Manalyze report for ac7a2d874e9c7d7b8a410b08724024fd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Mar-22 22:12:24
Detected languages	English - United States
Debug artifacts	C:\agent\_work\36\s\wix\build\ship\x64\SfxCA.pdb
CompanyName	.NET Foundation
FileDescription	DTF Self-Extracting Custom Action
FileVersion	`3.14.1.8722`
InternalName	SfxCA
LegalCopyright	Copyright (c) .NET Foundation and contributors. All rights reserved.
OriginalFilename	SfxCA.dll
ProductName	Windows Installer XML Toolset
ProductVersion	`3.14.1.8722`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe`
Suspicious	The PE is possibly packed.	`Unusual section name found: .gxfg` `Unusual section name found: .gehcont`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Possibly launches other programs: CreateProcessW`
Malicious	The file contains overlay data.	`469423 bytes of data starting at offset 0x39e00.` `The file contains a CAB Installer file after the PE data.`
Suspicious	VirusTotal score: 1/71 (Scanned on 2026-02-03 17:01:22)	`Gridinsoft: Trojan.Win64.Vigorf.oa!s1`

Hashes

MD5	`ac7a2d874e9c7d7b8a410b08724024fd`
SHA1	`f3d4f61fdb47d77577c8a9924f40e4f557af7f18`
SHA256	`1c982dd354fe84bb682e00d63dc843719f4d4ad2c545c330283ef5142d1cc1d4`
SHA3	`803dd1eda65bd8eeef7d42df63d073b90aa591604a300b4762cd2009c9e0db7e`
SSDeep	`12288:+PVdJDcpje+zmb/mE1N/cyL0bhNPLbkAmek8H/WMdPDZ7C4zkG2Ej:+dPfbpN/c5bXPflmp6ZPDZm4r`
Imports Hash	`9ae254c28ec6f2ab58abe8916d1decdb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2024-Mar-22 22:12:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1b400`
SizeOfInitializedData	`0x1e600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000054BC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x40000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`49ea06e230ee2a2e3119230628663309`
SHA1	`2b8e5a4d2009d63bc80201699905141b31024289`
SHA256	`f6cf5edad50cb2abeea9abf081bdf043989d0a9f4532b3c7aaa947f59bbf8550`
SHA3	`39a99082b711b5f7380ac54eed4aeadbf33e39b1d9a89e0ce54387a7964416a2`
VirtualSize	`0x1b2d0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1b400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4987`

.rdata

MD5	`538da5abeaedb87c33973949811b5b49`
SHA1	`3752f10d724f4dd2ab2715401c182a5dfacace4d`
SHA256	`e0c2fc304bace6d6e7f45532aca242aad8cb66cc75083d4227732548c1b9bbec`
SHA3	`65ce81e4ec21c824c7d528e86ee1bcb32615cef4e362d8cee63aed33f0678f32`
VirtualSize	`0x197a4`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x19800`
PointerToRawData	`0x1b800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.85008`

.data

MD5	`677f6eb5af11c0fabbc7cc75a3520a70`
SHA1	`5ad745853067fa88cdf7ab066015020b808ac097`
SHA256	`698108a22f9b64e3ea264eb29bd54d41735b81495aef1e4bbdc568a559e22115`
SHA3	`91322ee508d56203b83ae9d06a19298e5bb0708edd1c54e7123b1d32ca1a6b68`
VirtualSize	`0x1d70`
VirtualAddress	`0x37000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x35000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.15306`

.pdata

MD5	`c0d827474755204aaeccf6c0e13d2e4c`
SHA1	`5f8ad632ab9c64962ebd0469e439e66ee890e1e7`
SHA256	`9b7878b93eadbad6b68fb40b3263119c1c60ac401da561337d070fb51bf3cb99`
SHA3	`8bdcf2b3254a332e6949a531406fcfd05229c8b0e26f37b7a1db6890c208bfeb`
VirtualSize	`0x1668`
VirtualAddress	`0x39000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x35c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.99005`

.gxfg

MD5	`30ebe4bf69c5c6950b626f6c399a7180`
SHA1	`2ecd6fc48f4f1e69584893e79dedfbd1d34a8673`
SHA256	`6f1f1965b60dfbc1c039d01b57e1c1e75522030b11569a19aec4cc2e0bf09e52`
SHA3	`63ea4a67a6b2c2c6140723e126375c12784a37ef410d48dc5a07405a94778305`
VirtualSize	`0x1600`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x37400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.15789`

.gehcont

MD5	`d65f52ec5cca347fc256bef9112b8cec`
SHA1	`6601cd6e3686062648ea9a3b9992793486aea5e8`
SHA256	`b2b42021c37cb4b4cdd83a3145e08244cba2eeacaae780c3cd5a95ce165a6250`
SHA3	`37bccd97c22cb4ca6f805b09e03a63316f502c4dd60faee44f4c1da3a502908c`
VirtualSize	`0x10`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x38a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

.rsrc

MD5	`9f679b63a572b7bb8fc4205a77668879`
SHA1	`ab8b8742c033f60797708d5a6d5d877b8f3b5cf7`
SHA256	`3c18a9ea316e1faaf193f901b6ef8e13c5e77479af835410f9f3ad295786802d`
SHA3	`aef0cc1e6e8dc9edc5f8632457fa6eaa6559328bc35fb52333fa18a3bc890b9c`
VirtualSize	`0x934`
VirtualAddress	`0x3e000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x38c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.24976`

.reloc

MD5	`0b418768d545bc99f276f17a796f919c`
SHA1	`4b91bfe8ef2090a0f1e8fbed7da663e067595420`
SHA256	`348777f37843a44728ad1dfb66d1026ea6ea85f35e83616a9424b5ae8b7abe07`
SHA3	`da5d87ca88516d2d8d5f470538c554a5ccc6ff8685c59f6fa9537fb21e24f3b2`
VirtualSize	`0x684`
VirtualAddress	`0x3f000`
SizeOfRawData	`0x800`
PointerToRawData	`0x39600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.95847`

Imports

msi.dll	`#32` `#48` `#142` `#147` `#80` `#76` `#62` `#140` `#221` `#54` `#135` `#51` `#207` `#139` `#58` `#47` `#103` `#133` `#34` `#171` `#143` `#64` `#63` `#74` `#145` `#49` `#167` `#120` `#123` `#115` `#118` `#116` `#125` `#121` `#114` `#119` `#17` `#150` `#78` `#165` `#26` `#166` `#163` `#160` `#159` `#162` `#8`
Cabinet.dll	`#22` `#21` `#20` `#23`
SHLWAPI.dll	`PathFileExistsW`
OLEAUT32.dll	`SysAllocString` `VariantInit` `SafeArrayCreateVector` `SafeArrayPutElement` `SafeArrayDestroy` `SysFreeString`
KERNEL32.dll	`WriteConsoleW` `GetStringTypeW` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindFirstFileExW` `WideCharToMultiByte` `GetStdHandle` `SetEndOfFile` `SetStdHandle` `HeapSize` `LCMapStringW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `HeapAlloc` `HeapFree` `GetModuleHandleExW` `ExitProcess` `GetConsoleOutputCP` `ReadConsoleW` `GetConsoleMode` `SetFilePointerEx` `GetFileType` `EncodePointer` `LoadLibraryExW` `HeapReAlloc` `FlushFileBuffers` `GetSystemDirectoryW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `SetLastError` `GetLastError` `FreeLibrary` `GetProcAddress` `LoadLibraryW` `CreateDirectoryW` `MultiByteToWideChar` `CreateFileW` `ReadFile` `WriteFile` `CloseHandle` `ConnectNamedPipe` `DisconnectNamedPipe` `CreateNamedPipeW` `WaitNamedPipeW` `GetOverlappedResult` `CancelIo` `SetEvent` `ResetEvent` `WaitForSingleObject` `CreateEventW` `WaitForMultipleObjects` `GetExitCodeProcess` `CreateThread` `CreateProcessW` `GetTickCount` `GetModuleFileNameW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `RemoveDirectoryW` `InterlockedFlushSList` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException`

Delayed Imports

Ordinal	`1`
Address	`0x384c`

(#2)

Ordinal	`2`
Address	`0x385c`

(#3)

Ordinal	`3`
Address	`0x386c`

(#4)

Ordinal	`4`
Address	`0x387c`

(#5)

Ordinal	`5`
Address	`0x388c`

(#6)

Ordinal	`6`
Address	`0x389c`

(#7)

Ordinal	`7`
Address	`0x38ac`

(#8)

Ordinal	`8`
Address	`0x38bc`

(#9)

Ordinal	`9`
Address	`0x38cc`

(#10)

Ordinal	`10`
Address	`0x38dc`

(#11)

Ordinal	`11`
Address	`0x38ec`

(#12)

Ordinal	`12`
Address	`0x38fc`

(#13)

Ordinal	`13`
Address	`0x390c`

(#14)

Ordinal	`14`
Address	`0x391c`

(#15)

Ordinal	`15`
Address	`0x392c`

(#16)

Ordinal	`16`
Address	`0x393c`

(#17)

Ordinal	`17`
Address	`0x394c`

(#18)

Ordinal	`18`
Address	`0x395c`

(#19)

Ordinal	`19`
Address	`0x396c`

(#20)

Ordinal	`20`
Address	`0x397c`

(#21)

Ordinal	`21`
Address	`0x398c`

(#22)

Ordinal	`22`
Address	`0x399c`

(#23)

Ordinal	`23`
Address	`0x39ac`

(#24)

Ordinal	`24`
Address	`0x39bc`

(#25)

Ordinal	`25`
Address	`0x39cc`

(#26)

Ordinal	`26`
Address	`0x39dc`

(#27)

Ordinal	`27`
Address	`0x39ec`

(#28)

Ordinal	`28`
Address	`0x39fc`

(#29)

Ordinal	`29`
Address	`0x3a0c`

(#30)

Ordinal	`30`
Address	`0x3a1c`

(#31)

Ordinal	`31`
Address	`0x3a2c`

(#32)

Ordinal	`32`
Address	`0x3a3c`

(#33)

Ordinal	`33`
Address	`0x3a4c`

(#34)

Ordinal	`34`
Address	`0x3a5c`

(#35)

Ordinal	`35`
Address	`0x3a6c`

(#36)

Ordinal	`36`
Address	`0x3a7c`

(#37)

Ordinal	`37`
Address	`0x3a8c`

(#38)

Ordinal	`38`
Address	`0x3a9c`

(#39)

Ordinal	`39`
Address	`0x3aac`

(#40)

Ordinal	`40`
Address	`0x3abc`

(#41)

Ordinal	`41`
Address	`0x3acc`

(#42)

Ordinal	`42`
Address	`0x3adc`

(#43)

Ordinal	`43`
Address	`0x3aec`

(#44)

Ordinal	`44`
Address	`0x3afc`

(#45)

Ordinal	`45`
Address	`0x3b0c`

(#46)

Ordinal	`46`
Address	`0x3b1c`

(#47)

Ordinal	`47`
Address	`0x3b2c`

(#48)

Ordinal	`48`
Address	`0x3b3c`

(#49)

Ordinal	`49`
Address	`0x3b4c`

(#50)

Ordinal	`50`
Address	`0x3b5c`

(#51)

Ordinal	`51`
Address	`0x3b6c`

(#52)

Ordinal	`52`
Address	`0x3b7c`

(#53)

Ordinal	`53`
Address	`0x3b8c`

(#54)

Ordinal	`54`
Address	`0x3b9c`

(#55)

Ordinal	`55`
Address	`0x3bac`

(#56)

Ordinal	`56`
Address	`0x3bbc`

(#57)

Ordinal	`57`
Address	`0x3bcc`

(#58)

Ordinal	`58`
Address	`0x3bdc`

(#59)

Ordinal	`59`
Address	`0x3bec`

(#60)

Ordinal	`60`
Address	`0x3bfc`

(#61)

Ordinal	`61`
Address	`0x3c0c`

(#62)

Ordinal	`62`
Address	`0x3c1c`

(#63)

Ordinal	`63`
Address	`0x3c2c`

(#64)

Ordinal	`64`
Address	`0x3c3c`

(#65)

Ordinal	`65`
Address	`0x3c4c`

(#66)

Ordinal	`66`
Address	`0x3c5c`

(#67)

Ordinal	`67`
Address	`0x3c6c`

(#68)

Ordinal	`68`
Address	`0x3c7c`

(#69)

Ordinal	`69`
Address	`0x3c8c`

(#70)

Ordinal	`70`
Address	`0x3c9c`

(#71)

Ordinal	`71`
Address	`0x3cac`

(#72)

Ordinal	`72`
Address	`0x3cbc`

(#73)

Ordinal	`73`
Address	`0x3ccc`

(#74)

Ordinal	`74`
Address	`0x3cdc`

(#75)

Ordinal	`75`
Address	`0x3cec`

(#76)

Ordinal	`76`
Address	`0x3cfc`

(#77)

Ordinal	`77`
Address	`0x3d0c`

(#78)

Ordinal	`78`
Address	`0x3d1c`

(#79)

Ordinal	`79`
Address	`0x3d2c`

(#80)

Ordinal	`80`
Address	`0x3d3c`

(#81)

Ordinal	`81`
Address	`0x3d4c`

(#82)

Ordinal	`82`
Address	`0x3d5c`

(#83)

Ordinal	`83`
Address	`0x3d6c`

(#84)

Ordinal	`84`
Address	`0x3d7c`

(#85)

Ordinal	`85`
Address	`0x3d8c`

(#86)

Ordinal	`86`
Address	`0x3d9c`

(#87)

Ordinal	`87`
Address	`0x3dac`

(#88)

Ordinal	`88`
Address	`0x3dbc`

(#89)

Ordinal	`89`
Address	`0x3dcc`

(#90)

Ordinal	`90`
Address	`0x3ddc`

(#91)

Ordinal	`91`
Address	`0x3dec`

(#92)

Ordinal	`92`
Address	`0x3dfc`

(#93)

Ordinal	`93`
Address	`0x3e0c`

(#94)

Ordinal	`94`
Address	`0x3e1c`

(#95)

Ordinal	`95`
Address	`0x3e2c`

(#96)

Ordinal	`96`
Address	`0x3e3c`

(#97)

Ordinal	`97`
Address	`0x3e4c`

(#98)

Ordinal	`98`
Address	`0x3e5c`

(#99)

Ordinal	`99`
Address	`0x3e6c`

(#100)

Ordinal	`100`
Address	`0x3e7c`

(#101)

Ordinal	`101`
Address	`0x3e8c`

(#102)

Ordinal	`102`
Address	`0x3e9c`

(#103)

Ordinal	`103`
Address	`0x3eac`

(#104)

Ordinal	`104`
Address	`0x3ebc`

(#105)

Ordinal	`105`
Address	`0x3ecc`

(#106)

Ordinal	`106`
Address	`0x3edc`

(#107)

Ordinal	`107`
Address	`0x3eec`

(#108)

Ordinal	`108`
Address	`0x3efc`

(#109)

Ordinal	`109`
Address	`0x3f0c`

(#110)

Ordinal	`110`
Address	`0x3f1c`

(#111)

Ordinal	`111`
Address	`0x3f2c`

(#112)

Ordinal	`112`
Address	`0x3f3c`

(#113)

Ordinal	`113`
Address	`0x3f4c`

(#114)

Ordinal	`114`
Address	`0x3f5c`

(#115)

Ordinal	`115`
Address	`0x3f6c`

(#116)

Ordinal	`116`
Address	`0x3f7c`

(#117)

Ordinal	`117`
Address	`0x3f8c`

(#118)

Ordinal	`118`
Address	`0x3f9c`

(#119)

Ordinal	`119`
Address	`0x3fac`

(#120)

Ordinal	`120`
Address	`0x3fbc`

(#121)

Ordinal	`121`
Address	`0x3fcc`

(#122)

Ordinal	`122`
Address	`0x3fdc`

(#123)

Ordinal	`123`
Address	`0x3fec`

(#124)

Ordinal	`124`
Address	`0x3ffc`

(#125)

Ordinal	`125`
Address	`0x400c`

(#126)

Ordinal	`126`
Address	`0x401c`

(#127)

Ordinal	`127`
Address	`0x402c`

(#128)

Ordinal	`128`
Address	`0x403c`

(#129)

Ordinal	`129`
Address	`0x4984`

(#130)

Ordinal	`130`
Address	`0x4a8c`

(#131)

Ordinal	`131`
Address	`0x4de0`

(#132)

Ordinal	`132`
Address	`0x4060`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40537`
MD5	`d02e6ad0f9922671136208565aa49e07`
SHA1	`0c6d35c299d51ab8cb68a3c40e2b1dcb983cbbae`
SHA256	`74e0800863aad882fb58631ea960dba0de7fec0a28a9efaa5bce4f18404dd24f`
SHA3	`893af950c5e7632b7623effcf5d7dea44f468949523de4e877644effc4184474`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x370`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52227`
MD5	`86efc41f2ab6b47b36e42ea67d4b6967`
SHA1	`2bfa9802d94e37c4f11dbb15679dbae22c565644`
SHA256	`d545d66066c1dbf0d895526a53a4d816b6e5bf1a3ffea3c00756cca322dfc317`
SHA3	`32053c35d8896995a01230d33292bc6b8748ab5e9890ca998d77f25340b53ae5`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Mar-22 22:12:24
Version	`0.0`
SizeofData	`73`
AddressOfRawData	`0x317ec`
PointerToRawData	`0x2ffec`
Referenced File	C:\agent\_work\36\s\wix\build\ship\x64\SfxCA.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Mar-22 22:12:24
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x31838`
PointerToRawData	`0x30038`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Mar-22 22:12:24
Version	`0.0`
SizeofData	`728`
AddressOfRawData	`0x3184c`
PointerToRawData	`0x3004c`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180037008`

RICH Header

XOR Key	`0xdd7b741d`
Unmarked objects	`0`
C++ objects (28900)	`139`
ASM objects (28900)	`6`
C objects (28900)	`11`
C objects (VS 2015/2017 runtime 26706)	`14`
ASM objects (VS 2015/2017 runtime 26706)	`8`
C++ objects (VS 2015/2017 runtime 26706)	`36`
Imports (28900)	`11`
Total imports	`169`
C++ objects (27051)	`7`
Exports (27051)	`1`
Resource objects (27051)	`1`
151	`1`
Linker (27051)	`1`

Errors

[!] Error: Could not match an export name with its address!
[*] Warning: Multiple nodes using the name Version Info in a dictionary.