Manalyze report for b34cebf8a3f357a4de677aee7919c8ab

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Nov-20 12:00:11
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Run time utility for Internet Explorer
FileVersion	`8.00.7601.17514 (win7sp1_rtm.101119-1850)`
InternalName	IeRtUtil.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	IeRtUtil.dll
ProductName	Windows® Internet Explorer
ProductVersion	`8.00.7601.17514`

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegEnumKeyExW RegDeleteKeyW RegEnumValueW RegQueryInfoKeyW RegEnumKeyW RegDeleteValueW RegSetValueExW RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptAcquireContextW CryptCreateHash CryptHashData CryptGetHashParam CryptDestroyHash CryptReleaseContext` `Can create temporary files: CreateFileW GetTempPathW` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW`
Safe	VirusTotal score: 0/68 (Scanned on 2021-08-08 23:33:59)	`All the AVs think this file is safe.`

Hashes

MD5	`b34cebf8a3f357a4de677aee7919c8ab`
SHA1	`7b4e2b8a47263c1af7ab83f044fc4f25f55ea276`
SHA256	`6d524968056f045bef8df4daaaf17880f71ee412a222eba1de8fa0e5a43dd803`
SHA3	`695987369f7a32998e9fd5e5e1a408de3667b24ac7f48a53839614cc7b8ea3ed`
SSDeep	`384:ylRZhTxTyG3scAoP9PpxBlJUUYJIjMMjHHVlYuK8TgdXuP0SsTUqmHtDxqK8Wef:kRNWkbPPpPlC8jljnYITg5ukTrmJoJ`
Imports Hash	`b38f1197883395014e0f143772aab7e1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2010-Nov-20 12:00:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.1`
SizeOfCode	`0x1da400`
SizeOfInitializedData	`0x1da00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000022D9 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1df000`
ImageBase	`0x75c00000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`6.1`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1fb000`
SizeOfHeaders	`0x400`
Checksum	`0x205ff8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3e689830a2358c32d5da840c4dad46eb`
SHA1	`af99a7ac34581eb8fbf9184b7422e12452403a1b`
SHA256	`a6f5fd8e4018a6d823bea0776698076b089fd59f86a8311ae1cd52e039155fb5`
SHA3	`d82ad5ed69e32c3cd28ebb29e039e85438da0f12343056dd874ea94f3654d512`
VirtualSize	`0x1da32d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1da400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.100843`

.data

MD5	`0ebe0548ab4c4a20e914baf122d4aa8d`
SHA1	`11cc1652312095c08c0488e73203c6340cdbfa9f`
SHA256	`b0ca3d96dd6d667517734f21cbfb38f73e99c553e72ebd76a27892adbbcbae88`
SHA3	`0156e0524522a46b337fc56f79c85336c2206ceecab34c6b7f8ad0afd3365eee`
VirtualSize	`0x4208`
VirtualAddress	`0x1dc000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x1da800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.91608`

.rsrc

MD5	`4507700ef3a0cf2f152596e0d4373c3a`
SHA1	`64d60957a206ae0db259011bb102f91ad8794625`
SHA256	`b01081fabe2e6934fbb17504a5a98b73a521c7bee713e84ba419497018abfe92`
SHA3	`02ad2fb844dab0b93d0d0454170bedbef96e75c692ac589ae5d077e4fb9eaa9f`
VirtualSize	`0x550`
VirtualAddress	`0x1e1000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1dea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.08297`

.reloc

MD5	`4c6426ac7ef186464ecbb0d81cbfcb1e`
SHA1	`5a6918eebd9d635e8f632e3ef34e3792b1b5ec13`
SHA256	`f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16`
SHA3	`2eab8ce8c769418c4d1969a11ab38597b427f126638784c4ffef3095dfa33e09`
VirtualSize	`0x18e70`
VirtualAddress	`0x1e2000`
SizeOfRawData	`0x19000`
PointerToRawData	`0x1df000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

msvcrt.dll	`wcsstr` `wcsncmp` `bsearch` `wcstok` `_wcsnicmp` `iswspace` `_wtoi64` `_itow` `_vsnwprintf` `_onexit` `_lock` `__dllonexit` `_unlock` `_amsg_exit` `_initterm` `free` `malloc` `_XcptFilter` `wcstol` `_wcsicmp` `wcsrchr` `memmove` `memcpy` `memset` `wcschr` `strncat` `_wcslwr` `_strlwr` `_errno`
ntdll.dll	`RtlUnwind`
KERNEL32.dll	`GetCurrentThreadId` `SetLastError` `LocalFree` `GetTickCount` `RaiseException` `SystemTimeToFileTime` `GetSystemTime` `HeapReAlloc` `lstrlenW` `lstrlenA` `InterlockedExchange` `GetDriveTypeW` `GetVolumePathNameW` `GetLastError` `CreateFileW` `SetFileAttributesW` `GetFileAttributesW` `GetTempPathW` `GetCurrentProcess` `GetProcAddress` `GetModuleHandleW` `LocalAlloc` `OpenProcess` `GetCurrentProcessId` `GetModuleFileNameW` `GetCurrentThread` `FreeLibrary` `LoadLibraryW` `InterlockedCompareExchange` `MapViewOfFile` `CreateFileMappingW` `OpenFileMappingW` `MapViewOfFileEx` `OpenEventW` `GetVersionExA` `CreateMutexW` `DuplicateHandle` `OpenMutexW` `CreateEventW` `lstrcmpA` `MultiByteToWideChar` `CompareStringW` `WideCharToMultiByte` `Sleep` `OutputDebugStringA` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `ExpandEnvironmentStringsW` `CreateToolhelp32Snapshot` `GetModuleHandleExW` `HeapFree` `GetProcessHeap` `HeapAlloc` `InterlockedDecrement` `InterlockedIncrement` `DeleteCriticalSection` `UnmapViewOfFile` `CloseHandle` `DisableThreadLibraryCalls` `InitializeCriticalSectionAndSpinCount` `LeaveCriticalSection` `EnterCriticalSection` `CompareFileTime` `GetVersionExW` `IsWow64Process` `TlsFree` `TlsSetValue` `TlsAlloc` `TlsGetValue` `QueryPerformanceFrequency` `InterlockedExchangeAdd` `SetEvent` `DecodePointer` `EncodePointer` `InitializeCriticalSection` `ReleaseMutex` `ResumeThread` `CreateThread` `TerminateThread` `InitializeSListHead` `InterlockedFlushSList` `InterlockedPushEntrySList` `UnregisterWaitEx` `WaitForMultipleObjects` `RegisterWaitForSingleObject` `OpenThread` `CreateProcessW` `GetCurrentDirectoryW` `IsProcessInJob` `AssignProcessToJobObject` `SetInformationJobObject` `CreateJobObjectW` `GetProcessId` `IsDebuggerPresent` `ProcessIdToSessionId` `LoadLibraryA` `Process32NextW` `Process32FirstW` `WaitForSingleObject`
ADVAPI32.dll	`ConvertSidToStringSidW` `CryptAcquireContextW` `CryptCreateHash` `CryptHashData` `CryptGetHashParam` `CryptDestroyHash` `CryptReleaseContext` `TraceEvent` `RegEnumKeyExW` `RegDeleteKeyW` `RegEnumValueW` `RegQueryInfoKeyW` `RegEnumKeyW` `RegDeleteValueW` `RegSetValueExW` `ConvertStringSecurityDescriptorToSecurityDescriptorW` `RegOpenKeyExA` `RegQueryValueExA` `ReportEventW` `RegisterEventSourceA` `Dere` `#12306` `#12330` `#12350` `#12374` `#12402` `#12426` `#12436` `#12454` `#12478` `#12494` `#12516` `#12542` `#12564` `#12584` `#12606` `#12616` `#12632` `#12652` `#12676` `#12700` `#12724` `#12742` `#12760` `#12772` `#12794` `#12806` `#12832` `#12860` `#12870` `#12880` `#12894` `#12910` `#12926` `#12946` `#12964` `#12978`
SHLWAPI.dll	`#219`

Delayed Imports

IERT_DelayLoadFailureHook

Ordinal	`9`
Address	`0x1c6136`

IEGetFrameUtilExports

Ordinal	`10`
Address	`0x1c6092`

IEGetProcessModule

Ordinal	`11`
Address	`0x1c607c`

IEGetTabWindowExports

Ordinal	`12`
Address	`0x1c6087`

ResetIEExtensibility

Ordinal	`13`
Address	`0x1d1529`

ResetIERegistrySettings

Ordinal	`14`
Address	`0x1d0fdc`

DllCanUnloadNow

Ordinal	`15`
Address	`0x1c605d`

Ordinal	`16`
Address	`0x1cb761`

(#2)

Ordinal	`17`
Address	`0x14f6e7`

(#3)

Ordinal	`18`
Address	`0x1cbd2b`

(#4)

Ordinal	`19`
Address	`0x1cbdd9`

(#5)

Ordinal	`20`
Address	`0x1cbe07`

(#6)

Ordinal	`21`
Address	`0x1cbf07`

DllGetClassObject

Ordinal	`22`
Address	`0x1748bd`

ImpersonateUser

Ordinal	`23`
Address	`0x1cff0d`

(#7)

Ordinal	`24`
Address	`0x1cba3e`

(#8)

Ordinal	`25`
Address	`0x1cbf3b`

(#9)

Ordinal	`26`
Address	`0x1cb661`

(#10)

Ordinal	`27`
Address	`0x1cc7a3`

(#11)

Ordinal	`28`
Address	`0x1cd83d`

(#12)

Ordinal	`29`
Address	`0x1caa30`

(#13)

Ordinal	`30`
Address	`0x16af40`

(#14)

Ordinal	`31`
Address	`0x1cafa6`

(#15)

Ordinal	`32`
Address	`0x2add`

(#16)

Ordinal	`33`
Address	`0x16cb97`

(#17)

Ordinal	`34`
Address	`0x173114`

(#18)

Ordinal	`35`
Address	`0x146715`

(#19)

Ordinal	`36`
Address	`0x14659b`

(#20)

Ordinal	`37`
Address	`0x16e410`

(#21)

Ordinal	`38`
Address	`0x16c06d`

(#22)

Ordinal	`39`
Address	`0x16bfe8`

(#23)

Ordinal	`40`
Address	`0x15a7a2`

(#24)

Ordinal	`41`
Address	`0x1caa0e`

(#25)

Ordinal	`42`
Address	`0x143425`

(#26)

Ordinal	`43`
Address	`0x1ca9e6`

(#27)

Ordinal	`44`
Address	`0x14343d`

(#28)

Ordinal	`45`
Address	`0x146637`

(#29)

Ordinal	`46`
Address	`0x16ad43`

(#30)

Ordinal	`47`
Address	`0x1ca4eb`

(#31)

Ordinal	`48`
Address	`0x15a9d5`

(#32)

Ordinal	`49`
Address	`0x15aa35`

(#33)

Ordinal	`50`
Address	`0x143baf`

(#34)

Ordinal	`51`
Address	`0x1caa1f`

(#35)

Ordinal	`52`
Address	`0x143c73`

(#36)

Ordinal	`53`
Address	`0x16cb6d`

(#37)

Ordinal	`54`
Address	`0x1466ed`

(#38)

Ordinal	`55`
Address	`0x1caf1b`

(#39)

Ordinal	`56`
Address	`0x14e83b`

(#40)

Ordinal	`57`
Address	`0x17693b`

(#41)

Ordinal	`58`
Address	`0x171b29`

(#42)

Ordinal	`59`
Address	`0x165c4a`

(#43)

Ordinal	`60`
Address	`0x1ca2b3`

(#44)

Ordinal	`61`
Address	`0x142a75`

(#45)

Ordinal	`62`
Address	`0x14e23a`

(#46)

Ordinal	`63`
Address	`0x14f245`

(#47)

Ordinal	`64`
Address	`0x1f7d`

(#48)

Ordinal	`65`
Address	`0x15a690`

(#49)

Ordinal	`66`
Address	`0x15a616`

(#50)

Ordinal	`67`
Address	`0x14f438`

(#51)

Ordinal	`68`
Address	`0x203d`

(#52)

Ordinal	`69`
Address	`0x1ca28c`

(#53)

Ordinal	`70`
Address	`0x142b0d`

(#54)

Ordinal	`71`
Address	`0x16dcfc`

(#55)

Ordinal	`72`
Address	`0x14e624`

(#56)

Ordinal	`73`
Address	`0x166fd1`

(#57)

Ordinal	`74`
Address	`0x14e509`

(#58)

Ordinal	`75`
Address	`0x14e521`

(#59)

Ordinal	`76`
Address	`0x15a595`

(#60)

Ordinal	`77`
Address	`0x1643ed`

(#61)

Ordinal	`78`
Address	`0x14e2c9`

(#62)

Ordinal	`79`
Address	`0x14e30e`

(#63)

Ordinal	`80`
Address	`0x14e332`

(#64)

Ordinal	`81`
Address	`0x14e20c`

(#65)

Ordinal	`82`
Address	`0x15a651`

(#66)

Ordinal	`83`
Address	`0x1ca25e`

(#67)

Ordinal	`84`
Address	`0x14e423`

(#68)

Ordinal	`85`
Address	`0x14e371`

(#69)

Ordinal	`86`
Address	`0x16d825`

(#70)

Ordinal	`87`
Address	`0x1664f2`

(#71)

Ordinal	`88`
Address	`0x16d6dc`

(#72)

Ordinal	`89`
Address	`0x14e266`

(#73)

Ordinal	`90`
Address	`0x170850`

(#74)

Ordinal	`91`
Address	`0x1663f5`

(#75)

Ordinal	`92`
Address	`0x1ca39c`

(#76)

Ordinal	`93`
Address	`0x1ca333`

(#77)

Ordinal	`94`
Address	`0x1ca466`

(#78)

Ordinal	`95`
Address	`0x14f4cd`

(#79)

Ordinal	`96`
Address	`0x1c611b`

RevertImpersonate

Ordinal	`97`
Address	`0x1cff5f`

(#80)

Ordinal	`100`
Address	`0x1cafde`

(#81)

Ordinal	`110`
Address	`0x14e6d3`

(#82)

Ordinal	`111`
Address	`0x1cbff1`

(#83)

Ordinal	`112`
Address	`0x1cc019`

(#84)

Ordinal	`150`
Address	`0x164f8b`

(#85)

Ordinal	`151`
Address	`0x14f395`

(#86)

Ordinal	`152`
Address	`0x1ce068`

(#87)

Ordinal	`153`
Address	`0x1cda3d`

(#88)

Ordinal	`154`
Address	`0x1cde8c`

(#89)

Ordinal	`155`
Address	`0x166a51`

(#90)

Ordinal	`156`
Address	`0x1ce181`

(#91)

Ordinal	`157`
Address	`0x1cdce9`

(#92)

Ordinal	`158`
Address	`0x1cde8c`

(#93)

Ordinal	`159`
Address	`0x14f8a2`

(#94)

Ordinal	`160`
Address	`0x1ce0c2`

(#95)

Ordinal	`161`
Address	`0x1cda5e`

(#96)

Ordinal	`162`
Address	`0x1cde8c`

(#97)

Ordinal	`163`
Address	`0x166a51`

(#98)

Ordinal	`164`
Address	`0x1ce181`

(#99)

Ordinal	`165`
Address	`0x1cdce9`

(#100)

Ordinal	`166`
Address	`0x146511`

(#101)

Ordinal	`167`
Address	`0x1cdeda`

(#102)

Ordinal	`168`
Address	`0x1cd99b`

(#103)

Ordinal	`170`
Address	`0x1cdae3`

(#104)

Ordinal	`171`
Address	`0x176133`

(#105)

Ordinal	`172`
Address	`0x144454`

(#106)

Ordinal	`173`
Address	`0x1767b4`

(#107)

Ordinal	`174`
Address	`0x15a451`

(#108)

Ordinal	`175`
Address	`0x1ce905`

(#109)

Ordinal	`176`
Address	`0x1ce92d`

(#110)

Ordinal	`200`
Address	`0x1ce75c`

(#111)

Ordinal	`201`
Address	`0x1ce655`

(#112)

Ordinal	`202`
Address	`0x1ce1f1`

(#113)

Ordinal	`203`
Address	`0x1ce249`

(#114)

Ordinal	`204`
Address	`0x1ce289`

(#115)

Ordinal	`205`
Address	`0x1ce321`

(#116)

Ordinal	`206`
Address	`0x1ce722`

(#117)

Ordinal	`207`
Address	`0x1ce3c0`

(#118)

Ordinal	`208`
Address	`0x1ce425`

(#119)

Ordinal	`209`
Address	`0x17661e`

(#120)

Ordinal	`210`
Address	`0x176609`

(#121)

Ordinal	`211`
Address	`0x1ce5bf`

(#122)

Ordinal	`220`
Address	`0x1cc70f`

(#123)

Ordinal	`221`
Address	`0x160d0a`

(#124)

Ordinal	`222`
Address	`0x1683b7`

(#125)

Ordinal	`223`
Address	`0x1cc72e`

(#126)

Ordinal	`224`
Address	`0x16f7d7`

(#127)

Ordinal	`225`
Address	`0x1cc76c`

(#128)

Ordinal	`300`
Address	`0x16f08c`

(#129)

Ordinal	`301`
Address	`0x16ba71`

(#130)

Ordinal	`302`
Address	`0x16f79e`

(#131)

Ordinal	`303`
Address	`0x160cf0`

(#132)

Ordinal	`304`
Address	`0x160cf0`

(#133)

Ordinal	`305`
Address	`0x1c60b0`

(#134)

Ordinal	`306`
Address	`0x16633f`

(#135)

Ordinal	`307`
Address	`0x16b059`

(#136)

Ordinal	`308`
Address	`0x2ab5`

(#137)

Ordinal	`309`
Address	`0x2ab5`

(#138)

Ordinal	`310`
Address	`0x1c609d`

(#139)

Ordinal	`311`
Address	`0x16ac1a`

(#140)

Ordinal	`312`
Address	`0x16ac50`

(#141)

Ordinal	`313`
Address	`0x1c60c0`

(#142)

Ordinal	`314`
Address	`0x16ac6f`

(#143)

Ordinal	`320`
Address	`0x14ea0c`

(#144)

Ordinal	`321`
Address	`0x143483`

(#145)

Ordinal	`322`
Address	`0x1732a1`

(#146)

Ordinal	`324`
Address	`0x16aed6`

(#147)

Ordinal	`325`
Address	`0x143466`

(#148)

Ordinal	`326`
Address	`0x16d30f`

(#149)

Ordinal	`327`
Address	`0x16cdc8`

(#150)

Ordinal	`328`
Address	`0x1d37c2`

(#151)

Ordinal	`329`
Address	`0x16616f`

(#152)

Ordinal	`330`
Address	`0x1d3841`

(#153)

Ordinal	`331`
Address	`0x165f84`

(#154)

Ordinal	`332`
Address	`0x1d38c8`

(#155)

Ordinal	`333`
Address	`0x165de9`

(#156)

Ordinal	`334`
Address	`0x16ed4b`

(#157)

Ordinal	`335`
Address	`0x16d633`

(#158)

Ordinal	`336`
Address	`0x16ae94`

(#159)

Ordinal	`337`
Address	`0x1d3672`

(#160)

Ordinal	`338`
Address	`0x1d357b`

(#161)

Ordinal	`340`
Address	`0x16749a`

(#162)

Ordinal	`341`
Address	`0x167261`

(#163)

Ordinal	`342`
Address	`0x1d30ba`

(#164)

Ordinal	`343`
Address	`0x1d3103`

(#165)

Ordinal	`344`
Address	`0x1d3156`

(#166)

Ordinal	`345`
Address	`0x1670b1`

(#167)

Ordinal	`346`
Address	`0x15a6ba`

(#168)

Ordinal	`347`
Address	`0x15fe28`

(#169)

Ordinal	`350`
Address	`0x1d3a6d`

(#170)

Ordinal	`351`
Address	`0x1d3a91`

(#171)

Ordinal	`352`
Address	`0x1d3b58`

(#172)

Ordinal	`353`
Address	`0x16ceb0`

(#173)

Ordinal	`354`
Address	`0x1d3b7c`

(#174)

Ordinal	`355`
Address	`0x1d3ba2`

(#175)

Ordinal	`356`
Address	`0x16ce73`

(#176)

Ordinal	`357`
Address	`0x175ea1`

(#177)

Ordinal	`358`
Address	`0x16cd69`

(#178)

Ordinal	`359`
Address	`0x16d480`

(#179)

Ordinal	`364`
Address	`0x1666c4`

(#180)

Ordinal	`365`
Address	`0x16670f`

(#181)

Ordinal	`366`
Address	`0x166856`

(#182)

Ordinal	`367`
Address	`0x166895`

(#183)

Ordinal	`368`
Address	`0x163b57`

(#184)

Ordinal	`369`
Address	`0x1719c0`

(#185)

Ordinal	`370`
Address	`0x163ac1`

(#186)

Ordinal	`371`
Address	`0x163a81`

(#187)

Ordinal	`372`
Address	`0x166826`

(#188)

Ordinal	`375`
Address	`0x1731ee`

(#189)

Ordinal	`376`
Address	`0x1d3958`

(#190)

Ordinal	`377`
Address	`0x161b2a`

(#191)

Ordinal	`378`
Address	`0x16d616`

(#192)

Ordinal	`380`
Address	`0x170a02`

(#193)

Ordinal	`381`
Address	`0x1d3d65`

(#194)

Ordinal	`382`
Address	`0x1717cc`

(#195)

Ordinal	`383`
Address	`0x1d3d11`

(#196)

Ordinal	`384`
Address	`0x1d3d9c`

(#197)

Ordinal	`385`
Address	`0x171d32`

(#198)

Ordinal	`386`
Address	`0x1672ef`

(#199)

Ordinal	`387`
Address	`0x167034`

(#200)

Ordinal	`388`
Address	`0x167171`

(#201)

Ordinal	`390`
Address	`0x1764d5`

(#202)

Ordinal	`391`
Address	`0x163bc7`

(#203)

Ordinal	`392`
Address	`0x176572`

(#204)

Ordinal	`393`
Address	`0x176527`

(#205)

Ordinal	`400`
Address	`0x1d798d`

(#206)

Ordinal	`401`
Address	`0x1619d6`

(#207)

Ordinal	`402`
Address	`0x161b0c`

(#208)

Ordinal	`403`
Address	`0x161b5f`

(#209)

Ordinal	`404`
Address	`0x160a8c`

(#210)

Ordinal	`405`
Address	`0x165bff`

(#211)

Ordinal	`406`
Address	`0x14f473`

(#212)

Ordinal	`410`
Address	`0x1d79af`

(#213)

Ordinal	`411`
Address	`0x1d79d2`

(#214)

Ordinal	`412`
Address	`0x1d79f5`

(#215)

Ordinal	`413`
Address	`0x1713fb`

(#216)

Ordinal	`414`
Address	`0x1d7a15`

(#217)

Ordinal	`415`
Address	`0x1d7a38`

(#218)

Ordinal	`416`
Address	`0x1d7a5b`

(#219)

Ordinal	`417`
Address	`0x163c0a`

(#220)

Ordinal	`420`
Address	`0x1d7a7e`

(#221)

Ordinal	`421`
Address	`0x1d7aa1`

(#222)

Ordinal	`422`
Address	`0x1d7ac4`

(#223)

Ordinal	`423`
Address	`0x1d7ae7`

(#224)

Ordinal	`424`
Address	`0x171d7e`

(#225)

Ordinal	`425`
Address	`0x161b86`

(#226)

Ordinal	`430`
Address	`0x165cbd`

(#227)

Ordinal	`431`
Address	`0x1d7b0d`

(#228)

Ordinal	`432`
Address	`0x168f1d`

(#229)

Ordinal	`433`
Address	`0x1641b8`

(#230)

Ordinal	`434`
Address	`0x16d354`

(#231)

Ordinal	`435`
Address	`0x16df96`

(#232)

Ordinal	`436`
Address	`0x1d7b33`

(#233)

Ordinal	`437`
Address	`0x168138`

(#234)

Ordinal	`438`
Address	`0x16f3df`

(#235)

Ordinal	`440`
Address	`0x171cc8`

(#236)

Ordinal	`441`
Address	`0x164d53`

(#237)

Ordinal	`442`
Address	`0x1d7b4c`

(#238)

Ordinal	`443`
Address	`0x164dd9`

(#239)

Ordinal	`444`
Address	`0x1d7b65`

(#240)

Ordinal	`445`
Address	`0x164a56`

(#241)

Ordinal	`450`
Address	`0x160c8c`

(#242)

Ordinal	`451`
Address	`0x1641d9`

(#243)

Ordinal	`452`
Address	`0x1d78c8`

(#244)

Ordinal	`453`
Address	`0x162b32`

(#245)

Ordinal	`454`
Address	`0x1d7b8b`

(#246)

Ordinal	`455`
Address	`0x162031`

(#247)

Ordinal	`456`
Address	`0x1d7bb1`

(#248)

Ordinal	`457`
Address	`0x161ba1`

(#249)

Ordinal	`458`
Address	`0x163571`

(#250)

Ordinal	`459`
Address	`0x1669a2`

(#251)

Ordinal	`460`
Address	`0x16439d`

(#252)

Ordinal	`470`
Address	`0x251a`

(#253)

Ordinal	`471`
Address	`0x16834d`

(#254)

Ordinal	`472`
Address	`0x168844`

(#255)

Ordinal	`473`
Address	`0x16b6e9`

(#256)

Ordinal	`474`
Address	`0x170130`

(#257)

Ordinal	`475`
Address	`0x1708bd`

(#258)

Ordinal	`476`
Address	`0x168ec7`

(#259)

Ordinal	`477`
Address	`0x16f5f9`

(#260)

Ordinal	`478`
Address	`0x1d788f`

(#261)

Ordinal	`480`
Address	`0x16bb07`

(#262)

Ordinal	`481`
Address	`0x16894b`

(#263)

Ordinal	`482`
Address	`0x166314`

(#264)

Ordinal	`500`
Address	`0x1688bb`

(#265)

Ordinal	`501`
Address	`0x16dd88`

(#266)

Ordinal	`502`
Address	`0x1d7bd7`

(#267)

Ordinal	`503`
Address	`0x166037`

(#268)

Ordinal	`504`
Address	`0x16dc9a`

(#269)

Ordinal	`505`
Address	`0x1d7bfd`

(#270)

Ordinal	`506`
Address	`0x1d7c23`

(#271)

Ordinal	`507`
Address	`0x16e100`

(#272)

Ordinal	`508`
Address	`0x171927`

(#273)

Ordinal	`509`
Address	`0x1d7c49`

(#274)

Ordinal	`510`
Address	`0x1d7c6f`

(#275)

Ordinal	`511`
Address	`0x160bac`

(#276)

Ordinal	`512`
Address	`0x17437f`

(#277)

Ordinal	`514`
Address	`0x175ccd`

(#278)

Ordinal	`515`
Address	`0x1d7975`

(#279)

Ordinal	`516`
Address	`0x167dbd`

(#280)

Ordinal	`517`
Address	`0x166a01`

(#281)

Ordinal	`518`
Address	`0x163f8c`

(#282)

Ordinal	`519`
Address	`0x1619fd`

(#283)

Ordinal	`520`
Address	`0x1708eb`

(#284)

Ordinal	`525`
Address	`0x16a1c7`

(#285)

Ordinal	`526`
Address	`0x163e17`

(#286)

Ordinal	`527`
Address	`0x15a4f1`

(#287)

Ordinal	`528`
Address	`0x163d5c`

(#288)

Ordinal	`529`
Address	`0x16f80b`

(#289)

Ordinal	`530`
Address	`0x169416`

(#290)

Ordinal	`531`
Address	`0x16ece9`

(#291)

Ordinal	`533`
Address	`0x160d33`

(#292)

Ordinal	`534`
Address	`0x168af6`

(#293)

Ordinal	`535`
Address	`0x170bd2`

(#294)

Ordinal	`536`
Address	`0x16621b`

(#295)

Ordinal	`537`
Address	`0x1662af`

(#296)

Ordinal	`538`
Address	`0x1645c2`

(#297)

Ordinal	`539`
Address	`0x1690d4`

(#298)

Ordinal	`540`
Address	`0x167973`

(#299)

Ordinal	`541`
Address	`0x167e0e`

(#300)

Ordinal	`550`
Address	`0x1c8e1c`

(#301)

Ordinal	`551`
Address	`0x1c8ce8`

(#302)

Ordinal	`552`
Address	`0x1c74e6`

(#303)

Ordinal	`553`
Address	`0x1c74f9`

(#304)

Ordinal	`554`
Address	`0x1c74f9`

(#305)

Ordinal	`570`
Address	`0x1639e8`

(#306)

Ordinal	`600`
Address	`0x1cbad7`

(#307)

Ordinal	`601`
Address	`0x1cbaa5`

(#308)

Ordinal	`602`
Address	`0x1cbb7d`

(#309)

Ordinal	`603`
Address	`0x1cbbc5`

(#310)

Ordinal	`604`
Address	`0x1cbc13`

(#311)

Ordinal	`605`
Address	`0x1cbc65`

(#312)

Ordinal	`606`
Address	`0x1cbce3`

(#313)

Ordinal	`650`
Address	`0x10f1e6`

(#314)

Ordinal	`651`
Address	`0x1430d5`

(#315)

Ordinal	`652`
Address	`0x16510d`

(#316)

Ordinal	`653`
Address	`0x10f4bb`

(#317)

Ordinal	`654`
Address	`0x165abb`

(#318)

Ordinal	`655`
Address	`0x165962`

(#319)

Ordinal	`656`
Address	`0x1cff7d`

(#320)

Ordinal	`657`
Address	`0x176285`

(#321)

Ordinal	`658`
Address	`0x15a412`

(#322)

Ordinal	`659`
Address	`0x1d01dd`

(#323)

Ordinal	`660`
Address	`0x163cb4`

(#324)

Ordinal	`661`
Address	`0x165021`

(#325)

Ordinal	`662`
Address	`0x1d0172`

(#326)

Ordinal	`663`
Address	`0x1d03a5`

(#327)

Ordinal	`664`
Address	`0x1604f4`

(#328)

Ordinal	`665`
Address	`0x165236`

(#329)

Ordinal	`666`
Address	`0x1d0299`

(#330)

Ordinal	`667`
Address	`0x175bc4`

(#331)

Ordinal	`668`
Address	`0x1d0503`

(#332)

Ordinal	`669`
Address	`0x170c1f`

(#333)

Ordinal	`670`
Address	`0x16d975`

(#334)

Ordinal	`671`
Address	`0x1d02e5`

(#335)

Ordinal	`672`
Address	`0x1652ee`

(#336)

Ordinal	`673`
Address	`0x165308`

(#337)

Ordinal	`674`
Address	`0x16536a`

(#338)

Ordinal	`675`
Address	`0x1766d5`

(#339)

Ordinal	`676`
Address	`0x1766ef`

(#340)

Ordinal	`677`
Address	`0x1d1a15`

(#341)

Ordinal	`678`
Address	`0x1d1b2f`

(#342)

Ordinal	`679`
Address	`0x1603a8`

(#343)

Ordinal	`680`
Address	`0x1d025b`

(#344)

Ordinal	`681`
Address	`0x160551`

(#345)

Ordinal	`682`
Address	`0x16526d`

(#346)

Ordinal	`683`
Address	`0x16d409`

(#347)

Ordinal	`684`
Address	`0x1d0229`

(#348)

Ordinal	`685`
Address	`0x1d00e2`

(#349)

Ordinal	`686`
Address	`0x1710bd`

(#350)

Ordinal	`687`
Address	`0x1cff6e`

(#351)

Ordinal	`688`
Address	`0x15a958`

(#352)

Ordinal	`689`
Address	`0x14c29d`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70061`
MD5	`86be69b7e4a64ae1b87e5d66bd491873`
SHA1	`3686814bcbbe88f95d19c946c5d5dc8e3f6cd22d`
SHA256	`18400c47d0cdaadf11df1838f55f3b492ef0c34c7bd6701fd63ba81f5bbf6435`
SHA3	`865ac9d4cfa3e287aa0aa6810c3a1cc685108fc5903b98052a2d7a2db9e3aadb`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5069`
MD5	`68ecbab3e7d67c818d531c2b22c0bb9b`
SHA1	`1ceb3caab211de6e01e5c7b8c00450776ea38424`
SHA256	`8b5157b71514c0921d2deb4e0edc3bb71783d5b032d6be430f4d29e988e4c066`
SHA3	`8dd95fe4329a4e8d191418931eb49713408a48873ca05b4e18ca45dd02fd7155`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	8.0.7601.17514
ProductVersion	8.0.7601.17514
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Run time utility for Internet Explorer
FileVersion (#2)	8.00.7601.17514 (win7sp1_rtm.101119-1850)
InternalName	IeRtUtil.dll
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	IeRtUtil.dll
ProductName	Windows® Internet Explorer
ProductVersion (#2)	8.00.7601.17514

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

IMAGE_DEBUG_TYPE_UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x75ddc230`
SEHandlerTable	`0x75dc6050`
SEHandlerCount	`2`

RICH Header

XOR Key	`0x32830477`
Unmarked objects	`0`
ASM objects (VS2008 SP1 build 30729)	`8`
Total imports	`417`
Imports (VS2008 SP1 build 30729)	`13`
C++ objects (VS2008 build 21022)	`1`
Exports (VS2008 SP1 build 30729)	`1`
C++ objects (VS2008 SP1 build 30729)	`357`
C objects (VS2008 SP1 build 30729)	`137`
126 (VS2012 build 50727 / VS2005 build 50727)	`22`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!
[*] Warning: 319 invalid export(s) not shown.
[!] Error: Yara error: ERROR_TOO_MANY_MATCHES