Manalyze report for 23d49bf3f6383736399c964ada0045e61941c557d58160635abf46ac3ee36d1f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Mar-02 03:43:12
Detected languages	Chinese - PRC English - United Kingdom English - United States
CompanyName	SysTool PasSame LIMITED
FileDescription	Windows SysTool Service
FileVersion	`20.0.0.1953`
InternalName	Windows SysTool.exe
LegalCopyright	Copyright (C) 2015
OriginalFilename	Windows SysTool.exe
ProductName	Windows SysTool Service
ProductVersion	`20.0.0.1953`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Contains domain names: http://xa.xingcloud.com http://xa.xingcloud.com/v4/sof-windowspm/%s?action http://xa.xingcloud.com/v4/sof-windowspm/%s?action0 xa.xingcloud.com xingcloud.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegQueryValueExW RegCreateKeyW RegOpenKeyExW RegSetValueExW RegCloseKey RegOpenKeyW` `Possibly launches other programs: CreateProcessAsUserW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetCheckConnectionW InternetCrackUrlW WinHttpOpen WinHttpQueryDataAvailable WinHttpQueryHeaders WinHttpCloseHandle WinHttpConnect WinHttpWriteData WinHttpSendRequest WinHttpGetIEProxyConfigForCurrentUser WinHttpSetOption WinHttpSetTimeouts WinHttpReceiveResponse WinHttpOpenRequest WinHttpAddRequestHeaders WinHttpReadData WinHttpCrackUrl WinHttpGetProxyForUrl` `Leverages the raw socket API to access the Internet: __WSAFDIsSet recv gethostbyname send htons WSACleanup closesocket socket select inet_addr WSAStartup ioctlsocket WSAGetLastError connect` `Functions related to the privilege level: DuplicateTokenEx AdjustTokenPrivileges OpenProcessToken` `Interacts with services: DeleteService ControlService QueryServiceStatusEx CreateServiceW OpenServiceW OpenSCManagerW` `Enumerates local disk drives: GetLogicalDriveStringsW` `Manipulates other processes: OpenProcess EnumProcesses EnumProcessModules`
Info	The PE is digitally signed.	`Signer: Cherished Technology Limited` `Issuer: GlobalSign CodeSigning CA - SHA256 - G2`
Malicious	VirusTotal score: 62/72 (Scanned on 2025-03-09 21:00:18)	`ALYac: Gen:Variant.Application.Elex.359` `APEX: Malicious` `AVG: Win32:SupTab-R [Adw]` `AhnLab-V3: PUP/Win32.SearchProtect.C747068` `Alibaba: AdWare:Win32/WProtManager.1573da33` `Antiy-AVL: GrayWare[AdWare]/Win32.WProtManager` `Arcabit: PUP.Adware.WProtManager` `Avast: Win32:SupTab-R [Adw]` `Avira: ADWARE/ELEX.Gen` `BitDefender: Gen:Variant.Application.Elex.359` `CAT-QuickHeal: PUA.Cherishedt1.Gen` `CTX: exe.adware.elex` `ClamAV: Win.Trojan.Staser-9645762-0` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.Click3.11058` `ESET-NOD32: a variant of Win32/Adware.ELEX.PY` `Elastic: malicious (high confidence)` `Emsisoft: Application.Generic (A)` `F-Secure: Adware:W32/Elex.A` `FireEye: Generic.mg.f94557f8fd41731a` `Fortinet: Riskware/Elex` `GData: Win32.Adware.Graftor.B` `Google: Detected` `Gridinsoft: Adware.Win32.ELEX.vl!c` `Ikarus: not-a-virus:AdWare.ELEX` `Jiangmin: AdWare/WProtManager.ah` `K7AntiVirus: Riskware ( 0040eff71 )` `K7GW: Riskware ( 0040eff71 )` `Kaspersky: not-a-virus:AdWare.Win32.WProtManager.an` `Kingsoft: Win32.Troj.WProtManager.an` `Lionic: Adware.Win32.WProtManager.2!c` `Malwarebytes: Generic.Malware.AI.DDS` `MaxSecure: Trojan.Malware.7164915.susgen` `McAfee: Generic PUP.cq` `McAfeeD: ti!23D49BF3F638` `MicroWorld-eScan: Gen:Variant.Application.Elex.359` `Microsoft: BrowserModifier:Win32/SupTab` `NANO-Antivirus: Trojan.Win32.Click3.dsekkt` `Paloalto: generic.ml` `Panda: Trj/Genetic.gen` `Rising: PUF.XingSof!8.F16C (TFE:5:7gifjxf2LFE)` `SUPERAntiSpyware: Adware.WProtMan/Variant` `SentinelOne: Static AI - Malicious PE` `Skyhigh: Generic PUP.cq` `Sophos: Elex (PUA)` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.10b8ddd0` `TrendMicro: ADW_SPROTECT.GC` `TrendMicro-HouseCall: ADW_SPROTECT.GC` `VBA32: Adware.Elex` `VIPRE: Gen:Variant.Application.Elex.359` `ViRobot: Adware.Agent.493712` `VirIT: PUP.Win32.Cherished.A` `Webroot: Pua.Gen` `Xcitium: Application.Win32.Elex.D@6lhxza` `Yandex: Trojan.GenAsa!AFkMtAl35d4` `Zillya: Adware.WProtManager.Win32.27` `alibabacloud: Adware:Win/SupTab.B` `huorong: Adware/Elex.f`

Hashes

MD5	`f94557f8fd41731a3d180383a516fbe3`
SHA1	`e527bbcafeddc287a621a2db49a1f10502c1e3d0`
SHA256	`23d49bf3f6383736399c964ada0045e61941c557d58160635abf46ac3ee36d1f`
SHA3	`2aa2163243b2f2881eca6e7a87de88decc2fc0a8dd72fae0749cd777b9ae54db`
SSDeep	`6144:9X7Ju/fr7DssbcyqePnv1f+OZz/rYX8fZWZxTg7YE+6NxnyDUILtT2B8yWLp+V:97JKrkwbv1GOZzy8fZWYxNtyDUatZLc`
Imports Hash	`2f1f537ba36d95e284f3536137312ad3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2015-Mar-02 03:43:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x4f800`
SizeOfInitializedData	`0x29e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001D26D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x51000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x7c000`
SizeOfHeaders	`0x400`
Checksum	`0x83aef`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fda5dc86276098a8ede9ecc9979341ae`
SHA1	`ccfc1413fe6b3a377c2876827d7ed7f79b20ac2e`
SHA256	`cfb0280247643b677de775661e55e5bbccda21ff6ae1d62c3721daed24a15d7d`
SHA3	`a0be62b33117a19404368606d7037869724d5a8e1f23fbec7c70222f253c32b8`
VirtualSize	`0x4f65f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4f800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.71605`

.rdata

MD5	`e4f8eb2ff835d66407af0838b0d88eb0`
SHA1	`d03639a8773aeb2a90e1a4aee93ee6a18c220c77`
SHA256	`ed9b1603b6b1d6fdf5cb32c43e1a6525c35e792e868047a2ef075b7752ddd091`
SHA3	`c3cdb291c4454f4bcaf21d8f6dd885cbc8faf21505eb5f735ef0da14132bbaa6`
VirtualSize	`0x10b1c`
VirtualAddress	`0x51000`
SizeOfRawData	`0x10c00`
PointerToRawData	`0x4fc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.6501`

.data

MD5	`721ecff47095678146c86a8923f9663e`
SHA1	`53a85630bf69fa7508768cf527bcfee6a7c84f31`
SHA256	`988c250adac496cdc1ce70e4db413c91dcce0789fdceea6fd546c3024a9e49fa`
SHA3	`775ea675760531316662e70f64094931ae8c3139fde002aa30fc67d6974e8c6c`
VirtualSize	`0x6b40`
VirtualAddress	`0x62000`
SizeOfRawData	`0x4400`
PointerToRawData	`0x60800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.41998`

.rsrc

MD5	`59176ccb7d2b0c52409559ef41e5b4bb`
SHA1	`e6152436c869e5f0cc447462fb61dc14348b4d0f`
SHA256	`03f1d13515c1395d992a15c1e290a1d5daef17f6fe1db5301f8d16e4f0d98ad5`
SHA3	`62e15fd50bd0a09db348b20462111ee7032228edab14c682a05083de60ef61d0`
VirtualSize	`0x2810`
VirtualAddress	`0x69000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x64c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.97898`

.reloc

MD5	`7f1d380ce0a6f8b985b2633ab2918632`
SHA1	`39f7dad9f8dcaa6f8f4013ff443a54fe440ba30f`
SHA256	`f19788d22ea6409344b566d030752a05ff4b5b1ea136f019cdf33856afa7f554`
SHA3	`6867d4c6093f279710cf7953def58a21376a1094cc697ac3afccd4619a92bf20`
VirtualSize	`0xfbb2`
VirtualAddress	`0x6c000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x67600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.4496`

Imports

KERNEL32.dll	`GetEnvironmentVariableW` `SetPriorityClass` `SetThreadPriority` `GetCurrentThread` `LocalFree` `GetSystemDirectoryW` `GetLogicalDriveStringsW` `QueryDosDeviceW` `OpenProcess` `GetSystemWindowsDirectoryW` `ProcessIdToSessionId` `DeleteFileW` `GetSystemDefaultLangID` `GetShortPathNameW` `MultiByteToWideChar` `GetSystemTimeAsFileTime` `SetFilePointer` `WriteFile` `lstrlenW` `FlushFileBuffers` `TerminateThread` `WaitForMultipleObjects` `SignalObjectAndWait` `SetEndOfFile` `LoadLibraryW` `GetProcessHeap` `GetTickCount` `HeapFree` `HeapAlloc` `InitializeCriticalSectionAndSpinCount` `GetLastError` `MoveFileExW` `CopyFileW` `CreateDirectoryW` `WaitForSingleObject` `SetEvent` `CreateEventW` `OutputDebugStringW` `GetLocalTime` `GetPrivateProfileStringA` `GetWindowsDirectoryA` `Sleep` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `InitializeCriticalSection` `GetVersionExW` `GetModuleFileNameW` `GetCurrentProcess` `GetModuleHandleW` `GetProcAddress` `GlobalFree` `DeviceIoControl` `GlobalAlloc` `CreateFileW` `CloseHandle` `WideCharToMultiByte` `UnregisterWait` `GetThreadPriority` `SetStdHandle` `CreateTimerQueue` `RegisterWaitForSingleObject` `GetNumaHighestNodeNumber` `ChangeTimerQueueTimer` `UnregisterWaitEx` `QueryDepthSList` `InterlockedFlushSList` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InitializeSListHead` `ReleaseSemaphore` `DuplicateHandle` `VirtualProtect` `VirtualFree` `VirtualAlloc` `GetModuleHandleA` `FreeLibraryAndExitThread` `GetThreadTimes` `SwitchToThread` `SetThreadAffinityMask` `GetProcessAffinityMask` `DeleteTimerQueueTimer` `HeapReAlloc` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCurrentProcessId` `QueryPerformanceCounter` `SetFilePointerEx` `GetConsoleCP` `GetOEMCP` `GetACP` `IsValidCodePage` `HeapSize` `ExitProcess` `ReadConsoleW` `RaiseException` `InterlockedExchange` `FreeLibrary` `LoadLibraryExA` `InterlockedIncrement` `InterlockedDecrement` `GetCurrentThreadId` `EncodePointer` `DecodePointer` `GetStringTypeW` `CreateThread` `ExitThread` `ResumeThread` `GetCommandLineW` `IsDebuggerPresent` `IsProcessorFeaturePresent` `GetStdHandle` `GetFileType` `GetModuleHandleExW` `WriteConsoleW` `LoadLibraryExW` `RtlUnwind` `GetCPInfo` `TlsGetValue` `CreateTimerQueueTimer` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `SetLastError` `TerminateProcess` `TlsAlloc` `TlsSetValue` `TlsFree` `GetStartupInfoW` `CreateSemaphoreW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `ReadFile` `GetConsoleMode`
USER32.dll	`wsprintfW`
ADVAPI32.dll	`RegQueryValueExW` `SetTokenInformation` `ConvertStringSidToSidW` `DuplicateTokenEx` `GetTokenInformation` `CreateProcessAsUserW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `SetServiceStatus` `RegisterServiceCtrlHandlerExW` `StartServiceCtrlDispatcherW` `ReportEventW` `RegisterEventSourceW` `DeleteService` `ControlService` `EnumDependentServicesW` `StartServiceW` `QueryServiceStatusEx` `RegCreateKeyW` `ChangeServiceConfig2W` `CreateServiceW` `CloseServiceHandle` `OpenServiceW` `OpenSCManagerW` `DeregisterEventSource` `RegOpenKeyExW` `RegSetValueExW` `RegCloseKey` `RegOpenKeyW`
PSAPI.DLL	`EnumProcesses` `GetModuleFileNameExW` `EnumProcessModules`
WININET.dll	`InternetCheckConnectionW` `InternetCrackUrlW`
WS2_32.dll	`__WSAFDIsSet` `recv` `gethostbyname` `send` `htons` `WSACleanup` `closesocket` `socket` `select` `inet_addr` `WSAStartup` `ioctlsocket` `WSAGetLastError` `connect`
WINHTTP.dll	`WinHttpOpen` `WinHttpQueryDataAvailable` `WinHttpQueryHeaders` `WinHttpCloseHandle` `WinHttpConnect` `WinHttpWriteData` `WinHttpSendRequest` `WinHttpGetIEProxyConfigForCurrentUser` `WinHttpSetOption` `WinHttpSetTimeouts` `WinHttpReceiveResponse` `WinHttpOpenRequest` `WinHttpAddRequestHeaders` `WinHttpReadData` `WinHttpCrackUrl` `WinHttpGetProxyForUrl`
SensApi.dll	`IsNetworkAlive`
VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoW`
SHELL32.dll (delay-loaded)	`ShellExecuteExW` `SHChangeNotify` `SHGetFolderPathW`

Delayed Imports

Attributes	`0x1`
Name	`SHELL32.dll`
ModuleHandle	`0x663c0`
DelayImportAddressTable	`0x66380`
DelayImportNameTable	`0x60690`
BoundDelayImportTable	`0x60774`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25755`
MD5	`c5af786bfd9fd1c53c8fe9f0bd9ce38b`
SHA1	`4f6f7d9973b47063aa5353225a2bc5a76aa2a96a`
SHA256	`f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b`
SHA3	`e178a71f02edb18e31bf550d484b2cba8d865e1e9796065addb07855ce5627f9`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47151`
MD5	`0a451222f7037983439a58e3b44db529`
SHA1	`6881cba71174502883d53a8885fb90dad81fd0c0`
SHA256	`dc785b2a3e4ea82bd34121cc04e80758e221f11ee686fcfd87ce49f8e6730b22`
SHA3	`d5599c242df5383add3fb330d42b31f1751594b36bbf52195e7d1dd564e7f0e3`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91708`
MD5	`90ed3aac2a942e3067e6471b32860e77`
SHA1	`b849a2b9901473810b5d74e6703be78c3a7e64e3`
SHA256	`ca8fc96218d0a7e691dd7b95da05a27246439822d09b829af240523b28fd5bb3`
SHA3	`3f02085a0d69091556ede0b585f45145adce9849e175d8177c2f0fe0891a1bd8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.91366`
MD5	`af05dd5bd4c3b1fc94922c75ed4f9519`
SHA1	`f54685a8a314e6f911c75cf7554796212fb17c3e`
SHA256	`3bbacbad1458254c59ad7d0fd9bea998d46b70b8f8dcfc56aad561a293ffdae3`
SHA3	`150dba8cc825d5c0e9ff3c59015533288d19931847210338a3ef7cdc390c0e78`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93257`
MD5	`9672b12784736875de8a7a86503b8d7d`
SHA1	`26a01ce5a289eeac83a0060261dfe32deba5ef54`
SHA256	`324507bcd33928c54048fb142e9bb62bde80fa019dd00c4d3ca9ed1e06546f2e`
SHA3	`4b63398972bf65536792431db1bcb31d2926bdd58f3ee8cbac6d1e958490d18d`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.14675`
MD5	`fd881fe96555c23177aea9a3369e20a6`
SHA1	`5d442cef57659136446e782f3449c33586bd2795`
SHA256	`a134a35831460694ce4583e9faf788061ca7c2035436c1aba3c45128fe636153`
SHA3	`e3484617787a838496ec6cccf2bbfd05d815ea49642cf26569c0e24b03464345`

109

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71163`
MD5	`2886ccd7dc1bd6dec8413a00b53046a0`
SHA1	`a09dea8ae745541a9d191d42d68510db8f648b5d`
SHA256	`a29831e4a3fac395e2aa86df5a0906ed2beebda018745be869477d636148f7af`
SHA3	`fc89873b946c12a8b176b7eff05b2c4445b56a96c045e40e9d49ecc09a4d0fcb`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17954`
MD5	`9643025f823c0d4884115bba03f7d61a`
SHA1	`e03425f76f7320d1cc334bdecdae8d5813cd8f47`
SHA256	`1f0703d89117e40b59d120121e34bdfdd1a11575ab6be1fee8754839660996d6`
SHA3	`f53e6f628bd83c56b09cc485c1a0bb06dcbec5d2fb3a3073c523cef9703c562b`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.65597`
MD5	`22124c0126c4e30002c9de742daa2c59`
SHA1	`fea38b3d6879d0893ae8788b9bbbe40b80ff25b3`
SHA256	`cf31e83b167f2a8483758eea0bfceb7aed649f1c6a567bc3ba260111e14c094d`
SHA3	`f17d0c398713f7535ea15264ca7acde9673bd78127f3c84fd3e5e05d97ff808b`

109 (#2)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64576`
Detected Filetype	Icon file
MD5	`f6262f462f61a1af1cac10cf4b790e5a`
SHA1	`4aa3239c2c59fa5f246b0dd68da564e529b98ff4`
SHA256	`44b095a62d7e401671f57271e6cada367bb55cf7b300ef768b3487b841facd3c`
SHA3	`f2a1d165133c29eba349014fa5f8059ddebe1aba5b220fb89f1a474e95c482ca`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55094`
Detected Filetype	Icon file
MD5	`61e0aa5f933cda6bdca69a374f6629b4`
SHA1	`614fdccf2b40b957d07c8bf224881c58a14dc5b2`
SHA256	`e3b15d2e8659dc4d95f9cef5ceaa282b543a8c0d1ab886ce0bc7f1ffbd4bb96e`
SHA3	`4823ffa3c0fcc0c087712b7038629741c0c87689cc10578f1a86dbc0486edcb1`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x334`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48409`
MD5	`21c61176ee5bf1cd762b6c444d4065b2`
SHA1	`b7eb6cf1a8f7e9fd8659ff7cd29c36c37710b5e5`
SHA256	`c732cf632f3a55dea7291969e23ff59bfadc33c97b15a4e4d7966723d07c0fcc`
SHA3	`a027b383fac3f426b84ccc9ef71adf3396e59edeb579a6bea2ed9c90ebb6f223`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

String Table contents

NewGdp
NEWGDP

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	20.0.0.1953
ProductVersion	20.0.0.1953
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United Kingdom
CompanyName	SysTool PasSame LIMITED
FileDescription	Windows SysTool Service
FileVersion (#2)	20.0.0.1953
InternalName	Windows SysTool.exe
LegalCopyright	Copyright (C) 2015
OriginalFilename	Windows SysTool.exe
ProductName	Windows SysTool Service
ProductVersion (#2)	20.0.0.1953

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4629bc`
SEHandlerTable	`0x45ca10`
SEHandlerCount	`187`

RICH Header

XOR Key	`0x2f879b1b`
Unmarked objects	`0`
ASM objects (50929)	`35`
C objects (50929)	`226`
C++ objects (50929)	`141`
Imports (VS2008 SP1 build 30729)	`19`
Total imports	`241`
211 (60430)	`28`
Resource objects (60430)	`1`
151	`1`
Linker (60430)	`1`

Errors

Leave a comment

No comments yet.