)	`16`
Imports (33140)	`9`
Total imports	`201`
C++ objects (LTCG) (34810)	`10`
Linker (34810)	`1`

898d62b22583f3b85e769bc65f160a04

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.reloc

.rsrc

Imports

Delayed Imports

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors