Manalyze report for 5766262c5c3f446866b17ee8ce1d64ff

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-14 07:29:31
Detected languages	Chinese - PRC English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	E:\trunk\CommonPlatform\Helper2345\bin\Win32\Release\pdb\HelperMain.pdb
Comments	2345.com
CompanyName	2345移动科技
FileDescription	2345辅助模块
FileVersion	`3.2.1.797`
InternalName	HelperMain
LegalCopyright	版权所有 (C) 2019, 2345移动科技
OriginalFilename	HelperMain.dll
ProductName	2345辅助模块
ProductVersion	`3.2.1.797`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to internet browsers: chrome.exe iexplore.exe` `Looks for VMWare presence: ba 58 56 00 00 ed 81 fb 68 58 4d 56` `Looks for VirtualPC presence: 0f 3f 07 0b` `May have dropper capabilities: CurrentControlSet\Services` `Accesses the WMI: ROOT\CIMV2`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread FindWindowW` `Code injection capabilities: VirtualAlloc WriteProcessMemory VirtualAllocEx OpenProcess` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Can access the registry: RegSetValueExW RegQueryInfoKeyW RegOpenKeyExW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: GetTempPathW CreateFileW` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc VirtualAllocEx` `Functions related to the privilege level: CheckTokenMembership` `Interacts with services: QueryServiceConfigW OpenServiceW OpenSCManagerW` `Enumerates local disk drives: GetLogicalDriveStringsW` `Manipulates other processes: WriteProcessMemory ReadProcessMemory OpenProcess` `Can take screenshots: FindWindowW GetDC GetDCEx BitBlt CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData`
Info	The PE is digitally signed.	`Signer: Shanghai 2345 Mobile Technology Co.` `Issuer: VeriSign Class 3 Code Signing 2010 CA`
Suspicious	VirusTotal score: 1/65 (Scanned on 2019-04-09 11:50:37)	`Ikarus: PUA.OpenSUpdater`

Hashes

MD5	`5766262c5c3f446866b17ee8ce1d64ff`
SHA1	`f35a6afeb1263664f441aa406823cd470a7cc079`
SHA256	`2c0564ecc3467bd3097b7bf4e71f3fc9454d53df4257cbb0e616ee9488a34286`
SHA3	`30b9f325e7844b67bcf1f86b3d678eefc88e9dc6047bb8b4bc6c3b562e73f0ac`
SSDeep	`98304:il4bPby4cdT62uRj4Nknw4CE3LH9XM1agcdJasBUGa:il4bPby4cdT62uRj4Nk8E3LH9PbdcsO`
Imports Hash	`79ef51c45f259722b6664de0bc8acd79`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2019-Mar-14 07:29:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x2ebe00`
SizeOfInitializedData	`0xce400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0018019F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2ed000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x3be000`
SizeOfHeaders	`0x400`
Checksum	`0x3b6eca`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6ca04724e3d5975257da0afd8b4db175`
SHA1	`3838c8325a1f8c13e000c93d5ca8fb3568423f5f`
SHA256	`815b55961407d60a77ea4c68221fb0933d747b565a948145e20f2b0167d814ab`
SHA3	`269cbef0d2ee4ba466e19de852ff98d17d1ee6c8718fae47973b6d11aa27aaf5`
VirtualSize	`0x2ebc3a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2ebe00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53349`

.rdata

MD5	`bb3fa4a0e9a2c37d3bc66c9c8679eb38`
SHA1	`5f0dbfd393b462d0628510562d545d9c8f650177`
SHA256	`7df950096fe9af91a028d7bd4731fbee862e9aa4b066e193c24338c15ef429f9`
SHA3	`384b95ffe75d78f71c579d75bb24e7a173748edcb3bad2ebdffc1cc916602143`
VirtualSize	`0x8ded4`
VirtualAddress	`0x2ed000`
SizeOfRawData	`0x8e000`
PointerToRawData	`0x2ec200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.37722`

.data

MD5	`b4488b40b652ad14828d5933454e785b`
SHA1	`4225eb3ec7d7da14e2c2caba733b5570f7f32f27`
SHA256	`9508c15053265017276a86f8f77e2323b133965a6fd221e102b55c1360bb6523`
SHA3	`d54b4911b8804140138cf62079dbd88af64c9b077ca4d875307e3b793140c6a7`
VirtualSize	`0x138ac`
VirtualAddress	`0x37b000`
SizeOfRawData	`0x9c00`
PointerToRawData	`0x37a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.13377`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x2`
VirtualAddress	`0x38f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x383e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

_RDATA

MD5	`6a4d701a80c9128ba46180eb8218a58f`
SHA1	`5655b54a72a7ffbbfeda6351c1607969173a3caa`
SHA256	`f8e40f7f17982460e701393f59c4777a5decf29c245d751b94d7c60d57ba201d`
SHA3	`58db08d707f891bcbafc285be363fb18aa6ffa102627ca54ddcb6902fc40726c`
VirtualSize	`0x120`
VirtualAddress	`0x390000`
SizeOfRawData	`0x200`
PointerToRawData	`0x384000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.323255`

.rsrc

MD5	`ad47ae717bd7d5e89ce30054d36c095a`
SHA1	`e066132f2e4bc7c49adc0c840b55c1707db514ec`
SHA256	`3df0b810a56a9a1cdc5ea92d8b402946fc20d7f1e4ae3c4d5eead2b0842dd4e9`
SHA3	`aff6122a1783bcf9ddc0f23420a052d4aa377b898f498c3711c3fbff40d89467`
VirtualSize	`0x89a8`
VirtualAddress	`0x391000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0x384200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.46123`

.reloc

MD5	`e308ff49135247526b1a6b92cb89f3d8`
SHA1	`1eb8378a0d18f4d182543e9443ebf43c85d9f5a3`
SHA256	`1b18e0f058077aabbc9fa6adfb74f6dbe1aaa020656d6db4ee5c0125f218245b`
SHA3	`a81b8a6fe6bd034982f93e47b0c349d4344f50a97b3120756a642e6a4e0033c8`
VirtualSize	`0x23a30`
VirtualAddress	`0x39a000`
SizeOfRawData	`0x23c00`
PointerToRawData	`0x38cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60936`

Imports

VERSION.dll	`GetFileVersionInfoSizeW` `VerQueryValueW` `GetFileVersionInfoW`
KERNEL32.dll	`GetExitCodeProcess` `WaitForMultipleObjects` `GetLongPathNameW` `GetFileAttributesExW` `GetFileSize` `SetFilePointer` `SetEndOfFile` `SetFileTime` `WriteFile` `ReadFile` `GetFileTime` `WideCharToMultiByte` `GetACP` `MultiByteToWideChar` `GetFileAttributesW` `ExpandEnvironmentStringsW` `FindResourceW` `LoadResource` `GetVersionExW` `LockResource` `GetSystemInfo` `QueryDosDeviceW` `SetEvent` `ResetEvent` `CreateEventW` `lstrcpyW` `HeapAlloc` `HeapFree` `GetProcessHeap` `GlobalFree` `InterlockedExchangeAdd` `GetFullPathNameW` `GetTempFileNameW` `GetSystemDirectoryW` `CopyFileW` `GetCurrentDirectoryW` `RemoveDirectoryW` `GetWindowsDirectoryW` `DeleteFileW` `SetFileAttributesW` `FindNextFileW` `GetFileSizeEx` `GetLogicalDriveStringsW` `InterlockedExchange` `FormatMessageW` `DeviceIoControl` `GetEnvironmentVariableW` `LoadLibraryExW` `SizeofResource` `CreateWaitableTimerW` `SetWaitableTimer` `FreeResource` `MapViewOfFileEx` `QueryPerformanceCounter` `QueryPerformanceFrequency` `CreateProcessW` `GetShortPathNameW` `lstrlenW` `lstrcpynW` `FindClose` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `FindFirstFileW` `GetStartupInfoW` `MoveFileW` `GetLocalTime` `GetTempPathW` `SwitchToThread` `GetFileInformationByHandle` `SetEnvironmentVariableA` `WriteConsoleW` `SetStdHandle` `SetFilePointerEx` `UnregisterWaitEx` `QueryDepthSList` `InterlockedFlushSList` `InterlockedPushEntrySList` `InterlockedPopEntrySList` `InitializeSListHead` `ReleaseSemaphore` `VirtualProtect` `VirtualFree` `VirtualAlloc` `GetModuleHandleA` `FreeLibraryAndExitThread` `GetThreadTimes` `OutputDebugStringW` `ReadConsoleW` `GetTimeZoneInformation` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetModuleFileNameA` `GetFileType` `GetOEMCP` `IsValidCodePage` `HeapReAlloc` `GetStdHandle` `HeapSize` `AreFileApisANSI` `GetModuleHandleExW` `ExitProcess` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `UnregisterWait` `RegisterWaitForSingleObject` `SetThreadAffinityMask` `GetProcessAffinityMask` `GetNumaHighestNodeNumber` `DeleteTimerQueueTimer` `ChangeTimerQueueTimer` `CreateTimerQueueTimer` `GetLogicalProcessorInformation` `GetThreadPriority` `SetThreadPriority` `SignalObjectAndWait` `WaitForSingleObjectEx` `CreateTimerQueue` `CreateSemaphoreW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `TerminateProcess` `UnhandledExceptionFilter` `GetCPInfo` `RtlUnwind` `ExitThread` `CreateThread` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetCommandLineA` `GetStringTypeW` `GetSystemTimeAsFileTime` `EncodePointer` `GetCurrentThread` `DuplicateHandle` `SuspendThread` `GetExitCodeThread` `OpenThread` `TerminateThread` `ResumeThread` `GlobalMemoryStatusEx` `OpenFileMappingW` `GetPrivateProfileStringA` `GetPrivateProfileStringW` `SetLastError` `FlushInstructionCache` `GlobalUnlock` `lstrcmpW` `MulDiv` `GlobalAlloc` `GlobalLock` `GetCurrentProcess` `WriteProcessMemory` `VirtualAllocEx` `ReadProcessMemory` `VirtualFreeEx` `OpenProcess` `GetModuleHandleW` `SetErrorMode` `lstrcmpiW` `InterlockedDecrement` `InterlockedIncrement` `LocalFree` `lstrcatW` `SetUnhandledExceptionFilter` `GetCommandLineW` `GetProcAddress` `CreateFileW` `LoadLibraryW` `FreeLibrary` `DeleteCriticalSection` `DecodePointer` `RaiseException` `InitializeCriticalSectionAndSpinCount` `CloseHandle` `GetModuleFileNameW` `MoveFileExW` `GetCurrentProcessId` `ReleaseMutex` `GetCurrentThreadId` `CreateFileMappingW` `EnterCriticalSection` `GetLastError` `LeaveCriticalSection` `Sleep` `InitializeCriticalSection` `GetTickCount` `WaitForSingleObject` `CreateDirectoryW` `UnmapViewOfFile` `MapViewOfFile` `CreateMutexW` `LocalAlloc`
USER32.dll	`ValidateRect` `SetWindowRgn` `MapWindowPoints` `OpenClipboard` `UnregisterClassW` `GetWindowThreadProcessId` `IsWindow` `GetClassNameW` `GetWindowTextW` `GetForegroundWindow` `IsZoomed` `GetWindow` `FindWindowExW` `GetWindowLongW` `FindWindowW` `DefWindowProcW` `CallWindowProcW` `RemovePropW` `SetRectEmpty` `UpdateLayeredWindow` `SetRect` `SetCaretPos` `MsgWaitForMultipleObjects` `LoadBitmapW` `GetAsyncKeyState` `IsClipboardFormatAvailable` `EmptyClipboard` `GetClipboardData` `SetClipboardData` `CloseClipboard` `LoadImageW` `SetForegroundWindow` `GetCaretBlinkTime` `ToAscii` `GetKeyboardState` `EnableWindow` `DrawTextW` `GetIconInfo` `SetPropW` `GetPropW` `GetMonitorInfoW` `DrawIconEx` `CreateWindowExW` `SetWindowPos` `SetWindowLongW` `MonitorFromWindow` `SetParent` `GetParent` `PostMessageW` `DestroyWindow` `GetSystemMetrics` `SendMessageW` `MonitorFromPoint` `MoveWindow` `SetWindowTextW` `ReleaseCapture` `GetSysColor` `GetDesktopWindow` `RedrawWindow` `GetDlgItem` `ReleaseDC` `InvalidateRect` `RegisterClassExW` `GetDC` `GetClassInfoExW` `BeginPaint` `SetFocus` `CreateAcceleratorTableW` `GetClientRect` `LoadCursorW` `InvalidateRgn` `GetFocus` `SetCapture` `IsChild` `FillRect` `RegisterWindowMessageW` `CharNextW` `GetWindowRect` `ScreenToClient` `DestroyAcceleratorTable` `GetWindowTextLengthW` `ClientToScreen` `EndPaint` `GetShellWindow` `MessageBoxW` `wsprintfW` `IsWindowVisible` `GetCursorPos` `SystemParametersInfoW` `IntersectRect` `PtInRect` `IsIconic` `GetDCEx` `GetWindowDC` `SetCursor` `CopyRect` `OffsetRect` `IsRectEmpty` `EqualRect` `EnumChildWindows` `SetTimer` `KillTimer` `GetClassLongW` `GetMessageW` `TranslateMessage` `DispatchMessageW` `PeekMessageW` `PostQuitMessage` `TrackMouseEvent` `GetKeyState` `UnionRect` `ShowWindow` `ShowWindowAsync`
GDI32.dll	`PtInRegion` `GetMapMode` `SetMapMode` `CreateRoundRectRgn` `CreateDCW` `GetDIBits` `ExtTextOutW` `GetClipBox` `CreateDIBSection` `EnumFontsW` `SetBkColor` `CreateFontIndirectW` `CreatePolygonRgn` `CreateRectRgnIndirect` `SetWorldTransform` `SetGraphicsMode` `SetViewportOrgEx` `GetRgnBox` `BitBlt` `GetDeviceCaps` `DeleteObject` `SelectObject` `CreateCompatibleDC` `CreateCompatibleBitmap` `GetObjectW` `GdiFlush` `GetStockObject` `CreateSolidBrush` `GetTextMetricsW` `SetTextColor` `EnumFontFamiliesExW` `GetCharABCWidthsW` `GetFontData` `GetGlyphOutlineW` `GetOutlineTextMetricsW` `GetFontUnicodeRanges` `GetGlyphIndicesW` `GetTextExtentPointI` `AddFontMemResourceEx` `RemoveFontMemResourceEx` `SetBkMode` `SetTextAlign` `GetTextFaceW` `DeleteDC`
ADVAPI32.dll	`QueryServiceConfigW` `RegSetValueExW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegEnumKeyExW` `RegDeleteValueW` `RegDeleteKeyW` `RegCreateKeyExW` `RegCloseKey` `SystemFunction036` `OpenServiceW` `OpenSCManagerW` `CloseServiceHandle` `GetUserNameW` `CheckTokenMembership` `FreeSid` `AllocateAndInitializeSid`
SHELL32.dll	`ShellExecuteW` `SHGetFolderPathW` `SHGetSpecialFolderPathW` `CommandLineToArgvW` `SHGetDesktopFolder` `DragFinish` `DragQueryFileW` `#155` `#680` `#190` `SHFileOperationW` `SHGetDataFromIDListW`
ole32.dll	`CoInitialize` `CoUninitialize` `PropVariantClear` `CoTaskMemAlloc` `CoGetClassObject` `CoTaskMemFree` `OleUninitialize` `StringFromGUID2` `CreateStreamOnHGlobal` `CLSIDFromString` `CLSIDFromProgID` `CoCreateGuid` `CoTaskMemRealloc` `OleLockRunning` `CoCreateInstance` `OleInitialize`
OLEAUT32.dll	`#6` `#2` `#146` `#7` `#9` `#277` `#162` `#420` `#4` `#8` `#161`
SHLWAPI.dll	`PathFindFileNameW` `StrToIntA` `#12` `PathRemoveFileSpecW` `SHStrDupW`
COMCTL32.dll	`InitCommonControlsEx` `_TrackMouseEvent`
MSIMG32.dll	`AlphaBlend`
imagehlp.dll	`ImageEnumerateCertificates` `ImageRemoveCertificate`
NETAPI32.dll	`NetLocalGroupGetMembers`
gdiplus.dll	`GdipCloneStringFormat` `GdipSetStringFormatFlags` `GdipSetStringFormatAlign` `GdipGetStringFormatAlign` `GdipSetStringFormatLineAlign` `GdipGetStringFormatLineAlign` `GdipSetStringFormatTrimming` `GdipAddPathLineI` `GdipAddPathArcI` `GdipAddPathBezierI` `GdipAddPathRectangleI` `GdipAddPathEllipseI` `GdipCreateRegionPath` `GdipCombineRegionPath` `GdipCombineRegionRegion` `GdipGetBrushType` `GdipSetTextureTransform` `GdipSetLineTransform` `GdipCreateFont` `GdipGetLineSpacing` `GdipGetCellDescent` `GdipGetCellAscent` `GdipGetEmHeight` `GdipGetFamilyName` `GdipDeleteFontFamily` `GdipCreateFontFamilyFromName` `GdipEndContainer` `GdipBeginContainer2` `GdipRestoreGraphics` `GdipDeleteStringFormat` `GdipStringFormatGetGenericTypographic` `GdipMeasureString` `GdipDrawString` `GdipGetFontSize` `GdipSaveGraphics` `GdipGetClipBoundsI` `GdipSetClipRegion` `GdipSetClipRectI` `GdipDrawImageRectRectI` `GdipDrawImageRectRect` `GdipFillPath` `GdipFillEllipse` `GdipFillRectangleI` `GdipGraphicsClear` `GdipDrawPath` `GdipDrawRectangle` `GdipDrawArcI` `GdipDrawLine` `GdipRotateWorldTransform` `GdipScaleWorldTransform` `GdipTranslateWorldTransform` `GdipMultiplyWorldTransform` `GdipGetInterpolationMode` `GdipSetInterpolationMode` `GdipGetFontStyle` `GdipSetTextRenderingHint` `GdipSetPixelOffsetMode` `GdipGetSmoothingMode` `GdipSetCompositingQuality` `GdipDeleteGraphics` `GdipCreateFromHDC` `GdipSetImageAttributesWrapMode` `GdipSetImageAttributesColorMatrix` `GdipDisposeImageAttributes` `GdipCreateImageAttributes` `GdipCloneBitmapArea` `GdipGetImageGraphicsContext` `GdipSetPenDashStyle` `GdipDeletePen` `GdipCreatePen1` `GdipGetLineTransform` `GdipSetLineWrapMode` `GdipSetLinePresetBlend` `GdipCreateLineBrushI` `GdipCreateSolidFill` `GdipGetTextureTransform` `GdipCreateTexture` `GdipDeleteBrush` `GdipCloneBrush` `GdipTransformRegion` `GdipDeleteRegion` `GdipCloneRegion` `GdipGetMatrixElements` `GdipDeleteMatrix` `GdipCreateMatrix2` `GdipCreateMatrix` `GdipGetPathWorldBounds` `GdipAddPathString` `#1` `GdipClosePathFigure` `GdipDeletePath` `GdipCreatePath` `GdipCloneBitmapAreaI` `GdipCreateBitmapFromScan0` `GdipCreateBitmapFromFile` `GdipGetImagePixelFormat` `GdipBitmapUnlockBits` `GdipBitmapLockBits` `GdipCreateBitmapFromStreamICM` `GdipCreateBitmapFromStream` `GdipGetPropertyItem` `GdipGetPropertyItemSize` `GdipImageSelectActiveFrame` `GdipImageGetFrameCount` `GdipImageGetFrameDimensionsList` `GdipImageGetFrameDimensionsCount` `GdipGetImageHeight` `GdipGetImageWidth` `GdipDisposeImage` `GdipCloneImage` `GdipFree` `GdipAlloc` `GdiplusStartup` `GdiplusShutdown` `GdipGetFamily` `GdipGetTextRenderingHint` `GdipDeleteFont` `GdipCreateHBITMAPFromBitmap` `GdipSetCompositingMode` `GdipSetSmoothingMode`
IMM32.dll	`ImmReleaseContext` `ImmAssociateContextEx` `ImmGetCompositionStringW` `ImmNotifyIME` `ImmSetCompositionWindow` `ImmGetContext`
USP10.dll	`ScriptFreeCache` `ScriptShape` `ScriptItemize`
WINMM.dll	`timeGetTime`

