Manalyze report for fd214fbaef89b722e165385416a5fae4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Jul-15 07:26:20
Detected languages	English - United States
Debug artifacts	D:\Mrida\Mrida\Release\mrida.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: system` `Uses Microsoft's cryptographic API: CryptDestroyHash CryptSignHashW CryptEnumProvidersW CryptGenRandom CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW` `Can create temporary files: GetTempPathW CreateFileW GetTempPathA CreateFileA` `Leverages the raw socket API to access the Internet: #116 #1 #2 #3 #18 #13 getaddrinfo #115 #5 #19 WSASocketA #16 freeaddrinfo getnameinfo #21 #112 #111` `Interacts with the certificate store: CertOpenStore`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`fd214fbaef89b722e165385416a5fae4`
SHA1	`8b080ac45c0b558f492890040c3d643ecd26fb6a`
SHA256	`5e3975677d771231afa360f23e500f831bac1fe96dc7e04a93d84bc3f2ec0636`
SHA3	`88789d83e84b7d279151d92714120b67601aee2d81d0de2c226667d18cfb3e24`
SSDeep	`49152:XgHqEK/wo2G0U68A4cFaedMmpKPXbrppeGJ76ifl:X59tHfc978b`
Imports Hash	`1e1e9b8c838515fcbd79349838ac7d5c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Jul-15 07:26:20
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x18b000`
SizeOfInitializedData	`0x84e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000C398E (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x18c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x214000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2bf1c984294b89b9331fed99a6c14057`
SHA1	`bcba553bf7fbaa5a6021ab499f514a24624a9320`
SHA256	`65fdb4a3dcc3cb049ccbc62ad98439b4b6be64dfbd903cdcc480e5e304e63ae0`
SHA3	`ccefad2bfe1cdeced9929c1ea917b25ee864dfe88cbce2cdec90a18d6ef45640`
VirtualSize	`0x18af30`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18b000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64039`

.rdata

MD5	`3f0adf56297f48075a78142d23bdbeed`
SHA1	`9e0e15b44667e2a7f48b3827b38c64a7b4357e2e`
SHA256	`c75d27b0e74d008767191a94aa3569ea13b339c23675f0dcb877d6ed908ff261`
SHA3	`8d7bebf477aec94ecdc97f24a15e819adaa904a63c6fd653778cd3858ca6312a`
VirtualSize	`0x670c2`
VirtualAddress	`0x18c000`
SizeOfRawData	`0x67200`
PointerToRawData	`0x18b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.07364`

.data

MD5	`19dfd06d8a20d8b81b6fbe1b24ed835f`
SHA1	`77328051164c6dfb88209d320044b6d585852b7b`
SHA256	`2e2304e0680de83700573c7c0909e7bc8e0c5addfcfb286acc878ba6c7d6c1fa`
SHA3	`ce34679acf959825ee31c03e1d48088620222ff53e4a3914baf771b468453fa6`
VirtualSize	`0xb05c`
VirtualAddress	`0x1f4000`
SizeOfRawData	`0x8800`
PointerToRawData	`0x1f2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.45645`

.rsrc

MD5	`406dcc23a8b69a52a139d7db5684e257`
SHA1	`93e30c52d330bad22d032b868aeb267a14290625`
SHA256	`01afe751a50273bb06541cfc6ff9e2c3a347a6b8be627de1fed5483f48331108`
SHA3	`70e57e717c799ef6581d90721580d9d70b0e4b1187dd0d9423cda92d87b1a4eb`
VirtualSize	`0x1e0`
VirtualAddress	`0x200000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1fae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.68819`

.reloc

MD5	`b2dc0278929d54393bb3979e914b45de`
SHA1	`fdf191f73e1a93addd104b90436ebb7206227f21`
SHA256	`00e0b4f5a3b15bcf9bf9aa622c38bf22f8b044683889f33cfd4bac200ebefa67`
SHA3	`ef2c3d648463f7de9930c75a36dfd7f32e34093e1a3b08ad86b28fd63ea52307`
VirtualSize	`0x12774`
VirtualAddress	`0x201000`
SizeOfRawData	`0x12800`
PointerToRawData	`0x1fb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63952`

Imports

WS2_32.dll	`#116` `#1` `#2` `#3` `#18` `#13` `getaddrinfo` `#115` `#5` `#19` `WSASocketA` `#16` `freeaddrinfo` `getnameinfo` `#21` `#112` `#111`
tlsh.dll	`?getHash@Tlsh@@QBEPBDXZ` `??0Tlsh@@QAE@XZ` `?totalDiff@Tlsh@@QBEHPBV1@_N@Z` `??1Tlsh@@QAE@XZ` `?final@Tlsh@@QAEXPBEIH@Z` `?fromTlshStr@Tlsh@@QAEHPBD@Z`
KERNEL32.dll	`ReadFile` `TryEnterCriticalSection` `HeapCreate` `HeapFree` `EnterCriticalSection` `GetFullPathNameW` `WriteFile` `GetDiskFreeSpaceW` `OutputDebugStringA` `LockFile` `LeaveCriticalSection` `InitializeCriticalSection` `SetFilePointer` `GetFullPathNameA` `SetEndOfFile` `UnlockFileEx` `GetTempPathW` `CreateMutexW` `WaitForSingleObject` `CreateFileW` `GetFileAttributesW` `GetCurrentThreadId` `UnmapViewOfFile` `HeapValidate` `HeapSize` `MultiByteToWideChar` `Sleep` `GetTempPathA` `FormatMessageW` `GetDiskFreeSpaceA` `GetLastError` `GetFileAttributesA` `GetFileAttributesExW` `GetComputerNameA` `FlushViewOfFile` `CreateFileA` `LoadLibraryA` `WaitForSingleObjectEx` `DeleteFileA` `DeleteFileW` `HeapReAlloc` `CloseHandle` `GetSystemInfo` `LoadLibraryW` `HeapAlloc` `HeapCompact` `HeapDestroy` `UnlockFile` `GetProcAddress` `LocalFree` `LockFileEx` `GetFileSize` `DeleteCriticalSection` `GetCurrentProcessId` `GetProcessHeap` `SystemTimeToFileTime` `FreeLibrary` `WideCharToMultiByte` `GetSystemTimeAsFileTime` `GetSystemTime` `FormatMessageA` `CreateFileMappingW` `MapViewOfFile` `QueryPerformanceCounter` `GetTickCount` `FlushFileBuffers` `ReadConsoleA` `GetStdHandle` `SetConsoleTextAttribute` `CreateMutexA` `TlsAlloc` `ReadConsoleW` `SetConsoleMode` `GetEnvironmentVariableW` `GlobalMemoryStatus` `ConvertFiberToThread` `ReleaseMutex` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetModuleHandleW` `CreateEventW` `ResetEvent` `SetEvent` `InitializeCriticalSectionAndSpinCount` `AreFileApisANSI` `OutputDebugStringW` `DeleteFiber` `GetModuleHandleExW` `GetModuleHandleA` `SwitchToThread` `GetFileType` `QueryPerformanceFrequency` `GetConsoleMode` `CreateFileMappingA` `GetFileSizeEx` `TlsFree` `TlsSetValue` `TlsGetValue`
ADVAPI32.dll	`CryptDestroyHash` `CryptSignHashW` `CryptEnumProvidersW` `CryptGenRandom` `CryptCreateHash` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptDestroyKey` `CryptReleaseContext` `CryptAcquireContextW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `GetUserNameA`
SHELL32.dll	`#680`
MSVCP140.dll	`?_Syserror_map@std@@YAPBDH@Z` `_Mtx_destroy_in_situ` `_Mtx_lock` `_Mtx_init_in_situ` `_Strcoll` `_Cnd_do_broadcast_at_thread_exit` `_Cnd_destroy` `_Thrd_sleep` `_Cnd_wait` `_Mtx_init` `_Thrd_start` `_Thrd_detach` `_Xtime_get_ticks` `_Mtx_destroy` `_Cnd_init` `_Mtx_unlock` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z` `?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z` `?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z` `?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z` `?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z` `?tolower@?$ctype@D@std@@QBEDD@Z` `?always_noconv@codecvt_base@std@@QBE_NXZ` `??1facet@locale@std@@MAE@XZ` `??0facet@locale@std@@IAE@I@Z` `?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ` `?_Incref@facet@locale@std@@UAEXXZ` `??Bid@locale@std@@QAEIXZ` `?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ` `??1_Locinfo@std@@QAE@XZ` `??0_Locinfo@std@@QAE@PBD@Z` `?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `_Close_dir` `_Open_dir` `_Lstat` `_Read_dir` `?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z` `?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A` `??4?$_Yarn@D@std@@QAEAAV01@PBD@Z` `??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ` `??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z` `?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z` `?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z` `?_Xlength_error@std@@YAXPBD@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Throw_C_error@std@@YAXH@Z` `?_Xbad_function_call@std@@YAXXZ` `?_Winerror_map@std@@YAHH@Z` `?_BADOFF@std@@3_JB` `?_Xout_of_range@std@@YAXPBD@Z` `?_Winerror_message@std@@YAKKPADK@Z` `?_Xinvalid_argument@std@@YAXPBD@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Init@locale@std@@CAPAV_Locimp@12@_N@Z` `?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ` `_Stat` `_To_wide` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z` `??0_Lockit@std@@QAE@H@Z` `??1_Lockit@std@@QAE@XZ` `_Strxfrm` `_Cnd_signal` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `?uncaught_exception@std@@YA_NXZ` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?id@?$collate@D@std@@2V0locale@2@A` `?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z`
VCRUNTIME140.dll	`memset` `memmove` `memcpy` `_CxxThrowException` `strrchr` `strchr` `_purecall` `__std_exception_copy` `__std_exception_destroy` `memchr` `__CxxFrameHandler3` `wcsstr` `_except_handler4_common` `__std_type_info_compare` `strstr` `longjmp` `_setjmp3` `__std_terminate`
api-ms-win-crt-runtime-l1-1-0.dll	`abort` `__p___argc` `__p___argv` `_c_exit` `exit` `_register_thread_local_exe_atexit_callback` `signal` `_initterm_e` `_beginthreadex` `_controlfp_s` `_endthreadex` `_configure_narrow_argv` `_initialize_narrow_environment` `_initialize_onexit_table` `strerror_s` `_wassert` `raise` `_cexit` `system` `_invalid_parameter_noinfo_noreturn` `_register_onexit_function` `_initterm` `_get_initial_narrow_environment` `_set_app_type` `_crt_atexit` `_invalid_parameter_noinfo` `_errno` `terminate` `_exit` `_seh_filter_exe`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsprintf` `fgetc` `fgetpos` `_fileno` `setvbuf` `fclose` `fflush` `_setmode` `fputc` `ungetc` `fsetpos` `fgets` `feof` `_fseeki64` `__stdio_common_vswprintf` `_get_stream_buffer_pointers` `__stdio_common_vfprintf` `_wfopen` `fputs` `fread` `_close` `_filelength` `_sopen_s` `__p__commode` `_read` `ftell` `fopen` `__acrt_iob_func` `fseek` `fwrite` `clearerr` `ferror` `getc` `__stdio_common_vsscanf` `_set_fmode`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_msize` `realloc` `_callnewh` `free` `_set_new_mode`
api-ms-win-crt-string-l1-1-0.dll	`isalnum` `_strnicmp` `strnlen` `strncpy` `isspace` `strncmp` `strcspn` `isxdigit` `isdigit` `strcmp` `_stricmp` `tolower` `strspn`
api-ms-win-crt-convert-l1-1-0.dll	`_strtoi64` `atoi` `strtoul` `strtol` `strtoll` `strtod` `atof` `strtoull`
api-ms-win-crt-filesystem-l1-1-0.dll	`_stat64i32` `remove` `_unlock_file` `_lock_file`
api-ms-win-crt-math-l1-1-0.dll	`log2` `_dtest` `_dsign` `__setusermatherr` `_dclass` `_libm_sse2_pow_precise` `_except1` `_libm_sse2_log_precise` `_isnan`
api-ms-win-crt-locale-l1-1-0.dll	`localeconv` `_configthreadlocale`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `_gmtime64` `_localtime64_s`
CRYPT32.dll	`CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertDuplicateCertificateContext` `CertFreeCertificateContext` `CertGetCertificateContextProperty` `CertOpenStore`
USER32.dll	`MessageBoxW` `GetUserObjectInformationW` `GetProcessWindowStation`
api-ms-win-crt-utility-l1-1-0.dll	`srand` `rand` `qsort`
api-ms-win-crt-environment-l1-1-0.dll	`getenv`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Jul-15 07:26:20
Version	`0.0`
SizeofData	`57`
AddressOfRawData	`0x1eb50c`
PointerToRawData	`0x1ea90c`
Referenced File	D:\Mrida\Mrida\Release\mrida.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Jul-15 07:26:20
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1eb548`
PointerToRawData	`0x1ea948`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Jul-15 07:26:20
Version	`0.0`
SizeofData	`860`
AddressOfRawData	`0x1eb55c`
PointerToRawData	`0x1ea95c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Jul-15 07:26:20
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x5eb8c8`
EndAddressOfRawData	`0x5eb8d0`
AddressOfIndex	`0x5fc998`
AddressOfCallbacks	`0x58c680`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x5f4008`
SEHandlerTable	`0x5eb240`
SEHandlerCount	`179`

RICH Header

XOR Key	`0x1f9760e5`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
199 (41118)	`1`
ASM objects (VS2017 v15.6.6 compiler 26131)	`15`
C objects (VS2017 v15.6.6 compiler 26131)	`12`
C++ objects (VS2017 v15.6.6 compiler 26131)	`28`
Imports (VS2017 v15.6.6 compiler 26131)	`4`
Imports (VS2017 v15.7.4 compiler 26431)	`2`
Imports (VS2015/2017 runtime 25711)	`13`
Total imports	`441`
C objects (VS2015 UPD3.1 build 24215)	`471`
C++ objects (VS2017 v15.7.4 compiler 26431)	`45`
265 (VS2017 v15.7.4 compiler 26431)	`13`
Resource objects (VS2017 v15.7.4 compiler 26431)	`1`
Linker (VS2017 v15.7.4 compiler 26431)	`1`

fd214fbaef89b722e165385416a5fae4

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors