Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2022-Oct-02 06:48:01 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
D:\Jenkins\.jenkins\workspace\master_lu\lds_install_and_uninstall\install_and_uninstall\Uninstall\Release\Uninstall.pdb
|
FileDescription | 鲁大师卸载程序 |
FileVersion | 8.1022.6150.928 |
InternalName | uninst.exe |
LegalCopyright | Copyright (C) 2011-2022 www.ludashi.com |
OriginalFilename | uninst.exe |
ProductName | 鲁大师 |
ProductVersion | 8.1022.6150.928 |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0 MASM/TASM - sig2(h) MASM/TASM - sig1(h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to Blowfish Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Chengdu Qilu Technology Co. Ltd.
Issuer: DigiCert SHA2 Assured ID Code Signing CA |
Malicious | VirusTotal score: 8/71 (Scanned on 2022-10-26 13:53:51) |
Cylance:
Unsafe
K7AntiVirus: Adware ( 0058a1a01 ) K7GW: Adware ( 0058a1a01 ) ESET-NOD32: a variant of Win32/Qihoo360.O potentially unwanted Avast: Win32:Malware-gen Sophos: Qihoo 360-related low reputation certificate (PUA) Fortinet: Riskware/Qihoo360 AVG: Win32:Malware-gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x140 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2022-Oct-02 06:48:01 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x12c600 |
SizeOfInitializedData | 0xa3200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000689B0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x12e000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x1d7000 |
SizeOfHeaders | 0x400 |
Checksum | 0x1df532 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
lstrcmpiW
LoadLibraryExW GetSystemDirectoryW SetCurrentDirectoryW GetCurrentDirectoryW SwitchToThread DosDateTimeToFileTime LocalFileTimeToFileTime DebugBreak InterlockedDecrement InterlockedIncrement DecodePointer CopyFileW GetTempPathW GetPrivateProfileIntW Sleep WritePrivateProfileStringW MoveFileExW FindNextFileW FindFirstFileW GetFileAttributesW SetFileAttributesW GetFullPathNameW GetTempFileNameW GetPrivateProfileStringW GetStartupInfoW CreateProcessW lstrlenW FindClose GetVersion WideCharToMultiByte DeleteFileW GetCurrentProcess GetModuleHandleW GetTickCount InitializeCriticalSectionAndSpinCount SetLastError GetCurrentThreadId RaiseException MultiByteToWideChar ReadFile GetFileSize UnlockFile FormatMessageW ReleaseMutex WriteConsoleW SetFilePointerEx ReadConsoleW SetStdHandle WaitForSingleObjectEx OutputDebugStringA SetConsoleCtrlHandler SetEnvironmentVariableW SetEnvironmentVariableA FreeEnvironmentStringsW GetEnvironmentStringsW LockFile GetCommandLineA GetCPInfo GetOEMCP IsValidCodePage FindFirstFileExW FindFirstFileExA GetConsoleMode GetConsoleCP EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetLocaleInfoW LCMapStringW CompareStringW GetTimeFormatW MulDiv Process32NextW Process32FirstW CreateToolhelp32Snapshot GlobalFindAtomW CreateMutexW GlobalDeleteAtom GetCurrentProcessId OpenProcess GetLongPathNameW GlobalFree GlobalUnlock GlobalLock GlobalAlloc FindResourceExW FindResourceW GetModuleFileNameW LoadLibraryW CreateEventW SizeofResource LoadResource WaitForMultipleObjects WaitForSingleObject SetEvent DeleteCriticalSection LeaveCriticalSection EnterCriticalSection InitializeCriticalSection GetProcAddress FreeLibrary LockResource GetVersionExW GetLastError GetFileAttributesExW CreateFileW CreateFileMappingW GetDateFormatW GetStringTypeW GetFileType GetCurrentThread GetACP GetModuleFileNameA ExitProcess GetTimeZoneInformation GetModuleHandleExW FreeLibraryAndExitThread ResumeThread ExitThread CreateThread TlsFree TlsSetValue TlsGetValue TlsAlloc InterlockedFlushSList RtlUnwind FindNextFileA FindFirstFileA lstrlenA GetStdHandle SetEndOfFile GetFileInformationByHandle CompareFileTime FindCloseChangeNotification FindFirstChangeNotificationW SearchPathW CreateDirectoryW SetFileTime FlushFileBuffers lstrcmpiA lstrcmpA GetSystemWindowsDirectoryW FreeResource GetSystemTimeAsFileTime UnmapViewOfFile MapViewOfFile CloseHandle QueryPerformanceCounter SetUnhandledExceptionFilter UnhandledExceptionFilter OpenFileMappingW LoadLibraryExA VirtualFree VirtualAlloc IsProcessorFeaturePresent ResetEvent FlushInstructionCache InterlockedPushEntrySList InterlockedPopEntrySList InitializeSListHead EncodePointer OutputDebugStringW IsDebuggerPresent GetDiskFreeSpaceExW GetDriveTypeW GetLogicalDriveStringsW DeviceIoControl GetShortPathNameW InterlockedCompareExchange InterlockedExchange LocalFree LocalAlloc ExpandEnvironmentStringsW GetLocalTime GetFileSizeEx MoveFileW RemoveDirectoryW GetWindowsDirectoryW DeleteFileA CreateFileA GetTempFileNameA GetTempPathA WriteFile GetExitCodeProcess TerminateProcess SetFilePointer GetProcessHeap HeapSize HeapFree HeapReAlloc HeapAlloc GetCommandLineW HeapDestroy |
---|---|
USER32.dll |
IsWindow
PostMessageW GetWindowThreadProcessId FindWindowExW SetForegroundWindow IsIconic ShowWindow GetWindowTextW GetClassInfoExW SendMessageW ReleaseDC SetRect RegisterClassExW UnregisterClassW CallWindowProcW SetCursor OffsetRect LoadCursorW PtInRect CopyRect DrawFocusRect BeginPaint EndPaint IsRectEmpty GetDC KillTimer SetTimer wsprintfW IsWindowVisible CreateWindowExW CharNextW PeekMessageW DispatchMessageW TranslateMessage GetMessageW FindWindowW InvalidateRect GetMonitorInfoW MonitorFromWindow LoadImageW GetWindow MapWindowPoints ScreenToClient SetWindowTextW GetSystemMetrics MoveWindow DestroyWindow PostQuitMessage RedrawWindow GetWindowTextLengthW DrawTextW SendNotifyMessageW RegisterWindowMessageW GetShellWindow WaitForInputIdle SystemParametersInfoW SetWindowRgn SetWindowPos BringWindowToTop DialogBoxParamW EndDialog LoadStringW IsDialogMessageW SendMessageTimeoutW UnregisterClassA UpdateLayeredWindow GetParent SetWindowLongW GetWindowLongW GetWindowRect GetClientRect DefWindowProcW |
GDI32.dll |
CreateFontW
DeleteObject EnumFontFamiliesW CreateFontIndirectW GetDeviceCaps GetTextExtentPoint32W DeleteDC SetBkColor ExtTextOutW BitBlt CreateCompatibleBitmap CreateCompatibleDC SetViewportOrgEx CombineRgn CreateRectRgn SetBkMode SetTextColor RestoreDC SaveDC SelectObject |
ADVAPI32.dll |
CryptImportKey
QueryServiceConfigW OpenServiceW OpenSCManagerW LockServiceDatabase DeleteService CreateServiceW ControlService CloseServiceHandle ChangeServiceConfig2W ChangeServiceConfigW RegSetValueExW RegQueryInfoKeyW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegQueryValueExW RegOpenKeyExW RegEnumValueW RegCloseKey DuplicateTokenEx LookupPrivilegeValueW AdjustTokenPrivileges OpenProcessToken QueryServiceLockStatusW CryptContextAddRef CryptDecrypt CryptEncrypt QueryServiceConfig2W CryptGenRandom CryptSetKeyParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW RegQueryValueExA RegOpenKeyExA RegEnumKeyExA GetTokenInformation QueryServiceStatus GetUserNameW UnlockServiceDatabase StartServiceW QueryServiceStatusEx |
SHELL32.dll |
SHFileOperationW
SHGetSpecialFolderLocation ShellExecuteExW SHGetFolderPathW CommandLineToArgvW SHGetSpecialFolderPathW SHCreateDirectoryExW #165 SHGetPathFromIDListW ShellExecuteW |
ole32.dll |
CoInitializeEx
CoInitializeSecurity StringFromGUID2 OleRun CoCreateGuid CoInitialize CoTaskMemFree CoTaskMemRealloc CoSetProxyBlanket CoTaskMemAlloc CoCreateInstance CoUninitialize CreateStreamOnHGlobal |
OLEAUT32.dll |
VariantCopy
SetErrorInfo VariantChangeType GetErrorInfo VariantInit SysStringLen VariantClear SysFreeString SysAllocStringByteLen SysStringByteLen SysAllocString VarUI4FromStr CreateErrorInfo |
SHLWAPI.dll |
StrCmpNIW
StrTrimA StrStrIW StrCmpIW SHGetValueA PathAppendA PathIsDirectoryW PathCombineW PathFileExistsW PathFindFileNameW PathRemoveFileSpecW PathAppendW StrCmpW StrStrIA StrToIntExW SHGetValueW PathFindExtensionW PathIsRelativeW PathIsRootW SHSetValueA AssocQueryStringW SHSetValueW PathUnquoteSpacesW PathFindFileNameA PathRenameExtensionA SHDeleteValueW PathIsPrefixW SHDeleteKeyW wnsprintfW |
COMCTL32.dll |
_TrackMouseEvent
InitCommonControlsEx |
gdiplus.dll |
GdipCloneBrush
GdipDrawImagePointRectI GdipSetStringFormatTrimming GdipSetStringFormatLineAlign GdiplusStartup GdiplusShutdown GdipAlloc GdipFree GdipCloneImage GdipDisposeImage GdipGetImageWidth GdipGetImageHeight GdipCreateBitmapFromFile GdipCreateBitmapFromStreamICM GdipCreateBitmapFromFileICM GdipCreateFromHDC GdipDeleteGraphics GdipDrawImageRectRect GdipDrawImageRectRectI GdipSetStringFormatAlign GdipSetStringFormatFlags GdipDeleteStringFormat GdipCreateStringFormat GdipMeasureString GdipDrawString GdipCreateBitmapFromStream GdipDeleteBrush GdipCreateSolidFill GdipCreateImageAttributes GdipDisposeImageAttributes GdipSetImageAttributesColorMatrix GdipSetTextRenderingHint GdipCreateFontFamilyFromName GdipDeleteFontFamily GdipCreateFont GdipDeleteFont |
VERSION.dll |
GetFileVersionInfoW
VerQueryValueW GetFileVersionInfoSizeW |
PSAPI.DLL |
EnumProcesses
GetModuleFileNameExW |
IPHLPAPI.DLL |
GetAdaptersInfo
|
WININET.dll |
InternetGetConnectedState
|
urlmon.dll |
URLDownloadToFileW
URLDownloadToCacheFileW |
SETUPAPI.dll |
SetupIterateCabinetW
|
Secur32.dll |
GetUserNameExW
|
CRYPT32.dll |
CryptStringToBinaryW
CryptStringToBinaryA CertGetNameStringW CryptBinaryToStringA CryptBinaryToStringW |
WINTRUST.dll |
WinVerifyTrust
WTHelperProvDataFromStateData |
Cabinet.dll |
#23
#22 #20 |
鲁大师 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 8.1022.6150.928 |
ProductVersion | 8.1022.6150.928 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | Chinese - PRC |
FileDescription | 鲁大师卸载程序 |
FileVersion (#2) | 8.1022.6150.928 |
InternalName | uninst.exe |
LegalCopyright | Copyright (C) 2011-2022 www.ludashi.com |
OriginalFilename | uninst.exe |
ProductName | 鲁大师 |
ProductVersion (#2) | 8.1022.6150.928 |
Resource LangID | Chinese - PRC |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-Oct-02 06:48:01 |
Version | 0.0 |
SizeofData | 144 |
AddressOfRawData | 0x156c64 |
PointerToRawData | 0x155664 |
Referenced File | D:\Jenkins\.jenkins\workspace\master_lu\lds_install_and_uninstall\install_and_uninstall\Uninstall\Release\Uninstall.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-Oct-02 06:48:01 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x156cf4 |
PointerToRawData | 0x1556f4 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-Oct-02 06:48:01 |
Version | 0.0 |
SizeofData | 968 |
AddressOfRawData | 0x156d08 |
PointerToRawData | 0x155708 |
StartAddressOfRawData | 0x5570e0 |
---|---|
EndAddressOfRawData | 0x5570e8 |
AddressOfIndex | 0x5773ec |
AddressOfCallbacks | 0x52e8d0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x56f594 |
SEHandlerTable | 0x555b60 |
SEHandlerCount | 1089 |
XOR Key | 0x5f92cad3 |
---|---|
Unmarked objects | 0 |
241 (40116) | 18 |
243 (40116) | 170 |
242 (40116) | 31 |
C++ objects (VS2017 v15.9.14-15 compiler 27032) | 6 |
C objects (LTCG) (VS2017 v15.9.12-13 compiler 27031) | 2 |
Unmarked objects (#2) | 1 |
C++ objects (VS2017 v15.7.5 compiler 26433) | 21 |
199 (41118) | 3 |
ASM objects (VS 2015/2017 runtime 26706) | 25 |
C objects (VS 2015/2017 runtime 26706) | 35 |
C++ objects (VS 2015/2017 runtime 26706) | 77 |
C objects (VS2008 SP1 build 30729) | 6 |
Imports (VS2008 SP1 build 30729) | 41 |
Total imports | 454 |
C objects (VS2017 v15.9.12-13 compiler 27031) | 1 |
C++ objects (VS2017 v15.9.12-13 compiler 27031) | 91 |
Resource objects (VS2017 v15.9.12-13 compiler 27031) | 1 |
151 | 2 |
Linker (VS2017 v15.9.12-13 compiler 27031) | 1 |