Manalyze report for 2d319baeea99e36edeb07c59bd39ab49

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jan-31 04:16:58
Detected languages	Chinese - PRC English - United States
Debug artifacts	D:\code\pc\deskcalcode\deskcal3\output\bin32\pdb\desktopcal.pdb
Comments	If you have any questions or suggestions, please feel free to contact www.desktopcal.com.
CompanyName	Beijing Xiaowei Cloud Inc.
FileDescription	CalendarTask
FileVersion	`3.10.174.6418`
InternalName	destkopcalx.exe
LegalCopyright	Copyright (C) 2024 Beijing Xiaowei Cloud Inc. All rights reserved.
LegalTrademarks	CalendarTask
OriginalFilename	destkopcalx.exe
PrivateBuild	3.0
ProductName	desktopcalx Module
ProductVersion	`3.10.174.6418`
SpecialBuild	3.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8` `MASM/TASM - sig1(h)` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: api-update.xdiarys.com crl.sectigo.com crl.usertrust.com crt.sectigo.com crt.usertrust.com d.symcb.com d.xdiarys.com desktopcal.com http://crl.sectigo.com http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t http://crl.usertrust.com http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v http://crt.sectigo.com http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# http://crt.usertrust.com http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0% http://ocsp.sectigo.com0 http://ocsp.usertrust.com0 http://s1.symcb.com http://s1.symcb.com/pca3-g5.crl0 http://s2.symcb.com0 http://sv.symcb.com http://sv.symcb.com/sv.crl0a http://sv.symcb.com/sv.crt0 http://sv.symcd.com0 http://sv.symcd.com0& http://www.symauth.com http://www.symauth.com/cps0 http://www.symauth.com/rpa00 https://d.symcb.com https://d.symcb.com/cps0% https://d.symcb.com/rpa0 https://sectigo.com https://www.xdiarys.com idesktopcal.com s1.symcb.com sectigo.com sv.symcb.com symauth.com symcb.com update.xdiarys.com usertrust.com www.desktopcal.com www.symauth.com www.xdiarys.com xdiarys.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: FindWindowW` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegisterHotKey RegCloseKey RegCreateKeyExW RegOpenKeyExW RegSetValueExW RegEnumKeyExW RegNotifyChangeKeyValue RegDeleteKeyW SHGetValueW` `Possibly launches other programs: CreateProcessW` `Functions related to the privilege level: AdjustTokenPrivileges` `Manipulates other processes: OpenProcess` `Can take screenshots: FindWindowW GetDC CreateCompatibleDC BitBlt`
Malicious	The PE is possibly a dropper.	`Resource 203 detected as a PE Executable.`
Info	The PE is digitally signed.	`Signer: Beijing Xiaowei Cloud Inc.` `Issuer: Sectigo Public Code Signing CA R36`
Safe	VirusTotal score: 0/71 (Scanned on 2024-04-23 03:46:12)	`All the AVs think this file is safe.`

Hashes

MD5	`2d319baeea99e36edeb07c59bd39ab49`
SHA1	`f9fbf0d7cad040b6280b4978e655932a19243c8b`
SHA256	`a008b55f9fb8ce197acb399b3fa62ab1bfdf5dc8e9d5be892d5ff7185269e6a0`
SHA3	`0e0df9dcccd64ebd1e54d6dda97ac32c3730417479046e2eea9139ea0647c786`
SSDeep	`12288:tZsJzOHgBHwbVavNCxDdeAe2qT6QcFRJ07dk2OMH:tZsxOHYQcoeAe2qT6QcFj0xk2OMH`
Imports Hash	`b4dfeb54bbb64a465764245649cb990c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2024-Jan-31 04:16:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x22000`
SizeOfInitializedData	`0x89000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001EF96 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x23000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xac000`
SizeOfHeaders	`0x1000`
Checksum	`0xb37e3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fe95d40e167a9c1f4c67f4024bf869d0`
SHA1	`696f11e73ed1754ca41c9bb6199c052163aa247c`
SHA256	`205fce6b9d10bf80059f25cfbe19dc67d4a85a61c8bfca005303fb7c0bd3edc7`
SHA3	`5c0c5adf166a9b4fd503f77359be9031482820758f6150ed17a411306c01d48f`
VirtualSize	`0x216d9`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.23766`

.rdata

MD5	`99c303f8d0f5051c8e4722494fdfcbc8`
SHA1	`99f4b0c96fce8a703125e5dcea2fb19e1ec95926`
SHA256	`213e3e0bc5bd2a3b00f3abbf03904f70857baa3284fc06dee1b9f3b52c4ad661`
SHA3	`9aa6ef2420737824716fcda729b0a46b31f195f2194d607cb6045a2d2d4e2429`
VirtualSize	`0xe218`
VirtualAddress	`0x23000`
SizeOfRawData	`0xf000`
PointerToRawData	`0x23000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.37179`

.data

MD5	`50eb5199d263682cd401d4efb3a70297`
SHA1	`d51ca25eba09d6bfc7e9b833b1172f446a3dbe3e`
SHA256	`c01a8f7eed1d2d33f8fb03eb124a32bf35c1ce0b4aae900b833f93e37c053107`
SHA3	`ea1d3bfab33b7e4efd46728b9c736910296480f4e4df55fe0dd43a00820aea1f`
VirtualSize	`0x49d8`
VirtualAddress	`0x32000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x32000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.5413`

.rsrc

MD5	`00a4c0d3979609764200359c36c21bca`
SHA1	`173e1296b597a4117e19302c2e005279fce56bd9`
SHA256	`bd06d0b344671042bcc94f8211cc2a9759b43d5a8114745d54cb4fbf13d6cbee`
SHA3	`1d988f1314cfad44fe6a218212e17edd7efefe3716ccc2ceea42aba7397f6546`
VirtualSize	`0x744c8`
VirtualAddress	`0x37000`
SizeOfRawData	`0x75000`
PointerToRawData	`0x37000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.36967`

Imports

KERNEL32.dll	`GetFileAttributesW` `GetVersionExW` `LocalFree` `FormatMessageW` `ExpandEnvironmentStringsW` `TerminateProcess` `GetCurrentThread` `InterlockedCompareExchange` `HeapFree` `GetProcessHeap` `HeapAlloc` `IsProcessorFeaturePresent` `VirtualFree` `VirtualAlloc` `HeapDestroy` `HeapReAlloc` `HeapSize` `GetVersionExA` `InterlockedExchange` `GetACP` `GetLocaleInfoA` `GetTickCount` `FreeLibrary` `TerminateThread` `GetExitCodeThread` `GetCurrentProcessId` `GetThreadLocale` `GetStartupInfoW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `CreateProcessW` `GetPrivateProfileIntW` `Sleep` `lstrcmpiW` `RaiseException` `GetPrivateProfileStringW` `GetModuleFileNameW` `MultiByteToWideChar` `lstrlenW` `GetCurrentProcess` `FlushInstructionCache` `FindResourceExW` `FindResourceW` `LoadResource` `LockResource` `SizeofResource` `LoadLibraryW` `GetProcAddress` `GetCommandLineW` `SetEvent` `InterlockedDecrement` `InterlockedIncrement` `GetLastError` `GetCurrentThreadId` `GetModuleHandleW` `WritePrivateProfileStringW` `OpenProcess` `DeleteCriticalSection` `InitializeCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `ResumeThread` `WaitForSingleObject` `CloseHandle` `CreateMutexW` `LoadLibraryA`
USER32.dll	`PostQuitMessage` `PostThreadMessageW` `PostMessageW` `GetWindowThreadProcessId` `UnregisterHotKey` `SendMessageW` `CharLowerBuffW` `CopyRect` `IsWindow` `SetTimer` `RegisterHotKey` `DestroyWindow` `GetWindowRect` `IsRectEmpty` `GetSystemMetrics` `UnregisterClassA` `DefWindowProcW` `GetWindowLongW` `CallWindowProcW` `SetWindowTextW` `KillTimer` `SetRect` `SetRectEmpty` `FindWindowW` `SubtractRect` `CharNextW` `DispatchMessageW` `TranslateMessage` `GetMessageW` `PeekMessageW` `IsWindowVisible` `GetClassLongW` `GetWindow` `GetAncestor` `RedrawWindow` `SetCapture` `GetParent` `IntersectRect` `GetDC` `TrackMouseEvent` `GetMessagePos` `GetSysColor` `GetCursor` `ReleaseDC` `InvalidateRect` `OffsetRect` `PtInRect` `UnionRect` `GetCursorPos` `LoadImageW` `ShowWindow` `GetClientRect` `MapWindowPoints` `SetWindowPos` `DestroyIcon` `UpdateWindow` `GetDesktopWindow` `MessageBoxW` `SetWindowLongW` `SystemParametersInfoW`
GDI32.dll	`LPtoDP` `DPtoLP` `SetWindowOrgEx` `GetStockObject` `GetObjectW` `Rectangle` `SetROP2` `CreateCompatibleBitmap` `GetClipBox` `CreateCompatibleDC` `SelectObject` `CreateDIBSection` `BitBlt` `DeleteObject` `SetBkColor` `ExtTextOutW` `CreateDCW` `GetDeviceCaps` `CreatePen` `DeleteDC`
ADVAPI32.dll	`RegCloseKey` `RegCreateKeyExW` `RegOpenKeyExW` `RegSetValueExW` `RegEnumKeyExW` `RegNotifyChangeKeyValue` `OpenThreadToken` `ImpersonateSelf` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `GetUserNameW` `RegDeleteKeyW`
SHELL32.dll	`SHGetSpecialFolderPathW` `SHGetFileInfoW` `ShellExecuteExW` `CommandLineToArgvW` `SHAppBarMessage`
ole32.dll	`CreateStreamOnHGlobal` `OleInitialize` `StringFromCLSID` `CoCreateInstance` `CoUninitialize` `CoInitialize` `CoTaskMemFree`
OLEAUT32.dll	`VarBstrCmp` `LoadRegTypeLib` `SysStringByteLen` `SysAllocStringByteLen` `VarUI4FromStr` `SysFreeString` `SysAllocString` `SysStringLen` `LoadTypeLib` `SysAllocStringLen`
ATL80.DLL	`#32` `#31` `#30` `#58` `#64`
SHLWAPI.dll	`SHSetValueW` `SHGetValueW` `SHDeleteValueW`
MSIMG32.dll	`AlphaBlend`
gdiplus.dll	`GdipGetImageEncodersSize` `GdipGetImageEncoders` `GdiplusStartup` `GdiplusShutdown` `GdipCreateBitmapFromHBITMAP` `GdipSaveImageToStream` `GdipSetClipRectI` `GdipCloneImage` `GdipGraphicsClear` `GdipSetSmoothingMode` `GdipReleaseDC` `GdipCreateFromHDC` `GdipCreateBitmapFromScan0` `GdipDisposeImage` `GdipDeleteGraphics` `GdipAlloc` `GdipFree`
MSVCP80.dll	`??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z` `?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z` `??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ`
dkcore.dll	`?RemoveIdleHandler@Message@Util@@YAXPAUIxIdleHandler@@@Z` `?AddIdleHandler@Message@Util@@YAHPAUIxIdleHandler@@@Z` `?StringToGuid@Com@Util@@YAJPB_WPAU_GUID@@@Z` `?TryDeleteFile@File@Util@@YAHPB_W@Z` `?RegisterCreateFunc@@YAJABU_GUID@@P6AJPAPAXPAUIUnknown@@@ZPAUHINSTANCE__@@HPBD@Z` `?NIntLogSet@Log@Util@@YAHXZ` `?SetOneTimer@Timer@Util@@YAJIPAUITimerCallback@@I@Z` `?GetCurrentWindowType@System@Util@@YA?AW4tagUtilWindowsType@@XZ` `?IsFileExist@File@Util@@YAHPA_W@Z` `?GetMD5@File@Util@@YAJPA_WPAPA_W@Z` `?RegisterService@@YAJABU_GUID@@P6AJPAPAXPAUIUnknown@@@ZPAUHINSTANCE__@@HPBD@Z` `?IsXp@System@Util@@YAHXZ` `?EraseTimerCallback@Timer@Util@@YAJPAUITimerCallback@@I@Z` `?GetMessageLoop@Message@Util@@YAXPAPAUIxMessageLoop@@@Z` `?GetWindowsVersionString@System@Util@@YAJPAPA_W@Z` `?GetFileVersion@File@Util@@YAHPA_WPAPA_WH@Z` `?SetMulTimer@Timer@Util@@YAJIPAUITimerCallback@@I@Z` `?Is64Bit_OS@System@Util@@YAHXZ` `?LaunchDefaultBrowser@System@Util@@YAXPA_W@Z` `?RegisterTypelib@@YAJABU_GUID@@PAUHINSTANCE__@@@Z` `?CreateInstanceFromClassFactory@@YAJABU_GUID@@PAPAXPAUIUnknown@@@Z` `?GetService@Service@Util@@YAJABU_GUID@@PAPAX@Z` `?__NTrace@@YAXPB_W0H0ZZ`
MSVCR80.dll	`wcsrchr` `_invalid_parameter_noinfo` `_wcsicmp` `wcsncpy_s` `wcscpy_s` `malloc` `_localtime64_s` `wcsftime` `??2@YAPAXI@Z` `memset` `_time64` `_purecall` `free` `_endthreadex` `_beginthreadex` `_recalloc` `??_V@YAXPAX@Z` `__CxxFrameHandler3` `memcpy_s` `vswprintf_s` `_vscwprintf` `_wcslwr_s` `wcschr` `memmove_s` `wcsstr` `??3@YAXPAX@Z` `_wfopen` `_snwprintf_s` `_wcsnicmp` `_except_handler4_common` `?terminate@@YAXXZ` `_unlock` `__dllonexit` `_encode_pointer` `_lock` `_onexit` `_decode_pointer` `_amsg_exit` `__wgetmainargs` `_cexit` `_exit` `_XcptFilter` `exit` `_wcmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `??1exception@std@@UAE@XZ` `??0exception@std@@QAE@XZ` `_resetstkoflw` `_CxxThrowException` `??0exception@std@@QAE@ABV01@@Z` `__set_app_type` `?_type_info_dtor_internal_method@type_info@@QAEXXZ` `_crt_debugger_hook` `_invoke_watson` `_controlfp_s` `fclose` `fwrite`
dkui.dll	`?GetElementById@UI@Util@@YAHPAUIxNode2@@PB_WPAPAU3@@Z` `?LayoutParent@UI@Util@@YAJPAUIxElement@@HH@Z` `?SetVisible@Style@Util@@YAJPAUIxElement@@H@Z` `?GetDocument@UI@Util@@YAJPAUIxElement@@PAPAUIxDocument@@@Z` `?GetRexBoxElement@UIEngine@Util@@YAJPA_WPAPAUIxNode@@@Z` `?Layout@UI@Util@@YAJPAUIxElement@@H@Z` `?ForceShowWindow@UI@Util@@YAJPAUHWND__@@H@Z`

Delayed Imports

203

Type	`EXE`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x66e48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.30406`
Detected Filetype	PE Executable
MD5	`c8b601973bc27b56741ed03552bed7e2`
SHA1	`370e756e92eb0ceb30281c19e680154d73a1107d`
SHA256	`8b102baba74ecd5f44cb6de6db9b780b0977d07fe17f3e5bafd92345ef4d6d85`
SHA3	`96a09f7131c19322cec712fe92cbf5cae906f9349598b1cbc5994ab380835579`

101

Type	`REGISTRY`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87856`
MD5	`35835968b04e1a086c133a769495c6d1`
SHA1	`212c3b490b8c37106f89c65c3a9b8146abe2dd0d`
SHA256	`43e6b63f0c7ef60113059627e328e5e9d13a727b6dafcaaf30656d8fae58037e`
SHA3	`68ad1403185357053dd7cc42b10cba252313cd1e29b6e223f729b5497bbeeb43`

1

Type	`TYPELIB`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x7020`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.68042`
MD5	`672042ee637e43d74fcaff82b40e1b7c`
SHA1	`d847f008b7895b44f2954171237c84a0cc17e538`
SHA256	`0f603f010f993a6c6702f223b144c0bff0dd5527f05b05ffdc9cc2cca27ec4ae`
SHA3	`7db6701f5e80a813998435198cc3836c22218c2d2aaa21e6e6210d86f034a575`

1 (#2)

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x122a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.66225`
Detected Filetype	PNG graphic file
MD5	`7ad44a18a5fdfb351c65bf03173b26df`
SHA1	`831796bd1dfc731799a72bf86a1d62c18f63e51e`
SHA256	`da47709764ff282726f2a299a97fff098f1ecb1ae75c9f3d3125f26373ac68cb`
SHA3	`d36008a6f83bacfad577e5aebecb6a058191fbc2455ccf43465af176bb61b614`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.08904`
MD5	`8b5bb7beb5e995fc31f6dfd0056521f1`
SHA1	`c00b0c90a72f006d9d11faa2bf48b0e4b8b081a7`
SHA256	`40a76b6021eedb53532291ec8e52402dd0985cd83c19aea4040a166dfdef6349`
SHA3	`9891d568245f0779dc63c32cf4b88d20439f0cd27caf847c279ea073378a51fd`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.36818`
MD5	`e2a6aa0759e1b39b2d80416f2d68ccf5`
SHA1	`1f6281520ba8c6014f33a85f55942a212a9b1d59`
SHA256	`ebea415ed25a4c7877f11488c9d38369bc52999296a5bd02efbb648255b5cd9d`
SHA3	`e10ff22f6e1d24963e1382d83823df7bd6859ab11b3287223a99920610b7c0fc`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50773`
MD5	`49fc7132775e414317ff4ded33b3b357`
SHA1	`fb91ed9a0e6e644a927d11ffd77826625b6d4926`
SHA256	`4aa85f76a98c67cf4902f6e702618a3104b24d726ff6261f13ddb64abb052619`
SHA3	`bf2f06a9943a92bab7e6ff20c5bdba2e74d4517d0f2623e402e756e8c58be91e`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.56601`
MD5	`603c71ca04a98c8fb766351c51bd582e`
SHA1	`e563c766f6c354d193a86a1edf94bd12ddd72ca4`
SHA256	`4f071bd8c1c158b9112d5c82b7a8a5c217e822abc2a4f1f940c8284028a578a1`
SHA3	`aafe5f7a93f561ca6c46e0f22c30c749e7df6187b9fcd9bc2c7415e1b6352db7`

7

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.07875`
MD5	`14330ef045aadd7eff54098402006f3f`
SHA1	`8afbd121084cde973310e4b60f63c5c9edaa1819`
SHA256	`0932ec8ea4e5a80b7d3cb61e25ef34972ff734ad640f1d70ea7524699d9acb08`
SHA3	`1f572f761beda826e89e26e7b991333747f7a932a3344d86b445ae5a01a60441`

100

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64638`
Detected Filetype	Icon file
MD5	`a1cad4e113223642968c2a6cf52dbd0f`
SHA1	`f0c81c79466ac1b4c33bc5de88d0bccd1205b459`
SHA256	`1a28b8445208fc42835ebb7174c0735006a1e3785854aec8d19b4ddd9a751b14`
SHA3	`f1e6f49f4efeede6910be2e9270705cc962bc3a62b23a571a3f631b86b86323d`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4d0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52374`
MD5	`cc289cb72c31a3606af7b3fa5d9780e0`
SHA1	`353211fe16b68ca09a5e803754b6e01c5cf072cf`
SHA256	`0dc7dc1cdb98bb79131205a3d61957b6405ebb2cd4e701a024e1c9e176ea0e56`
SHA3	`a93418a0636f319343aa0b3f1ba1d9e07a1d7cd0ede0a05f3fb5088c5db28d63`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19282`
MD5	`d8005cbbac04bc358736879c36f17c40`
SHA1	`7d2f2904d4ed076f4053b04d945697352a4a17f8`
SHA256	`53fee3d93b55a4d22024c0c502b9344b0331f6dddbf717bfd3c2de72b7844d52`
SHA3	`312995a7e00cd47e2e478adef7b5370eac739f055e60c2a1e028575c0f4b22fb`

String Table contents

dkmain

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.10.174.6418
ProductVersion	3.10.174.6418
FileFlags	`VS_FF_PRIVATEBUILD` `VS_FF_SPECIALBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
Comments	If you have any questions or suggestions, please feel free to contact www.desktopcal.com.
CompanyName	Beijing Xiaowei Cloud Inc.
FileDescription	CalendarTask
FileVersion (#2)	3.10.174.6418
InternalName	destkopcalx.exe
LegalCopyright	Copyright (C) 2024 Beijing Xiaowei Cloud Inc. All rights reserved.
LegalTrademarks	CalendarTask
OriginalFilename	destkopcalx.exe
PrivateBuild	3.0
ProductName	desktopcalx Module
ProductVersion (#2)	3.10.174.6418
SpecialBuild	3.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Jan-31 04:16:58
Version	`0.0`
SizeofData	`88`
AddressOfRawData	`0x27730`
PointerToRawData	`0x27730`
Referenced File	D:\code\pc\deskcalcode\deskcal3\output\bin32\pdb\desktopcal.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x43627c`
SEHandlerTable	`0x42b950`
SEHandlerCount	`180`

RICH Header

XOR Key	`0x54e06111`
Unmarked objects	`0`
126 (50327)	`1`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`3`
C objects (VS2012 build 50727 / VS2005 build 50727)	`21`
C++ objects (VS2003 (.NET) build 4035)	`1`
Imports (VS2012 build 50727 / VS2005 build 50727)	`10`
C objects (VS2003 (.NET) build 4035)	`6`
Imports (VS2003 (.NET) build 4035)	`21`
Total imports	`347`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`33`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

Errors

[*] Warning: [plugin_authenticode] Hashing algorithm 1.2.840.1015.13.2.5 is not supported.