aefa4967ebce408eee7c8aaa370165f0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2023-Sep-19 06:38:12
Detected languages Chinese - PRC
English - United States
Debug artifacts D:\Jenkins\.jenkins\workspace\webview\WebView\webview\Release\WebView.pdb
FileDescription WebView Dynamic Link Library
FileVersion 2.5023.3170.919
InternalName WebView
LegalCopyright 版权所有 (C) 2008-2022
OriginalFilename WebView.dll
ProductName WebView Dynamic Link Library
ProductVersion 2.5023.3170.919

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to Blowfish
Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: .shared
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
  • LoadLibraryExA
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
  • FindWindowW
 Code injection capabilities (PowerLoader):
  • FindWindowW
  • GetWindowLongW
 Can access the registry:
  • RegSetValueExW
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegCreateKeyW
  • RegCloseKey
  • RegGetValueW
  • SHGetValueW
 Possibly launches other programs:
  • CreateProcessW
  • CreateProcessA
  • ShellExecuteW
 Uses Microsoft's cryptographic API:
  • CryptImportKey
  • CryptContextAddRef
  • CryptDecrypt
  • CryptEncrypt
  • CryptGenRandom
  • CryptSetKeyParam
  • CryptAcquireContextW
  • CryptReleaseContext
  • CryptDestroyKey
  • CryptStringToBinaryA
  • CryptStringToBinaryW
  • CryptBinaryToStringA
  • CryptBinaryToStringW
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Has Internet access capabilities:
  • URLDownloadToCacheFileW
 Manipulates other processes:
  • OpenProcess
  • EnumProcessModules
Info The PE is digitally signed. Signer: \xE5\xA4\xA9\xE6\xB4\xA5\xE5\xBE\xAE\xE6\x9E\x81\xE6\x99\xBA\xE7\xA7\x91\xE6\x8A\x80\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Suspicious VirusTotal score: 2/69 (Scanned on 2023-09-19 09:36:40) K7GW: Adware ( 005693e61 )
K7AntiVirus: Adware ( 005693e61 )

Hashes

MD5 aefa4967ebce408eee7c8aaa370165f0
SHA1 f10d950bc7f777793b3693894e95c128816a0729
SHA256 6c6a507e55dca5a03f446777ed95d7b8b82168c0b877ca576d129c145a1a18d7
SHA3 4f45a4199e1d9c31bcf0ba131ed960c9ce52b8f17f858b71a507247a6e322e65
SSDeep 24576:MzT4gSCN1m8xbmM2vHaBJU0SPf2VH5v+acgSH8zOvP+5pHRV+uopU4:Mzvxbm9HaB0WZvmtAbRmpU4
Imports Hash a47fa0fe7a9edac8b7c03c68f3d02e5b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x138

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 9
TimeDateStamp 2023-Sep-19 06:38:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1bac00
SizeOfInitializedData 0x77400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000068D9 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1bc000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x239000
SizeOfHeaders 0x400
Checksum 0x23b675
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b4ccd22a42efcafe3b4d023cffa11cd6
SHA1 636e0c38bb5b886269ea02c1a36020cdb021f6bc
SHA256 5699fcc6412af2ee22f22ea66eb668b720bf7355598ad56155c2a34c560b88bf
SHA3 267ab9a358829938efca1931646595fc3123838ed0341dba6575b212e4ca5b3d
VirtualSize 0x1baa13
VirtualAddress 0x1000
SizeOfRawData 0x1bac00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.71013

.rdata

MD5 0aae7aa2685b695c73fc8a9d38f69efe
SHA1 6bdad70da2321d1f667b58272a0f2cb76b6f06a6
SHA256 5546d076d59b7e1257e1d98af925ab3622c9be36964072502e95b9cf4548abba
SHA3 97e48c3b583d0c08e5776f330735feee6b29b386814a22982dd86515919cacd0
VirtualSize 0x5b53e
VirtualAddress 0x1bc000
SizeOfRawData 0x5b600
PointerToRawData 0x1bb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.77126

.data

MD5 1eb0286e9a3f76977d84cdc26a0b96d0
SHA1 7ac82ffab56c14a792096215ab1a610d67785132
SHA256 a97870d50f5a8593f70638f958b0599a68a7114058a907442130251b31b8e4e5
SHA3 8a45ab142c93750244b9609ff52a684604097091e1a3c8d7d2728ad1f42f81e9
VirtualSize 0x85b8
VirtualAddress 0x218000
SizeOfRawData 0x6600
PointerToRawData 0x216600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.10402

.idata

MD5 50f2f392d110a48aed91dc3d911258aa
SHA1 8bb463221908f49fa5f346a1d8b3e56991d7f93f
SHA256 57ee66e988918c69d73a53ad5db1f83bf3e1fffad2bceaef323b3a65543690f6
SHA3 26ac3eeab1763729152263e1feb700db3095eed0ba0179b1cca012e15f0ebdf2
VirtualSize 0x25fd
VirtualAddress 0x221000
SizeOfRawData 0x2600
PointerToRawData 0x21cc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77473

.shared

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x104
VirtualAddress 0x224000
SizeOfRawData 0x200
PointerToRawData 0x21f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
IMAGE_SCN_MEM_WRITE
Entropy 0

.00cfg

MD5 37beda89fc756ee7e2a3b5f33d03ece3
SHA1 36f25906884fac4cee69186feb2f03c89c409d88
SHA256 71ad2fea0a6a5ff45f60c9221d8a5002445cd448e1d129eac090c7cc19eaa8f9
SHA3 c9274eae2b6795ac28c254acc815af8ab680c768ea5703d3d50ada98a78ec161
VirtualSize 0x104
VirtualAddress 0x225000
SizeOfRawData 0x200
PointerToRawData 0x21f400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0611629

.tls

MD5 c573bd7cea296a9c5d230ca6b5aee1a6
SHA1 04a0b9fde89c71864acaf5e74689fe4c269bd7a8
SHA256 13bde09a110c13b533dc985f3e2c475b6f6bcf514d1a23fce5b784a653548e91
SHA3 3679da6860e8ab20485113de9ac22dfe22ddc29d53f14ddc33a648aa98196361
VirtualSize 0x309
VirtualAddress 0x226000
SizeOfRawData 0x400
PointerToRawData 0x21f600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0111738

.rsrc

MD5 4e8d1148e197b66a7aa2174b42ac05b8
SHA1 6d24dc8d28f81f45afd935610866d5ac40d06ada
SHA256 68c1b8e47b0b4432a71b19eb72fe3c5e01eafda89f7775904f49fc17e087e217
SHA3 5415af348210f4e26111ae8d84b59b7cbb82f5b8e26c5ffc733f83628e204d76
VirtualSize 0x800
VirtualAddress 0x227000
SizeOfRawData 0x800
PointerToRawData 0x21fa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.05332

.reloc

MD5 9c448f0e2089bd8327f670a170ea7472
SHA1 34220f785908d14eca61c71da9be678645f2d527
SHA256 21ff03b92b1d1f27a880af46a65fc337553c57445a5658085aef6391bb30098b
SHA3 acb89ec56e59bc744dd43a94f072837cdac0f8e9d675b4d564f134b1b848f56f
VirtualSize 0x101f3
VirtualAddress 0x228000
SizeOfRawData 0x10200
PointerToRawData 0x220200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.24993

Imports

KERNEL32.dll CreateFileW
SetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
MultiByteToWideChar
GetCurrentThreadId
OutputDebugStringA
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForMultipleObjects
CreateEventW
RegisterWaitForSingleObject
UnregisterWait
GetCurrentProcessId
GetFileSizeEx
GetLocalTime
FreeLibrary
ReleaseMutex
GetTempFileNameW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateProcessW
GetCommandLineW
RtlCaptureStackBackTrace
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
GetTickCount
CloseHandle
GetFileTime
SizeofResource
LoadResource
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
WriteConsoleW
SetEndOfFile
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetTempPathW
FindResourceExW
FindResourceW
CreateMutexW
OutputDebugStringW
RaiseException
GetExitCodeProcess
OpenProcess
GetProcessHeap
HeapSize
HeapFree
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetFileAttributesExW
CreateProcessA
GetACP
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
LockResource
DecodePointer
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
FormatMessageW
TryEnterCriticalSection
GetCPInfo
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
LoadLibraryExW
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
ReadFile
SetFilePointer
WriteFile
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedExchangeAdd
GetFileSize
FlushFileBuffers
LocalFree
InitializeCriticalSectionEx
ConnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
WaitForMultipleObjectsEx
CreateSemaphoreW
DisconnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
WaitForSingleObjectEx
Sleep
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
ResetEvent
USER32.dll UnregisterClassW
SendMessageW
SendMessageTimeoutW
PostMessageW
DefWindowProcW
CallWindowProcW
CopyRect
LoadCursorW
FindWindowW
SetWindowLongW
GetWindowLongW
wsprintfW
SetWindowTextW
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
GDI32.dll GetTextExtentPoint32W
GetStockObject
DeleteObject
SelectObject
ADVAPI32.dll CryptImportKey
InitializeSecurityDescriptor
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptGenRandom
CryptSetKeyParam
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
RegGetValueW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
SetSecurityDescriptorDacl
SHELL32.dll ShellExecuteW
SHGetFolderPathA
ShellExecuteExW
SHCreateDirectoryExW
SHCreateDirectoryExA
SHGetSpecialFolderPathW
ole32.dll StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize
OLEAUT32.dll SysFreeString
SHLWAPI.dll PathFindExtensionW
PathFindExtensionA
PathCompactPathW
PathCombineW
SHGetValueW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathCanonicalizeW
PathAppendW
StrStrIA
StrStrIW
PathIsRootW
PathIsRelativeW
PathIsDirectoryW
PathAppendA
PathFindFileNameA
PSAPI.DLL GetModuleFileNameExW
EnumProcessModules
urlmon.dll URLDownloadToCacheFileW
VERSION.dll VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CRYPT32.dll CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CertGetNameStringW
WINTRUST.dll WinVerifyTrust
WTHelperProvDataFromStateData

Delayed Imports

CreateMultiTabWebView

Ordinal 1
Address 0xc220

CreateMultiTabWebViewEx

Ordinal 2
Address 0x2ed2

GetWebViewFactory

Ordinal 3
Address 0x6e1a

IWebViewToIWebViewEx

Ordinal 4
Address 0x5ff6

IsSupportedWebViewEngine

Ordinal 5
Address 0x551a

1

Type RT_VERSION
Language Chinese - PRC
Codepage UNKNOWN
Size 0x2dc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.60797
MD5 c3b2da9ee89d02e47c5af7c1dd4a4800
SHA1 5da5b212480a3091f6a8f7c731644b091bf4c10d
SHA256 70bd536aa40de42836f8aad090f713ef10c7833e91b2db20f309980cdc34dffa
SHA3 305c49a0a7d65b68d8bcefc2ed13a2a711d267def06a81ee0ab380a4652a8b59

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 2.5023.3170.919
ProductVersion 2.5023.3170.919
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_DLL
Language Chinese - PRC
FileDescription WebView Dynamic Link Library
FileVersion (#2) 2.5023.3170.919
InternalName WebView
LegalCopyright 版权所有 (C) 2008-2022
OriginalFilename WebView.dll
ProductName WebView Dynamic Link Library
ProductVersion (#2) 2.5023.3170.919
Resource LangID Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2023-Sep-19 06:38:12
Version 0.0
SizeofData 98
AddressOfRawData 0x1fdb74
PointerToRawData 0x1fcb74
Referenced File D:\Jenkins\.jenkins\workspace\webview\WebView\webview\Release\WebView.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2023-Sep-19 06:38:12
Version 0.0
SizeofData 20
AddressOfRawData 0x1fdbd8
PointerToRawData 0x1fcbd8

TLS Callbacks

StartAddressOfRawData 0x10226000
EndAddressOfRawData 0x10226208
AddressOfIndex 0x10220584
AddressOfCallbacks 0x101bc974
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0xa0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x10218254
SEHandlerTable 0x101fc090
SEHandlerCount 1381

RICH Header

XOR Key 0xa02ac497
Unmarked objects 0
241 (40116) 19
243 (40116) 176
242 (40116) 31
C++ objects (VS2017 v15.9.12-13 compiler 27031) 1
C++ objects (VS2017 v15.9.14-15 compiler 27032) 6
C++ objects (VS2017 v15.7.5 compiler 26433) 2
199 (41118) 1
ASM objects (VS 2015/2017 runtime 26706) 26
C objects (VS 2015/2017 runtime 26706) 34
C++ objects (VS 2015/2017 runtime 26706) 123
Imports (VS2008 SP1 build 30729) 27
Total imports 257
C++ objects (VS2017 v15.9.11 compiler 27030) 37
Exports (VS2017 v15.9.11 compiler 27030) 1
Resource objects (VS2017 v15.9.11 compiler 27030) 1
151 1
Linker (VS2017 v15.9.11 compiler 27030) 1

Errors

<-- -->