3056b7a16c400d5954ab799b4cf340093aee72eb85b7ccd782d0b3772f757c29

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2032-Nov-28 03:19:56
Detected languages English - United States
Debug artifacts wdapp.pdb
CompanyName Microsoft Corporation
FileDescription Windows Device Application Management
FileVersion 10.0.25398.4271 (WinBuild.160101.0800)
InternalName WdApp.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename WdApp.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.25398.4271

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
MASM/TASM - sig1(h)
Info Interesting strings found in the binary: Contains domain names:
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/appx/manifest/desktop/windows10
  • http://schemas.microsoft.com/appx/manifest/desktop/windows10/6
  • http://schemas.microsoft.com/appx/manifest/foundation/windows10
  • http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities
  • http://schemas.microsoft.com/appx/manifest/foundation/windows10/windowscapabilities
  • http://schemas.microsoft.com/appx/manifest/uap/windows10
  • http://schemas.microsoft.com/appx/manifest/uap/windows10/3
  • http://schemas.microsoft.com/appx/manifest/uap/windows10/4
  • http://www.w3.org
  • http://www.w3.org/2001/XMLSchema
  • microsoft.com
  • schemas.microsoft.com
  • www.w3.org
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Can access the registry:
  • RegGetValueW
  • RegCloseKey
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegEnumValueW
  • RegGetValueA
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
 Manipulates other processes:
  • OpenProcess
Malicious The PE's digital signature is invalid. Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA 2010
The file was modified after it was signed.
Safe VirusTotal score: 0/70 (Scanned on 2026-05-07 17:54:51) All the AVs think this file is safe.

Hashes

MD5 25d945041c947d490f2edaa74a837a51
SHA1 c39cee713bd1997936b4a45f58e8350060cb651e
SHA256 3056b7a16c400d5954ab799b4cf340093aee72eb85b7ccd782d0b3772f757c29
SHA3 a2893343c87086d167110d93932936131056348fd866c2f3d4e60b3fa8b4ce44
SSDeep 6144:PErajvZy+Z2P7nfzqrLOpbAdzsABQY+iYPp0J6cthc77Gti8xgk0UXo1dXE8oHw:PE+brwO+iYPp0ccthcvM02o1oE
Imports Hash 7914600f8faab3cfe2d9f3281ed3a994

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2032-Nov-28 03:19:56
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x37000
SizeOfInitializedData 0x2b000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000004FB0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x63000
SizeOfHeaders 0x1000
Checksum 0x613a0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x80000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dd2286c6943e6b19f8a79a8aaf9366ec
SHA1 179bfd02c5650ed7fa0b4dc024fc81112d31c81f
SHA256 d97625038e316ba5c647697fa99456944938d4e6c73c9043abe690931bda2875
SHA3 c93c628230206b760cb98499d94064d981f4ae5cedff17ee98936595be151ee2
VirtualSize 0x36b65
VirtualAddress 0x1000
SizeOfRawData 0x37000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.28595

.rdata

MD5 16b0e3004c393cf77fcd5909b815284a
SHA1 b6dca9da7490eeb8e120173a58aacacff21159aa
SHA256 647a36580e0ffcbab0b081b3a024da7f6e1bb512e8d113dbbd3a806e18d090be
SHA3 01c985cc0f2d4221eb6f41ed1179eff81effdef4f07a09e1d738266afd673ee6
VirtualSize 0x1787c
VirtualAddress 0x38000
SizeOfRawData 0x18000
PointerToRawData 0x38000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.23424

.data

MD5 ab4d1283b56d25ec7c876f9d127a43c5
SHA1 57bb359be325c31d1d8cd669beb141fd41c941b1
SHA256 09e245db919c27d3cd0aee85dd992a16bd8521ce2351efeffa664407afdc1006
SHA3 f95e6bebe5f4ae670bb930ae7efdfcfa41dca51266c164a2a58c64c28a809402
VirtualSize 0x7cb0
VirtualAddress 0x50000
SizeOfRawData 0x1000
PointerToRawData 0x50000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.610635

.pdata

MD5 bfa09345b9b410abba0a030f358e8b45
SHA1 ac17ac325717244d060e0f713d374c825f928465
SHA256 52194487aa78f609be2eb1382466d5059b9302bfecc7a91e6f8916578fed8f67
SHA3 ea26ca7bf6123341ef89eb6a2e468e508b4ce077b22ed96d82f519f49cc04984
VirtualSize 0x15fc
VirtualAddress 0x58000
SizeOfRawData 0x2000
PointerToRawData 0x51000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.15427

.rsrc

MD5 71684d2444356f8b0b66e69b97f9962a
SHA1 fb109b4cead048accee4c9ad3f182515fd2eba34
SHA256 37048c91b1d9410393b58f761cc8098c9b438214d84ccfa7efdc3d649880de6e
SHA3 5b027fe0b008351ec4aeff5d16244e0bb8489c1613eb6cc92d14e0b40ab5f499
VirtualSize 0x7400
VirtualAddress 0x5a000
SizeOfRawData 0x8000
PointerToRawData 0x53000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.89567

.reloc

MD5 c8a2d5f4a6864718d37a47e40356c218
SHA1 2553f70a591da84f76e1135e98e87242d71729ef
SHA256 6f44a9c9b616c91e62aef44208d84ede37e6adbf4c65f23bc727dc5b7f11a9da
SHA3 11f35baf30f0c3189b932320e3705bdb24d4d70d40f1f6609198c24cec8cc767
VirtualSize 0xe4
VirtualAddress 0x62000
SizeOfRawData 0x1000
PointerToRawData 0x5b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.522339

Imports

msvcp_win.dll ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Xbad_alloc@std@@YAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
api-ms-win-crt-runtime-l1-1-0.dll _seh_filter_exe
_set_app_type
_errno
_initterm_e
_configure_wide_argv
_initialize_wide_environment
_invalid_parameter_noinfo
_get_initial_wide_environment
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm
exit
_exit
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-heap-l1-1-0.dll _callnewh
malloc
_set_new_mode
free
api-ms-win-crt-string-l1-1-0.dll memset
wcsnlen
iswdigit
iswalpha
_wcsicmp
toupper
_wcsnicmp
wcscpy_s
iswalnum
api-ms-win-crt-stdio-l1-1-0.dll fflush
__p__commode
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_set_fmode
__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vsnprintf_s
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-private-l1-1-0.dll memmove
__current_exception_context
_CxxThrowException
_purecall
__CxxFrameHandler3
__std_exception_destroy
__std_terminate
memcpy
memcmp
wcschr
__C_specific_handler
__current_exception
__std_exception_copy
ntdll.dll RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-libraryloader-l1-2-0.dll SizeofResource
GetProcAddress
LoadResource
GetModuleHandleExW
LockResource
FreeLibrary
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
api-ms-win-core-synch-l1-1-0.dll OpenSemaphoreW
ReleaseMutex
DeleteCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
LeaveCriticalSection
CreateEventExW
EnterCriticalSection
CreateMutexExW
CreateEventW
SetEvent
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObject
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0.dll HeapFree
GetProcessHeap
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0.dll GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0.dll TerminateProcess
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
api-ms-win-core-localization-l1-2-0.dll FormatMessageW
api-ms-win-core-debug-l1-1-0.dll IsDebuggerPresent
DebugBreak
OutputDebugStringW
api-ms-win-core-handle-l1-1-0.dll CloseHandle
api-ms-win-core-winrt-l1-1-0.dll RoGetActivationFactory
RoInitialize
RoUninitialize
RoActivateInstance
api-ms-win-core-file-l1-1-0.dll CreateFileW
GetFileAttributesW
GetFullPathNameW
DeleteFileW
api-ms-win-core-io-l1-1-0.dll DeviceIoControl
api-ms-win-core-winrt-string-l1-1-0.dll WindowsIsStringEmpty
WindowsConcatString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString
api-ms-win-core-com-l1-1-0.dll IIDFromString
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemFree
api-ms-win-core-heap-l2-1-0.dll LocalAlloc
LocalFree
api-ms-win-core-processthreads-l1-1-1.dll IsProcessorFeaturePresent
OpenProcess
api-ms-win-core-file-l1-2-0.dll GetTempPathW
GetVolumeNameForVolumeMountPointW
api-ms-win-core-synch-l1-2-0.dll Sleep
api-ms-win-core-sysinfo-l1-1-0.dll GetSystemTimeAsFileTime
GetTickCount64
api-ms-win-core-console-l1-1-0.dll SetConsoleCtrlHandler
api-ms-win-core-profile-l1-1-0.dll QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0.dll InitializeSListHead
SHLWAPI.dll SHCreateStreamOnFileEx
SHCreateStreamOnFileW
PathCreateFromUrlW
PathIsURLW
KERNEL32.dll GetPackageApplicationIds
ClosePackageInfo
GetApplicationUserModelId
OpenPackageInfoByFullName
api-ms-win-appmodel-unlock-l1-1-0.dll IsDeveloperModeEnabled
XSAPI.dll XsReadXvcInfoXVD
api-ms-win-core-registry-l1-1-0.dll RegGetValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegGetValueA
api-ms-win-core-libraryloader-l1-2-1.dll FindResourceW
OLEAUT32.dll VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
api-ms-win-core-string-l1-1-0.dll MultiByteToWideChar
api-ms-win-core-winrt-error-l1-1-0.dll SetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1.dll RoGetMatchingRestrictedErrorInfo
api-ms-win-core-file-l2-1-2.dll CopyFileW
api-ms-win-core-threadpool-l1-2-0.dll SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
DisassociateCurrentThreadFromCallback
CloseThreadpoolWait
api-ms-win-eventing-provider-l1-1-0.dll EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
api-ms-win-core-processenvironment-l1-1-0.dll GetEnvironmentVariableW
api-ms-win-crt-convert-l1-1-0.dll _itow_s
XmlLite.dll CreateXmlWriter

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x3b0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.53605
MD5 803b18e4f16951f00544b1fb54443b73
SHA1 c7673a6aaad7e1df006f3292aa1e210b5346fb25
SHA256 ce68bb774ac7c0797472845432dbe4bf5fe7b5db3edcbee49f4346ac3d6e8082
SHA3 0801c66e3a6f2dd8a6814e229acb1a6fc3822a0adf23876c3ac30dad5b1e2035

107

Type UNKNOWN
Language English - United States
Codepage UNKNOWN
Size 0x6fac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.90429
MD5 2ac08633b9e0d0a336fcb532db21f09f
SHA1 84a7b317c4cee0b0be1b812d8cc57a2f9f1d4359
SHA256 267da71475d1cecdca08df8ae037ad8c1fe7b35a45b6aeb2cc3c836373b9fc3f
SHA3 f19bcd10b4abcc2fd45bd42e662cf34d60ad6c9505352e3d410f442544762cdd

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.25398.4271
ProductVersion 10.0.25398.4271
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Windows Device Application Management
FileVersion (#2) 10.0.25398.4271 (WinBuild.160101.0800)
InternalName WdApp.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename WdApp.exe
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.25398.4271
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2032-Nov-28 03:19:56
Version 0.0
SizeofData 34
AddressOfRawData 0x454ac
PointerToRawData 0x454ac
Referenced File wdapp.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2032-Nov-28 03:19:56
Version 0.0
SizeofData 1092
AddressOfRawData 0x454d0
PointerToRawData 0x454d0

UNKNOWN

Characteristics 0
TimeDateStamp 2032-Nov-28 03:19:56
Version 0.0
SizeofData 36
AddressOfRawData 0x45914
PointerToRawData 0x45914

TLS Callbacks

StartAddressOfRawData 0x140045958
EndAddressOfRawData 0x140045960
AddressOfIndex 0x140050900
AddressOfCallbacks 0x140038c18
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1400501b8
GuardCFCheckFunctionPointer 5368941368
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x940640c8
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 82
C objects (32595) 11
ASM objects (32595) 4
Total imports 244
Imports (32595) 11
C++ objects (32595) 38
C++ objects (LTCG) (32595) 25
Resource objects (32595) 1
Linker (32595) 1

Errors

Leave a comment

No comments yet.