popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2014-03-22 02:30:00

PDB Path

MsMpEng.pdb

PE Imphash

6e73693d0e907f1ab7f324b64d2b9866

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000018b 0x00000200 3.25636394429
.data 0x00002000 0x00000324 0x00000200 0.162990075305
.idata 0x00003000 0x0000012c 0x00000200 2.92090502049
.rsrc 0x00004000 0x000008b0 0x00000a00 4.34575575784
.reloc 0x00005000 0x00000194 0x00000200 0.47909668954

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00004550 0x0000035c LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000040a0 0x000004ab LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library KERNEL32.dll:
0x403000 ExitProcess
0x403008 GetCurrentProcessId
0x40300c GetCurrentThreadId
0x403014 GetTickCount
Library mpsvc.dll:
0x40301c ServiceCrtMain
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
MsMpEng.pdb
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
KERNEL32.dll
ServiceCrtMain
mpsvc.dll
<?xml version="1.0" encoding="UTF-8" ?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--The ID below indicates application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--The ID below indicates application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!--The ID below indicates application support for Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!--The ID below indicates application support for Windows BLUE -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
</application>
</compatibility>
</assembly>
1-1<1E1N1c1u1|1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
130327200823Z
140627200823Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:F528-3777-8A761%0#
Microsoft Time-Stamp Service0
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
130124223339Z
140424223339Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*31595+4faf0b71-ad37-4aa3-a671-76bc052344ad0
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
@18u(^
microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
microsoft1-0+
$Microsoft Root Certificate Authority0
070403125309Z
210403130309Z0w1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
1Jv1=+r
L&*H$_Z
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA
http://www.microsoft.com0
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
140324013444Z0#
&pWSWW
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
130313203725Z
140613203725Z0t1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*34620+1b4a9a4c-cc84-40ed-a6ea-19411592b3c40
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110708205909Z
260708210909Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
*?*kXIc
QEX82q'
WqVNHE
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2011
http://www.microsoft.com0
20140324013445.493Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:7D2E-3782-B0F71%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
130327201315Z
140627201315Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:7D2E-3782-B0F71%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:7D2E-3782-B0F71%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:B027-C6F8-1D881+0)
"Microsoft Time Source Master Clock0
20140324002813Z
20140325002813Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
c^9Ap$
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Microsoft Corporation
FileDescription
Antimalware Service Executable
InternalName
MsMpEng.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
MsMpEng.exe
ProductName
Microsoft Malware Protection
FileVersion
4.5.0218.0
ProductVersion
4.5.0218.0
VarFileInfo
Translation
"Microsoft Window
Legal_policy_statement
"Microsoft Window
Legal_Policy_Statement
Antivirus Signature
Bkav Clean
Elastic Clean
DrWeb Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
McAfee Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Zoner Clean
TrendMicro-HouseCall Clean
Paloalto Clean
Cynet Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Rising Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
FireEye Clean
Emsisoft Clean
Ikarus Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Clean
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Clean
AhnLab-V3 Clean
Acronis Clean
ALYac Clean
TACHYON Clean
VBA32 Clean
Cylance Clean
Panda Clean
APEX Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
eGambit Clean
Fortinet Clean
Qihoo-360 Clean
Avast Clean
CrowdStrike Clean
MaxSecure Clean
No IRMA results available.