Manalyze report for d0f61bd6547b478e30550b0fc84b74c1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-May-25 09:00:00
Detected languages	Chinese - PRC English - United States
Debug artifacts	D:\Jenkins\.jenkins\workspace\master_lu\diagnosetools\tcp_connecter\Release\DiagnoseTools.pdb
FileVersion	`1.5022.1005.520`
InternalName	DiagnoseTools.exe
LegalCopyright	版权所有 (C) 2008-2022
OriginalFilename	DiagnoseTools.exe
ProductName	DiagnoseTools
ProductVersion	`1.5022.1005.520`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: diagnosis.ludashi.com http://s.ludashi.com http://s.ludashi.com/url2?pid https://diagnosis.ludashi.com https://diagnosis.ludashi.com/api/debug/report https://www.openssl.org https://www.openssl.org/docs/faq.html ludashi.com openssl.org s.ludashi.com www.openssl.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryW GetProcAddress LoadLibraryExA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegEnumKeyExA RegQueryValueExW RegSetValueExW RegQueryInfoKeyW RegOpenKeyExW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegCloseKey SHGetValueA` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDecrypt CryptAcquireContextW CryptReleaseContext CryptDestroyKey CryptGenRandom` `Can create temporary files: GetTempPathW CreateFileW CreateFileA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetGetConnectedState URLDownloadToFileW URLDownloadToCacheFileW` `Leverages the raw socket API to access the Internet: __WSAFDIsSet accept bind closesocket connect ioctlsocket getpeername getsockname getsockopt htonl htons listen ntohl ntohs select setsockopt shutdown WSASetLastError WSACleanup send recv WSAGetLastError WSAIoctl WSARecv WSASend WSASocketW WSAAddressToStringW getaddrinfo freeaddrinfo WSAStartup` `Functions related to the privilege level: DuplicateTokenEx AdjustTokenPrivileges OpenProcessToken` `Manipulates other processes: OpenProcess` `Interacts with the certificate store: CertOpenStore`
Info	The PE is digitally signed.	`Signer: Chengdu Qilu Technology Co. Ltd.` `Issuer: DigiCert SHA2 Assured ID Code Signing CA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`d0f61bd6547b478e30550b0fc84b74c1`
SHA1	`dcec47431492bc6c03606104d14fa110d6339904`
SHA256	`c5f134e549719539194deb350b36b828da3d54770b60d6f835134270436a4cea`
SHA3	`7238d0508dc76a8d5beeae05ac2d9d7a098d1526251308a7c16f2b6aa3be23de`
SSDeep	`49152:dW3LMS0xyq5gwuyvCtsiwf8KP/XVIT3H8HsDJYlC:WP0RKK6uygXV6Hj`
Imports Hash	`5be19f73b3a2173fda99cbc123ca047c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2022-May-25 09:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x165c00`
SizeOfInitializedData	`0xf3e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000667FD (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x167000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x25d000`
SizeOfHeaders	`0x400`
Checksum	`0x259da1`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0b3ce96cd440bca2f29605f9e60259eb`
SHA1	`abe43542d5815329143361ecafe0bfffb28f39b6`
SHA256	`db41bfb6682a7d338e6030195ddf7d21e2af83433297e7785b7776adb78309af`
SHA3	`3aa01faab2b628a8d0141739814a9d6b8057c8637b7d55d54786040b74a75177`
VirtualSize	`0x165bf6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x165c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63937`

.rdata

MD5	`7b9e1ae578793add0ca68549ce870408`
SHA1	`2a2fc5ff940d14c71602b662039d823776ac1c17`
SHA256	`53c64857022d383c579a72a9caae9e5db36be23db97c41d84370b533c19e815b`
SHA3	`22c287c200ab895a67e94c798db18465c60249e590e02d9f97cea1ccff7fcc3e`
VirtualSize	`0x7e4de`
VirtualAddress	`0x167000`
SizeOfRawData	`0x7e600`
PointerToRawData	`0x166000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.65057`

.data

MD5	`41dc5b68d6cc8cecb8efe9f1cdc0e28e`
SHA1	`7f999d14590960056a3097e1148f785991688e7a`
SHA256	`fd139af41edfb801b4acb1d7d10234c001a965ec328b19f119f79408dca21ff3`
SHA3	`bc45dbe41df23fad59ad0b620a12882d23bc1dbbb0a42885a96b0ad93d4c383a`
VirtualSize	`0x119b8`
VirtualAddress	`0x1e6000`
SizeOfRawData	`0xd000`
PointerToRawData	`0x1e4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.854`

.rsrc

MD5	`445d6171eba50001afa136ca8f7aba5b`
SHA1	`36e9e421057dd5906f061ff8e91246028dc4da99`
SHA256	`5cb31bbf7a8ddcf7aa8c2445ce128aefac9b5a026e3d2f781876bb7a193f278e`
SHA3	`bef4a2dadd634b6e35b1981f82bcb8587852e2ca09445511766d4b9062f7e564`
VirtualSize	`0x4fa08`
VirtualAddress	`0x1f8000`
SizeOfRawData	`0x4fc00`
PointerToRawData	`0x1f1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.03893`

.reloc

MD5	`8aad5135555034bd57eefbb3553190a9`
SHA1	`7d8f842989284e771c0dfdedecabb2ed6dc26578`
SHA256	`7b7e10f53d6cfbaeeee806c851d721bc640c8766d55ac477174cc40caafafe3d`
SHA3	`eda682895e5bc8dcf49938be7db0233104a2a0c32f80c712842a3f615e2f6f9f`
VirtualSize	`0x14180`
VirtualAddress	`0x248000`
SizeOfRawData	`0x14200`
PointerToRawData	`0x241200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63149`

Imports

KERNEL32.dll	`CreateMutexW` `OpenProcess` `TerminateProcess` `GetTickCount` `GetPrivateProfileStringW` `WritePrivateProfileStringW` `CopyFileW` `VerSetConditionMask` `InterlockedCompareExchange` `CreateIoCompletionPort` `GetQueuedCompletionStatus` `TlsGetValue` `TlsSetValue` `SleepEx` `CreateWaitableTimerW` `SetWaitableTimer` `GetModuleHandleA` `VerifyVersionInfoW` `WideCharToMultiByte` `CreateEventW` `IsBadReadPtr` `GetModuleHandleW` `LoadLibraryExW` `LoadLibraryW` `TlsFree` `TlsAlloc` `lstrcmpiW` `FormatMessageA` `Sleep` `WaitForMultipleObjects` `SetEvent` `QueueUserAPC` `PostQueuedCompletionStatus` `SetLastError` `TerminateThread` `SetUnhandledExceptionFilter` `GetCurrentProcessId` `GetCurrentProcess` `VirtualProtect` `LocalFree` `GetProcAddress` `FreeLibrary` `InterlockedExchangeAdd` `InterlockedExchange` `InterlockedDecrement` `InterlockedIncrement` `DeleteFileW` `GetTempPathW` `CreateFileMappingW` `UnmapViewOfFile` `MapViewOfFile` `CloseHandle` `WaitForSingleObject` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `GetCurrentThreadId` `MultiByteToWideChar` `GetSystemWindowsDirectoryW` `FreeResource` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `IsValidCodePage` `FindFirstFileExW` `WriteConsoleW` `SetStdHandle` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `FindResourceExW` `FindResourceW` `GetTimeFormatW` `GetDateFormatW` `GetACP` `ExitProcess` `GetTimeZoneInformation` `GetConsoleCP` `SetFilePointerEx` `SetConsoleCtrlHandler` `GetFileAttributesExW` `GetModuleHandleExW` `ExitThread` `RtlUnwind` `CreateTimerQueue` `UnregisterWaitEx` `QueryDepthSList` `InterlockedFlushSList` `ReleaseSemaphore` `DuplicateHandle` `FreeLibraryAndExitThread` `GetThreadTimes` `GetCurrentThread` `UnregisterWait` `RegisterWaitForSingleObject` `SetThreadAffinityMask` `GetProcessAffinityMask` `GetModuleFileNameW` `SizeofResource` `LoadResource` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `GetLastError` `RaiseException` `GetProcessHeap` `HeapSize` `HeapFree` `HeapReAlloc` `HeapAlloc` `HeapDestroy` `GetNumaHighestNodeNumber` `DeleteTimerQueueTimer` `ChangeTimerQueueTimer` `CreateTimerQueueTimer` `GetLogicalProcessorInformation` `GetThreadPriority` `LockResource` `DecodePointer` `SetThreadPriority` `CreateThread` `SignalObjectAndWait` `IsDebuggerPresent` `OutputDebugStringW` `EncodePointer` `InitializeSListHead` `InterlockedPopEntrySList` `InterlockedPushEntrySList` `FlushInstructionCache` `IsProcessorFeaturePresent` `VirtualAlloc` `VirtualFree` `LoadLibraryExA` `GetStringTypeW` `FormatMessageW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `TryEnterCriticalSection` `SwitchToThread` `GetSystemTimeAsFileTime` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetCPInfo` `ReleaseMutex` `GetFileSize` `WriteFile` `ReadFile` `FlushFileBuffers` `CreateFileW` `UnhandledExceptionFilter` `WaitForSingleObjectEx` `GetStartupInfoW` `GetFileSizeEx` `FindClose` `FindFirstFileW` `FindNextFileW` `SetFileTime` `GetSystemDirectoryW` `CreateDirectoryW` `SetFileAttributesW` `SetEndOfFile` `SetFilePointer` `GetStdHandle` `GetVersionExW` `OpenFileMappingW` `DeviceIoControl` `lstrcmpA` `lstrcmpiA` `CreateFileA` `GetFileType` `DeleteFiber` `ConvertFiberToThread` `GlobalMemoryStatus` `GetEnvironmentVariableW` `GetConsoleMode` `ReadConsoleA` `ReadConsoleW` `SetConsoleMode`
USER32.dll	`CreateWindowExW` `SetWindowLongW` `LoadCursorW` `ShowWindow` `DestroyWindow` `GetClassInfoExW` `RegisterClassExW` `DefWindowProcW` `DispatchMessageW` `TranslateMessage` `GetMessageW` `PostMessageW` `PostQuitMessage` `CallWindowProcW` `IsWindow` `KillTimer` `SetWindowTextW` `GetWindowLongW` `GetShellWindow` `UnregisterClassW` `CharNextW` `PeekMessageW` `wsprintfW` `GetProcessWindowStation` `GetUserObjectInformationW` `MessageBoxW` `GetWindowThreadProcessId`
ADVAPI32.dll	`CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `CryptCreateHash` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `RegQueryValueExA` `RegOpenKeyExA` `RegEnumKeyExA` `RegQueryValueExW` `CryptDecrypt` `DuplicateTokenEx` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `GetTokenInformation` `OpenProcessToken` `RegSetValueExW` `RegQueryInfoKeyW` `RegOpenKeyExW` `RegEnumKeyExW` `RegDeleteValueW` `RegDeleteKeyW` `RegCreateKeyExW` `RegCloseKey` `CryptAcquireContextW` `CryptReleaseContext` `CryptDestroyKey` `CryptGenRandom`
SHELL32.dll	`SHCreateDirectoryExW` `ShellExecuteExW` `SHFileOperationW` `#165`
ole32.dll	`CoTaskMemRealloc` `CoTaskMemAlloc` `CoCreateInstance` `CoUninitialize` `CoInitialize` `CoCreateGuid` `CoTaskMemFree`
OLEAUT32.dll	`VarUI4FromStr` `SysAllocString` `VariantClear`
SHLWAPI.dll	`PathIsDirectoryW` `StrStrIA` `StrStrIW` `StrCmpNIW` `StrCmpIW` `SHSetValueA` `PathAppendW` `SHGetValueA` `PathRemoveFileSpecW` `PathFileExistsW` `PathCombineW` `StrTrimA`
COMCTL32.dll	`InitCommonControlsEx`
WS2_32.dll	`__WSAFDIsSet` `accept` `bind` `closesocket` `connect` `ioctlsocket` `getpeername` `getsockname` `getsockopt` `htonl` `htons` `listen` `ntohl` `ntohs` `select` `setsockopt` `shutdown` `WSASetLastError` `WSACleanup` `send` `recv` `WSAGetLastError` `WSAIoctl` `WSARecv` `WSASend` `WSASocketW` `WSAAddressToStringW` `getaddrinfo` `freeaddrinfo` `WSAStartup`
CRYPT32.dll	`CertGetNameStringW` `CertCloseStore` `CertOpenStore` `CertEnumCertificatesInStore` `CertFindCertificateInStore` `CertDuplicateCertificateContext` `CertFreeCertificateContext` `CertGetCertificateContextProperty`
VERSION.dll	`GetFileVersionInfoW` `VerQueryValueW` `GetFileVersionInfoSizeW`
WININET.dll	`InternetGetConnectedState`
IPHLPAPI.DLL	`GetAdaptersInfo`
WINTRUST.dll	`WTHelperProvDataFromStateData` `WinVerifyTrust`
urlmon.dll	`URLDownloadToFileW` `URLDownloadToCacheFileW`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88245`
MD5	`d6b160f1714692d7ff93c5d2c8f16188`
SHA1	`06b56b83f0ca12dc1f97d24fb3a8fa08f88ec762`
SHA256	`fd9800d6e04acd11edd4831bceda8553246ccab7d3be80dfccc318897f44f4e0`
SHA3	`aa7cc9693104a843293e34c84294f4dfc6639d07889886c8b88a0d4c580bab50`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13746`
MD5	`6bce26a4a483a0669958241a7c4da565`
SHA1	`4f9a012744f4df5ab03c8b777fe12a8fe7dda09d`
SHA256	`80d077ebba5312794b326b9e61279724761deafc35043ef3976a8f36232bd320`
SHA3	`3e3a1c9fdc5ecd320e708518e521e2b12eef53d8179729435d2e597aedd15c2f`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09062`
MD5	`afedf0f0feefbe048776decacf9e0a17`
SHA1	`6d8aca889e283ded4e7fcdd7218c1972c89366e4`
SHA256	`c0c45fe59de5cef7000e8b5a7ec51a3d7f0c67400df7ec8c40a28b4a8f162122`
SHA3	`321ef7e647dcc726fcebd214e9fd88fbd9b666d6efa9712a3b15cb2621454b7a`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88621`
MD5	`3335686a4369409ebf69c58cbb61afd5`
SHA1	`90cd01ae09b87df0e5930113a16d68e421138a7c`
SHA256	`d3d2ce2f799dd5108b862904bff321b0988b8f4c33c91bc92d5972220c5148be`
SHA3	`ae54ea255fbeb91bfdfe0255a90c956587ec188634929ade20ce869589d524cf`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03399`
MD5	`aa6d04054d52f8a4a567a991e2b43a3b`
SHA1	`b885454935f0097704b2f512ee3c8c9f5406974a`
SHA256	`e5fc70d647050d6a8f45dbf366b62371524fbcffe58388b6f08a14fda7a60ff6`
SHA3	`7a07229ace8ea19ed00e22c651e61a0df6f8f4c77310657bba8dcabf5b443347`

6

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.76987`
MD5	`0882990e685e60b7226e54edc7ec3163`
SHA1	`2515d6076486bc00b167b54750fc70c83c823558`
SHA256	`e7d83566f34f22c4cf69bf7ec435da6eafe04f268d759f4302b849b241639322`
SHA3	`5778de2d3212a23a62664e6710b0ab4f33ea2f18d9e65db111f892f574fffa3a`

7

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0323`
MD5	`6ff4f94fe20b832ef43f55009965b9cf`
SHA1	`f33650c9c385e0fbecc73b3411078d60a5f32b60`
SHA256	`6f8c00260dba8d0276013a099e0ba4d3772c3200ea004980b9625db72fa4056b`
SHA3	`7d96ea6a9c90cca5929fd7e89cd08b30c375b1684372f9d24008b476cee36299`

8

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62261`
MD5	`d77fbd523c273e96543066ff2405f986`
SHA1	`a351908dbbcac55efc00b501c72fb726b13998ee`
SHA256	`88f847fd128a1b28cf0ff67067e8e7ce45d4b647c27704b78ed1c044e2fcf416`
SHA3	`2e49b5edd26ca17c76d9016e042e3e6687bff24bbe98fc4cf35f570c4c7b5548`

9

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88245`
MD5	`d6b160f1714692d7ff93c5d2c8f16188`
SHA1	`06b56b83f0ca12dc1f97d24fb3a8fa08f88ec762`
SHA256	`fd9800d6e04acd11edd4831bceda8553246ccab7d3be80dfccc318897f44f4e0`
SHA3	`aa7cc9693104a843293e34c84294f4dfc6639d07889886c8b88a0d4c580bab50`

10

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13746`
MD5	`6bce26a4a483a0669958241a7c4da565`
SHA1	`4f9a012744f4df5ab03c8b777fe12a8fe7dda09d`
SHA256	`80d077ebba5312794b326b9e61279724761deafc35043ef3976a8f36232bd320`
SHA3	`3e3a1c9fdc5ecd320e708518e521e2b12eef53d8179729435d2e597aedd15c2f`

11

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.09062`
MD5	`afedf0f0feefbe048776decacf9e0a17`
SHA1	`6d8aca889e283ded4e7fcdd7218c1972c89366e4`
SHA256	`c0c45fe59de5cef7000e8b5a7ec51a3d7f0c67400df7ec8c40a28b4a8f162122`
SHA3	`321ef7e647dcc726fcebd214e9fd88fbd9b666d6efa9712a3b15cb2621454b7a`

12

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.88621`
MD5	`3335686a4369409ebf69c58cbb61afd5`
SHA1	`90cd01ae09b87df0e5930113a16d68e421138a7c`
SHA256	`d3d2ce2f799dd5108b862904bff321b0988b8f4c33c91bc92d5972220c5148be`
SHA3	`ae54ea255fbeb91bfdfe0255a90c956587ec188634929ade20ce869589d524cf`

13

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.03399`
MD5	`aa6d04054d52f8a4a567a991e2b43a3b`
SHA1	`b885454935f0097704b2f512ee3c8c9f5406974a`
SHA256	`e5fc70d647050d6a8f45dbf366b62371524fbcffe58388b6f08a14fda7a60ff6`
SHA3	`7a07229ace8ea19ed00e22c651e61a0df6f8f4c77310657bba8dcabf5b443347`

14

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.76987`
MD5	`0882990e685e60b7226e54edc7ec3163`
SHA1	`2515d6076486bc00b167b54750fc70c83c823558`
SHA256	`e7d83566f34f22c4cf69bf7ec435da6eafe04f268d759f4302b849b241639322`
SHA3	`5778de2d3212a23a62664e6710b0ab4f33ea2f18d9e65db111f892f574fffa3a`

15

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0323`
MD5	`6ff4f94fe20b832ef43f55009965b9cf`
SHA1	`f33650c9c385e0fbecc73b3411078d60a5f32b60`
SHA256	`6f8c00260dba8d0276013a099e0ba4d3772c3200ea004980b9625db72fa4056b`
SHA3	`7d96ea6a9c90cca5929fd7e89cd08b30c375b1684372f9d24008b476cee36299`

16

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62261`
MD5	`d77fbd523c273e96543066ff2405f986`
SHA1	`a351908dbbcac55efc00b501c72fb726b13998ee`
SHA256	`88f847fd128a1b28cf0ff67067e8e7ce45d4b647c27704b78ed1c044e2fcf416`
SHA3	`2e49b5edd26ca17c76d9016e042e3e6687bff24bbe98fc4cf35f570c4c7b5548`

103

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32071`
MD5	`e244266649435e064fc451944e95d6b8`
SHA1	`4606ea281dfec923d8ff635da3498ffdf6135856`
SHA256	`78f9c8e87d75bbdf22de8a85d697ca1a9c54330570d7774b6ec04f7faff30c97`
SHA3	`3071a2edaa08e05fc3ac2c76440978e17e1a90e2a8e2292bd3a31512e1361e15`

128

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06388`
Detected Filetype	Icon file
MD5	`111a78da3cf9fa241bfd4bb4668051d1`
SHA1	`fa928b4443be40518655f7c2f90571620cfcbed2`
SHA256	`61702d4411f0861317b110d96855d77f33b85c370962b5d9b9325cecdfb81a65`
SHA3	`f36f5f23a6fc8cedb547983cf2694d173bd310f40b0864e1af676cd8ac4c123d`

132

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.1007`
Detected Filetype	Icon file
MD5	`7b1585d8fbf540c5c1f24674ab130850`
SHA1	`9526202ed0be3ed1b3a3868c11de54b8f8f9bf9c`
SHA256	`3a968e8e4c5c5d90163067ccc50c587dc55ce75e7733ae1bcfbe37c1c1f3d98f`
SHA3	`116ff31e8433081032821ff665bacbd116fc168e91f3af4d2e88905455ee2759`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x278`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.55241`
MD5	`fc8a58880fa0d56c7ba87308d6484cb6`
SHA1	`f11f8f4a1a1def863268c733bb5e08001443d9b9`
SHA256	`368ec569e8f9baa76847248b889dd884c7785b2c3888c3a44ec76f5be1df75ab`
SHA3	`a889f57f4bc78668c3cf37b2817613389de2aeb7eb21f73b87424430aa5e80bd`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.5022.1005.520
ProductVersion	1.5022.1005.520
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
FileVersion (#2)	1.5022.1005.520
InternalName	DiagnoseTools.exe
LegalCopyright	版权所有 (C) 2008-2022
OriginalFilename	DiagnoseTools.exe
ProductName	DiagnoseTools
ProductVersion (#2)	1.5022.1005.520

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-May-25 09:00:00
Version	`0.0`
SizeofData	`118`
AddressOfRawData	`0x1d63b4`
PointerToRawData	`0x1d53b4`
Referenced File	D:\Jenkins\.jenkins\workspace\master_lu\diagnosetools\tcp_connecter\Release\DiagnoseTools.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-May-25 09:00:00
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1d642c`
PointerToRawData	`0x1d542c`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-May-25 09:00:00
Version	`0.0`
SizeofData	`972`
AddressOfRawData	`0x1d6440`
PointerToRawData	`0x1d5440`

TLS Callbacks

StartAddressOfRawData	`0x5d681c`
EndAddressOfRawData	`0x5d6824`
AddressOfIndex	`0x5f3edc`
AddressOfCallbacks	`0x5676a0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x5e7330`
SEHandlerTable	`0x5d5980`
SEHandlerCount	`653`

RICH Header

XOR Key	`0x4ad27020`
Unmarked objects	`0`
241 (40116)	`23`
243 (40116)	`180`
242 (40116)	`31`
C objects (VS2017 v15.2 compiler 25019)	`459`
C++ objects (VS2017 v15.7.5 compiler 26433)	`21`
ASM objects (VS 2015/2017 runtime 26706)	`25`
C++ objects (VS2017 v15.9.14-15 compiler 27032)	`6`
C objects (VS 2015/2017 runtime 26706)	`36`
C++ objects (VS 2015/2017 runtime 26706)	`132`
C objects (VS2008 SP1 build 30729)	`3`
Imports (VS2008 SP1 build 30729)	`31`
Total imports	`370`
C++ objects (VS2017 v15.9.12-13 compiler 27031)	`33`
Resource objects (VS2017 v15.9.12-13 compiler 27031)	`1`
151	`1`
Linker (VS2017 v15.9.12-13 compiler 27031)	`1`

d0f61bd6547b478e30550b0fc84b74c1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

103

128

132

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors