ede138f13dfc895eca2062996f6e51b7
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2025-Oct-27 05:15:44 |
| Debug artifacts |
D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
|
| CompanyName | Binary Fortress Software |
| FileDescription | FileSeek |
| FileVersion | 7.1.0.0 |
| InternalName | FileSeek.dll |
| LegalCopyright | Copyright © 2007-2025 Binary Fortress Software |
| OriginalFilename | FileSeek.dll |
| ProductName | FileSeek |
| ProductVersion | 7.1.0.0 |
| Assembly Version | 7.1.0.0 |
Plugin Output
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Binary Fortress Software Ltd.
Issuer: Microsoft ID Verified CS AOC CA 01 |
| Safe | VirusTotal score: 0/70 (Scanned on 2026-01-22 20:47:44) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xe0 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 6 |
| TimeDateStamp | 2025-Oct-27 05:15:44 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x16400 |
| SizeOfInitializedData | 0x33800 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000011AB0 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x4e000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x55ac5 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x180000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.pdata
.reloc
.rsrc
Imports
| KERNEL32.dll |
FreeLibrary
LoadLibraryExW OutputDebugStringW FindFirstFileExW EnterCriticalSection GetFullPathNameW FindNextFileW GetCurrentProcess GetModuleHandleExW GetModuleFileNameW LeaveCriticalSection GetEnvironmentVariableW GetModuleHandleW MultiByteToWideChar GetFileAttributesExW LoadLibraryA DeleteCriticalSection WideCharToMultiByte IsWow64Process TlsFree TlsSetValue TlsGetValue TlsAlloc InitializeCriticalSectionAndSpinCount GetProcAddress GetWindowsDirectoryW FindResourceW GetLastError ActivateActCtx FindClose CreateActCtxW SetLastError RaiseException RtlPcToFileHeader RtlUnwindEx InitializeSListHead GetCurrentProcessId IsDebuggerPresent IsProcessorFeaturePresent TerminateProcess SetUnhandledExceptionFilter UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext GetStringTypeW SwitchToThread GetCurrentThreadId InitializeCriticalSectionEx EncodePointer DecodePointer LCMapStringEx QueryPerformanceCounter GetSystemTimeAsFileTime |
|---|---|
| USER32.dll |
MessageBoxW
|
| SHELL32.dll |
ShellExecuteW
|
| ADVAPI32.dll |
RegOpenKeyExW
RegGetValueW DeregisterEventSource RegisterEventSourceW ReportEventW RegCloseKey |
| api-ms-win-crt-runtime-l1-1-0.dll |
_invoke_watson
__p___argc _exit exit _initterm_e _initterm _get_initial_wide_environment _initialize_wide_environment _configure_wide_argv _set_app_type _seh_filter_exe _cexit _crt_atexit _register_onexit_function _errno _initialize_onexit_table abort _c_exit _register_thread_local_exe_atexit_callback terminate __p___wargv |
| api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
_set_fmode fputwc __p__commode fputws _wfsopen fflush __stdio_common_vfwprintf __stdio_common_vsnwprintf_s __stdio_common_vswprintf setvbuf |
| api-ms-win-crt-heap-l1-1-0.dll |
calloc
_set_new_mode free _callnewh malloc |
| api-ms-win-crt-string-l1-1-0.dll |
wcsncmp
toupper strcmp strlen _wcsdup wcsnlen strcpy_s |
| api-ms-win-crt-convert-l1-1-0.dll |
wcstoul
_wtoi |
| api-ms-win-crt-time-l1-1-0.dll |
wcsftime
_gmtime64_s _time64 |
| api-ms-win-crt-locale-l1-1-0.dll |
___mb_cur_max_func
_configthreadlocale ___lc_codepage_func ___lc_locale_name_func __pctype_func _lock_locales setlocale _unlock_locales |
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
Delayed Imports
1
2
3
4
5
6
7
8
32512
1 (#2)
1 (#3)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 7.1.0.0 |
| ProductVersion | 7.1.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| CompanyName | Binary Fortress Software |
| FileDescription | FileSeek |
| FileVersion (#2) | 7.1.0.0 |
| InternalName | FileSeek.dll |
| LegalCopyright | Copyright © 2007-2025 Binary Fortress Software |
| OriginalFilename | FileSeek.dll |
| ProductName | FileSeek |
| ProductVersion (#2) | 7.1.0.0 |
| Assembly Version | 7.1.0.0 |
| Resource LangID | UNKNOWN |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2025-Oct-27 21:40:13 |
| Version | 0.0 |
| SizeofData | 109 |
| AddressOfRawData | 0x2079c |
| PointerToRawData | 0x1ef9c |
| Referenced File | D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2025-Oct-27 21:40:13 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x2080c |
| PointerToRawData | 0x1f00c |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2025-Oct-27 21:40:13 |
| Version | 0.0 |
| SizeofData | 988 |
| AddressOfRawData | 0x20820 |
| PointerToRawData | 0x1f020 |
TLS Callbacks
| StartAddressOfRawData | 0x140020c48 |
|---|---|
| EndAddressOfRawData | 0x140020c58 |
| AddressOfIndex | 0x140025820 |
| AddressOfCallbacks | 0x1400184f0 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x140024080 |
| GuardCFCheckFunctionPointer | 5368808480 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
RICH Header
| XOR Key | 0x55c57ab0 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (35207) | 10 |
| C objects (35207) | 12 |
| C++ objects (35207) | 87 |
| Imports (VS2008 SP1 build 30729) | 16 |
| Imports (33140) | 9 |
| Total imports | 204 |
| C++ objects (LTCG) (35215) | 10 |
| Linker (35215) | 1 |