Manalyze report for df73d52fdce65f90a2e49efb5248c77c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2032-Jul-03 02:47:10
Detected languages	English - United States
Debug artifacts	hh.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft® HTML Help Executable
FileVersion	`10.0.18362.1 (WinBuild.160101.0800)`
InternalName	HH 1.41
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	HH.exe
ProductName	HTML Help
ProductVersion	`10.0.18362.1`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegOpenKeyExW RegOpenKeyExA RegQueryValueExA RegCloseKey RegQueryValueExW`
Safe	VirusTotal score: 0/71 (Scanned on 2020-02-11 18:34:27)	`All the AVs think this file is safe.`

Hashes

MD5	`df73d52fdce65f90a2e49efb5248c77c`
SHA1	`f1452ccf7368531b7abac984582e9607a311a9c6`
SHA256	`85518d00317a597dc83ee3fb78743538b9444664273bd592df16603d2c3e4c28`
SHA3	`c176aada3545a67bb4258621a05a4c7fce7e8a764cb31c516dfd269e50344094`
SSDeep	`192:WZ4u9mdac1vr3r9cemMRB/BE06YU/Um5GJ1KDJD/oWcG:WZ45Mc5v9ZZE0TUI1KDWWcG`
Imports Hash	`d3d9c3e81a404e7f5c5302429636f04c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2032-Jul-03 02:47:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1200`
SizeOfInitializedData	`0x3600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000017F0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0x7c67`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c8bac6e54f42beb0006205b97f11f37d`
SHA1	`c0612ca5438ef00a9b556a51d997b0d5db6fc38c`
SHA256	`8d8f473aeeaf0ed21d158ac0984e00acaeee4b94299da0a40a37d422c1e4ad8b`
SHA3	`60eca5dd4c54a9cb68338d22e5d2544807b0011424025ffc6fe1c24fe696d6c7`
VirtualSize	`0x1070`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.77638`

.rdata

MD5	`2ce0974ff2d023c14dbc7a43213dc7b9`
SHA1	`de881574fccb713c2dee0951aa45835fb26ddb0e`
SHA256	`32c6b48d637bf10bbbbc34dc23c3df196e79df6f015ebf8e88bd3b8c09306fba`
SHA3	`dcbaa789887ccfb673f7d8091f066036f4d44ab818df69962011517ddd9e10e3`
VirtualSize	`0xc92`
VirtualAddress	`0x3000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.07577`

.data

MD5	`faaef9cd90101840434e88223aaa01c4`
SHA1	`b26a3f243dec95f30c00cd3ba0cab912a21f8ee6`
SHA256	`b7c89bb3a2c6caa9696d245fc8edcc1c7e6c05d72aa3d59032383639e4adce12`
SHA3	`2f217d19a05a073f0c8a399bfe04047db4f451ef1dcb72cf143a18fb5b348b13`
VirtualSize	`0x600`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.301407`

.pdata

MD5	`6cbf8bb2ad8c5a0b6cbf57c8b1636224`
SHA1	`e30f095c533e7a17cfd0547ec0ef4f2619b59f99`
SHA256	`c48f4524244cb053c5437edc18a2886d1e948e0386082933fd7142da680cba3f`
SHA3	`c746c7a620ce79931e05f826b130b38990d4193f926f45c239e9b4549cd48e65`
VirtualSize	`0x108`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.17798`

.rsrc

MD5	`5dc90b928b1213768105ab032a11324c`
SHA1	`ea1870fbe207d7d678c522be910d1124681d77cf`
SHA256	`949ea22f25fccd7e0c57a348ea9b3ac0b9bd639a36c49629fbaff271b4b61005`
SHA3	`cc2c7b32a5159fd5dafaaac2d2c7c74777d89965c4d8a3a62b233b138d4ca83f`
VirtualSize	`0x1cc8`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.75764`

.reloc

MD5	`106c756020921b8eb98b58c96356f6a4`
SHA1	`887ada0b3a742b45d68b5baf0f53e597105ba318`
SHA256	`9860a4d339b675fc7e8fcd15032c0e487155e552b893820103890fc8c4a4afd5`
SHA3	`63d796493987b590ae4fdec537587c9272185ed1ac2ddde1fb40bfc37cb2566e`
VirtualSize	`0x20`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.398758`

Imports

ADVAPI32.dll	`RegOpenKeyExW` `RegOpenKeyExA` `RegQueryValueExA` `RegCloseKey` `RegQueryValueExW`
KERNEL32.dll	`ExpandEnvironmentStringsA` `LoadLibraryA` `HeapSetInformation` `SetProcessDEPPolicy` `GetProcAddress` `FreeLibrary` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `GetModuleHandleW` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStartupInfoW` `GetSystemTimeAsFileTime` `Sleep` `GetTickCount`
msvcrt.dll	`?terminate@@YAXXZ` `_fmode` `_acmdln` `_initterm` `__setusermatherr` `_ismbblead` `_cexit` `_exit` `exit` `__set_app_type` `__getmainargs` `_amsg_exit` `_XcptFilter` `_vsnprintf` `_commode` `__C_specific_handler` `memset`

Delayed Imports

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66424`
MD5	`9d310de00a30d29162525fdffe209f07`
SHA1	`34c7f7b6af5e4a8405fe2838fbf5202c6344b779`
SHA256	`938562d7b20607dc69b786f058a5f3f8dde6320702a82a2967592f5bb82b6c92`
SHA3	`e06c9b4f03bbb226b28aa007254db3a1bafebaf30d478be7e199e3255c0fb577`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.43026`
MD5	`a15d21cc7602b094e7943e3281a6a337`
SHA1	`11d66d898165d011e96cb34b4d173d04c0d2dd29`
SHA256	`a1f4a6aa9967c54c53618fff09e54bff3beff4530621a911b56610396cb715c8`
SHA3	`0a6d0682b97eb71750536a2cf64af6f1056a9ddef490e248af1cdc75b6bdfe2e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94671`
MD5	`2ca22dc22d1a493663603332e5f180cd`
SHA1	`7f49ca712816ae26b3cad94bc1eb8748648b85c6`
SHA256	`84d1b03afd96d12e2ab99ffa86d0599d844904473201a73272c99ce19798fbf8`
SHA3	`80f5ac67ea9deaaab68ac534ddae11531a072ca5817edea129870a0c830d58b4`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79665`
MD5	`f632e66d0b13fce7970f3ef4616d55ed`
SHA1	`e41e272832ba7bf5af23a2d5ea4ea5668be58da5`
SHA256	`279d66e5204e974e0d78e0a3743db12fee5f6e13e0bf49e19f7db9b55ffe1e10`
SHA3	`de3a953c7a1736d38b02e7dd6446cce92dcc610142599d7e8d899e2a5aa2a4d0`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7193`
Detected Filetype	Icon file
MD5	`55d84fb3a4ae16307380358dbdfa6fda`
SHA1	`3f9366c8f1a24eb83bdf4c0ba4c80a970a2b90bc`
SHA256	`d1e1a7d27e0fc5855a5fc12f5a47f67edee075f769133b855d864b153a981e5a`
SHA3	`7a45bbe9f31df96fc5a48d2c80fe6d7f20ee640ea8c6aaa81e068fceb05f0fd5`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x364`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45938`
MD5	`0c28c47501fa468a50abad46c59571f3`
SHA1	`745fe6704b5e2c279ce765b973b9ddeeda230b2d`
SHA256	`09e8f552a737db9bb683ec09ac23d8d5b03c87cf11ca6b5dd4d822a10b743142`
SHA3	`e5eca40baa64469585c63f42fa4e7d2bf6f740fe875edfed19060b03aef7ec39`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92826`
MD5	`334b7f09d78fe609a159b80951c1572a`
SHA1	`0640ac14e73380af9c8fdc3c5da564b4062c71da`
SHA256	`54aa9473f44574846834fbecabc1de4cbed89c35230ebdd157bd2065c4a5b897`
SHA3	`8750d1fa95b8e166e0d02de28140eb34b150ad9fff654b7fb9fc6461fefa3abe`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.18362.1
ProductVersion	10.0.18362.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Microsoft® HTML Help Executable
FileVersion (#2)	10.0.18362.1 (WinBuild.160101.0800)
InternalName	HH 1.41
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	HH.exe
ProductName	HTML Help
ProductVersion (#2)	10.0.18362.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2032-Jul-03 02:47:10
Version	`0.0`
SizeofData	`31`
AddressOfRawData	`0x3454`
PointerToRawData	`0x1a54`
Referenced File	hh.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2032-Jul-03 02:47:10
Version	`0.0`
SizeofData	`496`
AddressOfRawData	`0x3474`
PointerToRawData	`0x1a74`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2032-Jul-03 02:47:10
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x3664`
PointerToRawData	`0x1c64`

TLS Callbacks

Load Configuration

Size	`0x108`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140004008`
GuardCFCheckFunctionPointer	`5368722056`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x369c49f6`
Unmarked objects	`0`
C++ objects (26715)	`1`
ASM objects (26715)	`2`
C objects (26715)	`18`
Imports (26715)	`7`
Total imports	`47`
264 (26715)	`1`
Resource objects (26715)	`1`
Linker (26715)	`1`

df73d52fdce65f90a2e49efb5248c77c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

2

3

101

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors