4d32c4639b92a71bbc6b021be6a24675
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 1991-Jan-22 03:38:06 |
| Detected languages |
English - United States
|
| Debug artifacts |
C:\a\b\a_VVG9OPZI\s\CSAdminKit\development2\bin\dll\KLNHRds.pdb
|
| CompanyName | AO Kaspersky Lab |
| LegalCopyright | © 2021 AO Kaspersky Lab |
| LegalTrademarks | Registered trademarks and service marks are the property of their respective owners |
| ProductName | Kaspersky Security Center |
| ProductVersion | 13.2.0.1511 |
| FileVersion | 13.2.0.1511 |
| FileDescription | Kaspersky Remote desktop session viewer |
| InternalName | KLNHRDS |
| OriginalFilename | KLNHRDS.EXE |
Plugin Output
| Info | Matching compiler(s): | MASM/TASM - sig1(h) |
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Kaspersky Lab JSC
Issuer: DigiCert High Assurance Code Signing CA-1 |
| Safe | VirusTotal score: 0/66 (Scanned on 2021-12-13 06:13:42) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 1991-Jan-22 03:38:06 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x18600 |
| SizeOfInitializedData | 0x70800 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00017970 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x1a000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.1 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.1 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x8d000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x9827a |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
.reloc
Imports
| klcsstd2.dll |
KLSTD_Initialize
?KLCSSTD_Deinitialize@@YAXXZ ?KLPAR_Initialize@@YAXXZ ?KLSTD_GetArgc@@YAHXZ ?KLPAR_Deinitialize@@YAXXZ ?KLSTD_GetArgvW@@YAPAPA_WXZ KLSTD_Deinitialize KLSTD_StParseCommandineW ?KLSTD_SetupCmdlineDataW@@YAXHQAPA_W@Z ?InitMain_InitCallbacks@KLINITMAIN@@YAXPB_W@Z ?CInitMainUt_Init@KLINITMAIN@@YAXPB_W00@Z ?KLSTD_ParseCmdlineW@@YAXPB_WPAPA_WPA_WPAH3@Z ?InitMain_DeinitCallbacks@KLINITMAIN@@YAXXZ ?KLCSSTD_Initialize@@YAXXZ ?CInitMainUt_Deinit@KLINITMAIN@@YAXXZ KLUSERDUMP_InitAltDumpDir ?MakeUpFullErrorDescription@KLERR@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAVError@1@_N@Z ?SayFailure2@KLERR@@YAXHPAVError@1@PB_WPBDH2@Z KLERR_CreateUnknownException KLERR_CreateError2 KLERR_ConvertExceptionFromStringA KLERR_ConvertException ?KLSTD_AcquireFqdn@@YAXPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z KLSTD_ThrowLastErrorCode ?SetupServiceDirectory@KLSTD@@YAXXZ |
|---|---|
| KERNEL32.dll |
SetFileApisToANSI
GetModuleHandleExW GetModuleHandleW GetModuleFileNameW MultiByteToWideChar LoadLibraryExW TerminateProcess GetCurrentProcess FormatMessageW LocalFree GetLastError RaiseException GetLongPathNameW GetSystemDirectoryW GetProcAddress FreeLibrary ExpandEnvironmentStringsW GetEnvironmentVariableW InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection GetCurrentThreadId InitializeSListHead lstrcmpiW WaitForSingleObjectEx LoadResource FindResourceW InitializeCriticalSectionEx DecodePointer SetLastError GlobalUnlock GlobalLock GlobalAlloc MulDiv lstrcmpW HeapDestroy HeapSize HeapReAlloc HeapFree HeapAlloc GetProcessHeap LockResource FindResourceExW GetVersionExW lstrcpynW lstrlenW lstrcpynA lstrlenA LoadLibraryW EncodePointer SetErrorMode InterlockedPopEntrySList InterlockedPushEntrySList FlushInstructionCache IsProcessorFeaturePresent VirtualAlloc VirtualFree LoadLibraryExA UnhandledExceptionFilter IsDebuggerPresent OutputDebugStringW InitializeCriticalSectionAndSpinCount SetEvent CreateEventW CloseHandle ResetEvent GetSystemTimeAsFileTime GetCurrentProcessId SetUnhandledExceptionFilter QueryPerformanceCounter SizeofResource GetStartupInfoW |
| USER32.dll |
PeekMessageW
CharNextW DefWindowProcW UnregisterClassW RegisterClassExW LoadCursorW SetWindowLongW GetWindowLongW DestroyAcceleratorTable GetDesktopWindow ReleaseDC GetDC InvalidateRect CallWindowProcW SetTimer SetDlgItemTextW EndDialog KillTimer GetCursorPos DialogBoxParamW DialogBoxIndirectParamW GetMonitorInfoW MonitorFromPoint CreatePopupMenu DestroyMenu TrackPopupMenuEx AppendMenuW GetMenuItemCount RemoveMenu MessageBeep MapWindowPoints GetWindowRect TranslateAcceleratorW PostQuitMessage LoadStringA SetWindowPlacement SetMenu GetWindowPlacement MessageBoxW PostMessageW SetMenuDefaultItem GetMenuItemInfoW SetMenuItemInfoW wvsprintfW LoadImageW LoadAcceleratorsW LoadMenuW LoadStringW PtInRect GetMessageW TranslateMessage DispatchMessageW ShowWindow RegisterWindowMessageW GetWindowTextLengthW GetWindowTextW SetWindowTextW BeginPaint EndPaint IsChild GetFocus SetFocus GetWindow GetDlgItem SendMessageW IsWindow GetClassNameW GetSysColor SetWindowPos RedrawWindow GetClassInfoExW CreateWindowExW DestroyWindow CreateAcceleratorTableW ClientToScreen GetParent ScreenToClient MoveWindow SetCapture ReleaseCapture FillRect GetClientRect InvalidateRgn |
| GDI32.dll |
GetObjectW
GetStockObject DeleteDC BitBlt DeleteObject SelectObject CreateCompatibleBitmap CreateCompatibleDC CreateSolidBrush CreatePen Rectangle GetDeviceCaps |
| ole32.dll |
CoTaskMemFree
CoTaskMemRealloc CoTaskMemAlloc CoCreateInstance CoInitialize OleUninitialize StringFromGUID2 OleLockRunning CreateStreamOnHGlobal CoGetClassObject CLSIDFromProgID CLSIDFromString OleInitialize CoUninitialize |
| OLEAUT32.dll |
GetErrorInfo
SysAllocStringLen VariantInit VariantClear LoadTypeLib VarUI4FromStr SysFreeString SysAllocString OleCreateFontIndirect SysStringLen LoadRegTypeLib |
| ADVAPI32.dll |
RegEnumValueW
RegEnumKeyExW RegSetValueExW RegCloseKey RegOpenKeyExW RegCreateKeyExW RegDeleteValueW GetUserNameW RegQueryValueExW RegDeleteKeyW RegQueryInfoKeyW |
| MSVCP140.dll |
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?classic@locale@std@@SAABV12@XZ ?id@?$ctype@_W@std@@2V0locale@2@A ?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z ??Bid@locale@std@@QAEIXZ ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ ??0_Lockit@std@@QAE@H@Z ??1_Lockit@std@@QAE@XZ ?_Xout_of_range@std@@YAXPBD@Z ?_Xlength_error@std@@YAXPBD@Z |
| COMCTL32.dll |
InitCommonControlsEx
|
| VCRUNTIME140.dll |
_except_handler4_common
_CxxThrowException memmove memset wcsstr memcpy __std_exception_destroy __std_exception_copy __std_terminate __CxxFrameHandler3 |
| api-ms-win-crt-runtime-l1-1-0.dll |
_invalid_parameter_noinfo_noreturn
_get_wide_winmain_command_line _configure_wide_argv __p__wcmdln _set_app_type _seh_filter_exe _cexit _crt_atexit _initterm _register_onexit_function terminate _initterm_e exit _exit _c_exit _register_thread_local_exe_atexit_callback _controlfp_s _initialize_wide_environment _invalid_parameter_noinfo _errno _initialize_onexit_table |
| api-ms-win-crt-locale-l1-1-0.dll |
_wsetlocale
_configthreadlocale |
| api-ms-win-crt-heap-l1-1-0.dll |
_recalloc
free _set_new_mode _callnewh malloc |
| api-ms-win-crt-string-l1-1-0.dll |
_wcsicmp
wcsncpy wmemcpy_s toupper wcsncpy_s |
| api-ms-win-crt-stdio-l1-1-0.dll |
__stdio_common_vswprintf_s
__p__commode _set_fmode __stdio_common_vswprintf |
| api-ms-win-crt-filesystem-l1-1-0.dll |
_wsplitpath
_wmakepath |
| api-ms-win-crt-environment-l1-1-0.dll |
getenv
|
| api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
Delayed Imports
131
1
2
3
4
5
6
7
8
201
131 (#2)
7 (#2)
13
201 (#2)
1 (#2)
1 (#3)
String Table contents
| KLNHRds |
| Error load Remote Desktop Session Viewer. |
| 0 |
| Exit &full screen mode |
| Kaspersky Remote desktop session viewer |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 13.2.0.1511 |
| ProductVersion | 13.2.0.1511 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | AO Kaspersky Lab |
| LegalCopyright | © 2021 AO Kaspersky Lab |
| LegalTrademarks | Registered trademarks and service marks are the property of their respective owners |
| ProductName | Kaspersky Security Center |
| ProductVersion (#2) | 13.2.0.1511 |
| FileVersion (#2) | 13.2.0.1511 |
| FileDescription | Kaspersky Remote desktop session viewer |
| InternalName | KLNHRDS |
| OriginalFilename | KLNHRDS.EXE |
| Resource LangID | UNKNOWN |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 1991-Jan-22 03:38:06 |
| Version | 0.0 |
| SizeofData | 88 |
| AddressOfRawData | 0x1def0 |
| PointerToRawData | 0x1c8f0 |
| Referenced File | C:\a\b\a_VVG9OPZI\s\CSAdminKit\development2\bin\dll\KLNHRds.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 1991-Jan-22 03:38:06 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x1df48 |
| PointerToRawData | 0x1c948 |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 1991-Jan-22 03:38:06 |
| Version | 0.0 |
| SizeofData | 924 |
| AddressOfRawData | 0x1df5c |
| PointerToRawData | 0x1c95c |
UNKNOWN
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 1991-Jan-22 03:38:06 |
| Version | 0.0 |
| SizeofData | 36 |
| AddressOfRawData | 0x1e2f8 |
| PointerToRawData | 0x1ccf8 |
TLS Callbacks
| StartAddressOfRawData | 0x41e32c |
|---|---|
| EndAddressOfRawData | 0x41e334 |
| AddressOfIndex | 0x4237c8 |
| AddressOfCallbacks | 0x41a518 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0xa0 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x422010 |
| SEHandlerTable | 0x41dde0 |
| SEHandlerCount | 68 |
| GuardCFCheckFunctionPointer | 4302036 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
RICH Header
| XOR Key | 0x78e8e79e |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 16 |
| C objects (VS 2015/2017 runtime 26706) | 12 |
| ASM objects (VS 2015/2017 runtime 26706) | 4 |
| C++ objects (VS 2015/2017 runtime 26706) | 44 |
| Imports (VS 2015/2017 runtime 26706) | 4 |
| C objects (26213) | 1 |
| Imports (26213) | 14 |
| Imports (27040) | 3 |
| Total imports | 396 |
| C++ objects (LTCG) (27040) | 6 |
| Resource objects (27040) | 1 |
| 151 | 1 |
| Linker (27040) | 1 |