Manalyze report for bd33aa772f4751c5a79f94636088774e

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Feb-03 19:45:04
Detected languages	English - United States
Debug artifacts	notepad.pdb
CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion	`10.0.19041.4355 (WinBuild.160101.0800)`
InternalName	Notepad
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	NOTEPAD.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.19041.4355`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: go.microsoft.com https://go.microsoft.com https://go.microsoft.com/fwlink/?LinkId https://go.microsoft.com/fwlink/p/?linkid microsoft.com`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegSetValueExW RegQueryValueExW RegCreateKeyW RegCloseKey RegOpenKeyExW RegCreateKeyExW RegDeleteKeyExW RegQueryInfoKeyW RegEnumValueW` `Functions related to the privilege level: OpenProcessToken`
Safe	VirusTotal score: 0/71 (Scanned on 2024-07-19 00:37:06)	`All the AVs think this file is safe.`

Hashes

MD5	`bd33aa772f4751c5a79f94636088774e`
SHA1	`bd6b9b8bf4b0911846a089c620ce3b4a43ee9674`
SHA256	`c286747d319818c1205fd487040840353c5f4542faffdabae9131481bdfeb92a`
SHA3	`cd5b833fa565097af67f58b307fa1fe7470490cd13ba8c700209d425543b6395`
SSDeep	`6144:mzQyiLHz40gQt23nJ6vOS0lcc0rbLurxl:6Qvs0N23J6WS0lp0L0x`
Imports Hash	`88409fe489a1ac2313dd49709c522f0d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Feb-03 19:45:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x24600`
SizeOfInitializedData	`0xe000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000023BC0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x38000`
SizeOfHeaders	`0x400`
Checksum	`0x40c20`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x11000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ce7b34f368066cd1b6c768a73af1742a`
SHA1	`979b78176e034a0432a02fa6c339b47f49993fb4`
SHA256	`84b6d227514c38143fa1a72787c58e9321c05a44fe5c1b39a0960657100e6ad6`
SHA3	`653f608021533f0defd648f81d3b9b07d878914f6e264d5fafe72c6805c6b805`
VirtualSize	`0x2447f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x24600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.27627`

.rdata

MD5	`be79c37241b957f465f22512ea1bb61f`
SHA1	`4148154364f0b2da1c0b401cc0f8879b2bf5d17c`
SHA256	`929b2bb14d449458172e9f535cbd6ce4d05890853aa5bc0140b8425f5b11576b`
SHA3	`f4b76f971426512fd88d178ce09a447831fd93a713dc84b109264f8eb30cd68d`
VirtualSize	`0x9288`
VirtualAddress	`0x26000`
SizeOfRawData	`0x9400`
PointerToRawData	`0x24a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.93243`

.data

MD5	`26d72f9b6e3cd839c5c0beb7cd7ebacf`
SHA1	`0d53843a354781074c9a1cfaa270c3fce02abf2c`
SHA256	`3aeedb62d6c24ddbda649bbe29c1262e1d3a3360f3234c409552b2b406dd3bb7`
SHA3	`d3e049bf3dc597e99ea3ab67f7072b1a8659cc155eccf6de0c1d09f11c969043`
VirtualSize	`0x2718`
VirtualAddress	`0x30000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x2de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.8064`

.pdata

MD5	`b09b297dd73ca68f06023dc14904d1ba`
SHA1	`d392ec4882f658cff396e7d65fbcbf9a3ba3cea8`
SHA256	`b1ea783e8c9e09ebd19a2358083e4110227413b03cc56a87054c409f58ecccdd`
SHA3	`014246048e34a73e44d9b861d6d3e563e867c728589c446d6853651285238fa8`
VirtualSize	`0x10ec`
VirtualAddress	`0x33000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x2ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.95674`

.didat

MD5	`70610b8723a74d308ac80ea4c27f3536`
SHA1	`de66eaec55a268520b79aebdbb73fb526997b635`
SHA256	`b579481cd27cee7107362c0ae0c92c64ac3b5bac9bdad82468e0106d3234b3b4`
SHA3	`4f6ad6f6989d0bdae8460e43f2f40151c04e0ac5d3b672010bd034e7461b7a07`
VirtualSize	`0x178`
VirtualAddress	`0x35000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.51171`

.rsrc

MD5	`e78614a03d165e40a9d05fe3d7b96f97`
SHA1	`c2be22f9083bc7b8561907d90c344cef8407d3d1`
SHA256	`5075be559d4420f4d880851c11980d912b676fc3a3fd948623ab7c797c851fc6`
SHA3	`173367cec9093027fb4fcd8ecf5f99b06ab2d3882f3c61f51471281de303718f`
VirtualSize	`0xbd8`
VirtualAddress	`0x36000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x30000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.60817`

.reloc

MD5	`e56457d80c672b3597be59c7fc5d85be`
SHA1	`76b94dd06054dfd07c059aa1fed835b85002c6e4`
SHA256	`335c9d8f357c6ec88e68d84d1d4a0916126667e4de39f9b60e680641552ef364`
SHA3	`be08b3c3a52bc17cb76cde8dcb0b455c88911472da6062ac8856abea1b130436`
VirtualSize	`0x2d8`
VirtualAddress	`0x37000`
SizeOfRawData	`0x400`
PointerToRawData	`0x30c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.12854`

Imports

KERNEL32.dll	`GetProcAddress` `CreateMutexExW` `AcquireSRWLockShared` `DeleteCriticalSection` `GetCurrentProcessId` `GetProcessHeap` `GetModuleHandleW` `DebugBreak` `IsDebuggerPresent` `GlobalFree` `GetLocaleInfoW` `CreateFileW` `ReadFile` `GetACP` `MulDiv` `GetCurrentProcess` `GetCommandLineW` `HeapSetInformation` `FreeLibrary` `LocalFree` `LocalAlloc` `FindFirstFileW` `FindClose` `FoldStringW` `GetModuleFileNameW` `GetUserDefaultUILanguage` `HeapFree` `HeapAlloc` `GetTimeFormatW` `WideCharToMultiByte` `WriteFile` `GetFileAttributesW` `LocalLock` `LocalUnlock` `DeleteFileW` `SetEndOfFile` `GetFileAttributesExW` `GetFileInformationByHandle` `CreateFileMappingW` `MapViewOfFile` `MultiByteToWideChar` `LocalReAlloc` `UnmapViewOfFile` `GetFullPathNameW` `LocalSize` `GetStartupInfoW` `lstrcmpiW` `FindNLSString` `GlobalLock` `GlobalUnlock` `GlobalAlloc` `GetDiskFreeSpaceExW` `CreateDirectoryW` `RegisterApplicationRestart` `CreateSemaphoreExW` `CreateThreadpoolTimer` `ReleaseSRWLockShared` `SetThreadpoolTimer` `CloseHandle` `OpenSemaphoreW` `WaitForSingleObjectEx` `AcquireSRWLockExclusive` `CloseThreadpoolTimer` `OutputDebugStringW` `ReleaseSRWLockExclusive` `GetLastError` `FormatMessageW` `ReleaseMutex` `GetCurrentThreadId` `WaitForSingleObject` `WaitForThreadpoolTimerCallbacks` `InitializeCriticalSectionEx` `LeaveCriticalSection` `GetModuleHandleExW` `ReleaseSemaphore` `EnterCriticalSection` `GetDateFormatW` `SetLastError` `GetLocalTime` `ResolveDelayLoadedAPI` `DelayLoadFailureHook` `GetModuleFileNameA`
GDI32.dll	`CreateDCW` `StartPage` `StartDocW` `SetAbortProc` `DeleteDC` `EndDoc` `AbortDoc` `EndPage` `GetTextMetricsW` `SetBkMode` `LPtoDP` `SetWindowExtEx` `SetViewportExtEx` `SetMapMode` `GetTextExtentPoint32W` `TextOutW` `EnumFontsW` `GetTextFaceW` `SelectObject` `DeleteObject` `CreateFontIndirectW` `GetDeviceCaps`
USER32.dll	`PostMessageW` `MessageBoxW` `GetMenu` `CheckMenuItem` `GetSubMenu` `EnableMenuItem` `ShowWindow` `GetDC` `ReleaseDC` `SetCursor` `GetDpiForWindow` `SetActiveWindow` `LoadStringW` `DefWindowProcW` `IsIconic` `SetFocus` `PostQuitMessage` `DestroyWindow` `MessageBeep` `GetForegroundWindow` `GetDlgCtrlID` `SetWindowPos` `RedrawWindow` `GetKeyboardLayout` `CharNextW` `SetWinEventHook` `GetMessageW` `TranslateAcceleratorW` `IsDialogMessageW` `TranslateMessage` `DispatchMessageW` `UnhookWinEvent` `SetWindowTextW` `OpenClipboard` `IsClipboardFormatAvailable` `CloseClipboard` `SetDlgItemTextW` `GetDlgItemTextW` `EndDialog` `SendDlgItemMessageW` `SetScrollPos` `InvalidateRect` `UpdateWindow` `GetWindowPlacement` `SetWindowPlacement` `CharUpperW` `GetSystemMenu` `LoadAcceleratorsW` `SetWindowLongW` `CreateWindowExW` `MonitorFromWindow` `RegisterWindowMessageW` `LoadCursorW` `RegisterClassExW` `GetWindowTextLengthW` `GetWindowLongW` `PeekMessageW` `GetWindowTextW` `EnableWindow` `CreateDialogParamW` `DrawTextExW` `LoadIconW` `LoadImageW` `DialogBoxParamW` `SetThreadDpiAwarenessContext` `SendMessageW` `MoveWindow` `GetClientRect` `GetFocus`
api-ms-win-crt-string-l1-1-0.dll	`memset` `wcsnlen` `wcscmp`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `_register_thread_local_exe_atexit_callback` `_initterm_e` `_initterm`
api-ms-win-crt-private-l1-1-0.dll	`_o__callnewh` `_o__cexit` `_o__configthreadlocale` `_o__configure_wide_argv` `_o__crt_atexit` `_o__errno` `_o__exit` `_o__get_wide_winmain_command_line` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__invalid_parameter_noinfo` `_o__purecall` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `_o__wcsicmp` `_o__wtol` `_o_exit` `_o_free` `_o_iswdigit` `_o_malloc` `_o_terminate` `_o_toupper` `__CxxFrameHandler3` `_CxxThrowException` `_o___std_exception_destroy` `_o___std_exception_copy` `_o___p__commode` `_o___stdio_common_vswprintf` `__C_specific_handler` `memcmp` `memcpy` `memmove`
api-ms-win-core-com-l1-1-0.dll	`CoWaitForMultipleHandles` `CoUninitialize` `PropVariantClear` `CoTaskMemFree` `CoTaskMemAlloc` `CoCreateFreeThreadedMarshaler` `CoCreateInstance` `CoInitializeEx` `CoCreateGuid`
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	`PathIsFileSpecW` `PathFindExtensionW` `PathFileExistsW`
api-ms-win-shcore-obsolete-l1-1-0.dll	`SHStrDupW`
api-ms-win-shcore-path-l1-1-0.dll	`#170`
api-ms-win-shcore-scaling-l1-1-1.dll	`GetDpiForMonitor`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlLookupFunctionEntry` `RtlCaptureContext` `RtlVirtualUnwind`
api-ms-win-core-errorhandling-l1-1-0.dll	`SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RaiseException`
api-ms-win-core-processthreads-l1-1-0.dll	`TerminateProcess`
api-ms-win-core-processthreads-l1-1-1.dll	`GetProcessMitigationPolicy` `IsProcessorFeaturePresent`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetTickCount` `GetSystemTimeAsFileTime`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-libraryloader-l1-2-0.dll	`LoadLibraryExW`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsCreateString` `WindowsDeleteString` `WindowsGetStringRawBuffer` `WindowsCreateStringReference`
api-ms-win-core-synch-l1-1-0.dll	`SetEvent` `CreateEventExW`
api-ms-win-core-winrt-error-l1-1-0.dll	`SetRestrictedErrorInfo`
api-ms-win-core-string-l1-1-0.dll	`CompareStringOrdinal`
api-ms-win-core-winrt-l1-1-0.dll	`RoInitialize` `RoUninitialize` `RoGetActivationFactory`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoGetMatchingRestrictedErrorInfo`
api-ms-win-eventing-provider-l1-1-0.dll	`EventProviderEnabled`
api-ms-win-core-synch-l1-2-0.dll	`Sleep`
COMCTL32.dll	`CreateStatusWindowW` `#345`
ADVAPI32.dll (delay-loaded)	`OpenProcessToken` `IsTextUnicode` `GetTokenInformation` `DuplicateEncryptionInfoFile` `RegSetValueExW` `RegQueryValueExW` `RegCreateKeyW` `RegCloseKey` `RegOpenKeyExW` `RegCreateKeyExW` `RegDeleteKeyExW` `RegQueryInfoKeyW` `RegEnumValueW` `EventSetInformation` `EventRegister` `EventUnregister` `EventWriteTransfer` `DecryptFileW`

Delayed Imports

Attributes	`0x1`
Name	`ADVAPI32.dll`
ModuleHandle	`0x30c78`
DelayImportAddressTable	`0x35000`
DelayImportNameTable	`0x2cac0`
BoundDelayImportTable	`0x2cf50`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

MICROSOFTEDPENLIGHTENEDAPPINFO

Type	`EDPENLIGHTENEDAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

MICROSOFTEDPPERMISSIVEAPPINFO

Type	`EDPPERMISSIVEAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0x140`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07009`
MD5	`56ad5723edb10a0cd59cfe033529aa18`
SHA1	`2bbaf3ab699fd8d938651a42da3a9ac6b63fbc45`
SHA256	`9fa1f59db33f147ae6bff03d23af5089563f6552efc32ae39a974a35d48bfcb3`
SHA3	`ee7e5e52bb2fc18e367397a2389119edfa6366fa6e7d5444c2698a902b72e702`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52128`
MD5	`4aaa91becb99e0ad991fec2763420fea`
SHA1	`fa7618f2b56492e94aef49e8fe1bc9f0440a6a71`
SHA256	`66db88fdb3bb2678bc1ce6db6a41a6bf4bc490f65678a1eceb22386b437b32c9`
SHA3	`a73fb6fe6a57ee5d7fd8ef743b4f17aa4d760cde540ac120c32278c5b064aa72`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4af`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.98745`
MD5	`acc7856de799cdbe0dfe7918d6a21380`
SHA1	`dd694c2cf66b06f173373242ffbff497d10fd785`
SHA256	`790e206178489e6c6fd11711bf3a55d29b36f61dc9d02abf12fc5ef0a966e22f`
SHA3	`8b3a025f88f0cca1a806f537821ecc948fa6bbe84b06c095cf3ca23b580be30d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.19041.4355
ProductVersion	10.0.19041.4355
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion (#2)	10.0.19041.4355 (WinBuild.160101.0800)
InternalName	Notepad
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	NOTEPAD.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.19041.4355

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Feb-03 19:45:04
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x2b504`
PointerToRawData	`0x29f04`
Referenced File	notepad.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Feb-03 19:45:04
Version	`0.0`
SizeofData	`1084`
AddressOfRawData	`0x2b528`
PointerToRawData	`0x29f28`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2022-Feb-03 19:45:04
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x2b964`
PointerToRawData	`0x2a364`

TLS Callbacks

Load Configuration

Size	`0x118`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140030470`
GuardCFCheckFunctionPointer	`5368869096`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x24fb72e6`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`48`
C objects (27412)	`10`
ASM objects (27412)	`3`
Imports (27412)	`9`
Total imports	`1320`
C objects (LTCG) (27412)	`31`
C++ objects (27412)	`31`
253 (27412)	`1`
Resource objects (27412)	`1`
Linker (27412)	`1`

bd33aa772f4751c5a79f94636088774e

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.didat

.rsrc

.reloc

Imports

Delayed Imports

MICROSOFTEDPENLIGHTENEDAPPINFO

MICROSOFTEDPPERMISSIVEAPPINFO

1

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors