Manalyze report for 9ab349f5f2b3d17ec01b08d31ba8dd18

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Oct-09 06:41:34
Detected languages	English - United States
Debug artifacts	c:\jenkins\workspace\Client\Client\Windows\release\Bin\Release\Zoom.pdb
Comments	Zoom
CompanyName	Zoom Video Communications, Inc.
FileDescription	Zoom Meetings
FileVersion	`5,8,1,1435`
InternalName	Zoom
LegalCopyright	© Zoom Video Communications, Inc. All rights reserved.
LegalTrademarks	Zoom
OriginalFilename	Zoom
ProductName	Zoom
ProductVersion	`5,8,1,1435`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: chat.facebook.com facebook.com https://zoom.us`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegEnumKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Functions related to the privilege level: CheckTokenMembership OpenProcessToken DuplicateToken` `Manipulates other processes: EnumProcessModules OpenProcess Process32NextW Process32FirstW`
Info	The PE is digitally signed.	`Signer: Zoom Video Communications` `Issuer: DigiCert EV Code Signing CA (SHA2)`
Safe	VirusTotal score: 0/66 (Scanned on 2021-10-14 12:02:14)	`All the AVs think this file is safe.`

Hashes

MD5	`9ab349f5f2b3d17ec01b08d31ba8dd18`
SHA1	`e00040d4474bb92d1bbfc7f6001d2681f2b672ea`
SHA256	`485c4c704869b3ad4e2bd5f064fb000d20fbcf01eeb1e1ccea355a750f4820cf`
SHA3	`963b4cbe09de631a8537da5d128e77bd2587540166b6e4bb9eec126156704691`
SSDeep	`3072:hdEslrH9KGkKyYjlw7O3BfisDcsmlp3vKpRBA:HEs+GlyA3wvCpRBA`
Imports Hash	`9d1d75daf8dccec9671c940c272c7cf8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Oct-09 06:41:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x10000`
SizeOfInitializedData	`0x2fc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000E4D0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x11000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x42000`
SizeOfHeaders	`0x400`
Checksum	`0x500fb`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3cba9d424261dd714896cc90b7d0122c`
SHA1	`b2f2e8b97f97a71e5ddba4dbbd374b76b19d3434`
SHA256	`069883b1adef3c9c49ea03de616a59f7ce8b4ea42d9925c749c3449607d8cea8`
SHA3	`31944c654c30a0afdb1c298cadf5f1a7df1fcc6f7a9942fac1a150296fba3f4b`
VirtualSize	`0xfe5a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.28991`

.rdata

MD5	`4fd3556e82de75f2855c2c10ab146cd4`
SHA1	`c27c64b3d03b449f04ac52bc9fe8f1250a01c08a`
SHA256	`01ff8946a97d711c074a813b86f06a0a8eaf7648df9fc314afda2dc70f9f76e6`
SHA3	`0113f58353f0e9126c6cff7f0aaaae4e0509fb973f90d5213fc872606c86c198`
VirtualSize	`0xaafc`
VirtualAddress	`0x11000`
SizeOfRawData	`0xac00`
PointerToRawData	`0x10400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.29652`

.data

MD5	`03fafd70795172a7365fc9225282aed7`
SHA1	`0271a6f2668e341caf67be3054a67e6c03d1250b`
SHA256	`11df78b7642d0e0d133125b3907ab5e99716c25eb2420d8f830686cd6df52ba1`
SHA3	`14a71dc658d899bd10c90fd22b9e6749f67583ae318b61fe1c7a49e342c95331`
VirtualSize	`0x257c`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.06152`

.rsrc

MD5	`eb365a76bf455c3f5a930e705c490674`
SHA1	`5bf66e7bb0da3e64f8c2117e2c1670edd504ef16`
SHA256	`e48bb5015f3007231ac36b92d389c84af6b6467bd474e631373fd0cbe752df9b`
SHA3	`3ae6174173120cf3877d3ed607b4a07c8aeb0ee85537bf9e8877ba22fa5cebca`
VirtualSize	`0x20908`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x20a00`
PointerToRawData	`0x1b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.74388`

.reloc

MD5	`93c8009ba64ba9f2dc7de34628341672`
SHA1	`c3b83fd40f8385ae9647a1f5c16a3c1802a02955`
SHA256	`cbde3ec7e6679ddece905115f7ffc860c3942e395fe2473a1fb956ae1cd221a7`
SHA3	`08e0eb6ae1f05a4891c30f5acb63f14467392d4d04db8323e772b75e008871e6`
VirtualSize	`0x1f34`
VirtualAddress	`0x40000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x3bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.69355`

Imports

DllSafeCheck.dll	`HackCheck`
PSAPI.DLL	`GetModuleInformation` `GetModuleFileNameExW` `EnumProcessModules`
zCrashReport.dll	`#7` `#9`
Cmmlib.dll	`?Now@Time@Cmm@@SA?AV12@XZ` `?GetZoomAccountManager@Cmm@@YAPAVIZoomAccountManager@zoom_data@@XZ` `?GetZoomClientData@Cmm@@YAPAVIZoomClientData@zoom_data@@XZ` `?GetZoomAppPropData@Cmm@@YAPAVIZoomAppPropData@zoom_data@@XZ` `CmmMQ_GetService` `?CreateAppContext@Cmm@@YAPAVISSBAppContext@1@ABV?$CStringT@_W@1@HH@Z` `?NotifyClientDataTermed@Cmm@@YAXXZ` `?IsPTProcess@Cmm@@YAHXZ` `?GetSwitchValueASCII@CommandLine@Cmm@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z` `?ForCurrentProcess@CommandLine@Cmm@@SAPAV12@XZ` `?DestroyDefaultMessageLoop@ZoomWorkerFactory@Cmm@@SAXXZ` `?GetSpecialDirectory@CFileName@Cmm@@QAEXW4SpecialFolder@12@H@Z` `?SetProcessType@Cmm@@YAXW4PROCESS_TYPE@@@Z` `?DestroyAppContext@Cmm@@YAXPAVISSBAppContext@1@@Z` `?Empty@?$CStringT@D@Cmm@@QAEXXZ` `?empty@?$CStringT@D@Cmm@@QBE_NXZ` `??0?$CStringT@D@Cmm@@QAE@XZ` `??0?$CStringT@D@Cmm@@QAE@PB_W@Z` `??0?$CStringT@D@Cmm@@QAE@ABV?$CStringT@_W@1@@Z` `??1?$CStringT@D@Cmm@@UAE@XZ` `??4?$CStringT@D@Cmm@@QAEAAV01@PBD@Z` `??4?$CStringT@D@Cmm@@QAEAAV01@ABV01@@Z` `?c_str@?$CStringT@D@Cmm@@QBEPBDXZ` `?empty@?$CStringT@_W@Cmm@@QBE_NXZ` `??0?$CStringT@_W@Cmm@@QAE@XZ` `??0?$CStringT@_W@Cmm@@QAE@PB_W@Z` `??0?$CStringT@_W@Cmm@@QAE@PBD@Z` `??1?$CStringT@_W@Cmm@@UAE@XZ` `??4?$CStringT@_W@Cmm@@QAEAAV01@PB_W@Z` `??4?$CStringT@_W@Cmm@@QAEAAV01@ABV01@@Z` `??Y?$CStringT@_W@Cmm@@QAEAAV01@PB_W@Z` `??Y?$CStringT@_W@Cmm@@QAEAAV01@ABV01@@Z` `?c_str@?$CStringT@_W@Cmm@@QBEPB_WXZ` `?GetBuffer@?$CStringT@_W@Cmm@@QAEPA_WI@Z` `?IsEmpty@?$CStringT@_W@Cmm@@QBEHXZ` `?SetLength@?$CStringT@_W@Cmm@@QAEXI@Z` `??1CFileName@Cmm@@UAE@XZ` `?GetModuleFileNameW@CFileName@Cmm@@QAEXPAUHINSTANCE__@@@Z` `?GetName@CFileName@Cmm@@QBEPB_WXZ` `??0CFileName@Cmm@@QAE@XZ` `??B?$CStringT@_W@Cmm@@QBEPB_WXZ` `??Y?$CStringT@_W@Cmm@@QAEAAV01@PBD@Z` `??8?$CStringT@_W@Cmm@@QBE_NABV01@@Z` `?GetModuleLoader@Cmm@@YAPAVICmmModuleLoader@1@XZ` `?GetModuleRegistry@Cmm@@YAPAVICmmModuleRegistry@1@XZ` `??1CCmmArchiveObjHelper@Cmm@@QAE@XZ` `??0CCmmArchiveObjHelper@Cmm@@QAE@PBD@Z` `?FreeMsg@CCmmMessageHelper@Cmm@@YAXPAVCmmMQ_Msg@2@@Z` `?FlatternToMsg@CCmmMessageHelper@Cmm@@YAPAVCmmMQ_Msg@2@PAVCCmmArchiveObjHelper@2@H@Z` `??1CSBMBMessage_NotifyNetworkStateChanged@@UAE@XZ` `?Set_Flag@CSBMBMessage_NotifyNetworkStateChanged@@QAEXABI@Z` `?Set_State@CSBMBMessage_NotifyNetworkStateChanged@@QAEXABI@Z` `??0CSBMBMessage_NotifyNetworkStateChanged@@QAE@XZ` `??1CSBMBMessage_NotifyAppInActive@@UAE@XZ` `?Set_Reason@CSBMBMessage_NotifyAppInActive@@QAEXABV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_NotifyAppInActive@@QAE@XZ` `??1CSBMBMessage_NotifyAppActive@@UAE@XZ` `?Set_Reason@CSBMBMessage_NotifyAppActive@@QAEXABV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_NotifyAppActive@@QAE@XZ` `?cmm_str_convert@@YAIHPADIPB_WI@Z` `?SetMinLogLevel@logging@@YAXH@Z` `?BaseInitLoggingImpl_built_with_NDEBUG@logging@@YA_NPB_WW4LoggingDestination@1@W4LogLockingState@1@W4OldFileDeletionState@1@W4LogEncryptPolicy@1@@Z` `??