9235e2d73ac1d7004a1f32f25fbf68ed

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Apr-06 23:28:10
Detected languages English - United States
Debug artifacts E:\A\_work\954\s\core-setup\Bin\obj\win-x64.Release\corehost\cli\exe\apphost\Release\apphost.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info Interesting strings found in the binary: Contains domain names:
  • go.microsoft.com
  • http://go.microsoft.com
  • http://go.microsoft.com/fwlink/?LinkID
  • microsoft.com
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Safe VirusTotal score: 0/60 (Scanned on 2021-04-05 18:24:44) All the AVs think this file is safe.

Hashes

MD5 9235e2d73ac1d7004a1f32f25fbf68ed
SHA1 0a248b3c481760ed93fb2c227706323ef6eebb70
SHA256 19ecbf28d46f5ee18b3eca595ce0279525f92402f866849f3d1b215c49f82527
SHA3 25c0883b16127d0b34626f7f5ab8f92e706855041f23e07df9823099629b6575
SSDeep 1536:1U3BmSXTO/fu1n9jvQT03ZDXLnaH3P2Idu6s81fO:1sISXS/fuh9jvQTsXhSuKO
Imports Hash a1fe8b96f5a7c3961c3a0225c34f2ba5

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2018-Apr-06 23:28:10
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x8800
SizeOfInitializedData 0xb200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000005910 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x18000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x180000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0002ad839a8008e54f6be966ba6cdf02
SHA1 779a22825174a139c52e3d7a2266d791cc03e29c
SHA256 50b31128a420f187b0c1d758f13a21f364d6ebd5ba88696252b31881922191b9
SHA3 79b6edba898030c1383e486297cb7298df3500bed5ec5146c71ff10f5c37aa53
VirtualSize 0x863c
VirtualAddress 0x1000
SizeOfRawData 0x8800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.24397

.rdata

MD5 a0afdf8fca925b8dbfc5b5d87717f473
SHA1 4b00c0c917ad97aba4358ef124a47cb446c39ab8
SHA256 915a08f2fc5da03d8536cefe2153db8580519a22e877dd946d67349acf6fbb47
SHA3 cd9889b519b963cf9affcca07486ad38c4bf635ed80e9f24ef9d38a38d601e82
VirtualSize 0x8a94
VirtualAddress 0xa000
SizeOfRawData 0x8c00
PointerToRawData 0x8c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.86976

.data

MD5 3f92f79e88df4bf8ad1af599b0df4aa8
SHA1 5af0bf70322d5c2fdd2fb61532ca7ca9d377828a
SHA256 9f987411e1d2cf802afd7db6bd9875aebe7ad37e1f36041f55a1054cfef153b3
SHA3 1260d516a0707aa5bf35f643117fabff2041accdd68596c80afd92e5341d34d9
VirtualSize 0xf90
VirtualAddress 0x13000
SizeOfRawData 0x400
PointerToRawData 0x11800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.55314

.pdata

MD5 0194b4715dddcd9f4cf79fdafb233345
SHA1 f218e82f238edea988678463f0cab7c2c836caa0
SHA256 fdb5e9298b9db843977698e1aa434a8f98559ba7c27d0c88f4d93277a8c7ee2c
SHA3 d141c147fd00a1d0fd5132ed53e126e760023bf9e5b491fb20533514cdcc3e45
VirtualSize 0xa74
VirtualAddress 0x14000
SizeOfRawData 0xc00
PointerToRawData 0x11c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.28563

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0x15000
SizeOfRawData 0x200
PointerToRawData 0x12800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.rsrc

MD5 c970c10a1e848ee974b87923ecbe6a2f
SHA1 6ec2704ce400703f30cf17cd7f5fb2ff7e4f9d67
SHA256 89f09174fd3a95dbea4b9e942ebd1106fa66ab65b71e2f1b47ad03120f498cd6
SHA3 3f834a2458f6aff655a398bb54821be6722cecca1ad1d0c3f33d8ef5408ca9d5
VirtualSize 0x1e0
VirtualAddress 0x16000
SizeOfRawData 0x200
PointerToRawData 0x12a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70616

.reloc

MD5 3e8b6bcd5ef255759010fc2e01190007
SHA1 7706ebb4387a865dc3263d0985bf702b394fa5de
SHA256 698ac24367b1e4efcd4216842c21ee916ee269c60d3ae9cbd34baf36408c5eed
SHA3 081984175de1e07d9e6a27725e533fe201fc95c8deec7bd8c9c692d27cfef8b4
VirtualSize 0x5b4
VirtualAddress 0x17000
SizeOfRawData 0x600
PointerToRawData 0x12c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.32049

Imports

KERNEL32.dll GetEnvironmentVariableW
GetFileAttributesExW
GetFullPathNameW
CloseHandle
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-crt-runtime-l1-1-0.dll exit
abort
_initterm_e
_initterm
_exit
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
_set_app_type
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_get_initial_wide_environment
_cexit
_crt_atexit
terminate
_register_onexit_function
_initialize_onexit_table
api-ms-win-crt-string-l1-1-0.dll memset
strcpy_s
_wcsicmp
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__acrt_iob_func
fputws
__p__commode
__stdio_common_vfwprintf
fflush
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
_calloc_base
_free_base
free
_callnewh
malloc
api-ms-win-crt-convert-l1-1-0.dll _wtoi
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll __setusermatherr

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Apr-06 23:28:10
Version 0.0
SizeofData 121
AddressOfRawData 0x10cb4
PointerToRawData 0xf8b4
Referenced File E:\A\_work\954\s\core-setup\Bin\obj\win-x64.Release\corehost\cli\exe\apphost\Release\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2018-Apr-06 23:28:10
Version 0.0
SizeofData 20
AddressOfRawData 0x10d30
PointerToRawData 0xf930

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Apr-06 23:28:10
Version 0.0
SizeofData 928
AddressOfRawData 0x10d44
PointerToRawData 0xf944

TLS Callbacks

StartAddressOfRawData 0x140015000
EndAddressOfRawData 0x140015008
AddressOfIndex 0x140013840
AddressOfCallbacks 0x14000a350
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140013080
GuardCFCheckFunctionPointer 5368750760
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x8d3c674a
Unmarked objects 0
ASM objects (VS2015 UPD3 build 24123) 7
C++ objects (VS2015 UPD3 build 24123) 57
C objects (VS2015 UPD3 build 24123) 33
Imports (VS2008 SP1 build 30729) 18
Imports (65501) 3
Total imports 148
C++ objects (VS2015 UPD3.1 build 24215) 5
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->