Manalyze report for 57e0d39bfdd61c6f383461d88fb9f4464fba642197720e4c010d02a01f57f0d0

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Nov-13 14:09:06
Detected languages	Chinese - PRC English - United States
Debug artifacts	D:\hudun\AirplayMonitor\bin\Win32\Release\Airplay.pdb
CompanyName	XinDawn
FileDescription	DouWan
FileVersion	`1.0.0.22`
InternalName	Airplay.exe
LegalCopyright	Copyright (C) 2019
OriginalFilename	Airplay.exe
ProductName	DouWan
ProductVersion	`1.0.0.22`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMWare` `May have dropper capabilities: CurrentControlSet\Services` `Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: Alarm.com Coolstf.com Correlator.com Evation.com Groupics.com MP3Car.com MPMan.com Portal.com Rioport.com Shinobiya.com Sportbug.com Stamps.com StarTech.com TonerHead.com Viking360.com app.xunjiepdf.com applause.elfmimi.jp cacerts.digicert.com community.freescale.com cooyou.org crl.globalsign.net crl.microsoft.com crl3.digicert.com crl4.digicert.com digicert.com ee.ethz.ch elfmimi.jp erdfelt.com freescale.com globalsign.net gmail.com graph.qq.com http://app.xunjiepdf.com http://app.xunjiepdf.com/scanlogin/qqlogin?state http://cacerts.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0 http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 http://crl.globalsign.net http://crl.globalsign.net/ObjectSign.crl0 http://crl.globalsign.net/Root.crl0 http://crl.globalsign.net/Timestamping1.crl0 http://crl.globalsign.net/primobject.crl0N http://crl.globalsign.net/root.crl0 http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl0M http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X http://crl.microsoft.com/pki/crl/products/WinIntPCA.crl0U http://crl.microsoft.com/pki/crl/products/WinPCA.crl http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T http://crl.microsoft.com/pki/crl/products/tspca.crl0H http://crl3.digicert.com http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 http://crl3.digicert.com/ha-cs-2011a.crl0. http://crl4.digicert.com http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 http://crl4.digicert.com/ha-cs-2011a.crl0B http://fsf.org http://libusb-win32.sourceforge.net http://libwdi-cps.akeo.ie http://libwdi.akeo.ie http://ocsp.digicert.com0A http://ocsp.digicert.com0C http://ocsp.digicert.com0I http://ocsp.digicert.com0P http://secure.globalsign.net http://secure.globalsign.net/cacert/ObjectSign.crt09 http://secure.globalsign.net/cacert/PrimObject.crt0 http://sensics.com http://www.digicert.com http://www.digicert.com/ssl-cps-repository.htm0 http://www.globalsign.net http://www.globalsign.net/repository/0 http://www.globalsign.net/repository/03 http://www.globalsign.net/repository09 http://www.gnu.org http://www.gnu.org/licenses/ http://www.gnu.org/philosophy/why-not-lgpl.html http://www.microsoft.com http://www.microsoft.com/PKI/docs/CPS/default.htm0 http://www.microsoft.com/pki/certs/CSPCA.crt0 http://www.microsoft.com/pki/certs/CodeSigPCA.crt0 http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0 http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0v http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 http://www.microsoft.com/pki/certs/MicrosoftWinIntPCA.crt0 http://www.microsoft.com/pki/certs/MicrosoftWinPCA.crt0 http://www.microsoft.com/pki/certs/tspca.crt0 http://www.microsoft.com/pki/crl/products/WinPCA.crl0R http://www.microsoft.com0 https://api.douwan.video https://api.douwan.video/v1/app/checkCode https://api.douwan.video/v1/app/checkDiscode https://api.douwan.video/v1/app/checkVersion https://api.douwan.video/v1/app/emailCode https://api.douwan.video/v1/app/emailLogin https://api.douwan.video/v1/app/emailRegister https://api.douwan.video/v1/app/emailResetPwd https://api.douwan.video/v1/app/getPhoneLogin https://api.douwan.video/v1/app/getProfile https://api.douwan.video/v1/app/imageVerify https://api.douwan.video/v1/app/login https://api.douwan.video/v1/app/payPack https://api.douwan.video/v1/app/register https://api.douwan.video/v1/app/resetPwd https://api.douwan.video/v1/app/wxLoginGuid https://api.douwan.video/v1/app/wxReceipt https://app.xunjiepdf.com https://app.xunjiepdf.com/api/weixinguid https://community.freescale.com https://community.freescale.com/message/493287#493287 https://graph.qq.com https://graph.qq.com/oauth/show?which https://support.microsoft.com https://support.microsoft.com/en-us/kb/837637 https://www.digicert.com https://www.digicert.com/CPS0 https://www.microsoft.com https://www.microsoft.com/pki/ssl/cps/WindowsPCA.htm0f ife.ee.ethz.ch jsocr.com libusb-win32.sourceforge.net microsoft.com secure.globalsign.net sensics.com sourceforge.net support.microsoft.com win32.sourceforge.net www.digicert.com www.globalsign.net www.gnu.org www.jsocr.com www.microsoft.com xunjiepdf.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW LoadLibraryExA LoadLibraryW` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegSetValueExW RegCreateKeyExW RegCloseKey RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptGenKey CryptAcquireContextW CryptDestroyKey` `Can create temporary files: GetTempPathA CreateFileW GetTempPathW CreateFileA` `Leverages the raw socket API to access the Internet: #115 #57 #52` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: OpenProcess` `Can take screenshots: GetDC CreateCompatibleDC BitBlt` `Can shut the system down or lock the screen: InitiateSystemShutdownW`
Info	The PE is digitally signed.	`Signer: \xE5\x8C\x97\xE4\xBA\xAC\xE5\xAE\x87\xE8\xBE\xB0\xE4\xBA\x92\xE8\x81\x94\xE7\xA7\x91\xE6\x8A\x80\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8` `Issuer: GlobalSign Extended Validation CodeSigning CA - SHA256 - G3`
Safe	VirusTotal score: 0/69 (Scanned on 2020-11-18 19:01:35)	`All the AVs think this file is safe.`

Hashes

MD5	`f1828b64bf0489db87a8271e2f920bb9`
SHA1	`c602a208f779726109122376f5e45e7b59d82e0b`
SHA256	`57e0d39bfdd61c6f383461d88fb9f4464fba642197720e4c010d02a01f57f0d0`
SHA3	`df24c6531ffde22149f1bcc2c691e10b2d8282884ba456011d036b507a84d577`
SSDeep	`98304:Mn7/aarBc/lw+xusxpSoe1GEf5j7HQojkzBAw7uiNPrMoCCXG5+M5O7hbLCVy:iLctdqv4E97HDw7uia9+G+ygMVy`
Imports Hash	`dded4c171a884468bb7602743ad529e9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x140`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2020-Nov-13 14:09:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xb3200`
SizeOfInitializedData	`0x748800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0003813A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x802000`
SizeOfHeaders	`0x400`
Checksum	`0x800b73`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9aea389de07e1a09c4e24bdadc13275a`
SHA1	`550ae1ff7ae227224e464ffd9875d35a64ca4c46`
SHA256	`7d6128bb59d7e498ca69034468b40a5afba807818f3f4c3d83d402c3c83cbe8c`
SHA3	`483072f6b5a2d101f3c3d5f1dd3ac15c4d1d12eb5546381986047e19431d57e4`
VirtualSize	`0xb318f`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb3200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56249`

.rdata

MD5	`cb508c356f57a58da0ee6666ed9fa21f`
SHA1	`b60dd5eb3e1c4a4402167f2dddd5d94f0622b760`
SHA256	`89b34a276f4a32dbe8c4e848c63ae535fcf225f600dfa2551f715468fef4e408`
SHA3	`03678235236fa1fc048eaaeb6ff0d0cb3726e07ae365d01cb1cb5ed97d027976`
VirtualSize	`0x65f404`
VirtualAddress	`0xb5000`
SizeOfRawData	`0x65f600`
PointerToRawData	`0xb3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.78867`

.data

MD5	`8f5c91d342b549ef8551237e791b2ae3`
SHA1	`9f17cbcd49961edffd3b05a5491cfa2759cd2624`
SHA256	`730d4f680be31d58794590b18764b7d05c8bc3dd2ecec8175fab51b4c07bd7e2`
SHA3	`f1d8bfef64125b00c02a528d124ea4fa38edff80bee97ad89ab3ece1b2eadc1b`
VirtualSize	`0x211a4`
VirtualAddress	`0x715000`
SizeOfRawData	`0x1e200`
PointerToRawData	`0x712c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.94463`

.gfids

MD5	`793c8eb7b64bdb3dc1dbc57c1526e85f`
SHA1	`21b4a3fc800229652924f6c7e052634086a60470`
SHA256	`145851471974c61124dec93b8b99725b45743a4b3cf7c649057ae2b84695bfda`
SHA3	`baa0cf06a8f2477d24e083e49563e2263752fcdf4c9c2be414c6bd6f4cc9af26`
VirtualSize	`0x1a4`
VirtualAddress	`0x737000`
SizeOfRawData	`0x200`
PointerToRawData	`0x730e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.11911`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x738000`
SizeOfRawData	`0x200`
PointerToRawData	`0x731000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`827bb5d4041b5726a95703db15c84853`
SHA1	`8d6f3b972405df8e050184c113e6de55a5a9cc91`
SHA256	`7c3e211c647b911d13b7b81b48ad53f76098b5d72badf58f14878c973a5db665`
SHA3	`658688ad3e0e07e2da21c4173d1e19e58e3a4d51a807a4177431c3d9ec3f20dc`
VirtualSize	`0xb6940`
VirtualAddress	`0x739000`
SizeOfRawData	`0xb6a00`
PointerToRawData	`0x731200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.09304`

.reloc

MD5	`37a6f2e15435a9e8fe2cfc606a9497b2`
SHA1	`173a6e6447153ecf3f2c64f12d9e760c1a4c4931`
SHA256	`582ac79d1ecf5123166669b83176be72a17310e9ef08cb45dcafdeade03e605c`
SHA3	`44c2fcd3ac41cef1ffde4136ed89c364ef996b8b9f9a93c1196f89590f11a357`
VirtualSize	`0x11108`
VirtualAddress	`0x7f0000`
SizeOfRawData	`0x11200`
PointerToRawData	`0x7e7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.3687`

