a4596411adaf7c11dc3adcdd91f20368e35c98d3935d572caf6c2850682906d0

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Feb-14 15:28:36
Detected languages English - United States
Debug artifacts wuaucltcore.pdb
CompanyName Microsoft Corporation
FileDescription Windows Update
FileVersion 1507.2512.15022.0
InternalName wuaucltcore.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename wuaucltcore.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 1507.2512.15022.0

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExA
  • LoadLibraryExW
 Can access the registry:
  • RegDeleteKeyExW
  • RegSetValueExW
  • RegCreateKeyExW
  • RegQueryValueExW
  • RegCloseKey
  • RegOpenKeyExW
Info The PE is digitally signed. Signer: Microsoft Windows
Issuer: Microsoft Windows Production PCA 2011
Safe VirusTotal score: 0/71 (Scanned on 2026-03-26 19:58:20) All the AVs think this file is safe.

Hashes

MD5 16634ff43cab34fdf6ee8719095acc0c
SHA1 2f5d336f53133ce8ecdff2f18ed0df4db898e8f6
SHA256 a4596411adaf7c11dc3adcdd91f20368e35c98d3935d572caf6c2850682906d0
SHA3 987693e8c1ccf952ee333bc2a9c5f9fdbdcfce508037111606d24fc5eeef4dc7
SSDeep 3072:/SpKhAHvyT584ZgFqVIv8meoU55UL5MvT283UpFzRUV3l4mPzU7g5FmwEtLquYSa:KAmHvxTH8mXL5VmypYS/naww
Imports Hash 1f4072335af48c497f8287b992e28e0b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2010-Feb-14 15:28:36
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x20e00
SizeOfInitializedData 0xd800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000001AB20 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion 0.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x34000
SizeOfHeaders 0x400
Checksum 0x36b6f
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b21bd584b9bedf2747d8444db6f6b1ef
SHA1 0a8d6f972ee69941f37012afab5ce74c0c76c5e1
SHA256 3c283bea5adae47e762ebdbd344ce22a1788eaae57dcf6875ca6365fd42d340f
SHA3 d81fc12c253bbaf49b29cc8f7e64ab7d37c37791bd7ffd290428f5567fd445f0
VirtualSize 0x20c7c
VirtualAddress 0x1000
SizeOfRawData 0x20e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.31044

.rdata

MD5 78422522fd33053de25d3ce11d7e5fa3
SHA1 f647a179e727541635d5bc4c1bbe48eb5e25ab88
SHA256 b42e3cee4f846ae1c22215e9d8f2947f906bf299e87f04568d4d970018b98930
SHA3 3cf630c678704c0ab8193a1b2085ff10d822d9a6f519e4ad8b4e17c0ab632741
VirtualSize 0xa544
VirtualAddress 0x22000
SizeOfRawData 0xa600
PointerToRawData 0x21200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.0179

.data

MD5 485037d21ec76ef0f1ffe9c59dca2e29
SHA1 e76e5ed5b6e6c23df1b953f73deb454e9497c27a
SHA256 85c1b217d871b4245cbb59c9a6bca5f5a161408620077a50be52441722a6e3a4
SHA3 ae70e6dca01560fefdf8fa805e2efd25ab781624cf611635e1c82cc92aceae53
VirtualSize 0x11f0
VirtualAddress 0x2d000
SizeOfRawData 0x800
PointerToRawData 0x2b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.23206

.pdata

MD5 8e8de76ebf348bb79903bd8b12b085fb
SHA1 423d5d12a7963940aa133ecbc79ba62074347d07
SHA256 2489561c5884a827b18550b211daef3ece2dca7d418048be972d814509390250
SHA3 ae63ebbcbeaa48c7d4fd9a5c3adf6a316e77ac2b1169901f4360cf2299094882
VirtualSize 0x192c
VirtualAddress 0x2f000
SizeOfRawData 0x1a00
PointerToRawData 0x2c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.18485

.didat

MD5 6723283656e5ac5c3242826436a49126
SHA1 a85dc03326011e69c4a66c16ed72b0894939d858
SHA256 9436d653b977b33f398d6cb6e5e51efb8591cb3df6781709f2fc5a842b61f7dd
SHA3 478034bff2063b80116edf36b5184cf3ab2b6b68e06771e95e7c684a2c86e5a3
VirtualSize 0x38
VirtualAddress 0x31000
SizeOfRawData 0x200
PointerToRawData 0x2da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.404967

.rsrc

MD5 df15d43c83295f97acb76a4e742beb7f
SHA1 9708b4ad3b0fe5d2045a11ddab090f371b35a163
SHA256 5d7b2dc82cddb0cd46b293592c0567f6fa16d966d9953fa8295069796699cb5d
SHA3 2499ab7611ef400e680bd0d75bbc5841968e06b6b397656f6f0edbd8ef44de31
VirtualSize 0x834
VirtualAddress 0x32000
SizeOfRawData 0xa00
PointerToRawData 0x2dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.99794

.reloc

MD5 a5af7c080ab451309c08b564cce685a7
SHA1 53e0581f65abbd0b1dba5dd02eadd2dee70d7d44
SHA256 a99b7cd7a1117c48b5b2e094f3ee1295172d44b528ef7fb740934cfdeb0029ae
SHA3 bf5088041f280a6dc0c3a5065670b867dcc903a7dc502c16853dfc95b7682ee3
VirtualSize 0x22c
VirtualAddress 0x33000
SizeOfRawData 0x400
PointerToRawData 0x2e600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.50389

Imports

api-ms-win-core-com-l1-1-0.dll CoTaskMemFree
CoTaskMemAlloc
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
IIDFromString
CoCreateInstance
CoInitializeEx
CoUninitialize
CoDisconnectContext
CoCreateGuid
api-ms-win-core-debug-l1-1-0.dll OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-processthreads-l1-1-0.dll GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
api-ms-win-core-libraryloader-l1-2-0.dll FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExA
GetModuleFileNameA
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
LoadResource
api-ms-win-core-featurestaging-l1-1-0.dll SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
api-ms-win-core-synch-l1-1-0.dll AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
SetEvent
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx
OpenSemaphoreW
DeleteCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateEventW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0.dll HeapAlloc
HeapSetInformation
HeapReAlloc
HeapFree
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0.dll SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetErrorMode
api-ms-win-core-threadpool-l1-2-0.dll CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
api-ms-win-core-handle-l1-1-0.dll CloseHandle
api-ms-win-core-string-l1-1-0.dll MultiByteToWideChar
WideCharToMultiByte
CompareStringW
api-ms-win-core-synch-l1-2-1.dll WaitForMultipleObjects
RPCRT4.dll UuidToStringW
UuidFromStringW
api-ms-win-core-file-l1-1-0.dll GetFileSizeEx
CreateFileW
api-ms-win-core-processenvironment-l1-1-0.dll ExpandEnvironmentStringsW
GetCommandLineW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll PathFindFileNameW
api-ms-win-core-psapi-l1-1-0.dll K32GetModuleFileNameExW
api-ms-win-core-synch-l1-2-0.dll InitOnceBeginInitialize
InitOnceComplete
Sleep
api-ms-win-crt-runtime-l1-1-0.dll _initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_invoke_watson
api-ms-win-crt-private-l1-1-0.dll _o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wtoi
_o_abort
_o_exit
_o_free
_o_malloc
_o_mbstowcs_s
_o_terminate
_o_wcstoull
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__free_base
_o__cexit
_o__calloc_base
_o__callnewh
_o__get_wide_winmain_command_line
_o___stdio_common_vswprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
api-ms-win-core-delayload-l1-1-1.dll ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0.dll DelayLoadFailureHook
api-ms-win-core-sysinfo-l1-2-0.dll GetNativeSystemInfo
api-ms-win-core-sysinfo-l1-1-0.dll GetSystemTimeAsFileTime
OLEAUT32.dll SysStringLen
api-ms-win-core-registry-l1-1-0.dll RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
api-ms-win-core-winrt-error-l1-1-0.dll RoOriginateError
api-ms-win-core-rtlsupport-l1-1-0.dll RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
RtlPcToFileHeader
api-ms-win-core-processthreads-l1-1-1.dll IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0.dll QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0.dll InitializeSListHead
api-ms-win-core-fibers-l1-1-0.dll FlsAlloc
FlsSetValue
FlsFree
FlsGetValue
api-ms-win-core-util-l1-1-0.dll EncodePointer
api-ms-win-crt-string-l1-1-0.dll strcmp
api-ms-win-core-memory-l1-1-0.dll UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
api-ms-win-core-version-l1-1-0.dll GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
api-ms-win-core-libraryloader-l1-2-1.dll FindResourceW
api-ms-win-core-winrt-string-l1-1-0.dll WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0.dll RoGetActivationFactory
api-ms-win-core-localization-l1-2-0.dll (delay-loaded) FormatMessageW

