caa192bfdfb5f2a131ebd649b7062de3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2025-Nov-19 14:46:05
Detected languages English - United States
Debug artifacts winhstb.pdb
CompanyName Microsoft Corporation
FileDescription Windows Winhlp32 Stub
FileVersion 10.0.18362.1 (WinBuild.160101.0800)
InternalName WINHSTB
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename WINHLP32.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.18362.1

Plugin Output

Safe VirusTotal score: 0/70 (Scanned on 2019-10-09 12:56:45) All the AVs think this file is safe.

Hashes

MD5 caa192bfdfb5f2a131ebd649b7062de3
SHA1 720fb8ac42f6a86fc06d1cf54f3f9f74f5f0e8de
SHA256 95ec2d3b4bf074a3540d533a57d616effd81c8fc6ec98f704acbf96b7793634b
SHA3 6c95ff7f52dedca4577e6936291a892724be9d927b31f11f2c6c3a1745fcec6b
SSDeep 192:Rfq4m+jaCWGEZxyqQ4t5tmXdkLWyeHWnhh4jAr7b:RfCSWG+tnCqLWyeHWnhh4Uf
Imports Hash 0d53a5f05ebe36a7314357080bb7fef0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2025-Nov-19 14:46:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1200
SizeOfInitializedData 0x1a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001BA0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x7000
SizeOfHeaders 0x400
Checksum 0x5442
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x40000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 406c161ac4e2ce43fc03a7b6f6bab7cd
SHA1 aef9d6b897ffcf8bd87bd8ea62b4fe22fa1b2167
SHA256 455acbd16e92221c099b43712fc0779a49a1597922e36bbffa45b9c03bf32142
SHA3 5e8b0c6814eafdb2a6e21add1c734d22c71dec4b821bb8943ec3c34005265978
VirtualSize 0x1134
VirtualAddress 0x1000
SizeOfRawData 0x1200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.69801

.data

MD5 4f178a3c29592abb3819219d1798c12e
SHA1 9515229c8ccfd99bec9299a42f5e8a46be608ab5
SHA256 a97ecd002826ca1e7791dc2ba83a1922f3152af0c59d8c68e1cb4fcaae694d71
SHA3 0ef5fc535197154d15ef431f1f5d4e466ebc917870afe65c6ba5edb14080979d
VirtualSize 0x398
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.240445

.idata

MD5 d48fb686bfbd948d2d130e055f9f12ba
SHA1 c0de7eed098877e0ca7dd5e653561884f24847ee
SHA256 2bcb1d075e3b2ac88eada3a6bea8747bd7c5216775b6f3cd4839505d6c899ba1
SHA3 70eb2695b0568618719f5f9b6fec1c0506ea03285ca16077af6c7b35a5765df6
VirtualSize 0x4b0
VirtualAddress 0x4000
SizeOfRawData 0x600
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.12044

.rsrc

MD5 d2723e379e38d3371a65f0bcdcb9f6cf
SHA1 ce93c8c8abf4ca40637bb65b935797fcefa9ad3e
SHA256 1c8441b8a7a4c9afedaba3fbad217b57ad3d0cd02de4a0665917a7d1cb8baa64
SHA3 ac583003c4cb640a22b03df07d5d0c0e0a6ee8f4cebeccf5091ecf977dcf5846
VirtualSize 0xcf8
VirtualAddress 0x5000
SizeOfRawData 0xe00
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.97566

.reloc

MD5 4ca12a3033f6bab3d878532bcc0edb66
SHA1 ade5bb61079270c5789b1cd802ef1a22c75b1c9b
SHA256 148a2745d5b72653f3903df3bf992d92007ec88c392df7e1ed51f63e85856eda
SHA3 3c883cac022efaa340ca76f839dbfe8d86d48aaa44406130323233a1a7857e14
VirtualSize 0x1a8
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.46526

Imports

ADVAPI32.dll EventRegister
EventWriteTransfer
EventUnregister
KERNEL32.dll GetModuleHandleExW
RaiseException
HeapSetInformation
GetProcAddress
FreeLibrary
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
msvcrt.dll __p__fmode
_controlfp
?terminate@@YAXXZ
free
_XcptFilter
__p__commode
_amsg_exit
__setusermatherr
_initterm
_cexit
_exit
exit
__set_app_type
__getmainargs
_except_handler4_common
ole32.dll CoInitialize
CoUninitialize
CoCreateInstance
OLEAUT32.dll #6
#2

Delayed Imports

1

Type MUI
Language English - United States
Codepage UNKNOWN
Size 0xd0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.7175
MD5 e68f183504c58c1f278dab3a17e81b6d
SHA1 215e7bff9b5646e34b5e85847d2e2c54ed0c8ccd
SHA256 0662b3bd1313dfb47cbb0642cee8faac356269eadb86551c7649cd0029c44461
SHA3 1b9d3b6effbcec777fe4d64e95f947dc1920a68ef0ae81bfd5f84dbd9ff23bae

1 (#2)

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.91761
MD5 0251a96f42ebf53d6f84652754d6097a
SHA1 e189912402dd0e79051205384b282ec5a2fb5ba3
SHA256 8f121913bd0e7e7e65ce3aa73c78e1c845fa38e34a466eaa1b90b3bd6b824351
SHA3 07ea01622ef4a95a3dddf7242f500f6a5f66aab2103d537eb184002b4555efd4

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.63573
MD5 fe00fa1899b982591a3ba73e3559dca8
SHA1 24ac7852b7b2e0f3bd4540c0a87e3b0fd6c09792
SHA256 e0e96d9240bbe911bcea09406a926f15b697d74d233c7bb4a37a7ff2bddc1ab9
SHA3 b8bc3868dd49220e68e5346a69dd2366a0bf81d416f05a6e23b44a26106b318e

4000

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37086
Detected Filetype Icon file
MD5 d59e0d372ea5fd8c1f4de744376a6af4
SHA1 6883ce60e71a83424db0b41d0ab6bf61080e3de2
SHA256 b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b
SHA3 5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x394
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.49985
MD5 5f5a71d899cb9942b4cf55cb2b3f76cf
SHA1 1599b1477481c03cdfe5dbfd47c6d3b723ef4474
SHA256 dcf04c3fe0bd2da6eb41637e9f5fd0c19d43a138ad710c090a17d22c2f527eeb
SHA3 f1220cd1e209cf8f32840a53ded37e9864322c3850ffba957c6fd4e9a9e29ce5

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x2a4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91911
MD5 e08034b34068636ebc17c148408453c7
SHA1 94233811bbc412f9ba73d76f57168bf5ddfe8be5
SHA256 340eb960ae6a9658d9f06895b02298bb66a79232f186fbffb04a5bec0e8e9c2c
SHA3 bafd098dac862b478e28fc03a21fde050836ed766bc57f3c514c4a32da21ed94

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.18362.1
ProductVersion 10.0.18362.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Windows Winhlp32 Stub
FileVersion (#2) 10.0.18362.1 (WinBuild.160101.0800)
InternalName WINHSTB
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename WINHLP32.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.18362.1
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2025-Nov-19 14:46:05
Version 0.0
SizeofData 36
AddressOfRawData 0x12fc
PointerToRawData 0x6fc
Referenced File winhstb.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2025-Nov-19 14:46:05
Version 0.0
SizeofData 604
AddressOfRawData 0x1320
PointerToRawData 0x720

UNKNOWN

Characteristics 0
TimeDateStamp 2025-Nov-19 14:46:05
Version 0.0
SizeofData 36
AddressOfRawData 0x157c
PointerToRawData 0x97c

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40302c
SEHandlerTable 0x401270
SEHandlerCount 1
GuardCFCheckFunctionPointer 4210864
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x2d7500b3
Unmarked objects 0
ASM objects (26715) 1
C objects (26715) 20
C++ objects (26715) 2
Imports (26715) 11
Total imports 43
265 (26715) 1
Resource objects (26715) 1
Linker (26715) 1

Errors

<-- -->