Delayed Imports

HelperMain

Ordinal	`1`
Address	`0x26380`

90

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x62a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.13277`
Detected Filetype	PNG graphic file
MD5	`e72e5851d286bc7574e73a9c69653eba`
SHA1	`cf698dcd086e8fffb02a36ad7755247b75d94832`
SHA256	`92ed0f587039e2017a6c2fdeec86ba1307a590ce48663a037d34beba81bd613f`
SHA3	`b6ebd9c9baade1dd16a272f60331b305fdeb9bef1b142608bd0d17686ca8949a`

93

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x422`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.25931`
Detected Filetype	PNG graphic file
MD5	`819ac579fa5beab0b7e5a6ca70557192`
SHA1	`29a872e3b0a00ce1b776c1ae5b62f1003d1798c9`
SHA256	`bda5795c40de964fc5e03d02995e22dd82a75123ab048416f1179d0095f715d2`
SHA3	`732ea4766893b6c8f86c9572198ed6d57f358096c9757dd044fd91ad859defde`

94

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x62c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.0292`
Detected Filetype	PNG graphic file
MD5	`0682e3a6e383d88aaeb8b74865eba80e`
SHA1	`26e5681ab46cdf33e641a93855daab53336bfeb9`
SHA256	`57006982aee662bf25a5248fe0ea7f16e1e0399f1f5f2b314c693516acb22bf8`
SHA3	`45f5935c3a1f68a08de1234e48fe9461cbaad9f4cb6b2116114f79e2614987a1`

95

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x58f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.94407`
Detected Filetype	PNG graphic file
MD5	`0c623d4cfce600b3547e5c27cae96dcc`
SHA1	`91d1feb2cabedd514bd8c3d42a26e4fdf7408e2f`
SHA256	`5b3982a8674a00ecc6c80743b3e9dfb0c6adbb208a244ca498b8d9ffcee077e6`
SHA3	`b5677e76d6772018cc5a8a051722714a579b3cd963dbd1b723bd546031e6bd0e`

96

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x482`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.49299`
Detected Filetype	PNG graphic file
MD5	`107a6ef52d9057471f76934320c19785`
SHA1	`646041494046f423bf02c4f8caef8c431bcf77bb`
SHA256	`9cce147026bc5c3167e3166ecd29de54094cbe5a4854ed822efee34185d71358`
SHA3	`be47c64a1b566ad5f5a28a0b5048f8786b50c431fccda06774c8b8b273a21a53`

100

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x503`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.58991`
Detected Filetype	PNG graphic file
MD5	`4e8717b56cd10c0f841308b1adb9c018`
SHA1	`e864eca707265ac4dda54470651652a87a4b64f3`
SHA256	`3c0bbf09de237d8b912c0fb71369c17bfecd1ff81ed421f915489cc3cdaa5d0c`
SHA3	`17cb534b7aed8a87dc4974f514cceced1daeeeef405943ca086dc6d1a56e09da`

104

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.65794`
Detected Filetype	PNG graphic file
MD5	`bab8f3f797fd2febf5518b4b5fe05162`
SHA1	`88ad531a12cd48a1275be35b0d06e2819deee0a9`
SHA256	`b7d806dc26844d083e2dd36f74b22a231025a565ee4b36f6079c23d95468ba18`
SHA3	`ebfb60d2f4d346ee9786eef46249f2932ae7821d09a769383febae9d3b0e60f0`

105

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x3ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.13553`
Detected Filetype	PNG graphic file
MD5	`20ddb9b1b3841aa4a8e22e6d3dd3155a`
SHA1	`2fdcbfe2d3ab4570bc4b357a727283bcfa060981`
SHA256	`088118b9149927d85ace6d4f9e67548f5fdf98c29e56fb25efbdfead5ac214a6`
SHA3	`fa6e28e28b691754df8730d9774833643ca4b7e7bc6925d3f1275ff4fa6946e1`

200

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x494`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.48142`
Detected Filetype	PNG graphic file
MD5	`65a16d3964d2f10c94ef5101bcef1a21`
SHA1	`7c03db8c96f3cee4d584f551c55fdd8eb234b4d3`
SHA256	`e97611e26534a103f553f2a7ebb949337ffa7a71de24443b9799413890995f35`
SHA3	`4ba2470edb97b7d59b375abdf475da5b377b1d12c5616ae8296215036f385061`

201

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x42e3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95565`
Detected Filetype	PNG graphic file
MD5	`d6a861e6c034767b0fe240dd698df0ab`
SHA1	`2db534c965ddc2cf6f1f089a0f89844e6b07c06f`
SHA256	`5e08936b5f9bbaedb20a1ac5856fa949f3fd2625c755cb2d207f6c0f12f360de`
SHA3	`0dc143b019f26ab57a0e2394bf337ed2d810c04134876d79e55c1fb45b7eee51`

202

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x87`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01792`
Detected Filetype	PNG graphic file
MD5	`e40667f3a41b71f041c6ee79a74c9636`
SHA1	`8c6861a25ed86a761811b3e6b1faf46b505ae53d`
SHA256	`ee314360daebfe4a4422a550df488ca8ce67cc10db3cc9d1498400b7a87343a6`
SHA3	`28b29886b5948af98d451f58369fd140e75d243ecefb418192de92c06d20e79f`

203

Type	`PNG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x87`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01792`
Detected Filetype	PNG graphic file
MD5	`e40667f3a41b71f041c6ee79a74c9636`
SHA1	`8c6861a25ed86a761811b3e6b1faf46b505ae53d`
SHA256	`ee314360daebfe4a4422a550df488ca8ce67cc10db3cc9d1498400b7a87343a6`
SHA3	`28b29886b5948af98d451f58369fd140e75d243ecefb418192de92c06d20e79f`

100 (#2)

Type	`XML`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x15f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86121`
MD5	`996e3310472631bcbb31fd4863780483`
SHA1	`8f77605289a70a35292793689cb954b43a59f2c5`
SHA256	`5ad4ceaa43b7a0e9df0e3562a882a3e82fad2211e822db5742f073cfa4012eee`
SHA3	`555c6474eda130b57c473c84585c84035147f60001e8c075f8d48dcc8ca661f0`

101

Type	`XML`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x27a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80356`
MD5	`274d29db187f53fe6e3c394651d6cb45`
SHA1	`26ac164dffeeb796fcc590524d9c7c7660c4dfae`
SHA256	`1a19cbd595b9cc169c5ae6b0422fbcd788fd99d9eb1594e1010abd5ecff217dc`
SHA3	`845dd6fd9fd911da1d14f6b1f6e2b2e8facbf4bf201be5c0c6212cd2c71618b7`

102

Type	`XML`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x22c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77017`
MD5	`d7f57cb045a58688198019f0430a7800`
SHA1	`216f275c0fad987888d8c3e52e0281edd492866b`
SHA256	`89ee6b223af5e700d45134608668d858ce2afbbb3026e2a0f8f9e5836d83c4ba`
SHA3	`113d56b2d657c1550b26f05527bcb8373a4da8a7f166c2c10e659adfa479c700`

103

Type	`XML`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83068`
MD5	`0b8e21089c6d83bb3d070e4fe8009581`
SHA1	`a05edfb99533397e7b9b5b421cf661cee6c7fb46`
SHA256	`e32f7f4b1ccabe81e68060eeaa505bd76ee51ea032a4c51dc4e57ca541d53393`
SHA3	`7664fdbe7c5dd687b9bfab52dd297169f0830e9491b5eb3768d2347da6b0b474`

200 (#2)

Type	`XML`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x19d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89821`
MD5	`3f9eafcf61f6df6e1b6e01e2c70e0535`
SHA1	`c0763a0933b8830f3904ade9cd15122d9cfa5724`
SHA256	`ad8e30239ffd8eadea754f106926fd974b7eaf010def9aaa31e9a5291b584e4b`
SHA3	`786189759d20c77cb09fcc857e1033a0af8f0d11071862ab30dc58d4be778fb4`

201 (#2)

Type	`XML`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x212`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.78885`
MD5	`2f14ee6175ff662d62d8d1e79b88de53`
SHA1	`1555e21b1c45f3fed72ea8f4c6181d6a05abddae`
SHA256	`affbbeb077ed915c011844d223ca63fb3aadce8f642b5a8f78adff141930f058`
SHA3	`d8bb46e436a715dd5b89acc521608dd34ad76b4698064e572052dc574eeb2c3a`

202 (#2)

Type	`XML`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88283`
MD5	`34c17ff5883a1199ab8e78a8ce72247b`
SHA1	`916a7a92259de93d8c1590ef29065258c840423f`
SHA256	`d19a4e34702c6c5a2c50e28795df544476a3dd95dc483a3a0da5daaf2d334d2e`
SHA3	`bcb328180b607f20856cca0a016876792185ed47fbc15a3414ba2d727733c96c`

1001

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.58523`
MD5	`b98db3337be0669d637129635bde705c`
SHA1	`ee7bde2063c2a998a60c5a7093849b29d0a95a03`
SHA256	`2c53f77a937d3ba19b62f9ca81ce5caed35590a8e568d09c33ff3e62d8bc6fde`
SHA3	`9122da193b945e62491538a0b02af826e4aa399b1fa77bfe23e43fc27ffba20a`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x33c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.67681`
MD5	`53b57b42a014b14de45fb31c0c45036b`
SHA1	`e96e2f80a1002e38ad8b352baa27813b8bba3242`
SHA256	`7f207e9fc81cbf175290174e634e50522b71e856df3008cc612bdd1c366ee8cf`
SHA3	`2d9037c95f4077a67835b9aa8d0b7e866767741dc8b0caf3d40791a7d67c3599`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3159`
MD5	`2c843ebd70409daea899a26123a94215`
SHA1	`8646610c78d39e875103813083532491bcc8a6aa`
SHA256	`f6e5d96b98430f1973e755ff568a8fcfa12b224a421b2a5a8f3ec5a0d2d1fbfb`
SHA3	`4d08103b5e944832c9491726e727f7e86bfbcd1794cf02814e2e7738a7cc6fea`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.2.1.797
ProductVersion	3.2.1.797
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
Comments	2345.com
CompanyName	2345移动科技
FileDescription	2345辅助模块
FileVersion (#2)	3.2.1.797
InternalName	HelperMain
LegalCopyright	版权所有 (C) 2019, 2345移动科技
OriginalFilename	HelperMain.dll
ProductName	2345辅助模块
ProductVersion (#2)	3.2.1.797

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Mar-14 07:29:31
Version	`0.0`
SizeofData	`96`
AddressOfRawData	`0x333050`
PointerToRawData	`0x332250`
Referenced File	E:\trunk\CommonPlatform\Helper2345\bin\Win32\Release\pdb\HelperMain.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Mar-14 07:29:31
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x3330b0`
PointerToRawData	`0x3322b0`

TLS Callbacks

StartAddressOfRawData	`0x1038f000`
EndAddressOfRawData	`0x1038f001`
AddressOfIndex	`0x1038c8ac`
AddressOfCallbacks	`0x102edde0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`0x10255D70`

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1037b4b0`
SEHandlerTable	`0x103416a0`
SEHandlerCount	`2844`

RICH Header

XOR Key	`0x1bf3590c`
Unmarked objects	`0`
C++ objects (VS2013 UPD5 build 40629)	`250`
C++ objects (VS2008 SP1 build 30729)	`1`
C++ objects (20806)	`4`
199 (41118)	`1`
ASM objects (VS2013 build 21005)	`68`
C++ objects (VS2013 build 21005)	`146`
C objects (VS2013 build 21005)	`281`
C objects (VS2008 SP1 build 30729)	`11`
Total imports	`661`
Imports (VS2008 SP1 build 30729)	`39`
Unmarked objects (#2)	`1`
C objects (VS2013 UPD4 build 31101)	`1`
C++ objects (VS2013 UPD4 build 31101)	`133`
229 (VS2013 UPD5 build 40629)	`216`
Exports (VS2013 UPD5 build 40629)	`1`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD5 build 40629)	`1`

5766262c5c3f446866b17ee8ce1d64ff

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.tls

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

HelperMain

90

93

94

95

96

100

104

105

200

201

202

203

100 (#2)

101

102

103

200 (#2)

201 (#2)

202 (#2)

1001

1

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors