winsdksetup.exe - Windows Software Development Kit

info
MZ
PE
resources
imports
foremost
7zip
version info
signature
hexdump
disasm
log
discuss
donate

filename	winsdksetup.exe
size	1354464 (0x14aae0)
md5	39ff0bc5abb3faa90815554327da550c

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x118

Rich Header

lib id	version	times used
241	40116	10
243	40116	124
242	40116	24
259	25930	20
260	25930	20
261	25930	42
131	30729	5
147	30729	17
1	0	341
261	26131	75
255	26131	1
151	0	2
258	26131	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	6
TimeDateStamp	0x5aeb9383
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0xd02
Magic	0x10b
LinkerVersion	14.13
SizeOfCode	0x4a200
SizeOfInitializedData	0x62800
SizeOfUninitializedData	0
AddressOfEntryPoint	0x2e33e
BaseOfCode	0x1000
BaseOfData	0x4c000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.1
ImageVersion	0.0
SubsystemVersion	5.1
Reserved1	0
SizeOfImage	0xb2000
SizeOfHeaders	0x400
CheckSum	0x159a8e
Subsystem	2
DllCharacteristics	0x8140
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x4a1d7	0x4a200	R-X CODE
.rdata	0x4c000	0x1f5d0	0x1f600	R-- IDATA
.data	0x6c000	0x172c	0xa00	RW- IDATA
.wixburn	0x6e000	0x38	0x200	R-- IDATA
.rsrc	0x6f000	0x3e514	0x3e600	R-- IDATA
.reloc	0xae000	0x3e04	0x4000	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x69f24	0xb4
RESOURCE	0x6f000	0x3e514
EXCEPTION	0	0
SECURITY	0x148918	0x21c8
BASERELOC	0xae000	0x3e04
DEBUG	0x68ea0	0x54
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x68ef4	0x18
LOAD_CONFIG	0x68880	0x40
Bound_IAT	0	0
IAT	0x4c000	0x3e0
Delay_IAT	0x69aa4	0x100
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x46967c	0x469684	0x46cac0	0x44c43c	0	0x300000

show previews

type	name	size	cp
BITMAP	#1	240042	1252
ICON	#1	2216	1252
MESSAGETABLE	#1	10304	1252
GROUP_ICON	#1	20	1252
VERSION	#1	984	1252
MANIFEST	#1	1234	1252

module_name	hint	ord	function_name
ADVAPI32.dll	560		RegCloseKey
ADVAPI32.dll	609		RegOpenKeyExW
ADVAPI32.dll	503		OpenProcessToken
ADVAPI32.dll	31		AdjustTokenPrivileges
ADVAPI32.dll	407		LookupPrivilegeValueW
ADVAPI32.dll	381		InitiateSystemShutdownExW
ADVAPI32.dll	357		GetUserNameW
ADVAPI32.dll	622		RegQueryValueExW
ADVAPI32.dll	584		RegDeleteValueW
ADVAPI32.dll	86		CloseEventLog
ADVAPI32.dll	502		OpenEventLogW
ADVAPI32.dll	655		ReportEventW
ADVAPI32.dll	114		ConvertStringSecurityDescriptorToSecurityDescriptorW
ADVAPI32.dll	216		DecryptFileW
ADVAPI32.dll	131		CreateWellKnownSid
ADVAPI32.dll	374		InitializeAcl
ADVAPI32.dll	678		SetEntriesInAclW
ADVAPI32.dll	80		ChangeServiceConfigW
ADVAPI32.dll	87		CloseServiceHandle
ADVAPI32.dll	92		ControlService
ADVAPI32.dll	505		OpenSCManagerW
ADVAPI32.dll	507		OpenServiceW
ADVAPI32.dll	552		QueryServiceStatus
ADVAPI32.dll	689		SetNamedSecurityInfoW
ADVAPI32.dll	81		CheckTokenMembership
ADVAPI32.dll	32		AllocateAndInitializeSid
ADVAPI32.dll	677		SetEntriesInAclA
ADVAPI32.dll	695		SetSecurityDescriptorGroup
ADVAPI32.dll	696		SetSecurityDescriptorOwner
ADVAPI32.dll	694		SetSecurityDescriptorDacl
ADVAPI32.dll	375		InitializeSecurityDescriptor
ADVAPI32.dll	638		RegSetValueExW
ADVAPI32.dll	616		RegQueryInfoKeyW
ADVAPI32.dll	594		RegEnumValueW
ADVAPI32.dll	591		RegEnumKeyExW
ADVAPI32.dll	580		RegDeleteKeyW
ADVAPI32.dll	569		RegCreateKeyExW
ADVAPI32.dll	346		GetTokenInformation
ADVAPI32.dll	182		CryptDestroyHash
ADVAPI32.dll	200		CryptHashData
ADVAPI32.dll	179		CryptCreateHash
ADVAPI32.dll	196		CryptGetHashParam
ADVAPI32.dll	203		CryptReleaseContext
ADVAPI32.dll	177		CryptAcquireContextW
ADVAPI32.dll	548		QueryServiceConfigW
USER32.dll	563		PeekMessageW
USER32.dll	566		PostMessageW
USER32.dll	475		IsWindow
USER32.dll	806		WaitForInputIdle
USER32.dll	567		PostQuitMessage
USER32.dll	349		GetMessageW
USER32.dll	764		TranslateMessage
USER32.dll	540		MsgWaitForMultipleObjects
USER32.dll	569		PostThreadMessageW
USER32.dll	351		GetMonitorInfoW
USER32.dll	536		MonitorFromPoint
USER32.dll	461		IsDialogMessageW
USER32.dll	491		LoadCursorW
USER32.dll	487		LoadBitmapW
USER32.dll	708		SetWindowLongW
USER32.dll	406		GetWindowLongW
USER32.dll	288		GetCursorPos
USER32.dll	533		MessageBoxW
USER32.dll	110		CreateWindowExW
USER32.dll	774		UnregisterClassW
USER32.dll	590		RegisterClassW
USER32.dll	156		DefWindowProcW
USER32.dll	175		DispatchMessageW
OLEAUT32.dll		8
OLEAUT32.dll		2
OLEAUT32.dll		9
OLEAUT32.dll		6
GDI32.dll	227		DeleteDC
GDI32.dll	230		DeleteObject
GDI32.dll	631		SelectObject
GDI32.dll	691		StretchBlt
GDI32.dll	509		GetObjectW
GDI32.dll	48		CreateCompatibleDC
SHELL32.dll	6		CommandLineToArgvW
SHELL32.dll	195		SHGetFolderPathW
SHELL32.dll	289		ShellExecuteExW
ole32.dll	108		CoUninitialize
ole32.dll	63		CoInitializeEx
ole32.dll	62		CoInitialize
ole32.dll	377		StringFromGUID2
ole32.dll	16		CoCreateInstance
ole32.dll	104		CoTaskMemFree
ole32.dll	6		CLSIDFromProgID
ole32.dll	64		CoInitializeSecurity
KERNEL32.dll	370		GetCPInfo
KERNEL32.dll	567		GetOEMCP
KERNEL32.dll	778		IsValidCodePage
KERNEL32.dll	82		CloseHandle
KERNEL32.dll	143		CreateFileW
KERNEL32.dll	581		GetProcAddress
KERNEL32.dll	840		LocalFree
KERNEL32.dll	723		HeapSetInformation
KERNEL32.dll	514		GetLastError
KERNEL32.dll	536		GetModuleHandleW
KERNEL32.dll	350		FormatMessageW
KERNEL32.dll	1357		lstrlenA
KERNEL32.dll	1358		lstrlenW
KERNEL32.dll	871		MultiByteToWideChar
KERNEL32.dll	1297		WideCharToMultiByte
KERNEL32.dll	813		LCMapStringW
KERNEL32.dll	1202		Sleep
KERNEL32.dll	515		GetLocalTime
KERNEL32.dll	532		GetModuleFileNameW
KERNEL32.dll	285		ExpandEnvironmentStringsW
KERNEL32.dll	645		GetTempPathW
KERNEL32.dll	643		GetTempFileNameW
KERNEL32.dll	129		CreateDirectoryW
KERNEL32.dll	507		GetFullPathNameW
KERNEL32.dll	100		CompareStringW
KERNEL32.dll	449		GetCurrentProcessId
KERNEL32.dll	1317		WriteFile
KERNEL32.dll	1126		SetFilePointer
KERNEL32.dll	831		LoadLibraryW
KERNEL32.dll	624		GetSystemDirectoryW
KERNEL32.dll	136		CreateFileA
KERNEL32.dll	715		HeapAlloc
KERNEL32.dll	722		HeapReAlloc
KERNEL32.dll	719		HeapFree
KERNEL32.dll	724		HeapSize
KERNEL32.dll	586		GetProcessHeap
KERNEL32.dll	302		FindClose
KERNEL32.dll	390		GetCommandLineA
KERNEL32.dll	447		GetCurrentDirectoryW
KERNEL32.dll	1027		RemoveDirectoryW
KERNEL32.dll	1121		SetFileAttributesW
KERNEL32.dll	490		GetFileAttributesW
KERNEL32.dll	214		DeleteFileW
KERNEL32.dll	313		FindFirstFileW
KERNEL32.dll	325		FindNextFileW
KERNEL32.dll	864		MoveFileExW
KERNEL32.dll	448		GetCurrentProcess
KERNEL32.dll	453		GetCurrentThreadId
KERNEL32.dll	738		InitializeCriticalSection
KERNEL32.dll	209		DeleteCriticalSection
KERNEL32.dll	1018		ReleaseMutex
KERNEL32.dll	1221		TlsAlloc
KERNEL32.dll	1223		TlsGetValue
KERNEL32.dll	1224		TlsSetValue
KERNEL32.dll	1222		TlsFree
KERNEL32.dll	168		CreateProcessW
KERNEL32.dll	676		GetVersionExW
KERNEL32.dll	1252		VerSetConditionMask
KERNEL32.dll	354		FreeLibrary
KERNEL32.dll	238		EnterCriticalSection
KERNEL32.dll	825		LeaveCriticalSection
KERNEL32.dll	631		GetSystemTime
KERNEL32.dll	549		GetNativeSystemInfo
KERNEL32.dll	535		GetModuleHandleExW
KERNEL32.dll	687		GetWindowsDirectoryW
KERNEL32.dll	638		GetSystemWow64DirectoryW
KERNEL32.dll	391		GetCommandLineW
KERNEL32.dll	1256		VerifyVersionInfoW
KERNEL32.dll	683		GetVolumePathNameW
KERNEL32.dll	456		GetDateFormatW
KERNEL32.dll	670		GetUserDefaultUILanguage
KERNEL32.dll	620		GetSystemDefaultLangID
KERNEL32.dll	668		GetUserDefaultLangID
KERNEL32.dll	617		GetStringTypeW
KERNEL32.dll	960		ReadFile
KERNEL32.dll	1127		SetFilePointerEx
KERNEL32.dll	232		DuplicateHandle
KERNEL32.dll	748		InterlockedExchange
KERNEL32.dll	745		InterlockedCompareExchange
KERNEL32.dll	830		LoadLibraryExW
KERNEL32.dll	133		CreateEventW
KERNEL32.dll	921		ProcessIdToSessionId
KERNEL32.dll	896		OpenProcess
KERNEL32.dll	588		GetProcessId
KERNEL32.dll	1273		WaitForSingleObject
KERNEL32.dll	101		ConnectNamedPipe
KERNEL32.dll	1148		SetNamedPipeHandleState
KERNEL32.dll	160		CreateNamedPipeW
KERNEL32.dll	181		CreateThread
KERNEL32.dll	480		GetExitCodeThread
KERNEL32.dll	1113		SetEvent
KERNEL32.dll	1271		WaitForMultipleObjects
KERNEL32.dll	751		InterlockedIncrement
KERNEL32.dll	747		InterlockedDecrement
KERNEL32.dll	1039		ResetEvent
KERNEL32.dll	1107		SetEndOfFile
KERNEL32.dll	1130		SetFileTime
KERNEL32.dll	838		LocalFileTimeToFileTime
KERNEL32.dll	228		DosDateTimeToFileTime
KERNEL32.dll	97		CompareStringA
KERNEL32.dll	479		GetExitCodeProcess
KERNEL32.dll	1171		SetThreadExecutionState
KERNEL32.dll	114		CopyFileExW
KERNEL32.dll	855		MapViewOfFile
KERNEL32.dll	1238		UnmapViewOfFile
KERNEL32.dll	158		CreateMutexW
KERNEL32.dll	140		CreateFileMappingW
KERNEL32.dll	652		GetThreadLocale
KERNEL32.dll	308		FindFirstFileExW
KERNEL32.dll	474		GetEnvironmentStringsW
KERNEL32.dll	353		FreeEnvironmentStringsW
KERNEL32.dll	1159		SetStdHandle
KERNEL32.dll	410		GetConsoleCP
KERNEL32.dll	428		GetConsoleMode
KERNEL32.dll	343		FlushFileBuffers
KERNEL32.dll	202		DecodePointer
KERNEL32.dll	1316		WriteConsoleW
KERNEL32.dll	533		GetModuleHandleA
KERNEL32.dll	691		GlobalAlloc
KERNEL32.dll	698		GlobalFree
KERNEL32.dll	497		GetFileSizeEx
KERNEL32.dll	117		CopyFileW
KERNEL32.dll	1257		VirtualAlloc
KERNEL32.dll	1260		VirtualFree
KERNEL32.dll	1214		SystemTimeToTzSpecificLocalTime
KERNEL32.dll	664		GetTimeZoneInformation
KERNEL32.dll	1213		SystemTimeToFileTime
KERNEL32.dll	627		GetSystemInfo
KERNEL32.dll	1263		VirtualProtect
KERNEL32.dll	1265		VirtualQuery
KERNEL32.dll	399		GetComputerNameW
KERNEL32.dll	1101		SetCurrentDirectoryW
KERNEL32.dll	499		GetFileType
KERNEL32.dll	360		GetACP
KERNEL32.dll	281		ExitProcess
KERNEL32.dll	612		GetStdHandle
KERNEL32.dll	739		InitializeCriticalSectionAndSpinCount
KERNEL32.dll	1139		SetLastError
KERNEL32.dll	1048		RtlUnwind
KERNEL32.dll	1235		UnhandledExceptionFilter
KERNEL32.dll	1189		SetUnhandledExceptionFilter
KERNEL32.dll	1216		TerminateProcess
KERNEL32.dll	772		IsProcessorFeaturePresent
KERNEL32.dll	935		QueryPerformanceCounter
KERNEL32.dll	633		GetSystemTimeAsFileTime
KERNEL32.dll	743		InitializeSListHead
KERNEL32.dll	768		IsDebuggerPresent
KERNEL32.dll	611		GetStartupInfoW
KERNEL32.dll	945		RaiseException
KERNEL32.dll	829		LoadLibraryExA
RPCRT4.dll	507		UuidCreate

StringTable 040904E4

CompanyName	Microsoft Corporation
FileDescription	Windows Software Development Kit - Windows 10.0.19041.1
FileVersion	10.1.19041.1
InternalName	setup
LegalCopyright	Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename	winsdksetup.exe
ProductName	Windows Software Development Kit - Windows 10.0.19041.1
ProductVersion	10.1.19041.1

VS_FIXEDFILEINFO

FileVersion	10.1.19041.1
ProductVersion	10.1.19041.1
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	4
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010

serial: 33000002CF6D2CC57CAA65A6D80000000002CF

Certificates (2)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:02:cf:6d:2c:c5:7c:aa:65:a6:d8:00:00:00:00:02:cf
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2010
        Validity
            Not Before: May  2 21:25:42 2019 GMT
            Not After : May  2 21:25:42 2020 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5a:f3:b5:5d:58:f9:43:0f:95:01:79:fa:74:
                    e5:b0:ca:b5:38:f0:92:ca:ec:9b:99:42:1d:3a:ea:
                    b5:8f:75:75:83:a9:1b:36:ff:40:96:8e:d7:75:0a:
                    d1:96:ae:c7:b3:77:12:39:82:d9:ee:48:75:3d:47:
                    ad:53:39:3c:69:d1:ca:d8:f0:3f:21:5a:4c:3a:e8:
                    28:67:c3:7d:20:53:4b:9c:8b:bc:93:f9:20:46:f0:
                    50:82:ca:6f:6a:4e:56:f1:d4:43:ae:d8:e9:db:be:
                    7c:77:7d:46:73:03:3a:64:e9:f6:2d:cb:25:51:0d:
                    90:c9:16:59:29:0c:15:20:63:a8:b8:4f:70:24:9d:
                    01:e5:69:94:49:c9:d6:58:a8:9b:89:b8:2f:e0:6e:
                    1b:a7:cc:9d:75:08:a6:c8:31:65:0f:a3:ed:bd:d6:
                    c6:93:8c:66:22:bf:48:57:1d:8c:a1:c1:e6:ad:90:
                    81:29:2b:8a:62:f4:c2:a1:db:c8:c1:79:23:74:37:
                    08:92:65:e3:57:01:e4:4f:a1:0a:f5:68:96:d6:09:
                    80:4a:05:dc:ae:30:d7:b1:5a:fb:1d:f9:84:de:92:
                    cb:f2:c0:f8:ea:26:6e:d3:73:7e:c5:66:a5:05:ac:
                    c4:eb:10:da:0c:5c:7c:36:99:9c:59:89:c6:94:47:
                    f6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                1.3.6.1.4.1.311.61.6.1, Code Signing
            X509v3 Subject Key Identifier: 
                37:F3:4D:EC:4D:AF:2C:04:31:A9:10:88:0B:58:C0:6F:03:BC:55:08
            X509v3 Subject Alternative Name: 
                DirName:/OU=Microsoft Ireland Operations Limited/serialNumber=230865+454244
            X509v3 Authority Key Identifier: 
                keyid:E6:FC:5F:7B:BB:22:00:58:E4:72:4E:B5:F4:21:74:23:32:E6:EF:AC

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         aa:30:8f:08:74:b1:28:88:0a:81:0c:cc:38:ea:b1:c0:47:9a:
         7d:f3:19:35:a6:e8:8b:e9:16:04:e4:c3:32:e1:29:f7:cc:b8:
         f0:c6:c3:02:d5:b0:8d:0b:41:fe:5c:a9:03:86:25:f5:24:9f:
         b0:04:c4:69:0a:27:94:04:b2:09:dc:19:af:bb:01:8b:92:e4:
         d8:72:04:07:72:81:d3:89:ca:d7:79:98:41:e5:a0:29:fb:95:
         91:d9:f8:8c:40:23:70:9a:b2:f6:cb:0a:75:0b:bd:1c:72:d7:
         ff:98:20:01:de:c0:cd:d0:d3:a5:ff:6b:0c:8b:f9:85:69:22:
         15:09:d7:4e:f2:c1:e9:d4:78:a7:d1:e3:46:f6:3d:a9:06:66:
         11:a3:9e:2f:ef:e6:d3:c5:80:29:c8:fa:d3:b7:98:0d:dc:a4:
         ce:84:68:eb:9b:fb:14:83:28:6d:22:57:9a:46:be:37:71:c4:
         ec:ed:38:8f:4d:6e:13:54:39:87:c6:f4:1e:41:df:ba:87:28:
         da:c2:c0:02:a5:80:52:3c:bd:9a:e2:66:c0:5e:c3:56:e8:65:
         1d:cc:d4:ec:f5:4d:05:ae:f3:9b:96:7b:f2:a9:3b:ae:e0:bb:
         3b:42:9b:ec:20:ba:ea:1c:6d:f4:6a:24:8f:31:01:3c:8a:0a:
         58:61:67:58

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:0c:52:4c:00:00:00:00:00:03
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
        Validity
            Not Before: Jul  6 20:40:17 2010 GMT
            Not After : Jul  6 20:50:17 2025 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:0e:64:50:79:67:b5:c4:e3:fd:09:00:4c:9e:
                    94:ac:f7:56:68:ea:44:d8:cf:c5:58:4f:a9:a5:76:
                    7c:6d:45:ba:d3:39:92:b4:a4:1e:f9:f9:65:82:e4:
                    17:d2:8f:fd:44:9c:08:e8:65:93:ce:2c:55:84:bf:
                    7d:08:e3:2e:2b:a8:41:2b:18:b7:a2:4b:6e:49:4c:
                    6b:15:07:de:d1:d2:c2:89:1e:71:94:cd:b5:7f:4b:
                    b4:af:08:d8:cc:88:d6:6b:17:94:3a:93:ce:26:3f:
                    ec:e6:fe:34:98:57:d5:1d:5d:49:f6:b2:2a:2e:d5:
                    85:bb:59:3f:f8:90:b4:2b:83:74:ca:2b:b3:3b:46:
                    e3:f0:46:49:c1:17:66:54:c9:1c:bd:1d:c4:55:62:
                    57:72:f8:67:b9:25:20:34:de:5d:a6:a5:95:5e:ab:
                    28:80:cd:d5:b2:9e:e5:03:b5:63:d3:b2:14:c8:c1:
                    c8:8a:26:0a:59:7f:07:ec:ff:0e:ed:80:12:35:4c:
                    12:a6:be:52:5b:f5:a6:da:e0:8b:0b:48:77:d6:85:
                    47:d5:10:b9:c6:e8:aa:ee:8b:6a:2d:05:5c:60:c6:
                    b4:2a:5b:9c:23:1c:5f:45:e3:1a:14:1e:6f:37:cb:
                    19:33:80:6a:89:4d:a3:6a:66:63:78:93:d5:30:cf:
                    95:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.1.311.21.1: 
                ...
            X509v3 Subject Key Identifier: 
                E6:FC:5F:7B:BB:22:00:58:E4:72:4E:B5:F4:21:74:23:32:E6:EF:AC
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                keyid:D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt

            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.311.46.3
                  CPS: http://www.microsoft.com/PKI/docs/CPS/default.htm
                  User Notice:
                    Explicit Text:  

    Signature Algorithm: sha256WithRSAEncryption
         1a:74:ef:57:4f:29:7b:c4:16:85:78:b8:50:d3:22:fc:09:9d:
         ac:82:97:f8:34:ff:2a:2c:97:95:12:e5:e4:bf:cf:bf:93:c8:
         e3:34:a9:db:81:b8:dc:1e:00:be:d2:35:6f:af:e5:7f:79:95:
         77:e5:02:d4:f1:eb:d8:cd:4e:1e:1b:61:a2:c2:5a:23:1a:f0:
         8c:a8:62:51:45:67:08:e3:3f:3c:1e:93:f8:30:85:17:c8:39:
         40:a6:d7:0e:b3:21:29:e5:a5:a1:69:8c:22:93:cc:74:98:e7:
         a1:47:43:f2:53:ac:c0:0f:30:69:7f:fe:d2:25:20:6d:6f:61:
         d3:df:07:d5:d9:72:00:2c:69:86:76:3d:51:db:a6:39:48:c9:
         37:61:6d:07:dd:53:19:cb:a7:d6:61:c2:bf:e2:83:ab:0f:e0:
         6b:9b:95:d6:7d:28:51:b0:89:4a:51:a4:9a:6c:c8:b7:1f:4a:
         1a:0e:69:a9:d7:dc:c1:7e:d1:49:70:aa:b6:ad:bb:72:47:63:
         17:fa:a6:d6:a2:a6:86:ec:a8:10:44:9b:63:b6:b2:69:89:06:
         c7:46:86:7a:18:3f:e8:c5:1d:21:d5:7b:f9:02:23:2d:c5:41:
         cb:bf:1d:4c:c8:16:ef:b1:9c:7f:fc:22:4b:49:8a:6e:15:e3:
         a6:7f:76:5b:d1:53:79:91:85:9d:d5:d2:db:3d:73:35:f3:3c:
         ae:54:b2:52:47:6a:c0:aa:13:95:d2:8e:11:da:99:67:5e:32:
         8c:fb:37:85:d1:dc:75:85:9c:87:c6:5a:57:85:c2:bf:dd:0d:
         8f:8c:9b:2d:eb:b4:ee:cf:27:d3:b5:5e:69:fa:a4:16:04:01:
         a7:24:67:73:cf:4d:4f:b6:de:05:56:97:7a:f7:e9:52:4d:f4:
         77:05:4f:85:c6:d8:0b:f1:8e:ed:42:09:d1:0d:76:e3:23:56:
         78:22:26:36:be:ca:b1:8c:6e:aa:1d:e4:85:da:47:33:62:8f:
         a4:c9:91:33:5f:71:1e:40:af:98:65:c9:22:e8:42:21:25:8a:
         1c:2d:60:d9:37:89:41:89:2a:16:0f:d7:61:3c:94:68:60:52:
         ef:d6:47:99:a0:80:40:ee:15:81:77:3e:9c:e0:53:18:1a:50:
         1d:38:95:9b:1e:66:33:13:27:39:17:78:87:36:ce:4e:c3:5f:
         b2:f5:3d:47:53:b6:e0:e5:db:0b:61:3d:2a:d7:92:2c:ce:37:
         5a:3e:40:42:31:a4:1f:10:08:c2:56:9c:bf:24:5d:51:02:9d:
         6a:79:d2:17:d3:da:c1:94:8e:07:7b:25:71:44:ab:06:6a:e6:
         d4:c6:df:23:9a:96:75:c5

undefined method `first' for #

show previews

offset	size	type	comment
0	708096	EXE	05/03/2018 22:56:03	#
15c1	15	HTM		#
ace00	646368	BIN	overlay data past EOF	#

Scanning the drive for archives:
1 file, 1354464 bytes (1323 KiB)


--
Type = PE
Physical Size = 1354464
CPU = x86
Characteristics = Executable 32-bit RemovableRun NetRun
Created = 2018-05-03 22:56:03
Headers Size = 1024
Checksum = 1415822
Image Size = 729088
Section Alignment = 4096
File Alignment = 512
Code Size = 303616
Initialized Data Size = 403456
Uninitialized Data Size = 0
Linker Version = 14.13
OS Version = 5.1
Image Version = 0.0
Subsystem Version = 5.1
Subsystem = Windows GUI
DLL Characteristics = Relocated NX-Compatible TerminalServerAware
Stack Reserve = 1048576
Stack Commit = 4096
Heap Reserve = 1048576
Heap Commit = 4096
Image Base = 4194304
Comment = FileVersion: 10.1.19041.1
ProductVersion: 10.1.19041.1
InternalName: setup
----
Path = [0]
Size = 637720
Packed Size = 637720
Virtual Size = 637720
Offset = 708096
--
Path = [0]
Type = Cab
Physical Size = 637719
Tail Size = 1
Method = MSZip
Blocks = 1
Volumes = 1
Volume Index = 0
ID = 0

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2019-12-07 08:36:46 ....A       208430               0
2018-05-03 15:56:22 ....A       114688               u0
2019-04-18 18:50:46 ....A       248576               u1
2019-04-18 18:49:02 ....A          797               u2
2019-04-18 18:49:02 ....A         3409               u3
2019-04-18 18:49:02 ....A         1320               u4
2019-04-18 18:49:02 ....A       155324               u5
2019-04-18 18:49:02 ....A          877               u6
2019-12-06 16:03:58 ....A       161280               u7
2019-12-06 16:06:26 ....A       203776               u8
2018-05-03 15:56:20 ....A        81920               u9
2019-04-18 18:49:02 ....A       231872               u10
2019-04-18 18:43:30 ....A       170800               u11
2018-05-03 15:56:24 ....A       180224               u12
2019-12-07 08:33:58 ....A        31474               u13
2019-12-07 08:36:46 ....A       244272               u14
------------------- ----- ------------ ------------  ------------------------
2019-12-07 08:36:46            2039039      1354464  16 files

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x6cac0

winsdksetup.exe- Windows Software Development Kit - Windows 10.0.19041.1

MZ Header

Rich Header

DOS stub

PE Header

Packer / Compiler

Sections

Data Directory

TLS

StringTable 040904E4

VS_FIXEDFILEINFO

Signers (1)

Certificates (2)

winsdksetup.exe
- Windows Software Development Kit - Windows 10.0.19041.1