_7CFileName@Cmm@@6B@` `??_7?$CStringT@_W@Cmm@@6B@` `cmm_fs_rmdirs` `?ToTimeT@Time@Cmm@@QBE_JXZ` `?IsExists@CFileName@Cmm@@QBEHXZ` `?Assign@?$CStringT@_W@Cmm@@QAEXPB_WI@Z` `?SetLength@?$CStringT@D@Cmm@@QAEXI@Z` `?size@?$CStringT@D@Cmm@@QBEIXZ` `??0?$CStringT@D@Cmm@@QAE@PBD@Z` `??Y?$CStringT@D@Cmm@@QAEAAV01@PBD@Z` `?GetBuffer@?$CStringT@D@Cmm@@QAEPADI@Z` `?begin@?$CStringT@_W@Cmm@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@_W@std@@@std@@@std@@XZ` `?erase@?$CStringT@_W@Cmm@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@_W@std@@@std@@@std@@V34@@Z` `?find@?$CStringT@_W@Cmm@@QBEIPB_WI@Z` `?find@?$CStringT@_W@Cmm@@QBEI_WI@Z` `?find_last_of@?$CStringT@_W@Cmm@@QBEI_WI@Z` `?length@?$CStringT@_W@Cmm@@QBEIXZ` `??0?$CStringT@_W@Cmm@@QAE@ABV01@@Z` `??0?$CStringT@_W@Cmm@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z` `??4?$CStringT@_W@Cmm@@QAEAAV01@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z` `?Format@?$CStringT@_W@Cmm@@QAAXPB_WZZ` `?Compare@?$CStringT@_W@Cmm@@QBEHPB_W@Z` `?GetAt@?$CStringT@_W@Cmm@@QBE_WH@Z` `?Left@?$CStringT@_W@Cmm@@QBE?AV?$CRangeT@PB_W@2@I@Z` `?Right@?$CStringT@_W@Cmm@@QBE?AV?$CRangeT@PB_W@2@I@Z` `?Trim@?$CStringT@_W@Cmm@@QAEXXZ` `?MakeLower@?$CStringT@_W@Cmm@@QAEXXZ` `?GetSecond@CTime@Cmm@@QBEHXZ` `?GetMinute@CTime@Cmm@@QBEHXZ` `?GetHour@CTime@Cmm@@QBEHXZ` `?GetDay@CTime@Cmm@@QBEHXZ` `?GetMonth@CTime@Cmm@@QBEHXZ` `?GetYear@CTime@Cmm@@QBEHXZ` `?GetTickCount@CTime@Cmm@@SA?AV12@XZ` `??_7CmmLogGC@Cmm@@6B@` `?ResetAppData@CmmLogGC@Cmm@@UAEHH@Z` `?Init@CommandLine@Cmm@@SAXHPBQBD@Z` `??0?$CStringT@_W@Cmm@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z` `??8?$CStringT@_W@Cmm@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z` `CmmMQ_TermService` `CmmMQ_InitService` `?GetCurrentVersion@Cmm@@YAXAAV?$CStringT@D@1@@Z` `?ClearAllPackageDefines@CCmmArchiveService@Cmm@@SAXXZ` `?base64FreeDecodeBuffer@Cmm@@YAXAAPAE@Z` `?IsNewerVersion@Cmm@@YAHABV?$CStringT@D@1@0@Z` `?base64Decode@Cmm@@YAPAEABV?$CStringT@_W@1@AAI@Z` `?assign@?$CStringT@_W@Cmm@@QAEAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z` `?size@?$CStringT@_W@Cmm@@QBEIXZ` `??H?$CStringT@_W@Cmm@@QBE?AV01@PB_W@Z` `??Y?$CStringT@_W@Cmm@@QAEAAV01@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z` `??9?$CStringT@_W@Cmm@@QBE_NPB_W@Z` `??9?$CStringT@_W@Cmm@@QBE_NABV01@@Z` `??1PolicyContext_s@zpref@@QAE@XZ` `??1CSBMBMessage_NotifyAppEvent@@UAE@XZ` `?Set_Param@CSBMBMessage_NotifyAppEvent@@QAEXABV?$CStringT@_W@Cmm@@@Z` `?Set_EventID@CSBMBMessage_NotifyAppEvent@@QAEXABI@Z` `??0CSBMBMessage_NotifyAppEvent@@QAE@XZ` `??1CSBMBMessage_NotifyBeforeTerm@@UAE@XZ` `?Set_AppName@CSBMBMessage_NotifyBeforeTerm@@QAEXABV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_NotifyBeforeTerm@@QAE@XZ` `??1CSBMBMessage_NotifyAfterInit@@UAE@XZ` `?Set_AppName@CSBMBMessage_NotifyAfterInit@@QAEXABV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_NotifyAfterInit@@QAE@XZ` `??1CSBMBMessage_TermThread@@UAE@XZ` `?Set_AppName@CSBMBMessage_TermThread@@QAEXABV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_TermThread@@QAE@XZ` `??1CSBMBMessage_InitThread@@UAE@XZ` `?Set_AppName@CSBMBMessage_InitThread@@QAEXABV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_InitThread@@QAE@XZ` `??0PolicyContext_s@zpref@@QAE@XZ` `?GetModuleFilePath@CFileName@Cmm@@QAEXPAUHINSTANCE__@@@Z` `?CreatePolicyProvider@zpref@@YAPAVIPolicyProvider@1@ABUPolicyContext_s@1@@Z` `?DestoryPolicyProvider@zpref@@YAXXZ` `?cmm_str_convert@@YAIHPA_WIPBDI@Z` `?GetAppContext@Cmm@@YAPAVISSBAppContext@1@XZ`
DuiLib.dll	`?UnInitHdpi@CHighDpi@DuiLib@@SAXXZ` `?InitHdpi@CHighDpi@DuiLib@@SAHXZ` `?SetSupportHighContrast@CHighContrast@DuiLib@@QAEX_N@Z` `?SetAwarenessMode@CHighDpi@DuiLib@@SA_NW4DPIAwareMode@CDpiAwarenessMode@2@@Z` `?Instance@CHighContrast@DuiLib@@SAPAV12@XZ`
MSAALIB.dll	`ZAccTermModule` `ZAccInitModule`
util.dll	`?update_log_destination@mem_log_file@ssb@@QAEHI@Z` `?destroy@mem_log_file@ssb@@SAXXZ` `destroy_mlog_mgr` `enable_logger` `util_init` `mlog_reg` `??0thread_mutex_recursive@ssb@@QAE@XZ` `??1thread_mutex_recursive@ssb@@QAE@XZ` `?instance@mem_log_file@ssb@@SAPAV12@I@Z` `util_uninit` `mlog_unreg`
libcrypto-1_1.dll	`RAND_bytes`
KERNEL32.dll	`ResetEvent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `WaitForSingleObjectEx` `HeapFree` `CreateFileW` `GetFileAttributesW` `OpenProcess` `GetLastError` `CloseHandle` `HeapAlloc` `GetProcAddress` `VerSetConditionMask` `GetProcessHeap` `VerifyVersionInfoW` `LoadLibraryExW` `InitializeCriticalSectionEx` `CreateDirectoryW` `SetErrorMode` `GetPrivateProfileStringW` `DeleteFileW` `GetTempFileNameW` `GetModuleHandleA` `VirtualProtect` `EnterCriticalSection` `GetCurrentProcess` `InitializeCriticalSectionAndSpinCount` `WriteFile` `TerminateProcess` `GetModuleFileNameW` `WaitForMultipleObjects` `LeaveCriticalSection` `InitializeCriticalSection` `SetFilePointer` `ResumeThread` `CreateToolhelp32Snapshot` `CreateEventW` `Process32NextW` `CreateFileA` `SetEvent` `Process32FirstW` `CreateThread` `GetWindowsDirectoryW` `DeleteCriticalSection` `GetCurrentProcessId` `GetModuleHandleW` `CreateSemaphoreW` `FlushInstructionCache` `CreateDirectoryA` `SetDllDirectoryW` `VirtualQuery` `FlushFileBuffers` `CreateProcessW` `FindFirstFileW` `SetLastError` `FindNextFileW` `ExpandEnvironmentStringsW` `DeviceIoControl` `FindClose` `OutputDebugStringW` `GetTempPathW` `MoveFileExW` `FreeLibrary` `MoveFileW` `ReleaseSemaphore`
USER32.dll	`DefWindowProcW` `CreateWindowExW` `UnregisterClassW` `ShowWindow` `GetClassInfoW` `RegisterClassW` `SetFocus` `FindWindowW` `UpdateWindow` `PostMessageW` `SendMessageW` `IsWindow` `GetUserObjectInformationA` `MessageBoxW` `GetProcessWindowStation` `DestroyWindow`
ADVAPI32.dll	`CheckTokenMembership` `FreeSid` `OpenProcessToken` `AllocateAndInitializeSid` `GetTokenInformation` `RegQueryValueExW` `RegOpenKeyExW` `RegEnumKeyExW` `RegCloseKey` `GetUserNameW` `DuplicateToken`
