Manalyze report for 8ebc2c50697810d4df9579604b9dd79e3250d5259d6af1f6fa4c6108f6f8e856

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Jan-16 15:54:14
Detected languages	English - United States
Debug artifacts	C:\build\cpython\PCBuild\win32\pythonw.pdb
CompanyName	Python Software Foundation
FileDescription	Python
FileVersion	`3.5.3`
InternalName	Python Console
LegalCopyright	Copyright Â© 2001-2016 Python Software Foundation. Copyright Â© 2000 BeOpen.com. Copyright Â© 1995-2001 CNRI. Copyright Â© 1991-1995 SMC.
OriginalFilename	python.exe
ProductName	Python
ProductVersion	`3.5.3`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: BeOpen.com`
Info	The PE is digitally signed.	`Signer: Python Software Foundation` `Issuer: StartCom Class 3 Object CA`
Safe	VirusTotal score: 0/72 (Scanned on 2026-04-20 15:49:17)	`All the AVs think this file is safe.`

Hashes

MD5	`638366a80137779f1ed7507b6b379c90`
SHA1	`b885ffba7f4180a00595919fe4d66c7c67e73065`
SHA256	`8ebc2c50697810d4df9579604b9dd79e3250d5259d6af1f6fa4c6108f6f8e856`
SHA3	`91d688ade862aa78e85f8f1faec7b52144ff05f7c78b1ac115fa47a63be7c4b8`
SSDeep	`768:jbRITkVHEUOilLMIpNiWjPVNf/RXR7RDYzBGVp+M:jbwkVkUjlYIpNieVZ/RXR7SsVpz`
Imports Hash	`b602cfae7fa16dd24fc7ca77bedfd409`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2017-Jan-16 15:54:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1200`
SizeOfInitializedData	`0x6c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001299 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x1d000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xd000`
SizeOfHeaders	`0x400`
Checksum	`0x10013`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x1e8480`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5b8453041554bf531a0077683df99141`
SHA1	`fb9e841fc55f5417ea8f74b4e129c61a32d34f22`
SHA256	`9a8e287ded60ea3f4e4aed8a78cc94d5e1d89b422602065bf4ffef640d5e39d7`
SHA3	`31541b3f1a5ea7f3796da9e8476743dea44eb99baacbcbf995c91635e3a3545a`
VirtualSize	`0x1078`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.92017`

.rdata

MD5	`048aeb08443a968e1cee4d3ac72baf32`
SHA1	`60651a35ebba78c7750047bd543e4e8864144007`
SHA256	`ff5b38cc7dd00c329bc3de5053c048195d2c0373558df11dd9f5d75e29d987ae`
SHA3	`d3ada59d68fdaa9ce31d5d03b7866b6ea2f71ff61bcb4665814604d0000a9c90`
VirtualSize	`0xb08`
VirtualAddress	`0x3000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.51465`

.data

MD5	`550b6d19eefd3a6f89a89a9be78fdbaf`
SHA1	`8ecc1f32ace62555c4813cde841b42d4d2b96f5a`
SHA256	`001cc148d185d7d29246eff5375f33b25cb070b959413a1f8dcf1ec3a4475bbd`
SHA3	`cf54e2e6646dab051d22e2fb2f63c5526b6cd7107b05660aa03783d21ec08748`
VirtualSize	`0x384`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.280401`

.gfids

MD5	`6452981ac31dd4560d40db77ffcb7c7f`
SHA1	`b8642df43945f6b47e75777be246fa041fdf4a3b`
SHA256	`ea8efc6fe3ccd5b72dbe76a0e3962af887a48d374e2d2aca8d473a017465f3a0`
SHA3	`4d9a392c515cb956c313260a4cfae93abeb78dc529d3fb294fcf2fdde62fee6e`
VirtualSize	`0x24`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.174052`

.rsrc

MD5	`a2283550b2a8ec3e2f56e5e63506be29`
SHA1	`afe8a43ae35925803eecae13431574823777e571`
SHA256	`b993d3fe1bc0d451a72b152259cf9765fbfa29857e89e68e97e04589391e03e2`
SHA3	`2a7533df018e8d16ba25a7d364b81f6803b7d266903aa3f7dd2499f9ccf069d7`
VirtualSize	`0x5778`
VirtualAddress	`0x6000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.79451`

.reloc

MD5	`529c62fb1c8e7f51e1d99da85c6a77b1`
SHA1	`b659a1e69799794705f3ad8bdc2c3a23d1250878`
SHA256	`7b29b28f4bd693feb13cf72624fd3ced7da940a623d1628f8366cb0f01d20836`
SHA3	`14f9abb6ab5195baf9609368ba1b7788fa88a37b080d240b249c0dbd0be71c88`
VirtualSize	`0x1ec`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18013`

Imports

python35.dll	`Py_Main`
VCRUNTIME140.dll	`memset` `_except_handler4_common` `__std_type_info_destroy_list`
api-ms-win-crt-runtime-l1-1-0.dll	`_configure_wide_argv` `_seh_filter_dll` `_configure_narrow_argv` `_initialize_narrow_environment` `_cexit` `_c_exit` `_exit` `_crt_atexit` `_crt_at_quick_exit` `_controlfp_s` `terminate` `_register_onexit_function` `_register_thread_local_exe_atexit_callback` `_initialize_onexit_table` `_initialize_wide_environment` `_set_app_type` `_seh_filter_exe` `__p___argc` `__p___wargv` `exit` `_initterm_e` `_initterm` `_execute_onexit_table` `_get_wide_winmain_command_line`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`
KERNEL32.dll	`GetModuleHandleW` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetSystemTimeAsFileTime`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30646`
MD5	`a6da7ec7d63661b6fec61db132d54318`
SHA1	`8936adfe99f94f622ed5a8f4a15e6c3bcc26ddc0`
SHA256	`2a44cd438988d375f1d5f1350af9d1db01a57ba0100be035660ffec614b0955b`
SHA3	`ea22965e48f176e17bd07287d36dd5761235173c34b5ce5b63a60aaf6acd848e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91288`
MD5	`d68dc372e17d178bb69f704f237ea9de`
SHA1	`ceb4b93d5cf325f23c73bffcd8a89eb4f321d4cf`
SHA256	`0f091f3582a0dd8e3b9ed1f9fff2cec294c232c522035b011eac1037230534d8`
SHA3	`fd26c426d6f29da40a84d443cb9ffd65fcfd4808acb1cb63373fe56bf12be03c`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68323`
MD5	`d0ef51ed7054b96b74898a9d79b63614`
SHA1	`f6e7975ec966dc7795fdb4fc011c9172dde1ba52`
SHA256	`11d2ef1eb8c9b7cd7d71ef2f3576af552084093e01f61f8581f25e510f70accb`
SHA3	`da98b47e2e99650311539f85df95db3ea8aa4e5871cc500e59eb936e5c2073aa`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.74229`
MD5	`698b970bce42323f04f2c369fb993f13`
SHA1	`1b0288ba8f77775bc1d16e8b00068a75eab82155`
SHA256	`ec35a2c4c536629d62390d2ad0a4e6439a96cd66f08b2ccfc597937cc4ffec34`
SHA3	`cb3fa1186a72894f52abc5280d3b39c49ac2d7cde16375b0c1ccf22871b9c0ca`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85564`
MD5	`876e6e7d22c514b733f6ea6784ecbcdf`
SHA1	`6a47afe3e06d069ce62915762b06c96b4b3a4fef`
SHA256	`58662df6b7cbbae8de0b4e431bb50dffa442b86228ca1c4cf4d217a52e0ebe0d`
SHA3	`7f51f03b0ede6ca32f46c5c7f41710b19256b0223e9302c77dd4db3cc6ca2c6b`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06376`
MD5	`3f8463603c61f6f3aeba8da3b69bfa34`
SHA1	`c31ad2af1b66ccb4d768067fff61fdb92ff2f9cb`
SHA256	`b183fc9bda8d3bafa5c2057f17e1993e70853b394c259eb53ed3771b26f011fc`
SHA3	`5f1a419ed97940b717c3798636688454ed602bb9f7ddc2317ad694643fb405f7`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.06706`
MD5	`2863e69e599af28a20b9792502dd0854`
SHA1	`2d8cfef7e07286d355db9d41d3162b66747f816b`
SHA256	`ceceb916495608465311827e73f8e716214f9c8d1882a262b6dafb300baccd8e`
SHA3	`6d658a05f35a188216bc769148375ac9ca98da6fdd97b45de6512d0ed1536dee`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7862`
Detected Filetype	Icon file
MD5	`17171dd78a938fb3d63bd1f397d13fd1`
SHA1	`bb7965fb207a8df8f872e8f2cc252879300806c0`
SHA256	`3c308a03d4719a460425f7fc8da93c2b95ad5c4cbec503a93cfbb10d170a5508`
SHA3	`7dcd5689196e01fc893c261f1a912cd6399f47baf6c103e39581c56e1922099d`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50273`
MD5	`ac2df811492956d80d6def8093d9a5b0`
SHA1	`0c8724135e407abf86ff159b146835c529434a2e`
SHA256	`a1751560a1561809c147c39ebf41dfe22d6f992bf88d2241f35e5549aa2d19e7`
SHA3	`03d29e7d9c4b3d20db820c075c1c9666fa0c4921652839cdb3330edc212a1fb8`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x43a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.227`
MD5	`9fbe37961fb933ec335201051e174ba2`
SHA1	`d6aa6d844e98302ff0a630d76ed49727f9ba2101`
SHA256	`80e65eccfaf09ddf8bed9e05032b955ae1721674898294880fd33caab4025c1c`
SHA3	`be94331e94d2d8394044df291edd7323cd2188ab18fbebb13909335afd92958b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.5.3150.1013
ProductVersion	3.5.3150.1013
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Python Software Foundation
FileDescription	Python
FileVersion (#2)	3.5.3
InternalName	Python Console
LegalCopyright	Copyright Â© 2001-2016 Python Software Foundation. Copyright Â© 2000 BeOpen.com. Copyright Â© 1995-2001 CNRI. Copyright Â© 1991-1995 SMC.
OriginalFilename	python.exe
ProductName	Python
ProductVersion (#2)	3.5.3

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-Jan-16 15:54:14
Version	`0.0`
SizeofData	`67`
AddressOfRawData	`0x31e4`
PointerToRawData	`0x17e4`
Referenced File	C:\build\cpython\PCBuild\win32\pythonw.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2017-Jan-16 15:54:14
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3228`
PointerToRawData	`0x1828`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-Jan-16 15:54:14
Version	`0.0`
SizeofData	`616`
AddressOfRawData	`0x323c`
PointerToRawData	`0x183c`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1d004004`
SEHandlerTable	`0x1d0031e0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x323e1d2a`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (VS2015 UPD3 build 24123)	`2`
ASM objects (VS2015 UPD3 build 24123)	`1`
C++ objects (VS2015 UPD3 build 24123)	`18`
C objects (VS2015 UPD3 build 24123)	`13`
Imports (VS2015 UPD3 build 24210)	`3`
Imports (65501)	`2`
Total imports	`46`
C objects (LTCG) (VS2015 UPD3 build 24210)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3 build 24210)	`1`

Errors

Leave a comment

No comments yet.