Manalyze report for 24ca3b2fb2e2b5cc57e9b5308dec3344

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2011-Nov-16 03:19:31
Detected languages	Chinese - PRC
Comments
CompanyName	上海格尔软件有限公司
FileDescription	格尔发证客户端 - 配置工具 v1.3(build20111116)
FileVersion	`1, 3, 0, 0`
InternalName	KoalClientRegTools
LegalCopyright	版权所有 (C) 2011
LegalTrademarks
OriginalFilename	KoalClientRegTools.EXE
PrivateBuild
ProductName	KoalClientRegTools 应用程序
ProductVersion	`1, 3, 0, 0`
SpecialBuild

Plugin Output

Suspicious	PEiD Signature:	`ASPack v2.12`
Suspicious	The PE is packed with Aspack or Armadillo	`Section .text is both writable and executable.` `Unusual section name found: .aspack` `Section .aspack is both writable and executable.` `Unusual section name found: .adata` `Section .adata is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey` `Interacts with the certificate store: CertAddCertificateContextToStore`
Suspicious	The PE is possibly a dropper.	`Resource 130 is possibly compressed or encrypted.` `Resource 100 is possibly compressed or encrypted.` `Resource 135 is possibly compressed or encrypted.` `Resources amount for 83.6156% of the executable.`
Info	The PE is digitally signed.	`Signer: \xE4\xB8\x8A\xE6\xB5\xB7\xE6\xA0\xBC\xE5\xB0\x94\xE8\xBD\xAF\xE4\xBB\xB6\xE8\x82\xA1\xE4\xBB\xBD\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8` `Issuer: WoSign Code Signing Authority`
Malicious	VirusTotal score: 28/69 (Scanned on 2019-09-30 07:30:21)	`MicroWorld-eScan: Gen:Variant.Ursu.382349` `FireEye: Gen:Variant.Ursu.382349` `CAT-QuickHeal: Trojan.Ursu` `McAfee: RDN/Generic.dfd` `Cylance: Unsafe` `Invincea: heuristic` `ESET-NOD32: a variant of Win32/Koal.A potentially unwanted` `BitDefender: Gen:Variant.Ursu.382349` `NANO-Antivirus: Trojan.Win32.BlackHole.fbelqg` `Endgame: malicious (moderate confidence)` `DrWeb: BackDoor.BlackHole.35776` `Zillya: Trojan.GenericKD.Win32.78181` `TrendMicro: TROJ_GEN.R002C0PC719` `McAfee-GW-Edition: RDN/Generic.dfd` `Trapmine: malicious.moderate.ml.score` `Emsisoft: Gen:Variant.Ursu.382349 (B)` `Avira: BDS/BlackHole.427421` `Fortinet: Riskware/Koal` `Arcabit: Trojan.Ursu.D5D58D` `Acronis: suspicious` `ALYac: Gen:Variant.Ursu.382349` `Ad-Aware: Gen:Variant.Ursu.382349` `TrendMicro-HouseCall: TROJ_GEN.R002C0PC719` `Yandex: BackDoor.BlackHole!` `Ikarus: Virus.Win32.CeeInject` `MaxSecure: Trojan.Malware.7175203.susgen` `GData: Gen:Variant.Ursu.382349` `Cybereason: malicious.fb2e2b`

Hashes

MD5	`24ca3b2fb2e2b5cc57e9b5308dec3344`
SHA1	`26b67f338373dd3cdbc42e21c62645ee951fb22b`
SHA256	`e6342c52a103d9fb04d977b847ddeac2b0e6bef5b76ccd8ce62520ef31686975`
SHA3	`6a04098d9ee35253cb2811e8276b16a914663b595aa201cf03f39ac8892a5900`
SSDeep	`6144:2jka3FVfp3cdNtSVojhUvk16pi15MeUQfqz4uZ6LY/TTP2JxO67LXto7ZXGjwyR+:g3BIN0Vo5Epi15M0COYL4RAZXGj/w`
Imports Hash	`05fccdf3f721058f40b656a4df3106a3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2011-Nov-16 03:19:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x27000`
SizeOfInitializedData	`0xe8000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00110001 (Section: .aspack)`
BaseOfCode	`0x1000`
BaseOfData	`0x28000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x113000`
SizeOfHeaders	`0x400`
Checksum	`0x7875c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2517990092ef86bfd6dcbd11b2dbc295`
SHA1	`cac2a9103a327aa55bcd997fe7a51dc58502f59e`
SHA256	`184e1a8a155d961f6f8f9c75192453d91cda9c1b747e2ae31b77a771d2c45b05`
SHA3	`896ad17191ba41edcd418f57e80e2a108c75b24b91b16d1441b3398dae7cf767`
VirtualSize	`0x27000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99468`

