Manalyze report for 0b274cde5b0dc83b7001a4114b3e2b381940fe9678b402c6227b19ccc4bc189f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1984-Dec-08 19:47:59
Detected languages	English - United States
Debug artifacts	api-ms-win-core-synch-l1-2-0.pdb
CompanyName	Microsoft Corporation
FileDescription	ApiSet Stub DLL
FileVersion	`10.0.22000.194 (WinBuild.160101.0800)`
InternalName	apisetstub
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	apisetstub
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.22000.194`

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA 2010`
Safe	VirusTotal score: 0/76 (Scanned on 2025-02-23 00:06:47)	`All the AVs think this file is safe.`

Hashes

MD5	`c44e86d8025ccacee39f93839cdf952d`
SHA1	`0bca6220f4c3d1812ea31b5973c989a49700f808`
SHA256	`0b274cde5b0dc83b7001a4114b3e2b381940fe9678b402c6227b19ccc4bc189f`
SHA3	`17f7358d8c0156c791f838e668f77c162f22d75246794efdd3c26a9491fa4626`
SSDeep	`192:dtZ3ZtIWvhWy2WHph5VWQ4iWuDtagQ5X01k9z3A26zl7naNPT1H:dtZ3wWvhWyVvDtdQ5R9zmBaNR`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	1984-Dec-08 19:47:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x4000`
SizeOfHeaders	`0x1000`
Checksum	`0x64f3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.rdata

MD5	`89e2095d19fd6d587d3712f6434e3fc8`
SHA1	`a9120247f626a55adbd4f7f9e7a9b4214f4398a6`
SHA256	`9f08ba5f7c895f39c880963de506a6e74aa370ea587c6dab1c38e4b20aa4344e`
SHA3	`b0e04f04d430af40fa1a68b0cb9cd79c97051fc155d186fcb0f80e4177ec744c`
VirtualSize	`0x5c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.44855`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x80`
VirtualAddress	`0x2000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`9d7979b96a558341f5cbaa561acc8089`
SHA1	`70875a6ceeadbe11b38d9fd9d7f68776326d982a`
SHA256	`701f7f3cdbe26f60a18cf12408ddf7ce862d94ccb18ee48afcd80152605bf99e`
SHA3	`f97627506b06a6e1bf08eba6cbbd315d223ee2520456554fdd9c11c33ff8ece2`
VirtualSize	`0x3f0`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.06046`

Imports

Delayed Imports

DeleteSynchronizationBarrier

Ordinal	`1`
Address	`0x1180`
ForwardName	`kernel32.DeleteSynchronizationBarrier`

EnterSynchronizationBarrier

Ordinal	`2`
Address	`0x11c2`
ForwardName	`kernel32.EnterSynchronizationBarrier`

InitOnceBeginInitialize

Ordinal	`3`
Address	`0x11ff`
ForwardName	`kernel32.InitOnceBeginInitialize`

InitOnceComplete

Ordinal	`4`
Address	`0x1231`
ForwardName	`kernel32.InitOnceComplete`

InitOnceExecuteOnce

Ordinal	`5`
Address	`0x125f`
ForwardName	`kernel32.InitOnceExecuteOnce`

InitOnceInitialize

Ordinal	`6`
Address	`0x128f`
ForwardName	`kernel32.InitOnceInitialize`

InitializeConditionVariable

Ordinal	`7`
Address	`0x12c7`
ForwardName	`kernel32.InitializeConditionVariable`

InitializeSynchronizationBarrier

Ordinal	`8`
Address	`0x130d`
ForwardName	`kernel32.InitializeSynchronizationBarrier`

SignalObjectAndWait

Ordinal	`9`
Address	`0x134b`
ForwardName	`kernel32.SignalObjectAndWait`

Sleep

Ordinal	`10`
Address	`0x136e`
ForwardName	`kernel32.Sleep`

SleepConditionVariableCS

Ordinal	`11`
Address	`0x1396`
ForwardName	`kernel32.SleepConditionVariableCS`

SleepConditionVariableSRW

Ordinal	`12`
Address	`0x13d2`
ForwardName	`kernel32.SleepConditionVariableSRW`

WaitOnAddress

Ordinal	`13`
Address	`0x1403`
ForwardName	`kernel32.WaitOnAddress`

WakeAllConditionVariable

Ordinal	`14`
Address	`0x1433`
ForwardName	`kernel32.WakeAllConditionVariable`

WakeByAddressAll

Ordinal	`15`
Address	`0x1466`
ForwardName	`kernel32.WakeByAddressAll`

WakeByAddressSingle

Ordinal	`16`
Address	`0x1494`
ForwardName	`kernel32.WakeByAddressSingle`

WakeConditionVariable

Ordinal	`17`
Address	`0x14c7`
ForwardName	`kernel32.WakeConditionVariable`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48335`
MD5	`ad3ac64ede219bbacc35004ba599e82e`
SHA1	`c4de60afe474feb5f1c6b0315275f5721ac2cd56`
SHA256	`b2d31278706956de005131c8afb356a0cf1540dce12e7cca4cb47851d1d5a4e6`
SHA3	`62e0eb5937727180b09e9b649aa71b73c15ef62bd0e16c7dc97ced4fcc90888a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.22000.194
ProductVersion	10.0.22000.194
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	ApiSet Stub DLL
FileVersion (#2)	10.0.22000.194 (WinBuild.160101.0800)
InternalName	apisetstub
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	apisetstub
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.22000.194

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1984-Dec-08 19:47:59
Version	`0.0`
SizeofData	`57`
AddressOfRawData	`0x14e8`
PointerToRawData	`0x14e8`
Referenced File	api-ms-win-core-synch-l1-2-0.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	1984-Dec-08 19:47:59
Version	`0.0`
SizeofData	`116`
AddressOfRawData	`0x1524`
PointerToRawData	`0x1524`

UNKNOWN

Characteristics	`0`
TimeDateStamp	1984-Dec-08 19:47:59
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1598`
PointerToRawData	`0x1598`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	1984-Dec-08 19:47:59
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x15bc`
PointerToRawData	`0x15bc`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x94769605`
Unmarked objects	`0`
C objects (LTCG) (29395)	`1`
Exports (29395)	`1`
C objects (29395)	`2`
Resource objects (29395)	`1`
Linker (29395)	`1`

Errors

[*] Warning: Section .data has a size of 0!

Leave a comment

No comments yet.