Manalyze report for 72a0bcac2d4de630ad094bfc312bd4431aa5c286c683de7e0650c1675e5fc7c5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2051-Dec-17 16:53:21
Detected languages	English - United States
Debug artifacts	setup.pdb
CompanyName	Microsoft Corporation
FileDescription	Windows Installer
FileVersion	`10.0.26100.1 (WinBuild.160101.0800)`
InternalName	Setup
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	SETUP.EXE
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	`10.0.26100.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: fothk`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Possibly launches other programs: CreateProcessW`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Code Signing PCA 2010`
Safe	VirusTotal score: 0/70 (Scanned on 2026-05-05 20:59:01)	`All the AVs think this file is safe.`

Hashes

MD5	`6219d2192604c34e31ea8521d77dcb13`
SHA1	`e65e779cd8a04cd7f6e8137faafb8b794ad76cc4`
SHA256	`72a0bcac2d4de630ad094bfc312bd4431aa5c286c683de7e0650c1675e5fc7c5`
SHA3	`01da32181ea006eac6deec77e3df01915d40c541f25aeddbfef80a033982ae60`
SSDeep	`768:PwPDKUlwKtqRfO3nrY8gV/SzpzlV3Cm0i5q1O+DGpNADd5D3Uf4BEpw9z8P:P8QfO3nrY8gIVphD0i5UOigfSEp4z6`
Imports Hash	`fc068fda245a7a35879cc4dbabed66b7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2051-Dec-17 16:53:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_NET_RUN_FROM_SWAP` `IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x12000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001400 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x16000`
SizeOfHeaders	`0x1000`
Checksum	`0x24623`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8cb5a4a343dc396fe1eb1caa7cd0a310`
SHA1	`c3bf2be6e2e495ed8ec61a16280f208630761439`
SHA256	`320a26b38eb12896f22ae10458d7cf1a5a90dd4cd100a1b80f7704f1a4bdee9a`
SHA3	`514826aaa2c4247d066a490e19ec8ce93474aa7eae6923c2eec07bbedcfba1c2`
VirtualSize	`0x1a70`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.31217`

fothk

MD5	`524bdf7df9ee12711a65d06b1ec6a44f`
SHA1	`e68d663d86b78c3c6d89a5a44508591fa9583618`
SHA256	`0b407120a100e1866ff93d12efe808cba844ee0a14d2290ac6081ea45366e0ff`
SHA3	`a7156642c241cf5b539996c7e12977ee1231c1cd74e5aaa9d9cdd7ed3e805d6e`
VirtualSize	`0x1000`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0159202`

.rdata

MD5	`e749ac92f17b4ea681ad0d63858181ce`
SHA1	`b9d6faad6b6d366fe9951fd53eb62370d341a0f2`
SHA256	`973a07b950a6d0cbfae76938f32d5e59cff77ec2b7a13ec30db3651e942b7efb`
SHA3	`cb450c96db705e9a1eb2ac20ca059396e96137cfe40eaf40e71de761beb622ff`
VirtualSize	`0x11f8`
VirtualAddress	`0x4000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.77514`

.data

MD5	`6fe0dc35a7d20231c7665007b8f84ac8`
SHA1	`2a91cd84a6f33e1c169529583ba6b63056b2a375`
SHA256	`8e069c6b8ee46156bfa51c9e1800c5ebb6dd58179d128921b94c79e0efcb0f2d`
SHA3	`4ad9cba7fed9a5b36d2d3943e859bcd8ff325c736647fdc64a1b33386ce206ed`
VirtualSize	`0x700`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0487307`

.pdata

MD5	`48b08443053eadf031bf6d13dc416f54`
SHA1	`1423c947ce99769a0ad1fdc09885b26d1e79ee61`
SHA256	`9d09828f1a1c8b0383c0b036fefd98bb736ca479de79a219ce81b35052f03fb7`
SHA3	`11f2594841cab518cd4a26894d162ffc2bf44d7bd0dcf2b5759997fe515121f7`
VirtualSize	`0x1bc`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.614809`

.rsrc

MD5	`135fcea4e23b937f12aa5ec83b7ffe8d`
SHA1	`f3d0bd05b8c941b23102bb426f6683182f2a9129`
SHA256	`434d42c4a0a2c00a11660c93cac1145a83304d3cb52477e78c74184c42c0b243`
SHA3	`ed470c21e3f6133d13c378e6c137d8e2f29e3fdc313fd3f3a9c2da8cda3136d2`
VirtualSize	`0xc840`
VirtualAddress	`0x8000`
SizeOfRawData	`0xd000`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.52764`

.reloc

MD5	`6838b1e98cb9cf0756b75f4b8c7bf2f1`
SHA1	`f89da6435704189ae8462cf3e6c3e252e60f6a6e`
SHA256	`b166aa9139aa2676dc4f519c1c1fbf56930b6cb766adace07a73a0ad4c76a0cc`
SHA3	`286c0b4ed4e9ecc424033e2c50efbe4e6158ca076c370e9df6843aed4f1092e3`
VirtualSize	`0x88`
VirtualAddress	`0x15000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.186025`

Imports

KERNEL32.dll	`GetCurrentDirectoryW` `HeapAlloc` `GetExitCodeProcess` `LoadLibraryExW` `FreeLibrary` `CreateProcessW` `GetProcessHeap` `GetProcAddress` `SetCurrentDirectoryW` `GetNativeSystemInfo` `CloseHandle` `GetLastError` `GetFileAttributesW` `WaitForSingleObject` `CreateMutexW` `SetEnvironmentVariableW` `GetModuleFileNameW` `GetFullPathNameW` `HeapFree` `Sleep` `GetStartupInfoW` `SetUnhandledExceptionFilter` `GetModuleHandleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `GetTickCount` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `LocalFree` `LocalAlloc` `FormatMessageW` `SetLastError`
USER32.dll	`LoadStringW` `MessageBoxW` `SetForegroundWindow` `EnumWindows` `ShowWindow` `GetWindowLongPtrW` `GetWindowThreadProcessId`
msvcrt.dll	`_fmode` `_wcmdln` `memset` `__C_specific_handler` `_initterm` `__setusermatherr` `_cexit` `_exit` `?terminate@@YAXXZ` `__set_app_type` `__wgetmainargs` `_amsg_exit` `_XcptFilter` `_callnewh` `malloc` `_vsnwprintf` `_commode` `exit` `free`
ntdll.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlCaptureContext`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.79857`
MD5	`6c4ca8d4787118d4269e0b5fa90a634c`
SHA1	`5c72e466e50135464118b562b8e5b96273a2493f`
SHA256	`bdedad6b713b845a3f888c82aa120569167bcf72d664e0bac5c201b524a0ee1f`
SHA3	`80e0b2f9a9f490db41a8bc624a8061f8e326190e4d4c07bae4fb4d2d131a1921`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88492`
MD5	`0d5212523f3399b31e9d3a77f0553465`
SHA1	`4cbf86741ffdf6fba858b963355b7018c4974ca4`
SHA256	`fbb9afddf8060f45f41f5c9d0970416f1f75249e7ee47d28f745b68587a0af4c`
SHA3	`f042341a77c9c18c9dd7822a911a50417b24743d1ce9e97d11210611af84bc19`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61243`
MD5	`35fc6eb58ebb186da92995b9d12d6398`
SHA1	`2505fd7bbaaae51d03b852cf8bfc3f431587f6de`
SHA256	`67277bd84bb5bd315ce1e19d6ef05df0830ac425874de7aec110c5951bd0273b`
SHA3	`c313270654dc3779064a5958984dfbdaa0c1f53e472718ec226edeb8d5ff9cc6`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.60227`
MD5	`2ad547db9a12104605bc757ec831373b`
SHA1	`446e1a4662f8ef5093df1c50ecdd5b5ec3dba17c`
SHA256	`742d32fdf61383fc74f628a114e4d00202efc8e35efa162f26584b627fa270df`
SHA3	`11142173f8bb7dabafe1e32807278a095b2f9c2181235abf78def9fa6e559b4b`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.35159`
MD5	`aeb1e5a19b2c2b418e87ce009f5bccf0`
SHA1	`0423a452755fbeef103362f6044981a27c185751`
SHA256	`ae3ea3c9d80df038fc58d2dccf4bf2f83b05a8ddd38b6106b6bf0d603d7ae0b2`
SHA3	`82551d8a8fe1d149c8d89a40beb44c84e1688fd08e39cc19c9e22aa7bdf2537f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.11143`
MD5	`2c54758f6e3b9bc533212ce378111f02`
SHA1	`3652bb18c3e6e14eff9b33f48ed1b2b6a06d1acf`
SHA256	`7417d2c6b8cbab96a26c508953e645958a6a576a3e52c14e788416a08cf0d1d9`
SHA3	`3b83523d106ba9714181ecf92e6bd336fc7894c35c781f675c93d06530171f19`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49375`
MD5	`b0184f942e8b6375f827c7116724cc16`
SHA1	`24d62c01ee8279e954e65db0579564cfee3f1a2a`
SHA256	`c2f46320e77d6113537963e924e233c49354593d7d8e6e8d2985447996537b79`
SHA3	`5bfb506e5c59eda3aba737346b55ff4d27caa1af051937761f80efe66933a7c1`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.49145`
MD5	`b7556990450e8c7e1512ca8e80b70777`
SHA1	`deaeb5ace894495a9aa3a5f8578067645ed13444`
SHA256	`c9bc908043e553f53838647bf5edda05cd5b249b19058476c3ddb6d21b2f9ed4`
SHA3	`338f1fc62368a8f52393e64c383b6b2b1e516c0519e3faf3c9e4933b2aa4c0b4`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x424f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91299`
Detected Filetype	PNG graphic file
MD5	`e53ffe0f0a8fcf8267d9f13851cd250d`
SHA1	`4702d8383f6928f8c7a8926a0c68b54dfe5fa761`
SHA256	`b40c7b46a33e254b38456a827111467151b248ad8b16eaed350f33a931d1e32e`
SHA3	`e30fe287ebef3c2fbbe9891ec0224fe4c6fff76d803b8e8e9fe97a6edeb42ebc`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43385`
MD5	`34006553678b31aba5a4a9cb229807b1`
SHA1	`4bf2881cc3216b1cf3086976c8bad733113c7097`
SHA256	`e7876b7bdb3746c9fd6d9d167ac41bea853f25f049629f3b83432dd686d733c3`
SHA3	`2124a76a0dfd3c49c2c9140910376e61a9a396288a2ef6fa2968b69d9032b418`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.59676`
MD5	`2c4bc7aa56bb04b7a027313f96545af7`
SHA1	`608d0b934b180a0b2aba48826ea34ac9095e770e`
SHA256	`b68ef3a3d710e529385d226998a764687c9ffbc3b3a35009158f8afcae533a9a`
SHA3	`67a0c554809a801911bc0dbf2027eda85f2f26506c5394c43a1ca3d898d70795`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x9e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.61983`
MD5	`90b6783ee665eca95a4234332847ba6f`
SHA1	`4ba8521409534588504cb52e2c8327bfb7d37084`
SHA256	`188ae895e717b26801301102dcb0cf1d92170268103f962b2d1fc14a406a4833`
SHA3	`97be5b7836fa9bc3ee9e628966713cf8416e6202410aa07442ff45ad73cf2bbe`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.979`
MD5	`1d30d52e43593364a57e2056a4e89846`
SHA1	`c3d9e822629460e7b8e509dc306e8592197b540d`
SHA256	`747458ed8a07d3f01c352c42e3b08b642a3fd69fac1e5199cfa67b2f98287af2`
SHA3	`43b000c967f33e4272cfc38cb998ca8c8ee63b1c7588360e9d4b0d5b4579278d`

7 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x102`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.02792`
MD5	`70fdf5bc47bbc979aa3ddba4daaf8d93`
SHA1	`aef1537db0ee76256a674fafb704aa3536e5c44e`
SHA256	`54f1ee4a43bc8c68505635e52e51b87928b1169aea3ca4248b365c52e649cd83`
SHA3	`ca0890280cd052abb982b608500759e067888619420d4e9476db2bb6ecfd295b`

32

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.68633`
MD5	`90bb6a1102073cd9e6b36fb3134219bf`
SHA1	`e19fd1ca90caef6e9e07485569962657fe1a24a9`
SHA256	`3c907e9c152823159f8ec5a2d7d92018b575f2d87b2d58a296b2f6df339676e7`
SHA3	`cc9879a814c9a01cfa2e8b4480c801703b709b7d62ad809d746d9cd058ca3977`

1000

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07512`
Detected Filetype	Icon file
MD5	`22d9f7ed0fae3c49268436d1e778ff29`
SHA1	`bcf04e99110a2b72afa507dc5c65863bed8c6a83`
SHA256	`3a66e4ae20d7e0b0082d0c62c84b842a1ffc9e2d25b3322e654e0a0cf3f92cc2`
SHA3	`38e021669e207b662924aa953acfa4b51a9116175fa6eabfec8fca636a14bd69`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x380`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44972`
MD5	`b15730d14e1bf61b5abf8fe3b0807196`
SHA1	`93ceb530075e2150d68d360e1e2dabd13b044b11`
SHA256	`3be8500ef295422af4185db995bec85f8adb25eae9c98cfe640a06bab0a9d816`
SHA3	`370c85dbdab14e3aee2811ec8bf25109eb491cdc77325e1d900f9b1981436b00`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01267`
MD5	`a43bf297e657b8ed3fbf3ec2dccf93fe`
SHA1	`37bac7c426adc78387e1ed5041cd25beedcb1ca8`
SHA256	`3905db231872adc98e046e406b7c47503922b3f172dfb5104212cbb5c07e487f`
SHA3	`215584b5496fe63d8c024f01b4f08096e9e17e05acb5b4cfb0ad5b410454ed5c`

String Table contents

Install Windows
The file '%1!s!' could not be loaded or is corrupt. Setup cannot continue. Error code is [0x%2!X!]
Windows 11 Setup (32-bit)
Windows 11 Setup (64-bit)

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.26100.1
ProductVersion	10.0.26100.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows Installer
FileVersion (#2)	10.0.26100.1 (WinBuild.160101.0800)
InternalName	Setup
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	SETUP.EXE
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion (#2)	10.0.26100.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2051-Dec-17 16:53:21
Version	`0.0`
SizeofData	`34`
AddressOfRawData	`0x4680`
PointerToRawData	`0x4680`
Referenced File	setup.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2051-Dec-17 16:53:21
Version	`0.0`
SizeofData	`556`
AddressOfRawData	`0x46a4`
PointerToRawData	`0x46a4`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2051-Dec-17 16:53:21
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x48f8`
PointerToRawData	`0x48f8`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2051-Dec-17 16:53:21
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x491c`
PointerToRawData	`0x491c`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140006040`
GuardCFCheckFunctionPointer	`5368726400`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xfc136ceb`
Unmarked objects	`0`
Unmarked objects (#2)	`1`
ASM objects (33136)	`4`
C objects (33136)	`20`
C++ objects (33136)	`3`
Imports (33136)	`13`
Total imports	`144`
C objects (LTCG) (33136)	`13`
Resource objects (33136)	`1`
Linker (33136)	`1`

Errors

Leave a comment

No comments yet.