Manalyze report for bf0183429711b72380569cd7cbe91b5c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Oct-09 06:41:24
Detected languages	English - United States
Debug artifacts	c:\jenkins\workspace\Client\Client\Windows\release-64\Bin\X64\Release\Zoom.pdb
Comments	Zoom
CompanyName	Zoom Video Communications, Inc.
FileDescription	Zoom Meetings
FileVersion	`5,8,1,1435`
InternalName	Zoom
LegalCopyright	© Zoom Video Communications, Inc. All rights reserved.
LegalTrademarks	Zoom
OriginalFilename	Zoom
ProductName	Zoom
ProductVersion	`5,8,1,1435`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: chat.facebook.com facebook.com https://zoom.us`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegEnumKeyExW RegCloseKey` `Possibly launches other programs: CreateProcessW ShellExecuteW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Functions related to the privilege level: CheckTokenMembership OpenProcessToken DuplicateToken` `Manipulates other processes: EnumProcessModules OpenProcess Process32NextW Process32FirstW`
Info	The PE is digitally signed.	`Signer: Zoom Video Communications` `Issuer: DigiCert EV Code Signing CA (SHA2)`
Safe	VirusTotal score: 0/66 (Scanned on 2021-10-13 12:36:27)	`All the AVs think this file is safe.`

Hashes

MD5	`bf0183429711b72380569cd7cbe91b5c`
SHA1	`0ba2583ae026f9e0cf1fd2ca983444b709679842`
SHA256	`6fb7c16eb8e7d76ff39fe7594aa93abf28fcddf04b362b82c0aba2e28c24692b`
SHA3	`ea3445813c4b7f6f2e9325831135a2d32b905f94024291d93d5f30c872cb2e2b`
SSDeep	`3072:RZk70EH0giX+oFby2gNmuJM/nQWxcsmlp3vKpRB8:RZkgE1GXgpWWvCpRB8`
Imports Hash	`b65e1bcac5fd84f73ce7c3771e1d512a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2021-Oct-09 06:41:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x12600`
SizeOfInitializedData	`0x31400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000111B0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x47000`
SizeOfHeaders	`0x400`
Checksum	`0x4896a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4c7e629dd048c14ca508a1d6e7d45204`
SHA1	`ca23c51106c327061f69a3c9054428c148713d21`
SHA256	`3d8c19cc0a43c64723e2d038a75d5a5af3db29de0986ba93d85b5fae441f3ebd`
SHA3	`06e9815bb74d81000b1a94903e6d5db87c65fb2662f601a28560d4f0ed5164cb`
VirtualSize	`0x1249c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x12600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.08878`

.rdata

MD5	`9b92cc1deb1bebd8e36bce894ae9a7e0`
SHA1	`97d847428852a3e9f0bafa0d41056336d12a26b7`
SHA256	`9652893ddc6b359be690671286f53cf2e443979e08d22b7b2a0f90fdf17a9123`
SHA3	`b9bedb1b0809c13b7f3a72891806fbcd78b501e3315a838a24d750512fae0fea`
VirtualSize	`0xcbac`
VirtualAddress	`0x14000`
SizeOfRawData	`0xcc00`
PointerToRawData	`0x12a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23894`

.data

MD5	`28f930b6f088a54ac8f1bbeb65dd1202`
SHA1	`af11bc6048f0217a9e31713b088d3e0e0c77f4ca`
SHA256	`46c6ff667cf10bd94a03f8b59c8b8a2a83d1aab9789d7429bf79fc98bb941ead`
SHA3	`6de6ae556187b0eafd4e588a8563025e715aa7e1d7bf580d032fb030780c447d`
VirtualSize	`0x2980`
VirtualAddress	`0x21000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x1f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.231104`

.pdata

MD5	`e83539b905f609fbe745a3a8d70b8991`
SHA1	`4961a9cb430584122c5ed87c43a0421cfa03a3f7`
SHA256	`81bbf831485925966f65fbf3fe1dbdf20337799b860fb11843a6da5159a9e6b0`
SHA3	`94fc26eee01e5f999ac00e075b62dde5deeb5918ce41fa37ebd3381422ea1c9e`
VirtualSize	`0xccc`
VirtualAddress	`0x24000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x21800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69383`

.rsrc

MD5	`25d8a7200486b1e3c96f75674bdee965`
SHA1	`5f10a049fabd04d440c77678484d5afb1d424cbe`
SHA256	`498cdc7c36e3b9b2a63c2de82b0c858d842324796d48b4d8e9fe6b58510b4434`
SHA3	`dfd25e5ec2caf8975b827176c94214fe9fb9eaf2909a865818ded839847dd99e`
VirtualSize	`0x20910`
VirtualAddress	`0x25000`
SizeOfRawData	`0x20a00`
PointerToRawData	`0x22600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.74394`

.reloc

MD5	`a1375cae56a840d4d506b9a84d857cc9`
SHA1	`b87cc113853eae649c7de88c5e5c00d2e40d3d2e`
SHA256	`b6bb579e4174a60a027da9f008a418b536cc976112ce2a0590d37004bad7e686`
SHA3	`df5762a6a2c9d6502a8c8ace965d4a819a47d472ccc7401cf799a5ad3e26a8fc`
VirtualSize	`0x4fc`
VirtualAddress	`0x46000`
SizeOfRawData	`0x600`
PointerToRawData	`0x43000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.04318`

Imports

DllSafeCheck64.dll	`HackCheck`
PSAPI.DLL	`GetModuleInformation` `GetModuleFileNameExW` `EnumProcessModules`
zCrashReport64.dll	`#7` `#9`
Cmmlib.dll	`?Now@Time@Cmm@@SA?AV12@XZ` `?GetZoomAccountManager@Cmm@@YAPEAVIZoomAccountManager@zoom_data@@XZ` `?GetZoomClientData@Cmm@@YAPEAVIZoomClientData@zoom_data@@XZ` `?GetZoomAppPropData@Cmm@@YAPEAVIZoomAppPropData@zoom_data@@XZ` `CmmMQ_GetService` `?CreateAppContext@Cmm@@YAPEAVISSBAppContext@1@AEBV?$CStringT@_W@1@HH@Z` `?NotifyClientDataTermed@Cmm@@YAXXZ` `?IsPTProcess@Cmm@@YAHXZ` `?GetSwitchValueASCII@CommandLine@Cmm@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV34@@Z` `?ForCurrentProcess@CommandLine@Cmm@@SAPEAV12@XZ` `?DestroyDefaultMessageLoop@ZoomWorkerFactory@Cmm@@SAXXZ` `?GetSpecialDirectory@CFileName@Cmm@@QEAAXW4SpecialFolder@12@H@Z` `?SetProcessType@Cmm@@YAXW4PROCESS_TYPE@@@Z` `?DestroyAppContext@Cmm@@YAXPEAVISSBAppContext@1@@Z` `?Empty@?$CStringT@D@Cmm@@QEAAXXZ` `?empty@?$CStringT@D@Cmm@@QEBA_NXZ` `??0?$CStringT@D@Cmm@@QEAA@XZ` `??0?$CStringT@D@Cmm@@QEAA@PEB_W@Z` `??0?$CStringT@D@Cmm@@QEAA@AEBV?$CStringT@_W@1@@Z` `??1?$CStringT@D@Cmm@@UEAA@XZ` `??4?$CStringT@D@Cmm@@QEAAAEAV01@PEBD@Z` `??4?$CStringT@D@Cmm@@QEAAAEAV01@AEBV01@@Z` `?c_str@?$CStringT@D@Cmm@@QEBAPEBDXZ` `?empty@?$CStringT@_W@Cmm@@QEBA_NXZ` `??0?$CStringT@_W@Cmm@@QEAA@XZ` `??0?$CStringT@_W@Cmm@@QEAA@PEB_W@Z` `??0?$CStringT@_W@Cmm@@QEAA@PEBD@Z` `??1?$CStringT@_W@Cmm@@UEAA@XZ` `??4?$CStringT@_W@Cmm@@QEAAAEAV01@PEB_W@Z` `??4?$CStringT@_W@Cmm@@QEAAAEAV01@AEBV01@@Z` `??Y?$CStringT@_W@Cmm@@QEAAAEAV01@PEB_W@Z` `??Y?$CStringT@_W@Cmm@@QEAAAEAV01@AEBV01@@Z` `?c_str@?$CStringT@_W@Cmm@@QEBAPEB_WXZ` `?GetBuffer@?$CStringT@_W@Cmm@@QEAAPEA_W_K@Z` `?IsEmpty@?$CStringT@_W@Cmm@@QEBAHXZ` `?SetLength@?$CStringT@_W@Cmm@@QEAAX_K@Z` `??1CFileName@Cmm@@UEAA@XZ` `?GetModuleFileNameW@CFileName@Cmm@@QEAAXPEAUHINSTANCE__@@@Z` `?GetName@CFileName@Cmm@@QEBAPEB_WXZ` `??0CFileName@Cmm@@QEAA@XZ` `??B?$CStringT@_W@Cmm@@QEBAPEB_WXZ` `??Y?$CStringT@_W@Cmm@@QEAAAEAV01@PEBD@Z` `??8?$CStringT@_W@Cmm@@QEBA_NAEBV01@@Z` `?GetModuleLoader@Cmm@@YAPEAVICmmModuleLoader@1@XZ` `?GetModuleRegistry@Cmm@@YAPEAVICmmModuleRegistry@1@XZ` `??1CCmmArchiveObjHelper@Cmm@@QEAA@XZ` `??0CCmmArchiveObjHelper@Cmm@@QEAA@PEBD@Z` `?FreeMsg@CCmmMessageHelper@Cmm@@YAXPEAVCmmMQ_Msg@2@@Z` `?FlatternToMsg@CCmmMessageHelper@Cmm@@YAPEAVCmmMQ_Msg@2@PEAVCCmmArchiveObjHelper@2@H@Z` `??1CSBMBMessage_NotifyNetworkStateChanged@@UEAA@XZ` `?Set_Flag@CSBMBMessage_NotifyNetworkStateChanged@@QEAAXAEBI@Z` `?Set_State@CSBMBMessage_NotifyNetworkStateChanged@@QEAAXAEBI@Z` `??0CSBMBMessage_NotifyNetworkStateChanged@@QEAA@XZ` `??1CSBMBMessage_NotifyAppInActive@@UEAA@XZ` `?Set_Reason@CSBMBMessage_NotifyAppInActive@@QEAAXAEBV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_NotifyAppInActive@@QEAA@XZ` `??1CSBMBMessage_NotifyAppActive@@UEAA@XZ` `?Set_Reason@CSBMBMessage_NotifyAppActive@@QEAAXAEBV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_NotifyAppActive@@QEAA@XZ` `?cmm_str_convert@@YA_KHPEAD_KPEB_W1@Z` `?SetMinLogLevel@logging@@YAXH@Z` `?BaseInitLoggingImpl_built_with_NDEBUG@logging@@YA_NPEB_WW4LoggingDestination@1@W4LogLockingState@1@W4OldFileDeletionState@1@W4LogEncryptPolicy@1@@Z` `??_7CFileName@Cmm@@6B@` `??_7?$CStringT@_W@Cmm@@6B@` `cmm_fs_rmdirs` `?ToTimeT@Time@Cmm@@QEBA_JXZ` `?IsExists@CFileName@Cmm@@QEBAHXZ` `?Assign@?$CStringT@_W@Cmm@@QEAAXPEB_W_K@Z` `?SetLength@?$CStringT@D@Cmm@@QEAAX_K@Z` `?size@?$CStringT@D@Cmm@@QEBA_KXZ` `??0?$CStringT@D@Cmm@@QEAA@PEBD@Z` `??Y?$CStringT@D@Cmm@@QEAAAEAV01@PEBD@Z` `?GetBuffer@?$CStringT@D@Cmm@@QEAAPEAD_K@Z` `?begin@?$CStringT@_W@Cmm@@QEAA?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@_W@std@@@std@@@std@@XZ` `?erase@?$CStringT@_W@Cmm@@QEAA?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@_W@std@@@std@@@std@@V34@@Z` `?find@?$CStringT@_W@Cmm@@QEBA_KPEB_W_K@Z` `?find@?$CStringT@_W@Cmm@@QEBA_K_W_K@Z` `?find_last_of@?$CStringT@_W@Cmm@@QEBA_K_W_K@Z` `?length@?$CStringT@_W@Cmm@@QEBA_KXZ` `??0?$CStringT@_W@Cmm@@QEAA@AEBV01@@Z` `??0?$CStringT@_W@Cmm@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z` `??4?$CStringT@_W@Cmm@@QEAAAEAV01@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z` `?Format@?$CStringT@_W@Cmm@@QEAAXPEB_WZZ` `?Compare@?$CStringT@_W@Cmm@@QEBAHPEB_W@Z` `?GetAt@?$CStringT@_W@Cmm@@QEBA_WH@Z` `?Left@?$CStringT@_W@Cmm@@QEBA?AV?$CRangeT@PEB_W@2@_K@Z` `?Right@?$CStringT@_W@Cmm@@QEBA?AV?$CRangeT@PEB_W@2@_K@Z` `?Trim@?$CStringT@_W@Cmm@@QEAAXXZ` `?MakeLower@?$CStringT@_W@Cmm@@QEAAXXZ` `?GetSecond@CTime@Cmm@@QEBAHXZ` `?GetMinute@CTime@Cmm@@QEBAHXZ` `?GetHour@CTime@Cmm@@QEBAHXZ` `?GetDay@CTime@Cmm@@QEBAHXZ` `?GetMonth@CTime@Cmm@@QEBAHXZ` `?GetYear@CTime@Cmm@@QEBAHXZ` `?GetTickCount@CTime@Cmm@@SA?AV12@XZ` `??_7CmmLogGC@Cmm@@6B@` `?ResetAppData@CmmLogGC@Cmm@@UEAAHH@Z` `?Init@CommandLine@Cmm@@SAXHPEBQEBD@Z` `??0?$CStringT@_W@Cmm@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z` `??8?$CStringT@_W@Cmm@@QEBA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z` `CmmMQ_TermService` `CmmMQ_InitService` `?GetCurrentVersion@Cmm@@YAXAEAV?$CStringT@D@1@@Z` `?ClearAllPackageDefines@CCmmArchiveService@Cmm@@SAXXZ` `?base64FreeDecodeBuffer@Cmm@@YAXAEAPEAE@Z` `?IsNewerVersion@Cmm@@YAHAEBV?$CStringT@D@1@0@Z` `?base64Decode@Cmm@@YAPEAEAEBV?$CStringT@_W@1@AEAI@Z` `?assign@?$CStringT@_W@Cmm@@QEAAAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W@Z` `?size@?$CStringT@_W@Cmm@@QEBA_KXZ` `??H?$CStringT@_W@Cmm@@QEBA?AV01@PEB_W@Z` `??Y?$CStringT@_W@Cmm@@QEAAAEAV01@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z` `??9?$CStringT@_W@Cmm@@QEBA_NPEB_W@Z` `??9?$CStringT@_W@Cmm@@QEBA_NAEBV01@@Z` `??1PolicyContext_s@zpref@@QEAA@XZ` `??1CSBMBMessage_NotifyAppEvent@@UEAA@XZ` `?Set_Param@CSBMBMessage_NotifyAppEvent@@QEAAXAEBV?$CStringT@_W@Cmm@@@Z` `?Set_EventID@CSBMBMessage_NotifyAppEvent@@QEAAXAEBI@Z` `??0CSBMBMessage_NotifyAppEvent@@QEAA@XZ` `??1CSBMBMessage_NotifyBeforeTerm@@UEAA@XZ` `?Set_AppName@CSBMBMessage_NotifyBeforeTerm@@QEAAXAEBV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_NotifyBeforeTerm@@QEAA@XZ` `??1CSBMBMessage_NotifyAfterInit@@UEAA@XZ` `?Set_AppName@CSBMBMessage_NotifyAfterInit@@QEAAXAEBV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_NotifyAfterInit@@QEAA@XZ` `??1CSBMBMessage_TermThread@@UEAA@XZ` `?Set_AppName@CSBMBMessage_TermThread@@QEAAXAEBV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_TermThread@@QEAA@XZ` `??1CSBMBMessage_InitThread@@UEAA@XZ` `?Set_AppName@CSBMBMessage_InitThread@@QEAAXAEBV?$CStringT@D@Cmm@@@Z` `??0CSBMBMessage_InitThread@@QEAA@XZ` `??0PolicyContext_s@zpref@@QEAA@XZ` `?GetModuleFilePath@CFileName@Cmm@@QEAAXPEAUHINSTANCE__@@@Z` `?CreatePolicyProvider@zpref@@YAPEAVIPolicyProvider@1@AEBUPolicyContext_s@1@@Z` `?DestoryPolicyProvider@zpref@@YAXXZ` `?cmm_str_convert@@YA_KHPEA_W_KPEBD1@Z` `?GetAppContext@Cmm@@YAPEAVISSBAppContext@1@XZ`
DuiLib.dll	`?UnInitHdpi@CHighDpi@DuiLib@@SAXXZ` `?InitHdpi@CHighDpi@DuiLib@@SAHXZ` `?SetSupportHighContrast@CHighContrast@DuiLib@@QEAAX_N@Z` `?Instance@CHighContrast@DuiLib@@SAPEAV12@XZ` `?SetAwarenessMode@CHighDpi@DuiLib@@SA_NW4DPIAwareMode@CDpiAwarenessMode@2@@Z`
MSAALIB.dll	`ZAccTermModule` `ZAccInitModule`
util.dll	`mlog_unreg` `destroy_mlog_mgr` `enable_logger` `util_init` `?update_log_destination@mem_log_file@ssb@@QEAAHI@Z` `?destroy@mem_log_file@ssb@@SAXXZ` `??1thread_mutex_recursive@ssb@@QEAA@XZ` `?instance@mem_log_file@ssb@@SAPEAV12@I@Z` `mlog_reg` `util_uninit` `??0thread_mutex_recursive@ssb@@QEAA@XZ`
libcrypto-1_1-x64.dll	`RAND_bytes`
KERNEL32.dll	`ResetEvent` `WaitForSingleObjectEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentThreadId` `HeapFree` `CreateFileW` `GetFileAttributesW` `OpenProcess` `GetLastError` `CloseHandle` `HeapAlloc` `GetProcAddress` `VerSetConditionMask` `GetProcessHeap` `VerifyVersionInfoW` `LoadLibraryExW` `InitializeCriticalSectionEx` `CreateDirectoryW` `SetErrorMode` `GetPrivateProfileStringW` `DeleteFileW` `GetTempFileNameW` `GetModuleHandleA` `VirtualProtect` `EnterCriticalSection` `GetCurrentProcess` `ReleaseSemaphore` `RtlVirtualUnwind` `TerminateProcess` `GetModuleFileNameW` `WaitForMultipleObjects` `LeaveCriticalSection` `InitializeCriticalSection` `SetFilePointer` `ResumeThread` `CreateToolhelp32Snapshot` `CreateEventW` `Process32NextW` `CreateFileA` `SetEvent` `Process32FirstW` `CreateThread` `GetWindowsDirectoryW` `DeleteCriticalSection` `GetCurrentProcessId` `GetModuleHandleW` `CreateSemaphoreW` `FlushInstructionCache` `CreateDirectoryA` `SetDllDirectoryW` `VirtualQuery` `FlushFileBuffers` `CreateProcessW` `FindFirstFileW` `SetLastError` `FindNextFileW` `ExpandEnvironmentStringsW` `DeviceIoControl` `FindClose` `OutputDebugStringW` `GetTempPathW` `MoveFileExW` `FreeLibrary` `MoveFileW` `GetSystemTimeAsFileTime` `InitializeSListHead` `InitializeCriticalSectionAndSpinCount` `WriteFile`
USER32.dll	`FindWindowW` `DefWindowProcW` `DestroyWindow` `CreateWindowExW` `UnregisterClassW` `ShowWindow` `MessageBoxW` `GetClassInfoW` `RegisterClassW` `SetFocus` `UpdateWindow` `PostMessageW` `SendMessageW` `IsWindow` `GetUserObjectInformationA` `GetProcessWindowStation`
ADVAPI32.dll	`CheckTokenMembership` `FreeSid` `OpenProcessToken` `AllocateAndInitializeSid` `GetTokenInformation` `RegQueryValueExW` `RegOpenKeyExW` `RegEnumKeyExW` `RegCloseKey` `GetUserNameW` `DuplicateToken`
SHELL32.dll	`SHGetSpecialFolderPathW` `SHGetSpecialFolderPathA` `SHFileOperationW` `SHGetFolderPathA` `ShellExecuteW`
ole32.dll	`CoUninitialize` `CoInitialize`
SHLWAPI.dll	`PathIsRelativeW` `PathAppendW` `PathRemoveFileSpecW` `PathAddBackslashW` `PathRemoveBackslashW`
WINTRUST.dll	`WTHelperGetProvSignerFromChain` `WTHelperProvDataFromStateData` `WTHelperGetProvCertFromChain` `WinVerifyTrust`
CRYPT32.dll	`CertGetNameStringW`
MSVCP140.dll	`??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z` `?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z` `??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z` `?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z` `?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z` `?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ` `??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z` `?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ` `?uncaught_exception@std@@YA_NXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z` `?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z` `??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ` `?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ` `?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z` `?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ` `?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z` `??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ` `??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z` `??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ` `?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ` `?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ`
tp.dll	`?release@net_adaptors_t@ssb@@SAXAEAPEAV12@@Z` `?get_adaptor_mac_addr@net_adaptors_t@ssb@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ` `?enum_netadaptors@net_adaptors_t@ssb@@SAPEAV12@XZ`
gdiplus.dll	`GdiplusShutdown` `GdiplusStartup`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`memcmp` `memcpy` `__std_terminate` `__std_exception_destroy` `memmove` `_CxxThrowException` `memset` `__current_exception_context` `__current_exception` `__C_specific_handler` `wcsstr` `_purecall` `__std_exception_copy`
api-ms-win-crt-string-l1-1-0.dll	`_strnicmp` `wcscpy_s` `towupper` `strcat_s` `towlower` `_wcsicmp` `strnlen` `wcscat_s`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `malloc` `_callnewh` `free`
api-ms-win-crt-filesystem-l1-1-0.dll	`_wstat64i32`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_invalid_parameter_noinfo_noreturn` `_configure_wide_argv` `_crt_atexit` `_exit` `_initterm_e` `signal` `_set_abort_behavior` `_set_app_type` `_seh_filter_exe` `terminate` `_c_exit` `_register_thread_local_exe_atexit_callback` `exit` `_initialize_onexit_table` `_register_onexit_function` `_cexit`
api-ms-win-crt-convert-l1-1-0.dll	`_itow_s`
api-ms-win-crt-environment-l1-1-0.dll	`_putenv` `getenv`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0543`
MD5	`2bbd36ae5de51069553d5efa078cbd2c`
SHA1	`6a29d9478976073fda2a8164383984ecfb7d9373`
SHA256	`c7e9afaf9f60d6e6afc3d761ccc47b2f55e51e36c26ebc7e053a5cf634f14275`
SHA3	`49d00475a4fdc8586b24f72ea0ac5b685647964af6ba63ecfb45e95bc3b2672c`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.19974`
MD5	`a016978ba80d946cdb604a0bd17ce814`
SHA1	`4e9c2d600ab5ccc93f73968daae9f2be5720fb58`
SHA256	`7c8f3f4658e6ad39c6b04def6673f254f92289219a90eb00d8cbb47aaec7daf4`
SHA3	`24a12692c11a2fd927ab039a54abcab70a9159cf85e0ec3deb797b15bcb1cbb3`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13276`
MD5	`155b74fd79aa7877b8576ed4b12dc9fc`
SHA1	`b054a52a89f5255803238eff5549c6cd5be10cd5`
SHA256	`87e940ac711f680e1c10d8a5a1aafd80ade569995fa00c9ec41632422243a265`
SHA3	`e3e3ca8030a74c689362fc9519baeebb0c77de27d51568ca70f421ba578bf456`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70844`
MD5	`20033da9cf963882f858bf463d6ae167`
SHA1	`2606617072466d477f1870cfcef83381eaa98cf9`
SHA256	`aae3ffe9477486e92852c0b42889572f5ab60f8fb4316c8bd6436f4659500336`
SHA3	`6a6686f73a4266bdf26ee9551702c7212bdc9fdf36b59e6f8414c7f341dcd9b7`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67659`
MD5	`e619bdddd7aaf73053bd8714da823585`
SHA1	`0d0b53f5c00f0744692dcc2f029279ab838910c0`
SHA256	`c2e4b8ca792ddf1a6a6f4ae51310f756ea5acbe58f2491bde6028a7a4144c228`
SHA3	`d77dd854b1b69a3803db700b8399eccae4a1b8f66bddc5c3a5822fd3c05c7fb6`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.3637`
MD5	`4c6bfeb7c53a28b216b29fe090f52807`
SHA1	`313e6aa2c6b3d833fac6a09ab5c484bd52093863`
SHA256	`6aa72ec9f66c66b94f98eacf6ec49c11b4e7ccebcf6eb6f803aea74c4b85e080`
SHA3	`f2155d67ed64794d0626de0f498d8b51dfacda30bd46847170f86b7e875370f9`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x71cb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97548`
Detected Filetype	PNG graphic file
MD5	`cae8ae0ea6cb16a532486e68b9fe11ba`
SHA1	`c2d38b02168246406c21499340f0d1eea95e37f7`
SHA256	`fccfadc8840a8b8552f11f54dc33948116c68c52736fec1bb5903fbb9a5f7a5e`
SHA3	`3d147797106f6d2212c9a58ee51a4159c4a4e23af507239e0840a786ef914a58`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91902`
Detected Filetype	Icon file
MD5	`1d1fcb4e6c40791009c311431e312742`
SHA1	`dfbb3e5083c7ea479516c238a84c636b3a2af17b`
SHA256	`72066506fc0cb5ed093b16e5fb0e8b43605f7bf66ac090064157b648c7143834`
SHA3	`9d447fe05a3b76df30baeeaf7bb442826a890649c8a63a08d61f36b20e8e5c1c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39446`
MD5	`dc9b63eecabff5351f48ffc9994e835b`
SHA1	`e97b01e76a03d2d8776de239c6de1fa754353dc8`
SHA256	`a54331e1be9bbe9cb965c40f6263aadd4ecbbd075a9be368d54d5fdf58c08303`
SHA3	`13a2273d3bf5194737f6c827a85250d4ca3f95750706bd282326ef171e2c782c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x282`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0672`
MD5	`b2ced3969f764cf58d1e3f898073333a`
SHA1	`d4e26a5bc1ae0f1b8c21554308ee5a20614e6a56`
SHA256	`1d8a782b70eaa4d474727b0c68e8dfb3105966bac2fd3ed0c23df96388957674`
SHA3	`ce1e576a590d4453de91b4877643a36e09055955d3cca3f8571b549853470182`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.8.1.1435
ProductVersion	5.8.1.1435
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Zoom
CompanyName	Zoom Video Communications, Inc.
FileDescription	Zoom Meetings
FileVersion (#2)	5,8,1,1435
InternalName	Zoom
LegalCopyright	© Zoom Video Communications, Inc. All rights reserved.
LegalTrademarks	Zoom
OriginalFilename	Zoom
ProductName	Zoom
ProductVersion (#2)	5,8,1,1435

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Oct-09 06:41:24
Version	`0.0`
SizeofData	`103`
AddressOfRawData	`0x1a03c`
PointerToRawData	`0x18a3c`
Referenced File	c:\jenkins\workspace\Client\Client\Windows\release-64\Bin\X64\Release\Zoom.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Oct-09 06:41:24
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1a0a4`
PointerToRawData	`0x18aa4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Oct-09 06:41:24
Version	`0.0`
SizeofData	`920`
AddressOfRawData	`0x1a0b8`
PointerToRawData	`0x18ab8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Oct-09 06:41:24
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x14001a470`
EndAddressOfRawData	`0x14001a478`
AddressOfIndex	`0x140023784`
AddressOfCallbacks	`0x140014db0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x130`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140021010`
GuardCFCheckFunctionPointer	`5368794376`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xd674170`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
Imports (VS 2015/2017/2019 runtime 28920)	`6`
C++ objects (VS 2015/2017/2019 runtime 28920)	`32`
C objects (VS 2015/2017/2019 runtime 28920)	`10`
ASM objects (VS 2015/2017/2019 runtime 28920)	`4`
C objects (26715)	`1`
262 (26715)	`1`
Imports (VS2019 Update 6 (16.6.0) compiler 28805)	`2`
Imports (26715)	`24`
Imports (VS2019 Update 7 (16.7.1) compiler 29111)	`15`
Total imports	`490`
264 (VS2019 Update 7 (16.7.1) compiler 29111)	`14`
Resource objects (VS2019 Update 7 (16.7.1) compiler 29111)	`1`
151	`1`
Linker (VS2019 Update 7 (16.7.1) compiler 29111)	`1`

bf0183429711b72380569cd7cbe91b5c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors