b88654189ee63ca1555ce394b09bdaf6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-May-20 05:49:44
Detected languages Chinese - PRC
English - United States
FileDescription 应用帮助和支持
FileVersion 5.5022.1105.520
InternalName support.exe
LegalCopyright 版权所有 (C) 2008-2022
OriginalFilename support.exe
ProductName support.exe
ProductVersion 5.5022.1105.520

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig2(h)
Info Interesting strings found in the binary: Contains domain names:
  • download.windowsupdate.com
  • http://download.windowsupdate.com
  • http://download.windowsupdate.com/c/msdownload/update/software/secu/2015/02/windows6.1-kb3033929-x64_5c56222b0caf43030addc9ad262633fcbddfcd41.msu
  • http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/02/windows6.1-kb3033929-x86_927e018113fe51250c57029635d46b89bf235920.msu
  • http://s.ludashi.com
  • http://s.ludashi.com/url2?pid
  • http://softmgr.ludashi.com
  • http://softmgr.ludashi.com/downloader/soft/Report
  • http://softmgr.ludashi.com/downloader/soft/get
  • https://www.ludashi.com
  • https://www.ludashi.com/downloader/agreement.html
  • ludashi.com
  • openssl.org
  • s.ludashi.com
  • softmgr.ludashi.com
  • windowsupdate.com
  • www.ludashi.com
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to Blowfish
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryW
  • LoadLibraryExA
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
 Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegEnumKeyExA
  • RegQueryInfoKeyW
  • RegEnumKeyExW
  • RegDeleteValueW
  • RegDeleteKeyW
  • RegSetValueExW
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegCreateKeyExW
  • RegCloseKey
  • SHGetValueW
  • SHGetValueA
 Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
 Can create temporary files:
  • CreateFileA
  • CreateFileW
  • GetTempPathW
 Uses functions commonly found in keyloggers:
  • GetForegroundWindow
  • AttachThreadInput
  • GetAsyncKeyState
 Has Internet access capabilities:
  • InternetCloseHandle
  • InternetReadFile
  • InternetConnectW
  • InternetOpenW
  • InternetGetConnectedState
  • URLDownloadToCacheFileW
  • URLDownloadToFileW
 Functions related to the privilege level:
  • OpenProcessToken
 Can take screenshots:
  • GetDC
  • CreateCompatibleDC
  • BitBlt
Info The PE is digitally signed. Signer: Chengdu Qilu Technology Co. Ltd.
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b88654189ee63ca1555ce394b09bdaf6
SHA1 0e91bc9854a52e843b35321d7cbc596b3abc9869
SHA256 40a162790dd4877723c4af20ef0824dac1d63894b4d28818237f769658c0efff
SHA3 b9aa8b8a45755d4d7002afd0dbc63ff1dab5263371cd11ff34f7451791ef26ec
SSDeep 24576:egAEghbdaEhw9/XdcEoqVzBCVMJqXTxl27:f2VQ86/5oqZBC+WTxl27
Imports Hash dced7d5765329217e60fc4417fb14bd3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x140

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2022-May-20 05:49:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x8fe00
SizeOfInitializedData 0x71800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00052262 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x91000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x104000
SizeOfHeaders 0x400
Checksum 0x1033c6
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a706d08513addcb9e62b8715a24960d1
SHA1 6a1d4f5920f9db35ffe0b905add6fc9506c5f0aa
SHA256 c87835fa3402f46afab4b65dab91ce9287b1c39863f83f665a6342b4b4ff080f
SHA3 8f1b06e44debb07608b34263930f8e926d0a025dd2c51f4d04ccae9a17cbaab8
VirtualSize 0x8fdf2
VirtualAddress 0x1000
SizeOfRawData 0x8fe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.56003

.rdata

MD5 611665b9a2b1884c24c1b48c2049dbb5
SHA1 702aeb3f12775e404ac677486ea04e90dce5c51f
SHA256 9cd5624b2f71406ffd2baafce20c6c440900e2044cb7a23182ac7a0742b09cc5
SHA3 a89f7e9009064d50149c1d3e7b7993fd38b73017b662634b87687c2951be257c
VirtualSize 0x52344
VirtualAddress 0x91000
SizeOfRawData 0x52400
PointerToRawData 0x90200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.45018

.data

MD5 a24e7aa7762ceb1135f6b26d93575875
SHA1 4696eb7a7cfad4b9e22518a3d7c9bbe9254e1b06
SHA256 3d71520b70375c19da964c43067dd06ab1a6195dc1a00ff298fbfc76a28c016a
SHA3 3798567f3dd178a8ce2ec3d9a3155e5b368c8d8d6729f974df4143c657d4b863
VirtualSize 0x5df4
VirtualAddress 0xe4000
SizeOfRawData 0x3e00
PointerToRawData 0xe2600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.00185

.rsrc

MD5 b2269ea0978061d459ceb4d96c68eabb
SHA1 e36da62f2cd998b8ed4e4835476c65b608700fd4
SHA256 15e246dc15373882a856b0a7b1fc9c9ca0791252a43560df637725149a56a65f
SHA3 62b86e478cc55236b36ad84e4dcfc9a3d77f1d0d9af01dc6303d52eec0812e56
VirtualSize 0x11928
VirtualAddress 0xea000
SizeOfRawData 0x11a00
PointerToRawData 0xe6400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.30356

.reloc

MD5 1cb31627349c5e679154b4308f3c2fa7
SHA1 318ce46f3bba9241761f2255a44627ebf9c44e88
SHA256 61ebb5358e05ac91630500db8f6e3ac7be0ddca673ef00e11ce758ed55b81faa
SHA3 02864c973ad91039b777ee03713037816fa8054d40f60139a8c79e196a840374
VirtualSize 0x7b1c
VirtualAddress 0xfc000
SizeOfRawData 0x7c00
PointerToRawData 0xf7e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.63166

Imports

KERNEL32.dll MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetCurrentProcessId
CreateMutexW
GetVersionExW
lstrcmpiW
LoadLibraryExW
CopyFileW
TerminateProcess
CreatePipe
CreateProcessW
GetStartupInfoW
GetFileAttributesW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
CloseHandle
SizeofResource
InterlockedDecrement
InterlockedIncrement
WritePrivateProfileStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LoadResource
GetACP
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
FindNextFileW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OpenFileMappingW
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
CreateFileW
FindClose
ReadFile
WriteFile
GetFileSizeEx
SetLastError
GetTickCount
MoveFileW
RemoveDirectoryW
GetTempPathW
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseMutex
LocalFree
FlushFileBuffers
DecodePointer
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
EncodePointer
FormatMessageW
GetStringTypeW
GetProcessHeap
HeapSize
HeapFree
SetEvent
CreateThread
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
FindResourceExW
HeapReAlloc
HeapAlloc
GetModuleHandleExW
FindResourceW
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
USER32.dll DrawFocusRect
DestroyWindow
IsWindow
CreateWindowExW
SendMessageW
GetWindowThreadProcessId
UnregisterClassW
PostMessageW
UpdateLayeredWindow
PtInRect
WaitForInputIdle
LoadImageW
DestroyIcon
LoadIconW
SetForegroundWindow
GetForegroundWindow
GetSystemMetrics
IsIconic
IsWindowVisible
AttachThreadInput
RegisterWindowMessageW
CharNextW
GetClassInfoExW
RegisterClassExW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
OffsetRect
MapWindowPoints
ScreenToClient
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
EnableWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetAsyncKeyState
EndDialog
DialogBoxParamW
BringWindowToTop
SetWindowPos
wsprintfW
CopyRect
UnionRect
EqualRect
GDI32.dll SaveDC
RectVisible
ExtTextOutW
GetObjectW
CreateDIBSection
SetBkColor
SelectObject
SelectClipRgn
OffsetViewportOrgEx
RestoreDC
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
EnumFontFamiliesW
SetViewportOrgEx
CreateFontW
ADVAPI32.dll RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
SHELL32.dll SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
ole32.dll CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoInitialize
CreateStreamOnHGlobal
OLEAUT32.dll SysAllocString
VarUI4FromStr
SysFreeString
SHLWAPI.dll SHSetValueW
PathRemoveBackslashW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathIsRelativeW
PathCombineW
PathIsDirectoryW
SHSetValueA
SHGetValueW
PathRemoveExtensionW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathAppendW
SHGetValueA
StrCmpIW
StrStrIA
StrStrIW
StrCmpNIW
StrTrimA
WININET.dll HttpOpenRequestW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoA
InternetReadFile
InternetConnectW
InternetOpenW
InternetGetConnectedState
HttpAddRequestHeadersA
COMCTL32.dll _TrackMouseEvent
VERSION.dll GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
urlmon.dll URLDownloadToCacheFileW
URLDownloadToFileW
IPHLPAPI.DLL GetAdaptersInfo
dbghelp.dll MakeSureDirectoryPathExists
NETAPI32.dll Netbios
CRYPT32.dll CertGetNameStringW
WINTRUST.dll WinVerifyTrust
WTHelperProvDataFromStateData
gdiplus.dll GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipFillRectangleI
GdipDrawImageRectRect
GdipDrawImageRectRectI

Delayed Imports

_Start@12

Ordinal 1
Address 0x35b10

247

Type PNG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x778e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.93365
Detected Filetype PNG graphic file
MD5 eb99a99fcae546cf26da07eeacb3efcf
SHA1 4e06fd59d8179d70335dd46c31adf6024810d631
SHA256 793be2c5b316aa8ad4329d06d128025891971d9b70cc7999cd1f2fff4cd3f685
SHA3 c3c61d84329d80425fe0ea01326320fa9ee073339c9f91796b952fd506afcc83

248

Type PNG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xb0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.71853
Detected Filetype PNG graphic file
MD5 6bd903633c1b7c31262710e23dc7eab8
SHA1 0902e2e0bdcb56ecd3c46b48aa195901b6392201
SHA256 e139257c310e37097aac2587d812290367936c93210c4b52324ec6bff563eca0
SHA3 2443c63a8494f225e53a54fdafc22379d9a291d8137bc1c650435d48d7741f7e

251

Type PNG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xdd
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.88312
Detected Filetype PNG graphic file
MD5 a8ba73e60ef34c70e3e75bd5f9ac608d
SHA1 533fd62eb68570840555543735a7c0333be2d2e7
SHA256 ec18ed014853392090d082bddca3c523c8a20477144a3958d91a607952ff421b
SHA3 62730058b4946e38c5d2530cbdcc8a2642306f77ea8fa1e99bfca26595b2e4df

255

Type PNG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x152
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.13362
Detected Filetype PNG graphic file
MD5 856222bb0238ce0abdecb73023fbca76
SHA1 e00fed18cd4a37f081a75a8c64afb1099471748b
SHA256 24b36464845e37222e172077c9e2e6a1c233868cbb4218d2a30977db76ec027e
SHA3 a4a24955a21cd1f9f372539866306e136179d1e8248224d3a258f533230f4280

283

Type PNG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x39c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.37229
Detected Filetype PNG graphic file
MD5 8f132f57ff03f6289b477f99f08a3f43
SHA1 a3f620085ad04708b16a28403160f343be34dbdd
SHA256 e34c9bb4fa3a891fa5b37924dfe8653f778f969eeefd19a5326162a9dd83a463
SHA3 f1c3d5067e6876962d3db4091c99432c65aac155c4efe2aafc8da9a58ad81ade

284

Type PNG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x424
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.04019
Detected Filetype PNG graphic file
MD5 6b6897bf387643a1efa047e2bf4d6219
SHA1 079aecd8e382c6e4ce309da88c9a1398e321830e
SHA256 d6e920ccdb027004a6e32674e354bd1a6089f4d2853fc1b0b8a2f84096e86313
SHA3 c08a9dbdd7a79bd69bb8bad0e7eea36b3fe257e58fbeafcd9ef1e8d598b17379

286

Type PNG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.48258
Detected Filetype PNG graphic file
MD5 b570f3ba1158aeb7a7243379ca5e5b1b
SHA1 be84b7b34f37f053b29a01ec9a20cc457557e5b6
SHA256 6e99a5bd817aff257a42f187fa28b7781ac7238b858a05c22af05b01543493b0
SHA3 ab1da2ebd17bf2408301ad4f2d893ac41c2a57bbe4d65bfee890967564a39795

865

Type PNG
Language Chinese - PRC
Codepage UNKNOWN
Size 0xbd0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.72411
Detected Filetype PNG graphic file
MD5 55aac9b75ce23262e032d4d96b6b6c92
SHA1 9a5060a33cce8a830914014f840b826823449046
SHA256 ac337cdd489a9d7837eb7934cc915180dfd9f2662fa0cd20066fad1a380d8589
SHA3 ffa8a03e087a98e64b7b593aa958b3a39559d57eb7863eaf84117c45b9b0dbc2

1

Type RT_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.69221
MD5 d662f877341b1784568e997a1b1acf5c
SHA1 9d19bdbab1f85d1cb91dc332a1eda5bfe492c459
SHA256 a5142d55b873b7b346c5154b9561161a7141d3403ff5284b46cc9678def4e74e
SHA3 9b17fd487f52da13a223e19027bd65697fc0b2aeda54611988de3fa4470645b9

2

Type RT_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.95414
MD5 6e17c32941f6c874e039692fc68f9703
SHA1 646a1c982520984d51cbff10adff27a98d2d980c
SHA256 c3b79c02cec8cf9ae750a98e9b01f2fa8a92a9858760ae7f32c9853e48948278
SHA3 32584ba6e6f2a891d49ff762ba83f321249446ab3a5926676804cf3d08c342a3

3

Type RT_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.78313
MD5 cd6862fbc27e993a0230ce803e53a14c
SHA1 32fdedc32b1c1594424c93ce8a57a55ad4d82ec1
SHA256 8d0c0e3e152c4be7a8e9b1802848a90c1d0bcb00e7ee92b59fdc2c5d39423442
SHA3 02ba691fd4115417cc77a9dff5e3afe116b246070ce8376b5333b8bd4bb59c9c

IDD_ABOUTBOX

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x120
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.33756
MD5 34135f66f3cd5381280e9aab6806eb96
SHA1 9b03219b2d73944d4f9f9e7b7c2780c8466b6286
SHA256 fec1f22a850f5b3386a050f207bc65be8c27d8557039f848bd917e1708a4e708
SHA3 7c2f254e4368d0da14c0b32eb0b502a00bafc29d1d52e013fc9462b00a6f7ac5

282

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x40
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.45491
MD5 c17739ee2ca612214933ae53c448c5b2
SHA1 15d5ae5c831c751020329b94a838807dec84f997
SHA256 66ab8e8fa818c5cf74d0340ca85582a6e3abbfd476c28090aa94f9932471fccf
SHA3 502d47affc3dde0a1da429e680fb85135f4864c8218888e31aa045ff65929a6a

10

Type RT_STRING
Language Chinese - PRC
Codepage UNKNOWN
Size 0x34
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.39929
MD5 14bdf620087f782c4cd72f9f87a96806
SHA1 4071a3ed99a949a7d41853680ab314eb1c800cec
SHA256 66a2df60e5853475133f7a5ee48a50be489929492e4399d219baef9d3fba5259
SHA3 c0d671df091d8b6c3cd754b151e2291f5e13aa0cbcfc9292aad1d2f14c655bf0

128

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.51589
Detected Filetype Icon file
MD5 f9b66dc8c28b07309f3d3cac7fcc1644
SHA1 ad7fb5d286c7dae1a112ab7a1a1b0120351b5939
SHA256 6f4f72082c8f111e0752295a16c5a4a89fc748a933fb3f96b91c446f1ae2b5ef
SHA3 d61eb4e8467fe4df0fe7836cee11a26fbe83dc3f23c0de23d8aad0d4aaba5cca

1 (#2)

Type RT_VERSION
Language Chinese - PRC
Codepage UNKNOWN
Size 0x294
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.65236
MD5 160f7a771d12f6efb32edafd87b9a9ad
SHA1 8196d6ef1c7e45ecc0a10170e2b2ac095935e0ba
SHA256 6fed34deaf145deee097fa037b844e90cdf0c31a271ffd1a201a0c8d091d39e6
SHA3 6f47795f15e32cdb511fe0d70c3d942292860fdbc52c8a429d81bee3636bd73c

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x188
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89623
MD5 b8e76ddb52d0eb41e972599ff3ca431b
SHA1 fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
SHA256 165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
SHA3 37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd

String Table contents

downloader

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.5022.1105.520
ProductVersion 5.5022.1105.520
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language Chinese - PRC
FileDescription 应用帮助和支持
FileVersion (#2) 5.5022.1105.520
InternalName support.exe
LegalCopyright 版权所有 (C) 2008-2022
OriginalFilename support.exe
ProductName support.exe
ProductVersion (#2) 5.5022.1105.520
Resource LangID Chinese - PRC

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-May-20 05:49:44
Version 0.0
SizeofData 984
AddressOfRawData 0xd9028
PointerToRawData 0xd8228

TLS Callbacks

StartAddressOfRawData 0x4d9410
EndAddressOfRawData 0x4d9418
AddressOfIndex 0x4e8934
AddressOfCallbacks 0x4915f0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0xa0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4e55d4
SEHandlerTable 0x4d8a70
SEHandlerCount 366

RICH Header

XOR Key 0xa131a741
Unmarked objects 0
241 (40116) 18
243 (40116) 163
242 (40116) 31
C++ objects (VS2017 v15.8.1 compiler 26726) 15
C objects (LTCG) (VS2017 v15.9.12-13 compiler 27031) 2
Unmarked objects (#2) 1
C++ objects (VS2017 v15.7.5 compiler 26433) 10
ASM objects (VS 2015/2017 runtime 26706) 25
C++ objects (VS2017 v15.9.14-15 compiler 27032) 7
C++ objects (VS 2015/2017 runtime 26706) 73
C objects (VS 2015/2017 runtime 26706) 35
C objects (VS2008 SP1 build 30729) 2
Imports (VS2008 SP1 build 30729) 39
Total imports 382
C objects (VS2017 v15.9.12-13 compiler 27031) 1
C++ objects (VS2017 v15.9.12-13 compiler 27031) 38
Exports (VS2017 v15.9.12-13 compiler 27031) 1
Resource objects (VS2017 v15.9.12-13 compiler 27031) 1
151 1
Linker (VS2017 v15.9.12-13 compiler 27031) 1

Errors

<-- -->