9a8abfa946abfeb779900f4a96743a49

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2078-May-03 19:06:54
Detected languages English - United States
Debug artifacts setup.pdb
CompanyName Microsoft Corporation
FileDescription Remote Desktop Connection Installer
FileVersion 10.0.25989.1000 (WinBuild.160101.0800)
InternalName setup.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename setup.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.25989.1000

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Suspicious The PE is possibly packed. Unusual section name found: fothk
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Info The PE is digitally signed. Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA 2011
Safe VirusTotal score: 0/65 (Scanned on 2026-01-13 05:01:53) All the AVs think this file is safe.

Hashes

MD5 9a8abfa946abfeb779900f4a96743a49
SHA1 7615e68cf9bc86f07e766309a006106ce30dfa8d
SHA256 45f8d6c736caab6bfbb9a1ae3897781b8694ea8607750aa192aada8dadbf7931
SHA3 0fd561172a492e29aee3748580dc220c49a9316b7342ef11c267ff3e47c3aaac
SSDeep 6144:RJRnEiGqktZYACvZwFd3tLK0/BOsMXSTcpNN3N:RJRnG/QAC6XtLK0/KnN
Imports Hash 929b891f7f2de6f3a82da7006a67e382

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2078-May-03 19:06:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x25000
SizeOfInitializedData 0x1c000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000014990 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x42000
SizeOfHeaders 0x1000
Checksum 0x4509b
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x80000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a00f27c3d69d60df80e052d4308ed900
SHA1 f606336aa5eb0b99eccf476efedd1f94698d8643
SHA256 63a9f41903c8eab7cfbe44470c66df2b7a301207e07b01e577a9e80acc91c934
SHA3 412b66abc03045407b0a5a2c24f4dbdb8291bf16c07522e7d75bc2dc4bf3fc49
VirtualSize 0x239db
VirtualAddress 0x1000
SizeOfRawData 0x24000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.33175

fothk

MD5 3759e7e6de97428c4e26f6c550d3bcca
SHA1 883cbf020290e951e737ca20e0eb9b209207616c
SHA256 b7187488ce81a174961092cb7b7fb277c26b9ed3d39da1d6b1419ce5d42e6dbb
SHA3 451b5d37bbc7e554a76c864583da81d63f763be44c5fc7785bf3e628c7998db2
VirtualSize 0x1000
VirtualAddress 0x25000
SizeOfRawData 0x1000
PointerToRawData 0x25000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.0159202

.rdata

MD5 98e45999ab5c90ff7e330ce9789de14b
SHA1 652f4ecc6ef50af951b905fdc3e3ccf5d3775d7c
SHA256 ec78252c5ebfac32db7cb8175ac5700b1646812297b103301dd2e686331b1a91
SHA3 a2d1cd4d1a6a9d844b2b8a151eacf823da6d06479baf3d4dd562c05069049385
VirtualSize 0x1461a
VirtualAddress 0x26000
SizeOfRawData 0x15000
PointerToRawData 0x26000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.91981

.data

MD5 6c40ec450e08bfcbcb11b8a6214280a1
SHA1 157c815cb9d9954c648e74a4369aa2687db5fdfd
SHA256 13fa68f9248f0347abb8088b7d4d0cd2bbf251a7913996dffa54bf87a654226b
SHA3 4e938e74321ce22686854df3414682a56e35c50f28c681b9bad38d4e4b2a536f
VirtualSize 0x20e8
VirtualAddress 0x3b000
SizeOfRawData 0x1000
PointerToRawData 0x3b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.93434

.pdata

MD5 a7dd1eba818ee9a0fbb7ae96c7ca2199
SHA1 c416070f3b06901853f233f6d73717d1bb179630
SHA256 d39cc36d197f2faa2920bff331932d95ce79353cb4cc27c53a76967283e52a52
SHA3 aac7ab0f8a57320327d05e38498853fbb53375475fcc5539bd00d07bd043e0be
VirtualSize 0x1adc
VirtualAddress 0x3e000
SizeOfRawData 0x2000
PointerToRawData 0x3c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.84279

.rsrc

MD5 edb67c9d3677b2faed5284a4dc71a294
SHA1 44804901873bbafabf7a2c9adca661eb70fd6178
SHA256 3521a0bfe7096dece6a8319092f00fc43d333d24cea3d6f0d1bc957e816ea5d5
SHA3 132ef0066b695f475451b255cee758b5a8a0aa34364afd6c5f88d54e15741706
VirtualSize 0x8f0
VirtualAddress 0x40000
SizeOfRawData 0x1000
PointerToRawData 0x3e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.94051

.reloc

MD5 dbfbac262b03b53d0a376c3703defc1a
SHA1 bcee11e4e9bf6a8062bb1061b28dd5d5c1d5fc2a
SHA256 99042f5667f6b2d5039d7f3c7eb46c5c67ab2827164c2da352c1f2ecae8a7585
SHA3 db9a62dfd100f1c7f715f5e29de159bef6db79e3f034845c279aca65fbefe7d2
VirtualSize 0x614
VirtualAddress 0x41000
SizeOfRawData 0x1000
PointerToRawData 0x3f000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.84679

Imports

KERNEL32.dll GetThreadPreferredUILanguages
GetEnvironmentStringsW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetCommandLineW
DebugBreak
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
ExitProcess
FreeLibrary
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
HeapSize
HeapReAlloc
RaiseException
CreateFileW
WriteConsoleW
SetEvent
ResetEvent
CreateEventW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionEx
GetCommandLineA
FindFirstFileExW
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
FindFirstFileW
LocalFree
FindNextFileW
FindClose
GetModuleFileNameA
COMCTL32.dll TaskDialogIndirect
ole32.dll CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
DismApi.DLL DismCloseSession
DismOpenSession
DismInitialize
DismDelete
DismShutdown
DismEnableFeature
DismGetFeatureInfo
api-ms-win-core-path-l1-1-0.dll PathCchRemoveExtension
PathAllocCombine
api-ms-win-core-featurestaging-l1-1-0.dll RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
SHELL32.dll SHGetKnownFolderPath

Delayed Imports

1

Type MUI
Language English - United States
Codepage UNKNOWN
Size 0xc8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.75323
MD5 6508d138f1bc058a1415df032f89492e
SHA1 8c77a31ac3e51edfc1c36683adb730b73f5b7f25
SHA256 29f9914a75db5877bd47c797eb181dba0007951ef7c75fc3c0f9f08e02e8dbea
SHA3 3cf993b5632a993107c2174aeb509303220d49278ca3d43bdf747c9dfd3dde77

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x3ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.49059
MD5 1088d45aa127f38297a1ed4e6c0b0e71
SHA1 1d3a7e530e715c2d91844138d276554a9a472b3c
SHA256 9811ee3741d3efee582ca1e509bd4a096e099f1ceb63f1658a08386f59556dfe
SHA3 237442018867236245dbe0d9ac3cbcadc81ce2b1602006508f23dd9dab5b38ba

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x387
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.98091
MD5 1eedae2f4a24de58c97f50ab967984ae
SHA1 928061bdce44b49d7c60255f791d3caaf620e97f
SHA256 60bfe890ffc9829785177b7cffb85a77ccdaaa5e5edbbb7bee6b7fc932f85d8e
SHA3 bda3ce91e7848a2ec2285ca13ec326a9390e35f542a714a0d0b7308efe9cebe3

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.25989.1000
ProductVersion 10.0.25989.1000
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Remote Desktop Connection Installer
FileVersion (#2) 10.0.25989.1000 (WinBuild.160101.0800)
InternalName setup.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename setup.exe
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.25989.1000
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2078-May-03 19:06:54
Version 0.0
SizeofData 34
AddressOfRawData 0x36f08
PointerToRawData 0x36f08
Referenced File setup.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2078-May-03 19:06:54
Version 0.0
SizeofData 1108
AddressOfRawData 0x36f2c
PointerToRawData 0x36f2c

UNKNOWN

Characteristics 0
TimeDateStamp 2078-May-03 19:06:54
Version 0.0
SizeofData 36
AddressOfRawData 0x373a8
PointerToRawData 0x373a8

UNKNOWN (#2)

Characteristics 0
TimeDateStamp 2078-May-03 19:06:54
Version 0.0
SizeofData 4
AddressOfRawData 0x373cc
PointerToRawData 0x373cc

TLS Callbacks

StartAddressOfRawData 0x1400373f0
EndAddressOfRawData 0x1400373f8
AddressOfIndex 0x14003cb70
AddressOfCallbacks 0x140028830
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14003bb88
GuardCFCheckFunctionPointer 5368874824
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0xa49411fa
Unmarked objects 0
Imports (32595) 2
Total imports 132
Imports (VS2008 SP1 build 30729) 15
Unmarked objects (#2) 1
C objects (32595) 29
ASM objects (32595) 15
C++ objects (32595) 188
C++ objects (LTCG) (32595) 3
Resource objects (32595) 1
Linker (32595) 1

Errors