Manalyze report for a57b0d81081ee158d02a1b3ad4d20bb1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Oct-08 09:11:13
Detected languages	English - United States Hebrew - Israel
Debug artifacts	c:\Projects\VS2005\WinLister\x64\Release\WinLister.pdb
CompanyName	NirSoft
FileDescription	WinLister
FileVersion	`1.22`
InternalName	WinLister
LegalCopyright	Copyright © 2003 - 2015 Nir Sofer
OriginalFilename	WinLister.exe
ProductName	WinLister
ProductVersion	`1.22`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: http://www.nirsoft.net http://www.nirsoft.net/ nirsoft.net www.nirsoft.net`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegDeleteKeyA` `Possibly launches other programs: ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Manipulates other processes: Process32Next Process32First OpenProcess`
Info	The PE is digitally signed.	`Signer: Nir Sofer` `Issuer: COMODO Code Signing CA 2`
Safe	VirusTotal score: 0/74 (Scanned on 2024-07-11 20:12:34)	`All the AVs think this file is safe.`

Hashes

MD5	`a57b0d81081ee158d02a1b3ad4d20bb1`
SHA1	`102e4a3f05d2e8b9de8c3fee844e1cf43746478f`
SHA256	`805b4fbf4243d7426441da9aedf6e0f8be1cf31f7c412f5d31950c6f058c9ce7`
SHA3	`10114c33fc80198fdd9b270d4ffc56ad494243c28f909e23a6800faaef1e4fed`
SSDeep	`768:fUu7WleamRGpyysniU7byLzy9J3Ol/qTTyvJGTSg7vo3Mi+1blucWJx4W4KxYRBF:feXayC9JgSivHJY1BBaxsyU7ZfVbiAP`
Imports Hash	`2b292941503159f46536548642e259e0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2015-Oct-08 09:11:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0x7000`
SizeOfInitializedData	`0x5a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000007B60 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x400`
Checksum	`0x165ff`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b71c721d9fc21ae0551c00a792855d4d`
SHA1	`4fccb0f236cabb6d3174217c226cde95d3e6f058`
SHA256	`966171f94991eb00f228c06f9d4c653c4024c111adc13b3b63a4bfb32c1d8499`
SHA3	`eae78224c53c2bd0a8db1c49305a77ad2f7b20511e70308843e13d055f9f6324`
VirtualSize	`0x6ed7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.14823`

.rdata

MD5	`06760ba1cf14449c3e6180bc9de4f010`
SHA1	`0e842fca7add22114c7989bc4efa4592d28cad18`
SHA256	`c4548a3a35023768befacda0629b72be72c9d87b7a18f568d389365eb8fa5f94`
SHA3	`30bf8adb0fd790809d0ca57f3e7371f34fdf05db49d43ac78bc076dedabf98f0`
VirtualSize	`0x29d4`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.13894`

.data

MD5	`521c15d1a4700bf2372bdf5c6b1275c6`
SHA1	`12090dcc333631d12fa89cd72640e386b390a4ea`
SHA256	`e4f3b402426abb37020d4ed0f4b9db17d6275af52b17b571d5c40e0f8452609c`
SHA3	`71dc979bfda062a465d5edcf4cd8e4e000e7752036924ee0118e3e4c608283b6`
VirtualSize	`0xed8`
VirtualAddress	`0xb000`
SizeOfRawData	`0x400`
PointerToRawData	`0x9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.68052`

.pdata

MD5	`7c2d8fa51de8719b6ba67f0feac45787`
SHA1	`fab7ebe9fc85716470265a4f1f6d310adac1645d`
SHA256	`064218cf664879be71b550c58dd7229189a9a9d0956a70beaf0b9b2430a22c6e`
SHA3	`b370580b988af5f066c542eb779bb712eab28465d38310b3cf4abc4e5643b307`
VirtualSize	`0x480`
VirtualAddress	`0xc000`
SizeOfRawData	`0x600`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.48689`

.rsrc

MD5	`e46908b62e3edd205af23b7897b9b196`
SHA1	`c9534652eb24f9c80c030d2bd054b39c7ef1988c`
SHA256	`0bf7df8b2e297afed0f0663951dc0b0ee3b231078ae02e77e434a8798643ffed`
SHA3	`4a694b0de2b709e3aaa6d5c242bb272be5d2f879f3966ab518bd0c5cdde2493e`
VirtualSize	`0x2458`
VirtualAddress	`0xd000`
SizeOfRawData	`0x2600`
PointerToRawData	`0xa800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.39823`

Imports

msvcrt.dll	`_c_exit` `_exit` `_cexit` `exit` `_acmdln` `__getmainargs` `_initterm` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `strrchr` `_XcptFilter` `_itoa` `_strcmpi` `strcmp` `_snprintf` `free` `_memicmp` `modf` `_mbsicmp` `__C_specific_handler` `_onexit` `__dllonexit` `_mbschr` `memcmp` `strtoul` `malloc` `??2@YAPEAX_K@Z` `??3@YAXPEAX@Z` `strlen` `memcpy` `strcpy` `memset` `strncat` `sprintf` `strcat`
COMCTL32.dll	`CreateToolbarEx` `ImageList_ReplaceIcon` `ImageList_AddMasked` `ImageList_Create` `ImageList_SetImageCount` `#6` `#17`
VERSION.dll	`GetFileVersionInfoA` `VerQueryValueA` `GetFileVersionInfoSizeA`
KERNEL32.dll	`GetStartupInfoA` `WritePrivateProfileStringA` `GetPrivateProfileIntA` `GetPrivateProfileStringA` `Process32Next` `Process32First` `CreateToolhelp32Snapshot` `GetCurrentProcessId` `DeleteFileA` `WriteFile` `GetFileSize` `ReadFile` `GetVersionExA` `GetModuleFileNameA` `TerminateProcess` `CloseHandle` `GetWindowsDirectoryA` `OpenProcess` `GetProcAddress` `LoadLibraryA` `FreeLibrary` `GetTempPathA` `GlobalLock` `GetTempFileNameA` `LocalFree` `GlobalAlloc` `GetModuleHandleA` `lstrcpyA` `lstrlenA` `WideCharToMultiByte` `LoadLibraryExA` `GlobalUnlock` `FormatMessageA` `GetLastError` `CreateFileA`
USER32.dll	`GetSubMenu` `TranslateAcceleratorA` `UpdateWindow` `KillTimer` `LoadAcceleratorsA` `GetWindowPlacement` `GetMessageA` `GetWindowTextA` `SetMenu` `GetWindowThreadProcessId` `LoadMenuA` `RegisterClassA` `SetTimer` `DispatchMessageA` `DeferWindowPos` `PostQuitMessage` `TrackPopupMenu` `BeginDeferWindowPos` `EnumWindows` `SetCursor` `EndDialog` `GetDlgItem` `SetDlgItemTextA` `DialogBoxParamA` `SendMessageA` `LoadCursorA` `GetSysColorBrush` `SetWindowTextA` `ChildWindowFromPoint` `GetWindowLongA` `SetForegroundWindow` `MessageBoxA` `IsWindowVisible` `PostMessageA` `ShowWindow` `SetWindowPos` `GetClassLongA` `SendMessageTimeoutA` `LoadIconA` `SetDlgItemInt` `SendDlgItemMessageA` `SetFocus` `GetDlgItemInt` `InvalidateRect` `GetMenu` `EmptyClipboard` `EnableMenuItem` `ReleaseDC` `GetDC` `SetClipboardData` `EnableWindow` `GetMenuStringA` `LoadImageA` `GetCursorPos` `GetWindowRect` `MoveWindow` `ScreenToClient` `GetSysColor` `DefWindowProcA` `GetSystemMetrics` `GetClientRect` `GetClassNameA` `CheckMenuItem` `CloseClipboard` `OpenClipboard` `EndDeferWindowPos` `DestroyWindow` `DestroyIcon` `TranslateMessage` `CreateWindowExA`
GDI32.dll	`SetBkColor` `GetDeviceCaps` `CreateFontIndirectA` `SetBkMode` `DeleteObject` `SetTextColor`
comdlg32.dll	`GetSaveFileNameA`
ADVAPI32.dll	`RegDeleteKeyA`
SHELL32.dll	`ShellExecuteExA` `ExtractIconExA` `ShellExecuteA`

Delayed Imports

1

Type	`RT_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77748`
MD5	`4f0b46f557fd3b84c4d20215da5c399f`
SHA1	`f8eeb9a8734f582383b7318dcafb5a51bc9bf839`
SHA256	`b47ec18790b022ee5e1b699b32625e7de342f274da9579d169cf48a2e3839f14`
SHA3	`88d5e2d4a01caa059821c9340696d3291a299146e10fc68a9a55ff7fbfb16fae`

