Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-May-14 18:40:26 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
f:\MyProject\MyProgram\bdhscheck\src\c\WinFwTest\Release\蓝盾NSA免疫加固工具.pdb
|
CompanyName | 蓝盾技术 |
FileDescription | 蓝盾技术 |
FileVersion | 1.0.0.1 |
InternalName | 蓝盾NSA免疫加固工具.exe |
LegalCopyright | 蓝盾技术 All rights reserved. |
OriginalFilename | 蓝盾NSA免疫加固工具.exe |
ProductName | 蓝盾NSA免疫加固工具 |
ProductVersion | 1.0.0.1 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: \xE8\x93\x9D\xE7\x9B\xBE\xE4\xBF\xA1\xE6\x81\xAF\xE5\xAE\x89\xE5\x85\xA8\xE6\x8A\x80\xE6\x9C\xAF\xE8\x82\xA1\xE4\xBB\xBD\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8
Issuer: VeriSign Class 3 Code Signing 2010 CA |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2017-May-14 18:40:26 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x123c00 |
SizeOfInitializedData | 0xa1800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0002C1A0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x125000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1ce000 |
SizeOfHeaders | 0x400 |
Checksum | 0x1d2f60 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetProcessHeap
CompareStringW WriteConsoleW GetConsoleOutputCP WriteConsoleA SetStdHandle LCMapStringW LCMapStringA GetConsoleMode GetConsoleCP GetTimeZoneInformation GetStringTypeW GetStringTypeA InitializeCriticalSectionAndSpinCount GetSystemTimeAsFileTime QueryPerformanceCounter VirtualFree HeapCreate GetFileType SetHandleCount GetEnvironmentStringsW FreeEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsA GetStdHandle IsValidCodePage GetACP IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter TerminateProcess HeapSize CreateThread ExitProcess HeapReAlloc VirtualQuery GetSystemInfo VirtualAlloc lstrcpynA GetExitCodeThread TerminateThread ResetEvent EnumResourceTypesA EnumResourceNamesA VirtualProtect RaiseException RtlUnwind HeapFree HeapAlloc GetCommandLineA GetFileTime GetFileSizeEx GetFileAttributesA FileTimeToLocalFileTime GetTickCount SetErrorMode CreateFileA GetFullPathNameA GetVolumeInformationA FindFirstFileA FindClose GetCurrentProcess DuplicateHandle GetFileSize SetEndOfFile UnlockFile LockFile FlushFileBuffers SetFilePointer WriteFile ReadFile lstrcmpiA GetCurrentDirectoryA GetOEMCP GetCPInfo FileTimeToSystemTime GetThreadLocale TlsFree DeleteCriticalSection LocalReAlloc TlsSetValue TlsAlloc InitializeCriticalSection GlobalHandle GlobalReAlloc EnterCriticalSection TlsGetValue LeaveCriticalSection InterlockedIncrement GetModuleHandleW GlobalFlags InterlockedDecrement GetModuleFileNameW CreateEventA SetEvent WaitForSingleObject ResumeThread SetThreadPriority WritePrivateProfileStringA GetCurrentThread ConvertDefaultLocale EnumResourceLanguagesA GetLocaleInfoA InterlockedExchange lstrcmpA GetCurrentThreadId GlobalGetAtomNameA GlobalAddAtomA GlobalFindAtomA GlobalDeleteAtom CompareStringA lstrcmpW GlobalAlloc FormatMessageA MultiByteToWideChar LoadLibraryA lstrlenA GetCurrentProcessId GetModuleFileNameA GetModuleHandleA SetLastError GlobalLock GlobalUnlock GlobalFree FreeResource GetSystemDirectoryA GetVersionExA GetExitCodeProcess CreateProcessA GetStartupInfoA FindResourceA LoadResource LockResource SizeofResource WideCharToMultiByte LocalFree LocalAlloc GetLastError Sleep MulDiv CloseHandle FreeLibrary GetProcAddress SetEnvironmentVariableA |
---|---|
USER32.dll |
EnableMenuItem
CheckMenuItem SendDlgItemMessageA WinHelpA IsChild GetCapture SetWindowsHookExA CallNextHookEx GetClassLongA GetClassNameA SetPropA GetPropA RemovePropA GetFocus SetFocus GetWindowTextLengthA GetWindowTextA GetForegroundWindow BeginDeferWindowPos EndDeferWindowPos GetTopWindow LockWindowUpdate GetDCEx GetClientRect PostThreadMessageA UnhookWindowsHookEx ModifyMenuA GetMessagePos MapWindowPoints TrackPopupMenu GetKeyState SetMenu SetForegroundWindow IsWindowVisible UpdateWindow PostMessageA CreateWindowExA GetClassInfoExA GetClassInfoA RegisterClassA AdjustWindowRectEx IsDialogMessageA SetWindowTextA MoveWindow LoadBitmapA GetMenuCheckMarkDimensions SetMenuItemBitmaps GetMessageTime UnionRect SetParent GetSystemMenu FillRect EnableWindow RegisterWindowMessageA PeekMessageA TranslateMessage DispatchMessageA LoadIconA SendMessageA IsIconic ShowWindow PostQuitMessage MapDialogRect GetSystemMetrics DrawIcon GetSysColor RedrawWindow EndDialog GetNextDlgTabItem GetParent IsWindowEnabled GetDlgItem GetWindowLongA IsWindow DestroyWindow CreateDialogIndirectParamA SetActiveWindow GetActiveWindow GetDesktopWindow TabbedTextOutA DrawTextA DrawTextExA GrayStringA ScreenToClient ClientToScreen SetWindowContextHelpId ValidateRect GetCursorPos GetMessageA SetCursor ShowOwnedPopups InflateRect GetSysColorBrush LoadCursorA GetMenuItemInfoA DestroyMenu SetCapture WindowFromPoint ReleaseCapture WaitMessage DeleteMenu CharNextA CopyAcceleratorTableA IsRectEmpty SetRect InvalidateRect InvalidateRgn GetNextDlgGroupItem MessageBeep DestroyIcon CharUpperA UnregisterClassA SetRectEmpty TranslateAcceleratorA BringWindowToTop CreatePopupMenu InsertMenuItemA LoadAcceleratorsA LoadMenuA ReuseDDElParam UnpackDDElParam RegisterClipboardFormatA SetTimer KillTimer MapVirtualKeyA GetDC ReleaseDC EqualRect DeferWindowPos CopyRect PtInRect GetDlgCtrlID DefWindowProcA CallWindowProcA GetMenu SetWindowLongA SetWindowPos OffsetRect IntersectRect SystemParametersInfoA GetWindowPlacement GetWindowRect GetWindow DrawFrameControl DrawFocusRect SendMessageTimeoutA DrawIconEx InvertRect DrawStateA GetIconInfo CopyIcon CreateIconIndirect CreateIconFromResourceEx LoadImageA LookupIconIdFromDirectoryEx GetMenuStringW SetWindowRgn GetWindowRgn SetWindowLongW GetWindowLongW IsWindowUnicode GetDoubleClickTime DrawEdge IsClipboardFormatAvailable HideCaret ShowCaret GetCursor IsMenu GetMenuDefaultItem SetCursorPos ToAsciiEx GetKeyboardState GetKeyboardLayoutList GetTabbedTextExtentA DefFrameProcA DrawMenuBar TranslateMDISysAccel GetMenuState GetMenuStringA GetMenuItemID InsertMenuA GetMenuItemCount GetSubMenu GetWindowThreadProcessId GetLastActivePopup MessageBoxA EndPaint BeginPaint GetWindowDC |
GDI32.dll |
GetWindowExtEx
BitBlt GetPixel PtVisible RectVisible TextOutA ExtTextOutA Escape SelectObject SetViewportOrgEx OffsetViewportOrgEx SetViewportExtEx ScaleViewportExtEx SetWindowExtEx ScaleWindowExtEx GetCurrentPositionEx PolyBezierTo ExtSelectClipRgn CreatePatternBrush GetViewportExtEx CreateCompatibleDC CreatePen GetTextExtentPoint32A GetTextMetricsA CreateRectRgnIndirect SetRectRgn CombineRgn GetMapMode PatBlt CreateRectRgn GetBkColor GetTextColor GetRgnBox GetCharWidthA CreateFontA StretchDIBits CreateCompatibleBitmap CreateBitmap GetClipRgn SelectClipRgn MoveToEx LineTo IntersectClipRect ExcludeClipRect GetClipBox SetMapMode SetTextColor SetStretchBltMode SetBkMode SetBkColor Polygon StretchBlt SetPixel GetCurrentObject CreateDIBSection ExtCreateRegion EnumFontFamiliesExA GetDIBits Polyline GetViewportOrgEx GetBitmapBits PtInRegion CreatePolygonRgn RoundRect GetWindowOrgEx GetTextExtentPoint32W GetTextAlign ExtTextOutW Ellipse StrokePath FillPath StrokeAndFillPath EndPath CloseFigure BeginPath RestoreDC SaveDC CreateFontIndirectA GetObjectA GetStockObject DeleteDC CreateSolidBrush DeleteObject CreateDCA DPtoLP GetDeviceCaps |
COMDLG32.dll |
GetFileTitleA
|
WINSPOOL.DRV |
DocumentPropertiesA
ClosePrinter OpenPrinterA |
ADVAPI32.dll |
OpenServiceA
QueryServiceStatus CloseServiceHandle StartServiceA ChangeServiceConfigA RegQueryValueA RegOpenKeyA RegEnumKeyA RegDeleteKeyA OpenSCManagerA RegSetValueExA RegCreateKeyExA RegOpenKeyExA RegQueryValueExA RegCloseKey SetSecurityDescriptorDacl InitializeSecurityDescriptor |
SHELL32.dll |
SHAppBarMessage
ShellExecuteA DragQueryFileA DragFinish |
SHLWAPI.dll |
PathIsUNCA
PathStripToRootA PathFindFileNameA PathFindExtensionA StrStrW |
oledlg.dll |
#8
#1 |
ole32.dll |
CoRevokeClassObject
OleInitialize CoFreeUnusedLibraries OleUninitialize CreateILockBytesOnHGlobal StgCreateDocfileOnILockBytes StgOpenStorageOnILockBytes CoGetClassObject CoDisconnectObject CLSIDFromString CLSIDFromProgID OleIsCurrentClipboard CoTaskMemAlloc CoTaskMemFree CoInitialize CoCreateInstance CoUninitialize OleFlushClipboard CoRegisterMessageFilter CoInitializeEx |
OLEAUT32.dll |
#16
#424 #420 #10 #161 #4 #149 #150 #7 #12 #9 #8 #6 #2 #184 #185 |
WINMM.dll |
PlaySoundA
|
COMCTL32.dll |
ImageList_GetIconSize
ImageList_DrawEx ImageList_Destroy _TrackMouseEvent ImageList_GetImageCount |
OLEACC.dll (delay-loaded) |
LresultFromObject
CreateStdAccessibleObject |
Attributes | 0x1 |
---|---|
Name | OLEACC.dll |
ModuleHandle | 0x17af94 |
DelayImportAddressTable | 0x177770 |
DelayImportNameTable | 0x16c9c4 |
BoundDelayImportTable | 0x16ca00 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Open |
Save As |
All Files (*.*) |
Untitled |
an unnamed file |
&Hide |
No error message is available. |
Attempted an unsupported operation. |
A required resource was unavailable. |
Out of memory. |
An unknown error has occurred. |
Encountered an improper argument. |
Incorrect filename. |
Failed to open document. |
Failed to save document. |
Save changes to %1? |
Failed to create empty document. |
The file is too large to open. |
Could not start print job. |
Failed to launch help. |
Internal application error. |
Command failed. |
Insufficient memory to perform operation. |
System registry entries have been removed and the INI file (if any) was deleted. |
Not all of the system registry entries (or INI file) were removed. |
This program requires the file %s, which was not found on this system. |
This program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s. |
Enter an integer. |
Enter a number. |
Enter an integer between %1 and %2. |
Enter a number between %1 and %2. |
Enter no more than %1 characters. |
Select a button. |
Enter an integer between 0 and 255. |
Enter a positive integer. |
Enter a date and/or time. |
Enter a currency. |
Enter a GUID. |
Enter a time. |
Enter a date. |
Unexpected file format. |
%1 |
Cannot find this file. |
Verify that the correct path and file name are given. |
Destination disk drive is full. |
Unable to read from %1, it is opened by someone else. |
Unable to write to %1, it is read-only or opened by someone else. |
Encountered an unexpected error while reading %1. |
Encountered an unexpected error while writing %1. |
%1: %2 |
Continue running script? |
Dispatch exception: %1 |
Unable to read write-only property. |
Unable to write read-only property. |
Unable to load mail system support. |
Mail system DLL is invalid. |
Send Mail failed to send message. |
No error occurred. |
An unknown error occurred while accessing %1. |
%1 was not found. |
%1 contains an incorrect path. |
Could not open %1 because there are too many open files. |
Access to %1 was denied. |
An incorrect file handle was associated with %1. |
Could not remove %1 because it is the current directory. |
Could not create %1 because the directory is full. |
Seek failed on %1 |
Encountered a hardware I/O error while accessing %1. |
Encountered a sharing violation while accessing %1. |
Encountered a locking violation while accessing %1. |
Disk full while accessing %1. |
Attempted to access %1 past its end. |
No error occurred. |
An unknown error occurred while accessing %1. |
Attempted to write to the reading %1. |
Attempted to access %1 past its end. |
Attempted to read from the writing %1. |
%1 has a bad format. |
%1 contained an unexpected object. |
%1 contains an incorrect schema. |
pixels |
Uncheck |
Check |
Mixed |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.1 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | Chinese - PRC |
CompanyName | 蓝盾技术 |
FileDescription | 蓝盾技术 |
FileVersion (#2) | 1.0.0.1 |
InternalName | 蓝盾NSA免疫加固工具.exe |
LegalCopyright | 蓝盾技术 All rights reserved. |
OriginalFilename | 蓝盾NSA免疫加固工具.exe |
ProductName | 蓝盾NSA免疫加固工具 |
ProductVersion (#2) | 1.0.0.1 |
Resource LangID | Chinese - PRC |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-May-14 18:40:26 |
Version | 0.0 |
SizeofData | 113 |
AddressOfRawData | 0x156220 |
PointerToRawData | 0x155220 |
Referenced File | f:\MyProject\MyProgram\bdhscheck\src\c\WinFwTest\Release\蓝盾NSA免疫加固工具.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x571610 |
SEHandlerTable | 0x560d40 |
SEHandlerCount | 710 |
XOR Key | 0x9adf4418 |
---|---|
Unmarked objects | 0 |
C objects (VS2008 SP1 build 30729) | 20 |
C++ objects (VS2008 SP1 build 30729) | 130 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 14 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 27 |
Total imports | 735 |
ASM objects (VS2008 build 21022) | 45 |
C objects (VS2008 build 21022) | 174 |
C++ objects (VS2008 build 21022) | 217 |
138 (VS2008 build 21022) | 10 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 build 21022) | 1 |