Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2015-Sep-18 06:56:52 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
C:\vmagent_new\bin\joblist\52504\out\Release\SelfChk.pdb
|
CompanyName | 360互联网安全中心 |
FileDescription | 360 客户端组件 |
FileVersion | 1, 0, 0, 1008 |
InternalName | EntClientNotice.dll |
LegalCopyright | (C) 360.cn All Rights Reserved |
OriginalFilename | EntClientNotice.dll |
ProductName | 360 企业安全 |
ProductVersion | 1, 0, 0, 1008 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA256 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Qihoo 360 Software (Beijing) Company Limited
Issuer: VeriSign Class 3 Code Signing 2010 CA |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2015-Sep-18 06:56:52 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x18a00 |
SizeOfInitializedData | 0x3ec00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000AC5F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x5e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x690f9 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
LoadResource
FindResourceW FindResourceExW MultiByteToWideChar GetFileSize GetLastError MoveFileExW SetEndOfFile FlushFileBuffers FreeResource LoadLibraryW LeaveCriticalSection FreeLibrary LockResource EnterCriticalSection GetCurrentProcessId GetFileSizeEx SizeofResource WriteFile CloseHandle CreateFileW SetFilePointer DeleteAtom FindAtomW ReleaseMutex AddAtomW OpenThread GetAtomNameW WaitForSingleObject CreateMutexW ReadFile WideCharToMultiByte DeleteFileW CreateDirectoryW GetProcAddress GetSystemTime LocalFree FormatMessageW OutputDebugStringW SetFilePointerEx LocalFileTimeToFileTime HeapDestroy HeapAlloc HeapFree HeapReAlloc HeapSize GetProcessHeap RaiseException InitializeCriticalSection DeleteCriticalSection GetModuleHandleW DeviceIoControl TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetCurrentThreadId GetCommandLineA RtlUnwind GetCPInfo InterlockedIncrement InterlockedDecrement GetACP GetOEMCP IsValidCodePage TlsGetValue TlsAlloc TlsSetValue TlsFree SetLastError LCMapStringA LCMapStringW HeapCreate VirtualFree VirtualAlloc Sleep ExitProcess SetHandleCount GetStdHandle GetFileType GetStartupInfoA GetModuleFileNameA FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW QueryPerformanceCounter GetTickCount GetSystemTimeAsFileTime GetStringTypeA GetStringTypeW GetLocaleInfoA GetConsoleCP GetConsoleMode InitializeCriticalSectionAndSpinCount LoadLibraryA SetStdHandle WriteConsoleA GetConsoleOutputCP WriteConsoleW CreateFileA SystemTimeToFileTime GetModuleFileNameW |
---|---|
ADVAPI32.dll |
RegEnumKeyExW
RegQueryValueExW RegOpenKeyExW RegQueryValueExA RegCloseKey |
SHLWAPI.dll |
PathFileExistsW
PathIsDirectoryW PathRemoveFileSpecW SHGetValueW PathCombineW |
Ordinal | 1 |
---|---|
Address | 0x1020 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.1008 |
ProductVersion | 1.0.0.1008 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | Chinese - PRC |
CompanyName | 360互联网安全中心 |
FileDescription | 360 客户端组件 |
FileVersion (#2) | 1, 0, 0, 1008 |
InternalName | EntClientNotice.dll |
LegalCopyright | (C) 360.cn All Rights Reserved |
OriginalFilename | EntClientNotice.dll |
ProductName | 360 企业安全 |
ProductVersion (#2) | 1, 0, 0, 1008 |
Resource LangID | Chinese - PRC |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2015-Sep-18 06:56:52 |
Version | 0.0 |
SizeofData | 81 |
AddressOfRawData | 0x1cf08 |
PointerToRawData | 0x1bd08 |
Referenced File | C:\vmagent_new\bin\joblist\52504\out\Release\SelfChk.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1001f030 |
SEHandlerTable | 0x1001d240 |
SEHandlerCount | 19 |
XOR Key | 0xfa58708c |
---|---|
Unmarked objects | 0 |
Unmarked objects (#2) | 1 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
ASM objects (VS2008 SP1 build 30729) | 18 |
C objects (VS2008 SP1 build 30729) | 123 |
C++ objects (VS2008 SP1 build 30729) | 56 |
Imports (VS2008 SP1 build 30729) | 15 |
Total imports | 150 |
138 (VS2008 SP1 build 30729) | 20 |
Exports (VS2008 SP1 build 30729) | 1 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |