Manalyze report for e4fd2ef76655034d0bba9c02787a88716602bc7f7e1667ede55f77b1fac5e1a6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Mar-07 02:57:17
Detected languages	English - United States
Debug artifacts	C:\MeshAgent\MeshAgent\Release\MeshService64.pdb
CompanyName
FileDescription	Java AppX Deployment
FileVersion	`12.0.22621`
InternalName	svc
LegalCopyright	Microsoft Corporation(R). All rights reserved
OriginalFilename	svrun.exe
ProductName	Security Center
ProductVersion	`12.0.22621`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: alumni.caltech.edu apache.org caltech.edu github.com http://opensource.org http://www.apache.org http://www.apache.org/licenses/LICENSE-2.0 http://www.zlib.net https://github.com meshcentral.com opensource.org swarm.meshcentral.com www.apache.org www.zlib.net`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA LoadLibraryExW` `Can access the registry: RegCreateKeyW RegSetValueExA RegDeleteKeyA RegCloseKey RegOpenKeyExA RegSetValueExW` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW` `Uses Windows's Native API: ntohs ntohl` `Uses Microsoft's cryptographic API: CryptAcquireCertificatePrivateKey CryptMsgClose CryptMsgUpdate CryptExportPublicKeyInfo CryptMsgOpenToEncode CryptSignAndEncodeCertificate CryptMsgGetParam CryptEncodeObject CryptMsgCalculateEncodedLength CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptAcquireContextW CryptReleaseContext CryptDestroyKey` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Uses functions commonly found in keyloggers: CallNextHookEx MapVirtualKeyA GetForegroundWindow` `Leverages the raw socket API to access the Internet: WSACloseEvent htons htonl gethostname ntohs ntohl WSAGetLastError ioctlsocket recv WSASetLastError send getsockname WSASocketW listen closesocket bind accept __WSAFDIsSet setsockopt socket sendto getsockopt recvfrom connect shutdown WSAIoctl GetAddrInfoW WSAResetEvent WSAEventSelect WSAStartup WSACreateEvent WSACleanup FreeAddrInfoW select` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges DuplicateTokenEx CheckTokenMembership` `Interacts with services: OpenServiceA OpenSCManagerA QueryServiceStatus` `Enumerates local disk drives: GetDriveTypeA GetDriveTypeW` `Manipulates other processes: OpenProcess` `Can take screenshots: GetDC BitBlt CreateCompatibleDC` `Interacts with the certificate store: CertAddEncodedCertificateToStore CertAddCertificateContextToStore CertOpenStore` `Can shut the system down or lock the screen: ExitWindowsEx InitiateSystemShutdownA`
Info	The PE is digitally signed.	`Signer: remotelink.in-ebdf7c` `Issuer: MeshCentralRoot-4b0571`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`f689703a8598d88edbb8411833ea46bb`
SHA1	`73ef2476e0cefbdca1db311e9211a054f05524ac`
SHA256	`e4fd2ef76655034d0bba9c02787a88716602bc7f7e1667ede55f77b1fac5e1a6`
SHA3	`7711a9c3578813da23696d9a6093dd6045e98327db0f6cd7088ae5e3c0ab5dc1`
SSDeep	`49152:3dZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxj5n:NHvfGfZvZj1/N/z/oj1`
Imports Hash	`fb0a8b4a81655f744a37af985e009476`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2025-Mar-07 02:57:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x206400`
SizeOfInitializedData	`0x13da00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000001DA03C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x372000`
SizeOfHeaders	`0x400`
Checksum	`0x34abd7`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a9817b085a6ee98d7dfb7b2c892f73d3`
SHA1	`22a29681723d2b241b11d203db493d07fdc7cf51`
SHA256	`430d837a264f1a0c0709dbc2dc01b5f54911a1cb37a91e45b0a410043f5c50ae`
SHA3	`f60eaf3c5f4afe7ab926921580b1e8b7f8c59eb1f179d769f2ba02d072bcbacc`
VirtualSize	`0x20639a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x206400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45964`

.rdata

MD5	`c94d0b2d591db26bd2c33e82badc9fe9`
SHA1	`23dc73457febad471518012fabff260ed0387b3c`
SHA256	`dbab31479f9ed42a4288676e3fa8da1b549ab40925292fb727fc921c46eca96d`
SHA3	`42dfbdd739bccb81399494bf927f963c03dc75f1f3a1abddad17d53af4b0ef3f`
VirtualSize	`0xf7036`
VirtualAddress	`0x208000`
SizeOfRawData	`0xf7200`
PointerToRawData	`0x206800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.44889`

.data

MD5	`bd4c1e1f1c328e25a4cc0cadf9c1dfe6`
SHA1	`0d007c0fb6c542999fda07688e7a71cb955138e9`
SHA256	`54240a970eba403d01492829a903ce8430e0846acaffbb80d3a5dba4f7e1e7f0`
SHA3	`8aea3a765448fbbc05ac39a9d989ca7241c4551f0a18252a7b8c208d57b51899`
VirtualSize	`0x325b8`
VirtualAddress	`0x300000`
SizeOfRawData	`0x9c00`
PointerToRawData	`0x2fda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.67829`

.pdata

MD5	`da52a4b4aec4e0f58ed7393331dcfd6b`
SHA1	`f64c7f9da4c6867d0642840707b425eb9f2ad4b5`
SHA256	`3e02d24eacf19b7bc85efa81c1cc7a173a270b40b935ba3c9d6c5a7b3800b2d5`
SHA3	`3a6ff808c3d172e2484b542639662e279523dea3eb117d458992089847414862`
VirtualSize	`0x196c8`
VirtualAddress	`0x333000`
SizeOfRawData	`0x19800`
PointerToRawData	`0x307600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.23512`

.gfids

MD5	`667d681fe7de616f6047f16f3bed8ca8`
SHA1	`934152682f300a5291456040ee3be34d5db70d47`
SHA256	`b45d8565fd13dae0a0151bbfa3888ffaf6637bbeabd3752b7e5f7a75d9f17bc4`
SHA3	`b91b744324879ff2acefacd92ee2e1cc76afaf2868bf6324e0af69ecb3501271`
VirtualSize	`0xc4`
VirtualAddress	`0x34d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x320e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.92911`

.rsrc

MD5	`0df04ecd8e7d5df5a5a08f23a91bebb2`
SHA1	`144a72d214ef4537c5bdca394f297d29c72f70dd`
SHA256	`a8e930b86f03f3c2c4105acbb734768d854f44811ee01bdea1a9600218f6623d`
SHA3	`ede2bdfeac5d2927095520e081cbbab6774ddaa21a97983e03118ea08724e52e`
VirtualSize	`0x1e478`
VirtualAddress	`0x34e000`
SizeOfRawData	`0x1e600`
PointerToRawData	`0x321000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0039`

.reloc

MD5	`1f9ea07ad6c696807ada9a7c6b072180`
SHA1	`b7a8e2b10103e7e334a7929c26b4811417fbc8b8`
SHA256	`5c5876ece863473b8d46f47a38085cda852842ae1ebfbd4afc9813f9697594a2`
SHA3	`e5afd0ef73276928aedf8530de88818de1903e5778709fdffd576a3465a51864`
VirtualSize	`0x4b8c`
VirtualAddress	`0x36d000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x33f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45192`

Imports

COMCTL32.dll	`InitCommonControlsEx`
dbghelp.dll	`SymInitialize` `SymGetModuleBase64` `SymGetLineFromAddr64` `SymFunctionTableAccess64` `SymFromAddr` `StackWalk64` `MiniDumpWriteDump`
IPHLPAPI.DLL	`GetAdaptersAddresses` `SendARP` `ConvertLengthToIpv4Mask` `GetAdaptersInfo`
WS2_32.dll	`WSACloseEvent` `htons` `htonl` `gethostname` `ntohs` `ntohl` `WSAGetLastError` `ioctlsocket` `recv` `WSASetLastError` `send` `getsockname` `WSASocketW` `listen` `closesocket` `bind` `accept` `__WSAFDIsSet` `setsockopt` `socket` `sendto` `getsockopt` `recvfrom` `connect` `shutdown` `WSAIoctl` `GetAddrInfoW` `WSAResetEvent` `WSAEventSelect` `WSAStartup` `WSACreateEvent` `WSACleanup` `FreeAddrInfoW` `select`
CRYPT32.dll	`CertFindCertificateInStore` `CertDuplicateCertificateContext` `CertDeleteCertificateFromStore` `CryptAcquireCertificatePrivateKey` `CertAddEncodedCertificateToStore` `CryptMsgClose` `CryptMsgUpdate` `CryptExportPublicKeyInfo` `CertCreateSelfSignCertificate` `CertFreeCertificateContext` `CryptMsgOpenToEncode` `CertAddCertificateContextToStore` `PFXExportCertStore` `CryptSignAndEncodeCertificate` `CertCloseStore` `CertStrToNameA` `CryptMsgGetParam` `CryptEncodeObject` `CertSetCertificateContextProperty` `CertGetCertificateContextProperty` `CryptMsgCalculateEncodedLength` `CertOpenStore` `CertStrToNameW` `CertEnumCertificatesInStore`
gdiplus.dll	`GdipGetImageEncoders` `GdiplusShutdown` `GdipCloneImage` `GdipAlloc` `GdipDisposeImage` `GdipFree` `GdipGetImageEncodersSize` `GdipLoadImageFromStream` `GdipSaveImageToStream` `GdiplusStartup`
ncrypt.dll	`NCryptCreatePersistedKey` `NCryptFreeObject` `NCryptSetProperty` `BCryptCloseAlgorithmProvider` `BCryptGenRandom` `NCryptOpenStorageProvider` `BCryptOpenAlgorithmProvider` `NCryptFinalizeKey`
KERNEL32.dll	`InitializeSListHead` `GetStartupInfoW` `RtlUnwindEx` `GetFullPathNameW` `GetStdHandle` `WriteFile` `LoadLibraryExA` `GetModuleFileNameW` `GetSystemPowerStatus` `OpenProcess` `MultiByteToWideChar` `Sleep` `GetLastError` `CloseHandle` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `GetProcAddress` `SetEnvironmentVariableA` `CreateProcessW` `FreeLibrary` `WideCharToMultiByte` `GetCurrentThreadId` `GetModuleHandleA` `WaitForSingleObjectEx` `CreateThread` `QueueUserAPC` `OpenThread` `ReadFile` `LoadLibraryA` `SleepEx` `SetSystemPowerState` `GetCurrentProcess` `SetThreadExecutionState` `HeapFree` `HeapAlloc` `GetProcessHeap` `SystemTimeToFileTime` `GetSystemTime` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `QueryPerformanceCounter` `ReleaseSemaphore` `WaitForSingleObject` `CreateSemaphoreA` `CancelIo` `FindFirstFileW` `FindNextFileW` `RemoveDirectoryW` `GetFinalPathNameByHandleW` `GetDriveTypeA` `SetFilePointer` `FindFirstVolumeA` `FindClose` `CreateFileW` `GetVolumePathNamesForVolumeNameA` `GetFileAttributesExW` `ReadDirectoryChangesW` `FindNextVolumeA` `FindVolumeClose` `GetDiskFreeSpaceExA` `CreateEventA` `GetModuleHandleExA` `WaitForMultipleObjectsEx` `CreateNamedPipeA` `DisconnectNamedPipe` `CreateFileA` `CancelIoEx` `LocalFree` `ConnectNamedPipe` `SetConsoleMode` `GetConsoleMode` `SetConsoleOutputCP` `IsDebuggerPresent` `TerminateProcess` `GetTempPathW` `CancelSynchronousIo` `SetEvent` `ResetEvent` `IsProcessorFeaturePresent` `GetCurrentProcessId` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `CopyFileW` `RtlCaptureContext` `SuspendThread` `ResumeThread` `DuplicateHandle` `GetTickCount64` `GetCurrentThread` `GetOverlappedResult` `GetThreadContext` `WTSGetActiveConsoleSessionId` `GetExitCodeProcess` `SetEndOfFile` `DeleteFileW` `SetFilePointerEx` `SetConsoleCtrlHandler` `FreeConsole` `LoadLibraryExW` `SetLastError` `GetFileType` `GetModuleHandleW` `SwitchToFiber` `DeleteFiber` `CreateFiber` `GetSystemTimeAsFileTime` `ConvertFiberToThread` `ConvertThreadToFiber` `GetEnvironmentVariableW` `ReadConsoleA` `ReadConsoleW` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `ExitProcess` `GetModuleHandleExW` `CreateDirectoryW` `GetConsoleCP` `MoveFileExW` `SetEnvironmentVariableW` `GetTimeZoneInformation` `SetStdHandle` `GetDriveTypeW` `PeekNamedPipe` `GetCommandLineA` `GetCommandLineW` `GetACP` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetStringTypeW` `HeapReAlloc` `FlushFileBuffers` `WriteConsoleW` `GetCPInfo` `FindFirstFileExW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlLookupFunctionEntry` `GetThreadId` `RtlVirtualUnwind` `IsValidCodePage` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `RaiseException` `HeapSize` `RtlPcToFileHeader` `QueryPerformanceFrequency` `EncodePointer`
USER32.dll	`EndDialog` `SetWindowTextW` `GetWindowPlacement` `ShowWindow` `GetDlgCtrlID` `SetWindowPlacement` `SetWindowTextA` `IsDlgButtonChecked` `GetDlgItem` `CheckDlgButton` `DialogBoxParamW` `EnableWindow` `MessageBeep` `ExitWindowsEx` `GetUserObjectInformationA` `EnumDisplayMonitors` `GetSystemMetrics` `SetThreadDesktop` `GetThreadDesktop` `CloseDesktop` `BlockInput` `GetMonitorInfoA` `OpenInputDesktop` `GetKeyState` `GetMessageA` `GetMessageExtraInfo` `SendMessageW` `LoadCursorA` `DestroyWindow` `GetDC` `PostMessageA` `GetIconInfo` `CallNextHookEx` `GetCursorInfo` `SetWindowsHookExA` `MapVirtualKeyA` `GetForegroundWindow` `UnhookWindowsHookEx` `DefWindowProcA` `CreateWindowExA` `TranslateMessage` `UnregisterClassA` `DrawIconEx` `SetWinEventHook` `RegisterClassExA` `UnhookWinEvent` `SetForegroundWindow` `ReleaseDC` `SendInput` `SetProcessDPIAware` `MessageBoxW` `GetUserObjectInformationW` `GetProcessWindowStation` `DispatchMessageA` `CreateWindowExW` `GetWindowRect`
GDI32.dll	`SetBkMode` `SetBkColor` `CreateSolidBrush` `BitBlt` `StretchBlt` `DeleteDC` `SetStretchBltMode` `CreateCompatibleBitmap` `GetObjectA` `SelectObject` `CreateCompatibleDC` `GetDIBits` `DeleteObject` `SetTextColor` `GetStockObject`
ADVAPI32.dll	`CloseServiceHandle` `AllocateAndInitializeSid` `CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `CryptCreateHash` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptAcquireContextW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `StartServiceCtrlDispatcherA` `RegCreateKeyW` `RegSetValueExA` `RegDeleteKeyA` `RegCloseKey` `RegOpenKeyExA` `OpenProcessToken` `InitiateSystemShutdownA` `LookupPrivilegeValueA` `AdjustTokenPrivileges` `CryptReleaseContext` `RegSetValueExW` `CryptDestroyKey` `InitializeSecurityDescriptor` `SetEntriesInAclA` `SetSecurityDescriptorDacl` `DuplicateTokenEx` `CreateProcessAsUserW` `SetTokenInformation` `OpenServiceA` `CheckTokenMembership` `FreeSid` `RegisterServiceCtrlHandlerExA` `OpenSCManagerA` `SetServiceStatus` `QueryServiceStatus`
SHELL32.dll	`ShellExecuteExW`
ole32.dll	`CoInitializeEx` `CreateStreamOnHGlobal` `CoUninitialize`

Delayed Imports

103

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

111

Type	`AFX_DIALOG_LAYOUT`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`c4103f122d27677c9db144cae1394a66`
SHA1	`1489f923c4dca729178b3e3233458550d8dddf29`
SHA256	`96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7`
SHA3	`762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce`

108

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1d4e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02969`
MD5	`fbea7bd8f964843026170092c46166c5`
SHA1	`a7b4b4aff0fe2a2600ce351aabbf1f06a3ba6081`
SHA256	`8186d5bfc6ffd913de46849fcd30af2450197f033b014081f0766a5af9d6fc00`
SHA3	`90694d80f1feb093862b8e01f13b0fc09d22074db44936683ed7a322df28e3bf`
Preview

103 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28483`
MD5	`395d5a5c457b4367c39e281d87800bee`
SHA1	`738a207649257df0d8c6dcfcd20805e402ae0236`
SHA256	`dcaf1ef1811a601fc745a78e16c2b4fa802b3f54d7e48492b9551262978ea87f`
SHA3	`e82bc24d40221ab9ead2f1f9b153e2291f3f5e5dfeb83076caf235b6ef0ee30e`

111 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3c6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20053`
MD5	`935c43b4263fb617a80ce239c56bfed9`
SHA1	`04fd7d62948f34e138b01748f0097b798b9c96d5`
SHA256	`2e5a68cde00d70b8abc59754e3461baf30a8c6457cd7ed00be8c7a8bf2a1b684`
SHA3	`4b32467aed17984b22f09c99339af115e6bb3e6b1a6e5e839d8243e1b5b301bd`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2ec`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35394`
MD5	`9ca66419197c6a60859441b874b3eb67`
SHA1	`577e590222a516e8b64fb1087102cbd544da4abb`
SHA256	`aefd207bcbb9849868fe0aedae6d673f7fd1c041f804b4799c9235946f51b472`
SHA3	`585b45030dfa70324576c7622ef0c36be0700f66cddaa5b0863db01d75379272`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x32a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13808`
MD5	`49313f90a913af591a096a14f9b6076f`
SHA1	`e12e40e226f7be9600745b9c234af1b2f04297d2`
SHA256	`953fed19953e6a62dc14313af29bc22a8ed10edca835f944b0fadd00e316802d`
SHA3	`40438553c09909e0d51a024cf281d6d17fa8945c6e5a0ec9446bc6aea0addc6b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName
FileDescription	Java AppX Deployment
FileVersion (#2)	12.0.22621
InternalName	svc
LegalCopyright	Microsoft Corporation(R). All rights reserved
OriginalFilename	svrun.exe
ProductName	Security Center
ProductVersion (#2)	12.0.22621

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Mar-07 02:57:17
Version	`0.0`
SizeofData	`73`
AddressOfRawData	`0x2e73bc`
PointerToRawData	`0x2e5bbc`
Referenced File	C:\MeshAgent\MeshAgent\Release\MeshService64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Mar-07 02:57:17
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2e7408`
PointerToRawData	`0x2e5c08`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Mar-07 02:57:17
Version	`0.0`
SizeofData	`776`
AddressOfRawData	`0x2e741c`
PointerToRawData	`0x2e5c1c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Mar-07 02:57:17
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140303ed0`

RICH Header

XOR Key	`0xce077f6f`
Unmarked objects	`0`
241 (40116)	`20`
243 (40116)	`176`
242 (40116)	`38`
199 (41118)	`1`
ASM objects (VS2015 UPD3 build 24123)	`10`
C++ objects (VS2015 UPD3 build 24123)	`33`
C objects (VS2015 UPD3 build 24123)	`25`
C objects (VS2015 UPD3.1 build 24215)	`496`
209 (65501)	`1`
208 (65501)	`1`
Imports (65501)	`29`
Total imports	`398`
C objects (LTCG) (VS2015 UPD3.1 build 24215)	`53`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

Errors

[*] Warning: [plugin_authenticode] Hashing algorithm 2.16.840.1.101.3.4.2.2 is not supported.

Leave a comment

No comments yet.