SHELL32.dll	`SHGetSpecialFolderPathW` `SHGetSpecialFolderPathA` `SHFileOperationW` `SHGetFolderPathA` `ShellExecuteW`
ole32.dll	`CoInitialize` `CoUninitialize`
SHLWAPI.dll	`PathIsRelativeW` `PathAppendW` `PathRemoveFileSpecW` `PathAddBackslashW` `PathRemoveBackslashW`
WINTRUST.dll	`WTHelperProvDataFromStateData` `WTHelperGetProvSignerFromChain` `WinVerifyTrust` `WTHelperGetProvCertFromChain`
CRYPT32.dll	`CertGetNameStringW`
MSVCP140.dll	`?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ` `??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ` `?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z` `?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z` `?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z` `?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z` `?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ` `?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ` `?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ` `?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ` `?uncaught_exception@std@@YA_NXZ` `?_Xlength_error@std@@YAXPBD@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z` `??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ` `?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z` `?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z` `??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ` `??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z` `??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ`
tp.dll	`?release@net_adaptors_t@ssb@@SAXAAPAV12@@Z` `?enum_netadaptors@net_adaptors_t@ssb@@SAPAV12@XZ` `?get_adaptor_mac_addr@net_adaptors_t@ssb@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ`
gdiplus.dll	`GdiplusStartup` `GdiplusShutdown`
VCRUNTIME140.dll	`memcmp` `memcpy` `__CxxFrameHandler3` `__std_exception_destroy` `__std_exception_copy` `_purecall` `wcsstr` `__current_exception` `__current_exception_context` `memset` `_CxxThrowException` `memmove` `_except_handler4_common` `__std_terminate`
api-ms-win-crt-string-l1-1-0.dll	`wcscpy_s` `towupper` `strcat_s` `towlower` `wcscat_s` `_wcsicmp` `_strnicmp` `strnlen`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_set_new_mode` `free` `_callnewh`
api-ms-win-crt-filesystem-l1-1-0.dll	`_wstat64i32`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_wide_environment` `_initterm_e` `_configure_wide_argv` `exit` `_get_wide_winmain_command_line` `_seh_filter_exe` `_invalid_parameter_noinfo_noreturn` `terminate` `_controlfp_s` `_cexit` `_exit` `signal` `_set_abort_behavior` `_set_app_type` `_register_onexit_function` `_initialize_onexit_table` `_c_exit` `_initterm` `_crt_atexit` `_register_thread_local_exe_atexit_callback`
api-ms-win-crt-convert-l1-1-0.dll	`_itow_s`
api-ms-win-crt-environment-l1-1-0.dll	`_putenv` `getenv`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0543`
MD5	`2bbd36ae5de51069553d5efa078cbd2c`
SHA1	`6a29d9478976073fda2a8164383984ecfb7d9373`
SHA256	`c7e9afaf9f60d6e6afc3d761ccc47b2f55e51e36c26ebc7e053a5cf634f14275`
SHA3	`49d00475a4fdc8586b24f72ea0ac5b685647964af6ba63ecfb45e95bc3b2672c`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19974`
MD5	`a016978ba80d946cdb604a0bd17ce814`
SHA1	`4e9c2d600ab5ccc93f73968daae9f2be5720fb58`
SHA256	`7c8f3f4658e6ad39c6b04def6673f254f92289219a90eb00d8cbb47aaec7daf4`
SHA3	`24a12692c11a2fd927ab039a54abcab70a9159cf85e0ec3deb797b15bcb1cbb3`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13276`
MD5	`155b74fd79aa7877b8576ed4b12dc9fc`
SHA1	`b054a52a89f5255803238eff5549c6cd5be10cd5`
SHA256	`87e940ac711f680e1c10d8a5a1aafd80ade569995fa00c9ec41632422243a265`
SHA3	`e3e3ca8030a74c689362fc9519baeebb0c77de27d51568ca70f421ba578bf456`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70844`
MD5	`20033da9cf963882f858bf463d6ae167`
SHA1	`2606617072466d477f1870cfcef83381eaa98cf9`
SHA256	`aae3ffe9477486e92852c0b42889572f5ab60f8fb4316c8bd6436f4659500336`
SHA3	`6a6686f73a4266bdf26ee9551702c7212bdc9fdf36b59e6f8414c7f341dcd9b7`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67659`
MD5	`e619bdddd7aaf73053bd8714da823585`
SHA1	`0d0b53f5c00f0744692dcc2f029279ab838910c0`
SHA256	`c2e4b8ca792ddf1a6a6f4ae51310f756ea5acbe58f2491bde6028a7a4144c228`
SHA3	`d77dd854b1b69a3803db700b8399eccae4a1b8f66bddc5c3a5822fd3c05c7fb6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.3637`
MD5	`4c6bfeb7c53a28b216b29fe090f52807`
SHA1	`313e6aa2c6b3d833fac6a09ab5c484bd52093863`
SHA256	`6aa72ec9f66c66b94f98eacf6ec49c11b4e7ccebcf6eb6f803aea74c4b85e080`
SHA3	`f2155d67ed64794d0626de0f498d8b51dfacda30bd46847170f86b7e875370f9`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x71cb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97548`
Detected Filetype	PNG graphic file
MD5	`cae8ae0ea6cb16a532486e68b9fe11ba`
SHA1	`c2d38b02168246406c21499340f0d1eea95e37f7`
SHA256	`fccfadc8840a8b8552f11f54dc33948116c68c52736fec1bb5903fbb9a5f7a5e`
SHA3	`3d147797106f6d2212c9a58ee51a4159c4a4e23af507239e0840a786ef914a58`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91902`
Detected Filetype	Icon file
MD5	`1d1fcb4e6c40791009c311431e312742`
SHA1	`dfbb3e5083c7ea479516c238a84c636b3a2af17b`
SHA256	`72066506fc0cb5ed093b16e5fb0e8b43605f7bf66ac090064157b648c7143834`
SHA3	`9d447fe05a3b76df30baeeaf7bb442826a890649c8a63a08d61f36b20e8e5c1c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39446`
MD5	`dc9b63eecabff5351f48ffc9994e835b`
SHA1	`e97b01e76a03d2d8776de239c6de1fa754353dc8`
SHA256	`a54331e1be9bbe9cb965c40f6263aadd4ecbbd075a9be368d54d5fdf58c08303`
SHA3	`13a2273d3bf5194737f6c827a85250d4ca3f95750706bd282326ef171e2c782c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x280`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07176`
MD5	`0f3b71d0fa474d73aff7de9cdf842732`
SHA1	`7990f81c60b8ab722c5ad7367f69c85106be5ed5`
SHA256	`5055de34114f55b1bfafbbbda68ec60c4291109780b9c197557b7c222c9a4e09`
SHA3	`c819cff55bde393211a32de2e92c070f295200f1b580ba63c6d18be15e762375`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.8.1.1435
ProductVersion	5.8.1.1435
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Zoom
CompanyName	Zoom Video Communications, Inc.
FileDescription	Zoom Meetings
FileVersion (#2)	5,8,1,1435
InternalName	Zoom
LegalCopyright	© Zoom Video Communications, Inc. All rights reserved.
LegalTrademarks	Zoom
OriginalFilename	Zoom
ProductName	Zoom
ProductVersion (#2)	5,8,1,1435

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Oct-09 06:41:34
Version	`0.0`
SizeofData	`96`
AddressOfRawData	`0x15e4c`
PointerToRawData	`0x1524c`
Referenced File	c:\jenkins\workspace\Client\Client\Windows\release\Bin\Release\Zoom.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Oct-09 06:41:34
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15eac`
PointerToRawData	`0x152ac`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Oct-09 06:41:34
Version	`0.0`
SizeofData	`892`
AddressOfRawData	`0x15ec0`
PointerToRawData	`0x152c0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Oct-09 06:41:34
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x41624c`
EndAddressOfRawData	`0x416254`
AddressOfIndex	`0x41c438`
AddressOfCallbacks	`0x4116b8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xb8`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41c00c`
SEHandlerTable	`0x415d1c`
SEHandlerCount	`76`
GuardCFCheckFunctionPointer	`4265588`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x4f61ab4c`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
Imports (VS 2015/2017/2019 runtime 28920)	`4`
C++ objects (VS 2015/2017/2019 runtime 28920)	`32`
C objects (VS 2015/2017/2019 runtime 28920)	`13`
ASM objects (VS 2015/2017/2019 runtime 28920)	`3`
C objects (26715)	`1`
262 (26715)	`1`
Imports (VS2019 Update 6 (16.6.0) compiler 28805)	`2`
Imports (26715)	`24`
Imports (VS2019 Update 7 (16.7.1) compiler 29111)	`15`
Total imports	`489`
264 (VS2019 Update 7 (16.7.1) compiler 29111)	`14`
Resource objects (VS2019 Update 7 (16.7.1) compiler 29111)	`1`
151	`1`
Linker (VS2019 Update 7 (16.7.1) compiler 29111)	`1`

9ab349f5f2b3d17ec01b08d31ba8dd18

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors