| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2016-Jun-14 01:20:01 |
| Detected languages |
English - United States
|
| Debug artifacts |
D:\A\_work\38\s\bin\obj\Windows_NT.x64.Release\src\jit\standalone\Release\clrjit.pdb
|
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft .NET Runtime Just-In-Time Compiler |
| FileVersion | 1.0.24214.01 built by: dlab-DDVSOWINAGE002. Commit Hash: abbb8f685929c7aeaa087dae46fedc1bc2af4b17 |
| InternalName | clrjit.dll |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | clrjit.dll |
| ProductName | Microsoft® .NET Core |
| ProductVersion | 1.0.24214.01 built by: dlab-DDVSOWINAGE002. Commit Hash: abbb8f685929c7aeaa087dae46fedc1bc2af4b17 |
| Comments | Flavor=Retail |
| PrivateBuild | FX_VER_PRIVATEBUILD_STR |
| Info | Matching compiler(s): | MASM/TASM - sig1(h) |
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA |
| Safe | VirusTotal score: 0/65 (Scanned on 2019-03-27 17:20:50) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2016-Jun-14 01:20:01 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0xade00 |
| SizeOfInitializedData | 0x17600 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00000000000AA040 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x180000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0xca000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0xd3a50 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
CreateSemaphoreExW
ReleaseSemaphore TlsGetValue TlsSetValue TlsAlloc TlsFree CloseHandle WaitForSingleObjectEx CreateMutexW ReleaseMutex SleepEx VirtualAlloc VirtualFree VirtualQuery VirtualProtect HeapCreate HeapDestroy HeapValidate SetLastError GetCurrentThreadId QueryPerformanceCounter GetSystemTimeAsFileTime FreeLibrary GetProcAddress ResetEvent GetCurrentProcess LoadLibraryExW GetModuleFileNameW TerminateProcess IsDebuggerPresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter IsProcessorFeaturePresent GetCurrentProcessId InitializeSListHead RtlUnwindEx InterlockedFlushSList InitializeCriticalSectionAndSpinCount SetEvent CreateEventW DeleteCriticalSection InitializeCriticalSection LeaveCriticalSection EnterCriticalSection GetLastError HeapFree HeapAlloc GetProcessHeap WideCharToMultiByte OutputDebugStringA DebugBreak RaiseException DisableThreadLibraryCalls EncodePointer RtlPcToFileHeader |
|---|---|
| ADVAPI32.dll |
SystemFunction036
|
| api-ms-win-crt-math-l1-1-0.dll |
_finite
sqrt sin floor _isnan _copysign fmod _fdopen cos |
| api-ms-win-crt-stdio-l1-1-0.dll |
__stdio_common_vfprintf
_wfsopen fclose __acrt_iob_func _setmode _fileno _dup fflush |
| api-ms-win-crt-convert-l1-1-0.dll |
_wtoi
|
| api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
| api-ms-win-crt-string-l1-1-0.dll |
strcpy_s
wcsncmp strcmp |
| api-ms-win-crt-runtime-l1-1-0.dll |
_execute_onexit_table
_invalid_parameter_noinfo _errno abort terminate _cexit _crt_atexit _register_onexit_function _initialize_onexit_table _initialize_narrow_environment _configure_narrow_argv _seh_filter_dll _initterm_e _initterm |
| api-ms-win-crt-heap-l1-1-0.dll |
free
_free_base _calloc_base malloc |
| Ordinal | 1 |
|---|---|
| Address | 0x13740 |
| Ordinal | 2 |
|---|---|
| Address | 0x135c0 |
| Ordinal | 3 |
|---|---|
| Address | 0x18f0 |
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.0.24214.1 |
| ProductVersion | 1.0.24214.1 |
| FileFlags |
VS_FF_PRIVATEBUILD
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_UNKNOWN
|
| Language | English - United States |
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft .NET Runtime Just-In-Time Compiler |
| FileVersion (#2) | 1.0.24214.01 built by: dlab-DDVSOWINAGE002. Commit Hash: abbb8f685929c7aeaa087dae46fedc1bc2af4b17 |
| InternalName | clrjit.dll |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | clrjit.dll |
| ProductName | Microsoft® .NET Core |
| ProductVersion (#2) | 1.0.24214.01 built by: dlab-DDVSOWINAGE002. Commit Hash: abbb8f685929c7aeaa087dae46fedc1bc2af4b17 |
| Comments | Flavor=Retail |
| PrivateBuild | FX_VER_PRIVATEBUILD_STR |
| Resource LangID | English - United States |
|---|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2016-Jun-14 01:20:01 |
| Version | 0.0 |
| SizeofData | 109 |
| AddressOfRawData | 0xba174 |
| PointerToRawData | 0xb9374 |
| Referenced File | D:\A\_work\38\s\bin\obj\Windows_NT.x64.Release\src\jit\standalone\Release\clrjit.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2016-Jun-14 01:20:01 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0xba1e4 |
| PointerToRawData | 0xb93e4 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2016-Jun-14 01:20:01 |
| Version | 0.0 |
| SizeofData | 916 |
| AddressOfRawData | 0xba1f8 |
| PointerToRawData | 0xb93f8 |
| StartAddressOfRawData | 0x1800c7000 |
|---|---|
| EndAddressOfRawData | 0x1800c7010 |
| AddressOfIndex | 0x1800c1c50 |
| AddressOfCallbacks | 0x1800af3c0 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x94 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x1800c0000 |
| GuardCFCheckFunctionPointer | 6443168608 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
| XOR Key | 0x4e1ff7e5 |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 14 |
| C objects (65501) | 1 |
| Imports (65501) | 9 |
| Total imports | 202 |
| ASM objects (23907) | 8 |
| C++ objects (23907) | 27 |
| C objects (23907) | 17 |
| 265 (VS2015 UPD2 build 23918) | 88 |
| Exports (VS2015 UPD2 build 23918) | 1 |
| Resource objects (VS2015 UPD2 build 23918) | 1 |
| Linker (VS2015 UPD2 build 23918) | 1 |