Manalyze report for 9633f28222499ee0916324a715523960bdd3c5167195744665d7c6f5a399d4e6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-Sep-20 12:34:46
Detected languages	Chinese - PRC Process Default Language

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)` `MASM/TASM - sig1(h)`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegCreateKeyExA RegOpenKeyExA RegQueryValueExA RegSetValueExA` `Can create temporary files: CreateFileA CreateFileW GetTempPathA` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetFileSecurityA SetFileSecurityW`
Info	The PE is digitally signed.	`Signer: Shen Zhen Dragon Rise Macro Technology Limited Company` `Issuer: VeriSign Class 3 Code Signing 2004 CA`
Safe	VirusTotal score: 0/70 (Scanned on 2026-03-12 23:39:44)	`All the AVs think this file is safe.`

Hashes

MD5	`88f5cc8e8372a5d52a27abf323349eec`
SHA1	`c3cfb9ffde496dacd81eb3c01327dfe56e99110e`
SHA256	`9633f28222499ee0916324a715523960bdd3c5167195744665d7c6f5a399d4e6`
SHA3	`57f78893ec9b5c0395b0d8ed7e71f0b4db4445f147ee41ebe514d6abf7194049`
SSDeep	`49152:Z8RM8+uAHhlvW850IDoxJvUHC4ZzqEkbzItg:q+5LJGIDoP4CqzqEkbz6g`
Imports Hash	`bc5ce990cf54f8d435a68eb97512f73e`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x200`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2007-Sep-20 12:34:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x14000`
SizeOfInitializedData	`0x4e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x15000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x21000`
SizeOfHeaders	`0x400`
Checksum	`0x229200`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8c499086717691066d921075ed5bdb09`
SHA1	`751c07cfa1733972c3b634a5d17630bf8f22e66a`
SHA256	`8421bd10a0eccf0b4902ef990cb60810c2775911f7ac75ced14f2ee451d8c499`
SHA3	`ed9c40c537c3027cebe880c46cec975f9111740308d1748097d772e3e3bcfd35`
VirtualSize	`0x14000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13800`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46548`

.data

MD5	`0cb811e47f78b5404a658fb36b591857`
SHA1	`567dbf5d2ecdb522947a21d52165c6455775d61c`
SHA256	`f52d7963bc0aac924ec703ee9062c86d1d217b6aa3b1c418fb82b1675682648f`
SHA3	`cbe6aee492d76364098c31515f07ec0f9674da584db62c82b331412e535308b7`
VirtualSize	`0x7000`
VirtualAddress	`0x15000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x13e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.90968`

.idata

MD5	`8bf175092a70a21f11fd06cc4087c7d0`
SHA1	`095ff20e1b538b73339ac3afa1e804b99a90a553`
SHA256	`529b786cafe5141261dd84a5b1a64f979f0f627e103a7c21ec5520ade5fda3d4`
SHA3	`3b23b6ff2b8a83cec3c519629c007d1495617f9c4d8d26e2336c41cd47169936`
VirtualSize	`0x1000`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x14800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.12446`

.rsrc

MD5	`9312dfd4e1da04f884f361a0001b6811`
SHA1	`981e61bdaef832924cfc53eb215f7c5f1e535502`
SHA256	`1e94b3fe2043edb54402119d13bc37c3a4594d68d2832e5ef249368bf91a4a6c`
SHA3	`09da443fc5458f861dbdb1229a0052db23942129f6f4388c8fd923bdaeda9793`
VirtualSize	`0x3310`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x15800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.84788`

Imports

ADVAPI32.DLL	`AdjustTokenPrivileges` `LookupPrivilegeValueA` `OpenProcessToken` `RegCloseKey` `RegCreateKeyExA` `RegOpenKeyExA` `RegQueryValueExA` `RegSetValueExA` `SetFileSecurityA` `SetFileSecurityW`
KERNEL32.DLL	`CloseHandle` `CompareStringA` `CreateDirectoryA` `CreateDirectoryW` `CreateFileA` `CreateFileW` `DeleteFileA` `DeleteFileW` `DosDateTimeToFileTime` `ExitProcess` `ExpandEnvironmentStringsA` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `FindClose` `FindFirstFileA` `FindFirstFileW` `FindNextFileA` `FindNextFileW` `FindResourceA` `FreeLibrary` `GetCPInfo` `GetCommandLineA` `GetCurrentDirectoryA` `GetCurrentProcess` `GetDateFormatA` `GetFileAttributesA` `GetFileAttributesW` `GetFileType` `GetFullPathNameA` `GetLastError` `GetLocaleInfoA` `GetModuleFileNameA` `GetModuleHandleA` `GetNumberFormatA` `GetProcAddress` `GetProcessHeap` `GetStdHandle` `GetTempPathA` `GetTickCount` `GetTimeFormatA` `GetVersionExA` `GlobalAlloc` `HeapAlloc` `HeapFree` `HeapReAlloc` `IsDBCSLeadByte` `LoadLibraryA` `LocalFileTimeToFileTime` `MoveFileA` `MoveFileExA` `MultiByteToWideChar` `ReadFile` `SetCurrentDirectoryA` `SetEndOfFile` `SetEnvironmentVariableA` `SetFileAttributesA` `SetFileAttributesW` `SetFilePointer` `SetFileTime` `SetLastError` `Sleep` `SystemTimeToFileTime` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile` `lstrcmpiA` `lstrlenA`
COMCTL32.DLL	`#17`
COMDLG32.DLL	`CommDlgExtendedError` `GetOpenFileNameA` `GetSaveFileNameA`
GDI32.DLL	`DeleteObject`
SHELL32.DLL	`SHBrowseForFolderA` `SHChangeNotify` `SHFileOperationA` `SHGetFileInfoA` `SHGetMalloc` `SHGetSpecialFolderLocation` `ShellExecuteExA` `SHGetPathFromIDListA`
USER32.DLL	`CharToOemA` `CharToOemBuffA` `CharUpperA` `CopyRect` `CreateWindowExA` `DefWindowProcA` `DestroyIcon` `DestroyWindow` `DialogBoxParamA` `DispatchMessageA` `EnableWindow` `EndDialog` `FindWindowExA` `GetClassNameA` `GetClientRect` `GetDlgItem` `GetDlgItemTextA` `GetMessageA` `GetParent` `GetSysColor` `GetSystemMetrics` `GetWindow` `GetWindowLongA` `GetWindowRect` `GetWindowTextA` `IsWindow` `IsWindowVisible` `LoadBitmapA` `LoadCursorA` `LoadIconA` `LoadStringA` `MapWindowPoints` `MessageBoxA` `OemToCharA` `OemToCharBuffA` `PeekMessageA` `PostMessageA` `RegisterClassExA` `SendDlgItemMessageA` `SendMessageA` `SetDlgItemTextA` `SetFocus` `SetMenu` `SetWindowLongA` `SetWindowPos` `SetWindowTextA` `ShowWindow` `TranslateMessage` `UpdateWindow` `WaitForInputIdle` `wsprintfA` `wvsprintfA`
OLE32.DLL	`CLSIDFromString` `CoCreateInstance` `CreateStreamOnHGlobal` `OleInitialize` `OleUninitialize`

Delayed Imports

101

Type	`RT_BITMAP`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xbb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19099`
MD5	`5c475f4b07e1e05af29d25e1700f7279`
SHA1	`b139902d2f9eae34727ba4f740b4b1e99d4bc4e8`
SHA256	`690c938562399f89ad78e3fde2a7edaee8ddf2fafef987a7b37e577a8f6126ea`
SHA3	`1d3dd19fbcc656a30478c2b4ba98485853b464fe09ea2debc4cfc64271677d1e`
Preview

1

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.23544`
MD5	`2bd137f054e0e82ba03631c06ef2ef60`
SHA1	`068341a25e7d4cdcb85725208433b3b340b0376b`
SHA256	`857406baa52eab62e4e0efdc6c31809a4ce8f72dfaa514fad54c9f9a7cce86dc`
SHA3	`922a7e8f3cbbe779620852b152800882085e2bfea19056fafbc3602dfae5ed07`

2

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.39652`
MD5	`28e18a5272acc21225e31f9846b424ad`
SHA1	`d14bd63c9e7912edb84c1fbbe564180ce8d32152`
SHA256	`a4731a327b7c37f5c3278f8d5d237841cfa159829187288f9e1c430901e42374`
SHA3	`ae4aca7f9b6422fab6ac670c404c87cb3167423680fb26d65110e98c1ac5d67c`

3

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.9625`
MD5	`52bbd1393066e88c25341f06b69d80e8`
SHA1	`27505a5cc058fd4a9df92426216b6108edaab7be`
SHA256	`19bf6b3255d01b1c83440be261315ce69f6f3d5e98aec01bd629549d5c0c359c`
SHA3	`9b8265d4d796743d55d8dfa1c814d478f815c62a16f00a9f0f469e4ecd3f57e6`

4

Type	`RT_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.64156`
MD5	`e343c7886a96d22b9a4946111438e374`
SHA1	`f3fe7573e02cc5bfb531f603c8eccc564f69624e`
SHA256	`9f30fd875b2d758ea29d95733a9756da5bf5c5d3d4a2df397bc89972f35ad936`
SHA3	`145f1c66af8b763f7ad1401b5cf59a1d51086706fbf085624a5cd531652d661d`

ASKNEXTVOL

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x176`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70147`
MD5	`ab3f61ce17da1b4af54b065fbf073017`
SHA1	`b040df930c8605b2c0cb1a5b41db626f7f3a95f2`
SHA256	`e966dd54d4ddfa08ae787eca4e1e6743a85d23c9ef96022cad55c9b7e3e847fa`
SHA3	`6a6c38b286ef09348da30669d259b29eb5e7b10e56c512b790e9f38e62706672`

GETPASSWORD1

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.65915`
MD5	`7a93f0ca290e8246630d7c4af7341270`
SHA1	`dcbf01054fb9e131abf9f0cf45c91398a1668ad2`
SHA256	`6852169893c53b3e0302a9d8e7710ffb92d24a9a32a3e9fee261521d91508e65`
SHA3	`6ebe6ebb4f58e50501488861c4978469806f3e56fa4ad09896901a94e1e9df3f`

LICENSEDLG

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xb6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26409`
MD5	`3b9015f70d9f5d161e44321523de308e`
SHA1	`ad21649faf0e25aff33cef25278f908ed0225a58`
SHA256	`3326668cad47dfc9eb42f88a6497da5cb20285a5c067e2f61acc1d423f5a78b7`
SHA3	`1542b21b695ae4db0c248ad881b3a5eb23b92c3500863ee9fb96487757efccc1`

RENAMEDLG

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x102`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3152`
MD5	`e44d2eb3ac53bcb2487da280cdfa8e74`
SHA1	`1a497eea91b3984ef92604d385c76c64d6029cca`
SHA256	`c2c5449249abac98f37b75b9cc7a60682018b845bd79995c5fc7d8e55ed0ba4b`
SHA3	`cf79347f2d52840d08a61ff7cc7efe80ed60fc380b4dfb182fb865088c18e2a1`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x282`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75078`
MD5	`e08f16ab0d78a5ddc205b1190f467485`
SHA1	`849709e58e08a359979a34f9ab9b75497dc9526c`
SHA256	`fb7ffcbedaa5c22f53a9d2a6f3c1b43eb58025ac905d718ede9fb6374f0cdbe9`
SHA3	`9c4369ddb9b0ac772a74fc7568d22705a2e88193b6618672829f4cc3477721b3`

STARTDLG

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x19e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.80743`
MD5	`2cb115d2467a70f97148cba82c54a119`
SHA1	`c63412d7e777786db23df52ec8f81043025a9b72`
SHA256	`398c54589deacd4a92e873eacbdbb095e75141936749a39f9fe0c9cfa72e37b8`
SHA3	`c35270bcf307433d53ba2deee2fadc6d3a9fafb01eecbc9c5696bf99f0854c29`

7

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xe2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31352`
MD5	`12753fe4dfa48fab3f921ec49d3f4883`
SHA1	`f19390a1b918fb71c1418840178945e06aea1450`
SHA256	`a9073751c97c476aa784636d4fb4262cbcd1d3288d96189be1d4e6de5cd8b999`
SHA3	`702f4b87d52f926e56abbe39ab474c9cd56ab198a757850c411b174ead90bc77`

8

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x168`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.70413`
MD5	`30024c0eba97a028680930e1f09e4029`
SHA1	`320ac843c8ec9a326c843bbbb2a06bced44ed18f`
SHA256	`e6fde03b471bdc790f4703a11f4dd839dd427ddfdd5d1a3e571f9a4bbf80102b`
SHA3	`40191b3b7f83f7a13182db39ac9881035cecd1a21c4a146e320783c0a4207923`

9

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0xd8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.51373`
MD5	`62c4a460d22d9c45a24437fb63f96e43`
SHA1	`baf706c492faffa3a195500c73027b091f23b346`
SHA256	`b7ef9fcba706d6bdd34d02a159e43c26c6dcbdd95dc6f8a971e69613270c3a63`
SHA3	`fa885a72795a988e8b494b39b86085a0e66114bf222cf88a436bfa2bf7418b2b`

10

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x1a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80037`
MD5	`177ef557efb9e9d6974b228c4b22109c`
SHA1	`2a52a43be537bdb25a6d47e19b28c0e19ebc4e8a`
SHA256	`ff038b468990625d5b3a0e3ab4348a2bff223b38554455f6135e6a211ece4115`
SHA3	`2c48ddd3d94e36cc78f73eec20f7a0c5d1d756f550069453414be34989a1534d`

DVCLAL

Type	`RT_RCDATA`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4`
MD5	`a40263c75fde7440b1086b7da9c51fc2`
SHA1	`139a84f87110fb5cb16a386adade21f30cae98b0`
SHA256	`e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5`
SHA3	`d3a734fa7d36868d301f9569de92e1bfc551e4b5cf6d7c59eace8d0a554093c0`

100

Type	`RT_GROUP_ICON`
Language	Process Default Language
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21733`
Detected Filetype	Icon file
MD5	`c09ec166041d71c5b01873d10bb629b7`
SHA1	`47fd51078556b47b30579c5630c39121ad72f705`
SHA256	`24624f5e9c964de610ace03e092ad78f62e9b48bdd5e1c410547a1f944b38d5f`
SHA3	`32d9187cdb887887f57aa867deb887e43ed1acf5a67757eb090f54622900bd21`

1 (#2)

Type	`RT_MANIFEST`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x33f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06643`
MD5	`b89cf5ffa42c500398cdda4e52ca5a42`
SHA1	`cd973da0629778687de5868636f34882d1573ed5`
SHA256	`0e9f6de342f3f45a47499eff46a9419759de61559bbe2cff6c3574ee75238118`
SHA3	`b264c429c279711c226234b7432a080f4387f396b24ce6965fa686d5ca2ae4ca`

String Table contents

选择目标文件夹
正在解压 %s
正在跳过 %s
不可预料的压缩文件末端
文件"%s"头损坏
压缩文件注释头损坏
压缩文件注释损坏
没有足够的内存
%s 的未知方式
无法打开 %s
无法创建 %s
无法创建文件夹 %s
加密文件 %s CRC 失败(密码错误?)
%s CRC 失败。
包裹数据中的 %s CRC 失败。
%s 的密码错误
文件 %s 写入错误。磁盘可能已满
文件 %s 读取错误
文件关闭错误
必需的压缩卷不存在
压缩文件格式未知或已经损坏
正在从 %s 中解压
下一压缩卷
压缩文件头损坏。
关闭
错误
执行指定操作时发生错误
查看信息窗口获取更多细节信息
字节
修改于
文件夹无法访问
某些文件无法被创建。
请关闭所有正在运行的应用程序,重新启动 Windows 并再次运行此安装程序
某些安装文件被破坏。
请下载一个最新版本或重试安装程序
所有文件
<style>body{font-family:"Arial,宋体";font-size:12;}</style><ul><li>单击 <b>安装</b> 按钮开始解压。</li><br><br>
<li>使用 <b>浏览</b> 按钮从目录树中选择目标文件夹。它也可以手动输入。
</lI>
<br><br>
<lI>如果指定的目标文件夹不存在，在文件解压前它将被自动创建。
</lI></ul>

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.