Manalyze report for f987f944d2b9a9d5d7886061b0d87120

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2016-Jul-12 13:20:36
Detected languages	English - United States
Debug artifacts	P:\Target\x86\ship\lync\x-none\npmeetingjoinpluginoc.pdb
CompanyName	Microsoft Corporation
FileDescription	The plugin allows you to have a better experience with Microsoft Lync
FileVersion	`15.0.4849.1000`
InternalName	npMeetingJoinPluginOC
LegalTrademarks1	Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2	Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename	npMeetingJoinPluginOC.dll
ProductName	Microsoft Office 2013
ProductVersion	`15.0.4849.1000`
FileOpenName	Lync Plug-in for Firefox
FileExtents
MIMEType	application/vnd.microsoft.communicator.ocsmeeting

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic v5.0 - v6.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Can access the registry: RegQueryValueExW RegCloseKey RegOpenKeyExW`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA`
Safe	VirusTotal score: 0/63 (Scanned on 2017-07-06 01:31:42)	`All the AVs think this file is safe.`

Hashes

MD5	`f987f944d2b9a9d5d7886061b0d87120`
SHA1	`efe5422b14d24fef4ccb8154886b3c6e8398527c`
SHA256	`f0ac38e3927bdb136aa43788184e26fe5783d11420e64993dc2b6cc480b34b5a`
SHA3	`8cf7771ada9d87e86f7e4c90e5f6f0ac5b5ec7dc91abda05643ec6b7a685c60b`
SSDeep	`768:7WQD3EnTdErEPBScZVxUrKlgBAZ17OKTEvoMin2EBhrmjoT4:7X+TVjlgGj7OKTEvoMFEBhrmjoT4`
Imports Hash	`b34e3844daaa6865037701ec1e715dc2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2016-Jul-12 13:20:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x5800`
SizeOfInitializedData	`0x1e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000051D6 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`0.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xb000`
SizeOfHeaders	`0x400`
Checksum	`0xc66f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ad39b9060d7fee779842334559d1d639`
SHA1	`83e0e6c81c6c9ae3e2dad2e405c5818268e4fb68`
SHA256	`46eb181818a26bf574b2757902012ea556c712c34807543523373b516ad8bd8b`
SHA3	`bb5571f35c17dafe78f2a4faaaa266ee845cada3579014a0fa784731b59ee677`
VirtualSize	`0x574c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4081`

.data

MD5	`8846b780c4e381f317fa6584689beebe`
SHA1	`e056533e4391167932bbb5a7f4a60a6900eedd84`
SHA256	`c27159ffd673ee9cf7981139ee6ccfb6b6b0f39ec5db450211f2ee825b6ec549`
SHA3	`e745815144f0c2ac787b92c6f3f09d5f4c27bbfdb55143046ecf707c1b40cc4b`
VirtualSize	`0x10dc`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.46885`

.rsrc

MD5	`f6368ffb5b6c49037f401f8f1baccbec`
SHA1	`96098ba4cf93c804830a9f46470791e37556ea29`
SHA256	`868a4757b3db6836b721248d68033dedaab1904a2582ee055242f5699bd2fe04`
SHA3	`8e856687771af6dbaa1543638d7421bd5ecc50b1f0fae5d9ff89db7832de13ac`
VirtualSize	`0x5f0`
VirtualAddress	`0x9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.37264`

.reloc

MD5	`0a04c8c79feed0e4b0165b36c49a0552`
SHA1	`0b0adf903c1ba9975a34f37bcfb7cc28b7dcae91`
SHA256	`dae59644b9e603bb538ae68162d4d31a979477ad09a0001938fff3cf7d74adf3`
SHA3	`b5dc221979a096962b2de2180ce2d345a8fd21837fac3ed58296e0d99b8f8210`
VirtualSize	`0x5f4`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59781`

Imports

MSVCP100.dll	`?_Xlength_error@std@@YAXPBD@Z` `?_Xout_of_range@std@@YAXPBD@Z`
ADVAPI32.dll	`DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `RegisterTraceGuidsW` `UnregisterTraceGuids` `GetTraceLoggerHandle` `GetTraceEnableLevel` `GetTraceEnableFlags` `TraceMessage` `RegQueryValueExW` `RegCloseKey` `RegOpenKeyExW`
KERNEL32.dll	`GetLastError` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `lstrlenW` `MultiByteToWideChar` `WideCharToMultiByte` `HeapAlloc` `HeapFree` `GetProcessHeap` `InitializeCriticalSectionEx` `RaiseException` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `InterlockedCompareExchange` `InterlockedExchange` `DecodePointer` `EncodePointer` `LoadLibraryExW` `GetProcAddress` `GetModuleHandleW` `GetModuleFileNameW` `WerRegisterMemoryBlock` `VirtualProtect` `OutputDebugStringA` `GetTickCount` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `HeapSetInformation` `QueryPerformanceCounter` `DisableThreadLibraryCalls` `Sleep`
OLEAUT32.dll	`#7` `#4` `#2` `#6` `#5`
MSVCR100.dll	`_onexit` `_crt_debugger_hook` `__clean_type_info_names_internal` `_except_handler4_common` `?_type_info_dtor_internal_method@type_info@@QAEXXZ` `_lock` `__dllonexit` `_unlock` `?terminate@@YAXXZ` `__CppXcptFilter` `_amsg_exit` `_initterm_e` `_initterm` `_encoded_null` `_malloc_crt` `memset` `vswprintf_s` `free` `calloc` `_vsnprintf` `__CxxFrameHandler3` `_CxxThrowException` `?what@exception@std@@UBEPBDXZ` `??1exception@std@@UAE@XZ` `??0exception@std@@QAE@ABV01@@Z` `??0exception@std@@QAE@ABQBD@Z` `_recalloc`
ole32.dll	`CoCreateInstance`

Delayed Imports

NP_GetEntryPoints

Ordinal	`1`
Address	`0x2007`

NP_Initialize

Ordinal	`2`
Address	`0x2088`

NP_Shutdown

Ordinal	`3`
Address	`0x4511`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x590`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47489`
MD5	`77cecc06ce0bd9b41b93704beebf512a`
SHA1	`cd64c6d6b820e774c4ad5b6103d6e412e69f2736`
SHA256	`5410473970bb262077f9e174239653f4a4b425e4ff7086fe2d748266bd6db5cd`
SHA3	`7f4385af9afbd1c69acd70fd1cb8e098f0f3b4127f657c8a838ff2981f7de6f3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	15.0.4849.1000
ProductVersion	15.0.4849.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	The plugin allows you to have a better experience with Microsoft Lync
FileVersion (#2)	15.0.4849.1000
InternalName	npMeetingJoinPluginOC
LegalTrademarks1	Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2	Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename	npMeetingJoinPluginOC.dll
ProductName	Microsoft Office 2013
ProductVersion (#2)	15.0.4849.1000
FileOpenName	Lync Plug-in for Firefox
FileExtents
MIMEType	application/vnd.microsoft.communicator.ocsmeeting

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2016-Jul-12 13:20:36
Version	`0.0`
SizeofData	`280`
AddressOfRawData	`0x6634`
PointerToRawData	`0x5a34`
Referenced File	P:\Target\x86\ship\lync\x-none\npmeetingjoinpluginoc.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2016-Jul-12 13:20:36
Version	`565.7732`
SizeofData	`4`
AddressOfRawData	`0x6630`
PointerToRawData	`0x5a30`

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`
SEHandlerTable	`0x10001fb0`
SEHandlerCount	`7`

RICH Header

XOR Key	`0x3ce53a67`
Unmarked objects	`0`
152 (20115)	`1`
ASM objects (VS2010 SP1 build 40219)	`1`
C++ objects (VS2010 SP1 build 40219)	`4`
C objects (VS2010 SP1 build 40219)	`9`
188 (30716)	`3`
185 (30716)	`8`
Imports (VS2010 SP1 build 40219)	`5`
Total imports	`84`
184 (30716)	`1`
189 (30716)	`9`
183 (30716)	`1`
186 (30716)	`1`

f987f944d2b9a9d5d7886061b0d87120

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

.reloc

Imports

Delayed Imports

NP_GetEntryPoints

NP_Initialize

NP_Shutdown

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_RESERVED

TLS Callbacks

Load Configuration

RICH Header

Errors