| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2009-Sep-09 13:23:23
|
| Detected languages |
English - United States
|
| Comments |
|
| CompanyName |
Sogou.com Inc.
|
| FileDescription |
搜狗拼音输入法 安装程序
|
| FileVersion |
8.9.0.2180
|
| LegalCopyright |
© 2018 Sogou.com Inc. All rights reserved.
|
| ProductName |
搜狗拼音输入法
|
| ProductVersion |
8.9.0.2180
|
| Suspicious |
PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
|
| Suspicious |
The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Can access the registry:
Possibly launches other programs:
Memory manipulation functions often used by packers:
- VirtualProtect
- VirtualAlloc
|
| Info |
The PE's resources present abnormal characteristics. |
Resource 103 is possibly compressed or encrypted.
Resource 105 is possibly compressed or encrypted.
Resource 106 is possibly compressed or encrypted.
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
b70ae6897b8dad20191a356be1b9d911
|
| SHA1 |
f77a2a586f2bd9c35b5381050d58c59c645d9f0c
|
| SHA256 |
fcd332844d24d1d33a49724927cb06261ad879fe58cfd321eab23451491bf37c
|
| SHA3 |
080dbd3e6c2e03f8b7b2d0df641f8ed23cae6ca62c80e973693287ae2cfca996
|
| SSDeep |
6144:bOAR43QUVUfTj4FpPGoy+yadBIXZTurOnSGy5AI1cvf7mJh+mAPWcwUX5:bOAEhUfTkGo5EadGEMohhjI
|
| Imports Hash |
dda81a557ab7951cfe0d82bc398c4d4a
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0xe0
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
3
|
| TimeDateStamp |
2009-Sep-09 13:23:23
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
9.1
|
| SizeOfCode |
0x5000
|
| SizeOfInitializedData |
0x22000
|
| SizeOfUninitializedData |
0x28c000
|
| AddressOfEntryPoint |
0x00291E40 (Section: UPX1)
|
| BaseOfCode |
0x28d000
|
| BaseOfData |
0x292000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
5.0
|
| ImageVersion |
6.1
|
| SubsystemVersion |
5.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x2b4000
|
| SizeOfHeaders |
0x1000
|
| Checksum |
0x2a2f9b2
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x28c000
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
901fbc91493b21eee57510fba714290f
|
| SHA1 |
a5bfea6dbbdd0120e39f44efb48db6127db11218
|
| SHA256 |
46afe8486bbaa40ba268b34e8d7156b4bcc0a7a422d0940482c54033862e80f9
|
| SHA3 |
c42bfe39f758174b70148d2c6381851748a1e1e012f2b69812ddbbc31265e650
|
| VirtualSize |
0x5000
|
| VirtualAddress |
0x28d000
|
| SizeOfRawData |
0x5000
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.84572
|
| MD5 |
c6188b489fd6f9f5f2bf018f418a77b5
|
| SHA1 |
d97a0939550bc7e404447756ec735505f4167a80
|
| SHA256 |
dd68c13b9886d73d46d3732980df42a20ac840e2d5b35b7a53e6cf3ce17f357f
|
| SHA3 |
64f5fb2e01326b182a4c22598465e2ec5b3b8acbfef79d5eb31996b0605d2cde
|
| VirtualSize |
0x22000
|
| VirtualAddress |
0x292000
|
| SizeOfRawData |
0x21600
|
| PointerToRawData |
0x5400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
6.23947
|
| KERNEL32.DLL |
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
|
| ADVAPI32.dll |
RegEnumKeyW
|
| COMCTL32.dll |
#17
|
| GDI32.dll |
SetBkMode
|
| ole32.dll |
CoTaskMemFree
|
| SHELL32.dll |
ShellExecuteW
|
| USER32.dll |
GetDC
|
| VERSION.dll |
VerQueryValueW
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10828
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.93886
|
| MD5 |
52c1c704464f4d79dcf7c01c924ce84a
|
| SHA1 |
4fdddd699d523675f909115fadff5262555ce025
|
| SHA256 |
c97d2587d01d8b72ad157bb7385696b23010d8dd8c1c868f546ed51eaf4485fe
|
| SHA3 |
291f29b84185d636d532134671e2f60593ec062e4aa8837b4b9373432996a510
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x9e38
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.97635
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
9931fbdebb0962b1c40813dfb66cc8a5
|
| SHA1 |
d9d834231f2e6b78f0bbc15c4f9f4a61700f3def
|
| SHA256 |
a497676cf3c6eb0fc36bce395fb471035cf58a3b5393a0d6afb6e231e8a49f98
|
| SHA3 |
48a9005106f8d7ea035177d8bcd37882eb7c7574570350b2d02ded1eda91dfc3
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.33677
|
| MD5 |
6f6c885864c277405e0b3278acbcdb4c
|
| SHA1 |
9f3f23b3497af2b89502c45f44c5a541c33f356c
|
| SHA256 |
50b4e542e4a145cffefc4606ce2f774ae6d6a915bdcea3110097f443606a5bdb
|
| SHA3 |
94328fa15a515680177038b31eb9d527609ca3fbf9f47f4cd987c336f8d27d86
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.4032
|
| MD5 |
2f66aa7473c808f8ad75e64c096c3ab7
|
| SHA1 |
9cb9b27f2e1a7a27f208ea3dd484ad022aed3f8f
|
| SHA256 |
fce6fa0c7a01dfef5d04eb792ea176a7840280ba9819ca74568a102cce331f3f
|
| SHA3 |
733157488250e27188d7838c4a5b7c2f65d651fe2275c91323abae9bb38f8fbf
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xea8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.4258
|
| MD5 |
1d1cdd9427c007c9e4edf6aab31b8f69
|
| SHA1 |
40c938a7f3b1bec0ed87c5f1ab5cd48eb4a16616
|
| SHA256 |
8e31a7b41eb067dacb17d045569670b6b60f11c6c32d1731550fcdbda77e917f
|
| SHA3 |
8d3c830c7fe390bf2a6f23b7053177ec712d4f140e7aab057e5dfcf145397eb7
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x8a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.98239
|
| MD5 |
8467117dce88119d6e38cf6c03640d1d
|
| SHA1 |
c5807f8a829992747751de0df6a71baa35f25855
|
| SHA256 |
774b1c26ba1f36ba221a40fceeb5530bd8560e4f9a87fa3d43b102effc9f9b8f
|
| SHA3 |
18db76c17d61c68d602c5ed63a7fd014a18c40f01e8e7708e098a828f917b7ff
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x668
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.71025
|
| MD5 |
82025a7bbf5905a1dc6bcdbd8dd88ad4
|
| SHA1 |
74657ad8db9249c2caf16457a9b5090826ccf49b
|
| SHA256 |
8f7b40d4a0b7a83c37876501a5a21c0c0b3e9dde6791b0cbfeaa37ef8a812a7a
|
| SHA3 |
a8200801e27bb206bee57c538027c5dab10404d896b3c7d604291033297ec459
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x568
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
4.02962
|
| MD5 |
02afadd297ae3f5fbfaaad7049f54ef7
|
| SHA1 |
5c22d2ffbd4d5ab571ef75fc672132bf674ef39f
|
| SHA256 |
7cde4691465a6b8e56ab435f2372ca94434aeb738ed9dbbb35148fe4aefd35a8
|
| SHA3 |
91ffddf0ba12b918ff9162bcc35d01fbc1740be1d61a2122d94db6da5985db88
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.67396
|
| MD5 |
51c59f6ee9245db6034f8b11756d94aa
|
| SHA1 |
df3c84b0a5c65ac0d734675af0a9458f18593843
|
| SHA256 |
c85ebbc52d8935797ebcf34bc866d90dc14367035518cf89bbfeb0f0abb22480
|
| SHA3 |
63e13c105ece730e24bcef620c8dd88855e40440502e52aea394b371c64aaf3c
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.9808
|
| MD5 |
6dd3a1a83f17c1a8f6d99929c6548a9a
|
| SHA1 |
4b1e92c2867d4ad10cb6041c3c75c3e25f64d29d
|
| SHA256 |
7eb769d54c2966ff09be49351d4de29d78abfd26147656bbfc3e55c73e06a34a
|
| SHA3 |
36317557adfc36266ff2dd80c5f04ca96d2104c3cb5730b34cd5056ebb8b8f9a
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.49893
|
| MD5 |
5e9f95a549aacea9a1539c734dbfb743
|
| SHA1 |
08f98298133a200caa2f378639a44dc8b71dc650
|
| SHA256 |
45b2261f06551426a2053a050531ad8789729bb6f91ea11c7c96174db5d2aa9b
|
| SHA3 |
ae511a63c97c29e240f9eb9854403862f2864beefbaa9b4f22e4cdce01dd40ba
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.10063
|
| MD5 |
d0e054b5c7ba7f2132d7d1a506b06fb3
|
| SHA1 |
017aeb0cf9626fad35b55bd4996b483fdba6be2d
|
| SHA256 |
b41d39e01395c5b77016ca8838574572fe78681384f2ded1632c8f0ce9173a29
|
| SHA3 |
ec410ea37e8279e0b07af4b722f69abfe1951b2e95dee746564604089e137893
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1ec
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.39087
|
| MD5 |
8296d4b9707b6adde66ccefc64fcf914
|
| SHA1 |
ea4423b048e361771f4511c9d6bcf3c777ae52f0
|
| SHA256 |
88cf6c41d9c4d6f9e1b63a51f037bb66f8019ad6ba2672be66f23510de28d761
|
| SHA3 |
2831b0a9886e4522e1c2219e893180a53d8f88776bdf116fae36241bfa8217e9
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xe4
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.03761
|
| MD5 |
7ed0d0eb8d3d18871c326c01488ef96d
|
| SHA1 |
7e0605d6f072f274d760033525054b88e92d8c6e
|
| SHA256 |
2b1b2aaf81fb65706070f9bba052f92bf6600ba65d06a1b1af6c5bbd942b3880
|
| SHA3 |
b8aa34f5c96dd10e86cba1177615d7aa18904df1471e53cd82086c8af6cda853
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xda
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.95899
|
| MD5 |
20ca714747dccbf1e2cee676abc937a5
|
| SHA1 |
752880b7bb198e7139e01286d120a6fb1eae3d9d
|
| SHA256 |
91c361a950ea89e46d9f0f32d94f7904529b9812e2e7c47c4ff2df51aea23478
|
| SHA3 |
baad9548cdc522428081ef8a2630994c51dbd7d31203ed740d35f65c654da5fb
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xa0
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.97656
|
| Detected Filetype |
Icon file
|
| MD5 |
f15a29d0499ff6381fb0248af8890c02
|
| SHA1 |
b70b94c2a50813649cd0f0b8e1a1082ee5baaab3
|
| SHA256 |
1b26c121e911eabdfca8d805476627367ba8b7afa7363da15a5af47093d75f0d
|
| SHA3 |
37d3ae8aed30217a616faa85390cf3c5738af124564f294738cfa0fcd674ce3f
|
| Type |
RT_VERSION
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x29c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.61045
|
| MD5 |
237bde9fabd27ab58eb6e8fa84847640
|
| SHA1 |
59fd74db64332c7faca93218e30ae8247c1e0e84
|
| SHA256 |
65063f91bf47f42f7c171e1250b0331683c1c98f362775983f9effe0dd6a1793
|
| SHA3 |
7af7399c29b4954874c4e2bbc3427b59be5e52aeef2e5868999d6c11df836ffd
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x3c8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.21649
|
| MD5 |
9b4039f6f1a2f800173eab5ba4142a47
|
| SHA1 |
f23cf495b2b52ab1cba8c5d3ccdbb6a35a18ca5f
|
| SHA256 |
8ec89bc87991a205c6b3228447d103aae5ae6876bf8f18c0d950af3f691a771d
|
| SHA3 |
545afffccd892e88169cd73501555e197192a0b192a9d961c78db49ecd0e0b2d
|
| Signature |
0xfeef04bd
|
| StructVersion |
0
|
| FileVersion |
8.9.0.2180
|
| ProductVersion |
8.9.0.2180
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language |
UNKNOWN
|
| Comments |
|
| CompanyName |
Sogou.com Inc.
|
| FileDescription |
搜狗拼音输入法 安装程序
|
| FileVersion (#2) |
8.9.0.2180
|
| LegalCopyright |
© 2018 Sogou.com Inc. All rights reserved.
|
| ProductName |
搜狗拼音输入法
|
| ProductVersion (#2) |
8.9.0.2180
|
| XOR Key |
0x371742a2
|
| Unmarked objects |
0
|
| C objects (VS2012 build 50727 / VS2005 build 50727) |
3
|
| Imports (VS2012 build 50727 / VS2005 build 50727) |
17
|
| Total imports |
168
|
| C objects (VS2008 SP1 build 30729) |
11
|
| Linker (VS2008 build 21022) |
1
|
| Resource objects (VS2008 SP1 build 30729) |
1
|
[*] Warning: Could not read a WIN_CERTIFICATE's header.
[*] Warning: Section UPX0 has a size of 0!
b70ae6897b8dad20191a356be1b9d911