Manalyze report for fa8e0c852a8c85ead57dbb3de996f9af15cb380c464ade6135afc6f546c1312b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Apr-21 11:21:39
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Version Checking and File Installation Libraries
FileVersion	`6.3.9600.17415 (winblue_r4.141028-1500)`
InternalName	version
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	VERSION.DLL
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	`6.3.9600.17415`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress`
Safe	VirusTotal score: 0/72 (Scanned on 2026-02-23 06:31:08)	`All the AVs think this file is safe.`

Hashes

MD5	`aa36f6e439e04bcc0bfdcbbe4c11a736`
SHA1	`ebd2d1058b28c04d521abff697a53016337e6878`
SHA256	`fa8e0c852a8c85ead57dbb3de996f9af15cb380c464ade6135afc6f546c1312b`
SHA3	`3cb1376cdc48a8f86bd48df4e693f8fbb2681414a807b56d0e2230ac1a060e92`
SSDeep	`384:Qib8+zALKMsdSt+nNhAWmUN6RntaHpGmckVPxIiTve6rV6k2dbxW8dLW:fbdMR2hTl2bmckVPxIiTliHd`
Imports Hash	`bfc9dcd7a27cdf50aab14f37116e1e5c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Apr-21 11:21:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x2e00`
SizeOfInitializedData	`0x1e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001000 (Section: .code)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.code

MD5	`759d7f6e0762b8b2403b0a5191d4676c`
SHA1	`d70765c58ea70809474a8ee077e513299e2fe180`
SHA256	`5a5c8696903ba0e316edf7f63d453627186f3aa7a58e649a2fc2ba61460b418a`
SHA3	`06b090fe66e1312e23d459ec89c5152e936f55fe6b3a9e4e1c69a7a932f46e2a`
VirtualSize	`0xc5a`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.21667`

.text

MD5	`dd8f524b159fd9824e9dbf875e45864b`
SHA1	`4bac0bc73fb8291c809a61a8d83438189e59116d`
SHA256	`cffc022d215b19a4289ca5694315c169dc5c7cadb44d2dcdbd09584d8e02c280`
SHA3	`c7984a7acd83e77066c3a93986e1ff2d3dceae5685afc18ad87d729ae2e443ff`
VirtualSize	`0x1eee`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.94518`

.rdata

MD5	`1ffd794c36082b7b65e8f7dcace55a8e`
SHA1	`a7dcf305fde09460200c418df5dbe487135c3e76`
SHA256	`3c104474badaa7289ae6c0ea43379f2d78b7304f172bed32ee753c695896d0d5`
SHA3	`6a774ae39d208b030b50f24db286d77ca0f9341f4a06d62a259a656e227f495e`
VirtualSize	`0x50b`
VirtualAddress	`0x4000`
SizeOfRawData	`0x600`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70403`

.pdata

MD5	`9fcde73c83a2eb6453e06ec96e1598b1`
SHA1	`ef02b6aa731021aa61362c978e6b4454571f2527`
SHA256	`52dce79cb1a6e1531d0732cc08d891ee4774361c4450f383d551904cf5f8e0e1`
SHA3	`01bfeed90d88a2ad7612ca22329f8ae666724c33c1d008efff4f00448d2fb1a9`
VirtualSize	`0x270`
VirtualAddress	`0x5000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.74126`

.data

MD5	`eba141a482196b286925fa7a52db4a34`
SHA1	`3694008ca4abbebc9e44c2d72419129112cf30d3`
SHA256	`c1916658c7d1caf996a3f2912b53f5bf2dbb7789a995f635dbc5bee2b20dc91b`
SHA3	`aa5a3f19181c4052d66dcdc67501ec3abfc58260e103781f43c22b151041b54c`
VirtualSize	`0xaf8`
VirtualAddress	`0x6000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.78941`

.rsrc

MD5	`338adcb68a313ae4e4c685390352be6c`
SHA1	`ce0686be5002fc14baa0f107f13ab34b0939dec6`
SHA256	`20e844cb309ee496e2c81a30ca083c521be518282689c95be94a3eadf9e36034`
SHA3	`4dd9f2e6db3c853c3e1b93ca9ef4d6632dfc2671859c24b5d82f8e3d3b1c88bf`
VirtualSize	`0x41c`
VirtualAddress	`0x7000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.6248`

.reloc

MD5	`38ab03e55b26c35907969bd7598b10f8`
SHA1	`627e9535f27203faac2d3668407187ab03805c51`
SHA256	`de57e442f83f8d9ce537f5a0e5ae722ee96bd7eb5b73fff9de67cc6a267e0726`
SHA3	`81d71175d781d8471b1fa4d7bb79217ab9db448920dd2987df1ded74abbd3958`
VirtualSize	`0x18`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.159084`

Imports

msvcrt.dll	`memset` `wcscmp` `memmove` `strlen` `strcpy` `wcslen` `wcscpy` `wcsncpy` `wcscat` `malloc` `free`
KERNEL32.dll	`HeapCreate` `HeapDestroy` `DisableThreadLibraryCalls` `GetSystemDirectoryW` `GetModuleHandleW` `VirtualProtect` `ExitProcess` `UnregisterWait` `CloseHandle` `EnterCriticalSection` `LeaveCriticalSection` `HeapFree` `TlsFree` `DeleteCriticalSection` `TlsAlloc` `InitializeCriticalSection` `TlsGetValue` `HeapAlloc` `GetCurrentProcess` `GetCurrentThread` `DuplicateHandle` `RegisterWaitForSingleObject` `TlsSetValue` `GetModuleFileNameW` `FreeLibrary` `LoadLibraryW` `WideCharToMultiByte` `GetProcAddress` `HeapReAlloc` `AllocConsole` `GetStdHandle` `GetConsoleScreenBufferInfo` `SetConsoleCtrlHandler` `SetConsoleTitleW` `FlushFileBuffers` `SetConsoleMode` `ReadConsoleW` `ReadFile` `GetLastError` `WriteConsoleW` `WriteFile` `MultiByteToWideChar`

Delayed Imports

GetFileVersionInfoA

Ordinal	`1`
Address	`0x112b`

GetFileVersionInfoByHandle

Ordinal	`2`
Address	`0x16e3`

GetFileVersionInfoExA

Ordinal	`3`
Address	`0x158c`

GetFileVersionInfoExW

Ordinal	`4`
Address	`0x15a2`

GetFileVersionInfoSizeA

Ordinal	`5`
Address	`0x117c`

GetFileVersionInfoSizeExA

Ordinal	`6`
Address	`0x15b8`

GetFileVersionInfoSizeExW

Ordinal	`7`
Address	`0x15ce`

GetFileVersionInfoSizeW

Ordinal	`8`
Address	`0x121a`

GetFileVersionInfoW

Ordinal	`9`
Address	`0x1141`

VerFindFileA

Ordinal	`10`
Address	`0x10e9`

VerFindFileW

Ordinal	`11`
Address	`0x1115`

VerInstallFileA

Ordinal	`12`
Address	`0x125c`

VerInstallFileW

Ordinal	`13`
Address	`0x1272`

VerLanguageNameA

Ordinal	`14`
Address	`0x10d3`

VerLanguageNameW

Ordinal	`15`
Address	`0x10ff`

VerQueryValueA

Ordinal	`16`
Address	`0x1230`

VerQueryValueW

Ordinal	`17`
Address	`0x1246`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c4`
TimeDateStamp	2022-Apr-21 11:21:39
Entropy	`3.55635`
MD5	`133e4dcaae392a8c76127e4cb0842d65`
SHA1	`f7240f3f99245a9b3c048567c031348c6cb5c840`
SHA256	`05351b5df6b0d4dd1826850b55979a271a99543f948b3e844b64b517b232144a`
SHA3	`42d9960eb126dd659928713081b80163cf4b320f109934e270a02c542dabaf8e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.3.9600.17415
ProductVersion	6.3.9600.17415
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Version Checking and File Installation Libraries
FileVersion (#2)	6.3.9600.17415 (winblue_r4.141028-1500)
InternalName	version
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	VERSION.DLL
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion (#2)	6.3.9600.17415

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.