| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2018-Oct-13 20:40:13 |
| Detected languages |
English - United States
|
| Debug artifacts |
e:\PlayspaceMover\x64\Release\PlayspaceMover.pdb
|
| Info | Matching compiler(s): | MASM/TASM - sig1(h) |
| Suspicious | The PE contains functions most legitimate programs don't use. |
Functions which can be used for anti-debugging purposes:
|
| Safe | VirusTotal score: 0/70 (Scanned on 2018-12-16 09:40:00) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 6 |
| TimeDateStamp | 2018-Oct-13 20:40:13 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x2e000 |
| SizeOfInitializedData | 0x1b000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000000000002B688 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x4d000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| openvr_api.dll |
VR_GetInitToken
VR_ShutdownInternal VR_GetGenericInterface VR_GetVRInitErrorAsSymbol VR_IsInterfaceVersionValid VR_InitInternal2 |
|---|---|
| KERNEL32.dll |
GetFileSizeEx
FindFirstFileA SetLastError GetCurrentProcess ReleaseSemaphore WriteFile FindNextFileA SetEndOfFile FindClose CreateMutexA WaitForSingleObject ReleaseMutex UnmapViewOfFile DuplicateHandle GetModuleHandleA GetLastError GetSystemInfo CloseHandle SwitchToThread GetProcAddress SetFilePointerEx CreateFileMappingA LocalFree RemoveDirectoryA GetCurrentProcessId CreateDirectoryA FormatMessageA CreateSemaphoreA GetTickCount MapViewOfFileEx GetProcessTimes Sleep GetSystemTimeAsFileTime QueryPerformanceCounter SetConsoleCtrlHandler RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent CreateFileA IsDebuggerPresent InitializeCriticalSectionAndSpinCount DeleteCriticalSection CreateEventW GetModuleHandleW InitializeSListHead RtlCaptureContext GetCurrentThreadId |
| ADVAPI32.dll |
ReadEventLogA
RegQueryValueExA CloseEventLog OpenEventLogA RegOpenKeyExA SetSecurityDescriptorDacl InitializeSecurityDescriptor RegCloseKey |
| MSVCP140.dll |
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A _Strcoll _Thrd_sleep _Query_perf_counter _Xtime_get_ticks ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z ?tolower@?$ctype@D@std@@QEBADD@Z ??1facet@locale@std@@MEAA@XZ ??0facet@locale@std@@IEAA@_K@Z ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ ?_Incref@facet@locale@std@@UEAAXXZ ??Bid@locale@std@@QEAA_KXZ ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ ??1_Locinfo@std@@QEAA@XZ ??0_Locinfo@std@@QEAA@PEBD@Z _Cnd_signal ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z _Cnd_unregister_at_thread_exit ?__ExceptionPtrCreate@@YAXPEAX@Z _Cnd_init_in_situ ?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z ?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z ?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z ?_Throw_Cpp_error@std@@YAXH@Z ?_Xbad_function_call@std@@YAXXZ ?_Throw_C_error@std@@YAXH@Z ?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z ?_Random_device@std@@YAIXZ ?_Syserror_map@std@@YAPEBDH@Z ?__ExceptionPtrToBool@@YA_NPEBX@Z _Mtx_destroy_in_situ ?__ExceptionPtrDestroy@@YAXPEAX@Z _Mtx_lock _Mtx_init_in_situ _Cnd_register_at_thread_exit _Cnd_do_broadcast_at_thread_exit _Cnd_destroy _Cnd_wait _Mtx_init _Thrd_start _Thrd_id _Mtx_destroy _Cnd_init _Thrd_join _Mtx_unlock _Cnd_broadcast _Cnd_destroy_in_situ ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z ?_Xout_of_range@std@@YAXPEBD@Z ?_Xbad_alloc@std@@YAXXZ ?uncaught_exception@std@@YA_NXZ ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ??0_Lockit@std@@QEAA@H@Z ??1_Lockit@std@@QEAA@XZ _Query_perf_frequency _Strxfrm ?id@?$ctype@D@std@@2V0locale@2@A ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ |
| VCRUNTIME140.dll |
__CxxFrameHandler3
memcmp __std_exception_destroy __std_exception_copy _purecall __std_terminate memmove memset _CxxThrowException strchr __std_type_info_name __C_specific_handler __RTDynamicCast memcpy |
| api-ms-win-crt-runtime-l1-1-0.dll |
_c_exit
_register_thread_local_exe_atexit_callback __p___argc _seh_filter_exe _cexit _set_app_type _crt_atexit _register_onexit_function __p___argv _get_initial_narrow_environment _initialize_onexit_table _initialize_narrow_environment _configure_narrow_argv terminate _initterm _invalid_parameter_noinfo_noreturn signal _exit _initterm_e exit |
| api-ms-win-crt-heap-l1-1-0.dll |
free
_set_new_mode malloc _callnewh realloc |
| api-ms-win-crt-string-l1-1-0.dll |
strncpy_s
strcmp |
| api-ms-win-crt-time-l1-1-0.dll |
_gmtime64
|
| api-ms-win-crt-stdio-l1-1-0.dll |
__p__commode
_set_fmode __stdio_common_vsprintf |
| api-ms-win-crt-math-l1-1-0.dll |
sqrtf
__setusermatherr |
| api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2018-Oct-13 20:40:13 |
| Version | 0.0 |
| SizeofData | 73 |
| AddressOfRawData | 0x38744 |
| PointerToRawData | 0x37b44 |
| Referenced File | e:\PlayspaceMover\x64\Release\PlayspaceMover.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2018-Oct-13 20:40:13 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x38790 |
| PointerToRawData | 0x37b90 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2018-Oct-13 20:40:13 |
| Version | 0.0 |
| SizeofData | 888 |
| AddressOfRawData | 0x387a4 |
| PointerToRawData | 0x37ba4 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2018-Oct-13 20:40:13 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
| StartAddressOfRawData | 0x140038b40 |
|---|---|
| EndAddressOfRawData | 0x140038b48 |
| AddressOfIndex | 0x140045490 |
| AddressOfCallbacks | 0x14002f790 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x100 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x140043010 |
| XOR Key | 0xb0f1d3a2 |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 14 |
| ASM objects (VS 2015/2017 runtime 26706) | 3 |
| C objects (VS 2015/2017 runtime 26706) | 10 |
| C++ objects (VS 2015/2017 runtime 26706) | 31 |
| Imports (VS 2015/2017 runtime 26706) | 4 |
| Imports (VS2017 v15.?.? build 25203) | 4 |
| Imports (VS2017 v15.6 compiler 26128) | 3 |
| Total imports | 247 |
| 265 (VS2017 v15.8.5-8 compiler 26730) | 2 |
| Resource objects (VS2017 v15.8.5-8 compiler 26730) | 1 |
| Linker (VS2017 v15.8.5-8 compiler 26730) | 1 |