Imports

KERNEL32.dll	`FindClose` `FindNextFileW` `FindFirstFileW` `GetTempPathA` `GetSystemDefaultLangID` `GetCurrentProcess` `GetProcessHeap` `HeapAlloc` `HeapReAlloc` `HeapSize` `HeapFree` `OpenThread` `TerminateThread` `CreateThread` `Sleep` `InterlockedDecrement` `InterlockedIncrement` `TerminateProcess` `OpenProcess` `DeleteFileW` `CopyFileW` `GetCurrentProcessId` `GetCurrentThreadId` `LeaveCriticalSection` `EnterCriticalSection` `SetLastError` `InitializeCriticalSection` `WaitForSingleObject` `CreateProcessW` `FreeLibrary` `LoadLibraryA` `OutputDebugStringW` `GetLocalTime` `GetPrivateProfileStringW` `GetModuleHandleW` `DeleteCriticalSection` `GetProcAddress` `DecodePointer` `RaiseException` `GetLastError` `InitializeCriticalSectionAndSpinCount` `CloseHandle` `WriteFile` `CreateFileW` `GetTempPathW` `WideCharToMultiByte` `MultiByteToWideChar` `OutputDebugStringA` `GetModuleFileNameW` `SetEndOfFile` `WriteConsoleW` `FlushFileBuffers` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetCPInfo` `GetOEMCP` `IsValidCodePage` `GetTimeZoneInformation` `GetConsoleCP` `ReadConsoleW` `GetConsoleMode` `SetFilePointerEx` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `GetStringTypeW` `SetStdHandle` `FreeLibraryAndExitThread` `ResumeThread` `ExitThread` `SystemTimeToTzSpecificLocalTime` `FindFirstFileExW` `RtlUnwind` `LoadLibraryExW` `TlsFree` `IsDebuggerPresent` `EncodePointer` `InitializeSListHead` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `FlushInstructionCache` `IsProcessorFeaturePresent` `VirtualAlloc` `VirtualFree` `LoadLibraryExA` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `GetStartupInfoW` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `GetACP` `ExitProcess` `GlobalLock` `GlobalUnlock` `GetTickCount` `lstrlenW` `LoadLibraryW` `GetCurrentDirectoryW` `FreeResource` `LockResource` `LoadResource` `SizeofResource` `GetFileSize` `ReadFile` `FindResourceW` `LocalFree` `FormatMessageW` `GetModuleHandleExW` `VerSetConditionMask` `MulDiv` `GetFileType` `SetFilePointer` `SetFileTime` `DuplicateHandle` `SystemTimeToFileTime` `DosDateTimeToFileTime` `CreateDirectoryW` `GlobalAlloc` `VerifyVersionInfoA` `CreateNamedPipeA` `GetStdHandle` `WaitForMultipleObjects` `GetEnvironmentVariableW` `CreateMutexA` `GetFileAttributesW` `GetModuleHandleA` `CreateFileA` `FileTimeToSystemTime` `GetVersionExA` `FileTimeToLocalFileTime` `GetOverlappedResult` `FormatMessageA` `IsWow64Process` `GetExitCodeProcess` `CreateMutexW` `GetFullPathNameA` `TlsAlloc` `TlsGetValue` `TlsSetValue`
USER32.dll	`IsZoomed` `SetWindowRgn` `ScreenToClient` `GetMessageW` `TranslateMessage` `DispatchMessageW` `DefWindowProcW` `PostQuitMessage` `CallWindowProcW` `RegisterClassW` `RegisterClassExW` `GetClassInfoExW` `CreateWindowExW` `SetFocus` `LoadImageW` `CharNextW` `GetActiveWindow` `GetFocus` `GetKeyState` `SetCapture` `ReleaseCapture` `GetDC` `ReleaseDC` `BeginPaint` `EndPaint` `GetUpdateRect` `InvalidateRect` `GetCursorPos` `CreateCaret` `GetCaretBlinkTime` `SetCaretPos` `GetSysColor` `IntersectRect` `IsRectEmpty` `PtInRect` `CharPrevW` `DrawTextW` `FillRect` `SetRect` `DestroyIcon` `DrawIconEx` `GetIconInfo` `UpdateLayeredWindow` `CreatePopupMenu` `DestroyMenu` `EnableMenuItem` `AppendMenuW` `TrackPopupMenu` `HideCaret` `ShowCaret` `GetCaretPos` `IsWindowEnabled` `GetWindowTextW` `CreateAcceleratorTableW` `InvalidateRgn` `GetGUIThreadInfo` `GetKeyboardLayout` `GetKeyNameTextW` `MapVirtualKeyExW` `UpdateWindow` `GetSysColorBrush` `LoadIconW` `CreateWindowExA` `SetWindowTextA` `GetWindowTextA` `EnumChildWindows` `KillTimer` `SetWindowPos` `SetTimer` `LoadCursorW` `UnionRect` `InflateRect` `SetCursor` `DestroyWindow` `GetWindow` `PostMessageW` `GetDesktopWindow` `IsWindow` `GetPropW` `GetWindowThreadProcessId` `IsWindowVisible` `GetParent` `GetWindowLongW` `SetWindowLongW` `GetSystemMetrics` `UnregisterClassW` `GetWindowTextLengthW` `MessageBoxTimeoutW` `MessageBoxW` `wvsprintfW` `EnableWindow` `GetDlgItem` `SendMessageW` `MoveWindow` `ClientToScreen` `OffsetRect` `SendMessageTimeoutW` `WaitForInputIdle` `IsHungAppWindow` `SetWindowTextW` `SetPropW` `CreateDialogParamW` `MonitorFromWindow` `GetMonitorInfoW` `GetWindowRect` `GetClientRect` `MapWindowPoints` `GetLastActivePopup` `SetForegroundWindow` `ShowWindow` `IsIconic`
ADVAPI32.dll	`SetSecurityDescriptorOwner` `ConvertStringSidToSidA` `InitializeSecurityDescriptor` `ConvertSidToStringSidA` `CryptReleaseContext` `CryptGenKey` `CryptAcquireContextW` `CryptDestroyKey` `RegQueryValueExW` `RegOpenKeyExW` `RegSetValueExW` `RegCreateKeyExW` `RegCloseKey` `RegOpenKeyExA` `RegQueryValueExA` `OpenProcessToken` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `InitiateSystemShutdownW` `GetTokenInformation`
SHELL32.dll	`DragQueryFileW` `ShellExecuteW` `SHGetSpecialFolderPathW` `ShellExecuteExW` `SHGetDesktopFolder` `SHOpenFolderAndSelectItems` `SHBrowseForFolderW` `SHGetPathFromIDListW` `SHCreateDirectoryExW` `#680`
ole32.dll	`OleDuplicateData` `RegisterDragDrop` `CoCreateInstance` `ReleaseStgMedium` `CreateStreamOnHGlobal` `CLSIDFromString` `CLSIDFromProgID` `OleLockRunning` `CoInitialize` `CoCreateGuid` `CoUninitialize` `DoDragDrop`
OLEAUT32.dll	`#6` `#2` `#8` `#9`
SHLWAPI.dll	`PathFileExistsW` `PathIsDirectoryW`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoSizeW` `GetFileVersionInfoW`
dbghelp.dll	`MakeSureDirectoryPathExists`
libcurl.dll	`curl_multi_remove_handle` `curl_multi_init` `curl_easy_cleanup` `curl_easy_setopt` `curl_easy_init` `curl_slist_append` `curl_multi_perform` `curl_multi_cleanup` `curl_multi_setopt` `curl_multi_add_handle`
WINMM.dll	`timeGetTime`
SETUPAPI.dll	`SetupDiDestroyDeviceInfoList` `SetupDiRemoveDevice` `SetupGetInfPublishedNameW` `SetupGetInfDriverStoreLocationW` `SetupDiEnumDeviceInfo` `SetupDiGetClassDevsW` `CM_Reenumerate_DevNode` `CM_Locate_DevNodeW` `SetupDiDestroyDriverInfoList` `SetupDiGetDriverInfoDetailW` `SetupDiGetDeviceRegistryPropertyW` `SetupDiOpenDevRegKey` `SetupUninstallOEMInfW` `SetupDiBuildDriverInfoList` `SetupDiSetDeviceInstallParamsW` `SetupDiGetDeviceInstallParamsW` `SetupDiGetClassDevsA` `SetupDiGetDevicePropertyW` `SetupDiGetDeviceRegistryPropertyA` `SetupDiEnumDriverInfoW`
WS2_32.dll	`#115` `#57` `#52`
GDI32.dll	`CreateEnhMetaFileW` `CloseEnhMetaFile` `SelectObject` `SaveDC` `RestoreDC` `GetStockObject` `GetDeviceCaps` `DeleteDC` `CombineRgn` `CreatePenIndirect` `CreateRectRgnIndirect` `CreateSolidBrush` `GetCharABCWidthsW` `GetEnhMetaFileHeader` `GetTextExtentPoint32W` `LineTo` `RoundRect` `SelectClipRgn` `ExtSelectClipRgn` `SetBkColor` `SetBkMode` `StretchBlt` `SetStretchBltMode` `SetTextColor` `CreateDIBSection` `GetObjectA` `MoveToEx` `TextOutW` `PlayEnhMetaFile` `GetTextMetricsW` `GetObjectW` `GetClipBox` `CreatePen` `CreateFontIndirectW` `CreateDIBitmap` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateRoundRectRgn` `BitBlt` `DeleteObject` `SetWindowOrgEx` `SetBitmapBits` `GetBitmapBits` `PtInRegion` `CreateRectRgn` `GdiFlush`
COMCTL32.dll	`_TrackMouseEvent` `InitCommonControlsEx` `#17`
IMM32.dll	`ImmReleaseContext` `ImmSetCompositionWindow` `ImmGetContext`
gdiplus.dll	`GdipImageGetFrameDimensionsList` `GdipImageGetFrameDimensionsCount` `GdipGetImageHeight` `GdipGetImageWidth` `GdipImageGetFrameCount` `GdipCloneImage` `GdipLoadImageFromStreamICM` `GdipLoadImageFromStream` `GdipSetStringFormatTrimming` `GdipSetStringFormatLineAlign` `GdipGetPropertyItemSize` `GdipImageSelectActiveFrame` `GdipSetStringFormatAlign` `GdipSetStringFormatFlags` `GdipCloneStringFormat` `GdipDeleteStringFormat` `GdipGetPropertyItem` `GdipDrawImageRectI` `GdipDisposeImage` `GdiplusStartup` `GdiplusShutdown` `GdipAlloc` `GdipFree` `GdipCloneBrush` `GdipDeleteBrush` `GdipCreateSolidFill` `GdipCreatePen1` `GdipDeletePen` `GdipSetPenMode` `GdipCreateFromHDC` `GdipDeleteGraphics` `GdipSetSmoothingMode` `GdipSetTextRenderingHint` `GdipSetInterpolationMode` `GdipDrawRectangleI` `GdipFillRectangleI` `GdipCreateFontFromDC` `GdipCreateFontFromLogfontA` `GdipDeleteFont` `GdipDrawString` `GdipMeasureString` `GdipStringFormatGetGenericTypographic`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99971`
MD5	`979472c719c3b1e5b4e87bbbb25a954a`
SHA1	`577cd2ace0d271fdc18d0f8847147ce83ce79368`
SHA256	`ebcbd627743e76ac9943fcb7dfc8d7af92e7755d7e9cebec1d4591fea310af1d`
SHA3	`aedc521cd6b2d9f05b91df57c99ed9358a3f793cadc332d895fdf59c83ad4eb1`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70069`
MD5	`806d2fc871d158aca5741b8dee86efc7`
SHA1	`23b6038880dc01e135b31640b41006713fd811b3`
SHA256	`a36190928a689a6087fd3d87b743d9a517231b5fb6341636bd840c798c758627`
SHA3	`6cd39d0bf582e0897aa42040b3a76b586be472e493c6ff6754e1340dd1669aaf`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85447`
MD5	`d0ea5799a504c7c408519aefa66d906e`
SHA1	`d43db364a90f0520215865335e5f44c8e9069b23`
SHA256	`def1693a6fac98465dd6ef7e6ba19b7476dd31249fc01fc5eff8ec6ef9b98fd1`
SHA3	`e267ad3c2aed2568477987682369a1f7190ffa16e9d622f5502f5f07e33d5fd7`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46207`
MD5	`8171b6621dcb8b31039ec61581cd5d13`
SHA1	`87030eddb98fda765dd15e49339024566239e87e`
SHA256	`9ee11334a4ffba0a189eca070c08f09019e3baf448a9f41be488b0024dddc867`
SHA3	`addc6b8da51070a11055d8120d45bfeaa1819c4390631ad47d9b6fae00c7b5c8`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49691`
MD5	`5d2f444e0299e5061367c37ca4b2e7b3`
SHA1	`f16a4ee9f1d2c72062668668a311c9d4b6e3a6b3`
SHA256	`452f1dc7026450f0e166e43714c3cfd981231d57702723c1c820434bee568b91`
SHA3	`03dd50768b633d7a161a540f970af87e540b6d9bbb02b5590aa49192d59dfe60`

6

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19316`
MD5	`34b7db88571317d1775e5d2715be3908`
SHA1	`84df06f0830a9bbd599372dfdfaf862d6017807e`
SHA256	`73e95e028ddd4d8c5c1404b28eb4551dcefe1977557087b02bdae76eabcf926a`
SHA3	`0a53e5e0a9cd0326d3b0df21d5ee6276978829f2c8654d1a8d8e92f9bda60166`

7

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95371`
MD5	`bd8da2581e921ceb5a9e80fb93e156b5`
SHA1	`6d98d2063de42de7b70b75b224be046bf36cae40`
SHA256	`89d2fdeeba6490ac450304df416d6fed71914a6a041e315644852d460912c1a2`
SHA3	`7dfaa73245b41dd7a9840fe287366a37fd28c065be2f3330ce6110677e3882a6`

8

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99971`
MD5	`979472c719c3b1e5b4e87bbbb25a954a`
SHA1	`577cd2ace0d271fdc18d0f8847147ce83ce79368`
SHA256	`ebcbd627743e76ac9943fcb7dfc8d7af92e7755d7e9cebec1d4591fea310af1d`
SHA3	`aedc521cd6b2d9f05b91df57c99ed9358a3f793cadc332d895fdf59c83ad4eb1`

9

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70069`
MD5	`806d2fc871d158aca5741b8dee86efc7`
SHA1	`23b6038880dc01e135b31640b41006713fd811b3`
SHA256	`a36190928a689a6087fd3d87b743d9a517231b5fb6341636bd840c798c758627`
SHA3	`6cd39d0bf582e0897aa42040b3a76b586be472e493c6ff6754e1340dd1669aaf`

10

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.85447`
MD5	`d0ea5799a504c7c408519aefa66d906e`
SHA1	`d43db364a90f0520215865335e5f44c8e9069b23`
SHA256	`def1693a6fac98465dd6ef7e6ba19b7476dd31249fc01fc5eff8ec6ef9b98fd1`
SHA3	`e267ad3c2aed2568477987682369a1f7190ffa16e9d622f5502f5f07e33d5fd7`

11

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46207`
MD5	`8171b6621dcb8b31039ec61581cd5d13`
SHA1	`87030eddb98fda765dd15e49339024566239e87e`
SHA256	`9ee11334a4ffba0a189eca070c08f09019e3baf448a9f41be488b0024dddc867`
SHA3	`addc6b8da51070a11055d8120d45bfeaa1819c4390631ad47d9b6fae00c7b5c8`

12

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.49691`
MD5	`5d2f444e0299e5061367c37ca4b2e7b3`
SHA1	`f16a4ee9f1d2c72062668668a311c9d4b6e3a6b3`
SHA256	`452f1dc7026450f0e166e43714c3cfd981231d57702723c1c820434bee568b91`
SHA3	`03dd50768b633d7a161a540f970af87e540b6d9bbb02b5590aa49192d59dfe60`

13

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19316`
MD5	`34b7db88571317d1775e5d2715be3908`
SHA1	`84df06f0830a9bbd599372dfdfaf862d6017807e`
SHA256	`73e95e028ddd4d8c5c1404b28eb4551dcefe1977557087b02bdae76eabcf926a`
SHA3	`0a53e5e0a9cd0326d3b0df21d5ee6276978829f2c8654d1a8d8e92f9bda60166`

14

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.95371`
MD5	`bd8da2581e921ceb5a9e80fb93e156b5`
SHA1	`6d98d2063de42de7b70b75b224be046bf36cae40`
SHA256	`89d2fdeeba6490ac450304df416d6fed71914a6a041e315644852d460912c1a2`
SHA3	`7dfaa73245b41dd7a9840fe287366a37fd28c065be2f3330ce6110677e3882a6`

130

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xd2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91145`
MD5	`2b4e4ee4447041b877b93cc2e4c320b9`
SHA1	`da0df4f4230036585cf58edf62cc4b4c24073e5c`
SHA256	`478d459c76eff84f71be2d18ab45d993e251028fb848e38196120cbfa7949939`
SHA3	`b00aef75d9c7084ca7254a22d4a4df97cd74039c8901d1a8c64629abf228e585`

202

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xa0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85052`
MD5	`80078dab58fb6adaa962bd7e35d4c8b7`
SHA1	`a75511b9abebd38b661ecce9e5a6aa8c9a9061d0`
SHA256	`75b8802f40b48c10145a2704d9cb62118b785617581bec4ddbc0dcc49d14df9b`
SHA3	`0099aa41cf8c149aacf97ff471153b653b37f98d68b99635f71bfe00fc6f71c9`

108

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89003`
Detected Filetype	Icon file
MD5	`d659d86d1fc16cae7e8bf47f367b0114`
SHA1	`2327d3e3502764c64ebe03a182d8a5393f7ceb85`
SHA256	`0008c0960a62363cce1cdc5d478d7cf2608b235bb96c9bb291fe8ed23c40e0b7`
SHA3	`5eb558e0d3a759951a209d42c83bd9b67f3fd4d31d535ed51e6268d197b457ca`

129

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94238`
Detected Filetype	Icon file
MD5	`81711e0a2ca366c34419507734867dc1`
SHA1	`8141225953f98a50052c7d4453eeb7b05342dad5`
SHA256	`6b6c47ee3c20184fde8e41da16471bbe63e15564e98e9ea6bb61c1f22065f5f8`
SHA3	`46de73e2f123959b8f802fe9b6ca5127203cd2914c884dd6c50b386512948311`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33982`
MD5	`71e9becadb2e204b4c128c372a3dfc8d`
SHA1	`52b3683eff53736901d7ee98c78b8188ee2fd44c`
SHA256	`c96fb8f92971a9f390853120813cf0614828af2b6b4368170d4e46a0514db2c9`
SHA3	`829b2cabd990dc56ce4c77cb8f469c9963a39bc3c152ab48b7d220cdaa9bbfa6`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06216`
MD5	`70a8f12fee2c81f7a33abe763f22ce98`
SHA1	`b6c0be4e48344607571d311e30a3a343bd5eb7fb`
SHA256	`8ca168710ef6c65f4c63fbe77ba7a3b863b8779306ea4e64087259925750a62a`
SHA3	`e121811540c8946d89962695b6e83e5d49aa95fed60a72e657f5e72b73f349c8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.22
ProductVersion	1.0.0.22
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Chinese - PRC
CompanyName	XinDawn
FileDescription	DouWan
FileVersion (#2)	1.0.0.22
InternalName	Airplay.exe
LegalCopyright	Copyright (C) 2019
OriginalFilename	Airplay.exe
ProductName	DouWan
ProductVersion (#2)	1.0.0.22

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Nov-13 14:09:06
Version	`0.0`
SizeofData	`78`
AddressOfRawData	`0x70a6d0`
PointerToRawData	`0x708cd0`
Referenced File	D:\hudun\AirplayMonitor\bin\Win32\Release\Airplay.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Nov-13 14:09:06
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x70a720`
PointerToRawData	`0x708d20`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Nov-13 14:09:06
Version	`0.0`
SizeofData	`960`
AddressOfRawData	`0x70a734`
PointerToRawData	`0x708d34`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2020-Nov-13 14:09:06
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0xb38000`
EndAddressOfRawData	`0xb38008`
AddressOfIndex	`0xb335ac`
AddressOfCallbacks	`0x4b57a8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0xb1500c`
SEHandlerTable	`0xb0a120`
SEHandlerCount	`364`

RICH Header

XOR Key	`0xe3cda41f`
Unmarked objects	`0`
241 (40116)	`19`
243 (40116)	`179`
242 (40116)	`29`
Imports (VS2015 UPD3 build 24210)	`2`
C objects (VS2015 UPD3.1 build 24215)	`1`
C++ objects (VS2015 UPD3.1 build 24215)	`52`
199 (41118)	`1`
ASM objects (VS2015 UPD3 build 24123)	`24`
C++ objects (VS2008 SP1 build 30729)	`1`
C++ objects (VS2015 UPD3 build 24123)	`66`
C objects (VS2015 UPD3 build 24123)	`36`
C++ objects (23013)	`3`
C objects (VS2008 SP1 build 30729)	`15`
Imports (VS2008 SP1 build 30729)	`33`
Total imports	`466`
265 (VS2015 UPD3.1 build 24215)	`34`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

Errors

Leave a comment

No comments yet.