Manalyze report for 90756218ca3b8641acc6c5dc315a04f6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
Compilation Date	2019-Aug-29 02:15:43
Detected languages	English - United States
Debug artifacts	srv2.pdb
CompanyName	Microsoft Corporation
FileDescription	Smb 2.0 Server driver
FileVersion	`6.1.7601.24520 (win7sp1_ldr_escrow.190828-1732)`
InternalName	SRV2.SYS
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SRV2.SYS
ProductName	Microsoft® Windows® Operating System
ProductVersion	`6.1.7601.24520`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services`
Suspicious	The PE is possibly packed.	`Unusual section name found: PAGE` `Section INIT is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: DbgPrint ZwQuerySystemInformation` Uses Windows's Native API: ZwOpenEvent ZwClose NtSetInformationThread ZwCreateFile NtQuerySecurityObject NtOpenFile NtFsControlFile ZwUnmapViewOfSection ZwMapViewOfSection ZwCreateSection ZwDuplicateObject NtClose NtQueryInformationFile NtSetInformationFile ZwQueryVolumeInformationFile NtQueryEaFile NtQueryVolumeInformationFile NtQueryQuotaInformationFile NtSetEaFile NtSetVolumeInformationFile NtSetSecurityObject NtSetQuotaInformationFile ZwReadFile ZwQueryInformationFile ZwOpenKey ZwQueryValueKey ZwQueryLicenseValue NtAllocateVirtualMemory NtFreeVirtualMemory ZwOpenThreadTokenEx ZwOpenProcessTokenEx ZwQueryInformationToken ZwQuerySystemInformation `Functions related to the privilege level: ZwOpenProcessTokenEx`
Safe	VirusTotal score: 0/71 (Scanned on 2019-12-12 13:11:28)	`All the AVs think this file is safe.`

Hashes

MD5	`90756218ca3b8641acc6c5dc315a04f6`
SHA1	`c94fe36e835b5beb2b4042e9f3e0cbe1224aaca9`
SHA256	`a0819585f51b65a00e6b6d3189e9a3069b5201b5b946755d80396a5562151cfb`
SHA3	`36737f48a7e60fa0169781ff76fa867509215d12dc6e9b5cba09eb9fd6aed78c`
SSDeep	`6144:GUzcwdfDHWa1DvHlfzmAPPlvMm3mnGsvJfOLtGWLLux2gF:FAw1rJlXJoQLYS`
Imports Hash	`74d090bc67a92d11257abccb5c8a71b8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2019-Aug-29 02:15:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.1`
SizeOfCode	`0x42000`
SizeOfInitializedData	`0x21c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000004D06C (Section: INIT)`
BaseOfCode	`0x1000`
ImageBase	`0x10000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`6.1`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x68000`
SizeOfHeaders	`0x400`
Checksum	`0x6d449`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6e6e97f42443909b1f2b272fcbe85f4c`
SHA1	`b3bc95f31b43df2542d05e355859748eca2a681d`
SHA256	`9e89e1d769816dfd6a5a9032b9c5b0c594cced706ed58627ec591ff6472ebe84`
SHA3	`9ed56e668df792f161729eb9e4c40310b0b8fcd9840b4d420af222943356b52c`
VirtualSize	`0x19ca1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x19e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`6.2413`

.rdata

MD5	`581f727e62df47874b8820b31aa62c6a`
SHA1	`fd0b4e761efa0c4dd28626fc90a503fc907e2e44`
SHA256	`5c92e605215bbc0c3f5dedec7fb8cb6d3b3f8f0a10fab2e46f3e566e7b2d8c2d`
SHA3	`dbca20e6a37002403f655c5f26086f642dbbf32e95455cc976aad43bdceb7d78`
VirtualSize	`0x5b7c`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x1a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`5.13443`

.data

MD5	`fd4befacdac5175305ed3567df1df8a9`
SHA1	`34cd4691ce0f64632065c360e4d26b92e99ae1e1`
SHA256	`09a2eab7a43f43d12ae7ed3b5091cf40e48447d8f86cd1dca07c564747621202`
SHA3	`e68e4742403596eadca5f7e826512f6844b5a0257f5a6523c523a07ef100094e`
VirtualSize	`0x1478`
VirtualAddress	`0x21000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.38393`

.pdata

MD5	`e6dd60a3915fe3f79f9fd6e48f018914`
SHA1	`95a3b50789add7541827d3876526dad05e52f2ac`
SHA256	`112e0520ce7d48e12ea78968096aebd767761dcb07a143c0dc35aa036725082e`
SHA3	`7a472d66a7cee3a301304724c078bb7b816255daea228874e2ed95ddc8c99014`
VirtualSize	`0x3954`
VirtualAddress	`0x23000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x20600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`5.47123`

PAGE

MD5	`5f642833915016b3cf113d9750465ff1`
SHA1	`a86262b96001ffdbba7978f22596703e867b31a8`
SHA256	`2cc02c39312a2d211509cf43a516551ea5b5e750984f76ece399fba4e3eab426`
SHA3	`8a927605997f31a845fc83c875de509488f6909fa4da699aae84fc3bf2cf49aa`
VirtualSize	`0x259b7`
VirtualAddress	`0x27000`
SizeOfRawData	`0x25a00`
PointerToRawData	`0x24000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.31615`

INIT

MD5	`170c1baa1212287032fa3916a595c964`
SHA1	`489618f96cae719934d2f1949cd1409be74e0522`
SHA256	`2c567ce43daba917817a67cfb1cdcc43c3503fcf650df355b2909b30ca1b818c`
SHA3	`a44b3924ed5993d31052307ebf64b7bd036d4a8819570b6a5b16d5e6e44eabf8`
VirtualSize	`0x267c`
VirtualAddress	`0x4d000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x49a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.37558`

.rsrc

MD5	`2095c2ec8a3cc23d74384fd403340307`
SHA1	`4e57c3f01a448d6b5c5f2c68b739343ad4911843`
SHA256	`8bd21140307125a4c534b2f55822344f8d8ef0c22190891bca53f5f155616bb2`
SHA3	`dcdc89b0204eb715878f68a03b25dffae60f9b14b2961efe8a89a996a014b582`
VirtualSize	`0x16e00`
VirtualAddress	`0x50000`
SizeOfRawData	`0x16e00`
PointerToRawData	`0x4c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.71898`

.reloc

MD5	`cd985273cab5f5b2aefa4ff13860d086`
SHA1	`1680bb9355b9923f72e1ff2a5bfb7b465469a179`
SHA256	`0d26ca12d1e4009a8b9450b21615c5981140506ae3df5027d092aa70b3b2460d`
SHA3	`0aa4886a582ffddbc9a5e862b3adb84b8060bccf60251fd508072822f4d99945`
VirtualSize	`0xa0`
VirtualAddress	`0x67000`
SizeOfRawData	`0x200`
PointerToRawData	`0x63000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.15114`

Imports

ntoskrnl.exe	`MmBuildMdlForNonPagedPool` `MmMapLockedPagesSpecifyCache` `KeBugCheckEx` `IoCancelIrp` `EtwWrite` `IoAllocateMdl` `IoFreeMdl` `KeGetCurrentProcessorNumberEx` `RtlImageDirectoryEntryToData` `ExAllocatePoolWithTag` `_strnicmp` `ExFreePoolWithTag` `ExInitializeResourceLite` `KeInitializeEvent` `ExAcquireResourceExclusiveLite` `ExReleaseResourceLite` `KeWaitForSingleObject` `ExDeleteResourceLite` `KeSetEvent` `ExQueueWorkItem` `IoFreeWorkItem` `IoAllocateWorkItem` `IoQueueWorkItemEx` `IofCompleteRequest` `IoGetCurrentProcess` `IoGetRequestorProcess` `KeAttachProcess` `KeDetachProcess` `ExAcquireResourceSharedLite` `RtlInitUnicodeString` `IoWMIWriteEvent` `MmGetSystemRoutineAddress` `RtlCompareMemory` `IoWMIRegistrationControl` `MmSizeOfMdl` `RtlGetVersion` `ExInitializeNPagedLookasideList` `ExInitializePagedLookasideList` `ExDeleteNPagedLookasideList` `ExDeletePagedLookasideList` `KeQueryActiveProcessorCountEx` `EtwRegister` `IoCreateDevice` `KeStackAttachProcess` `KeUnstackDetachProcess` `IoDeleteDevice` `EtwUnregister` `RtlInitString` `KeAcquireSpinLockAtDpcLevel` `KeReleaseSpinLockFromDpcLevel` `RtlOemStringToUnicodeString` `ObfReferenceObject` `ObReferenceObjectByHandle` `KeClearEvent` `IoGetRelatedDeviceObject` `IoQueueThreadIrp` `ZwOpenEvent` `ZwClose` `ObfDereferenceObject` `KeInitializeQueue` `InitializeSListHead` `KeRundownQueue` `PsCreateSystemThread` `KeInsertHeadQueue` `KeInsertQueue` `KeReadStateQueue` `ExQueryDepthSList` `ExpInterlockedPushEntrySList` `__C_specific_handler` `ExAcquireFastMutex` `ExReleaseFastMutex` `ExpInterlockedPopEntrySList` `KeLeaveCriticalRegion` `KeEnterCriticalRegion` `RtlCaptureStackBackTrace` `KeRemoveQueue` `KeSetIdealProcessorThread` `KeSetSystemGroupAffinityThread` `KeQueryGroupAffinity` `KeGetProcessorNumberFromIndex` `KeDelayExecutionThread` `PsTerminateSystemThread` `NtSetInformationThread` `WmiGetClock` `IoBuildPartialMdl` `MmUnmapLockedPages` `KeReleaseSpinLock` `KeAcquireSpinLockRaiseToDpc` `IoFreeIrp` `IofCallDriver` `ZwCreateFile` `strncmp` `KeInitializeTimer` `KeInitializeDpc` `KeCancelTimer` `KeSetTimer` `IoCheckFunctionAccess` `RtlCopyUnicodeString` `RtlAppendUnicodeToString` `RtlAppendUnicodeStringToString` `RtlEqualUnicodeString` `SeCaptureSubjectContext` `IoCreateFileEx` `FsRtlFindExtraCreateParameter` `FsRtlRemoveExtraCreateParameter` `FsRtlFreeExtraCreateParameter` `IoSetFileOrigin` `FsRtlFreeExtraCreateParameterList` `IoCreateFile` `NtQuerySecurityObject` `FsRtlAllocateExtraCreateParameterList` `FsRtlAllocateExtraCreateParameter` `FsRtlInsertExtraCreateParameter` `_vsnwprintf` `NtOpenFile` `NtFsControlFile` `RtlLengthSecurityDescriptor` `PsIsThreadImpersonating` `RtlMapGenericMask` `SeFreePrivileges` `SeReleaseSubjectContext` `IoBuildDeviceIoControlRequest` `RtlTimeToTimeFields` `RtlTimeFieldsToTime` `PsDereferencePrimaryToken` `PsDereferenceImpersonationToken` `PsImpersonateClient` `ExInterlockedAddUlong` `PsAssignImpersonationToken` `RtlCreateSecurityDescriptor` `RtlLengthRequiredSid` `RtlInitializeSid` `RtlSubAuthoritySid` `RtlLengthSid` `RtlCreateAcl` `RtlAddAccessAllowedAce` `RtlSetDaclSecurityDescriptor` `RtlSetOwnerSecurityDescriptor` `RtlGetDaclSecurityDescriptor` `RtlGetOwnerSecurityDescriptor` `SeSinglePrivilegeCheck` `SeExports` `MmUnlockPages` `ZwUnmapViewOfSection` `ZwMapViewOfSection` `MmProbeAndLockPages` `ZwCreateSection` `ObOpenObjectByPointer` `ZwDuplicateObject` `IoCreateFileSpecifyDeviceObjectHint` `DbgPrint` `ExUuidCreate` `NtClose` `ExConvertExclusiveToSharedLite` `FsRtlDoesNameContainWildCards` `NtQueryInformationFile` `NtSetInformationFile` `IoCheckEaBufferValidity` `RtlValidRelativeSecurityDescriptor` `FsRtlRemoveDotsFromPath` `ZwQueryVolumeInformationFile` `FsRtlInitializeExtraCreateParameterList` `FsRtlInitializeExtraCreateParameter` `ExLocalTimeToSystemTime` `SeLockSubjectContext` `SeQueryAuthenticationIdToken` `SeUnlockSubjectContext` `CcMdlWriteAbort` `IoCheckQuerySetFileInformation` `IoCheckQuerySetVolumeInformation` `NtQueryEaFile` `NtQueryVolumeInformationFile` `NtQueryQuotaInformationFile` `IoCheckQuotaBufferValidity` `NtSetEaFile` `NtSetVolumeInformationFile` `NtSetSecurityObject` `NtSetQuotaInformationFile` `ZwReadFile` `ZwQueryInformationFile` `ZwOpenKey` `ZwQueryValueKey` `ZwQueryLicenseValue` `NtAllocateVirtualMemory` `NtFreeVirtualMemory` `ZwOpenThreadTokenEx` `ZwOpenProcessTokenEx` `ZwQueryInformationToken` `SeSetAuditParameter` `RtlAbsoluteToSelfRelativeSD` `SeReportSecurityEventWithSubCategory` `SeAccessCheckEx` `SeAuditingWithTokenForSubcategory` `ZwQuerySystemInformation` `PsGetVersion` `ExAllocatePoolWithQuotaTag` `IoAllocateIrp` `__chkstk`
TDI.SYS	`TdiCopyMdlToBuffer`
srvnet.sys	`SrvNetDisableStatisticsQueue` `SrvNetInitializeStatisticsQueues` `SrvNetQueryConnectionRTT` `SrvNetQueryConnectionInformation` `SrvNetCloseConnection` `SrvNetDisconnectConnection` `SrvLibApplySrvDeviceAcl` `SrvNetStopClient` `SrvNetDeregisterClient` `SrvNetStartClient` `SrvNetRegisterClient` `SrvNetGetStatisticsAndLock` `SrvNetFreePool` `SrvNetAllocatePoolWithTag` `SrvNetReceiveData` `SrvNetAllocateBuffer` `SrvNetSendData` `SrvNetFreeBuffer` `SrvAdminRefreshNoRemapPipeList` `SrvAdminRefreshAllowedServerNameList` `SrvNetSetConnectionInformation` `SrvAdminRegisterProvider` `SrvAdminDeregisterProvider` `SrvAdminRegisterSession` `SrvAdminRegisterFile` `SrvAdminIsScopedName` `SrvAdminRemapPipeName` `SrvXsSchedulePrintJob` `SrvAdminDeregisterFile` `SrvAdminQueryResumeKeyTarget` `SrvXsDisconnect` `SrvXsClosePrinter` `SrvAdminEvaluateServerAlias` `SrvXsConnect` `SrvXsOpenPrinter` `SrvAdminUpdateFileSessionID` `SrvNetIncrementConnectionActiveCount` `SrvNetDecrementConnectionActiveCount` `SrvAdminDeregisterSession` `SrvAdminDeregisterTreeConnect` `SrvAdminRegisterTreeConnect` `SrvNetGetRemapPipeByName` `SrvAdminDoesPipeAllowAnonymous` `SrvXsAddPrintJob` `SrvAdminValidateSpn` `SrvAdminDoesShareAllowAnonymous` `SrvNotifyGroveler` `SrvAdminAllowIdlePowerDownForActivity` `SrvAdminInhibitIdlePowerDownForActivity` `SrvAdminInhibitIdlePowerDownForOpenFiles` `SrvAdminAllowIdlePowerDownForOpenFiles` `SrvNetGetLastProcessorNumber` `SrvNetUpdateMemStatistics` `SrvNetSetConnectionActiveCount`
ksecdd.sys	`BCryptGenRandom` `DeleteSecurityContext` `ImpersonateSecurityContext` `BCryptDestroyHash` `BCryptOpenAlgorithmProvider` `BCryptGetProperty` `BCryptCloseAlgorithmProvider` `BCryptDuplicateHash` `FreeContextBuffer` `BCryptFinishHash` `BCryptCreateHash` `AcceptSecurityContext` `RevertSecurityContext` `AcquireCredentialsHandleW` `AddCredentialsW` `FreeCredentialsHandle` `BCryptHashData` `QueryContextAttributesW` `MapSecurityError`

Delayed Imports

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81443`
MD5	`9fab609403409fec8985fec386a4730e`
SHA1	`c6414906a9ff1cc7c27bc9f165e4803bb6019b89`
SHA256	`320554d7e7ae519bcabee4860e2d46cf48d404dcf2f74997e0ca6045e5598065`
SHA3	`d00d94d1fcc19558d767040f910249b9524e927a0eaa13e5129644e87176f34c`

1 (#2)

Type	`WEVT_TEMPLATE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x15e8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.71326`
MD5	`ab21548e706868f5c51ccf56395c7c30`
SHA1	`4d6161a3ac3f92d8d695c712b3fc1e491174510b`
SHA256	`9b82fd3a82999ba5c7d818b6617786cf8ba7fa957fa3b20f00a20ed453e02f9f`
SHA3	`45ecf71eee39cf0211d00ad0778a220b4c068210e4765588ff5d74196936fc4f`

1 (#3)

Type	`RT_MESSAGETABLE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x984`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32052`
MD5	`2385e228de11a445015eae609bdd37a6`
SHA1	`5503b95a2dbe4af51024f248788e21774f28c556`
SHA256	`a47d29e35f325b7ad5b6098ad70882fa12fe7f2f5d594616a94b85dbccb9ffa2`
SHA3	`ce8771fb12d56e2f850de30b9243ffcdc18fcc39292de84bee18ff5a445fdaa4`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x39c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58743`
MD5	`9fd173c0db6c58d880a2428fcde34250`
SHA1	`480818f0eb84ab647aa95793087ca393b72e7db6`
SHA256	`c51e7cf5375fd22ca2c36a9bab1fa6b47efe47d50e9043ba346c263fe236bc54`
SHA3	`d54ace81d6f1bad23a81370a16a70a3b12d72d26cda5377c8bab4174fed61b56`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.1.7601.24520
ProductVersion	6.1.7601.24520
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DRV`
FileSubtype	VFT2_DRV_NETWORK
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Smb 2.0 Server driver
FileVersion (#2)	6.1.7601.24520 (win7sp1_ldr_escrow.190828-1732)
InternalName	SRV2.SYS
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SRV2.SYS
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	6.1.7601.24520

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Aug-29 02:15:43
Version	`0.0`
SizeofData	`33`
AddressOfRawData	`0x1ac80`
PointerToRawData	`0x1a080`
Referenced File	srv2.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2019-Aug-29 02:15:43
Version	`565.6526`
SizeofData	`4`
AddressOfRawData	`0x1ac7c`
PointerToRawData	`0x1a07c`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xeeefac36`
Unmarked objects	`0`
Total imports	`281`
Imports (VS2008 SP1 build 30729)	`9`
ASM objects (VS2008 SP1 build 30729)	`4`
C objects (VS2008 SP1 build 30729)	`5`
142 (VS2008 SP1 build 30729)	`70`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

90756218ca3b8641acc6c5dc315a04f6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

PAGE

INIT

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_RESERVED

TLS Callbacks

Load Configuration

RICH Header

Errors