Manalyze report for b51fb63223915f23c60adc580c9a0531

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Oct-31 15:31:24
Detected languages	English - United States
Debug artifacts	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\dotnet\dotnet.pdb
CompanyName	Microsoft Corporation
FileDescription	.NET Host
FileVersion	`8,0,23,53103 @Commit: 5535e31a712343a63f5d7d796cd874e563e5ac14`
InternalName	.NET Host
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	.NET Host
ProductName	.NET
ProductVersion	`8.0.0 @Commit: 5535e31a712343a63f5d7d796cd874e563e5ac14`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: go.microsoft.com https://aka.ms https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid microsoft.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Info	The PE is digitally signed.	`Signer: .NET` `Issuer: Microsoft Code Signing PCA 2011`
Safe	VirusTotal score: 0/70 (Scanned on 2024-02-08 23:25:17)	`All the AVs think this file is safe.`

Hashes

MD5	`b51fb63223915f23c60adc580c9a0531`
SHA1	`a22bf33ac2769c31c922c45f314b4d6e42ed77db`
SHA256	`b9eace03c8471717e3f98873527005dbd9a92367b954f8c48484d2b7b78efbac`
SHA3	`553b7841183b261d3362b2dd4754db85a6a20595b323823d870e19a03d389ea6`
SSDeep	`1536:XbFnBS1RojpLRU0HviV1Yb2tYj0Ht1bizqf88uKwbiizb:XbFnBS1RkLRXo1ID0NBi+fgKwJP`
Imports Hash	`4dd36a31ffd90dcd48f18ab8ddb6dcd5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Oct-31 15:31:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xdc00`
SizeOfInitializedData	`0x12200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000009BF0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x25000`
SizeOfHeaders	`0x400`
Checksum	`0x27df8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`934093abe371b7f48a3c4953b09ec181`
SHA1	`82519d925fd653f04056ac18b9f179c646ab934f`
SHA256	`714c98f035abc6088b4eef3140a1037cadd74387d850164f403d2348df91fe74`
SHA3	`400831d46b36792096cbd9f7f8c8f0bf11a468318a6d123dd278726f99ab255f`
VirtualSize	`0xdaec`
VirtualAddress	`0x1000`
SizeOfRawData	`0xdc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35704`

.rdata

MD5	`e0d8c080c75b9d3086431effdc6c9041`
SHA1	`cf8c3ef06fdacbc2a21f82ef34f08532fb4a75c0`
SHA256	`d6607f872ea2a71b4b86d2d754536c91eb5fd92ea323e3e7d5c7dd57154b3968`
SHA3	`57d3437c099e92269806bd4f81ed6fe707c0f690bfb5c640d372595c97d0724e`
VirtualSize	`0x533c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x5400`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.46326`

.data

MD5	`920ee95c6453996b29232c4fea07bc90`
SHA1	`b2c0ca1580d10d59303da8e4e7648a66f17a85fd`
SHA256	`70900201f76bef34f7b45d8ae7c6112f844e3108f96148a873e492b871e849e2`
SHA3	`d962ccea9d4fafc99961555d3fca7c4526b6c605784b1d384876c31f05940bd9`
VirtualSize	`0xe88`
VirtualAddress	`0x15000`
SizeOfRawData	`0x200`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.5417`

.pdata

MD5	`a7c6b4972ddb28cbd88e25d58450bfe0`
SHA1	`077fed33d0d779f88b51245033f336413a7e7914`
SHA256	`8a58a89ee84f9f36725a1ccfebd14b503964895ce898ca26e57a1468f9712f73`
SHA3	`b86840f2c553d696aee03554f86887ab15f69f4b442c721894634a3a00e72525`
VirtualSize	`0xbd0`
VirtualAddress	`0x16000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x13600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78169`

_RDATA

MD5	`73590a5df6e9a5b86f0fa93093172125`
SHA1	`1f5ec77bdbe7b9321391f15d9647a371a8beff1a`
SHA256	`39bd42539c7b8b646dffe7bec5dc109f965dd69e382c1445ab35b894cc8fbf99`
SHA3	`562512d4c8680f655163553ac1e2883f8f5c7b1709bd3e2bf91efdaee1831c04`
VirtualSize	`0x15c`
VirtualAddress	`0x17000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.79959`

.rsrc

MD5	`b6b42b0113c4465298656c090c66bd2d`
SHA1	`f462d86198137a54a5a48e7715e24fd5ba160f39`
SHA256	`913677b6e4b7ab4394aef03071b75dcd5972a43a2583d22fa4082d4a3ead1d7c`
SHA3	`a7b8b048a144df8479cbb67f21236efd72966833d9a19411f903f4b2caa4246f`
VirtualSize	`0xbbcc`
VirtualAddress	`0x18000`
SizeOfRawData	`0xbc00`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.35527`

.reloc

MD5	`2610f13ef79edd0665d3dc83576ebf19`
SHA1	`e6a5cba2ed3663a17e3eceba69bc7dfbb814cba2`
SHA256	`e1a1753579bfee1bd0d5670a9b3fccd0507f9e9d6609399121c7cf478b462bcd`
SHA3	`a9a1e4b027d2775fcadddbbb3a13d7c8b7da43a42ca4f2ee22a0f2dd562c4983`
VirtualSize	`0x198`
VirtualAddress	`0x24000`
SizeOfRawData	`0x200`
PointerToRawData	`0x20000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.52852`

Imports

KERNEL32.dll	`GetFullPathNameW` `FindNextFileW` `GetCurrentProcess` `GetModuleHandleExW` `GetModuleFileNameW` `GetEnvironmentVariableW` `FindClose` `FindFirstFileExW` `GetFileAttributesExW` `LoadLibraryA` `GetProcAddress` `DeleteCriticalSection` `GetModuleHandleW` `LoadLibraryExW` `FreeLibrary` `GetLastError` `OutputDebugStringW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `EncodePointer` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetCurrentProcessId` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `SwitchToThread` `GetCurrentThreadId` `QueryPerformanceCounter` `InitializeCriticalSectionEx` `GetSystemTimeAsFileTime`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `__p___argc` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_invalid_parameter_noinfo_noreturn` `_c_exit` `_set_app_type` `_seh_filter_exe` `_cexit` `abort` `terminate` `_errno` `_register_thread_local_exe_atexit_callback` `_initialize_onexit_table` `_register_onexit_function` `__p___wargv`
api-ms-win-crt-stdio-l1-1-0.dll	`setvbuf` `_wfsopen` `__acrt_iob_func` `fflush` `fputwc` `fputws` `__stdio_common_vfwprintf` `__stdio_common_vsnwprintf_s` `_set_fmode` `__stdio_common_vswprintf` `__p__commode`
api-ms-win-crt-string-l1-1-0.dll	`wcsncmp` `strcpy_s` `_wcsicmp`
api-ms-win-crt-convert-l1-1-0.dll	`wcstoul` `_wtoi`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64_s` `wcsftime` `_time64`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `free` `_set_new_mode` `malloc` `_callnewh`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x850`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.21878`
Detected Filetype	PNG graphic file
MD5	`59277fa64b792be2bba6fcf04541aeff`
SHA1	`93681f8bdde431d7fcbe2f0dd56dbbd1caf6380a`
SHA256	`c4481751c38d1eeb0c94cb523ef63a04c86e29f8d2362dfe831d34c6874dc028`
SHA3	`012f98e32dd79049242e1b10060e0187fec5ecc1d206819fb9c55672420bdd6e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55759`
MD5	`ced0e6b28f64a71a7962092236b33878`
SHA1	`dd4b9c15181db4fc0c9d88960274e571d872a8ee`
SHA256	`8b2b7c18850cf3be1c04988a1af989146dd9ea954b420489ce11b147f9599cf8`
SHA3	`7b83d9eba03121353f1ddf04906fe19aa109b3f4bd7e9631fb091cee21f70da0`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55104`
MD5	`f04e02d83a6f5f3724c688e909ca3809`
SHA1	`1894eef7b64cdb56580a0e27fbdfc79a3d2dfc98`
SHA256	`94944b5c8712e986ba2975c3dddf65483073fa6f0f5387fcf737cb244de6895e`
SHA3	`757ce9096f09a3b413f3ea5fef062419dfb906e0c435fe75e7b9509a0a17e6a9`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60102`
MD5	`063b4e1930c7392e0ba0851baf1fc80d`
SHA1	`3eafab1b4786c0f75a5355ce20201c1f7e16a3ec`
SHA256	`ec49a2142c3711444eeca81d19694011a8ffd2ff3aa652cbfdaa1b9480a69d47`
SHA3	`9bbe26702b9df06367b3960ec966550796d71c5d3f7731efe5cd7241edf33553`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74036`
MD5	`7ec7f49b52562e425d982fb6ff6b8c37`
SHA1	`8163ddf9c2455aa651d8e58d41dde78c2a44b6f7`
SHA256	`7789be25a41aacb7134d19a04ab7903c31ecdf5ac88f71dd124a63c236eb873a`
SHA3	`aed43d0fffa2f8d1a991fc05a01b63c0b811754f80ee1440ab80835da283f0c6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60262`
MD5	`cc4b380d482898e13733150bb2ed5db6`
SHA1	`8f789d473a2a93d96694b36b92bc0d67109637fd`
SHA256	`e6685e704854ac412b036dfe748356d673114d79c6f82d2f7093240323026b27`
SHA3	`a83be339e7c908ae72df13856be4a41bc11ccb5cc5a28a7928af39ebd824963b`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38242`
MD5	`df687f4be82f70b92509d697cb18b887`
SHA1	`f77dc7ad296a199e902ac0b6bca160ca49d2de64`
SHA256	`dee86a3917cd663a3fd87150016bf825f99652e25503acf57fd1347611f33382`
SHA3	`9bb1f5633aa3c3db13035a9a0c9794e594fa8f1aca20089659b546357924be66`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.43221`
MD5	`6d26f0bf8510c585bea25fea82d9d8c5`
SHA1	`aa1ac94220ce3d7c91f90ce052e024afaac1436e`
SHA256	`d52a0f7da49bd8f823c6b5d13a3a26cccdc7215cc3ecc9c206bd1d93c61dc441`
SHA3	`60b37832a44257619eb1dfd7cb78dcd7b491197b3ff16608a781276d12069316`

IDI_ICON1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93465`
Detected Filetype	Icon file
MD5	`578a7f6d802f9b5e6db2d7d0c030d99f`
SHA1	`6ca71d245544467b56f37e38bb4e4aec11fec32f`
SHA256	`b416bce504d3c43d4a3eaaf7a70844fbc2f6cc3e2e37a957838a887f6d884f54`
SHA3	`e38b22ab89a35c4003ffb117f43e2ce4bf0ff7d3ce157bcba2a0272b0602b58f`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56718`
MD5	`66e1a8acc49ab9ed40cffc1d2c8f337c`
SHA1	`71113cc26f65771473a04a741d8558e2fb0eca0b`
SHA256	`dd22ebbbbf7c3342789519c801051965448d66fa87b8ba7c7bf76313a4098f2c`
SHA3	`bca1a055cba0c95a481e78cdb8592811c19f1097501aedf4b65245f72271d4b3`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x532`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07961`
MD5	`a5ce7736f7de76b734ae6bbd29fda851`
SHA1	`05b56fce8dbd63122dcfffed36ba5d145d462a3b`
SHA256	`8361b23889bd5f2009060566e0c75c4f86d187549f6949bada7a1454ced09ac5`
SHA3	`2e396e9aac7c0f2c1d52a427620bc4ffee839156b022e70c33e7552035831cad`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	8.0.23.53103
ProductVersion	8.0.23.53103
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	.NET Host
FileVersion (#2)	8,0,23,53103 @Commit: 5535e31a712343a63f5d7d796cd874e563e5ac14
InternalName	.NET Host
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	.NET Host
ProductName	.NET
ProductVersion (#2)	8.0.0 @Commit: 5535e31a712343a63f5d7d796cd874e563e5ac14

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Oct-31 15:31:24
Version	`0.0`
SizeofData	`96`
AddressOfRawData	`0x11ffc`
PointerToRawData	`0x10ffc`
Referenced File	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\dotnet\dotnet.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-Oct-31 15:31:24
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1205c`
PointerToRawData	`0x1105c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Oct-31 15:31:24
Version	`0.0`
SizeofData	`984`
AddressOfRawData	`0x12070`
PointerToRawData	`0x11070`

TLS Callbacks

StartAddressOfRawData	`0x140012468`
EndAddressOfRawData	`0x140012478`
AddressOfIndex	`0x140015e70`
AddressOfCallbacks	`0x14000f3b8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140015020`
GuardCFCheckFunctionPointer	`5368771344`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xbe6a92e4`
Unmarked objects	`0`
C objects (VS 2015-2022 runtime 32533)	`12`
ASM objects (VS 2015-2022 runtime 32533)	`7`
C++ objects (VS 2015-2022 runtime 32533)	`54`
Imports (VS2008 SP1 build 30729)	`16`
Imports (30795)	`5`
Total imports	`166`
C++ objects (LTCG) (32824)	`8`
Resource objects (32824)	`1`
151	`1`
Linker (32824)	`1`

b51fb63223915f23c60adc580c9a0531

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

IDI_ICON1

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors