Manalyze report for b74ca513f93681c3fed1da3d0ce6f5d865d5152ee653c9490ea3b64770f7efd4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Feb-14 18:01:36
Debug artifacts	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
Comments	MasterTuningTools.com
CompanyName	mmf
FileDescription	mmf
FileVersion	`1.0.0.0`
InternalName	mmf.dll
LegalCopyright	MasterTuningTools.com
OriginalFilename	mmf.dll
ProductName	mmf
ProductVersion	`1.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: MasterTuningTools.com go.microsoft.com https://aka.ms https://go.microsoft.com https://go.microsoft.com/fwlink/?linkid microsoft.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegOpenKeyExW RegGetValueW RegCloseKey` `Possibly launches other programs: ShellExecuteW`
Suspicious	VirusTotal score: 1/72 (Scanned on 2026-02-25 19:55:15)	`Trapmine: suspicious.low.ml.score`

Hashes

MD5	`a34018fab16444f463c99c6097d27f1d`
SHA1	`e9215eb13506be97f4bcc6dd64698251e30b4df7`
SHA256	`b74ca513f93681c3fed1da3d0ce6f5d865d5152ee653c9490ea3b64770f7efd4`
SHA3	`395ff387a9e8b7b8b52342c727188fe28caf0dc529b93778276ae96939c85959`
SSDeep	`6144:kiS4ompB9S3BZi0a1G78IVjcactSW2SHaovtydrMmuWfaD:kyB0aI78IV96HaoJmuWfaD`
Imports Hash	`6a91eb82bfd19d2706c7d43c46f7064e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-Feb-14 18:01:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x16a00`
SizeOfInitializedData	`0x20800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000011360 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7fe5df02c7c53b8e1ac373eea024c1c9`
SHA1	`505943380e748cba35a5c528daf246ee79aa67a3`
SHA256	`e6ef3018d2473fa08224c5572de76fab311bcb725b4f82a58490189191d83e01`
SHA3	`653bd95988af023a034ef80e9a28bd891f955aed9a4f1d9b54178c8ee8287fdd`
VirtualSize	`0x1695c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x16a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37223`

.rdata

MD5	`8455e168b546e02c92fee595684636e8`
SHA1	`993c973acfcecd94db06ef63d275c197bac354e2`
SHA256	`84b819dabcf5782ef7d62b6503223c4a610a41ce183fb99ab8f5389ec92a1c48`
SHA3	`feec1f2ea1ca5bb4cd59132f15c296aa092b0e8f7fdeb5f4954c60e5f1192c47`
VirtualSize	`0x95de`
VirtualAddress	`0x18000`
SizeOfRawData	`0x9600`
PointerToRawData	`0x16e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.49159`

.data

MD5	`a34083f8512b93e9ca7cd2884b617068`
SHA1	`50bd492c5216827190cb3b3aeb98b100f450369f`
SHA256	`7e8c9dc383b3449270d979429a5538c83031c093052fb2c308b33436c69c2e2f`
SHA3	`f32a7a8c824f62cad9dd30407f05887a48ac82a449496818401c5856a7d32bcb`
VirtualSize	`0x1850`
VirtualAddress	`0x22000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x20400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.32363`

.pdata

MD5	`58b5c0ba22a038ca54d885829ab5f06d`
SHA1	`c51368b74ee6b258c16be30200d8f5df143f8e5f`
SHA256	`52361b3c46d4eb026eccfd768df081dd77cac91d74d5f84aa8dfaf1607b6d7e6`
SHA3	`d3504d45f9a1c42ea5e405c1a23d1ba65464842235b9c88e51b7d7d09b93b2d9`
VirtualSize	`0x13bc`
VirtualAddress	`0x24000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x20e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.9833`

_RDATA

MD5	`f03e9bc08417a2c7013707183af3d6f7`
SHA1	`71bee5fe0c24b393899d13c3c2e3267b23f6de8e`
SHA256	`7a66534bd1ecead54ce21ecbe29ec7dcad84e0e4b7195df405c009d422d1c613`
SHA3	`5fa991e3dd29f0819c10d2611a7b35d1a029c3eb9281d70d662669ffc7ffb5ee`
VirtualSize	`0x1f4`
VirtualAddress	`0x26000`
SizeOfRawData	`0x200`
PointerToRawData	`0x22200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.20663`

.reloc

MD5	`8c0b631b1bf06e3a21b8f532673041ea`
SHA1	`6441973573d514e01b1215e626f9b18c94f5a34b`
SHA256	`a4cd7c98dd6bbbe082a66d14edd617f38b0019e13e43acf129e468007bac6931`
SHA3	`19e79f4bc4b17ab52389008d68f5f37c15bb5707e26645980427a8b9fcd999fa`
VirtualSize	`0x318`
VirtualAddress	`0x27000`
SizeOfRawData	`0x400`
PointerToRawData	`0x22400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.69853`

.rsrc

MD5	`846039091bb2961781fe2c9ce5d11fb7`
SHA1	`011f53b2aaf62e36b80cd1e2e51ac05ab52d7024`
SHA256	`145c6e3870f98991ad889bc95903a4fbea6210a608fa8b167aa5afecb02665f6`
SHA3	`0c89660643ead2b60a2524249fd7adea4ab7293c25db44bb7ee0de125b7206d2`
VirtualSize	`0x13c7c`
VirtualAddress	`0x28000`
SizeOfRawData	`0x13e00`
PointerToRawData	`0x22800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.94906`

Imports

KERNEL32.dll	`FreeLibrary` `LoadLibraryExW` `OutputDebugStringW` `FindFirstFileExW` `EnterCriticalSection` `GetFullPathNameW` `FindNextFileW` `GetCurrentProcess` `GetModuleHandleExW` `GetModuleFileNameW` `LeaveCriticalSection` `GetEnvironmentVariableW` `GetModuleHandleW` `MultiByteToWideChar` `GetFileAttributesExW` `LoadLibraryA` `DeleteCriticalSection` `WideCharToMultiByte` `IsWow64Process` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `GetProcAddress` `GetWindowsDirectoryW` `FindResourceW` `GetLastError` `ActivateActCtx` `FindClose` `CreateActCtxW` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `GetCurrentProcessId` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStringTypeW` `SwitchToThread` `GetCurrentThreadId` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `LCMapStringEx` `QueryPerformanceCounter` `GetSystemTimeAsFileTime`
USER32.dll	`MessageBoxW`
SHELL32.dll	`ShellExecuteW`
ADVAPI32.dll	`RegOpenKeyExW` `RegGetValueW` `DeregisterEventSource` `RegisterEventSourceW` `ReportEventW` `RegCloseKey`
api-ms-win-crt-runtime-l1-1-0.dll	`_invalid_parameter_noinfo_noreturn` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_errno` `abort` `__p___wargv` `_c_exit` `_register_thread_local_exe_atexit_callback` `terminate` `__p___argc`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `fputwc` `__p__commode` `_set_fmode` `fputws` `_wfsopen` `fflush` `__stdio_common_vfwprintf` `__stdio_common_vsnwprintf_s` `__stdio_common_vswprintf` `setvbuf`
api-ms-win-crt-heap-l1-1-0.dll	`calloc` `_set_new_mode` `free` `_callnewh` `malloc`
api-ms-win-crt-string-l1-1-0.dll	`toupper` `_wcsdup` `wcsncmp` `wcsnlen` `strcpy_s`
api-ms-win-crt-convert-l1-1-0.dll	`wcstoul` `_wtoi`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64_s` `_time64` `wcsftime`
api-ms-win-crt-locale-l1-1-0.dll	`setlocale` `___mb_cur_max_func` `_configthreadlocale` `___lc_codepage_func` `___lc_locale_name_func` `__pctype_func` `_lock_locales` `_unlock_locales`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x235`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.4692`
Detected Filetype	PNG graphic file
MD5	`cc45a4f1b4e0cf4b3993845684f6f232`
SHA1	`a4bc71fc91e81aeb608420e5bd026a763aba0318`
SHA256	`c1378347ef0f0bc668d40ef9a71bb21762745525ba35d91c7046dfa8c3890ae5`
SHA3	`c67e9a008042fbe64395108ffe1d2c46878926f4f56f88494a2d6d2ce801f41f`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3fe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.68991`
Detected Filetype	PNG graphic file
MD5	`07d5a170c9c74e837238521e8a59544e`
SHA1	`cdcb4596cb4baac0fe4090395bf4d090f9526899`
SHA256	`b71fa0d0c521aeee6453cc7177194260d30612efef1a3770131cb542af8f14e3`
SHA3	`039d37eb4a86f703a21376d7647b5c94fa13bea4ee2f7dfeb8413a78905dcbe4`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x603`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77956`
Detected Filetype	PNG graphic file
MD5	`cfe83a9576214c4a6c17480d02a45789`
SHA1	`23deaf0b921ab6bfa7d6e9b15a6668564b04b202`
SHA256	`c4af1d497d843edccc4e222317060ee4b3aba923223d1e73dc36e59e6941bb04`
SHA3	`abcdf3d85bdd7922d2b3ae0dfa14f95f00cd9bd59285ae1a125e385c7b91d336`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xb88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88107`
Detected Filetype	PNG graphic file
MD5	`a17ce31906ba39da260e0c91fada2187`
SHA1	`45d4ba1e56f064f87fb4317fe5cac15a5fbd3f41`
SHA256	`282fdf29ec779282380bdf299dd7f5e4b488c8fb719000a74253db249e47b554`
SHA3	`a5ddbd2b195f9d51923197749f1d3aa71079fe194b54a32008954e5ea9ad393d`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x125b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89774`
Detected Filetype	PNG graphic file
MD5	`cd38753bee1a40dffb1778ded175a073`
SHA1	`a9eba844aacf0b36f4397b823faaa5e5bffee492`
SHA256	`35c094235434b198bb9499f054935bce812d030fcb26d339fdee0f18e60b60c6`
SHA3	`51f522a49a898c1e53a8648185ce5f1035f080ca1cf41f8fd714fb841cf38f2e`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3b69`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96666`
Detected Filetype	PNG graphic file
MD5	`bfff44573b91699c78a5f0725b32a69b`
SHA1	`337f7c7c0a3d30768a52da2c993b0018d7f983f7`
SHA256	`2c407d2592af3f37a8ae94ba048673e8f24d76f4c99220345a5a6753f2c525b4`
SHA3	`6055de76b7ba1985b486e172074249b785d9f1f3967030320b36b6d9cad15d94`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xcf59`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98759`
Detected Filetype	PNG graphic file
MD5	`133aa7cc33c2f403a8a7c53c2f479989`
SHA1	`130e77f7b9b816d14f38cefe3c3267121081c431`
SHA256	`06ae2a0977d915e90fc7451270f48d3bd795c1e59dda53b0420f5f4f8c8db87e`
SHA3	`face052eee0d6fc49e34ef4ccc4504ff9a1de55b9686d6eb4e741d30aecd36ef`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.65771`
Detected Filetype	Icon file
MD5	`594db1da24cf98530cc5467d4b3ab6ec`
SHA1	`36abeb9a7ab42ff09ba847749abafcc5f38c10d6`
SHA256	`f145bb9f049e1722bf7c58381742a34e8cf95c2b74d3d2e8fb246e30c665fe03`
SHA3	`c312fb208c9c2a0867a69042e1436437fdb32445995e78e5cd223a19437b3ff2`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22625`
MD5	`b8f1d3dfdaa2f22e2f1399c5040ff62c`
SHA1	`3c8368448e8cd22e8a56febca57eef35d31aca16`
SHA256	`70c23f324e319d0ae80d140c6e0ceb35217508d20b277951bdec53622a647215`
SHA3	`086bc78961e3b76d8bf49d0b06ae56a8a6b07056bf4e9e52055c0dac2cb4ed24`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	MasterTuningTools.com
CompanyName	mmf
FileDescription	mmf
FileVersion (#2)	1.0.0.0
InternalName	mmf.dll
LegalCopyright	MasterTuningTools.com
OriginalFilename	mmf.dll
ProductName	mmf
ProductVersion (#2)	1.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Feb-15 00:12:37
Version	`0.0`
SizeofData	`109`
AddressOfRawData	`0x1e190`
PointerToRawData	`0x1cf90`
Referenced File	D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Feb-15 00:12:37
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1e200`
PointerToRawData	`0x1d000`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Feb-15 00:12:37
Version	`0.0`
SizeofData	`1004`
AddressOfRawData	`0x1e214`
PointerToRawData	`0x1d014`

TLS Callbacks

StartAddressOfRawData	`0x14001e648`
EndAddressOfRawData	`0x14001e658`
AddressOfIndex	`0x140023838`
AddressOfCallbacks	`0x1400184e0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140022040`
GuardCFCheckFunctionPointer	`5368808464`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xecfad88a`
Unmarked objects	`0`
Unmarked objects (#2)	`1`
C objects (33218)	`12`
ASM objects (33218)	`18`
C++ objects (33218)	`86`
Imports (VS2008 SP1 build 30729)	`16`
Imports (30795)	`9`
Total imports	`201`
C++ objects (LTCG) (33321)	`10`
Linker (33321)	`1`

Errors

Leave a comment

No comments yet.