Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2011-Mar-22 15:34:39 |
Detected languages |
Chinese - PRC
|
CompanyName | Sogou.com Inc. |
FileDescription | 搜狗拼音输入法 语言栏支持 |
FileVersion | 5.0.0.3787 |
InternalName | SogouPY SogouTSF |
LegalCopyright | ? 2010 Sogou.com Inc. All rights reserved. |
OriginalFilename | SogouTSF.dll |
ProductName | 搜狗拼音输入法 |
ProductVersion | 5.0.0.3787 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 6.0 DLL |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Tries to detect virtualized environments:
|
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
3639296 bytes of data starting at offset 0x10000.
The overlay data has an entropy of 7.95103 and is possibly compressed or encrypted. Overlay data amounts for 98.2311% of the executable. |
Malicious | VirusTotal score: 54/65 (Scanned on 2020-09-20 09:05:13) |
Bkav:
W32.OnGamesLTLIBMSI.Trojan
Elastic: malicious (high confidence) MicroWorld-eScan: Gen:Variant.Barys.62 CAT-QuickHeal: Backdoor.Farfli.O McAfee: BackDoor-DVB.x Zillya: Trojan.Farfli.Win32.11233 Sangfor: Malware K7AntiVirus: Riskware ( 0015e4f01 ) K7GW: Riskware ( 0015e4f01 ) CrowdStrike: win/malicious_confidence_100% (D) TrendMicro: TROJ_SPNR.15A512 Baidu: Win32.Backdoor.DarkAngle.a Cyren: W32/Backdoor.Q.gen!Eldorado Symantec: SMG.Heur!gen ESET-NOD32: Win32/Farfli.DV APEX: Malicious Cynet: Malicious (score: 100) Kaspersky: Trojan-GameThief.Win32.Magania.tzqn BitDefender: Gen:Variant.Barys.62 NANO-Antivirus: Trojan.Win32.Farfli.bygrf ViRobot: Trojan.Win32.PSW-Magania.65536 Avast: Win32:Downloader-UAD [Trj] Rising: Backdoor.Farfli!1.64A3 (CLASSIC) Ad-Aware: Gen:Variant.Barys.62 Comodo: TrojWare.Win32.Farfli.~brk@4k8xkk F-Secure: Trojan.TR/Spy.Gen DrWeb: Trojan.DownLoader4.50045 VIPRE: Backdoor.Win32.Farfli.k.dll (v) Invincea: ML/PE-A + Troj/Farfli-Gen FireEye: Generic.mg.61ca45f29f1f37a2 Sophos: Troj/Farfli-Gen Ikarus: Trojan-GameThief.Win32.Magania Jiangmin: Trojan/PSW.Magania.autl Avira: TR/Spy.Gen Antiy-AVL: Trojan[GameThief]/Win32.Magania Microsoft: Backdoor:Win32/Farfli.O Arcabit: Trojan.Barys.62 ZoneAlarm: Trojan-GameThief.Win32.Magania.tzqn GData: Gen:Variant.Barys.62 AhnLab-V3: Win-Trojan/Onlinegamehack.10923008 VBA32: BScope.Trojan.Downloader ALYac: Gen:Variant.Barys.62 MAX: malware (ai score=84) Cylance: Unsafe TrendMicro-HouseCall: TROJ_SPNR.15A512 Tencent: backdoor.win32.gh0st.ay Yandex: Trojan.PWS.Magania!MO5/EUv2lzM SentinelOne: DFI - Malicious PE eGambit: Unsafe.AI_Score_99% Fortinet: W32/Magania.EKEN!tr BitDefenderTheta: Gen:NN.ZedlaF.34254.Ix@@aKMfKOdb AVG: Win32:Downloader-UAD [Trj] Panda: Trj/lineage.HINW Qihoo-360: Backdoor.Win32.Gh0st.BG |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2011-Mar-22 15:34:39 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0xac00 |
SizeOfInitializedData | 0x5800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000B9A3 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xc000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x13000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CreateFileA
GlobalMemoryStatus GetSystemInfo GetComputerNameA GetVersionExA OpenEventA SetErrorMode TerminateThread CreateDirectoryA GetCurrentProcess lstrlenA DeleteFileA GetWindowsDirectoryA SetFileAttributesA lstrcmpiA CopyFileA ExpandEnvironmentStringsA GetModuleFileNameA ReadFile CreateProcessA lstrcpyA WriteFile GetSystemDirectoryA ExitProcess Process32Next Process32First CreateToolhelp32Snapshot GetProcessHeap HeapAlloc GetCurrentProcessId CreateThread GetLocalTime GetTickCount CancelIo InterlockedExchange SetEvent ResetEvent GetLastError WaitForSingleObject CloseHandle CreateEventA VirtualAlloc Sleep lstrcatA GetCurrentThreadId FreeLibrary EnterCriticalSection LeaveCriticalSection VirtualFree DeleteCriticalSection LoadLibraryA GetProcAddress SetFilePointer |
---|---|
USER32.dll |
CloseDesktop
SetThreadDesktop OpenInputDesktop GetUserObjectInformationA GetThreadDesktop OpenDesktopA wsprintfA CreateWindowExA LoadMenuA RegisterClassA LoadCursorA LoadIconA GetWindowTextA MessageBoxA |
GDI32.dll |
GetStockObject
|
ADVAPI32.dll |
RegCloseKey
RegisterServiceCtrlHandlerA SetServiceStatus RegCreateKeyExA RegOpenKeyA RegOpenKeyExA RegQueryValueExA ChangeServiceConfig2A LockServiceDatabase CreateServiceA OpenSCManagerA CloseServiceHandle OpenServiceA StartServiceA AdjustTokenPrivileges LookupPrivilegeValueA OpenProcessToken RegSaveKeyA RegRestoreKeyA RegSetValueExA RegDeleteKeyA DeleteService UnlockServiceDatabase |
MSVCRT.dll |
_access
_strrev _adjust_fdiv _initterm ??1type_info@@UAE@XZ free calloc malloc strrchr srand _stricmp wcstombs atoi ??3@YAXPAX@Z memmove putchar ceil _ftol puts strstr __CxxFrameHandler ??2@YAPAXI@Z _CxxThrowException rand sprintf strncpy _beginthreadex |
WS2_32.dll |
WSAIoctl
#116 #9 #52 #23 #16 #18 #3 #19 #11 #4 #20 WSASocketA #8 #6 #115 #21 |
Ordinal | 1 |
---|---|
Address | 0x3d00 |
Ordinal | 2 |
---|---|
Address | 0x3d00 |
Ordinal | 3 |
---|---|
Address | 0x3d20 |
Ordinal | 4 |
---|---|
Address | 0x3d00 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.1 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | Chinese - PRC |
CompanyName | Sogou.com Inc. |
FileDescription | 搜狗拼音输入法 语言栏支持 |
FileVersion (#2) | 5.0.0.3787 |
InternalName | SogouPY SogouTSF |
LegalCopyright | ? 2010 Sogou.com Inc. All rights reserved. |
OriginalFilename | SogouTSF.dll |
ProductName | 搜狗拼音输入法 |
ProductVersion (#2) | 5.0.0.3787 |
Resource LangID | Chinese - PRC |
---|
XOR Key | 0x2337e931 |
---|---|
Unmarked objects | 0 |
12 (7291) | 2 |
14 (7299) | 2 |
C++ objects (8047) | 1 |
C objects (8047) | 4 |
Linker (8047) | 2 |
C objects (VS98 build 8168) | 12 |
Total imports | 138 |
Imports (VS2003 (.NET) build 4035) | 11 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |
C++ objects (VS98 SP6 build 8804) | 8 |
Linker (VC++ 6.0 SP5 imp/exp build 8447) | 1 |