Manalyze report for a49c26aa0cadd994de158f51cb7eefbc

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2084-Feb-11 23:20:06
Debug artifacts	AgentActivationRuntimeStarter.pdb

Plugin Output

Safe	VirusTotal score: 0/65 (Scanned on 2021-11-17 02:06:28)	`All the AVs think this file is safe.`

Hashes

MD5	`a49c26aa0cadd994de158f51cb7eefbc`
SHA1	`1def17e66467910d0cb7984810efe5c0d366975a`
SHA256	`bf515aa1bb9865424fa665d4e781980135cb44422a84e8c63ed18b000e7541b8`
SHA3	`1e713480947a7b346a950525e8e0a9cdfd6f12197e1dab2c570815064e383b61`
SSDeep	`192:wFcdVHZqzn/3dbd3380z/hDU48AoAvclD21FZpKsBJGJZ6lE96Uc7EN:1dVH8Tdbx8ExPvt0lDOVZlUc7`
Imports Hash	`9ff2cefb944fb06f3c5f295c519519ae`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2084-Feb-11 23:20:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1600`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001B90 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x400`
Checksum	`0xf4e5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b874a253f0103e171bc72f62423a6e42`
SHA1	`86395d781d1ab2564c7ef2c4d4d627ee982ad7cd`
SHA256	`ddb1a6f9fdf2e39d8cef3d6564d892fc5b03f8fdd0ba9c523c1afbc515b5ec23`
SHA3	`b64c49c56a60ee6c6ab238e63e20b17e885012126980672e7eadbb0cb23ba361`
VirtualSize	`0x14d0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.60988`

.rdata

MD5	`b0a4daf966ce5dc492d64a286337ce2e`
SHA1	`90bb34611075b2005afab09f06a0865141bc40d1`
SHA256	`cdd700dd3ee334359c4c0d14ef1454f6a40e89e75cfab6027ec44bc3cf3c6e97`
SHA3	`fd75cf03340d06406d00b67b4e38bf555fbaafeae5b5964f33285cc92af7201f`
VirtualSize	`0x1346`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.2342`

.data

MD5	`6d1f56d08313450b2648c99cff9c8df2`
SHA1	`c469d1499943963bb65dd62f3e45cc799f0d979d`
SHA256	`40f2b11e4a10e44c4cdaacca1e3418b884f9f729c790c0ff80f0703e4113b1bb`
SHA3	`80ef79b14d2698b3dc9c100f0188d9038a43978288b28c58dbac34453235beaa`
VirtualSize	`0x6c8`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.530011`

.pdata

MD5	`9a96380fc0103139a9a4cfdf3e3881ce`
SHA1	`b6d3b79f342434c9b73f4f28560c79b749e71fc8`
SHA256	`9c78212a06a8cabd0c8497aa0837ec5894559ab63c214f1ef253d34089ea660a`
SHA3	`cd8b7d86a9ddcc6275cb5455026353e234c73c30776e3d90ff15d1a2715d7fcf`
VirtualSize	`0x1d4`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.65411`

.reloc

MD5	`42df5e8b35438019e71192a51bc1fa4c`
SHA1	`8efb0ca32d6e98b3cc69157322a293fa109be2ed`
SHA256	`f2e8ebfc648cc0f34ce8aef8d2e753b96eaf7e020aadb14e1d7ffb173cb02421`
SHA3	`995b57f9be6579977cd37333705bcced079d07d46963f56954f3c111ac3863bb`
VirtualSize	`0x68`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.36012`

Imports

msvcp110_win.dll	`?_Xlength_error@std@@YAXPEBD@Z` `?_Winerror_map@std@@YAPEBDH@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Syserror_map@std@@YAPEBDH@Z`
msvcrt.dll	`_CxxThrowException` `memmove` `_onexit` `__dllonexit` `_unlock` `_lock` `?terminate@@YAXXZ` `_commode` `_fmode` `__C_specific_handler` `_initterm` `__setusermatherr` `_cexit` `_exit` `exit` `__set_app_type` `__wgetmainargs` `_amsg_exit` `_XcptFilter` `_callnewh` `malloc` `_purecall` `??3@YAXPEAX@Z` `__CxxFrameHandler3` `memcpy`
ntdll.dll	`RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleW`
api-ms-win-core-processthreads-l1-1-0.dll	`GetCurrentProcessId` `GetCurrentProcess` `TerminateProcess` `GetCurrentThreadId`
api-ms-win-core-winrt-l1-1-0.dll	`RoUninitialize` `RoInitialize` `RoGetActivationFactory`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `RaiseException` `SetUnhandledExceptionFilter`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsCreateStringReference`
api-ms-win-core-synch-l1-2-0.dll	`Sleep`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetTickCount` `GetSystemTimeAsFileTime`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2084-Feb-11 23:20:06
Version	`0.0`
SizeofData	`58`
AddressOfRawData	`0x3694`
PointerToRawData	`0x2094`
Referenced File	AgentActivationRuntimeStarter.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2084-Feb-11 23:20:06
Version	`0.0`
SizeofData	`572`
AddressOfRawData	`0x36d0`
PointerToRawData	`0x20d0`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2084-Feb-11 23:20:06
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x390c`
PointerToRawData	`0x230c`

TLS Callbacks

Load Configuration

Size	`0x118`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005028`
GuardCFCheckFunctionPointer	`5368722376`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x96fdd50a`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
ASM objects (27412)	`3`
C objects (27412)	`19`
Total imports	`67`
Imports (27412)	`7`
C++ objects (27412)	`5`
264 (27412)	`3`
Linker (27412)	`1`

a49c26aa0cadd994de158f51cb7eefbc

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors