Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2023-Oct-31 15:31:24 |
Detected languages |
English - United States
|
Debug artifacts |
D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\dotnet\dotnet.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | .NET Host |
FileVersion | 8,0,23,53103 @Commit: 5535e31a712343a63f5d7d796cd874e563e5ac14 |
InternalName | .NET Host |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | .NET Host |
ProductName | .NET |
ProductVersion | 8.0.0 @Commit: 5535e31a712343a63f5d7d796cd874e563e5ac14 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: .NET
Issuer: Microsoft Code Signing PCA 2011 |
Safe | VirusTotal score: 0/70 (Scanned on 2024-02-08 23:25:17) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2023-Oct-31 15:31:24 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xdc00 |
SizeOfInitializedData | 0x12200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000009BF0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x25000 |
SizeOfHeaders | 0x400 |
Checksum | 0x27df8 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x180000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetFullPathNameW
FindNextFileW GetCurrentProcess GetModuleHandleExW GetModuleFileNameW GetEnvironmentVariableW FindClose FindFirstFileExW GetFileAttributesExW LoadLibraryA GetProcAddress DeleteCriticalSection GetModuleHandleW LoadLibraryExW FreeLibrary GetLastError OutputDebugStringW TlsFree TlsSetValue TlsGetValue TlsAlloc InitializeCriticalSectionAndSpinCount EncodePointer SetLastError RaiseException RtlPcToFileHeader RtlUnwindEx InitializeSListHead GetCurrentProcessId IsDebuggerPresent IsProcessorFeaturePresent TerminateProcess SetUnhandledExceptionFilter UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext SwitchToThread GetCurrentThreadId QueryPerformanceCounter InitializeCriticalSectionEx GetSystemTimeAsFileTime |
---|---|
api-ms-win-crt-runtime-l1-1-0.dll |
_crt_atexit
__p___argc _exit exit _initterm_e _initterm _get_initial_wide_environment _initialize_wide_environment _configure_wide_argv _invalid_parameter_noinfo_noreturn _c_exit _set_app_type _seh_filter_exe _cexit abort terminate _errno _register_thread_local_exe_atexit_callback _initialize_onexit_table _register_onexit_function __p___wargv |
api-ms-win-crt-stdio-l1-1-0.dll |
setvbuf
_wfsopen __acrt_iob_func fflush fputwc fputws __stdio_common_vfwprintf __stdio_common_vsnwprintf_s _set_fmode __stdio_common_vswprintf __p__commode |
api-ms-win-crt-string-l1-1-0.dll |
wcsncmp
strcpy_s _wcsicmp |
api-ms-win-crt-convert-l1-1-0.dll |
wcstoul
_wtoi |
api-ms-win-crt-time-l1-1-0.dll |
_gmtime64_s
wcsftime _time64 |
api-ms-win-crt-heap-l1-1-0.dll |
calloc
free _set_new_mode malloc _callnewh |
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 8.0.23.53103 |
ProductVersion | 8.0.23.53103 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | .NET Host |
FileVersion (#2) | 8,0,23,53103 @Commit: 5535e31a712343a63f5d7d796cd874e563e5ac14 |
InternalName | .NET Host |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | .NET Host |
ProductName | .NET |
ProductVersion (#2) | 8.0.0 @Commit: 5535e31a712343a63f5d7d796cd874e563e5ac14 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Oct-31 15:31:24 |
Version | 0.0 |
SizeofData | 96 |
AddressOfRawData | 0x11ffc |
PointerToRawData | 0x10ffc |
Referenced File | D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\dotnet\dotnet.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Oct-31 15:31:24 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x1205c |
PointerToRawData | 0x1105c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Oct-31 15:31:24 |
Version | 0.0 |
SizeofData | 984 |
AddressOfRawData | 0x12070 |
PointerToRawData | 0x11070 |
StartAddressOfRawData | 0x140012468 |
---|---|
EndAddressOfRawData | 0x140012478 |
AddressOfIndex | 0x140015e70 |
AddressOfCallbacks | 0x14000f3b8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks | (EMPTY) |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140015020 |
GuardCFCheckFunctionPointer | 5368771344 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xbe6a92e4 |
---|---|
Unmarked objects | 0 |
C objects (VS 2015-2022 runtime 32533) | 12 |
ASM objects (VS 2015-2022 runtime 32533) | 7 |
C++ objects (VS 2015-2022 runtime 32533) | 54 |
Imports (VS2008 SP1 build 30729) | 16 |
Imports (30795) | 5 |
Total imports | 166 |
C++ objects (LTCG) (32824) | 8 |
Resource objects (32824) | 1 |
151 | 1 |
Linker (32824) | 1 |