Manalyze report for ac139e08070885a2f021e30fab609eee

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2018-Apr-05 05:10:46
Detected languages	English - United States
Debug artifacts	vcruntime140.i386.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft® C Runtime Library
FileVersion	`14.14.26405.0 built by: VCTOOLSREL`
InternalName	vcruntime140.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	vcruntime140.dll
ProductName	Microsoft® Visual Studio® 2017
ProductVersion	`14.14.26405.0`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA`
Safe	VirusTotal score: 0/69 (Scanned on 2021-01-07 20:14:54)	`All the AVs think this file is safe.`

Hashes

MD5	`ac139e08070885a2f021e30fab609eee`
SHA1	`3d3c2877cf3c4aa1a1f62708494375404d02cf22`
SHA256	`eea2df0c3d2bf84ee8bc811439a81578f6521c8b28b6cc815c93fb870ac7a0d7`
SHA3	`330a729c11a461d5670a87df68261d311cef6431c169ffb0c4a28fcb44c3bdca`
SSDeep	`1536:fGcAKWRMbpuRQci+7uXTKLWe+27JofZo0ENm2eK7oJnoUSgpAY8ODcDcm7cIsXh0:fG3KiRQcJ7uj8f7Jofm0ENm2eK7mnoUS`
Imports Hash	`83389e0e85c1aec548f99f551a2f93ad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Apr-05 05:10:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xf800`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000B3F0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x11000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`A.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x400`
Checksum	`0x1dba3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a1005d0d9ca9d0727b2a71b5ee6c5bf5`
SHA1	`76186b7c2e615fcd5b90e649595b4f7c46ce4777`
SHA256	`b3f2f0027621ff5aec21a61c191820147447bc6c19a44e53395dee3e363ba39b`
SHA3	`8d16f1582be892225cea0ad1660ece4615b5927ba4a22b1f6f3e8c1795ce35bd`
VirtualSize	`0xf6c4`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59132`

.data

MD5	`df1c4b740db50740f94e985c37597d30`
SHA1	`ddc67396fea01ae7d654281e08dbdecdd66d18d6`
SHA256	`c651de2a74dbaf4aeae48d0601c7aad8f015f30b1fce1d91d11ca0b5967cebc2`
SHA3	`09623bf6bf0f60bc228ddee7c0126ccc4dd662d9347152fc2e188795c9788c6b`
VirtualSize	`0x610`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0xfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.71435`

.idata

MD5	`0c940c24ece2d8ca2eee76d5fdec4650`
SHA1	`a8103f55d17b6f64978016e914430666f16d8da0`
SHA256	`1d5c3229b8073ef48e60a2d708379eee7bff6e1de72180b6edc57ee21ad1d35e`
SHA3	`b325c9a58b020a99ae5766ab9a33852f0fbfbad3a4bea5e7385d8446184d0718`
VirtualSize	`0x584`
VirtualAddress	`0x12000`
SizeOfRawData	`0x600`
PointerToRawData	`0xfe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.91753`

.rsrc

MD5	`cd1c8ba4f6c10c23e85c55d1a4514c55`
SHA1	`b33852f62a7daec2881caaf40d36a1f1ef3e6160`
SHA256	`cd74ef97b088db76e01ed8c61ba04eba9cec93842b26b06b797e993b4ae42e9e`
SHA3	`bb8f13fe4fb50870b3526d8991db10660ed2d052b20740fc82c5c5f9a5054171`
VirtualSize	`0x408`
VirtualAddress	`0x13000`
SizeOfRawData	`0x600`
PointerToRawData	`0x10400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.45728`

.reloc

MD5	`ddae160b51869c2d0e3e128eed8267b2`
SHA1	`51004206f999247fc99bd5de19e99c1895261c24`
SHA256	`c6b809d929bffecc0553c9add2f908925e399c1b19d5c36673342e329a85c11a`
SHA3	`80739af70946263b50686991c88cc2a1cbc620425343fbb4f6577a90ebd20951`
VirtualSize	`0xb48`
VirtualAddress	`0x14000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x10a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49413`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`abort` `terminate`
api-ms-win-crt-string-l1-1-0.dll	`strcpy_s` `wcsncmp`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `calloc` `free`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsprintf_s`
api-ms-win-crt-convert-l1-1-0.dll	`atol`
KERNEL32.dll	`DeleteCriticalSection` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetModuleFileNameW` `LoadLibraryExW` `TlsFree` `TlsGetValue` `RtlUnwind` `VirtualQuery` `EncodePointer` `InterlockedFlushSList` `InterlockedPushEntrySList` `RaiseException` `EnterCriticalSection` `LeaveCriticalSection` `GetProcAddress` `SetLastError` `GetLastError` `TlsSetValue` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `FreeLibrary`

Delayed Imports

_CreateFrameInfo

Ordinal	`1`
Address	`0xf1e0`

_CxxThrowException

Ordinal	`2`
Address	`0x48c0`

_EH_prolog

Ordinal	`3`
Address	`0xf7e0`

_FindAndUnlinkFrame

Ordinal	`4`
Address	`0xf210`

_IsExceptionObjectToBeDestroyed

Ordinal	`5`
Address	`0x2d50`

_NLG_Dispatch2

Ordinal	`6`
Address	`0xba53`

_NLG_Return

Ordinal	`7`
Address	`0xdd57`

_NLG_Return2

Ordinal	`8`
Address	`0xba5d`

_SetWinRTOutOfMemoryExceptionCallback

Ordinal	`9`
Address	`0x2c90`

__AdjustPointer

Ordinal	`10`
Address	`0x2b40`

__BuildCatchObject

Ordinal	`11`
Address	`0x3a30`

__BuildCatchObjectHelper

Ordinal	`12`
Address	`0x3900`

__CxxDetectRethrow

Ordinal	`13`
Address	`0x3e40`

__CxxExceptionFilter

Ordinal	`14`
Address	`0x3c10`

__CxxFrameHandler

Ordinal	`15`
Address	`0xf300`

__CxxFrameHandler2

Ordinal	`16`
Address	`0xf300`

__CxxFrameHandler3

Ordinal	`17`
Address	`0xf300`

__CxxLongjmpUnwind

Ordinal	`18`
Address	`0xf340`

__CxxQueryExceptionSize

Ordinal	`19`
Address	`0x4020`

__CxxRegisterExceptionObject

Ordinal	`20`
Address	`0x3d70`

__CxxUnregisterExceptionObject

Ordinal	`21`
Address	`0x3ea0`

__DestructExceptionObject

Ordinal	`22`
Address	`0x2cb0`

__FrameUnwindFilter

Ordinal	`23`
Address	`0x2c30`

__GetPlatformExceptionInfo

Ordinal	`24`
Address	`0x2b70`

__RTCastToVoid

Ordinal	`25`
Address	`0x4070`

__RTDynamicCast

Ordinal	`26`
Address	`0x41b0`

__RTtypeid

Ordinal	`27`
Address	`0x4130`

__TypeMatch

Ordinal	`28`
Address	`0x34d0`

__current_exception

Ordinal	`29`
Address	`0x2bd0`

__current_exception_context

Ordinal	`30`
Address	`0x2bf0`

__intrinsic_setjmp

Ordinal	`31`
Address	`0xb850`

__processing_throw

Ordinal	`32`
Address	`0x2c10`

__report_gsfailure

Ordinal	`33`
Address	`0xf830`

__std_exception_copy

Ordinal	`34`
Address	`0x46a0`

__std_exception_destroy

Ordinal	`35`
Address	`0x4710`

__std_terminate

Ordinal	`36`
Address	`0x2ca0`

__std_type_info_compare

Ordinal	`37`
Address	`0x4730`

__std_type_info_destroy_list

Ordinal	`38`
Address	`0x4890`

__std_type_info_hash

Ordinal	`39`
Address	`0x4770`

__std_type_info_name

Ordinal	`40`
Address	`0x47a0`

__telemetry_main_invoke_trigger

Ordinal	`41`
Address	`0x26a0`

__telemetry_main_return_trigger

Ordinal	`42`
Address	`0x26a0`

__unDName

Ordinal	`43`
Address	`0x4fe0`

__unDNameEx

Ordinal	`44`
Address	`0x5010`

__uncaught_exception

Ordinal	`45`
Address	`0x4930`

__uncaught_exceptions

Ordinal	`46`
Address	`0x4950`

__vcrt_GetModuleFileNameW

Ordinal	`47`
Address	`0x4e80`

__vcrt_GetModuleHandleW

Ordinal	`48`
Address	`0x4ea0`

__vcrt_InitializeCriticalSectionEx

Ordinal	`49`
Address	`0x4e30`

__vcrt_LoadLibraryExW

Ordinal	`50`
Address	`0x4eb0`

_chkesp

Ordinal	`51`
Address	`0xbc50`

_except_handler2

Ordinal	`52`
Address	`0xb418`

_except_handler3

Ordinal	`53`
Address	`0xb4e8`

_except_handler4_common

Ordinal	`54`
Address	`0xbaf0`

_get_purecall_handler

Ordinal	`55`
Address	`0x4f40`

_get_unexpected

Ordinal	`56`
Address	`0x4960`

_global_unwind2

Ordinal	`57`
Address	`0xb920`

_is_exception_typeof

Ordinal	`58`
Address	`0x2d80`

_local_unwind2

Ordinal	`59`
Address	`0xb986`

_local_unwind4

Ordinal	`60`
Address	`0xb620`

_longjmpex

Ordinal	`61`
Address	`0xb910`

_purecall

Ordinal	`62`
Address	`0x4ed0`

_seh_longjmp_unwind4

Ordinal	`63`
Address	`0xb6f8`

_seh_longjmp_unwind

Ordinal	`64`
Address	`0xb5f4`

_set_purecall_handler

Ordinal	`65`
Address	`0x4f00`

_set_se_translator

Ordinal	`66`
Address	`0x49e0`

_setjmp3

Ordinal	`67`
Address	`0xb890`

longjmp

Ordinal	`68`
Address	`0x2700`

memchr

Ordinal	`69`
Address	`0xdd80`

memcmp

Ordinal	`70`
Address	`0xc110`

memcpy

Ordinal	`71`
Address	`0xde30`

memmove

Ordinal	`72`
Address	`0xe3b0`

memset

Ordinal	`73`
Address	`0xe930`

set_unexpected

Ordinal	`74`
Address	`0x4980`

strchr

Ordinal	`75`
Address	`0xea90`

strrchr

Ordinal	`76`
Address	`0xebc0`

strstr

Ordinal	`77`
Address	`0xed00`

unexpected

Ordinal	`78`
Address	`0x49b0`

wcschr

Ordinal	`79`
Address	`0x2740`

wcsrchr

Ordinal	`80`
Address	`0x2800`

wcsstr

Ordinal	`81`
Address	`0x28b0`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48951`
MD5	`edf39c4e49cd68205af6968d13dfea54`
SHA1	`fc9a21a3f92bcb8f62f0349595071d91581dcf60`
SHA256	`a15dbe5e49ac6a9efa87f903836e4d0f6b211a7f3fce9a3689a66fba7e98c685`
SHA3	`7f13d0b7bcb3ea61a582272f5c76cf78327e36027df41ac0f4bcc88de788a8b0`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	14.14.26405.0
ProductVersion	14.14.26405.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Microsoft® C Runtime Library
FileVersion (#2)	14.14.26405.0 built by: VCTOOLSREL
InternalName	vcruntime140.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	vcruntime140.dll
ProductName	Microsoft® Visual Studio® 2017
ProductVersion (#2)	14.14.26405.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Apr-05 05:10:46
Version	`0.0`
SizeofData	`46`
AddressOfRawData	`0x24dc`
PointerToRawData	`0x18dc`
Referenced File	vcruntime140.i386.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Apr-05 05:10:46
Version	`0.0`
SizeofData	`396`
AddressOfRawData	`0x250c`
PointerToRawData	`0x190c`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10011010`
SEHandlerTable	`0x100024c0`
SEHandlerCount	`7`
GuardCFCheckFunctionPointer	`268509364`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x3ad28064`
Unmarked objects	`0`
239 (40116)	`2`
Imports (VS2008 SP1 build 30729)	`11`
Total imports	`40`
C objects (VS2017 v15.6.6 compiler 26131)	`15`
ASM objects (VS2017 v15.6.6 compiler 26131)	`19`
C++ objects (VS2017 v15.6.6 compiler 26131)	`4`
264 (VS2017 v15.6.6 compiler 26131)	`27`
Exports (VS2017 v15.6.6 compiler 26131)	`1`
Resource objects (VS2017 v15.6.6 compiler 26131)	`1`
Linker (VS2017 v15.6.6 compiler 26131)	`1`