Manalyze report for ad2bcce5e7d04ca62d4b84e09fc50dc4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2087-Jul-22 17:17:47
Detected languages	English - United States
Debug artifacts	wdapp.pdb
CompanyName	Microsoft Corporation
FileDescription	Windows Device Application Management
FileVersion	`10.0.22000.4429 (WinBuild.160101.0800)`
InternalName	WdApp.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	WdApp.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.22000.4429`

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: http://schemas.microsoft.com http://schemas.microsoft.com/appx/manifest/desktop/windows10 http://schemas.microsoft.com/appx/manifest/desktop/windows10/6 http://schemas.microsoft.com/appx/manifest/foundation/windows10 http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities http://schemas.microsoft.com/appx/manifest/foundation/windows10/windowscapabilities http://schemas.microsoft.com/appx/manifest/uap/windows10 http://schemas.microsoft.com/appx/manifest/uap/windows10/3 http://schemas.microsoft.com/appx/manifest/uap/windows10/4 http://www.w3.org http://www.w3.org/2001/XMLSchema microsoft.com schemas.microsoft.com www.w3.org
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegQueryValueExW RegCloseKey RegGetValueW RegEnumValueW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Interacts with services: QueryServiceStatusEx OpenServiceW OpenSCManagerW`
Safe	VirusTotal score: 0/73 (Scanned on 2024-09-30 16:19:35)	`All the AVs think this file is safe.`

Hashes

MD5	`ad2bcce5e7d04ca62d4b84e09fc50dc4`
SHA1	`71067eae6973fdf80349b909d5d99a7b33e8d022`
SHA256	`defd54ba0e867fce8e0eaec3aa56c4f8ab51af5bada941d765a8de7587f2570a`
SHA3	`a9cbdf63269e045a9363f6016d20d452f2d1cf0e2677819c15220c8b115dbd53`
SSDeep	`6144:sk6ivZRKCdHGHMIOJXDWDZUXVLBbrM6Sa8qe8Qx0Y0QYqNIACb:Rb2CtGHdEDWDmcmZO`
Imports Hash	`e710ad97854f6253edd6641440c737b6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2087-Jul-22 17:17:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x33000`
SizeOfInitializedData	`0x29000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000002FA60 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x5d000`
SizeOfHeaders	`0x1000`
Checksum	`0x66809`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e7a95900300aa2c11c4213974f5fd800`
SHA1	`223f0c630e2a28a453b134bf0fa44ebcf04147df`
SHA256	`a3429f41553a181493a5b6179e489db6bbb3b8d2d01a294dc54b2e0cd74b63ea`
SHA3	`f53d2780bc3fd5c62c93daf684d715c98d5362f6ae1d63c6a56de9431c6e5301`
VirtualSize	`0x329ec`
VirtualAddress	`0x1000`
SizeOfRawData	`0x33000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43969`

.rdata

MD5	`167b1d3cd2c7b26fdbfcb30d0451c2f3`
SHA1	`98597c4a16129feeecfd4b865072b955c7bd0fae`
SHA256	`1b25e7de13172f7c361eacc156799925af33934b446d227d4701d4b19c78f076`
SHA3	`c8d199b1eac974cc4b8cceeb92f0ae6c0bf1343c15940c613ce6b33e2740f80e`
VirtualSize	`0x163ba`
VirtualAddress	`0x34000`
SizeOfRawData	`0x17000`
PointerToRawData	`0x34000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.13534`

.data

MD5	`6c1170df3d85ec963143d66440877f6a`
SHA1	`fe4571867b01d9570b39decc34b6703869671650`
SHA256	`7e0436db2e86087052c67c46b2ed9b30de94e38729021d2c8cb8fb8473ee60c6`
SHA3	`47a4505f82a24ad9f118ab2d4cbd93f446f1e56b33207a0797cd4d49c248d6f2`
VirtualSize	`0x7658`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x4b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.161701`

.pdata

MD5	`b2c9da99b71f30c2fce31c4cea9c500e`
SHA1	`4ed830ebfa6afeaf549139d6d9d31d2805532b8c`
SHA256	`7cd3ee7fa9f9baf9e9929591e4c581f317cc5436297ea89083d3d75e3820c5ce`
SHA3	`9b8ee513c3981f7b4b2b8b6f7624fbe28c436883625f6e715bf788d83d06a13c`
VirtualSize	`0x1950`
VirtualAddress	`0x53000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x52000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.68532`

.rsrc

MD5	`583a36072c24a9045c2862fb34c75d15`
SHA1	`442010ab4c0317a0a75e7944c37d34ddcd18af85`
SHA256	`424338ca3d2358e6825614b94222c6f4665addca9340bfde84e40ae421fd1fc6`
SHA3	`36a20d7bb5ff026e4dfadd8eefa560b4dd84379e89e17b8a4a951dd097950a2a`
VirtualSize	`0x6ae8`
VirtualAddress	`0x55000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x54000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.95985`

.reloc

MD5	`cbdd60bc3426c13f1e0a34a75d1e70a7`
SHA1	`df7c700675cd85cb7aa0e058a0745ca516bad405`
SHA256	`61ed9f886078371c013869179894461a4814b6d535edd518e7bba03cb065efa3`
SHA3	`8b25e4e29de36da3822c0fb15fb36a18574d4d027d1d997b47bd5d55d871c529`
VirtualSize	`0x2b4`
VirtualAddress	`0x5c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.49993`

Imports

KERNEL32.dll	`OutputDebugStringW` `WaitForSingleObjectEx` `OpenSemaphoreW` `CloseHandle` `HeapAlloc` `GetProcAddress` `CreateMutexExW` `GetCurrentProcessId` `GetProcessHeap` `GetModuleHandleW` `DebugBreak` `IsDebuggerPresent` `CreateFileW` `DeviceIoControl` `RaiseException` `LocalFree` `GetLastError` `GetVolumeNameForVolumeMountPointW` `DeleteFileW` `LoadLibraryExW` `DeleteCriticalSection` `InitializeCriticalSectionEx` `LeaveCriticalSection` `EnterCriticalSection` `Sleep` `CreateEventW` `GetTickCount64` `SetEvent` `GetFullPathNameW` `GetFileAttributesW` `SetConsoleCtrlHandler` `OpenPackageInfoByFullName` `GetPackageApplicationIds` `ClosePackageInfo` `FormatMessageW` `ReleaseMutex` `GetCurrentThreadId` `WaitForSingleObject` `GetModuleHandleExW` `ReleaseSemaphore` `SetLastError` `HeapFree` `CreateSemaphoreExW` `LocalAlloc` `GetModuleFileNameA` `FreeLibraryAndExitThread` `CreateThread` `WaitForMultipleObjectsEx` `FreeLibrary` `AcquireSRWLockShared` `AcquireSRWLockExclusive` `ReleaseSRWLockShared` `ReleaseSRWLockExclusive` `CreateProcessW` `CopyFileW` `GetTempPathW` `CreateEventExW` `LockResource` `SizeofResource` `LoadResource` `FindResourceW`
msvcrt.dll	`_onexit` `??1type_info@@UEAA@XZ` `__CxxFrameHandler3` `_vsnwprintf` `memcpy_s` `??3@YAXPEAX@Z` `_itow_s` `__dllonexit` `?terminate@@YAXXZ` `_commode` `_exit` `exit` `_fmode` `__set_app_type` `__wgetmainargs` `__C_specific_handler` `_initterm` `__setusermatherr` `iswalnum` `_wsetlocale` `_XcptFilter` `__crtLCMapStringW` `_amsg_exit` `_cexit` `abort` `_wcsdup` `memset` `__uncaught_exception` `calloc` `__pctype_func` `_ismbblead` `___lc_codepage_func` `___lc_handle_func` `_errno` `___mb_cur_max_func` `_unlock` `_lock` `setlocale` `memmove` `memcpy` `_CxxThrowException` `??0exception@@QEAA@AEBQEBDH@Z` `_callnewh` `??0bad_cast@@QEAA@PEBD@Z` `??1bad_cast@@UEAA@XZ` `??0bad_cast@@QEAA@AEBV0@@Z` `??0exception@@QEAA@AEBQEBD@Z` `?what@exception@@UEBAPEBDXZ` `??_V@YAXPEAX@Z` `wcscpy_s` `fflush` `wcschr` `toupper` `_wcsnicmp` `free` `malloc` `_wcsicmp` `vswprintf_s` `wcsnlen` `wprintf` `_vsnprintf_s` `??0exception@@QEAA@AEBV0@@Z` `??0exception@@QEAA@XZ` `memcmp` `??1exception@@UEAA@XZ` `_purecall` `iswdigit` `iswalpha`
ntdll.dll	`RtlCaptureContext` `RtlSubscribeWnfStateChangeNotification` `RtlQueryWnfStateData` `RtlUnsubscribeWnfStateChangeNotification` `RtlLookupFunctionEntry` `RtlVirtualUnwind`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsConcatString` `WindowsDuplicateString` `WindowsIsStringEmpty` `WindowsCreateStringReference` `WindowsGetStringRawBuffer` `WindowsDeleteString` `WindowsCreateString`
api-ms-win-core-com-l1-1-0.dll	`CoTaskMemAlloc` `CoCreateInstance` `StringFromGUID2` `IIDFromString` `CoTaskMemFree` `CLSIDFromString`
api-ms-win-core-winrt-l1-1-0.dll	`RoGetActivationFactory` `RoActivateInstance` `RoInitialize` `RoUninitialize`
api-ms-win-core-string-l1-1-0.dll	`MultiByteToWideChar` `WideCharToMultiByte` `GetStringTypeW`
api-ms-win-core-util-l1-1-0.dll	`DecodePointer` `EncodePointer`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `SetUnhandledExceptionFilter`
api-ms-win-core-processthreads-l1-1-0.dll	`TerminateProcess` `GetCurrentProcess`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTimeAsFileTime` `GetTickCount`
SHLWAPI.dll	`PathIsURLW` `SHCreateStreamOnFileEx` `SHCreateStreamOnFileW`
api-ms-win-appmodel-unlock-l1-1-0.dll	`IsDeveloperModeEnabled`
XSAPI.dll	`XsReadXvcInfoXVD`
ADVAPI32.dll	`NotifyServiceStatusChangeW` `QueryServiceStatusEx` `OpenServiceW` `OpenSCManagerW` `CloseServiceHandle` `RegQueryValueExW` `RegCloseKey` `RegGetValueW` `RegEnumValueW` `RegOpenKeyExW`
OLEAUT32.dll	`SysFreeString` `SysAllocStringLen` `VariantClear` `VariantInit` `SysStringLen`
api-ms-win-core-winrt-error-l1-1-0.dll	`SetRestrictedErrorInfo`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoGetMatchingRestrictedErrorInfo`
XmlLite.dll	`CreateXmlWriter`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51212`
MD5	`38a19ddaa172802655f7fe71b86e00d0`
SHA1	`7d4f988c84316ca7d2dc86e960d8bbbe903b4379`
SHA256	`4bcada9c71dd7055b7003262ee57ff3a4861e8f0d938faaf3ffabd660152db3c`
SHA3	`ca168cf7a191231daa516b0268953329c9cf9052b783e803e3534730f3705172`

107

Type	`UNKNOWN`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6695`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89146`
MD5	`f05cd0702b67ea6c3265740ef526bdba`
SHA1	`d64aa701f867ba573f73665096a590b9e3c81a80`
SHA256	`f34f663ce667c80f80c3acdfc6c1c1a2e7679e6c4094089dd44c1295be6b2620`
SHA3	`d9a3ba8b6be43d12cd4c525598ebbaaa0053675986989c03a50302b289aea352`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.22000.4429
ProductVersion	10.0.22000.4429
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows Device Application Management
FileVersion (#2)	10.0.22000.4429 (WinBuild.160101.0800)
InternalName	WdApp.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	WdApp.exe
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.22000.4429

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2087-Jul-22 17:17:47
Version	`0.0`
SizeofData	`34`
AddressOfRawData	`0x41dac`
PointerToRawData	`0x41dac`
Referenced File	wdapp.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2087-Jul-22 17:17:47
Version	`0.0`
SizeofData	`672`
AddressOfRawData	`0x41dd0`
PointerToRawData	`0x41dd0`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2087-Jul-22 17:17:47
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x42070`
PointerToRawData	`0x42070`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14004b230`
GuardCFCheckFunctionPointer	`5368927616`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x32c59ff8`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`28`
ASM objects (29395)	`4`
C++ objects (29395)	`24`
C objects (29395)	`68`
Imports (29395)	`15`
Total imports	`218`
C++ objects (LTCG) (29395)	`23`
Resource objects (29395)	`1`
Linker (29395)	`1`

ad2bcce5e7d04ca62d4b84e09fc50dc4

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

107

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors