Manalyze report for fbad860685ece3f48e999fe4916cd980443950cd4f6fb5a092e3331fa31c6e85

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Feb-19 09:49:53
Detected languages	English - United States
Debug artifacts	wa_3rd_party_host_32.pdb
FileVersion	`2025.2.19.948`
ProductVersion	`4.3.4489.0`
CompanyName	OPSWAT, Inc.
FileDescription	MDES SDK V4 3rd Party Host
InternalName	wa_3rd_party_host_32.exe
LegalCopyright	Â© OPSWAT, Inc. All rights reserved.
OriginalFilename	wa_3rd_party_host_32.exe
ProductName	MDES SDK V4

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: rshell.exe` `May have dropper capabilities: %TEMP% CurrentControlSet\Services` `Accesses the WMI: root\cimv2` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: Virus cmd.exe virus` `Contains domain names: catalog.update.microsoft.com http://www.w3.org http://www.w3.org/2000/09/xmldsig# http://www.w3.org/2000/09/xmldsig#enveloped-signature http://www.w3.org/2000/09/xmldsig#sha1 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 http://www.w3.org/2001/10/xml-exc-c14n#WithComments microsoft.com technet.microsoft.com update.microsoft.com www.catalog.update.microsoft.com www.w3.org`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress LoadLibraryExW LoadLibraryExA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot SwitchToThread` `Can access the registry: RegCloseKey RegEnumKeyExW RegOpenKeyExW RegQueryValueExW RegSaveKeyW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathA CreateFileA CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: InternetConnectW InternetCloseHandle InternetOpenW InternetSetOptionW InternetReadFile` `Functions related to the privilege level: CheckTokenMembership DuplicateToken AdjustTokenPrivileges OpenProcessToken` `Interacts with services: OpenSCManagerW QueryServiceStatus OpenServiceW` `Enumerates local disk drives: GetLogicalDriveStringsW GetDriveTypeW` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW`
Malicious	The PE is possibly a dropper.	`Resource 102 detected as a PE Executable.`
Info	The PE is digitally signed.	`Signer: OPSWAT` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/73 (Scanned on 2025-04-01 04:15:10)	`All the AVs think this file is safe.`

Hashes

MD5	`490fe667a9c0d222c38f4f41546701d3`
SHA1	`d3eb017ca80076b7d67372adbb78c447d81fa8eb`
SHA256	`fbad860685ece3f48e999fe4916cd980443950cd4f6fb5a092e3331fa31c6e85`
SHA3	`4b22a1353033011d0cc3194aaf9171a13382667f9bddd0861bb5695879489575`
SSDeep	`49152:8sPMc265KTkeH+uQFct6nKd517JGN+ZQOkcd6lpUT9azBQV3mZVGWkvxNW:8oME5KTFeI4cdCpUTrc`
Imports Hash	`4522c750dde835f24e9c661dc4c63c68`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2025-Feb-19 09:49:53
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1a9200`
SizeOfInitializedData	`0x86000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00142140 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1ab000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x238000`
SizeOfHeaders	`0x400`
Checksum	`0x2391bf`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d1d3427e2637fee25315ee11666f6f23`
SHA1	`2ddb79cc419d9dfa25b01cf76d3e45b97a516e34`
SHA256	`a0fcf88fc628acddf8f67bf59615fcbf221587b64c3f1fac4d6da467088c8ab5`
SHA3	`184f26c7087d4ae9972f6d768d6591d60946a48229e9e31fc1dc35eb3f9b725b`
VirtualSize	`0x1a90aa`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a9200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63758`

.rdata

MD5	`11644e861344bb922438eb64f2042318`
SHA1	`572c5fa59b9fddc920225e0a09c5d97ea63e6b2c`
SHA256	`b545bc55bab182fa1d244506b44dac7595a1e9583c1adeb7cd82156e8f374fc1`
SHA3	`39c022810b0b731137bf14053cb456f8fdaa76b7f2132924991166f77cdef917`
VirtualSize	`0x6791a`
VirtualAddress	`0x1ab000`
SizeOfRawData	`0x67a00`
PointerToRawData	`0x1a9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.37516`

.data

MD5	`3217e9c06049be7be91e6d254c6c89af`
SHA1	`657f56c31c78b6fa93aa0279709704ec713d7906`
SHA256	`8c822d3d49380d602614f1dbc22c35964b8905d20df14b2668c1b678c86c1b15`
SHA3	`405f59130cf5f0e67ad316914a307579a6bff5c81e6f3bfdf814df1353b9f91e`
VirtualSize	`0xbdf8`
VirtualAddress	`0x213000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x211000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.80884`

.didat

MD5	`21f558bd50753d543715ebdc00b824cc`
SHA1	`3e69f1d96f466c66f218eeba4ba1fe57d860ef23`
SHA256	`2a8a755e1b62554eed81fe7b3cb0100eae56087746c44342a0e37b1c22662de4`
SHA3	`19b55f7ea31694cb9ab0216024749429198ffd37c1e4e57422dcf0d14a07c732`
VirtualSize	`0x10`
VirtualAddress	`0x21f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x218a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.164765`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x220000`
SizeOfRawData	`0x200`
PointerToRawData	`0x218c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`1c15a9dc947dec33f2586d69adcfba02`
SHA1	`411135e967aa237b06af7533bb2bbe55faf6945a`
SHA256	`605341f56414b5da2175e5c85b05c27c4cfdbac1b0638a98594fc472531385ba`
SHA3	`759a295460442a545a9902673363749b9de42dbb6d6de4943545a690c036afe6`
VirtualSize	`0x3fb0`
VirtualAddress	`0x221000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x218e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1398`

.reloc

MD5	`60fd9be3d28d0bbc8b854bb54d5535ff`
SHA1	`b45d3b9e6bd75eb17ebb0396fcce54fd5251d99a`
SHA256	`cb5d1072b5b7f596a06db2360c03b212287351668b39bdc797f5f3e26b0e3206`
SHA3	`24bdb3d7b6141a88dd5716e4bc01094bda806183bccb8f0a45db95f322309dc4`
VirtualSize	`0x12618`
VirtualAddress	`0x225000`
SizeOfRawData	`0x12800`
PointerToRawData	`0x21ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.6447`

Imports

KERNEL32.dll	`GetTempPathA` `FormatMessageW` `GetDiskFreeSpaceA` `GetLastError` `GetFileAttributesA` `GetFileAttributesExW` `OutputDebugStringW` `FlushViewOfFile` `CreateFileA` `LoadLibraryA` `WaitForSingleObjectEx` `DeleteFileA` `DeleteFileW` `HeapReAlloc` `CloseHandle` `RaiseException` `GetSystemInfo` `LoadLibraryW` `HeapAlloc` `HeapCompact` `HeapDestroy` `UnlockFile` `GetProcAddress` `LocalFree` `LockFileEx` `GetFileSize` `DeleteCriticalSection` `GetCurrentProcessId` `GetProcessHeap` `SystemTimeToFileTime` `FreeLibrary` `WideCharToMultiByte` `GetSystemTimeAsFileTime` `GetSystemTime` `FormatMessageA` `CreateFileMappingW` `MapViewOfFile` `QueryPerformanceCounter` `GetTickCount` `FlushFileBuffers` `InitializeCriticalSectionEx` `GetTickCount64` `DecodePointer` `SizeofResource` `GetModuleHandleExW` `GetModuleFileNameW` `LocalAlloc` `FreeResource` `LockResource` `LoadResource` `FindResourceW` `SetErrorMode` `Sleep` `GetWindowsDirectoryW` `GetEnvironmentStringsW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `FindFirstFileW` `FindNextFileW` `FindClose` `FileTimeToSystemTime` `GetFileTime` `GetVolumeNameForVolumeMountPointW` `GetLogicalDriveStringsW` `GetDriveTypeW` `DeviceIoControl` `GetSystemWindowsDirectoryW` `lstrcpyW` `WaitForMultipleObjects` `CreateEventW` `SetEvent` `CreateNamedPipeW` `OpenProcess` `CreateThread` `GetOverlappedResult` `ConnectNamedPipe` `GetExitCodeProcess` `CreateToolhelp32Snapshot` `Process32NextW` `Process32FirstW` `DisconnectNamedPipe` `CreateDirectoryW` `GetCurrentProcess` `CreateProcessW` `CopyFileW` `SetLastError` `GetModuleHandleW` `lstrcpynW` `GetLocaleInfoW` `TerminateProcess` `GetTempFileNameW` `ExpandEnvironmentStringsW` `GetVersionExW` `GetTimeZoneInformation` `GetSystemDirectoryW` `ReleaseMutex` `CreateMutexA` `VirtualAlloc` `VirtualFree` `VirtualQuery` `WriteConsoleW` `ReadConsoleW` `SetStdHandle` `MultiByteToWideChar` `HeapSize` `HeapValidate` `UnmapViewOfFile` `GetCurrentThreadId` `GetFileAttributesW` `CreateFileW` `WaitForSingleObject` `CreateMutexW` `GetTempPathW` `UnlockFileEx` `SetEndOfFile` `AreFileApisANSI` `GetFullPathNameA` `SetFilePointer` `InitializeCriticalSection` `LeaveCriticalSection` `LockFile` `OutputDebugStringA` `GetDiskFreeSpaceW` `WriteFile` `GetFullPathNameW` `EnterCriticalSection` `HeapFree` `HeapCreate` `TryEnterCriticalSection` `ReadFile` `LoadLibraryExW` `FreeEnvironmentStringsW` `FindFirstFileExW` `SetEnvironmentVariableW` `SetFilePointerEx` `GetFileSizeEx` `GetConsoleMode` `GetConsoleOutputCP` `GetOEMCP` `GetACP` `IsValidCodePage` `GetFileType` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetTimeFormatW` `GetDateFormatW` `GetCommandLineW` `GetCommandLineA` `GetStdHandle` `ExitProcess` `ExitThread` `RtlUnwind` `UnregisterWaitEx` `QueryDepthSList` `InterlockedFlushSList` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `ReleaseSemaphore` `VirtualProtect` `UnregisterWait` `RegisterWaitForSingleObject` `SetThreadAffinityMask` `GetProcessAffinityMask` `GetNumaHighestNodeNumber` `DeleteTimerQueueTimer` `ChangeTimerQueueTimer` `CreateTimerQueueTimer` `GetLogicalProcessorInformation` `GetThreadPriority` `SetThreadPriority` `SwitchToThread` `SignalObjectAndWait` `GetModuleHandleA` `FreeLibraryAndExitThread` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `ResetEvent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `GetStringTypeW` `DuplicateHandle` `GetCurrentThread` `GetExitCodeThread` `GetNativeSystemInfo` `QueryPerformanceFrequency` `EncodePointer` `QueueUserWorkItem` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `CompareStringW` `LCMapStringW` `GetCPInfo` `CreateTimerQueue` `GetThreadTimes` `LoadLibraryExA`
USER32.dll	`PostThreadMessageW` `wsprintfW`
ADVAPI32.dll	`OpenSCManagerW` `EqualSid` `AllocateAndInitializeSid` `FreeSid` `CheckTokenMembership` `QueryServiceStatus` `OpenServiceW` `RegCloseKey` `RegEnumKeyExW` `RegOpenKeyExW` `RegQueryValueExW` `CloseServiceHandle` `GetSidSubAuthorityCount` `GetSidSubAuthority` `GetTokenInformation` `AccessCheck` `GetFileSecurityW` `DuplicateToken` `MapGenericMask` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `RegSaveKeyW` `OpenProcessToken`
ole32.dll	`CoSetProxyBlanket` `CoUninitialize` `CoInitializeEx` `CoCreateInstance` `IIDFromString` `CLSIDFromString` `CoAddRefServerProcess` `CoReleaseServerProcess` `OleRun`
OLEAUT32.dll	`GetErrorInfo` `VariantTimeToSystemTime` `VariantClear` `SafeArrayCreateVector` `SafeArrayCreate` `SafeArrayLock` `VariantCopy` `SafeArrayPutElement` `SysAllocString` `SysFreeString` `SafeArrayGetDim` `SysStringLen` `SysAllocStringLen` `SafeArrayDestroy` `VariantInit` `SafeArrayGetElement` `SafeArrayUnlock`
VERSION.dll	`GetFileVersionInfoSizeW` `GetFileVersionInfoW` `VerQueryValueW`
SHLWAPI.dll	`StrStrIW`
WININET.dll	`HttpSendRequestW` `InternetConnectW` `InternetCloseHandle` `InternetOpenW` `InternetSetOptionW` `InternetReadFile` `HttpOpenRequestW`
wevtapi.dll (delay-loaded)	`EvtClose` `EvtRender` `EvtSubscribe`

Delayed Imports

Attributes	`0x1`
Name	`wevtapi.dll`
ModuleHandle	`0x21b324`
DelayImportAddressTable	`0x21f000`
DelayImportNameTable	`0x210c4c`
BoundDelayImportTable	`0x210c84`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

_QHChangeOnAccessScanState@8

Ordinal	`1`
Address	`0x125b30`

_QHEnableOnAccessScan@8

Ordinal	`2`
Address	`0x124840`

_QHFreeThreatHistoryListA@8

Ordinal	`3`
Address	`0x124e00`

_QHFreeThreatHistoryListW@8

Ordinal	`4`
Address	`0x124e40`

_QHGetAppLanguageA@16

Ordinal	`5`
Address	`0x124f10`

_QHGetAppLanguageW@16

Ordinal	`6`
Address	`0x124fc0`

_QHGetDigitalCertSignerA@12

Ordinal	`7`
Address	`0x125070`

_QHGetDigitalCertSignerW@12

Ordinal	`8`
Address	`0x125110`

_QHGetEngineVersionA@12

Ordinal	`9`
Address	`0x124670`

_QHGetEngineVersionW@12

Ordinal	`10`
Address	`0x124710`

_QHGetExpDate@8

Ordinal	`11`
Address	`0x1248d0`

_QHGetLastFullScanTime@8

Ordinal	`12`
Address	`0x125740`

_QHGetProductInstallDirA@12

Ordinal	`13`
Address	`0x1251b0`

_QHGetProductInstallDirW@12

Ordinal	`14`
Address	`0x125250`

_QHGetSASQHStatus@8

Ordinal	`15`
Address	`0x125a90`

_QHGetSigDatabaseDirA@12

Ordinal	`16`
Address	`0x1252f0`

_QHGetSigDatabaseDirW@12

Ordinal	`17`
Address	`0x125390`

_QHGetSigDatabaseTime@8

Ordinal	`18`
Address	`0x124490`

_QHGetSigDatabaseVersionA@12

Ordinal	`19`
Address	`0x124530`

_QHGetSigDatabaseVersionW@12

Ordinal	`20`
Address	`0x1245d0`

_QHGetThreatHistoryA@8

Ordinal	`21`
Address	`0x124a90`

_QHGetThreatHistoryW@8

Ordinal	`22`
Address	`0x124c80`

_QHInitUpdate@4

Ordinal	`23`
Address	`0x124a00`

_QHInitiateFileScanA@8

Ordinal	`24`
Address	`0x125600`

_QHInitiateFileScanW@8

Ordinal	`25`
Address	`0x1256a0`

_QHInitiateFolderScanA@8

Ordinal	`26`
Address	`0x1254c0`

_QHInitiateFolderScanW@8

Ordinal	`27`
Address	`0x125560`

_QHInitiateFullScan@4

Ordinal	`28`
Address	`0x125430`

_QHIsAVInstalled@4

Ordinal	`29`
Address	`0x124390`

_QHIsFullScanRunning@4

Ordinal	`30`
Address	`0x1257e0`

_QHIsLicenseExpired@4

Ordinal	`31`
Address	`0x124970`

_QHIsOnAccessScanEnabled@4

Ordinal	`32`
Address	`0x1247b0`

_QHIsUpdateInProgress@4

Ordinal	`33`
Address	`0x124e80`

_QHOpenScanner@4

Ordinal	`34`
Address	`0x125960`

102

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3a00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.16634`
Detected Filetype	PE Executable
MD5	`4397d55415f5b95fab26c54d96bbceb6`
SHA1	`fa8d6a2ce1abb1589d06d4084338b5d9580803ca`
SHA256	`0ab70ec5792de8e58a52fdab49f455f9079a6e490b6b106058f4343324c477e0`
SHA3	`bdc0e23dae6cf007cf3f502a966b1697ed0812d2693f8a64031d657f7658f4ac`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x348`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58655`
MD5	`26de6e9427e14c17e6216ff77ada74b1`
SHA1	`b1494dfb60064affcde9175e3271e7c999767a2f`
SHA256	`4d788643df72e72f7d3e26c3fd65ea85200a859d0aac9bb83d8420d7bc0f4d49`
SHA3	`f24745ba20a8c8954d252228872d412c4af478be5d78c2f6612307d1ab8ddd48`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2025.2.19.948
ProductVersion	4.3.4489.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	2025.2.19.948
ProductVersion (#2)	4.3.4489.0
CompanyName	OPSWAT, Inc.
FileDescription	MDES SDK V4 3rd Party Host
InternalName	wa_3rd_party_host_32.exe
LegalCopyright	Â© OPSWAT, Inc. All rights reserved.
OriginalFilename	wa_3rd_party_host_32.exe
ProductName	MDES SDK V4

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Feb-19 09:49:53
Version	`0.0`
SizeofData	`49`
AddressOfRawData	`0x1ffce8`
PointerToRawData	`0x1fe2e8`
Referenced File	wa_3rd_party_host_32.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Feb-19 09:49:53
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1ffd1c`
PointerToRawData	`0x1fe31c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Feb-19 09:49:53
Version	`0.0`
SizeofData	`1164`
AddressOfRawData	`0x1ffd30`
PointerToRawData	`0x1fe330`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Feb-19 09:49:53
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x620000`
EndAddressOfRawData	`0x620008`
AddressOfIndex	`0x61adac`
AddressOfCallbacks	`0x5ab7c4`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x6131d4`
SEHandlerTable	`0x5ff250`
SEHandlerCount	`678`
GuardCFCheckFunctionPointer	`5944380`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x6d1ecec8`
Unmarked objects	`0`
C++ objects (27412)	`190`
ASM objects (27412)	`19`
199 (41118)	`3`
ASM objects (24237)	`24`
C objects (24237)	`37`
C++ objects (24237)	`137`
C objects (CVTCIL) (27412)	`2`
C objects (27412)	`25`
Imports (27412)	`17`
Total imports	`288`
C objects (30151)	`19`
C objects (LTCG) (24247)	`83`
Exports (24247)	`1`
Resource objects (24247)	`1`
151	`1`
Linker (24247)	`1`

Errors

Leave a comment

No comments yet.