b699cd483879203c6157a79646dfda55

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Apr-02 10:14:42
Detected languages English - United States
Debug artifacts D:\a\1\b\bin\amd64\pythonw.pdb
CompanyName Python Software Foundation
FileDescription Python
FileVersion 3.11.9
InternalName Python Application
LegalCopyright Copyright © 2001-2023 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC.
OriginalFilename pythonw.exe
ProductName Python
ProductVersion 3.11.9

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info Interesting strings found in the binary: Contains domain names:
  • BeOpen.com
Info The PE is digitally signed. Signer: DWSNET srl
Issuer: Sectigo Public Code Signing CA R36
Safe VirusTotal score: 0/73 (Scanned on 2024-10-22 19:06:05) All the AVs think this file is safe.

Hashes

MD5 b699cd483879203c6157a79646dfda55
SHA1 8707744d7df346c7d1189241224ed0d03306114e
SHA256 cf3dfd1d6626fd2129abb7a5983c11827f4b0d497e2dba146a1889bd71f23cd5
SHA3 9cff8de42ee478d739db5223ee758fbbff2c435a9c7c5b23f1a5eec843976d37
SSDeep 3072:Qq4lf8SwMpdCq/IM8uIGf5/x5s+BRFFBt7o:8f8SwMd7wvcfBRFFBt7o
Imports Hash 8e1e0d6c8ffe7f2996ab45c2c82ccb07

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2024-Apr-02 10:14:42
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xe00
SizeOfInitializedData 0x15200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000012B8 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1a000
SizeOfHeaders 0x400
Checksum 0x1e6e5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x1e8480
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1f0b172cee1011d407092eabec905e0e
SHA1 ccbd04b2f28ec18f5791e42199c109d55d5039ab
SHA256 ad4cf513a79daf56f56e69691791cc36bd50667fcf67cd04e81cf174f1f3acb1
SHA3 9f07fb6b99d053ff38582b3d84513bd8774b8cb5a3ec47d8196438e5aba4591a
VirtualSize 0xd6c
VirtualAddress 0x1000
SizeOfRawData 0xe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.8526

.rdata

MD5 8657f00c44899042b9c8672e2c9a4082
SHA1 ca49cfa852aea3a8fd4fcf0e8ebbb8ecbeba265d
SHA256 dc92fc978f8e97afd3d76dec6a4d6b228c958e39d1edb1d787360a9704ff4421
SHA3 0b87846219ff807fd755d5f18bf7a76a5eed709a65ee88db15411d547a29d5c5
VirtualSize 0xf6a
VirtualAddress 0x2000
SizeOfRawData 0x1000
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.15967

.data

MD5 1a3a9ab387ba51f3c866b72bd28bf09b
SHA1 37b738ab4a641aef0750475d69d9a0c0312b1133
SHA256 71b3764a3e34149cfba19c3198d543b6d650029096edb9a2a398592405e1e425
SHA3 c42a3099b7530cdd53bc86f896d1c965a1d5695466f0a0f54939a9ee94a35cb1
VirtualSize 0x678
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.444405

.pdata

MD5 025041f268385d0f008fa079c6e0f4a8
SHA1 fd6a8ffeb7c7f1acce1309b34222eb9df180facd
SHA256 9e69f9a6e382b1c1663a67c653684093efe51548dc767a111d60b7234863af3d
SHA3 742c91b9c61ce01f8344badbdf3d9718a57c86c5b5a102bb1619cb116aaf142e
VirtualSize 0x174
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.89325

.rsrc

MD5 6d56f5a57b43d4771c1a27f082130c5a
SHA1 ba093266c6f310888a8e6a91b2e537d8839d9fff
SHA256 ccb10ad1c0dd3e74e631555265eb492ab241ff4009458170c4eef4b5848c13c5
SHA3 5fb2050d077ceb370e702ce1d56b29ec88273f8aa55fb3cfe4d484e200d3d73e
VirtualSize 0x13578
VirtualAddress 0x5000
SizeOfRawData 0x13600
PointerToRawData 0x2600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.1659

.reloc

MD5 c79cd45de1e939022d7f01e54150c7e1
SHA1 3239dfff4e81eaf944d35bd505068b8737451c28
SHA256 74ac3cf5625b590b76c8b4702fc6ca433117441efdc97bb0a358286f69a04439
SHA3 75512b289d242234cbb9a58fb06877341f3f18fef78baa68fd5f25102f503994
VirtualSize 0x30
VirtualAddress 0x19000
SizeOfRawData 0x200
PointerToRawData 0x15c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.716608

Imports

python311.dll Py_Main
VCRUNTIME140.dll __C_specific_handler
__current_exception
__current_exception_context
memset
memcpy
api-ms-win-crt-runtime-l1-1-0.dll _initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_initialize_wide_environment
_set_app_type
_seh_filter_exe
__p___argc
__p___wargv
_c_exit
_cexit
_get_wide_winmain_command_line
_exit
exit
_initterm_e
_initterm
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
KERNEL32.dll GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
GetModuleHandleW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x3a47
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.89877
Detected Filetype PNG graphic file
MD5 0463d629d6d9bce92c784d9d512508b6
SHA1 90fa30b5a64c5ae143fee4746f5bbae458729cb1
SHA256 5f828c0a850ffdb0af12c7c63342a0470a871c3af330a20f82a378e1257eeec0
SHA3 18f19a0d5ad7e1d4902f666284f13c1fde8c1e79d94ff243068123864c5cbaff

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1628
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.43685
MD5 e8a9a4ebfe0c03cec8d7efdfc82a073a
SHA1 f3ab8f7b3d9902d4949c6081313cfb18c54315d7
SHA256 afb5a737e6fad578f3b492305e036a855e465f27c42f0fa22859551359639e89
SHA3 76103cbf35a144f2f37f48eb3fb73dd25ffdf3131e05227014d372fbb9814380

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.64402
MD5 eaf69775ddb2dad256651db53afb2bc1
SHA1 1a06afb4ff3b56ad580799c76681a407a0e63ab6
SHA256 25b7ab6a288d33805d0ebe55c8a1094ebd8042d587e641098bfddde172f48b97
SHA3 5b307411e03c05f7d6bf2b68723e2c70d51b1046354336776b70968162a3c111

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.30046
MD5 33eb19e1427a0a91bcf022f96071ca5a
SHA1 1a72aa851a5d22e49a1f74311d3a9788eebc3f32
SHA256 6e54638103a93602434e98f8207420fb0c6546d25ccf0161e3a8a8b1063ad885
SHA3 31464ce8ac14b03e17a92e35e1400f3217d25e372d40a2988234746ffcb1af21

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.28803
MD5 87fed18be15c48e50431eb2ad66fabae
SHA1 6e2f8dd7f1fe5ebd5da36e9904483ed1044424f3
SHA256 b35912bf3138d36b659dcc768b8c2c32d5e64ba96da1e1070808bf08d66860f0
SHA3 2687ccb8b02299f134de0c83c5664bce9ba3617ed06cbfab8f994e421ec0b80b

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.1021
MD5 d0e16cfd7572e84a90840f1d148e133e
SHA1 a49bdf37b6513a3b73e99896d75775b99aefce44
SHA256 5420e0fa0a5f58bc71e713c5176cfa08c3db2f059a37a42546f63deca7392779
SHA3 d5e5c5955c1c43f704303a98ea2254e9109773b0fd1be5314f14fd1e46ef27c1

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e29
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.92596
Detected Filetype PNG graphic file
MD5 e13fc88ff0c2f2bd23710830c4037aca
SHA1 eb18447f31804ee66d638f3a94a314d42363442a
SHA256 575b411592614b1b40026099b9b416220eaf2a620a7607a69dde7a34c6241291
SHA3 0e742684e0c922d812afa9c4daf9025c726b8c8675e05323ae1f6ac6a4504068

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.86771
MD5 28024a1271d4ec05edb5a3259608d37d
SHA1 abdd1741d6a4e962992ad2541f6bb1a2d960db7c
SHA256 73eb5c8db59a7399ba879a09b6e8f987915da11175e1638bc03e198ac961abb7
SHA3 93971d8d44f162809c8793fbea70f9e4ee6e05d5b0d3dee84c6133c71873ae8f

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.27744
MD5 9d0c12408c9e33c360ab4bc74a5ec884
SHA1 ab37e80f26d0d751d31cfd50a123015282024a09
SHA256 2545ee8d09df27f67871df151a3e1e948db520d94aea138373aaab636bb52c55
SHA3 a5374fc4bad6533bb6bf35983587d56c1f6b4aa14dfa13da9262bb5bbf2c4678

10

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.09553
MD5 203169fae6bd5dd0fcd9eee6808d829b
SHA1 b17e32969a3f951626642bb91e986dd25288544d
SHA256 43d0e868c171e62fd47baafe3f807df271c54024d49802a31a6f4f7521c682a2
SHA3 df07f9c43ed71fd2e4382f5f9bc48fee52d9c3842ab7d39970eb4f403b64a2e2

11

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.41065
MD5 1eb9d774dbd9d0ab05e41fb6c54ed7ae
SHA1 3be0d79d0ad0234ea534047f75723508f59a7507
SHA256 1d89375f46f6dfe9a3d10dbdfc9e71dd69d8f53ab2e8a925f976b9ef2ee9e46e
SHA3 f866655b0de66289a5fe33eac37581c6fc271daa631d41cc61e56f279baf8ef2

12

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.26327
MD5 0fda42ca37c600571bdbc58542a39b4c
SHA1 25cb5eb2ad6e9299b20757fb9ee980b088e2b6e3
SHA256 0ead19a6475704d679209c33f9cbe527074e9c320e7f94f765787d91463d2478
SHA3 d559b1f3e4c00d8f67a8280f198cd01dbb4f71e39945f382e306b7865e1024a6

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0xae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.02743
Detected Filetype Icon file
MD5 30c8ba128a75e58f70b836c6b4583eeb
SHA1 204fbe5300afb72e523b3f043acbe4fc4bd0e151
SHA256 3354369e78b388317118743d6d4ff88378e2929f9d627b5c13b6d012fbb118f0
SHA3 50285109e6331641f86f4c16b606ad88a2518489221d771280a92a81c61dc589

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x3b8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.49708
MD5 8bd7947a421ac7505fb9ff46d4c893ed
SHA1 cd47198dd4d928710bf51632b7c612c02b7e0a51
SHA256 39e5b844acdeb522ac751fa543ce9d6b88b2eaad9a95cbfdb89885af8d3d6693
SHA3 0338ea69b14e2ec055195fd9b361c6b8c976fe19aa4d4c249a280cbe1e81aa41

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x545
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.25824
MD5 7ef51f60309aa7899efdfed89aa1ad6f
SHA1 264a1f51d8f3ac1aeaf37369038f97f24c48b52c
SHA256 13160d8e413f8a06f47aec8b20edc6ea5d63b63190f77ae9a1ec1bed7195da79
SHA3 1703fb9fa22fef65c6d90d8634f5f13be70b4e181cebba09710acd59ce832e29

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.11.9150.1013
ProductVersion 3.11.9150.1013
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName Python Software Foundation
FileDescription Python
FileVersion (#2) 3.11.9
InternalName Python Application
LegalCopyright Copyright © 2001-2023 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC.
OriginalFilename pythonw.exe
ProductName Python
ProductVersion (#2) 3.11.9
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2024-Apr-02 10:14:42
Version 0.0
SizeofData 55
AddressOfRawData 0x2464
PointerToRawData 0x1664
Referenced File D:\a\1\b\bin\amd64\pythonw.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2024-Apr-02 10:14:42
Version 0.0
SizeofData 20
AddressOfRawData 0x249c
PointerToRawData 0x169c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-Apr-02 10:14:42
Version 0.0
SizeofData 644
AddressOfRawData 0x24b0
PointerToRawData 0x16b0

TLS Callbacks

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140003000

RICH Header

XOR Key 0xa9475cb
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (VS 2015-2022 runtime 33030) 2
C++ objects (VS 2015-2022 runtime 33030) 18
C objects (VS 2015-2022 runtime 33030) 10
ASM objects (VS 2015-2022 runtime 33030) 3
Imports (33135) 3
Imports (30795) 2
Total imports 51
C objects (LTCG) (33135) 1
Resource objects (33135) 1
Linker (33135) 1

Errors

<-- -->