fae76fccc9c3fe3644d5b46ebe0a3fbe

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2097-Dec-08 04:32:36
Detected languages English - United States
Debug artifacts f1db7d81-95be-4911-935a-8ab71629112a_vmsvcext_sys.pdb
CompanyName Microsoft Corporation
FileDescription ApiSet Schema Extension DLL
FileVersion 10.0.18362.1 (WinBuild.160101.0800)
InternalName f1db7d81-95be-4911-935a-8ab71629112a_vmsvcext_sys.dll
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename f1db7d81-95be-4911-935a-8ab71629112a_vmsvcext_sys.dll
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.18362.1

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .apiset
The PE only has 0 import(s).
Info The PE is digitally signed. Signer: Microsoft Windows
Issuer: Microsoft Windows Production PCA 2011
Safe VirusTotal score: 0/72 (Scanned on 2020-01-17 08:13:13) All the AVs think this file is safe.

Hashes

MD5 fae76fccc9c3fe3644d5b46ebe0a3fbe
SHA1 b493adf1617b208f94060efb757841edef91d6bb
SHA256 3c682b4e320e9b9a1ab91b74b62dadf6cf1f42e4b0025dc3689447b7f88ca4a8
SHA3 7553aae85b44f9a54c7f054d86cb4610b51a5f6914a36539c733af63c4ea5867
SSDeep 192:mRKWmSyPWNU/3XjDBQABJ1txF7jjT6iBTqnajbQwr5DD:mRKWDEWNmXjDBRJBFTTXZl3QCp
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2097-Dec-08 04:32:36
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0
SizeOfInitializedData 0xa00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x4000
SizeOfHeaders 0x400
Checksum 0x7385
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.rdata

MD5 b17fce82a7cf970cd54825f9ff96c6a6
SHA1 f710a3c455bd6a91c45382459af5ea824772152a
SHA256 7ad6d3f227feeb2d25fe30bb477df9524d7f87dac7fc0b899bc260f21a79ee2a
SHA3 64e51f13e05d1922d730c83352e40dfd500f182e476ec6a16d7b73f5f070a486
VirtualSize 0x1a8
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.96536

.apiset

MD5 e34a4b661c0995f16d1cf8fe1aa0cdc8
SHA1 b2d7a05911a60aca1ad79c4cecc29f077c373de8
SHA256 3f721bfaefc7a2d6cdb795847897a7103f44ad4fbb77a3f216d8b943e6dd7ee1
SHA3 2b3ade4bc5d60b411071a1347b884a4d8cae1cd49b6ee85bb61eaa8f2284722d
VirtualSize 0xa0
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.02306

.rsrc

MD5 5afa284ef41c242975fd47eafd13663d
SHA1 b83b5670f1c3ece2bd6dc8b7b85b4d1d5ae19a97
SHA256 d2c782a8da4194836cb7c6166cc694261c3ae985fb30e63c80d49968ec443c00
SHA3 053bc1b9178bde9f23bcf5a58835e09eb06d7dbced2a027c1ce6a4009a4b0ab8
VirtualSize 0x4b0
VirtualAddress 0x3000
SizeOfRawData 0x600
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.85342

Imports

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x44c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.58738
MD5 d55f97b83c21c48c98de457070a0f838
SHA1 0d3ab1b5d6fc64e46e877fedc491f6acb92986c3
SHA256 1fb9653ac4fb361ea30630cda8da1d596afaa416ea56e97780764dfaf46969a2
SHA3 193931d4ca7fb1bd553fd405ae0fc51d01aeb7458313b52f14e35295fc993b1b

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.18362.1
ProductVersion 10.0.18362.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName Microsoft Corporation
FileDescription ApiSet Schema Extension DLL
FileVersion (#2) 10.0.18362.1 (WinBuild.160101.0800)
InternalName f1db7d81-95be-4911-935a-8ab71629112a_vmsvcext_sys.dll
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename f1db7d81-95be-4911-935a-8ab71629112a_vmsvcext_sys.dll
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.18362.1
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2097-Dec-08 04:32:36
Version 0.0
SizeofData 78
AddressOfRawData 0x10c0
PointerToRawData 0x4c0
Referenced File f1db7d81-95be-4911-935a-8ab71629112a_vmsvcext_sys.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2097-Dec-08 04:32:36
Version 0.0
SizeofData 116
AddressOfRawData 0x1110
PointerToRawData 0x510

UNKNOWN

Characteristics 0
TimeDateStamp 2097-Dec-08 04:32:36
Version 0.0
SizeofData 36
AddressOfRawData 0x1184
PointerToRawData 0x584

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x905c76f9
Unmarked objects 0
Exports (26715) 1
C objects (26715) 1
Resource objects (26715) 1
Linker (26715) 1

Errors

<-- -->