Manalyze report for 741f40026d50642a11408891ea161da8

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-May-26 15:21:02
Detected languages	English - United States
Debug artifacts	C:\agent\_work\13\s\build\ship\x64\SfxCA.pdb
CompanyName	.NET Foundation
FileDescription	DTF Self-Extracting Custom Action
FileVersion	`3.14.0.6526`
InternalName	SfxCA
LegalCopyright	Copyright (c) .NET Foundation and contributors. All rights reserved.
OriginalFilename	SfxCA.dll
ProductName	Windows Installer XML Toolset
ProductVersion	`3.14.0.6526`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe`
Suspicious	The PE is possibly packed.	`Unusual section name found: .gxfg` `Unusual section name found: .gehcont`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW`
Malicious	The file contains overlay data.	`470067 bytes of data starting at offset 0x3a200.` `The file contains a CAB Installer file after the PE data.`
Suspicious	VirusTotal score: 1/68 (Scanned on 2026-02-03 12:28:58)	`Cynet: Malicious (score: 100)`

Hashes

MD5	`741f40026d50642a11408891ea161da8`
SHA1	`c6ecc6ab6c33feef5fb8b5bd80bca7431deb1ccf`
SHA256	`50c21f409e3ceee6eb6c2fe8c6dc2f8acc4920a03a872ba723a3e80dba9953fe`
SHA3	`19548c18ca90499fcd69cacabd42ea1a1b69717788ce0dd5f295a9e771419033`
SSDeep	`12288:h2AM3JDcpjow1kY4JvmkzKT9WfdOw9tv9yAd0Q5tg1ZARZQZnhJBtVNdt3Mr:hjM70kvmkzKaNxyasO2h/tHTa`
Imports Hash	`09331e16abbe2896305fec77cb6103cc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2022-May-26 15:21:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1b600`
SizeOfInitializedData	`0x1e800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000055BC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x40000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cafef37ea7d9f34a310d68d181cc67aa`
SHA1	`615e9da5b294fe5395b301bcb4ab805134db64d3`
SHA256	`14c9f8fce6ce03280773e3d77f37d148fd1f07a1a9971135551626c659e027e5`
SHA3	`abe4ee47a596a94fe273d29c081b5ddc5956a7130cf5d769fe5c148f7604c38f`
VirtualSize	`0x1b480`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1b600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49933`

.rdata

MD5	`0e51f8e02a54130c6f4bab3888410a4d`
SHA1	`2523060167d50264cc6b9f87ad487aaced740f4e`
SHA256	`9ac9201412c4f1c7ffeb3111d4949c6cf1842b47237b2c667d724c779df98854`
SHA3	`70572f3f97c13fe25e9a7ade140d303d5b2558109a3eb75fb18d787ecbeb2f15`
VirtualSize	`0x1984a`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x19a00`
PointerToRawData	`0x1ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.8448`

.data

MD5	`ebd74688c4c38425eac6e3c510e78fb8`
SHA1	`e826892772928cacf93392d764cec266aa65bb90`
SHA256	`973a7f9795627c274abf1cb04b194faebf779faa57dc71b89aeb91fbe305d09d`
SHA3	`ffd7bc264adf7d468ffa23c292b45e925360457eebbf66f24560599e1e76846e`
VirtualSize	`0x1d70`
VirtualAddress	`0x37000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x35400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.15627`

.pdata

MD5	`12a2e32f2c82808887c5cc95acb97f03`
SHA1	`0a71fe135dc4e814249c7f1d20ccb9bf476fcc07`
SHA256	`7416008d6595e3bb5055fff4d37e14b33fcc185b0afe99a5e1efa367ffe95c0b`
SHA3	`88b38aa40c876040c5a605f6ec4ef0c79f34d573f1b2ce05e7f3733de021a47b`
VirtualSize	`0x1674`
VirtualAddress	`0x39000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x36000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.96396`

.gxfg

MD5	`30ebe4bf69c5c6950b626f6c399a7180`
SHA1	`2ecd6fc48f4f1e69584893e79dedfbd1d34a8673`
SHA256	`6f1f1965b60dfbc1c039d01b57e1c1e75522030b11569a19aec4cc2e0bf09e52`
SHA3	`63ea4a67a6b2c2c6140723e126375c12784a37ef410d48dc5a07405a94778305`
VirtualSize	`0x1600`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x37800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.15789`

.gehcont

MD5	`d65f52ec5cca347fc256bef9112b8cec`
SHA1	`6601cd6e3686062648ea9a3b9992793486aea5e8`
SHA256	`b2b42021c37cb4b4cdd83a3145e08244cba2eeacaae780c3cd5a95ce165a6250`
SHA3	`37bccd97c22cb4ca6f805b09e03a63316f502c4dd60faee44f4c1da3a502908c`
VirtualSize	`0x10`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x38e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

.rsrc

MD5	`44da10b330eb9c74a2fe7d0c913ccf90`
SHA1	`9d2b4331ca87bfadb77f5aefe2880b416989092c`
SHA256	`8db77742a400103c6234aa6abd44d57cab66404a68eadacf3e3136e1c6fb6113`
SHA3	`8f788125298ae75dca411783e0d314eb8918349ff57d5fed5156a0c983578a6c`
VirtualSize	`0x8e0`
VirtualAddress	`0x3e000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x39000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.28954`

.reloc

MD5	`f7246e418ee1f53d2c9e69d5a6b6afd9`
SHA1	`fc4128fe602e1fced65dd736f48d0f58a740d430`
SHA256	`049f2b78ecfd727ad125ac0e8f7f3945a21f0f7a18f16ec378450fd58586dc38`
SHA3	`5daa5458b94dedc13b456ff883f9cf87b887713acbcf316f14eea3b2abb88980`
VirtualSize	`0x67c`
VirtualAddress	`0x3f000`
SizeOfRawData	`0x800`
PointerToRawData	`0x39a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.95153`

Imports

msi.dll	`#32` `#48` `#142` `#147` `#80` `#76` `#62` `#140` `#221` `#54` `#135` `#51` `#207` `#139` `#58` `#47` `#103` `#133` `#34` `#171` `#143` `#64` `#63` `#74` `#145` `#49` `#167` `#120` `#123` `#115` `#118` `#116` `#125` `#121` `#114` `#119` `#17` `#150` `#78` `#165` `#26` `#166` `#163` `#160` `#159` `#162` `#8`
Cabinet.dll	`#22` `#21` `#20` `#23`
SHLWAPI.dll	`PathFileExistsW`
OLEAUT32.dll	`SysAllocString` `VariantInit` `SafeArrayCreateVector` `SafeArrayPutElement` `SafeArrayDestroy` `SysFreeString`
KERNEL32.dll	`WriteConsoleW` `GetStringTypeW` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `FindFirstFileExW` `WideCharToMultiByte` `GetStdHandle` `SetEndOfFile` `SetStdHandle` `HeapSize` `LCMapStringW` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `HeapAlloc` `HeapFree` `GetModuleHandleExW` `ExitProcess` `GetConsoleOutputCP` `ReadConsoleW` `GetConsoleMode` `SetFilePointerEx` `GetFileType` `EncodePointer` `LoadLibraryExW` `HeapReAlloc` `FlushFileBuffers` `GetSystemDirectoryW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `SetLastError` `GetLastError` `FreeLibrary` `GetProcAddress` `LoadLibraryW` `CreateDirectoryW` `MultiByteToWideChar` `CreateFileW` `ReadFile` `WriteFile` `CloseHandle` `ConnectNamedPipe` `DisconnectNamedPipe` `CreateNamedPipeW` `WaitNamedPipeW` `GetOverlappedResult` `CancelIo` `SetEvent` `ResetEvent` `WaitForSingleObject` `CreateEventW` `WaitForMultipleObjects` `GetExitCodeProcess` `CreateThread` `CreateProcessW` `GetTickCount` `GetModuleFileNameW` `DeleteFileW` `FindClose` `FindFirstFileW` `FindNextFileW` `GetFileAttributesW` `RemoveDirectoryW` `GetTempPathW` `InterlockedFlushSList` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException`

Delayed Imports

Ordinal	`1`
Address	`0x384c`

(#2)

Ordinal	`2`
Address	`0x385c`

(#3)

Ordinal	`3`
Address	`0x386c`

(#4)

Ordinal	`4`
Address	`0x387c`

(#5)

Ordinal	`5`
Address	`0x388c`

(#6)

Ordinal	`6`
Address	`0x389c`

(#7)

Ordinal	`7`
Address	`0x38ac`

(#8)

Ordinal	`8`
Address	`0x38bc`

(#9)

Ordinal	`9`
Address	`0x38cc`

(#10)

Ordinal	`10`
Address	`0x38dc`

(#11)

Ordinal	`11`
Address	`0x38ec`

(#12)

Ordinal	`12`
Address	`0x38fc`

(#13)

Ordinal	`13`
Address	`0x390c`

(#14)

Ordinal	`14`
Address	`0x391c`

(#15)

Ordinal	`15`
Address	`0x392c`

(#16)

Ordinal	`16`
Address	`0x393c`

(#17)

Ordinal	`17`
Address	`0x394c`

(#18)

Ordinal	`18`
Address	`0x395c`

(#19)

Ordinal	`19`
Address	`0x396c`

(#20)

Ordinal	`20`
Address	`0x397c`

(#21)

Ordinal	`21`
Address	`0x398c`

(#22)

Ordinal	`22`
Address	`0x399c`

(#23)

Ordinal	`23`
Address	`0x39ac`

(#24)

Ordinal	`24`
Address	`0x39bc`

(#25)

Ordinal	`25`
Address	`0x39cc`

(#26)

Ordinal	`26`
Address	`0x39dc`

(#27)

Ordinal	`27`
Address	`0x39ec`

(#28)

Ordinal	`28`
Address	`0x39fc`

(#29)

Ordinal	`29`
Address	`0x3a0c`

(#30)

Ordinal	`30`
Address	`0x3a1c`

(#31)

Ordinal	`31`
Address	`0x3a2c`

(#32)

Ordinal	`32`
Address	`0x3a3c`

(#33)

Ordinal	`33`
Address	`0x3a4c`

(#34)

Ordinal	`34`
Address	`0x3a5c`

(#35)

Ordinal	`35`
Address	`0x3a6c`

(#36)

Ordinal	`36`
Address	`0x3a7c`

(#37)

Ordinal	`37`
Address	`0x3a8c`

(#38)

Ordinal	`38`
Address	`0x3a9c`

(#39)

Ordinal	`39`
Address	`0x3aac`

(#40)

Ordinal	`40`
Address	`0x3abc`

(#41)

Ordinal	`41`
Address	`0x3acc`

(#42)

Ordinal	`42`
Address	`0x3adc`

(#43)

Ordinal	`43`
Address	`0x3aec`

(#44)

Ordinal	`44`
Address	`0x3afc`

(#45)

Ordinal	`45`
Address	`0x3b0c`

(#46)

Ordinal	`46`
Address	`0x3b1c`

(#47)

Ordinal	`47`
Address	`0x3b2c`

(#48)

Ordinal	`48`
Address	`0x3b3c`

(#49)

Ordinal	`49`
Address	`0x3b4c`

(#50)

Ordinal	`50`
Address	`0x3b5c`

(#51)

Ordinal	`51`
Address	`0x3b6c`

(#52)

Ordinal	`52`
Address	`0x3b7c`

(#53)

Ordinal	`53`
Address	`0x3b8c`

(#54)

Ordinal	`54`
Address	`0x3b9c`

(#55)

Ordinal	`55`
Address	`0x3bac`

(#56)

Ordinal	`56`
Address	`0x3bbc`

(#57)

Ordinal	`57`
Address	`0x3bcc`

(#58)

Ordinal	`58`
Address	`0x3bdc`

(#59)

Ordinal	`59`
Address	`0x3bec`

(#60)

Ordinal	`60`
Address	`0x3bfc`

(#61)

Ordinal	`61`
Address	`0x3c0c`

(#62)

Ordinal	`62`
Address	`0x3c1c`

(#63)

Ordinal	`63`
Address	`0x3c2c`

(#64)

Ordinal	`64`
Address	`0x3c3c`

(#65)

Ordinal	`65`
Address	`0x3c4c`

(#66)

Ordinal	`66`
Address	`0x3c5c`

(#67)

Ordinal	`67`
Address	`0x3c6c`

(#68)

Ordinal	`68`
Address	`0x3c7c`

(#69)

Ordinal	`69`
Address	`0x3c8c`

(#70)

Ordinal	`70`
Address	`0x3c9c`

(#71)

Ordinal	`71`
Address	`0x3cac`

(#72)

Ordinal	`72`
Address	`0x3cbc`

(#73)

Ordinal	`73`
Address	`0x3ccc`

(#74)

Ordinal	`74`
Address	`0x3cdc`

(#75)

Ordinal	`75`
Address	`0x3cec`

(#76)

Ordinal	`76`
Address	`0x3cfc`

(#77)

Ordinal	`77`
Address	`0x3d0c`

(#78)

Ordinal	`78`
Address	`0x3d1c`

(#79)

Ordinal	`79`
Address	`0x3d2c`

(#80)

Ordinal	`80`
Address	`0x3d3c`

(#81)

Ordinal	`81`
Address	`0x3d4c`

(#82)

Ordinal	`82`
Address	`0x3d5c`

(#83)

Ordinal	`83`
Address	`0x3d6c`

(#84)

Ordinal	`84`
Address	`0x3d7c`

(#85)

Ordinal	`85`
Address	`0x3d8c`

(#86)

Ordinal	`86`
Address	`0x3d9c`

(#87)

Ordinal	`87`
Address	`0x3dac`

(#88)

Ordinal	`88`
Address	`0x3dbc`

(#89)

Ordinal	`89`
Address	`0x3dcc`

(#90)

Ordinal	`90`
Address	`0x3ddc`

(#91)

Ordinal	`91`
Address	`0x3dec`

(#92)

Ordinal	`92`
Address	`0x3dfc`

(#93)

Ordinal	`93`
Address	`0x3e0c`

(#94)

Ordinal	`94`
Address	`0x3e1c`

(#95)

Ordinal	`95`
Address	`0x3e2c`

(#96)

Ordinal	`96`
Address	`0x3e3c`

(#97)

Ordinal	`97`
Address	`0x3e4c`

(#98)

Ordinal	`98`
Address	`0x3e5c`

(#99)

Ordinal	`99`
Address	`0x3e6c`

(#100)

Ordinal	`100`
Address	`0x3e7c`

(#101)

Ordinal	`101`
Address	`0x3e8c`

(#102)

Ordinal	`102`
Address	`0x3e9c`

(#103)

Ordinal	`103`
Address	`0x3eac`

(#104)

Ordinal	`104`
Address	`0x3ebc`

(#105)

Ordinal	`105`
Address	`0x3ecc`

(#106)

Ordinal	`106`
Address	`0x3edc`

(#107)

Ordinal	`107`
Address	`0x3eec`

(#108)

Ordinal	`108`
Address	`0x3efc`

(#109)

Ordinal	`109`
Address	`0x3f0c`

(#110)

Ordinal	`110`
Address	`0x3f1c`

(#111)

Ordinal	`111`
Address	`0x3f2c`

(#112)

Ordinal	`112`
Address	`0x3f3c`

(#113)

Ordinal	`113`
Address	`0x3f4c`

(#114)

Ordinal	`114`
Address	`0x3f5c`

(#115)

Ordinal	`115`
Address	`0x3f6c`

(#116)

Ordinal	`116`
Address	`0x3f7c`

(#117)

Ordinal	`117`
Address	`0x3f8c`

(#118)

Ordinal	`118`
Address	`0x3f9c`

(#119)

Ordinal	`119`
Address	`0x3fac`

(#120)

Ordinal	`120`
Address	`0x3fbc`

(#121)

Ordinal	`121`
Address	`0x3fcc`

(#122)

Ordinal	`122`
Address	`0x3fdc`

(#123)

Ordinal	`123`
Address	`0x3fec`

(#124)

Ordinal	`124`
Address	`0x3ffc`

(#125)

Ordinal	`125`
Address	`0x400c`

(#126)

Ordinal	`126`
Address	`0x401c`

(#127)

Ordinal	`127`
Address	`0x402c`

(#128)

Ordinal	`128`
Address	`0x403c`

(#129)

Ordinal	`129`
Address	`0x4a84`

(#130)

Ordinal	`130`
Address	`0x4b8c`

(#131)

Ordinal	`131`
Address	`0x4ee0`

(#132)

Ordinal	`132`
Address	`0x4060`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x338`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29443`
MD5	`f1752a51850d146beb8cebdc3fdd8f87`
SHA1	`d9b964cd5ab8acf83bdfcc5648907d02c32597d9`
SHA256	`204b19024e8cafed06c029668e9e3e8ad1fff19d4d81dd3b5825537bf8e20870`
SHA3	`b7825eaaaa8ed4dff1752fd4320e831dae76e24ce5d5dbec644bb8653cea6174`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x370`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52621`
MD5	`09d64495b585d68469a0d23b446c4fbb`
SHA1	`e5152329df6c34e1261dce1635371fa11e8842ed`
SHA256	`cc1f7b4cfac07333e95aad7b85db6127ac18ade033920943ad3d3c2eba0b329c`
SHA3	`8947364b2974d233f28393b174b4aea8741342e0ab9d949394de26d4cd05ec3b`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-May-26 15:21:02
Version	`0.0`
SizeofData	`69`
AddressOfRawData	`0x3185c`
PointerToRawData	`0x3025c`
Referenced File	C:\agent\_work\13\s\build\ship\x64\SfxCA.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-May-26 15:21:02
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x318a4`
PointerToRawData	`0x302a4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-May-26 15:21:02
Version	`0.0`
SizeofData	`728`
AddressOfRawData	`0x318b8`
PointerToRawData	`0x302b8`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180037008`

RICH Header

XOR Key	`0xf98ff246`
Unmarked objects	`0`
C++ objects (28900)	`139`
ASM objects (28900)	`6`
C objects (28900)	`11`
C objects (VS 2015/2017 runtime 26706)	`15`
ASM objects (VS 2015/2017 runtime 26706)	`8`
C++ objects (VS 2015/2017 runtime 26706)	`36`
Imports (28900)	`11`
Total imports	`170`
C++ objects (27047)	`7`
Exports (27047)	`1`
Resource objects (27047)	`1`
151	`1`
Linker (27047)	`1`

Errors

[!] Error: Could not match an export name with its address!
[*] Warning: Multiple nodes using the name Version Info in a dictionary.