Manalyze report for 19b9847f0bc54f9cacf897cec6f901d88a7f53ac6945268866865861dda9c8ca

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Feb-19 12:20:16
Debug artifacts	D:\a\_work\1\s\src\runtime\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
CompanyName	SubtitleHider2
FileDescription	SubtitleHider2
FileVersion	`1.0.0.0`
InternalName	SubtitleHider2.dll
LegalCopyright
OriginalFilename	SubtitleHider2.dll
ProductName	SubtitleHider2
ProductVersion	`1.0.0`
Assembly Version	1.0.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Contains domain names: http://schemas.microsoft.com http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation https://aka.ms microsoft.com schemas.microsoft.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegCloseKey RegOpenKeyExW RegGetValueW` `Possibly launches other programs: ShellExecuteW`
Suspicious	The file contains overlay data.	`10955 bytes of data starting at offset 0x27a00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`3ba5596086e84965ad8c109146080d04`
SHA1	`2e57fe3ea330f857dcdca702b7cb0f8f92dda93c`
SHA256	`19b9847f0bc54f9cacf897cec6f901d88a7f53ac6945268866865861dda9c8ca`
SHA3	`1cee526908382025a34d0b59d5b341cc09cc021545ee83c92469c38564758359`
SSDeep	`3072:7XwANETcQt1OvbRxHrfqDQXF+duPYse8wm082jT6Hb6jr:7lxvtxLfyQXAXDrKA`
Imports Hash	`53e4e12437621212a425d294842d0a96`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Feb-19 12:20:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x18400`
SizeOfInitializedData	`0x10200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000013B80 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2d000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`46932c45ef12a371702ce0a36149c636`
SHA1	`9d4d25cbe80116dfbb68b8e9551a731729b1c87f`
SHA256	`4008ccbc404e89d3e807f84246d0b6130b22f56e6c2d6eb5417b900d1fad47ff`
SHA3	`ba9238c43040e27305f9a17105bbf5743b12954fd9f44cabd50ebce7d473eefd`
VirtualSize	`0x1839c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36319`

.rdata

MD5	`132dd1c6d35f27ff505e2d41531db465`
SHA1	`a70ca07350c2d0a59f3878cc3c23ccf8d1edd086`
SHA256	`1c126ab14e74368d18ae46bec7f3f6dd5d84b0d4e35a4687a44ae4a6b57af6b2`
SHA3	`1d30ac6451a59e5797556933bbee775d9025f62f7ad0d004025543b5dc8d0e74`
VirtualSize	`0xc5fe`
VirtualAddress	`0x1a000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x18800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84672`

.data

MD5	`ec519aa8795c3135d8c17f851c48fc41`
SHA1	`c3781cb6aed1da4f94f8ab53fc97b903d346b652`
SHA256	`17d3cf48cc50c9f69a4727c682c1b76350fafb1d6ae1c68730745cd33af09898`
SHA3	`e07ddc8148e33bb26b6b95bab45fade6f964037f982760f6ce417ca25265c21d`
VirtualSize	`0x1a40`
VirtualAddress	`0x27000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x24e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.24921`

.pdata

MD5	`145209890bbc2ecbc84762fcd08efd0b`
SHA1	`b977d1f04a2d16147d86562124dde273386113bc`
SHA256	`5fd25e8acfaad5694cf25ea9676bd7e8569b1d9689e1c363afbba3e2f5180860`
SHA3	`8f915a320403176e49869b53edef17d54c34f98d1f3d35ed9e055ac17e6cfd7b`
VirtualSize	`0x14c4`
VirtualAddress	`0x29000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x25a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.92549`

.reloc

MD5	`013117ac819f8cbe20d402f784ee2731`
SHA1	`2f089ff04f134328ae06b14119155796239226aa`
SHA256	`f6bfd84f8de960552694e3ba178d8b40ea4a0ea893f4dfe14706415288487e4a`
SHA3	`a31b80535fd6738c1909a024a81da7b26e3dcca70b1f62a8a3c9ef72b219e1c9`
VirtualSize	`0x33c`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x400`
PointerToRawData	`0x27000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.80647`

.rsrc

MD5	`f58b825781dd5c5f9651535ba12f0588`
SHA1	`0cb58cd86cdb12e6d4f3a54fc0e3777db84e6eec`
SHA256	`4106344d337d4890178b3b29a510fef96ecaf8782992745fd9edced715f3b3f6`
SHA3	`b79f1d3eacf5463661a4e785c3ea295a51ff17645bc9e7543d7e027da2a9ac98`
VirtualSize	`0x588`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x600`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.07257`

Imports

SHELL32.dll	`ShellExecuteW`
ADVAPI32.dll	`RegCloseKey` `ReportEventW` `RegisterEventSourceW` `RegOpenKeyExW` `RegGetValueW` `DeregisterEventSource`
KERNEL32.dll	`TlsFree` `CreateActCtxW` `ActivateActCtx` `GetLastError` `FindResourceW` `GetWindowsDirectoryW` `GetProcAddress` `GetModuleHandleW` `FreeLibrary` `LoadLibraryExW` `FindFirstFileExW` `EnterCriticalSection` `GetFullPathNameW` `FindNextFileW` `GetCurrentProcess` `GetStdHandle` `GetModuleHandleExW` `GetModuleFileNameW` `LeaveCriticalSection` `GetEnvironmentVariableW` `FindClose` `GetFileAttributesW` `MultiByteToWideChar` `GetConsoleMode` `GetFileAttributesExW` `LoadLibraryA` `WriteConsoleW` `DeleteCriticalSection` `WideCharToMultiByte` `IsWow64Process` `OutputDebugStringW` `GetCurrentProcessId` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStringTypeW` `SwitchToThread` `GetCurrentThreadId` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `LCMapStringEx` `QueryPerformanceCounter` `GetSystemTimeAsFileTime`
USER32.dll	`MessageBoxW`
api-ms-win-crt-runtime-l1-1-0.dll	`terminate` `_register_thread_local_exe_atexit_callback` `_c_exit` `__p___wargv` `__p___argc` `_exit` `exit` `_initterm_e` `_errno` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `abort` `_invoke_watson`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `malloc` `_callnewh` `free`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `_gmtime64_s` `wcsftime`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vfwprintf` `__p__commode` `fputwc` `__acrt_iob_func` `__stdio_common_vswprintf` `_set_fmode` `_wfsopen` `fflush` `setvbuf` `__stdio_common_vsnwprintf_s`
api-ms-win-crt-locale-l1-1-0.dll	`_create_locale` `___mb_cur_max_func` `___lc_codepage_func` `___lc_locale_name_func` `__pctype_func` `_configthreadlocale` `setlocale` `_lock_locales` `_free_locale` `_unlock_locales`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `strcmp` `wcsncmp` `toupper` `strcpy_s` `_wcsdup` `wcsnlen`
api-ms-win-crt-convert-l1-1-0.dll	`_wtoi` `wcstoul`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22571`
MD5	`14be03a123ed18250b0a03140587ccef`
SHA1	`ba39646beafad8e8f5953cee4d62ea1c618128c0`
SHA256	`9eac3390e44e4296f87dfbb147d4a9d61617e213a9404ba3ed1a5700f60079a9`
SHA3	`e94ac4e5d66c5d503ae5093d4ea16584094b79fb0f217e0447b39b30b5f8e248`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	SubtitleHider2
FileDescription	SubtitleHider2
FileVersion (#2)	1.0.0.0
InternalName	SubtitleHider2.dll
LegalCopyright
OriginalFilename	SubtitleHider2.dll
ProductName	SubtitleHider2
ProductVersion (#2)	1.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-19 18:53:15
Version	`0.0`
SizeofData	`121`
AddressOfRawData	`0x22e2c`
PointerToRawData	`0x2162c`
Referenced File	D:\a\_work\1\s\src\runtime\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Feb-19 18:53:15
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x22ea8`
PointerToRawData	`0x216a8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Feb-19 18:53:15
Version	`0.0`
SizeofData	`988`
AddressOfRawData	`0x22ebc`
PointerToRawData	`0x216bc`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2026-Feb-19 18:53:15
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x232c0`
PointerToRawData	`0x21ac0`

TLS Callbacks

StartAddressOfRawData	`0x1400232e8`
EndAddressOfRawData	`0x1400232f8`
AddressOfIndex	`0x140028a28`
AddressOfCallbacks	`0x14001a518`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0x800`
EditList	`0`
SecurityCookie	`0x1400270c0`
GuardCFCheckFunctionPointer	`5368816712`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x2c9dc778`
Unmarked objects	`0`
ASM objects (35207)	`10`
C objects (35207)	`13`
C++ objects (35207)	`86`
Imports (VS2008 SP1 build 30729)	`16`
Imports (33145)	`9`
Total imports	`212`
C++ objects (LTCG) (35220)	`10`
Linker (35220)	`1`

Errors

Leave a comment

No comments yet.