104

Type	`RT_BITMAP`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.0265`
MD5	`5d2e11d0ec543b9163bcc1663a79228e`
SHA1	`3283f9985aac9606c3a34bf2948e3c2f884331c8`
SHA256	`f600d06509ed3fb34e66b3851b2c371fafb2fd62d6799d98e719212e5f930dfd`
SHA3	`57dbc460f2ebf0c6b9a316e78633411f66a0a983c6b2134765a09fc3f34cc85a`
Preview

133

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.40854`
MD5	`0d248749732fcf3e3da3a592252af340`
SHA1	`b2baa0a6d670ad35b0ceaba653660c911a516187`
SHA256	`d734115a357c3a8530d8236632bfe6a5568be8459b95b88c557affb11838e6fd`
SHA3	`b20192a9eedb8e78a1be5e1e445d4fe4082bbe683ccb3dae60be6216e0dd5dbd`
Preview

134

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44509`
MD5	`59e845d964d01985ee7fd6dbcee9dc1e`
SHA1	`6d2d9282d27ea0b777c27a759f455a34bb8a9ad5`
SHA256	`785d147c0e4b682c4a839122fce96b8c7f935e4e64669fb04ccf48b68d1ea446`
SHA3	`5bd289f20fb793df194d1242fce52c69e3e6c1b5b9b5303019225a4522d3994d`
Preview

2

Type	`RT_ICON`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63741`
MD5	`4ed7a416f3eaddce78bccd89d9fea9bb`
SHA1	`73efe2cdb3c8f246bea05db11cb6a775d59da231`
SHA256	`3b3e677a7649b2493ad9f457ef50f376b62b0664639726c1ff33ed94558505e3`
SHA3	`c08b897bb8f1e8e705b8d6ab4455d66757f741041d64ffb890f2c2a9a3b78161`

3

Type	`RT_ICON`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.24767`
MD5	`99d4c468289995d8d66beb0b8f815820`
SHA1	`9aaf98eac2e7abd1d74a1810ed7666e99a72dd11`
SHA256	`90bb1ca85137d786e47bf886c95a575931a9c8bb08d4693dd5b0d158621dabb5`
SHA3	`503ad12dfd4891495040374a887eee5a954f21e6cc2d06180977cc53a29c5470`

4

Type	`RT_ICON`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.24767`
MD5	`6d2d89c444c210722727bb3813ec1f30`
SHA1	`ff06d6d95b6d633009ef7218a10561a0df354a5d`
SHA256	`8ca1402cf42a28c265e6236773e14e061135eea57c7d76f4180c35437df23ad8`
SHA3	`11b37454a6baad5a8148535d72689e6d8a75d6ec0758cb598151b6893f84163f`

102

Type	`RT_MENU`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x540`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42579`
MD5	`ff04cd8e9a98bf7a4e8ae5af0ac02c9d`
SHA1	`0ad710fe6efde30696cddce037d0f21cca7f05de`
SHA256	`4dbc8ee203607801a1fdfcb2699501d22d300a53aff7cb00f2b05e3f80c63ba8`
SHA3	`f2275efb1ec5789aa848be8d2cbf776bb5cbd64361ab4f4207a3689a80e3e1b5`

104 (#2)

Type	`RT_MENU`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x2e0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33489`
MD5	`c4d9b625bd18ae000bec91ef23d876d0`
SHA1	`7ed040bdcb426c4f917152ad5f6cd377ea492285`
SHA256	`c718a655562aaa33e172cb011795e6ab816a397e570074fb56c744a366d49e51`
SHA3	`9fc6ac2e1025cbe3a4fa7fd02a98737af5c76f376e05d3150cd0a64248c53a37`

105

Type	`RT_DIALOG`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22142`
MD5	`3512577bf9490f0e267d84c437de117a`
SHA1	`9ae14b43b5ff59d4b4ec65042e9359c888da8f0e`
SHA256	`beaa7df12d08baaf222b60fac2530e072db57b36c1d50a78671d21529a2ff7a0`
SHA3	`e286c2f0d5ef1e37cc062f6eff8243ae5c300832b51bddb24ec431620b081401`

112

Type	`RT_DIALOG`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0xb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00303`
MD5	`dc705fb41150fd86ac6129a5a35fe76e`
SHA1	`4968660df0b0edcecb7a4c3b3c04835f67f56d93`
SHA256	`e118899cd08f4483ed0dc1249de8da5fdad40f9dd863e5e87cec7904c047ed85`
SHA3	`fbcf3f51924ba3c4162e6b88c24d855a581633084cd7ddd2db9fb16f4adf05ee`

1096

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x33a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.53979`
MD5	`8cc6adebabe6b0146e0ede10b8ceaa1f`
SHA1	`0844611b43e8990b47259eab5d8cd0bbadeaef55`
SHA256	`a23afac60bbe678412f31c2546d8a69938ece0c24793f1cf2dae907b30930993`
SHA3	`fc2d5d67e71ed0df273c1f583d12be6699540b3fd74f2c8932856da19cd7267f`

103

Type	`RT_ACCELERATOR`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04998`
MD5	`ba718ed3f5cb42ea81ae99160cb5ce64`
SHA1	`8b07342bea9b21c403e63354778b7466036b3f88`
SHA256	`4cbb858efc511d1a5ad13df712bc53305818bd7f38530d60636740b966631a0f`
SHA3	`26a759385dd62f10a3956dda6fd68f8a81bbde9014bec4f8b956bb8646472571`
Preview

103 (#2)

Type	`RT_GROUP_CURSOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83876`
Detected Filetype	Cursor file
MD5	`a2baa01ccdea3190e4998a54dbc202a4`
SHA1	`e8217df98038141ab4e449cb979b1c3bbea12da3`
SHA256	`c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710`
SHA3	`8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc`

101

Type	`RT_GROUP_ICON`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47702`
Detected Filetype	Icon file
MD5	`29a1f473b6fc0b877ce30be83212f25a`
SHA1	`a66309103e9f7ff118fd964f2cd5ae04bbd4a322`
SHA256	`e5d571d7f26fa57c7e00290d0fa8aef8c1d519983e0aa5ecd75f5d4b41fa4cda`
SHA3	`c3b0b1b14385cdc2d88d02c11aaca33ca55d509d2fe1dce1777c05d32c0e8a30`

102 (#2)

Type	`RT_GROUP_ICON`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92322`
Detected Filetype	Icon file
MD5	`e7c220fc6c844dbd7186f0f2016d8b7a`
SHA1	`04953c5c50b45158fcdbb41609f6da71df8ddeb2`
SHA256	`4849d8d44d61f01412f5dfab2c378386a26a8bc7b15f874a86e16009942d3632`
SHA3	`fdb5db1348e7ee7715dff507fb387de80adddc71f132cec5952f5b8f3d4b7ee6`

1 (#2)

Type	`RT_VERSION`
Language	Hebrew - Israel
Codepage	Latin 1 / Western European
Size	`0x2b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35294`
MD5	`30d45e4e104cc63bfe17b2693747dc6f`
SHA1	`21b5d63c69f2831357a3a8fecc205a253cc31143`
SHA256	`5fc29fd0df0f9db21e16a1958f1ddf2a3d640f25a0a4ea1c98d5399fba790f6c`
SHA3	`1e5e2134f0091651b9751160a53aed7a352b447f5ac05444eae3d3a37c5c2c35`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x242`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.1176`
MD5	`515fffa05919d20afccc83ac45aa2367`
SHA1	`0cb9cdf79b08504e54431c138093979256ed523c`
SHA256	`f8ebf4ce98030ff3ac2f0279e07bfd811d5640f328fbc85bb40e59af1e0ee848`
SHA3	`078d4dbec1cf01068601a92214cdf68421777eca8d07ab937c6a7a3f231f873c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.2.0
ProductVersion	1.2.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	NirSoft
FileDescription	WinLister
FileVersion (#2)	1.22
InternalName	WinLister
LegalCopyright	Copyright © 2003 - 2015 Nir Sofer
OriginalFilename	WinLister.exe
ProductName	WinLister
ProductVersion (#2)	1.22

Resource LangID	Hebrew - Israel

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2015-Oct-08 09:11:13
Version	`0.0`
SizeofData	`79`
AddressOfRawData	`0x9370`
PointerToRawData	`0x8770`
Referenced File	c:\Projects\VS2005\WinLister\x64\Release\WinLister.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x138263f8`
Unmarked objects	`0`
ASM objects (40310)	`1`
C objects (40310)	`10`
Total imports	`237`
Imports (40310)	`19`
114 (VS2012 build 50727 / VS2005 build 50727)	`16`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

a57b0d81081ee158d02a1b3ad4d20bb1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

Imports

Delayed Imports

1

104

133

134

2

3

4

102

104 (#2)

105

112

1096

103

103 (#2)

101

102 (#2)

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors