Manalyze report for d1f4225df2cd877dbf130d5668a021dce3f94118455ff5ec952061c30afc9ce7

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2073-Nov-12 10:33:24
Detected languages	English - United States
Debug artifacts	D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb
CompanyName	Microsoft Corporation
FileDescription	MicrosoftÂ® C Runtime Library
FileVersion	`14.51.36247.0`
InternalName	vcruntime140.dll
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	vcruntime140.dll
ProductName	MicrosoftÂ® Visual StudioÂ®
ProductVersion	`14.51.36247.0`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: fothk`
Info	The PE is digitally signed.	`Signer: Microsoft Windows Software Compatibility Publisher` `Issuer: Microsoft Windows Third Party Component CA 2013`
Safe	VirusTotal score: 0/69 (Scanned on 2026-06-20 15:40:04)	`All the AVs think this file is safe.`

Hashes

MD5	`07bc2f9c4c1b07e1cc013ca0079b31ac`
SHA1	`1098f2a834146995df7a91c78f72f210d8d2d12d`
SHA256	`d1f4225df2cd877dbf130d5668a021dce3f94118455ff5ec952061c30afc9ce7`
SHA3	`30215478fa9347c0502c8836322d8ba375e0e8868d6ddad4dca647a182844922`
SSDeep	`3072:aoq3aLPst/GrhA4gBSnSQ37QwZyeBB0ecbavp7D:aofLPsmBnSQ3VyeBB0ecbaV`
Imports Hash	`cfd5d6cb7ecdafff3769e90c815d91d2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2073-Nov-12 10:33:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1ee00`
SizeOfInitializedData	`0x7800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001BA60 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`A.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2c000`
SizeOfHeaders	`0x400`
Checksum	`0x3a467`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9cdbb431f6136018f8b5fcdf9dfa7ceb`
SHA1	`dbd7768fa354251a216f8891ce4b0ee781765255`
SHA256	`d1b0e639d78a887872b958a042183c9709e6bebb9a01d165dab8aa5e2c48c4f5`
SHA3	`cc051c86dd13f136eea92dbe9803a26aa04b9c2fcb8e2e326c13e2da34c52807`
VirtualSize	`0x1ddbb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1de00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39441`

fothk

MD5	`7b60294317041b7df3325dc183610979`
SHA1	`c879a256c0243cd3855ee76db42997acb8020dba`
SHA256	`906bfcbe7629602ca5a2844f2f54c1e9beb0c83a596b63963d17f2a52494e60c`
SHA3	`b2e86d2d3f8a01da6487b5111b37c518dd7d2cf114c9942487be6bc54047371e`
VirtualSize	`0x1000`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0434792`

.rdata

MD5	`ee3af53137a38646d581bcfbade4502e`
SHA1	`286b8a4b26aa4bbe487cef0ca0d1473696560f20`
SHA256	`bc1d6f79a787c73ac13421038f41f6348dbf4d48b72538acafe58fa5b28cafbf`
SHA3	`783d9895c3d3d73eb202c6a5bcfabfc2c4370bcd3f36ea5a191a380774fd960a`
VirtualSize	`0x5032`
VirtualAddress	`0x20000`
SizeOfRawData	`0x5200`
PointerToRawData	`0x1f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.81453`

.data

MD5	`2ec351a27e5077d149c134c53fa9a4be`
SHA1	`0b898a5cd15fce034e4bdda867437be9037508a4`
SHA256	`12efa83879e8c8ad05e1e2a41d9e4a4c57e12e6b92fde5a65fb1da791311eb51`
SHA3	`5cce009adcefcd3a427b0b7d41836055ac71239285449f84169c6b14be2cedce`
VirtualSize	`0x37c`
VirtualAddress	`0x26000`
SizeOfRawData	`0x400`
PointerToRawData	`0x24400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.56043`

.pdata

MD5	`68b5a114d5873e7a1a6296f5a62f6aba`
SHA1	`164cbb9f8725b0f0ede38ea2eda58ca02d6b0254`
SHA256	`5a9622a2cce44f6dad234304a814fcfae898005a140ad7d9b75940ddb35658b8`
SHA3	`637a0ec67926fbf47df855acb269222cfc70b612b819c6ddee74732b6c6299b1`
VirtualSize	`0x1200`
VirtualAddress	`0x27000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x24800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.20921`

_RDATA

MD5	`12a800ec30532cea51cd9a945b9c49f2`
SHA1	`ad6230170501a321840b40340e34cad547b2cb91`
SHA256	`ea4b21ff82e6cab6a4e891cef7337a20407e3170dd91b97965333391c02a2f8c`
SHA3	`2f63cdf0a802ee60a1b450daaf4ecee29a207564739009c68a4dd5303233a677`
VirtualSize	`0x448`
VirtualAddress	`0x29000`
SizeOfRawData	`0x600`
PointerToRawData	`0x25a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.92637`

.rsrc

MD5	`b5f000aead391f2b000aaf30a5220d48`
SHA1	`b035e7b5a79605f1b07f46544184a345c45df198`
SHA256	`255ff1482481eda79c83637e933b9752e3ff8b522e6f027f95d18ac3f9066cde`
SHA3	`e53e3f6f4b6014c296ccc1b6956a8485964335ab58296c420e39b035ebb22a3a`
VirtualSize	`0x3d0`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x400`
PointerToRawData	`0x26000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.22063`

.reloc

MD5	`e8b54d97648625187a6cbc0500ee18a1`
SHA1	`ac380a047361f9505d6df2b2633dde569376f6c5`
SHA256	`65e661ff3bd02068bc4bf492bd7ad7ade06cf7c2c5c42c213aaf334ae7a497dc`
SHA3	`358f36837cf0bd047977282470ee1281ed1427b8cd625b0c41c3e6af60d9459f`
VirtualSize	`0x418`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x600`
PointerToRawData	`0x26400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.40747`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`terminate` `abort`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `malloc` `free`
api-ms-win-crt-string-l1-1-0.dll	`strcpy_s` `strncmp`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsprintf_s` `__stdio_common_vsprintf`
api-ms-win-crt-convert-l1-1-0.dll	`atol`
KERNEL32.dll	`EnterCriticalSection` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlUnwind` `LoadLibraryExW` `GetModuleHandleW` `GetModuleFileNameW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `EncodePointer` `RaiseException` `RtlPcToFileHeader` `InterlockedPushEntrySList` `InterlockedFlushSList` `GetLastError` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `SetLastError`

Delayed Imports

_CreateFrameInfo

Ordinal	`1`
Address	`0x1b760`

_CxxThrowException

Ordinal	`2`
Address	`0x5510`

_FindAndUnlinkFrame

Ordinal	`3`
Address	`0x1b7a0`

_IsExceptionObjectToBeDestroyed

Ordinal	`4`
Address	`0x1080`

_SetWinRTOutOfMemoryExceptionCallback

Ordinal	`5`
Address	`0x10c0`

__AdjustPointer

Ordinal	`6`
Address	`0x10d0`

__BuildCatchObject

Ordinal	`7`
Address	`0x4520`

__BuildCatchObjectHelper

Ordinal	`8`
Address	`0x4530`

__C_specific_handler

Ordinal	`9`
Address	`0x1a920`

__C_specific_handler_noexcept

Ordinal	`10`
Address	`0x1a4f0`

__CxxDetectRethrow

Ordinal	`11`
Address	`0x4550`

__CxxExceptionFilter

Ordinal	`12`
Address	`0x45a0`

__CxxFrameHandler

Ordinal	`13`
Address	`0x1b880`

__CxxFrameHandler2

Ordinal	`14`
Address	`0x1b880`

__CxxFrameHandler3

Ordinal	`15`
Address	`0x1b890`

__CxxQueryExceptionSize

Ordinal	`16`
Address	`0x47b0`

__CxxRegisterExceptionObject

Ordinal	`17`
Address	`0x47c0`

__CxxUnregisterExceptionObject

Ordinal	`18`
Address	`0x4880`

__DestructExceptionObject

Ordinal	`19`
Address	`0x1000`

__FrameUnwindFilter

Ordinal	`20`
Address	`0x1100`

__GetPlatformExceptionInfo

Ordinal	`21`
Address	`0x1170`

__NLG_Dispatch2

Ordinal	`22`
Address	`0x1bc20`

__NLG_Return2

Ordinal	`23`
Address	`0x1bc30`

__RTCastToVoid

Ordinal	`24`
Address	`0x4fc0`

__RTDynamicCast

Ordinal	`25`
Address	`0x5020`

__RTtypeid

Ordinal	`26`
Address	`0x5180`

__TypeMatch

Ordinal	`27`
Address	`0x4540`

__current_exception

Ordinal	`28`
Address	`0x11e0`

__current_exception_context

Ordinal	`29`
Address	`0x1200`

__intrinsic_setjmp

Ordinal	`30`
Address	`0x1d7e0`

__intrinsic_setjmpex

Ordinal	`31`
Address	`0x1d880`

__processing_throw

Ordinal	`32`
Address	`0x1220`

__report_gsfailure

Ordinal	`33`
Address	`0x1cfa0`

__std_exception_copy

Ordinal	`34`
Address	`0x5230`

__std_exception_destroy

Ordinal	`35`
Address	`0x52d0`

__std_terminate

Ordinal	`36`
Address	`0x1240`

__std_type_info_compare

Ordinal	`37`
Address	`0x5330`

__std_type_info_destroy_list

Ordinal	`38`
Address	`0x5360`

__std_type_info_hash

Ordinal	`39`
Address	`0x53a0`

__std_type_info_name

Ordinal	`40`
Address	`0x53e0`

__telemetry_main_invoke_trigger

Ordinal	`41`
Address	`0x5c10`

__telemetry_main_return_trigger

Ordinal	`42`
Address	`0x5c10`

__unDName

Ordinal	`43`
Address	`0x19920`

__unDNameEx

Ordinal	`44`
Address	`0x19950`

__uncaught_exception

Ordinal	`45`
Address	`0x55c0`

__uncaught_exceptions

Ordinal	`46`
Address	`0x55f0`

__vcrt_GetModuleFileNameW

Ordinal	`47`
Address	`0x5ba0`

__vcrt_GetModuleHandleW

Ordinal	`48`
Address	`0x5bb0`

__vcrt_InitializeCriticalSectionEx

Ordinal	`49`
Address	`0x5b90`

__vcrt_LoadLibraryExW

Ordinal	`50`
Address	`0x5bc0`

_get_purecall_handler

Ordinal	`51`
Address	`0x5bd0`

_get_unexpected

Ordinal	`52`
Address	`0x5610`

_is_exception_typeof

Ordinal	`53`
Address	`0x1250`

_local_unwind

Ordinal	`54`
Address	`0x19b80`

_purecall

Ordinal	`55`
Address	`0x5be0`

_set_purecall_handler

Ordinal	`56`
Address	`0x5c00`

_set_se_translator

Ordinal	`57`
Address	`0x5680`

longjmp

Ordinal	`58`
Address	`0x19b50`

memchr

Ordinal	`59`
Address	`0x1d960`

memcmp

Ordinal	`60`
Address	`0x1f010`

memcpy

Ordinal	`61`
Address	`0x1f020`

memmove

Ordinal	`62`
Address	`0x1db00`

memset

Ordinal	`63`
Address	`0x1f030`

set_unexpected

Ordinal	`64`
Address	`0x5630`

strchr

Ordinal	`65`
Address	`0x19bb0`

strrchr

Ordinal	`66`
Address	`0x19c40`

strstr

Ordinal	`67`
Address	`0x19d80`

unexpected

Ordinal	`68`
Address	`0x5660`

wcschr

Ordinal	`69`
Address	`0x1a050`

wcsrchr

Ordinal	`70`
Address	`0x1a0e0`

wcsstr

Ordinal	`71`
Address	`0x1a1c0`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47807`
MD5	`31c9b50223cc1a4f9c263b132a39fc28`
SHA1	`33deb627a8fac4e3b94a27a729fd681775566317`
SHA256	`556fd89c591bbbacec9b59b7fe48fa9ddf43436b7f3f9e5b67a160b989dbdc8d`
SHA3	`8bdc226e53d642c8461efba26817d2eb2a1b471519b4e8f85494b8dbe441ec80`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	14.51.36247.0
ProductVersion	14.51.36247.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	MicrosoftÂ® C Runtime Library
FileVersion (#2)	14.51.36247.0
InternalName	vcruntime140.dll
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	vcruntime140.dll
ProductName	MicrosoftÂ® Visual StudioÂ®
ProductVersion (#2)	14.51.36247.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2073-Nov-12 10:33:24
Version	`0.0`
SizeofData	`91`
AddressOfRawData	`0x228c8`
PointerToRawData	`0x21ac8`
Referenced File	D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2073-Nov-12 10:33:24
Version	`0.0`
SizeofData	`560`
AddressOfRawData	`0x22924`
PointerToRawData	`0x21b24`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2073-Nov-12 10:33:24
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x22b7c`
PointerToRawData	`0x21d7c`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2073-Nov-12 10:33:24
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x22ba0`
PointerToRawData	`0x21da0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180026040`
GuardCFCheckFunctionPointer	`6442582344`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x5e329c35`
Unmarked objects	`0`
Imports (33145)	`2`
Imports (VS2008 SP1 build 30729)	`11`
Total imports	`35`
Unmarked objects (#2)	`1`
C objects (35721)	`16`
C++ objects (35721)	`31`
ASM objects (35721)	`26`
Exports (35721)	`1`
Resource objects (35721)	`1`
Linker (35721)	`1`

Errors

Leave a comment

No comments yet.