Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2023-Sep-19 06:38:12 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
D:\Jenkins\.jenkins\workspace\webview\WebView\webview\Release\WebView.pdb
|
FileDescription | WebView Dynamic Link Library |
FileVersion | 2.5023.3170.919 |
InternalName | WebView |
LegalCopyright | 版权所有 (C) 2008-2022 |
OriginalFilename | WebView.dll |
ProductName | WebView Dynamic Link Library |
ProductVersion | 2.5023.3170.919 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to Blowfish Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. | Unusual section name found: .shared |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: \xE5\xA4\xA9\xE6\xB4\xA5\xE5\xBE\xAE\xE6\x9E\x81\xE6\x99\xBA\xE7\xA7\x91\xE6\x8A\x80\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
Suspicious | VirusTotal score: 2/69 (Scanned on 2023-09-19 09:36:40) |
K7GW:
Adware ( 005693e61 )
K7AntiVirus: Adware ( 005693e61 ) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x138 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 9 |
TimeDateStamp | 2023-Sep-19 06:38:12 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x1bac00 |
SizeOfInitializedData | 0x77400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000068D9 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1bc000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x239000 |
SizeOfHeaders | 0x400 |
Checksum | 0x23b675 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CreateFileW
SetFileAttributesW DeleteFileW CopyFileW MoveFileW MoveFileExW MultiByteToWideChar GetCurrentThreadId OutputDebugStringA SetLastError InitializeCriticalSection EnterCriticalSection LeaveCriticalSection SetEvent WaitForMultipleObjects CreateEventW RegisterWaitForSingleObject UnregisterWait GetCurrentProcessId GetFileSizeEx GetLocalTime FreeLibrary ReleaseMutex GetTempFileNameW WideCharToMultiByte InterlockedIncrement InterlockedDecrement CreateProcessW GetCommandLineW RtlCaptureStackBackTrace GetModuleHandleW GetModuleFileNameW LoadLibraryW GetTickCount CloseHandle GetFileTime SizeofResource LoadResource WaitForSingleObject DeleteCriticalSection InitializeCriticalSectionAndSpinCount GetLastError WriteConsoleW SetEndOfFile SetStdHandle SetEnvironmentVariableW SetEnvironmentVariableA FreeEnvironmentStringsW GetTempPathW FindResourceExW FindResourceW CreateMutexW OutputDebugStringW RaiseException GetExitCodeProcess OpenProcess GetProcessHeap HeapSize HeapFree GetEnvironmentStringsW GetCommandLineA GetOEMCP IsValidCodePage FindFirstFileExW FindFirstFileExA SetConsoleCtrlHandler ReadConsoleW EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetTimeFormatW GetDateFormatW GetStdHandle GetFileAttributesExW CreateProcessA GetACP GetTimeZoneInformation GetConsoleMode GetConsoleCP SetFilePointerEx GetFileType GetModuleFileNameA ExitProcess GetModuleHandleExW ResumeThread ExitThread RtlUnwind CreateTimerQueue UnregisterWaitEx QueryDepthSList InterlockedFlushSList ReleaseSemaphore DuplicateHandle HeapReAlloc HeapAlloc HeapDestroy GetProcAddress LockResource DecodePointer SetProcessAffinityMask VirtualProtect GetModuleHandleA IsDebuggerPresent EncodePointer InitializeSListHead InterlockedPopEntrySList InterlockedPushEntrySList GetCurrentProcess FlushInstructionCache IsProcessorFeaturePresent VirtualAlloc VirtualFree LoadLibraryExA FormatMessageW TryEnterCriticalSection GetCPInfo SwitchToThread TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime QueryPerformanceCounter QueryPerformanceFrequency CompareStringW LCMapStringW GetLocaleInfoW GetStringTypeW LoadLibraryExW GetVersionExW MapViewOfFile UnmapViewOfFile CreateFileMappingW OpenFileMappingW ReadFile SetFilePointer WriteFile FindClose FindFirstFileA FindFirstFileW FindNextFileA FindNextFileW UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess GetStartupInfoW InterlockedExchangeAdd GetFileSize FlushFileBuffers LocalFree InitializeCriticalSectionEx ConnectNamedPipe CreateIoCompletionPort GetQueuedCompletionStatus PostQueuedCompletionStatus WaitForMultipleObjectsEx CreateSemaphoreW DisconnectNamedPipe CreateNamedPipeW WaitNamedPipeW WaitForSingleObjectEx Sleep SignalObjectAndWait CreateThread SetThreadPriority GetThreadPriority GetLogicalProcessorInformation CreateTimerQueueTimer ChangeTimerQueueTimer DeleteTimerQueueTimer GetNumaHighestNodeNumber GetProcessAffinityMask SetThreadAffinityMask GetCurrentThread GetThreadTimes FreeLibraryAndExitThread ResetEvent |
---|---|
USER32.dll |
UnregisterClassW
SendMessageW SendMessageTimeoutW PostMessageW DefWindowProcW CallWindowProcW CopyRect LoadCursorW FindWindowW SetWindowLongW GetWindowLongW wsprintfW SetWindowTextW DestroyWindow IsWindow CreateWindowExW GetClassInfoExW RegisterClassExW |
GDI32.dll |
GetTextExtentPoint32W
GetStockObject DeleteObject SelectObject |
ADVAPI32.dll |
CryptImportKey
InitializeSecurityDescriptor CryptContextAddRef CryptDecrypt CryptEncrypt CryptGenRandom CryptSetKeyParam RegSetValueExW RegQueryValueExW RegOpenKeyExW RegCreateKeyW RegCloseKey RegGetValueW CryptAcquireContextW CryptReleaseContext CryptDestroyKey SetSecurityDescriptorDacl |
SHELL32.dll |
ShellExecuteW
SHGetFolderPathA ShellExecuteExW SHCreateDirectoryExW SHCreateDirectoryExA SHGetSpecialFolderPathW |
ole32.dll |
StringFromGUID2
CoCreateGuid CoInitialize CoUninitialize |
OLEAUT32.dll |
SysFreeString
|
SHLWAPI.dll |
PathFindExtensionW
PathFindExtensionA PathCompactPathW PathCombineW SHGetValueW PathRemoveFileSpecW PathFindFileNameW PathFileExistsW PathCanonicalizeW PathAppendW StrStrIA StrStrIW PathIsRootW PathIsRelativeW PathIsDirectoryW PathAppendA PathFindFileNameA |
PSAPI.DLL |
GetModuleFileNameExW
EnumProcessModules |
urlmon.dll |
URLDownloadToCacheFileW
|
VERSION.dll |
VerQueryValueW
GetFileVersionInfoW GetFileVersionInfoSizeW |
CRYPT32.dll |
CryptStringToBinaryA
CryptStringToBinaryW CryptBinaryToStringA CryptBinaryToStringW CertGetNameStringW |
WINTRUST.dll |
WinVerifyTrust
WTHelperProvDataFromStateData |
Ordinal | 1 |
---|---|
Address | 0xc220 |
Ordinal | 2 |
---|---|
Address | 0x2ed2 |
Ordinal | 3 |
---|---|
Address | 0x6e1a |
Ordinal | 4 |
---|---|
Address | 0x5ff6 |
Ordinal | 5 |
---|---|
Address | 0x551a |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.5023.3170.919 |
ProductVersion | 2.5023.3170.919 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | Chinese - PRC |
FileDescription | WebView Dynamic Link Library |
FileVersion (#2) | 2.5023.3170.919 |
InternalName | WebView |
LegalCopyright | 版权所有 (C) 2008-2022 |
OriginalFilename | WebView.dll |
ProductName | WebView Dynamic Link Library |
ProductVersion (#2) | 2.5023.3170.919 |
Resource LangID | Chinese - PRC |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Sep-19 06:38:12 |
Version | 0.0 |
SizeofData | 98 |
AddressOfRawData | 0x1fdb74 |
PointerToRawData | 0x1fcb74 |
Referenced File | D:\Jenkins\.jenkins\workspace\webview\WebView\webview\Release\WebView.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Sep-19 06:38:12 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x1fdbd8 |
PointerToRawData | 0x1fcbd8 |
StartAddressOfRawData | 0x10226000 |
---|---|
EndAddressOfRawData | 0x10226208 |
AddressOfIndex | 0x10220584 |
AddressOfCallbacks | 0x101bc974 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x10218254 |
SEHandlerTable | 0x101fc090 |
SEHandlerCount | 1381 |
XOR Key | 0xa02ac497 |
---|---|
Unmarked objects | 0 |
241 (40116) | 19 |
243 (40116) | 176 |
242 (40116) | 31 |
C++ objects (VS2017 v15.9.12-13 compiler 27031) | 1 |
C++ objects (VS2017 v15.9.14-15 compiler 27032) | 6 |
C++ objects (VS2017 v15.7.5 compiler 26433) | 2 |
199 (41118) | 1 |
ASM objects (VS 2015/2017 runtime 26706) | 26 |
C objects (VS 2015/2017 runtime 26706) | 34 |
C++ objects (VS 2015/2017 runtime 26706) | 123 |
Imports (VS2008 SP1 build 30729) | 27 |
Total imports | 257 |
C++ objects (VS2017 v15.9.11 compiler 27030) | 37 |
Exports (VS2017 v15.9.11 compiler 27030) | 1 |
Resource objects (VS2017 v15.9.11 compiler 27030) | 1 |
151 | 1 |
Linker (VS2017 v15.9.11 compiler 27030) | 1 |