Manalyze report for e8a7b5905493d7e3a618eeb75e4762cf

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jan-24 08:13:24
Detected languages	Chinese - PRC English - United States
Debug artifacts	D:\git-SDK\windows\out_unicode\x64\Release\NtUniSdkAppsFlyer.pdb
CompanyName
FileDescription
FileVersion	`1.0.0.0`
InternalName	NtUniSdkAppsFlyer.dll
LegalCopyright
OriginalFilename	NtUniSdkAppsFlyer.dll
ProductName
ProductVersion	`1.0.0.0`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` Contains domain names: .matrix.easebar.com applog.matrix.easebar.com applog.matrix.netease.com appsflyer.com curl.haxx.se easbar.com easebar.com events.appsflyer.com example.com g0.gsf.easbar.com g0.gsf.netease.com gsf.easbar.com gsf.netease.com https://applog.matrix.easebar.com https://applog.matrix.easebar.com/client/sdk/clientlog https://applog.matrix.easebar.com/client/sdk/ff_log https://applog.matrix.easebar.com/client/sdk/open_log https://applog.matrix.netease.com https://applog.matrix.netease.com/client/sdk/clientlog https://applog.matrix.netease.com/client/sdk/ff_log https://applog.matrix.netease.com/client/sdk/open_log https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html https://events.appsflyer.com https://events.appsflyer.com/v1.0/c2s/first_open/app/ https://events.appsflyer.com/v1.0/c2s/inapp/app/ https://events.appsflyer.com/v1.0/c2s/session/app/ https://g0.gsf.easbar.com https://g0.gsf.easbar.com/feature2 https://g0.gsf.netease.com https://g0.gsf.netease.com/feature2 https://protocol.unisdk.netease.com https://protocol.unisdk.netease.com/api/template/v89/latest.json https://who.easebar.com https://who.easebar.com/ https://who.nie.netease.com https://who.nie.netease.com/ https://www.openssl.org https://www.openssl.org/docs/faq.html matrix.easebar.com matrix.netease.com netease.com nie.netease.com openssl.org protocol.unisdk.netease.com s.win.163.com unisdk.netease.com who.easebar.com who.nie.netease.com win.163.com www.openssl.org
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryA LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegOpenKeyExW RegQueryValueExW RegCloseKey RegSetValueExW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptGenRandom CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: ioctlsocket gethostname getnameinfo shutdown htonl ntohl recvfrom listen accept freeaddrinfo getaddrinfo WSAIoctl setsockopt ntohs htons getsockopt getsockname getpeername connect closesocket bind send recv WSASetLastError select __WSAFDIsSet socket WSAGetLastError WSACleanup WSAStartup WSASetEvent sendto` `Enumerates local disk drives: GetDriveTypeW` `Interacts with the certificate store: CertOpenStore`
Info	The PE is digitally signed.	`Signer: NetEase (Hangzhou) Network Co.` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/74 (Scanned on 2024-07-23 07:28:02)	`All the AVs think this file is safe.`

Hashes

MD5	`e8a7b5905493d7e3a618eeb75e4762cf`
SHA1	`4e54b8cb73dc1ab6415e79c10f5c402e9956e187`
SHA256	`ad3461e4468d530b79797bb5744a76bca7863baed2346d2eb9fbacc82e3277b8`
SHA3	`c6298c80ca46318fc03f7ab3985a8ade02dee88477b17b6d8b6621d235df3cc9`
SSDeep	`49152:Fduh1a8bAVJsUkKzNJMfMmsyEvR/slsPXlgHP4hC7pLIF9VnTh1tPFO3mV:FofidJkSdsdP4Y7ps51XjV`
Imports Hash	`1e203cdcb98f3525d52e90e3bae9f1e9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x140`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-Jan-24 08:13:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1e4400`
SizeOfInitializedData	`0xf1200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000018D774 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x2de000`
SizeOfHeaders	`0x400`
Checksum	`0x2e4e0d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`de569f2d60f2a4dad75da2665e148d2c`
SHA1	`f362d4150cdd3275363dd09c8472f32808d69775`
SHA256	`34c1a228a2cc348eae68161f6ab86efd567cbb9098e776c3b06f384bc4a4595f`
SHA3	`2b0a7c7bb0753f799f2941031ae7ddf8177663a812d9d4b5c8dbb6c760e80f42`
VirtualSize	`0x1e427e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e4400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40619`

.rdata

MD5	`d69b0a699910ead69edff52061c2c509`
SHA1	`61bf03d161543a1220b45d5dbc23cc50053b1361`
SHA256	`cb82d3def7e3aa3d4d68e33a9c30a9fdf4982a5b67390bf23f0db6089504980c`
SHA3	`747f842756bda3209c8ccae4c7981d0cee038138fe2410d27583c94f7bdf294e`
VirtualSize	`0xbbea2`
VirtualAddress	`0x1e6000`
SizeOfRawData	`0xbc000`
PointerToRawData	`0x1e4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.60649`

.data

MD5	`e8991f63b8436c9eb26224d14322d8a4`
SHA1	`2c7d7622d5b1e3119f787342efd7619fe3599975`
SHA256	`61d08eb98adec11e066960c0734082dc98c6f7387da66708659b7adedc0aef3f`
SHA3	`4f7d7e90a28603b21ac11f754f91ac7f0b973e004fe8e13b058b92d0043ec86e`
VirtualSize	`0x1694c`
VirtualAddress	`0x2a2000`
SizeOfRawData	`0x11800`
PointerToRawData	`0x2a0800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.89846`

.pdata

MD5	`2bd14edf9c0113687362b5e845d8fc08`
SHA1	`6e9139b90e21d2bb0e719a5082e1213958052ba1`
SHA256	`49e75b0551351a16ee623a09579c109206b10e160f5b4a17f93545c5bceb03b6`
SHA3	`f9a2ffdd861be348416d203fda1c9437421182120d204564cd2eca2241a2e9fb`
VirtualSize	`0x1bec4`
VirtualAddress	`0x2b9000`
SizeOfRawData	`0x1c000`
PointerToRawData	`0x2b2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.24248`

.gfids

MD5	`d88ecd0611686224b0c72349b93c52ee`
SHA1	`84cf19ad7db2c4b57b21f59b25f803b7f9e4c378`
SHA256	`0ee59d07743c9234c77426d849e7fe5b7044b2a780417c425bc10da9fec130b6`
SHA3	`e01be9379b10b259c6db3488199a19a94b75d77d23506c34bfbf485aa4351553`
VirtualSize	`0x9f4`
VirtualAddress	`0x2d5000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2ce000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.91843`

.rsrc

MD5	`a8cebdd5277601af388e56f3393694fb`
SHA1	`9a8ebd4545a69e806515dca89037018e186e7413`
SHA256	`1aa46c4825f28b2bd14ca7973e6902d2fb64872568bde5d8de67b1c89570f66a`
SHA3	`154fd6a326f924366ad2dad38f21a49dfce233ac80ca105cfcdc954cd598de7a`
VirtualSize	`0x4c4`
VirtualAddress	`0x2d6000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2cea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.53374`

.reloc

MD5	`3791016307ca4678d933a8a1f39627bb`
SHA1	`633a8d1eab5918f22c2f02b35f73d941275e72dd`
SHA256	`4be278ccdc3cdf48400ecd4a57a4ebdc0be76c18472d1c6d8af174dd4e765db3`
SHA3	`842ba1e20eff0a61145a7ae7d43cc30ea122ccb4cdd4d3279966203f94eb7b2d`
VirtualSize	`0x69ec`
VirtualAddress	`0x2d7000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x2cf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45262`

Imports

ADVAPI32.dll	`RegOpenKeyExW` `RegQueryValueExW` `RegCloseKey` `RegSetValueExW` `CryptGenRandom` `CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `CryptCreateHash` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptDestroyKey` `CryptReleaseContext` `CryptAcquireContextW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource`
WS2_32.dll	`ioctlsocket` `gethostname` `getnameinfo` `shutdown` `htonl` `ntohl` `recvfrom` `listen` `accept` `freeaddrinfo` `getaddrinfo` `WSAIoctl` `setsockopt` `ntohs` `htons` `getsockopt` `getsockname` `getpeername` `connect` `closesocket` `bind` `send` `recv` `WSASetLastError` `select` `__WSAFDIsSet` `socket` `WSAGetLastError` `WSACleanup` `WSAStartup` `WSASetEvent` `sendto`
USER32.dll	`CreateWindowExW` `RegisterClassExW` `UnregisterClassW` `PostQuitMessage` `DefWindowProcW` `WaitMessage` `PostMessageW` `PeekMessageW` `DispatchMessageW` `DestroyWindow` `GetWindowThreadProcessId` `GetWindow` `IsWindowVisible` `CallMsgFilterW` `GetQueueStatus` `MsgWaitForMultipleObjectsEx` `SetTimer` `GetProcessWindowStation` `GetUserObjectInformationW` `MessageBoxW` `TranslateMessage` `KillTimer`
WLDAP32.dll	`#200` `#143` `#46` `#211` `#60` `#45` `#50` `#41` `#22` `#26` `#301` `#27` `#30` `#79` `#35` `#33` `#32`
CRYPT32.dll	`CertCloseStore` `CertEnumCertificatesInStore` `CertGetCertificateContextProperty` `CertFreeCertificateContext` `CertDuplicateCertificateContext` `CertFindCertificateInStore` `CertOpenStore`
KERNEL32.dll	`GetConsoleCP` `WriteConsoleW` `GetModuleFileNameA` `SetFilePointerEx` `ExitThread` `SetConsoleCtrlHandler` `ExitProcess` `SystemTimeToTzSpecificLocalTime` `GetDriveTypeW` `RtlUnwindEx` `RtlPcToFileHeader` `CreateTimerQueue` `UnregisterWaitEx` `QueryDepthSList` `InterlockedFlushSList` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `ReleaseSemaphore` `DuplicateHandle` `VirtualProtect` `VirtualFree` `VirtualAlloc` `LoadLibraryExW` `FreeLibraryAndExitThread` `GetThreadTimes` `GetACP` `FlushFileBuffers` `GetFileAttributesExW` `HeapSize` `SetEndOfFile` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCommandLineA` `HeapReAlloc` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetEnvironmentStringsW` `SetStdHandle` `FreeEnvironmentStringsW` `GetLastError` `SetLastError` `FormatMessageA` `GetTickCount` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `FreeLibrary` `GetProcAddress` `Sleep` `SleepEx` `GetStdHandle` `GetFileType` `WriteFile` `GetModuleHandleW` `MultiByteToWideChar` `CloseHandle` `WaitForSingleObject` `VerSetConditionMask` `GetSystemDirectoryA` `GetModuleHandleA` `LoadLibraryA` `VerifyVersionInfoA` `ExpandEnvironmentStringsA` `ReadFile` `PeekNamedPipe` `WaitForMultipleObjects` `GetEnvironmentVariableW` `WideCharToMultiByte` `InitializeCriticalSectionAndSpinCount` `GetCurrentThreadId` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetModuleHandleExW` `FormatMessageW` `GetSystemTime` `SystemTimeToFileTime` `FindClose` `FindFirstFileW` `FindNextFileW` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `GetCurrentProcessId` `GlobalMemoryStatus` `LoadLibraryW` `GetConsoleMode` `SetConsoleMode` `ReadConsoleA` `ReadConsoleW` `GetCurrentThread` `UnregisterWait` `GetFullPathNameW` `RegisterWaitForSingleObject` `SetThreadAffinityMask` `GetProcessAffinityMask` `GetNumaHighestNodeNumber` `DeleteTimerQueueTimer` `ChangeTimerQueueTimer` `CreateTimerQueueTimer` `GetLogicalProcessorInformation` `GetThreadPriority` `SwitchToThread` `SignalObjectAndWait` `WaitForSingleObjectEx` `OutputDebugStringW` `InitializeSListHead` `GetStartupInfoW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `SetEnvironmentVariableA` `GetModuleFileNameW` `RtlCaptureContext` `GetCPInfo` `GetStringTypeW` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `EncodePointer` `CreateThread` `RaiseException` `DecodePointer` `CreateEventW` `SetEvent` `TerminateThread` `SetThreadPriority` `PostQueuedCompletionStatus` `GetTimeZoneInformation` `HeapFree` `GetCommandLineW` `CreateFileW` `HeapAlloc` `GetProcessHeap` `GetCurrentProcess` `CreateMutexW` `GetVersionExW` `GetCurrentDirectoryW` `TryEnterCriticalSection` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `CreateIoCompletionPort` `GetQueuedCompletionStatus`
ole32.dll	`CoCreateGuid`
IPHLPAPI.DLL	`GetAdaptersInfo`
WINMM.dll	`timeGetTime`

Delayed Imports

NtCreateChannelInstance

Ordinal	`1`
Address	`0x16170`

NtDestroyChannelInstance

Ordinal	`2`
Address	`0x162e0`

1

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.10594`
MD5	`4fb0907478bfa215258f598cfeb31dcd`
SHA1	`4f031aeba3c543dd53263e7933657d498a18112e`
SHA256	`9e1f4fcebad979c9b06ec46aff3df3679e37c5528dd3d6bbd061dde2273dede8`
SHA3	`3e0e7cf3df1625cdaf2249b178615cebdfb02e0342865b3c46fc5264d6dedb19`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
CompanyName
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	NtUniSdkAppsFlyer.dll
LegalCopyright
OriginalFilename	NtUniSdkAppsFlyer.dll
ProductName
ProductVersion (#2)	1.0.0.0

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Jan-24 08:13:24
Version	`0.0`
SizeofData	`89`
AddressOfRawData	`0x27c254`
PointerToRawData	`0x27aa54`
Referenced File	D:\git-SDK\windows\out_unicode\x64\Release\NtUniSdkAppsFlyer.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Jan-24 08:13:24
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x27c2b0`
PointerToRawData	`0x27aab0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Jan-24 08:13:24
Version	`0.0`
SizeofData	`852`
AddressOfRawData	`0x27c2c4`
PointerToRawData	`0x27aac4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Jan-24 08:13:24
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1802afc58`

RICH Header

XOR Key	`0x6a036040`
Unmarked objects	`0`
241 (40116)	`15`
243 (40116)	`194`
242 (40116)	`29`
C++ objects (23013)	`2`
199 (41118)	`8`
ASM objects (VS2015 UPD3 build 24123)	`8`
C++ objects (VS2015 UPD3 build 24123)	`107`
C objects (VS2015 UPD3 build 24123)	`38`
C++ objects (VS2015 UPD3.1 build 24215)	`29`
Imports (VS2008 SP1 build 30729)	`14`
C objects (VS2015 UPD3.1 build 24215)	`531`
Total imports	`307`
Imports (27412)	`11`
C objects (VS2015 build 23026)	`119`
C++ objects (LTCG) (VS2015 UPD3.1 build 24215)	`12`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

e8a7b5905493d7e3a618eeb75e4762cf

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.gfids

.rsrc

.reloc

Imports

Delayed Imports

NtCreateChannelInstance

NtDestroyChannelInstance

1

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors