Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1970-Jan-05 00:42:40 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
d:\QQPCDownloader_proj\PackageTools\product\win32\dbginfo\kpacket.pdb
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8 Microsoft Visual C++ 8.0 MSVC++ v.8 (procedure 1 recognized - h) |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The file headers were tampered with. | The RICH header checksum is invalid. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Tencent Technology(Shenzhen) Company Limited
Issuer: VeriSign Class 3 Code Signing 2010 CA |
Suspicious | VirusTotal score: 1/68 (Scanned on 2017-12-17 11:43:23) | ESET-NOD32: a variant of Win32/Tencent.E potentially unwanted |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 1970-Jan-05 00:42:40 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x3e000 |
SizeOfInitializedData | 0x16000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0002C5A9 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x3f000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x59000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x1866c4 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
ReadFile
GetModuleFileNameW CreateProcessW WaitForSingleObject GetSystemDirectoryW CloseHandle LoadLibraryW GetProcAddress FindResourceW GetCurrentProcessId SizeofResource LockResource LoadResource GetTempPathW CreateFileW FindResourceExW GetCurrentProcess GetFileSize TerminateProcess FindFirstFileW lstrcmpW SetFileAttributesW DeleteFileW MoveFileExW MultiByteToWideChar WideCharToMultiByte UnmapViewOfFile CreateFileMappingW MapViewOfFile EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects VirtualFree VirtualAlloc RemoveDirectoryW DeleteCriticalSection SetEvent InitializeCriticalSection ReleaseSemaphore ResetEvent CreateSemaphoreW CreateEventW WriteFile GetStdHandle CopyFileW SetFileTime MoveFileW GetCurrentDirectoryW GetTempFileNameW GetSystemInfo SystemTimeToFileTime LocalFileTimeToFileTime WriteConsoleW GetConsoleOutputCP WriteConsoleA GetLocaleInfoW CreateFileA SetFilePointer FindClose GetLastError GetTickCount FindNextFileW CreateDirectoryW GetFileAttributesW FlushFileBuffers SetStdHandle GetConsoleMode GetConsoleCP LoadLibraryA GetSystemTimeAsFileTime QueryPerformanceCounter GetCommandLineW GetCommandLineA GetEnvironmentStringsW FreeEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsA GetStartupInfoA HeapDestroy HeapAlloc HeapFree HeapReAlloc HeapSize GetProcessHeap RaiseException GetVersionExA InterlockedExchange GetACP GetLocaleInfoA GetThreadLocale InterlockedIncrement InterlockedDecrement Sleep UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent ExitThread GetCurrentThreadId CreateThread GetStartupInfoW RtlUnwind LCMapStringA LCMapStringW GetCPInfo GetModuleHandleA TlsGetValue TlsAlloc TlsSetValue TlsFree SetLastError ExitProcess GetOEMCP IsValidCodePage GetUserDefaultLCID EnumSystemLocalesA IsValidLocale GetStringTypeA GetStringTypeW HeapCreate GetModuleFileNameA SetHandleCount GetFileType |
---|---|
USER32.dll |
CharLowerW
CharUpperW UnregisterClassA |
ole32.dll |
CoUninitialize
CoInitialize |
OLEAUT32.dll |
#6
#2 #9 #10 |
SHLWAPI.dll |
PathAddBackslashW
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2014-May-15 07:43:39 |
Version | 0.0 |
SizeofData | 94 |
AddressOfRawData | 0x456a8 |
PointerToRawData | 0x456a8 |
Referenced File | d:\QQPCDownloader_proj\PackageTools\product\win32\dbginfo\kpacket.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x44d104 |
SEHandlerTable | 0x448290 |
SEHandlerCount | 174 |
XOR Key | 0xa0932074 |
---|---|
Unmarked objects | 0 |
126 (50327) | 1 |
ASM objects (VS2012 build 50727 / VS2005 build 50727) | 25 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 158 |
C++ objects (VS2012 build 50727 / VS2005 build 50727) | 68 |
C objects (VS2003 (.NET) build 4035) | 1 |
Imports (VS2003 (.NET) build 4035) | 17 |
Total imports | 185 |
114 (VS2012 build 50727 / VS2005 build 50727) | 93 |
Resource objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Linker (VS2012 build 50727 / VS2005 build 50727) | 1 |