Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2024-Mar-13 06:29:51 |
Detected languages |
English - United States
|
Debug artifacts |
c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb
|
Comments | Zoom Opener |
CompanyName | Zoom Video Communications, Inc. |
FileDescription | Zoom Opener |
FileVersion | 6,0,0,32 |
InternalName | Zoom Opener |
LegalCopyright | © Zoom Video Communications, Inc. All rights reserved. |
LegalTrademarks | Zoom Opener |
OriginalFilename | Zoom Opener |
ProductName | Zoom Opener |
ProductVersion | 6,0,0,32 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Zoom Video Communications
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1 |
Safe | VirusTotal score: 0/72 (Scanned on 2024-04-26 07:04:14) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2024-Mar-13 06:29:51 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x10e00 |
SizeOfInitializedData | 0xac00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000067E0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x12000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x1f000 |
SizeOfHeaders | 0x400 |
Checksum | 0x23eb2 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SHLWAPI.dll |
#155
StrCmpNIW StrStrA PathAppendW PathIsRelativeW |
---|---|
KERNEL32.dll |
GetSystemTime
GetFileTime ExpandEnvironmentStringsA GetFileAttributesA CreateDirectoryA SetUnhandledExceptionFilter GetTickCount GetSystemDirectoryW LoadLibraryW ExitProcess LoadLibraryExW HeapLock HeapWalk GetVersion HeapUnlock ReleaseSemaphore CreateSemaphoreA VerifyVersionInfoA GetCommandLineA GetWindowsDirectoryA GetStartupInfoA VerSetConditionMask EnterCriticalSection LeaveCriticalSection InitializeCriticalSection ExitThread TerminateThread CreateThread DeleteCriticalSection CompareFileTime WriteFile SetFilePointer SetEndOfFile SystemTimeToFileTime FlushFileBuffers ReleaseMutex GetLocalTime QueryPerformanceCounter GetSystemTimeAsFileTime IsProcessorFeaturePresent UnhandledExceptionFilter TerminateProcess GetTempFileNameA VerifyVersionInfoW GetFileAttributesW OpenProcess QueryDosDeviceW K32GetProcessImageFileNameW CreateToolhelp32Snapshot Process32NextW Process32FirstW GetWindowsDirectoryW GetModuleHandleW GetProcessTimes MultiByteToWideChar RaiseException CreateProcessA WideCharToMultiByte GetModuleHandleExW GetStringTypeW GetCPInfo GetOEMCP GetACP IsValidCodePage LCMapStringW TlsSetValue FreeLibrary TlsGetValue IsDebuggerPresent LoadLibraryExA VirtualQuery VirtualProtect GetSystemInfo GetProcessHeap GetCurrentProcessId GetProcAddress HeapAlloc CloseHandle FileTimeToSystemTime DeleteFileA CreateFileA MoveFileExA OpenMutexA GetLastError CopyFileA GetTempPathA Sleep GetModuleHandleA GetCurrentThreadId WaitForSingleObject CreateMutexA FindClose GetCurrentProcess SetLastError HeapFree FindFirstFileA GetModuleFileNameA LocalFree CreateFileW RtlUnwind |
USER32.dll |
FindWindowW
GetDesktopWindow GetWindowThreadProcessId LoadCursorA InflateRect SetWindowPos SetActiveWindow GetSystemMetrics DrawTextA MapWindowPoints GetWindowLongA FrameRect AttachThreadInput GetForegroundWindow SetFocus FillRect PostMessageA FindWindowA PostQuitMessage LoadIconA RegisterClassExA SetForegroundWindow IsIconic LoadStringA RegisterClassA GetClassInfoA UnregisterClassA IsWindowVisible SetWindowLongA IntersectRect ShowWindowAsync SetPropA GetWindowRect DestroyWindow ShowWindow IsWindow MoveWindow GetPropA DefWindowProcA CreateWindowExA GetClientRect UpdateWindow InvalidateRect BeginPaint EndPaint PostThreadMessageA GetMessageA DispatchMessageA SetTimer TranslateMessage PeekMessageA KillTimer SendMessageA |
GDI32.dll |
SetBkMode
CreateFontIndirectA DeleteObject SetTextColor SelectObject CreateSolidBrush GetStockObject GetObjectA |
ADVAPI32.dll |
CryptVerifySignatureA
OpenProcessToken GetUserNameA RegOpenKeyExA RegQueryValueExA RegCloseKey DuplicateTokenEx CheckTokenMembership FreeSid AllocateAndInitializeSid CryptAcquireContextA CryptCreateHash CryptHashData CryptDestroyHash CryptReleaseContext CryptDestroyKey |
SHELL32.dll |
ShellExecuteW
SHGetFolderPathA |
ole32.dll |
CoUninitialize
CoInitialize CoCreateInstance |
OLEAUT32.dll |
VariantInit
VariantClear SysAllocString SysFreeString |
CRYPT32.dll (delay-loaded) |
CertGetNameStringW
CryptStringToBinaryA CryptImportPublicKeyInfo CryptDecodeObjectEx |
Attributes | 0x1 |
---|---|
Name | CRYPT32.dll |
ModuleHandle | 0x1a9ac |
DelayImportAddressTable | 0x1b000 |
DelayImportNameTable | 0x18284 |
BoundDelayImportTable | 0x18380 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
zlaunchermain |
Retry |
Please contact Zoom Support for help. |
An unknown error has occurred |
Join from browser |
Installing Zoom Workplace... |
Please do not close this window |
Network Connection failed |
Please check your network and try again. |
Yes |
No |
Are you sure you want to close this window? Installation will be canceled. |
Your disk is full |
Free up storage and try again |
zlauncheraskleave |
Get support |
Installing Zoom Workplace requires TLS 1.1&&1.2 |
Open Internet Options > Advanced to enable. Then click Retry to continue. |
Open Internet Options |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.0.0.32 |
ProductVersion | 6.0.0.32 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | Zoom Opener |
CompanyName | Zoom Video Communications, Inc. |
FileDescription | Zoom Opener |
FileVersion (#2) | 6,0,0,32 |
InternalName | Zoom Opener |
LegalCopyright | © Zoom Video Communications, Inc. All rights reserved. |
LegalTrademarks | Zoom Opener |
OriginalFilename | Zoom Opener |
ProductName | Zoom Opener |
ProductVersion (#2) | 6,0,0,32 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Mar-13 06:29:51 |
Version | 0.0 |
SizeofData | 111 |
AddressOfRawData | 0x17d20 |
PointerToRawData | 0x16f20 |
Referenced File | c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Mar-13 06:29:51 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x17d90 |
PointerToRawData | 0x16f90 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Mar-13 06:29:51 |
Version | 0.0 |
SizeofData | 672 |
AddressOfRawData | 0x17da4 |
PointerToRawData | 0x16fa4 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Mar-13 06:29:51 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
Size | 0xbc |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x41a008 |
SEHandlerTable | 0x417d00 |
SEHandlerCount | 2 |
GuardCFCheckFunctionPointer | 4268828 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xef90b65 |
---|---|
Unmarked objects | 0 |
C objects (CVTCIL) (VS2017 v14.15 compiler 26715) | 1 |
Imports (VS2017 v14.15 compiler 26715) | 17 |
Total imports | 228 |
C++ objects (30034) | 12 |
C objects (30034) | 12 |
ASM objects (30034) | 9 |
C++ objects (VS2017 v14.15 compiler 26715) | 65 |
C objects (VS2017 v14.15 compiler 26715) | 2 |
C objects (LTCG) (30153) | 34 |
Resource objects (30153) | 1 |
Linker (30153) | 1 |