Delayed Imports

Attributes 0x1
Name api-ms-win-core-localization-l1-2-0.dll
ModuleHandle 0x2d7b0
DelayImportAddressTable 0x31000
DelayImportNameTable 0x2a988
BoundDelayImportTable 0x2aa20
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

1

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x370
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.52163
MD5 2282f7340a50107f5d3a6f1d5de312f4
SHA1 f7804d136fa6a0b783dfd10c3dca6d5629371570
SHA256 8899c7d8ddd119b6cf04e712be7822dc0d0f9d5d8b2ee2691f0e8b38f7cb1513
SHA3 1d92994f02ca27e105f0fc41dcf3dc4632f44997cf87d90ed0ccfc60ec7800bc

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x421
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.93843
MD5 95244480c7c7df0b53e75df10d27f938
SHA1 0dc457501eb71fbbf486f513c97587c2984b6846
SHA256 9868e6611e5ecbdcb5daafadf654f323be1c8734397495263fcdf7c57faf174a
SHA3 11de6cbf0c4c99499930dd426ce37f852e04ebbe5ff4c4fcb04ce697a2bd652f

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1507.2512.15022.0
ProductVersion 1507.2512.15022.0
FileFlags VS_FF_PRIVATEBUILD
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Microsoft Corporation
FileDescription Windows Update
FileVersion (#2) 1507.2512.15022.0
InternalName wuaucltcore.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename wuaucltcore.exe
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 1507.2512.15022.0
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2010-Feb-14 15:28:36
Version 0.0
SizeofData 40
AddressOfRawData 0x27998
PointerToRawData 0x26b98
Referenced File wuaucltcore.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2010-Feb-14 15:28:36
Version 0.0
SizeofData 1144
AddressOfRawData 0x279ec
PointerToRawData 0x26bec

UNKNOWN

Characteristics 0
TimeDateStamp 2010-Feb-14 15:28:36
Version 0.0
SizeofData 36
AddressOfRawData 0x27e8c
PointerToRawData 0x2708c

UNKNOWN (#2)

Characteristics 0
TimeDateStamp 2010-Feb-14 15:28:36
Version 0.0
SizeofData 4
AddressOfRawData 0x27eb0
PointerToRawData 0x270b0

TLS Callbacks

Load Configuration

Size 0x148
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14002d000
GuardCFCheckFunctionPointer 5368849936
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x90cd047b
Unmarked objects 0
C objects (35215) 14
ASM objects (35215) 9
C++ objects (35215) 44
253 (35215) 1
C objects (CVTCIL) (33145) 1
Imports (33145) 6
C objects (33145) 4
C++ objects (35207) 3
Imports (VS2008 SP1 build 30729) 133
Total imports 1367
C++ objects (LTCG) (35215) 81
Resource objects (35215) 1
Linker (35215) 1

Errors

Leave a comment

No comments yet.