Manalyze report for dbd2a262034e72ab81776b6b960cc207

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Sep-18 06:56:52
Detected languages	Chinese - PRC English - United States
Debug artifacts	C:\vmagent_new\bin\joblist\52504\out\Release\SelfChk.pdb
CompanyName	360互联网安全中心
FileDescription	360 客户端组件
FileVersion	`1, 0, 0, 1008`
InternalName	EntClientNotice.dll
LegalCopyright	(C) 360.cn All Rights Reserved
OriginalFilename	EntClientNotice.dll
ProductName	360 企业安全
ProductVersion	`1, 0, 0, 1008`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA256`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryA` `Can access the registry: RegEnumKeyExW RegQueryValueExW RegOpenKeyExW RegQueryValueExA RegCloseKey SHGetValueW`
Info	The PE is digitally signed.	`Signer: Qihoo 360 Software (Beijing) Company Limited` `Issuer: VeriSign Class 3 Code Signing 2010 CA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`dbd2a262034e72ab81776b6b960cc207`
SHA1	`6f743187a691f800bdd94df3e4c3951fce033983`
SHA256	`322a3189ff43abe66c2aae9ab84dcd5e1f9271ad77d81a367f7f5841c1839ce2`
SHA3	`c4bd1b70e624cd5fb9d55609f5888589a050850c0a30a86c909147288fc1c22f`
SSDeep	`6144:4UJ2m+9GUuzc4YfmbNTR9xEAD7adReqh+ONT8/omvHsNjDxtd:p2m+9Gxo+RJ7a/Xh+Ot8AacjNtd`
Imports Hash	`ad6335782335983d2175d34227504f2c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2015-Sep-18 06:56:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x18a00`
SizeOfInitializedData	`0x3ec00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000AC5F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1a000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x5e000`
SizeOfHeaders	`0x400`
Checksum	`0x690f9`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ccae56c8e7d54fe673096e6bfffd0647`
SHA1	`eae2e3bf84efb860181574bf8a39602d46b54d68`
SHA256	`d4c4bf78f5758ae0d2868184124c0d3e5a82d30844fabcf35a5e3a99b8ab4d4d`
SHA3	`d9c6307e515589a33d567590d8b4065b618fb25761c2551ff86aacb4e80f00d0`
VirtualSize	`0x18857`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64744`

.rdata

MD5	`c9b6b2698c41c592741a224ff1c3767d`
SHA1	`7867e2e2738f196735cb3d74e178435c60cf02d2`
SHA256	`20a333864f8e758046ca3c91f4a2f2878f1f0ad502b676433cf632599e495ce2`
SHA3	`4c64b76d4fc142a3c0642ec9a3d4d520d20077346d25fc616c79084312a6089e`
VirtualSize	`0x46ca`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x18e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.42169`

.data

MD5	`52dec730b9476dec276589d0e0371588`
SHA1	`3c3095f2b177a041bf29cb801f9e4fb2e4fb7274`
SHA256	`6c4e54f4dd71a8f7ab41028212168a67fa3a9807f0d1fd1d3d60795e723deccb`
SHA3	`4de48a3d405abf1f681ef0bda9343626f0b93c66c462c0a8d5b68777ade4fb7e`
VirtualSize	`0x40dc`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x1d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.3507`

.rsrc

MD5	`e9ae0eab659612cdd0a5b16f4da4bea3`
SHA1	`c1b78d81458952fd42167ae401d4738a7fd50e87`
SHA256	`3c4ec870c684634e0df3a8db805284182d7431731780a71f6b9cc63a3d682b15`
SHA3	`6a93572a62c46f51c36e2b6d7cf45ef0aeedbdb4f0a32883a22cb0730d1fc6f8`
VirtualSize	`0x36610`
VirtualAddress	`0x24000`
SizeOfRawData	`0x36800`
PointerToRawData	`0x1ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.72748`

.reloc

MD5	`7dc2a98e501a4adeca70bad62cea4128`
SHA1	`a22b7363715c7ffe0c493f632f4c6aa614f173bf`
SHA256	`b891ec4f6b0a69490954b0f6b5f20c9272a9819d59e3aa24e1a49bf68ddc68bc`
SHA3	`b9832716b45c5d7fbd69cbaaa1506b4b39ccea639a6493c605890a6a08f9d37b`
VirtualSize	`0x2304`
VirtualAddress	`0x5b000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x55600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.11915`

Imports

KERNEL32.dll	`LoadResource` `FindResourceW` `FindResourceExW` `MultiByteToWideChar` `GetFileSize` `GetLastError` `MoveFileExW` `SetEndOfFile` `FlushFileBuffers` `FreeResource` `LoadLibraryW` `LeaveCriticalSection` `FreeLibrary` `LockResource` `EnterCriticalSection` `GetCurrentProcessId` `GetFileSizeEx` `SizeofResource` `WriteFile` `CloseHandle` `CreateFileW` `SetFilePointer` `DeleteAtom` `FindAtomW` `ReleaseMutex` `AddAtomW` `OpenThread` `GetAtomNameW` `WaitForSingleObject` `CreateMutexW` `ReadFile` `WideCharToMultiByte` `DeleteFileW` `CreateDirectoryW` `GetProcAddress` `GetSystemTime` `LocalFree` `FormatMessageW` `OutputDebugStringW` `SetFilePointerEx` `LocalFileTimeToFileTime` `HeapDestroy` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `GetProcessHeap` `RaiseException` `InitializeCriticalSection` `DeleteCriticalSection` `GetModuleHandleW` `DeviceIoControl` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `GetCurrentThreadId` `GetCommandLineA` `RtlUnwind` `GetCPInfo` `InterlockedIncrement` `InterlockedDecrement` `GetACP` `GetOEMCP` `IsValidCodePage` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `SetLastError` `LCMapStringA` `LCMapStringW` `HeapCreate` `VirtualFree` `VirtualAlloc` `Sleep` `ExitProcess` `SetHandleCount` `GetStdHandle` `GetFileType` `GetStartupInfoA` `GetModuleFileNameA` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `QueryPerformanceCounter` `GetTickCount` `GetSystemTimeAsFileTime` `GetStringTypeA` `GetStringTypeW` `GetLocaleInfoA` `GetConsoleCP` `GetConsoleMode` `InitializeCriticalSectionAndSpinCount` `LoadLibraryA` `SetStdHandle` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `CreateFileA` `SystemTimeToFileTime` `GetModuleFileNameW`
ADVAPI32.dll	`RegEnumKeyExW` `RegQueryValueExW` `RegOpenKeyExW` `RegQueryValueExA` `RegCloseKey`
SHLWAPI.dll	`PathFileExistsW` `PathIsDirectoryW` `PathRemoveFileSpecW` `SHGetValueW` `PathCombineW`

Delayed Imports

EntHotFix

Ordinal	`1`
Address	`0x1020`

109

Type	`BIN`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x35ffd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.71005`
MD5	`bc8c896b008c7b891235bfd9ad0677e9`
SHA1	`204358e2dc2ce0a79fe635c6660addd58f35f7b2`
SHA256	`9374063c984d534309a358848736069d813dc8a9f7dbf34ce1c4989a529f8b79`
SHA3	`b1855e728d047a001fa338d54acacbb7b91ce8588bd480d04e3a285abe29a685`

864

Type	`RT_RCDATA`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x80`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.6132`
MD5	`4d95d3e5ac5b7ec062ab641d240fab68`
SHA1	`6c26bec0417e68950201d5e3906241da5e77aa44`
SHA256	`d4c0bd698b03bcae3d961e1c69b455e38ed273b0b53f422b3c26afe9b92cfd82`
SHA3	`249bd19845651d24ff6ebfff1ff7257a628ebc5707d8640cc5888f2b5fef2c7d`

1

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x2fc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.65301`
MD5	`291cd53d276599669cddae7a2f145fe4`
SHA1	`dc8830ca1273ca5c70ef479e23071a968b608ab8`
SHA256	`56832001c7db2b197db45b1f1e006c0a820f4ad6d05c8b777ba1717d031a383c`
SHA3	`2815ada63f12b5cf49aa7e36c2ce5b58c0463b2528442edc800c3808ab39cc43`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1008
ProductVersion	1.0.0.1008
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Chinese - PRC
CompanyName	360互联网安全中心
FileDescription	360 客户端组件
FileVersion (#2)	1, 0, 0, 1008
InternalName	EntClientNotice.dll
LegalCopyright	(C) 360.cn All Rights Reserved
OriginalFilename	EntClientNotice.dll
ProductName	360 企业安全
ProductVersion (#2)	1, 0, 0, 1008

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2015-Sep-18 06:56:52
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x1cf08`
PointerToRawData	`0x1bd08`
Referenced File	C:\vmagent_new\bin\joblist\52504\out\Release\SelfChk.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1001f030`
SEHandlerTable	`0x1001d240`
SEHandlerCount	`19`

RICH Header

XOR Key	`0xfa58708c`
Unmarked objects	`0`
Unmarked objects (#2)	`1`
C objects (VS2012 build 50727 / VS2005 build 50727)	`1`
ASM objects (VS2008 SP1 build 30729)	`18`
C objects (VS2008 SP1 build 30729)	`123`
C++ objects (VS2008 SP1 build 30729)	`56`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`150`
138 (VS2008 SP1 build 30729)	`20`
Exports (VS2008 SP1 build 30729)	`1`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

dbd2a262034e72ab81776b6b960cc207

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

EntHotFix

109

864

1

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors