Manalyzer :: 4c387a3fe514d813ac853c14a109b95420845baa412eea60ce4590390f215f44

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Feb-15 05:51:59
Detected languages	Chinese - Taiwan
CompanyName	Megawin Technology Co., Ltd.
FileDescription	DFU Dynamic Link Library
FileVersion	`1, 1, 5, 0`
InternalName	DFU.DLL
LegalCopyright	Copyright (C) 2009
OriginalFilename	DFU.dll
ProductName	Megawin DFU
ProductVersion	`1, 1, 5, 0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 DLL (Debug)` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Suspicious	VirusTotal score: 1/63 (Scanned on 2026-05-13 04:47:37)	`Cynet: Malicious (score: 100)`

Hashes

MD5	`5d55e4542ca1bad4621ed5d5b58baddb`
SHA1	`0bf1d9c4178bf6c175cd668b57e1ab222c621270`
SHA256	`4c387a3fe514d813ac853c14a109b95420845baa412eea60ce4590390f215f44`
SHA3	`6de0dcdb3f97f1961c2328bb8f38e4e15ee19c703e7a538738b15e0f7bc7d5c5`
SSDeep	`768:1wbDb0zxPLxWjwTcoi+wSvInFhXaJOJSEouv:qWFEjwTRkSQDqJ0ouv`
Imports Hash	`23552652ce3b4d92a926b2d4d8069064`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2012-Feb-15 05:51:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x7000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000019FC (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xd000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`80cb415c8056f521d380a63b74d486d0`
SHA1	`19da5d23331cf49b534d0fe6c43f1f8d438fac49`
SHA256	`3a03918f9ae33f4a7848a6a5b75bfe72eef638d757c580790daf7307b096a2e3`
SHA3	`209361c152dfeb2c23daecb670499876f6e491275c74c4f2f3ebf13f98f2d2f4`
VirtualSize	`0x463a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.14532`

.rdata

MD5	`946527bc09050fd47abe42a7a46e42c4`
SHA1	`cc3243811b46ea80927ed7aa9bdba793dd4c981b`
SHA256	`6c9fbc64f1488a7d524ec653cb086ffaa8bc353cff171b641d1cd47eca40bee9`
SHA3	`22ff990d58d42b41ed5cb381e304457ca6c945c61b75922421548f0c44dfc1c4`
VirtualSize	`0xd9b`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.74818`

.data

MD5	`c021e44713c04f0139da8865544ec18d`
SHA1	`f08d78716490ad11da5dbe1804b5f4da46d15a8e`
SHA256	`5287a7235daea6d7813663a32d3c8c014be3eb75f2aee74dccb15b75fcbdbfba`
SHA3	`ffd0d92c27b8894bdf1da0a4f8636d713f7bd61c8c7dd9467a8780bc78c3d0b4`
VirtualSize	`0x3164`
VirtualAddress	`0x7000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.689537`

.rsrc

MD5	`499f6005f4bbbaf3fd6d8f51d97f2ed9`
SHA1	`30e413ed4fb09a5f7c4ea2f8ba4fc5a18a99b098`
SHA256	`07508421e58cafe81c471f10d6ededa7c66c3e070bb6477334f4a7869f4091a0`
SHA3	`ee92217e3f02eb7319b4e1a31409fb9d743e979e03664e05da32cc05ed229223`
VirtualSize	`0x3d8`
VirtualAddress	`0xb000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.01694`

.reloc

MD5	`215fa8bd55921b68fb1e470bd463ac6c`
SHA1	`275a8a7c39b413eaa980905607d883d5e7ae3a2e`
SHA256	`ec98d06ac144d7621af28d02639094eba1de047aacd8b7205e70d144baed1075`
SHA3	`050fc4791dbc928404d50b02afddb786ae3b05c851b88ae649fc7fb32e7bf995`
VirtualSize	`0xc9a`
VirtualAddress	`0xc000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.14282`

Imports

KERNEL32.dll	`Sleep` `OutputDebugStringA` `WriteFile` `CancelIo` `CreateFileA` `CloseHandle` `HeapFree` `HeapAlloc` `GetCommandLineA` `GetVersion` `GetModuleHandleA` `GetModuleFileNameA` `GetEnvironmentVariableA` `GetVersionExA` `HeapDestroy` `HeapCreate` `VirtualFree` `VirtualAlloc` `HeapReAlloc` `InitializeCriticalSection` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `ExitProcess` `RtlUnwind` `TerminateProcess` `GetCurrentProcess` `GetCurrentThreadId` `TlsSetValue` `TlsAlloc` `TlsFree` `SetLastError` `TlsGetValue` `GetLastError` `SetHandleCount` `GetStdHandle` `GetFileType` `GetStartupInfoA` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `GetCPInfo` `GetACP` `GetOEMCP` `GetProcAddress` `LoadLibraryA` `InterlockedDecrement` `InterlockedIncrement` `MultiByteToWideChar` `LCMapStringA` `LCMapStringW` `GetStringTypeA` `GetStringTypeW`
CFGMGR32.dll	`CMP_WaitNoPendingInstallEvents`
HID.DLL	`HidD_GetHidGuid` `HidD_GetAttributes` `HidD_GetPreparsedData` `HidD_SetFeature` `HidD_GetFeature` `HidP_GetCaps` `HidD_FreePreparsedData`
SETUPAPI.dll	`SetupDiEnumDeviceInterfaces` `SetupDiGetDeviceInterfaceDetailA` `SetupDiDestroyDeviceInfoList` `SetupDiGetClassDevsA`

Delayed Imports

DFU_Download

Ordinal	`1`
Address	`0x1420`

DFU_Get_ProcessCount

Ordinal	`2`
Address	`0x16c0`

DFU_Reset_To_AP

Ordinal	`3`
Address	`0x13d0`

DFU_Reset_To_ISP

Ordinal	`4`
Address	`0x1370`

1

Type	`RT_VERSION`
Language	Chinese - Taiwan
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42039`
MD5	`9196d5f3e84022bf5aecaba4459a5a73`
SHA1	`68151ba04ba52ee2f98a9caf4c2fc1a618df1e74`
SHA256	`6ae1a35b874f69773a40e31842c06e9f5d96647bb5c37f079c6f22e0ce6d271a`
SHA3	`ed9d46805e088d74ff62acf9c7bb25e046ce5475e8b04e04b496575d04d5fd52`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.5.0
ProductVersion	1.1.5.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - Taiwan
CompanyName	Megawin Technology Co., Ltd.
FileDescription	DFU Dynamic Link Library
FileVersion (#2)	1, 1, 5, 0
InternalName	DFU.DLL
LegalCopyright	Copyright (C) 2009
OriginalFilename	DFU.dll
ProductName	Megawin DFU
ProductVersion (#2)	1, 1, 5, 0

Resource LangID	Chinese - Taiwan

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8a8c3a22`
Unmarked objects	`0`
14 (7299)	`20`
C objects (VS98 SP6 build 8804)	`56`
Imports (9210)	`4`
Imports (VS2003 (.NET) build 4035)	`2`
19 (8034)	`3`
Total imports	`81`
C++ objects (VS98 SP6 build 8804)	`3`
Resource objects (VS98 SP6 cvtres build 1736)	`1`
Linker (VC++ 6.0 SP5 imp/exp build 8447)	`1`

Errors

Leave a comment

No comments yet.