Manalyze report for ee9732971005a41e0dc551385f96e1e5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Apr-02 01:40:19
Detected languages	Chinese - PRC English - United States
Debug artifacts	C:\jenkins\workspace\DFAppFoundation\drfonetoolkit\ModuleUpgrade\SharpUpgrade\Release\InstallAssistService.pdb
CompanyName	Wondershare
FileDescription	Wondershare InstallAssist
FileVersion	`1.0.0.5`
InternalName	InstallAssistService.exe
LegalCopyright	Copyright (C) 2020
OriginalFilename	InstallAssistService.exe
ProductName	Wondershare InstallAssist
ProductVersion	`1.0.0.5`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress` `Possibly launches other programs: CreateProcessAsUserW` `Leverages the raw socket API to access the Internet: #20 #2 #23 #3 #21 #6 #15 #115 #17 #9 #8 #11` `Functions related to the privilege level: OpenProcessToken DuplicateTokenEx` `Interacts with services: ControlService QueryServiceStatus OpenServiceW OpenSCManagerW DeleteService CreateServiceW` `Manipulates other processes: OpenProcess`
Info	The PE is digitally signed.	`Signer: Wondershare Technology Co.` `Issuer: DigiCert Assured ID Code Signing CA-1`
Safe	VirusTotal score: 0/73 (Scanned on 2020-05-16 04:15:05)	`All the AVs think this file is safe.`

Hashes

MD5	`ee9732971005a41e0dc551385f96e1e5`
SHA1	`50ec1dbb8b2b48c92073e0d09f9fa06bb2825f5b`
SHA256	`1f2d0c2d049c91ed43476ed7f0582595108f762597fb262bff38250f6a1ff12f`
SHA3	`a01bd0dd45922e3a85abfd298cd79fb8e052b1ff7ff128451ac315d54fea5cf3`
SSDeep	`6144:YUSQ/BVAeKS5w84cR4+qGA9HYpFOXDm3/ruhwO:YUSQ/BKiw8v4+fA9cFADfwO`
Imports Hash	`e91f41218c99b1cad3ab3ef0a91193a8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Apr-02 01:40:19
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x2a600`
SizeOfInitializedData	`0x13c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00014B25 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x43000`
SizeOfHeaders	`0x400`
Checksum	`0x5060e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c461d64104bcb9958daa0f118a202df5`
SHA1	`3e26f50a4a0c9b9b29be11bb3f5376bc0ef0bac8`
SHA256	`a181ba50d5ed1d204f92244051a00a78ce5d72813befca0b31cd18fdf10b1361`
SHA3	`baf8a104c1f54e24aee8a1099f4533fd0fae1470b57ae30a976f6cc2a7a2c6ec`
VirtualSize	`0x2a53e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2a600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64622`

.rdata

MD5	`2f77bf69457d0c9c2ae242a1ec1863ff`
SHA1	`d6baf22b3fccdab3fa2905332db8f7cb68e69980`
SHA256	`8a7e8e97861bbb041e53c48032c6f317262c7ffc809b94ad8f1639fa1c0c1b1b`
SHA3	`f0b27d8cab5859ef43d761ee6aa54abd73cc8ec59ece8510a84f198eee9fa743`
VirtualSize	`0x7c72`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0x2aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77247`

.data

MD5	`85c0c10e9b3512e72bfcb477715c6d6f`
SHA1	`ed93123aaea9fbb6e5a2b6e5ff29b2dfe6dbd415`
SHA256	`aac3456df7ac8bd7eef0857de9ac40a66528ba5ab2f46f762f5ffc2ac0d4b24a`
SHA3	`8c17aea5bde616b20e57be70cadd0d03503808e6a3347277331c854344f49a6b`
VirtualSize	`0x40a4`
VirtualAddress	`0x34000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x32800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.14975`

.rsrc

MD5	`d1e0b4c24271011d761ef14b1986a003`
SHA1	`058b61093a3b40f3287bd6597dbcf627ef37b7ad`
SHA256	`c039c0ad6fee2df9d52c58fc3cc156ba58f228aa0951209409ed69141bf61d75`
SHA3	`4d8a594209a4dbd4fa86d598938917935472094c8b3d252150e584a08e6cbc22`
VirtualSize	`0x6c10`
VirtualAddress	`0x39000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x34800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.56338`

.reloc

MD5	`1d7e4d9ff2a1fd454e0e6f84176187bc`
SHA1	`566d441ced56769cd413c9f8bbed3afdce5cd67a`
SHA256	`6e5247e1649243c76fda2c8b30e7031318b11c968cac2f6507eb65dd0a0b1afc`
SHA3	`78f73325d52c5c14748008f17a941b009ad806bc858ca886b73c2a7c9dbfba8d`
VirtualSize	`0x2e8c`
VirtualAddress	`0x40000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x3b600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.20812`

Imports

KERNEL32.dll	`MultiByteToWideChar` `WideCharToMultiByte` `GetModuleFileNameW` `Sleep` `WTSGetActiveConsoleSessionId` `OpenProcess` `GetCurrentThread` `GetCurrentProcess` `CloseHandle` `QueueUserWorkItem` `CreateEventW` `GetLastError` `SetEvent` `WaitForSingleObject` `CompareStringW` `GetProcessHeap` `SetEndOfFile` `CreateFileW` `CreateFileA` `WriteConsoleW` `SetStdHandle` `LoadLibraryW` `HeapReAlloc` `IsValidLocale` `EnumSystemLocalesA` `GetLocaleInfoA` `GetUserDefaultLCID` `HeapSize` `GetLocaleInfoW` `GetCurrentProcessId` `GetTickCount` `QueryPerformanceCounter` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetTimeZoneInformation` `FlushFileBuffers` `GetConsoleMode` `GetConsoleCP` `WriteFile` `SetFilePointer` `ReadFile` `InterlockedIncrement` `InterlockedDecrement` `InterlockedCompareExchange` `InterlockedExchange` `GetStringTypeW` `EncodePointer` `DecodePointer` `InitializeCriticalSection` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `HeapFree` `HeapAlloc` `GetFileAttributesA` `CreateDirectoryA` `GetTimeFormatA` `GetDateFormatA` `GetSystemTimeAsFileTime` `GetCommandLineW` `HeapSetInformation` `RaiseException` `GetCPInfo` `RtlUnwind` `LCMapStringW` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `IsProcessorFeaturePresent` `GetACP` `GetOEMCP` `IsValidCodePage` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetModuleHandleW` `SetLastError` `GetCurrentThreadId` `GetProcAddress` `SetHandleCount` `GetStdHandle` `InitializeCriticalSectionAndSpinCount` `GetFileType` `GetStartupInfoW` `HeapCreate` `ExitProcess` `SetEnvironmentVariableA`
ADVAPI32.dll	`GetTokenInformation` `ControlService` `QueryServiceStatus` `StartServiceW` `ChangeServiceConfig2W` `OpenServiceW` `OpenSCManagerW` `DeleteService` `CloseServiceHandle` `CreateServiceW` `ReportEventW` `RegisterServiceCtrlHandlerW` `SetServiceStatus` `DeregisterEventSource` `StartServiceCtrlDispatcherW` `RegisterEventSourceW` `FreeSid` `AllocateAndInitializeSid` `OpenProcessToken` `OpenThreadToken` `EqualSid` `CreateProcessAsUserW` `SetTokenInformation` `DuplicateTokenEx`
ole32.dll	`CoUninitialize` `CoCreateInstance` `CoInitialize`
OLEAUT32.dll	`#9` `#8` `#6` `#2`
WTSAPI32.dll	`WTSEnumerateSessionsW`
USERENV.dll	`CreateEnvironmentBlock` `DestroyEnvironmentBlock`
WS2_32.dll	`#20` `#2` `#23` `#3` `#21` `#6` `#15` `#115` `#17` `#9` `#8` `#11`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.99978`
MD5	`e36978db5b44cb34efd900a1792967ea`
SHA1	`ad98eca0809e866c3faf110227e4cd51abbd0738`
SHA256	`4d32a01ba6713a0e4ec37d3dc0b1409c967bd966c006bdd499184665fd786904`
SHA3	`bb4440167245f6debc7625d99ad9f5b5b007c9fe3847b53b398224fa37e85382`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.2906`
MD5	`05dfd5c03029efeb0d75545622b8367d`
SHA1	`8b5ef792a4c0d97ae9c92601865847934297acbd`
SHA256	`b915fdadb92f39e1b08311aba9a84d70d3abc2dd15a467939ee89fd64cf01ccb`
SHA3	`eb454b19e0ec11e3baf3549a87ddb5be6430362dfdf1a21b62223e13b48aee53`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.06031`
MD5	`c4887ae9021f5d34b859864cdf53dab5`
SHA1	`7897564927ea9dfb046431daa4ba2341e99c93d6`
SHA256	`63e15825b8e07843645f1b87d3fb5fd5136e18dd24cbfb4151da00afec928e52`
SHA3	`48b060411e79e317c94fee00b5da497544f5d556d49e9a9e9d5b0784d7f9e63e`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58563`
MD5	`3d371a8bb521480b1655f952de919901`
SHA1	`a1962034e785eaa9f32291de975cb53d97aa724a`
SHA256	`7fe01364feeabc01f49c550cd77ecef5b00e56f488feaeb66224c892edf49bc1`
SHA3	`abfa3fed41cd6215afa380e2ce83df8e8ef88485e49941aca81e4fa993d80715`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.07576`
MD5	`0b3c888e634172e308adf9d9b12add42`
SHA1	`319f9b1e484e9cfcd5be1ce8ddfeb0f6aa65a8e3`
SHA256	`6f52b6280a982a31ce5f592c59ac9180d69171f80f42487f1ca44cc428e1f2d1`
SHA3	`1fff5501a1f92ec88a84635b51cc4a92dade685a4feee24d14b474966df33d43`

101

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63539`
Detected Filetype	Icon file
MD5	`49a2d71db8996ec17363d4b886c81027`
SHA1	`b62ef4eb4ee8096b6c2cd9a25b485fbe957f5c32`
SHA256	`70c98eafd5a02e19e70eadf7057e2a72e1e00411700ad472f858cbf41e8a1127`
SHA3	`c0e8c4f85bf59aad1162168b74eab09615802fb7a5eeb40a1b0d7f265a2f6546`

1 (#2)

Type	`RT_VERSION`
Language	Chinese - PRC
Codepage	Latin 1 / Western European
Size	`0x324`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35887`
MD5	`44e00321aca615cc0daf943c675fafec`
SHA1	`be9bda21bcf0201b2a97b621f9f8952aa6cfe5f9`
SHA256	`89959fdfd52a5db2cc2ee012712a263c52da92aa2ce629a5a47bf769f3ae5847`
SHA3	`64cf48be149ce556bf3a1fcf78dfc4d2af06392f2a8aeed2893ac024044131e8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x165`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.77792`
MD5	`b9b507d6297b2d514477db4ae0d55ea6`
SHA1	`e8c4b4e815c1788b3bab96fc44560d7282282fe1`
SHA256	`ec5d04c8ef3fe0e571c8e604bf146b393108cee11f1ad3d665b7501ec20d37d0`
SHA3	`85e8c59b71094f3ffe0990fe28a56df78d58756dc3a423284dff50f92ed7fa6f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.5
ProductVersion	1.0.0.5
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Chinese - PRC
CompanyName	Wondershare
FileDescription	Wondershare InstallAssist
FileVersion (#2)	1.0.0.5
InternalName	InstallAssistService.exe
LegalCopyright	Copyright (C) 2020
OriginalFilename	InstallAssistService.exe
ProductName	Wondershare InstallAssist
ProductVersion (#2)	1.0.0.5

Resource LangID	Chinese - PRC

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Apr-02 01:40:19
Version	`0.0`
SizeofData	`135`
AddressOfRawData	`0x30158`
PointerToRawData	`0x2eb58`
Referenced File	C:\jenkins\workspace\DFAppFoundation\drfonetoolkit\ModuleUpgrade\SharpUpgrade\Release\InstallAssistService.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x434674`
SEHandlerTable	`0x431130`
SEHandlerCount	`81`

RICH Header

XOR Key	`0x42a70ff4`
Unmarked objects	`0`
152 (20115)	`3`
ASM objects (VS2010 build 30319)	`25`
C++ objects (VS2010 build 30319)	`64`
C objects (VS2010 build 30319)	`180`
C objects (VS2008 SP1 build 30729)	`2`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`148`
175 (VS2010 build 30319)	`8`
Resource objects (VS2010 build 30319)	`1`
Linker (VS2010 build 30319)	`1`

ee9732971005a41e0dc551385f96e1e5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors