Manalyze report for a055248d33d015340d79c89e590a9118a260608906ac0771b08ecc327231de83

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Aug-18 07:42:51
Detected languages	Chinese - PRC English - United States
Debug artifacts	H:\rc_i18n_new_funnel_branch\Build\Release\WPSOffice\office6\addons\konlinesetup_xa\konlinesetup_xa.pdb
CompanyName	Zhuhai Kingsoft Office Software Co.,Ltd
FileDescription	WPS Office Setup
FileVersion	`12,2,0,21567`
InternalName	konlinesetup_xa
LegalCopyright	Copyright©2025 Kingsoft Corporation. All rights reserved.
OriginalFilename	konlinesetup_xa.exe
ProductName	WPS Office
ProductVersion	`12,2,0,21567`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: sc.exe` `Looks for VMWare presence: 00-50-56` `May have dropper capabilities: CurrentControlSet\Services` `Accesses the WMI: ROOT\CIMV2` Contains domain names: analytics.com api-wps-param-us-test.4wps.net api.wps.com cache.wpscdn.com clients2.google.com collect-debug.ksord.com debug.ksord.com dw-collect-debug.ksord.com dw-online.ksosoft.com en.ksupdate.com event.4wps.net event.wps.com example.com google-analytics.com google.com http://dw-collect-debug.ksord.com http://dw-online.ksosoft.com http://dw-online.ksosoft.com/api/dynamicParam/v3/app/ http://en.ksupdate.com http://en.ksupdate.com/errorreport/up http://event.4wps.net http://ic.wps.cn http://ic.wps.cn/wpsv6internet/infos.ads?v https://api-wps-param-us-test.4wps.net https://api-wps-param-us-test.4wps.net/api/map/online_params/onlinesetup_config/onlineParam https://api-wps-param-us-test.4wps.net/api/map/online_params/onlinesetup_config/onlineParamByFunc?funcName https://api.wps.com https://api.wps.com/utils/geo/me https://clients2.google.com https://clients2.google.com/service/update2/crx https://curl.se https://en.ksupdate.com https://en.ksupdate.com/errorreport/up https://event.wps.com https://params.wps.com https://params.wps.com/api/map/online_params/onlinesetup_config/onlineParam https://params.wps.com/api/map/online_params/onlinesetup_config/onlineParamByFunc?funcName https://s.wps.com https://wdl1.pcfg.cache.wpscdn.com https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/distsrc/ https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/package/ https://website-prod.cache.wpscdn.com https://website-prod.cache.wpscdn.com/pkgs/win/setup_XA_mui_Free.exe https://www.google-analytics.com https://www.google-analytics.com/mp/collect https://www.wps.com https://www.wps.com/eula https://www.wps.com/privacy-policy ic.wps.cn ksord.com ksosoft.com ksupdate.com online.ksosoft.com openssl.org param-us-test.4wps.net params.wps.com pcfg.cache.wpscdn.com prod.cache.wpscdn.com s.wps.com test.4wps.net us-test.4wps.net wdl1.pcfg.cache.wpscdn.com website-prod.cache.wpscdn.com wps-param-us-test.4wps.net wpscdn.com www.google-analytics.com www.wps.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryA LoadLibraryExA LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: SHGetValueW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW CreateFileA GetTempPathA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess Process32FirstW Process32NextW`
Info	The PE is digitally signed.	`Signer: Zhuhai Kingsoft Office Software Co.` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	VirusTotal score: 2/72 (Scanned on 2025-08-19 07:11:57)	`AhnLab-V3: Malware/Win.Generic.C5732464` `ESET-NOD32: a variant of Win32/KingSoft.Z potentially unwanted`

Hashes

MD5	`45de20abf4cb7e5c82a5b9599d8fa074`
SHA1	`53f82e0cd16684985ebd84ade8ea1d7d444ec08c`
SHA256	`a055248d33d015340d79c89e590a9118a260608906ac0771b08ecc327231de83`
SHA3	`adb17b24ab13439d0709fa23fedc88a7e3d8baa45a0fa7f5582835295a4cad82`
SSDeep	`98304:6WJLSU6ZVUdnkurXJ1m2CJQvGPeuTxp6vTV1IWdsBOI+jQ/3pM:ZmU6ZVwPrnYJTxpads5+o3pM`
Imports Hash	`419e6f1e38e20154920b594390392cca`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Aug-18 07:42:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x408200`
SizeOfInitializedData	`0x17c000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002B9D57 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x40a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x58f000`
SizeOfHeaders	`0x400`
Checksum	`0x58e8b6`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`87a1788dfab90064e6f16a9ee3904722`
SHA1	`3ca4636a665c1ad5a3051eab1311da774bb3bd2c`
SHA256	`2905d75e7ccd17656fe04ad1b594f68fc42bc9efb0c2860888deade8487ec279`
SHA3	`cc50a91dd46a3515ff7697ac8afc86b4304aaf3aeca3dcb3a34a4ad5fbe21a24`
VirtualSize	`0x4081a6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x408200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.72113`

.rdata

MD5	`2b36d124a2bb878b24fd77e9c5548119`
SHA1	`abbaebd852ecbddac885bacf8fdeb98783dac203`
SHA256	`d00cf7c6dfbbb8c2d267e34b43cfd928ee6ebf8687fd26d3d493386a5e4c8853`
SHA3	`84e643289b4ee77cee243dee24d963d6869bf69ff53968bf3214a7c761640c16`
VirtualSize	`0xd2e64`
VirtualAddress	`0x40a000`
SizeOfRawData	`0xd3000`
PointerToRawData	`0x408600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.909`

.data

MD5	`d558082d5a02366674174e6420a3d1f9`
SHA1	`108536c42e3148cbd9e39672dfa820027fbe972a`
SHA256	`52c8237ad9bdf46314b99021a139c87eb6eca86750792920147c182c938d3e61`
SHA3	`e7a9799a825a2da7b4fe76d1c3334cec3d9fecb6251a84b2dfe480de90d488e7`
VirtualSize	`0x15384`
VirtualAddress	`0x4dd000`
SizeOfRawData	`0xe200`
PointerToRawData	`0x4db600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.80795`

.rsrc

MD5	`25bdb6d424f9954090153b26660d5c7f`
SHA1	`93c4aff0cabdf22d5a9e2f81ba6156a7b8a8fb1b`
SHA256	`c9d22138d44952bd9ddd300bc81935dab2e11be81106613fc921906999531ad4`
SHA3	`8492b2035e67cea63a87c7aad1d9df1d51ec0439ceffa9de4cc50b4876b2fe34`
VirtualSize	`0x6fbec`
VirtualAddress	`0x4f3000`
SizeOfRawData	`0x6fc00`
PointerToRawData	`0x4e9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.35046`

.reloc

MD5	`862b681cdb3ec088632ffdbf93ecb7d3`
SHA1	`16b891cf50c3b793b9a9beed348746bb0a190716`
SHA256	`9b0fcd61a25155bf4c40a043444d5f01578ac8114c99969ba70dfa3fd5e9114e`
SHA3	`d1a2d4b0f88d0029f9fb8c8e9a05773a4acb8db92ccc9d4f574ef4c118b1fa58`
VirtualSize	`0x2b0e4`
VirtualAddress	`0x563000`
SizeOfRawData	`0x2b200`
PointerToRawData	`0x559400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61363`

Imports

KERNEL32.dll	`GetCommandLineW` `SetEnvironmentVariableW` `SetUnhandledExceptionFilter` `HeapDestroy` `HeapAlloc` `HeapReAlloc` `HeapFree` `HeapSize` `GetProcessHeap` `FindResourceExW` `LoadResource` `LockResource` `SizeofResource` `FindResourceW` `CloseHandle` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `WaitForSingleObject` `Sleep` `GetTickCount` `GetModuleHandleW` `VerSetConditionMask` `ExpandEnvironmentStringsA` `CreateDirectoryW` `DeleteFileW` `GetDiskFreeSpaceExW` `GetDriveTypeW` `GetShortPathNameW` `GetTempFileNameW` `GetTempPathW` `OutputDebugStringA` `GetLastError` `SetLastError` `CreateMutexW` `OpenMutexW` `TerminateProcess` `GetExitCodeProcess` `OpenProcess` `GetSystemTime` `GetVersionExW` `GetModuleFileNameW` `GetModuleHandleA` `GetModuleHandleExW` `GetProcAddress` `VerifyVersionInfoW` `GetDateFormatW` `GetTimeFormatW` `MultiByteToWideChar` `WideCharToMultiByte` `GetLocaleInfoW` `GetGeoInfoW` `GetUserGeoID` `GetUserDefaultUILanguage` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `GetCurrentProcessId` `GetSystemDirectoryW` `GetSystemWow64DirectoryW` `FreeLibrary` `LoadLibraryW` `GetSystemPowerStatus` `GetSystemDefaultLCID` `GetUserDefaultLCID` `GetCurrentProcess` `GetCurrentThread` `LocalFree` `CreateFileW` `GetFileAttributesW` `GetFileSizeEx` `ReadFile` `GetCurrentThreadId` `GetProcessId` `GetFileInformationByHandle` `GetFileSize` `SetFilePointer` `WriteFile` `GetLocalTime` `CreateFileMappingW` `MapViewOfFile` `UnmapViewOfFile` `FileTimeToSystemTime` `SystemTimeToFileTime` `VirtualAlloc` `VirtualFree` `ExitProcess` `FreeResource` `lstrcpyW` `DecodePointer` `RaiseException` `InitializeCriticalSectionAndSpinCount` `CreateFileA` `DeviceIoControl` `CreateThread` `lstrlenW` `GetPrivateProfileStringW` `ExpandEnvironmentStringsW` `ProcessIdToSessionId` `GetEnvironmentVariableW` `CreateProcessW` `GetPrivateProfileIntW` `GetLongPathNameW` `GetFileAttributesExW` `SetEvent` `ResetEvent` `ReleaseSemaphore` `CreateEventW` `CreateSemaphoreW` `SystemTimeToTzSpecificLocalTime` `ReleaseMutex` `WaitForMultipleObjects` `VirtualQuery` `OpenFileMappingW` `GetStdHandle` `GetFileType` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `SwitchToFiber` `DeleteFiber` `CreateFiber` `FormatMessageW` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `ConvertFiberToThread` `ConvertThreadToFiber` `LoadLibraryA` `FindClose` `FindFirstFileW` `FindNextFileW` `GetConsoleMode` `SetConsoleMode` `ReadConsoleA` `ReadConsoleW` `QueryPerformanceFrequency` `GetSystemDirectoryA` `SleepEx` `GetFullPathNameW` `MoveFileExA` `GetEnvironmentVariableA` `CompareFileTime` `PeekNamedPipe` `GetVersionExA` `GetWindowsDirectoryA` `GetACP` `GetCurrentDirectoryW` `MulDiv` `GlobalAlloc` `GlobalUnlock` `GlobalLock` `SetFileTime` `DuplicateHandle` `DosDateTimeToFileTime` `GetDiskFreeSpaceW` `GetSystemInfo` `VirtualProtect` `LoadLibraryExA` `IsDebuggerPresent` `OutputDebugStringW` `FormatMessageA` `GetStringTypeW` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `InitializeCriticalSectionEx` `TryEnterCriticalSection` `FindFirstFileExW` `SetEndOfFile` `SetFilePointerEx` `AreFileApisANSI` `MoveFileExW` `GetLocaleInfoEx` `EncodePointer` `LCMapStringEx` `CompareStringEx` `GetCPInfo` `WaitForSingleObjectEx` `InitializeSListHead` `UnhandledExceptionFilter` `IsProcessorFeaturePresent` `GetStartupInfoW` `RtlUnwind` `InterlockedPushEntrySList` `LoadLibraryExW` `GetCommandLineA` `ExitThread` `FreeLibraryAndExitThread` `SetConsoleCtrlHandler` `GetConsoleCP` `CompareStringW` `LCMapStringW` `IsValidLocale` `EnumSystemLocalesW` `FlushFileBuffers` `SetStdHandle` `GetTimeZoneInformation` `IsValidCodePage` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `WriteConsoleW` `LockFileEx` `UnlockFile` `HeapCompact` `DeleteFileA` `FlushViewOfFile` `GetFileAttributesA` `GetDiskFreeSpaceA` `GetTempPathA` `HeapValidate` `UnlockFileEx` `GetFullPathNameA` `LockFile` `HeapCreate`
SHLWAPI.dll (delay-loaded)	`PathRemoveFileSpecW` `PathFileExistsW` `SHSetValueW` `PathFindFileNameW` `SHGetValueW` `PathFindExtensionW` `PathIsURLW` `PathQuoteSpacesW` `UrlIsOpaqueW` `UrlIsW` `PathIsPrefixW` `PathIsRelativeW` `PathUnquoteSpacesW` `PathCanonicalizeW`

Delayed Imports

Attributes	`0x1`
Name	`SHLWAPI.dll`
ModuleHandle	`0x4ece0c`
DelayImportAddressTable	`0x4eac5c`
DelayImportNameTable	`0x4d99ec`
BoundDelayImportTable	`0x4db514`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

101

Type	`ZIPRES`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x404d3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98356`
Detected Filetype	Zip Compressed Archive
MD5	`ab6b89ad2696ec62615663e8198554f9`
SHA1	`e641a3ea3095e9ce717155b0ed2ad57579e57a21`
SHA256	`3f7fe9fc3694a89aa718bcee32140f61e640a9a55b1a93ea7d276204773f1173`
SHA3	`fbea2f001c403781cf3ca66d1e5fc1a4277d3f676e5ebdb24bb6a6a709ea8897`

103

Type	`ZIPRES`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x5904`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92952`
Detected Filetype	Zip Compressed Archive
MD5	`0fab94ab104df10906ed4e5996a28857`
SHA1	`dcd0b0698c4a267b51a337b2bfe6908140c3db94`
SHA256	`71fb6a7559fb58c628b81deb5ea654a7cca7fe50161b901d88cb75459d5109fb`
SHA3	`b739db6debe2d7f7bb47d2268a6c97c7b9f1a8e0da09bad442828826f70588a7`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x6b72`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97056`
Detected Filetype	PNG graphic file
MD5	`d0f0f96c9cb4f684fa89abcccf1fff70`
SHA1	`9494e872c31389ee76f942fa1fe949f1f1bcc482`
SHA256	`e377b072e30c60c4bccb5a0a1d9273f7d3aaad9bce26e95586ebaaf1fa4ce08b`
SHA3	`042ccfb36086e2857edbe95a2eaf9338ca10c27c400ab2c92b68fc140c9caf8b`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16635`
MD5	`4bb36999a3b78bc63124a7dbbfdc60b1`
SHA1	`f63e1e68092ff704aed842b75d764da144cf691c`
SHA256	`fe87fcd18123a06782f265649e6223bd9fb45d8978632fa14010ae3c47d4eb50`
SHA3	`eeb1015f33b414b502e72ede167f002ce5845521112c666363c5dc72805c3862`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21424`
MD5	`354ae9d22be3f6ed82f3ca8428085f83`
SHA1	`e49ad9c77dd24a7cbdc1370d936d476fc2dc9af0`
SHA256	`c9d1d7b726669ca3a51f8546761c1ecd0ded31aec5da65ac75dfd87c44d1a847`
SHA3	`2b105ab57c80b8ca4264eb58086a3d14421e48abbd6dac19f98c4423d4aa29d9`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.43466`
MD5	`895841b5ab29483ef79baccaaf34e7dc`
SHA1	`c0b19e813133046f233f02bba489f616f3188bb7`
SHA256	`864d7b886b3801d8aa1e9c6dcc6c1be6ed71f124e45c79bbeb2a4615bab02588`
SHA3	`b37e85eb34f8c9930f4069e94a1521a35f7c08626976fe6ba2f354ca6f3cf47f`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46225`
MD5	`94fbe6298bc869f2bc33b97dfb099168`
SHA1	`30d5781aba6948ef227cea8e86b8cda7b9c67d9c`
SHA256	`6b5287e80044e835ae798b122e4667ac4e91458c14b0d438476d6ff3f609304f`
SHA3	`9572b08e83c19ebba828ee5a6833c178666513fc17b0bc9ec7ee5cef8081ff3e`

6

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70335`
MD5	`758b0d71922362c21b79298f3750c702`
SHA1	`0a34816fbf7e467c670afd8698063b6418a02195`
SHA256	`860e71b3ab6350af27ad861187ab1e7235071cdb8f46b25b98fcd09c3f6327ca`
SHA3	`5e07a206e92caae8ddf96390fc7bacdb6a0224e7603c390b8992738f925fafda`

7

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83778`
MD5	`60c17da58947127387aa55343d243e35`
SHA1	`e0d311bd8bfa52f28b5ce5d351f4ffdc9fb1db9b`
SHA256	`55c96ea7b6d2ec26e72c33b5a45adc47b7800f96f4b1ec0e3c066f79ac98ca4f`
SHA3	`be7883472b03e7813f955fe498169898a57a2bda99aae58542dd2657b6933709`

8

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23684`
MD5	`5ff52e7734c90d969f3debb0e2812898`
SHA1	`b4a6ad23838ff07adf686ab5a9d82133a300b7db`
SHA256	`af5d25f7c46757ed016cc9bddf828bcd2cbba5da4dbb5b396f0837f72137670c`
SHA3	`8ef78ac238e71b5d40682adda3a28741246e335279411a649c807f630d494e37`

1 (#2)

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x78`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84313`
MD5	`b8813676a4484cfebb547868e52121d0`
SHA1	`86885aca0a4b70fa5d22533f181852e5a25959fc`
SHA256	`c50cc87d1854a5759d197b569431820928b8cfcb043d6ad1312cdb704609a0e1`
SHA3	`413052f478000d4b86eff13dca8aa8d89a2db0f9c8b1fb4cef795d1d0cabf643`

102

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97321`
Detected Filetype	Icon file
MD5	`39682e92762ed7bafa1384e40e68818e`
SHA1	`492951ff5aa25157f80c9a76ee0f90fef776e998`
SHA256	`ebb87d7d26290d022559462f3b8d9ff0565422cb126d56cbd35dbbe4fbb481a6`
SHA3	`31029efe4273ce62e7af0c785c3151bbb9d9851e215925f83753795d8b4cf71b`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x38c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50641`
MD5	`78e1177d07ec525b21151fb65269ef2b`
SHA1	`4922f7f17ff0d25561346a305972442e237e5215`
SHA256	`c092f132cd13c07e9739fc34f9616757fd0e3d50491642b41cd872f371cdeeb9`
SHA3	`090fb872080b059d0340eebeeb24ce9b3451450d28db2ecf65e8276bcb526a54`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x79c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12656`
MD5	`846438a58cb09f43c6958f48e8e50f0b`
SHA1	`a8758b29a709fee3fce625df10f4dae3439c8cf9`
SHA256	`80570a460131ad39055163823b5609f9e1e74569e556db234aca2d773379ff8f`
SHA3	`244e2cf89cdab26da22b849aba4f43f2be5e2358e25e866986d4a09899ed24b5`

String Table contents

601.1135
TRUE
601.1135
Exchange
-notautostartwps

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	12.2.0.21567
ProductVersion	12.2.0.21567
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	UNKNOWN
CompanyName	Zhuhai Kingsoft Office Software Co.,Ltd
FileDescription	WPS Office Setup
FileVersion (#2)	12,2,0,21567
InternalName	konlinesetup_xa
LegalCopyright	Copyright©2025 Kingsoft Corporation. All rights reserved.
OriginalFilename	konlinesetup_xa.exe
ProductName	WPS Office
ProductVersion (#2)	12,2,0,21567

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Aug-18 07:42:51
Version	`0.0`
SizeofData	`128`
AddressOfRawData	`0x4c3e14`
PointerToRawData	`0x4c2414`
Referenced File	H:\rc_i18n_new_funnel_branch\Build\Release\WPSOffice\office6\addons\konlinesetup_xa\konlinesetup_xa.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Aug-18 07:42:51
Version	`0.0`
SizeofData	`1076`
AddressOfRawData	`0x4c3e94`
PointerToRawData	`0x4c2494`

TLS Callbacks

StartAddressOfRawData	`0x8c42d8`
EndAddressOfRawData	`0x8c42e0`
AddressOfIndex	`0x8f1354`
AddressOfCallbacks	`0x80a470`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x8dec54`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xb13197f7`
Unmarked objects	`0`
ASM objects (VS2017 v14.15 compiler 26715)	`25`
C++ objects (VS2017 v14.15 compiler 26715)	`215`
253 (28518)	`14`
C objects (30034)	`19`
ASM objects (30034)	`26`
C++ objects (30034)	`104`
C objects (VS2017 v14.15 compiler 26715)	`31`
Imports (VS2017 v14.15 compiler 26715)	`3`
Unmarked objects (#2)	`21`
C objects (30154)	`728`
C objects (CVTCIL) (VS2017 v14.15 compiler 26715)	`2`
C++ objects (CVTCIL) (VS2017 v14.15 compiler 26715)	`2`
Total imports	`655`
C++ objects (30154)	`164`
Resource objects (30154)	`1`
151	`2`
Linker (30154)	`1`

Errors

Leave a comment

No comments yet.