4607a985db23c3b67eb56c6581f4be10

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-May-25 08:59:35
Detected languages Chinese - PRC
English - United States
Debug artifacts D:\Jenkins\.jenkins\workspace\master_lu\diagnosetools\tcp_connecter\Release\Diagnose.pdb
FileDescription 问题验证
FileVersion 5.1022.1005.520
InternalName Diagnose.tpi
LegalCopyright 版权所有(C)2008-2022
OriginalFilename Diagnose.tpi
ProductName 问题验证
ProductVersion 5.1022.1005.520

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • taskmgr.exe
 Contains domain names:
  • diagnosis.ludashi.com
  • http://s.ludashi.com
  • http://s.ludashi.com/url2?pid
  • https://diagnosis.ludashi.com
  • https://diagnosis.ludashi.com/api/ws/connection
  • ludashi.com
  • openssl.org
  • s.ludashi.com
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to Blowfish
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryExA
  • LoadLibraryW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
 Can access the registry:
  • RegOpenKeyExA
  • RegEnumKeyExA
  • RegSetValueExW
  • RegQueryInfoKeyW
  • RegOpenKeyExW
  • RegEnumKeyExW
  • RegDeleteValueW
  • RegDeleteKeyW
  • RegCreateKeyExW
  • RegCloseKey
  • RegQueryValueExW
  • RegQueryValueExA
  • SHGetValueA
 Has Internet access capabilities:
  • URLDownloadToFileW
  • URLDownloadToCacheFileW
  • InternetGetConnectedState
 Functions related to the privilege level:
  • OpenProcessToken
Info The PE is digitally signed. Signer: Chengdu Qilu Technology Co. Ltd.
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 4607a985db23c3b67eb56c6581f4be10
SHA1 3649b74b06a908d767c2541ff86533a33c40e57f
SHA256 d0b44cea6d61d825a76f3b93ffbb50237e02e17401cd822b0839efcdb78795db
SHA3 384a9c52a7a3d46e080a0cd14f1680c3b6a301e46b645cd52d61086efdd7fde4
SSDeep 12288:8FUTGhKrIt9GLgSCDHbxoe5X9MupAxBWwIngVHgWUh:82y59KWowtMUArWwdVnUh
Imports Hash d1524de5df4de5ed9cbd6c84077ed9d7

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x130

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2022-May-25 08:59:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x5f000
SizeOfInitializedData 0x2b400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000148AD (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x60000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x8d000
SizeOfHeaders 0x400
Checksum 0x92d13
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b74bbbb38a5fcae8a67a763d6a97108d
SHA1 3f589df9384db2a1ef660007c4b80a3ff50724a9
SHA256 09093376ce4156b07aae576a90849e47108e6527c87f14ddeb860230a6332ef4
SHA3 a6052ae1d529e3888bf571cef58db53883f23cdf34bfb1010a9f2c38ac192032
VirtualSize 0x5ee5c
VirtualAddress 0x1000
SizeOfRawData 0x5f000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.62925

.rdata

MD5 2f37ebfab0203a616a4d7fcb7d7d0658
SHA1 b90a06d8987e8386f5831a8e5df7520db603a396
SHA256 0a12c2550864dec640793a2e31cecd118e556cf16e68791cae5113442c19c5b2
SHA3 ab0b7af61f5a509431b75fc63696bfd44f61aa8de5b522b41a20b58a705f0356
VirtualSize 0x21668
VirtualAddress 0x60000
SizeOfRawData 0x21800
PointerToRawData 0x5f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.0081

.data

MD5 d12b98d91322b5312eed1baf4fda49c1
SHA1 d41d28142b675561edb9c201547c4df013456042
SHA256 bbdf3e2f226a0f4202c23083ffde984734662d4403c53bb8d98551d5ef128a22
SHA3 add4c032ee0785f5a27af4b79b582ba3785f696277c781972cfd6ecf912531b6
VirtualSize 0x4948
VirtualAddress 0x82000
SizeOfRawData 0x3000
PointerToRawData 0x80c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.0584

.rsrc

MD5 cd5f720c916781e4e14c9d02f6dfd5e2
SHA1 fd235949f7968c12d55d0973f2959e1997743a43
SHA256 7d276e04a13b5a50bf67a1daf4138fe6863cab01626327dd90420a88d3736eec
SHA3 f6a46d636d4156373ace372dfcdc7e29867bead24bc7fb7d82330d8c9c3e20e4
VirtualSize 0x4a8
VirtualAddress 0x87000
SizeOfRawData 0x600
PointerToRawData 0x83c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.68495

.reloc

MD5 d8d516832a3c6b958c2a091cbe0684f4
SHA1 946d9cca13e2d5879328de2e0b58fe78a56f4e32
SHA256 f76f59d4229467182edee55034d752e1a35cf4053691b72a56130c9bf59ced77
SHA3 0db83f6add871052c5ae471d31148f28867d9c8dcb374c2bd6883974a58c424a
VirtualSize 0x4b44
VirtualAddress 0x88000
SizeOfRawData 0x4c00
PointerToRawData 0x84200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.60095

Imports

KERNEL32.dll lstrcmpiW
CreateEventW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
DeleteFileW
CreateMutexW
GetPrivateProfileIntW
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetCurrentThreadId
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
FindResourceExW
FindResourceW
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
CloseHandle
SizeofResource
LoadResource
WaitForSingleObject
GetExitCodeProcess
LockResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetSystemWindowsDirectoryW
FreeResource
Sleep
InterlockedCompareExchange
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
EnumSystemLocalesW
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetUserDefaultLCID
IsValidLocale
GetStdHandle
HeapDestroy
DecodePointer
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
FormatMessageW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryW
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFileSizeEx
ReadFile
CreateFileW
LocalFree
ReleaseMutex
WriteFile
FlushFileBuffers
WaitForMultipleObjects
FindClose
FindNextFileA
RtlUnwind
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetFileType
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
USER32.dll CallWindowProcW
wsprintfW
DefWindowProcW
LoadCursorW
SetWindowLongW
CharNextW
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassW
SetTimer
GetWindowLongW
PostQuitMessage
ADVAPI32.dll RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
SHELL32.dll ShellExecuteExW
SHCreateDirectoryExW
ole32.dll CoTaskMemFree
CoCreateGuid
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OLEAUT32.dll VarUI4FromStr
SHLWAPI.dll PathAppendW
PathFileExistsW
PathIsDirectoryW
PathCombineW
PathRemoveFileSpecW
StrStrIW
StrStrIA
StrCmpIW
StrCmpNIW
StrTrimA
SHSetValueA
SHGetValueA
urlmon.dll URLDownloadToFileW
URLDownloadToCacheFileW
VERSION.dll GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
CRYPT32.dll CertGetNameStringW
WINTRUST.dll WinVerifyTrust
WTHelperProvDataFromStateData
WININET.dll InternetGetConnectedState
IPHLPAPI.DLL GetAdaptersInfo

Delayed Imports

CreateTrayClient

Ordinal 1
Address 0x2920

1

Type RT_VERSION
Language Chinese - PRC
Codepage UNKNOWN
Size 0x288
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.64005
MD5 ca08a6b63109292589f80889534d8f0a
SHA1 d14224603dbf8f57de977219fe31f79c89c99adb
SHA256 111d0500c697f53f313bc1aa60ac93e90c43b57f2347d83f181c5f3de1640121
SHA3 cec8ddabe36a8feda88301accac413f62fcb6ba9e131a503411a3cdef7c8c574

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.1022.1005.520
ProductVersion 5.1022.1005.520
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language Chinese - PRC
FileDescription 问题验证
FileVersion (#2) 5.1022.1005.520
InternalName Diagnose.tpi
LegalCopyright 版权所有(C)2008-2022
OriginalFilename Diagnose.tpi
ProductName 问题验证
ProductVersion (#2) 5.1022.1005.520
Resource LangID Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2022-May-25 08:59:35
Version 0.0
SizeofData 113
AddressOfRawData 0x7ba3c
PointerToRawData 0x7ae3c
Referenced File D:\Jenkins\.jenkins\workspace\master_lu\diagnosetools\tcp_connecter\Release\Diagnose.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2022-May-25 08:59:35
Version 0.0
SizeofData 20
AddressOfRawData 0x7bab0
PointerToRawData 0x7aeb0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-May-25 08:59:35
Version 0.0
SizeofData 924
AddressOfRawData 0x7bac4
PointerToRawData 0x7aec4

TLS Callbacks

StartAddressOfRawData 0x1007be70
EndAddressOfRawData 0x1007be78
AddressOfIndex 0x10086934
AddressOfCallbacks 0x100603ac
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0xa0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x10082188
SEHandlerTable 0x1007b6c0
SEHandlerCount 223

RICH Header

XOR Key 0x75fc9e51
Unmarked objects 0
C objects (LTCG) (VS2017 v15.9.12-13 compiler 27031) 2
Unmarked objects (#2) 1
C++ objects (VS2017 v15.7.5 compiler 26433) 10
241 (40116) 17
243 (40116) 159
242 (40116) 30
C++ objects (VS2017 v15.9.14-15 compiler 27032) 6
ASM objects (VS 2015/2017 runtime 26706) 25
C objects (VS 2015/2017 runtime 26706) 33
C++ objects (VS 2015/2017 runtime 26706) 64
C objects (VS2008 SP1 build 30729) 2
Imports (VS2008 SP1 build 30729) 27
Total imports 239
C++ objects (VS2017 v15.9.12-13 compiler 27031) 29
Exports (VS2017 v15.9.12-13 compiler 27031) 1
Resource objects (VS2017 v15.9.12-13 compiler 27031) 1
151 1
Linker (VS2017 v15.9.12-13 compiler 27031) 1

Errors

<-- -->