.rdata

MD5	`05abb985e1c738aad7502d6b7fa1cdff`
SHA1	`f797999696ebc5fbc308d2dd2e4e3b07623f7a14`
SHA256	`65ddb0253828172da0a330e5bfdb45498218ee21577731f1b4b28d7dc1caf967`
SHA3	`6a21a3a06a7087a24faa5442a0b5860099ba3050ad4123f0a12c025e6072c68c`
VirtualSize	`0xa000`
VirtualAddress	`0x28000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x14a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.93272`

.data

MD5	`59af51faee96c156da9a905126a1196b`
SHA1	`01666f1f5f4025b35228b45f7b7d55c7eb9e3961`
SHA256	`5de814d2e1eb2c90cf968b2542206a3c52a07592894bdbb7437a30d1c777ce5b`
SHA3	`cd96a511b643931d439b0ebb217e52caa0e55aa3038fb8cd645abdfaea95d7b1`
VirtualSize	`0x9000`
VirtualAddress	`0x32000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.7062`

.rsrc

MD5	`c761177c595a07c49f650fdaa6e52bda`
SHA1	`badaa367d5cf98c7f3d0c2ef2d17ed3836bde24f`
SHA256	`16b583dba9d307440f9c6fe904865a867fcd53e7f22fb4310c14930617807e80`
SHA3	`73bc64baaee1ac79dbfc36363863d500040e46a8415f9bcd5856a862ec0bf65a`
VirtualSize	`0xd5000`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x4d800`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99744`

.aspack

MD5	`cbd494801bc781c35816230b379b37a1`
SHA1	`fed921d26c30ad5eb085992518e77700389874ed`
SHA256	`b06e3bcb5e52769850e304a1597532597b8fdda4225d28acc3e5fa2629886df5`
SHA3	`0be761c85bb7a1e13d0a65674c4dfc40907c27502059576ea0aa832178c3cd27`
VirtualSize	`0x2000`
VirtualAddress	`0x110000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x65e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.32795`

.adata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x112000`
SizeOfRawData	`0`
PointerToRawData	`0x67a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Imports

kernel32.dll	`GetProcAddress` `GetModuleHandleA` `LoadLibraryA`
crypt32.dll	`CertAddCertificateContextToStore`
user32.dll	`InvalidateRect`
gdi32.dll	`BitBlt`
comdlg32.dll	`GetFileTitleA`
winspool.drv	`ClosePrinter`
advapi32.dll	`RegCloseKey`
comctl32.dll	`#17`
oledlg.dll	`#8`
ole32.dll	`CoFreeUnusedLibraries`
olepro32.dll	`#253`
oleaut32.dll	`#7`

Delayed Imports

130

Type	`OCX`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x54b48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99111`
MD5	`7dc2272e8644143c6c10d60be0ca3fd9`
SHA1	`a7c7cc1a97cbbcc1a46f17b7c8072d41e21f766d`
SHA256	`4fd1b23637216c50db52d664fbfadb714ec352ff55be77baf4a610a8db889360`
SHA3	`ad52e8c0f2eba065137783858155cfbd789a499152d8d0dc3927a178b16fa529`

137

Type	`P7B`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x611`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

151

Type	`P7B`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x615`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3

Type	`RT_CURSOR`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

4

Type	`RT_CURSOR`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

26567

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x5e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

30994

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

30995

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x16c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

30996

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82395`
MD5	`2d9000958378660b7f499be6c00887ec`
SHA1	`eb85110f3112e9d3016ab7a4dc2bde5541350c88`
SHA256	`4b42002e026584d79a8700d247397e8b39d79744fa6dabdfde9d2ab80ae7e238`
SHA3	`ea04bc93278f815a6906c09b283d6ba94e4050e1e97c92038e0b2a3adb66ad33`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.55844`
MD5	`707486d4e59854af6fc5e2fb2b9aea2a`
SHA1	`f278ef6c989341f660be68b6915f092f2cba6df4`
SHA256	`ffd9b48eeb36e492268056fa57ec0106406baf928a35afecd3af7a7e9c5fa2b5`
SHA3	`fff3e108691be80baf0efcc6bbf49d1d5c7906c5b04e1576b25a6b10585998c0`

100

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x106`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.14811`
MD5	`8c68ffc48c42883b6cb418dea9a89075`
SHA1	`1de3739bffe1ea8e3bc3412cee9f023da44e0779`
SHA256	`5f63e0972f450374559cda07f9f8f0abf054ddd46e086cc6b93758463ced331c`
SHA3	`a74299ed4df6daf7ec355009a6c1687f91441d27b67b524a1e6e7b2be9f73346`

102

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xd4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.93154`
MD5	`b5bc4af6fad76b385b6df1bc03a7db8a`
SHA1	`1f4324d7f2969f15e4ce0f36da28e05ad596dd95`
SHA256	`16b1dcdcd5eec2ab86574ff24d15cd2015c2fa144f1015bb9a95673f8c042dcd`
SHA3	`d9ec416de0d37320a55c4b6b8428e8321e593d5e1e812ecf65da084b2fe0e5d4`

135

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.01879`
MD5	`0e0a870f6b211eadb0a8820aa3cf9714`
SHA1	`b0a56cd03232200540b1f7a31269adad46aa8150`
SHA256	`7f2d710d9e9476beca3496f07e09ab520afc2255db1b834c1fc3e68cf346f3cc`
SHA3	`b690155a8f998282ae68a0015598439b1124105eed7b0a9052d87264da473c41`

30721

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xe2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

7

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x58`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3841

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3842

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3843

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x78`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3857

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3858

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x12a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3859

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x146`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3865

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3866

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x64`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3867

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3868

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x114`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

3869

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x24`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

30977

Type	`RT_GROUP_CURSOR`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

128

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.73901`
MD5	`2ae8e80f81522c70d32e58f66c6bc9bf`
SHA1	`b8798006c819ee20f8e5605ca6513fc52e6cabee`
SHA256	`e05cc9056449d85961fbffb7af3192a4dec5ee479de5ddb53c1d885bdd321486`
SHA3	`071670a8d4412c9084552bf33423eb75b8e12a3f7d94664e1ffe35f1ba198e51`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.0.0
ProductVersion	1.3.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Chinese - PRC
Comments
CompanyName	上海格尔软件有限公司
FileDescription	格尔发证客户端 - 配置工具 v1.3(build20111116)
FileVersion (#2)	1, 3, 0, 0
InternalName	KoalClientRegTools
LegalCopyright	版权所有 (C) 2011
LegalTrademarks
OriginalFilename	KoalClientRegTools.EXE
PrivateBuild
ProductName	KoalClientRegTools 应用程序
ProductVersion (#2)	1, 3, 0, 0
SpecialBuild

Resource LangID	Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x5dd00e38`
Unmarked objects	`0`
Unmarked objects (#2)	`1`
C objects (2190)	`10`
14 (7299)	`27`
C objects (VS98 SP6 build 8804)	`138`
Total imports	`514`
Imports (2179)	`27`
C++ objects (VS98 SP6 build 8804)	`100`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .adata has a size of 0!
[*] Warning: Resource  is empty!
[*] Warning: Resource  is empty!
[!] Error: Bitmap  is malformed!
[!] Error: Bitmap  is malformed!
[!] Error: Bitmap  is malformed!
[!] Error: Bitmap  is malformed!
[*] Warning: Resource  is empty!
[*] Warning: Resource 30977 is empty!