Manalyze report for 973aaa8d5af08343c52ed4cd4617ea41

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Jun-05 14:35:15
Detected languages	Chinese - PRC English - United States
Debug artifacts	E:\rc_v11_i18n_20200615_branch\Build\Release\WPSOffice\office6\addons\konlinesetup_xa\konlinesetup_xa.pdb
CompanyName	Zhuhai Kingsoft Office Software Co.,Ltd
FileDescription	WPS Office Setup
FileVersion	`11,2,0,9403`
InternalName	konlinesetup_xa
LegalCopyright	Copyright©1988-2020 Kingsoft Corporation. All rights reserved.
OriginalFilename	konlinesetup_xa.exe
ProductName	WPS Office
ProductVersion	`11,2,0,9403`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)` `MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Accesses the WMI: ROOT\CIMV2` Contains domain names: cache.wpscdn.com curl.haxx.se dw-online.ksosoft.com example.com haiwai-ic.ksosoft.com http://dw-online.ksosoft.com http://haiwai-ic.ksosoft.com http://haiwai-ic.ksosoft.com/infos.ads?v https://curl.haxx.se https://curl.haxx.se/docs/http-cookies.html https://wdl1.pcfg.cache.wpscdn.com https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/distsrc/ https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/index.ini https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/package/ https://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/onlinesetup/wpsinst/wps_office_inst.exe ic.ksosoft.com ksosoft.com online.ksosoft.com openssl.org pcfg.cache.wpscdn.com wdl1.pcfg.cache.wpscdn.com wpscdn.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses known Diffie-Helman primes`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities (PowerLoader): GetWindowLongW FindWindowW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW GetTempPathA` `Enumerates local disk drives: GetDriveTypeW GetDriveTypeA` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW` `Can take screenshots: GetDC FindWindowW`
Info	The PE is digitally signed.	`Signer: Zhuhai Kingsoft Office Software Co.` `Issuer: DigiCert Assured ID Code Signing CA-1`
Suspicious	VirusTotal score: 2/71 (Scanned on 2020-09-24 02:42:50)	`VBA32: BScope.Trojan.StartPage` `ESET-NOD32: a variant of Win32/KingSoft.J potentially unwanted`

Hashes

MD5	`973aaa8d5af08343c52ed4cd4617ea41`
SHA1	`61f2fd73d4f2e1f0fa89c66a39309e8bfe3b6958`
SHA256	`224607e9e3592c148a0ba0069cd36ccbe23590e2f303e53e25951c80d62d1b74`
SHA3	`2ab6b9a5f2148f51214e6731a96fe44cd7891485f7de0b3f725201e515738071`
SSDeep	`98304:Z9Nf/Xb7kPmtVOxtAl7ILZpqRX4FD0TpoeUQcz/k7:d3LJI7wGrQcje`
Imports Hash	`ace96f2df842623972864414cd6ad8b4`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Jun-05 14:35:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x305800`
SizeOfInitializedData	`0x124c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x002CD83C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x307000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x435000`
SizeOfHeaders	`0x400`
Checksum	`0x42e61d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6bdae03f3aba44c896e431c0d491159c`
SHA1	`c69e1409362cd236806b27388ab6140f339e1533`
SHA256	`db729a8df37147d263e9efe2d7cf27faab93e23ed2f8fa0420a50a43c7f54d09`
SHA3	`f23c9084166b1cb6e7747d91f4bb71b9d63463e454f010e2b0c08abba084a87e`
VirtualSize	`0x3056a2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x305800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.82809`

.rdata

MD5	`de5a3c2f84c131fa234763304e9a823e`
SHA1	`423ae238c40ec260767a360bced6bdd45153a0a5`
SHA256	`11565cd0405a8debb391e252da0c037f6b660703f406521d166c9b7b8d5cf5a7`
SHA3	`f913bf5ab8840918d6b61eba04c4d39c888976f4e4de55be1d4fe445d1988edc`
VirtualSize	`0xa7fb0`
VirtualAddress	`0x307000`
SizeOfRawData	`0xa8000`
PointerToRawData	`0x305c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.98337`

.data

MD5	`29828f1d9c7677a05ae65a15294afc09`
SHA1	`c8b846ea01759bd545642876ef4629810cc4e5c6`
SHA256	`efaed9dfe8605211a20f0eb2848b48b273a27fa825e14c92711f403e757096c1`
SHA3	`58ed9da0e00562283dea4289abfc67cd2d1a34c3b974ef851170dd32c61f8ccb`
VirtualSize	`0x13a80`
VirtualAddress	`0x3af000`
SizeOfRawData	`0xb600`
PointerToRawData	`0x3adc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.72558`

.rsrc

MD5	`62e1794f30c535e2cc948464c09a3a52`
SHA1	`e0df9ae683bfde7c913069e311ffe26b527f6add`
SHA256	`2f7e7cddce3cc550ae4f155a56105f7267f996e5aea17e45fb2d589edda24017`
SHA3	`4f3a622bea1382021934aed00c31f00f3cbff2424994c5775e11ba7fb3cab1e0`
VirtualSize	`0x4141d`
VirtualAddress	`0x3c3000`
SizeOfRawData	`0x41600`
PointerToRawData	`0x3b9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.59118`

.reloc

MD5	`77d2fe0b827a06028749404c2a9f2af0`
SHA1	`275282087ca6829ca6642159dfc539070565520f`
SHA256	`fad71b8a8702dec24a5f89e34729a54533983bd37e9a7431fe58331515c9a41a`
SHA3	`b915f2365c856840463e5456966fd4c1ad3bc3f513f7b69b5d21f082ace3bbf7`
VirtualSize	`0x2fe06`
VirtualAddress	`0x405000`
SizeOfRawData	`0x30000`
PointerToRawData	`0x3fa800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.26821`

Imports

KERNEL32.dll	`SizeofResource` `LockResource` `LoadResource` `FindResourceW` `FindResourceExW` `WritePrivateProfileStringW` `GetLocaleInfoW` `GetUserDefaultLangID` `lstrcpyW` `GetModuleHandleW` `GetTempFileNameW` `CloseHandle` `GetLastError` `GetCommandLineW` `ExitProcess` `FreeResource` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSection` `DeleteCriticalSection` `Sleep` `GetPrivateProfileIntW` `GetPrivateProfileStringW` `OpenMutexW` `CreateMutexW` `OpenProcess` `Process32NextW` `Process32FirstW` `CreateToolhelp32Snapshot` `GetProcAddress` `OutputDebugStringA` `OutputDebugStringW` `GetModuleFileNameW` `GetModuleHandleExW` `CreateDirectoryW` `GetExitCodeProcess` `WaitForSingleObject` `CreateProcessW` `HeapFree` `HeapAlloc` `GetProcessHeap` `WideCharToMultiByte` `MultiByteToWideChar` `GetSystemTime` `GetSystemPowerStatus` `GetSystemDefaultLCID` `GetUserDefaultLCID` `GetSystemDefaultUILanguage` `FreeLibrary` `LoadLibraryW` `GetSystemDirectoryW` `GetSystemWow64DirectoryW` `GetTickCount` `CompareStringW` `WriteConsoleW` `LocalAlloc` `LocalFree` `InterlockedExchange` `LoadLibraryA` `RaiseException` `GetCurrentDirectoryW` `GetACP` `ReadFile` `GetFileSize` `CreateFileW` `SetFilePointer` `GetFileType` `DuplicateHandle` `GetCurrentProcess` `SystemTimeToFileTime` `DosDateTimeToFileTime` `SetFileTime` `WriteFile` `MulDiv` `InterlockedIncrement` `InterlockedDecrement` `GetLocalTime` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `InterlockedCompareExchange` `lstrlenW` `DeviceIoControl` `CreateFileA` `CreateThread` `GetVersionExW` `VerifyVersionInfoA` `VerSetConditionMask` `GetSystemDirectoryA` `GetModuleHandleA` `QueryPerformanceFrequency` `SleepEx` `QueryPerformanceCounter` `ExpandEnvironmentStringsA` `PeekNamedPipe` `WaitForMultipleObjects` `GetStdHandle` `SetLastError` `FormatMessageA` `GetEnvironmentVariableW` `GetConsoleMode` `SetConsoleMode` `ReadConsoleA` `ReadConsoleW` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetCurrentThreadId` `InterlockedExchangeAdd` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `FormatMessageW` `GetVersion` `DeleteFiber` `SwitchToFiber` `CreateFiber` `ConvertFiberToThread` `ConvertThreadToFiber` `FindNextFileW` `FindFirstFileW` `FindClose` `CreateEventW` `SetEvent` `ReleaseSemaphore` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `GetFileAttributesExW` `GetFileSizeEx` `CreateSemaphoreW` `ResetEvent` `ReleaseMutex` `GetCompressedFileSizeW` `GetGeoInfoW` `GetUserGeoID` `FlushViewOfFile` `WaitForSingleObjectEx` `UnmapViewOfFile` `UnlockFileEx` `UnlockFile` `SetEndOfFile` `MapViewOfFile` `LockFileEx` `LockFile` `HeapCompact` `HeapValidate` `HeapSize` `HeapReAlloc` `HeapDestroy` `HeapCreate` `GetVersionExA` `GetTempPathW` `GetTempPathA` `GetSystemInfo` `GetFullPathNameW` `GetFullPathNameA` `GetFileAttributesW` `GetFileAttributesA` `GetDiskFreeSpaceW` `GetDiskFreeSpaceA` `FlushFileBuffers` `DeleteFileW` `DeleteFileA` `CreateFileMappingW` `CreateFileMappingA` `AreFileApisANSI` `TryEnterCriticalSection` `GetStringTypeW` `EncodePointer` `DecodePointer` `HeapSetInformation` `GetStartupInfoW` `RtlUnwind` `ExitThread` `FileTimeToLocalFileTime` `GetDriveTypeW` `FindFirstFileExW` `GetDriveTypeA` `FindFirstFileExA` `GetFileInformationByHandle` `SetConsoleCtrlHandler` `GetTimeFormatA` `GetDateFormatA` `LCMapStringW` `GetCPInfo` `SetUnhandledExceptionFilter` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `SetHandleCount` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `IsDebuggerPresent` `TerminateProcess` `GetOEMCP` `IsValidCodePage` `GetConsoleCP` `SetStdHandle` `GetTimeZoneInformation` `GetLocaleInfoA` `EnumSystemLocalesA` `IsValidLocale` `SetEnvironmentVariableA`
bcrypt.dll	`BCryptGenRandom`
USER32.dll (delay-loaded)	`LoadStringW` `DestroyWindow` `UnregisterClassW` `LoadCursorW` `RegisterClassW` `TrackPopupMenu` `IsWindowVisible` `SetWindowRgn` `CreateWindowExW` `IsWindow` `GetMessageW` `TranslateMessage` `DispatchMessageW` `SetFocus` `PostMessageW` `KillTimer` `GetDC` `UpdateLayeredWindow` `ReleaseDC` `GetWindowRect` `MoveWindow` `DefWindowProcW` `RegisterWindowMessageW` `GetWindowLongW` `AppendMenuW` `CreatePopupMenu` `GetCursorPos` `EnableWindow` `SetWindowLongW` `GetKeyState` `UnionRect` `InvalidateRect` `SetCapture` `ReleaseCapture` `CharNextW` `GetFocus` `MapWindowPoints` `IntersectRect` `GetUpdateRect` `IsRectEmpty` `EndPaint` `BeginPaint` `GetParent` `GetWindow` `GetActiveWindow` `GetSystemMetrics` `CallWindowProcW` `GetPropW` `SetPropW` `AdjustWindowRectEx` `GetMenu` `RegisterClassExW` `GetClassInfoExW` `OffsetRect` `SetCursor` `wvsprintfW` `FillRect` `DrawTextW` `CharPrevW` `SetRect` `CreateCaret` `HideCaret` `ShowCaret` `SetCaretPos` `GetCaretPos` `ClientToScreen` `GetSysColor` `GetCaretBlinkTime` `InvalidateRgn` `GetGUIThreadInfo` `CreateAcceleratorTableW` `GetWindowTextW` `GetWindowTextLengthW` `SetWindowTextW` `GetUserObjectInformationW` `GetProcessWindowStation` `MsgWaitForMultipleObjects` `PeekMessageW` `wsprintfW` `SetWindowPos` `SetForegroundWindow` `IsZoomed` `MonitorFromWindow` `GetMonitorInfoW` `ScreenToClient` `GetClientRect` `IsIconic` `PostQuitMessage` `SetTimer` `LoadIconW` `PtInRect` `FindWindowW` `SendMessageW` `ShowWindow` `MessageBoxW`

Delayed Imports

Attributes	`0x1`
Name	`USER32.dll`
ModuleHandle	`0x3bacbc`
DelayImportAddressTable	`0x3ba2ac`
DelayImportNameTable	`0x3ac19c`
BoundDelayImportTable	`0x3ad7f8`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

101

Type	`ZIPRES`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x17a9b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96035`
Detected Filetype	Zip Compressed Archive
MD5	`42f6fc63ac61e7356b39e7f66a295f4c`
SHA1	`c6ad661235a45747f8ab1177ffcc49e325ecad48`
SHA256	`21ee06dde92fde2f769d2bf939cd490189cff8f983d203beda6bbda218ad49d8`
SHA3	`69cf1cb9901535ac8721be1e2de094d4c57892fef66ffcefb7720fef6d5309b5`

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x6b72`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97056`
Detected Filetype	PNG graphic file
MD5	`d0f0f96c9cb4f684fa89abcccf1fff70`
SHA1	`9494e872c31389ee76f942fa1fe949f1f1bcc482`
SHA256	`e377b072e30c60c4bccb5a0a1d9273f7d3aaad9bce26e95586ebaaf1fa4ce08b`
SHA3	`042ccfb36086e2857edbe95a2eaf9338ca10c27c400ab2c92b68fc140c9caf8b`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16635`
MD5	`4bb36999a3b78bc63124a7dbbfdc60b1`
SHA1	`f63e1e68092ff704aed842b75d764da144cf691c`
SHA256	`fe87fcd18123a06782f265649e6223bd9fb45d8978632fa14010ae3c47d4eb50`
SHA3	`eeb1015f33b414b502e72ede167f002ce5845521112c666363c5dc72805c3862`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.21424`
MD5	`354ae9d22be3f6ed82f3ca8428085f83`
SHA1	`e49ad9c77dd24a7cbdc1370d936d476fc2dc9af0`
SHA256	`c9d1d7b726669ca3a51f8546761c1ecd0ded31aec5da65ac75dfd87c44d1a847`
SHA3	`2b105ab57c80b8ca4264eb58086a3d14421e48abbd6dac19f98c4423d4aa29d9`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.43466`
MD5	`895841b5ab29483ef79baccaaf34e7dc`
SHA1	`c0b19e813133046f233f02bba489f616f3188bb7`
SHA256	`864d7b886b3801d8aa1e9c6dcc6c1be6ed71f124e45c79bbeb2a4615bab02588`
SHA3	`b37e85eb34f8c9930f4069e94a1521a35f7c08626976fe6ba2f354ca6f3cf47f`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.46225`
MD5	`94fbe6298bc869f2bc33b97dfb099168`
SHA1	`30d5781aba6948ef227cea8e86b8cda7b9c67d9c`
SHA256	`6b5287e80044e835ae798b122e4667ac4e91458c14b0d438476d6ff3f609304f`
SHA3	`9572b08e83c19ebba828ee5a6833c178666513fc17b0bc9ec7ee5cef8081ff3e`

6

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70335`
MD5	`758b0d71922362c21b79298f3750c702`
SHA1	`0a34816fbf7e467c670afd8698063b6418a02195`
SHA256	`860e71b3ab6350af27ad861187ab1e7235071cdb8f46b25b98fcd09c3f6327ca`
SHA3	`5e07a206e92caae8ddf96390fc7bacdb6a0224e7603c390b8992738f925fafda`

7

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.83778`
MD5	`60c17da58947127387aa55343d243e35`
SHA1	`e0d311bd8bfa52f28b5ce5d351f4ffdc9fb1db9b`
SHA256	`55c96ea7b6d2ec26e72c33b5a45adc47b7800f96f4b1ec0e3c066f79ac98ca4f`
SHA3	`be7883472b03e7813f955fe498169898a57a2bda99aae58542dd2657b6933709`

8

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23684`
MD5	`5ff52e7734c90d969f3debb0e2812898`
SHA1	`b4a6ad23838ff07adf686ab5a9d82133a300b7db`
SHA256	`af5d25f7c46757ed016cc9bddf828bcd2cbba5da4dbb5b396f0837f72137670c`
SHA3	`8ef78ac238e71b5d40682adda3a28741246e335279411a649c807f630d494e37`

1 (#2)

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.62026`
MD5	`0845e65adb8cad2163a3376bd9a0e250`
SHA1	`e33b5607bb1033812bf56a253f82e5c526ed9a76`
SHA256	`3a00a53bb6d3fe0f4c217cf804a8382b0c29d29c6d4df87ddf80cb068119c28b`
SHA3	`8facf00d481637b003ae016fd87cc3514a645c9b258bc393f2104ea1269405c6`

102

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97321`
Detected Filetype	Icon file
MD5	`39682e92762ed7bafa1384e40e68818e`
SHA1	`492951ff5aa25157f80c9a76ee0f90fef776e998`
SHA256	`ebb87d7d26290d022559462f3b8d9ff0565422cb126d56cbd35dbbe4fbb481a6`
SHA3	`31029efe4273ce62e7af0c785c3151bbb9d9851e215925f83753795d8b4cf71b`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x390`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52154`
MD5	`fd56d2757671276a1638836603bbbd64`
SHA1	`b4ba7bebd54a4850f5f3b7271fbbf772cff7086d`
SHA256	`834cb255c7f00e2a786dd5240fbe386c35a7b26bb98964b3297cccad44db551c`
SHA3	`da9897cc0e457e6c5bc0b8dede99212901be9e653c8852cd5ee792f4a838be7b`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x375`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04637`
MD5	`fbca04f5ef7350ed7b5630afd4c1828c`
SHA1	`d437ab644989fca92ea2953142372b717620181f`
SHA256	`6a3ceb10c17333edc20bca97a4fbd02c963703ec2443c98cbb0f3fd1cc4dfebc`
SHA3	`8ff6b9dd0345aa051346dcb0a4a95feec21e9925cb67197a1592be48ca2747eb`

String Table contents

200.1005
TRUE

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	11.2.0.9403
ProductVersion	11.2.0.9403
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	UNKNOWN
CompanyName	Zhuhai Kingsoft Office Software Co.,Ltd
FileDescription	WPS Office Setup
FileVersion (#2)	11,2,0,9403
InternalName	konlinesetup_xa
LegalCopyright	Copyright©1988-2020 Kingsoft Corporation. All rights reserved.
OriginalFilename	konlinesetup_xa.exe
ProductName	WPS Office
ProductVersion (#2)	11,2,0,9403

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Jun-05 14:35:15
Version	`0.0`
SizeofData	`130`
AddressOfRawData	`0x397008`
PointerToRawData	`0x395c08`
Referenced File	E:\rc_v11_i18n_20200615_branch\Build\Release\WPSOffice\office6\addons\konlinesetup_xa\konlinesetup_xa.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x7b8b4c`
SEHandlerTable	`0x79db50`
SEHandlerCount	`670`

RICH Header

XOR Key	`0x47c0e293`
Unmarked objects	`0`
152 (20115)	`10`
ASM objects (VS2010 SP1 build 40219)	`40`
C++ objects (VS2008 SP1 build 30729)	`1`
Unmarked objects (#2)	`23`
C objects (VS2010 SP1 build 40219)	`884`
C++ objects (VS2010 build 30319)	`3`
C objects (VS2008 SP1 build 30729)	`15`
Imports (VS2008 SP1 build 30729)	`5`
Total imports	`564`
C++ objects (VS2010 SP1 build 40219)	`197`
Resource objects (VS2010 SP1 build 40219)	`1`
151	`1`
Linker (VS2010 SP1 build 40219)	`1`

973aaa8d5af08343c52ed4cd4617ea41

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

101

1

2

3

4

5

6

7

8

1 (#2)

102

1 (#3)

1 (#4)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors