Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2022-May-25 09:00:00 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
D:\Jenkins\.jenkins\workspace\master_lu\diagnosetools\tcp_connecter\Release\DiagnoseTools.pdb
|
FileVersion | 1.5022.1005.520 |
InternalName | DiagnoseTools.exe |
LegalCopyright | 版权所有 (C) 2008-2022 |
OriginalFilename | DiagnoseTools.exe |
ProductName | DiagnoseTools |
ProductVersion | 1.5022.1005.520 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Chengdu Qilu Technology Co. Ltd.
Issuer: DigiCert SHA2 Assured ID Code Signing CA |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x128 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2022-May-25 09:00:00 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x165c00 |
SizeOfInitializedData | 0xf3e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000667FD (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x167000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x25d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x259da1 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CreateMutexW
OpenProcess TerminateProcess GetTickCount GetPrivateProfileStringW WritePrivateProfileStringW CopyFileW VerSetConditionMask InterlockedCompareExchange CreateIoCompletionPort GetQueuedCompletionStatus TlsGetValue TlsSetValue SleepEx CreateWaitableTimerW SetWaitableTimer GetModuleHandleA VerifyVersionInfoW WideCharToMultiByte CreateEventW IsBadReadPtr GetModuleHandleW LoadLibraryExW LoadLibraryW TlsFree TlsAlloc lstrcmpiW FormatMessageA Sleep WaitForMultipleObjects SetEvent QueueUserAPC PostQueuedCompletionStatus SetLastError TerminateThread SetUnhandledExceptionFilter GetCurrentProcessId GetCurrentProcess VirtualProtect LocalFree GetProcAddress FreeLibrary InterlockedExchangeAdd InterlockedExchange InterlockedDecrement InterlockedIncrement DeleteFileW GetTempPathW CreateFileMappingW UnmapViewOfFile MapViewOfFile CloseHandle WaitForSingleObject LeaveCriticalSection EnterCriticalSection InitializeCriticalSection GetCurrentThreadId MultiByteToWideChar GetSystemWindowsDirectoryW FreeResource SetEnvironmentVariableA FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP IsValidCodePage FindFirstFileExW WriteConsoleW SetStdHandle EnumSystemLocalesW GetUserDefaultLCID IsValidLocale FindResourceExW FindResourceW GetTimeFormatW GetDateFormatW GetACP ExitProcess GetTimeZoneInformation GetConsoleCP SetFilePointerEx SetConsoleCtrlHandler GetFileAttributesExW GetModuleHandleExW ExitThread RtlUnwind CreateTimerQueue UnregisterWaitEx QueryDepthSList InterlockedFlushSList ReleaseSemaphore DuplicateHandle FreeLibraryAndExitThread GetThreadTimes GetCurrentThread UnregisterWait RegisterWaitForSingleObject SetThreadAffinityMask GetProcessAffinityMask GetModuleFileNameW SizeofResource LoadResource DeleteCriticalSection InitializeCriticalSectionAndSpinCount GetLastError RaiseException GetProcessHeap HeapSize HeapFree HeapReAlloc HeapAlloc HeapDestroy GetNumaHighestNodeNumber DeleteTimerQueueTimer ChangeTimerQueueTimer CreateTimerQueueTimer GetLogicalProcessorInformation GetThreadPriority LockResource DecodePointer SetThreadPriority CreateThread SignalObjectAndWait IsDebuggerPresent OutputDebugStringW EncodePointer InitializeSListHead InterlockedPopEntrySList InterlockedPushEntrySList FlushInstructionCache IsProcessorFeaturePresent VirtualAlloc VirtualFree LoadLibraryExA GetStringTypeW FormatMessageW QueryPerformanceCounter QueryPerformanceFrequency TryEnterCriticalSection SwitchToThread GetSystemTimeAsFileTime CompareStringW LCMapStringW GetLocaleInfoW GetCPInfo ReleaseMutex GetFileSize WriteFile ReadFile FlushFileBuffers CreateFileW UnhandledExceptionFilter WaitForSingleObjectEx GetStartupInfoW GetFileSizeEx FindClose FindFirstFileW FindNextFileW SetFileTime GetSystemDirectoryW CreateDirectoryW SetFileAttributesW SetEndOfFile SetFilePointer GetStdHandle GetVersionExW OpenFileMappingW DeviceIoControl lstrcmpA lstrcmpiA CreateFileA GetFileType DeleteFiber ConvertFiberToThread GlobalMemoryStatus GetEnvironmentVariableW GetConsoleMode ReadConsoleA ReadConsoleW SetConsoleMode |
---|---|
USER32.dll |
CreateWindowExW
SetWindowLongW LoadCursorW ShowWindow DestroyWindow GetClassInfoExW RegisterClassExW DefWindowProcW DispatchMessageW TranslateMessage GetMessageW PostMessageW PostQuitMessage CallWindowProcW IsWindow KillTimer SetWindowTextW GetWindowLongW GetShellWindow UnregisterClassW CharNextW PeekMessageW wsprintfW GetProcessWindowStation GetUserObjectInformationW MessageBoxW GetWindowThreadProcessId |
ADVAPI32.dll |
CryptEnumProvidersW
CryptSignHashW CryptDestroyHash CryptCreateHash CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam ReportEventW RegisterEventSourceW DeregisterEventSource RegQueryValueExA RegOpenKeyExA RegEnumKeyExA RegQueryValueExW CryptDecrypt DuplicateTokenEx LookupPrivilegeValueW AdjustTokenPrivileges GetTokenInformation OpenProcessToken RegSetValueExW RegQueryInfoKeyW RegOpenKeyExW RegEnumKeyExW RegDeleteValueW RegDeleteKeyW RegCreateKeyExW RegCloseKey CryptAcquireContextW CryptReleaseContext CryptDestroyKey CryptGenRandom |
SHELL32.dll |
SHCreateDirectoryExW
ShellExecuteExW SHFileOperationW #165 |
ole32.dll |
CoTaskMemRealloc
CoTaskMemAlloc CoCreateInstance CoUninitialize CoInitialize CoCreateGuid CoTaskMemFree |
OLEAUT32.dll |
VarUI4FromStr
SysAllocString VariantClear |
SHLWAPI.dll |
PathIsDirectoryW
StrStrIA StrStrIW StrCmpNIW StrCmpIW SHSetValueA PathAppendW SHGetValueA PathRemoveFileSpecW PathFileExistsW PathCombineW StrTrimA |
COMCTL32.dll |
InitCommonControlsEx
|
WS2_32.dll |
__WSAFDIsSet
accept bind closesocket connect ioctlsocket getpeername getsockname getsockopt htonl htons listen ntohl ntohs select setsockopt shutdown WSASetLastError WSACleanup send recv WSAGetLastError WSAIoctl WSARecv WSASend WSASocketW WSAAddressToStringW getaddrinfo freeaddrinfo WSAStartup |
CRYPT32.dll |
CertGetNameStringW
CertCloseStore CertOpenStore CertEnumCertificatesInStore CertFindCertificateInStore CertDuplicateCertificateContext CertFreeCertificateContext CertGetCertificateContextProperty |
VERSION.dll |
GetFileVersionInfoW
VerQueryValueW GetFileVersionInfoSizeW |
WININET.dll |
InternetGetConnectedState
|
IPHLPAPI.DLL |
GetAdaptersInfo
|
WINTRUST.dll |
WTHelperProvDataFromStateData
WinVerifyTrust |
urlmon.dll |
URLDownloadToFileW
URLDownloadToCacheFileW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.5022.1005.520 |
ProductVersion | 1.5022.1005.520 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | Chinese - PRC |
FileVersion (#2) | 1.5022.1005.520 |
InternalName | DiagnoseTools.exe |
LegalCopyright | 版权所有 (C) 2008-2022 |
OriginalFilename | DiagnoseTools.exe |
ProductName | DiagnoseTools |
ProductVersion (#2) | 1.5022.1005.520 |
Resource LangID | Chinese - PRC |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-May-25 09:00:00 |
Version | 0.0 |
SizeofData | 118 |
AddressOfRawData | 0x1d63b4 |
PointerToRawData | 0x1d53b4 |
Referenced File | D:\Jenkins\.jenkins\workspace\master_lu\diagnosetools\tcp_connecter\Release\DiagnoseTools.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-May-25 09:00:00 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x1d642c |
PointerToRawData | 0x1d542c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2022-May-25 09:00:00 |
Version | 0.0 |
SizeofData | 972 |
AddressOfRawData | 0x1d6440 |
PointerToRawData | 0x1d5440 |
StartAddressOfRawData | 0x5d681c |
---|---|
EndAddressOfRawData | 0x5d6824 |
AddressOfIndex | 0x5f3edc |
AddressOfCallbacks | 0x5676a0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x5e7330 |
SEHandlerTable | 0x5d5980 |
SEHandlerCount | 653 |
XOR Key | 0x4ad27020 |
---|---|
Unmarked objects | 0 |
241 (40116) | 23 |
243 (40116) | 180 |
242 (40116) | 31 |
C objects (VS2017 v15.2 compiler 25019) | 459 |
C++ objects (VS2017 v15.7.5 compiler 26433) | 21 |
ASM objects (VS 2015/2017 runtime 26706) | 25 |
C++ objects (VS2017 v15.9.14-15 compiler 27032) | 6 |
C objects (VS 2015/2017 runtime 26706) | 36 |
C++ objects (VS 2015/2017 runtime 26706) | 132 |
C objects (VS2008 SP1 build 30729) | 3 |
Imports (VS2008 SP1 build 30729) | 31 |
Total imports | 370 |
C++ objects (VS2017 v15.9.12-13 compiler 27031) | 33 |
Resource objects (VS2017 v15.9.12-13 compiler 27031) | 1 |
151 | 1 |
Linker (VS2017 v15.9.12-13 compiler 27031) | 1 |