Manalyze report for f6c81e0ac28dfc546adfe7b0fce6a156fafc96b6d9291cc696769b909b2f2c87

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2001-May-05 13:10:10
Detected languages	English - United States
Debug artifacts	dwm.pdb
CompanyName	Microsoft Corporation
FileDescription	Desktop Window Manager
FileVersion	`10.0.26100.8521 (WinBuild.160101.0800)`
InternalName	dwm.exe
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	dwm.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	`10.0.26100.8521`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: fothk`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: NtQueryInformationProcess NtQuerySystemInformation` `Can access the registry: RegOpenKeyExW RegQueryValueExW RegGetValueW RegSetValueExW RegCloseKey` `Uses Windows's Native API: NtUserGetDwmCursorShape NtDesktopCaptureBits NtAlpcSendWaitReceivePort NtAlpcDeletePortSection NtSetInformationProcess NtQueryInformationProcess NtQuerySystemInformation` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges CheckTokenMembership`
Safe	VirusTotal score: 0/70 (Scanned on 2026-06-09 02:28:36)	`All the AVs think this file is safe.`

Hashes

MD5	`70e24fc32922ff65dacbbc41789a0996`
SHA1	`baa7dc67b7703f5bea367f010c4844dba0f1683e`
SHA256	`f6c81e0ac28dfc546adfe7b0fce6a156fafc96b6d9291cc696769b909b2f2c87`
SHA3	`58adcd3924391ab5e9dfb19b2c8710c3e9c2f184a8d48b035c79d14e1e694cbb`
SSDeep	`3072:lwHBN3m+rUpNahloe/gpyl7Gl4kJBAU2ar:Cjm+rSNafo044wAU2a`
Imports Hash	`58e4a95addad297865b4e2d3dbc97d6f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2001-May-05 13:10:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x10000`
SizeOfInitializedData	`0x12000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000004970 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x23000`
SizeOfHeaders	`0x1000`
Checksum	`0x29722`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c45caf3b731639e5f49dce3637434726`
SHA1	`2e11bc1fcf24d9cc861d4548a03df84d267da187`
SHA256	`604ebeff99c6c49f23c95d25745e5f34a2223512b0034f809858a95ec0a68e07`
SHA3	`96f70679ac2462be8441ee482192c77ec6d04955ff472410dae8f523d8eb9e1f`
VirtualSize	`0xe3b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.91164`

fothk

MD5	`ce929b5620c0c896d7f8b44ffb9134eb`
SHA1	`4e2c60d7135879a51b7e628d1bf2610382f21c16`
SHA256	`16ecdbb445924c004cbb8ccccd60948c4da9ca42b184e266d5abde85a4a17fdc`
SHA3	`ddb42d5e2b38ec355b7d4c5e01e0587bdaae9529f68721ac907158bdfd2c08e1`
VirtualSize	`0x1000`
VirtualAddress	`0x10000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0159202`

.rdata

MD5	`7a7d87cc331352bf69c3dd3ed3898ea5`
SHA1	`de5b27346c94bc10bc5349d97344daacedfd6a01`
SHA256	`6017e461d91ed9051ee54e25169740cf4390b82756ba22c720add1215a05ed06`
SHA3	`3e01bd48b750c0507caa0647951cb866c0fb5486a29bf64ffc428ac8927fe5d1`
VirtualSize	`0x6668`
VirtualAddress	`0x11000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.43918`

.data

MD5	`75e59af6ee01ed705287679943091120`
SHA1	`efda1a076dc683f54aa77ef1dca00c9feaa1d12a`
SHA256	`c0a9f933ad53348b6ce2a2c22cb63b13af1aeb5b1fe57cee54ae413985e00352`
SHA3	`c79cfd4fff8bb58bfbffb66d1ff1e3abc96eeea0bb55fb5a7e96fe2cb79add6b`
VirtualSize	`0x4600`
VirtualAddress	`0x18000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.486443`

.pdata

MD5	`e5acd663a442c70c45e7a8994d01dd7b`
SHA1	`48d50b04e5885acef95c59182c767c361b7b4682`
SHA256	`b4e2a97a8b6cb61075ab5c4ccad406756a7c06c0f9be53d9f0534b5e0746cfca`
SHA3	`53f87b53303689549c06f5ad5eb9ceb7ab073954eef20d180f7677fb6705210b`
VirtualSize	`0x10b0`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.89786`

.didat

MD5	`da966b328dc0fdcc0f357151dfdbca2e`
SHA1	`399ad94940ef33749dd71ff5bd8a28764086e8be`
SHA256	`ddd92c20ba05cc2ddf947dc26df800ff948eb150dbfe1115bf299bd3dce8ff1a`
SHA3	`34813b6aae7a1da039a3536f9b7d667eb5f227b9f8f32f6fb12c3b3c6f916844`
VirtualSize	`0xb0`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.171386`

.rsrc

MD5	`43ae5de759223e7046a46bd1aef222bd`
SHA1	`a50fe98b9aa79b4f850353787c398f229a342697`
SHA256	`9aee1306ce6604157c9493c09fa0396ebc496c882604347bddf7deb8689273af`
SHA3	`da5b7755f57ec887ac1efabccf7a57b6260822148cda355a227e4fa6768ab088`
VirtualSize	`0x1f60`
VirtualAddress	`0x20000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x1c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.20026`

.reloc

MD5	`efa27936cff02a854bddbe2fbe0f1133`
SHA1	`ba9d565de37d542e4e46354df78ac2a772455516`
SHA256	`f5673641f44037a5ed34ed186f4604ffdde37a1a390f92baec93f1eb0847162f`
SHA3	`9748dcad0602d783dd5ba8a55a7e99e54d9417f07a5d6ebd8b0ec1fe6e0532d6`
VirtualSize	`0x1b8`
VirtualAddress	`0x22000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.840146`

Imports

api-ms-win-crt-runtime-l1-1-0.dll	`_initterm` `_set_error_mode` `_initterm_e` `_c_exit` `_register_thread_local_exe_atexit_callback` `_invoke_watson`
api-ms-win-crt-private-l1-1-0.dll	`_o__errno` `_o__exit` `_o__get_wide_winmain_command_line` `_o__initialize_onexit_table` `_o__initialize_wide_environment` `_o__invalid_parameter_noinfo` `_o__invalid_parameter_noinfo_noreturn` `_o__purecall` `_o__register_onexit_function` `_o__seh_filter_exe` `_o__set_app_type` `_o__set_fmode` `_o__set_new_mode` `memmove` `_o__wcsicmp` `_o__wtof` `_o_exit` `_o_free` `_o_malloc` `_o_terminate` `__C_specific_handler` `__CxxFrameHandler3` `__current_exception` `__current_exception_context` `_CxxThrowException` `_o__crt_atexit` `_o__configure_wide_argv` `_o__configthreadlocale` `_o___stdio_common_vswprintf` `_o__cexit` `_o__callnewh` `_o___std_exception_destroy` `_o___std_exception_copy` `_o___p__commode` `memcmp` `memcpy`
api-ms-win-crt-string-l1-1-0.dll	`memset` `wcscmp`
api-ms-win-core-windowserrorreporting-l1-1-0.dll	`WerSetFlags`
api-ms-win-core-windowserrorreporting-l1-1-3.dll	`WerSetMaxProcessHoldMilliseconds`
api-ms-win-core-windowserrorreporting-l1-1-1.dll	`WerUnregisterCustomMetadata` `WerRegisterCustomMetadata`
api-ms-win-eventlog-legacy-l1-1-0.dll	`ReportEventW` `RegisterEventSourceW` `DeregisterEventSource`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetProcAddress` `GetModuleFileNameA` `GetModuleHandleExW` `GetModuleHandleW` `GetModuleHandleExA`
api-ms-win-core-synch-l1-2-0.dll	`InitOnceComplete` `InitOnceBeginInitialize`
api-ms-win-core-synch-l1-1-0.dll	`EnterCriticalSection` `CreateEventW` `LeaveCriticalSection` `ReleaseSemaphore` `CreateSemaphoreExW` `WaitForSingleObject` `TryAcquireSRWLockExclusive` `InitializeCriticalSectionEx` `DeleteCriticalSection` `AcquireSRWLockShared` `CreateMutexExW` `ReleaseMutex` `ReleaseSRWLockShared` `ReleaseSRWLockExclusive` `OpenSemaphoreW` `WaitForSingleObjectEx` `AcquireSRWLockExclusive`
api-ms-win-core-heap-l1-1-0.dll	`HeapAlloc` `HeapFree` `HeapSetInformation` `GetProcessHeap`
api-ms-win-core-errorhandling-l1-1-0.dll	`GetLastError` `SetUnhandledExceptionFilter` `SetLastError` `SetErrorMode` `UnhandledExceptionFilter` `RaiseException`
api-ms-win-core-threadpool-l1-2-0.dll	`CreateThreadpoolTimer` `SetThreadpoolTimer` `WaitForThreadpoolTimerCallbacks` `CloseThreadpoolTimer`
api-ms-win-core-processthreads-l1-1-0.dll	`SetPriorityClass` `ProcessIdToSessionId` `ExitProcess` `GetCurrentProcessId` `OpenProcessToken` `GetCurrentThreadId` `TerminateProcess` `GetCurrentProcess` `GetStartupInfoW`
api-ms-win-core-localization-l1-2-0.dll	`FormatMessageW`
api-ms-win-core-debug-l1-1-0.dll	`DebugBreak` `OutputDebugStringW` `IsDebuggerPresent`
api-ms-win-core-handle-l1-1-0.dll	`CloseHandle`
api-ms-win-core-winrt-error-l1-1-0.dll	`RoOriginateError`
api-ms-win-core-com-l1-1-0.dll	`CoTaskMemAlloc`
api-ms-win-security-base-l1-1-0.dll	`AdjustTokenPrivileges` `CheckTokenMembership`
api-ms-win-core-registry-l1-1-0.dll	`RegOpenKeyExW` `RegQueryValueExW` `RegGetValueW` `RegSetValueExW` `RegCloseKey`
api-ms-win-core-winrt-l1-1-0.dll	`RoGetActivationFactory`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsCreateStringReference`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlVirtualUnwind` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlCaptureStackBackTrace`
api-ms-win-core-processthreads-l1-1-1.dll	`IsProcessorFeaturePresent`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTimeAsFileTime`
api-ms-win-core-interlocked-l1-1-0.dll	`InitializeSListHead`
api-ms-win-core-version-l1-1-1.dll	`GetFileVersionInfoW` `GetFileVersionInfoSizeW`
api-ms-win-eventing-provider-l1-1-0.dll	`EventSetInformation` `EventRegister` `EventUnregister` `EventWriteTransfer`
api-ms-win-core-version-l1-1-0.dll	`VerQueryValueW`
RPCRT4.dll	`RpcStringFreeW` `UuidCreate` `UuidToStringW`
api-ms-win-core-memory-l1-1-0.dll	`MapViewOfFile` `CreateFileMappingW` `UnmapViewOfFile`
api-ms-win-core-util-l1-1-0.dll	`Beep`
api-ms-win-core-psapi-l1-1-0.dll	`QueryFullProcessImageNameW`
api-ms-win-composition-redirection-l1-1-0.dll	`DwmInitializePort`
api-ms-win-composition-windowmanager-l1-1-0.dll	`#101`
api-ms-win-dx-d3dkmt-l1-1-0.dll	`D3DKMTCheckVidPnExclusiveOwnership` `D3DKMTSetProcessSchedulingPriorityClass` `D3DKMTEscape`
api-ms-win-dx-d3dkmt-l1-1-1.dll	`D3DKMTOpenAdapterFromLuid`
api-ms-win-rtcore-ntuser-private-l1-1-0.dll	`RegisterSessionPort`
api-ms-win-rtcore-ntuser-private-l1-1-2.dll	`DwmKernelStartup`
api-ms-win-rtcore-ntuser-window-l1-1-0.dll	`PostMessageW` `TranslateMessage` `DestroyWindow` `DispatchMessageW` `DefWindowProcW` `PostQuitMessage` `GetMessageW` `RegisterClassExW` `CreateWindowExW`
win32u.dll	`NtUserGetDwmCursorShape` `NtDesktopCaptureBits`
ntdll.dll	`NtAlpcSendWaitReceivePort` `RtlUnsubscribeWnfStateChangeNotification` `RtlNtStatusToDosError` `RtlSubscribeWnfStateChangeNotification` `NtAlpcDeletePortSection` `NtSetInformationProcess` `RtlFreeSid` `RtlAllocateAndInitializeSid` `RtlGetDeviceFamilyInfoEnum` `NtQueryInformationProcess` `EtwEventRegister` `EtwEventUnregister` `EtwEventWriteTransfer` `EtwEventSetInformation` `NtQuerySystemInformation` `RtlPublishWnfStateData`
dxgi.dll	`DXGIDeclareAdapterRemovalSupport`
CoreMessaging.dll	`CoreUICreate`
api-ms-win-core-apiquery-l1-1-0.dll	`ApiSetQueryApiSetPresence`
dwmcore.dll	`MilCompositionEngine_Initialize`
msvcp_win.dll	`_Query_perf_counter` `?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA` `?_Xlength_error@std@@YAXPEBD@Z` `_Query_perf_frequency`
api-ms-win-core-delayload-l1-1-1.dll	`ResolveDelayLoadedAPI`
api-ms-win-core-delayload-l1-1-0.dll	`DelayLoadFailureHook`
api-ms-win-core-errorhandling-l1-1-3.dll	`TerminateProcessOnMemoryExhaustion`
api-ms-win-core-errorhandling-l1-1-2.dll	`RaiseFailFastException`
ext-ms-win-ntuser-gui-l1-3-0.dll (delay-loaded)	`ChangeWindowMessageFilterEx`

Delayed Imports

Attributes	`0x1`
Name	`ext-ms-win-ntuser-gui-l1-3-0.dll`
ModuleHandle	`0x188b8`
DelayImportAddressTable	`0x1f038`
DelayImportNameTable	`0x15008`
BoundDelayImportTable	`0x151e0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85988`
MD5	`8be9723d0b01dca46e86f804608be159`
SHA1	`56c6d53c21ef29bc71cef7a1a9a828595c8cdd22`
SHA256	`4d17e504ee07fd90d89f7fe414b55e277ee76d8f1a399cccf60689eb989cb68a`
SHA3	`422fe1540739b8eec938d40f67dd65bb75113186ee064716073f74e2e1c805fd`

1 (#2)

Type	`WEVT_TEMPLATE`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1486`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.76136`
MD5	`7d42c5213d5d97c976b92414be1b6975`
SHA1	`0e505548aecb9692483bce312f03c4cff6ec13af`
SHA256	`719bb87da4a2e82e8853bc950585a66d9ed4fca1d9616fce7e2b7e20da718d79`
SHA3	`5cc08576ad09ef55979641f03e1f554d81c5f03871be2bd2f90b56e32ab2dd1a`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50732`
MD5	`52ebbc0ab7548248edca002822370842`
SHA1	`fad3fcdc983ffcea16e7056463d03d0d26018dcc`
SHA256	`ae828d3d075553bf1c02a5f78848559c621e9983a4ad4b38b05b3860741abb22`
SHA3	`889b6552e3d686de2a0c4fbf8b5a77f35a3d7915d2d3a2aad53fb474c86cc57a`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4f3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91336`
MD5	`e2096dd87783b1da4c0114e9007025b4`
SHA1	`88f5ddce69083186143d7a2aa98059abbb0a5d89`
SHA256	`7cf853caf9e804db75978634c963a1d15d0096b357531679754d7a4ccaf8260c`
SHA3	`8c2d2e14e70714377315ca08a779e2405e5d82fe9eec377240b2b4bf73f7097f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.26100.8521
ProductVersion	10.0.26100.8521
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Desktop Window Manager
FileVersion (#2)	10.0.26100.8521 (WinBuild.160101.0800)
InternalName	dwm.exe
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	dwm.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion (#2)	10.0.26100.8521

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2001-May-05 13:10:10
Version	`0.0`
SizeofData	`32`
AddressOfRawData	`0x13e74`
PointerToRawData	`0x13e74`
Referenced File	dwm.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2001-May-05 13:10:10
Version	`0.0`
SizeofData	`1244`
AddressOfRawData	`0x13e94`
PointerToRawData	`0x13e94`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2001-May-05 13:10:10
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x14398`
PointerToRawData	`0x14398`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2001-May-05 13:10:10
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x143bc`
PointerToRawData	`0x143bc`

TLS Callbacks

Load Configuration

Size	`0x148`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400181c0`
GuardCFCheckFunctionPointer	`5368781952`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xfc822b7d`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`99`
Unmarked objects (#2)	`1`
C objects (33145)	`15`
ASM objects (33145)	`5`
Total imports	`1247`
Imports (33145)	`8`
C++ objects (33145)	`32`
C objects (LTCG) (33145)	`18`
253 (33145)	`1`
Resource objects (33145)	`1`
Linker (33145)	`1`

Errors

Leave a comment

No comments yet.