Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Dec-01 13:53:50 |
Detected languages |
Chinese - PRC
|
FileVersion | 1.8.4.6 |
FileDescription | Windows 服务主进程 |
ProductName | 易语言程序 |
ProductVersion | 1.8.4.6 |
CompanyName | 可怜的鸟鸟~~ |
LegalCopyright | 可怜的鸟鸟~~ 版权所有 |
Comments | Windows 服务主进程 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual Basic v5.0 - v6.0 MASM/TASM - sig1(h) Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses constants related to DES Uses constants related to TEA Uses known Diffie-Helman primes |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 50/68 (Scanned on 2017-12-11 02:05:31) |
MicroWorld-eScan:
Trojan.Generic.22698937
CAT-QuickHeal: Trojan.Generic.2919 McAfee: Artemis!F3D3866AA26D VIPRE: Trojan.Win32.Generic!BT K7GW: Trojan ( 00013a151 ) K7AntiVirus: Trojan ( 00013a151 ) TrendMicro: TROJ_GEN.R005C0DL217 Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9879 F-Prot: W32/S-47c1ea66!Eldorado Symantec: Trojan.Gen.6 TotalDefense: Win32/Oflwr.A!crypt TrendMicro-HouseCall: TROJ_GEN.R005C0DL217 Avast: Win32:Malware-gen ClamAV: Win.Trojan.Generic-6260335-1 GData: Trojan.Generic.22698937 Kaspersky: not-a-virus:NetTool.Win32.Portscan.lt BitDefender: Trojan.Generic.22698937 NANO-Antivirus: Exploit.Win32.Equation.evsxnb AegisLab: Troj.Downloader.W32.FraudLoad.lx2b Rising: Trojan.ELang!1.64ED (CLASSIC) Ad-Aware: Trojan.Generic.22698937 Sophos: Mal/Generic-S Comodo: Worm.Win32.Dropper.RA F-Secure: Trojan:W32/DelfInject.R Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.Generic.tc Emsisoft: Trojan.Generic.22698937 (B) SentinelOne: static engine - malicious Cyren: W32/S-47c1ea66!Eldorado Jiangmin: Trojan.Script.acny Avira: TR/Eqtonex.DG Endgame: malicious (high confidence) Arcabit: Trojan.Generic.D15A5BB9 ZoneAlarm: not-a-virus:NetTool.Win32.Portscan.lt Microsoft: Trojan:Win32/Eqtonex.C!dha ALYac: Trojan.Generic.22698937 AVware: Trojan.Win32.Generic!BT MAX: malware (ai score=100) VBA32: Backdoor.ShadowBrokers Cylance: Unsafe Panda: Trj/GdSda.A ESET-NOD32: a variant of Win32/FlyStudio.OPD Tencent: Script.Trojan.Equationdrug.Eegx eGambit: Trojan.Generic Fortinet: Riskware/Qhost AVG: Win32:Malware-gen Cybereason: malicious.766345 Paloalto: generic.ml CrowdStrike: malicious_confidence_90% (W) Qihoo-360: Win32/Trojan.ad7 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x110 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2017-Dec-01 13:53:50 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x71000 |
SizeOfInitializedData | 0x8ef000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00052C70 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x72000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x987000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WINMM.dll |
midiStreamOut
midiOutPrepareHeader waveOutUnprepareHeader waveOutPrepareHeader waveOutWrite waveOutPause waveOutReset waveOutClose waveOutGetNumDevs waveOutOpen midiOutUnprepareHeader midiStreamOpen midiStreamStop midiOutReset midiStreamClose midiStreamRestart midiStreamProperty |
---|---|
WS2_32.dll |
#101
#3 #115 #52 #17 #10 #12 #16 #116 #1 #5 #57 |
KERNEL32.dll |
SetLastError
GetTimeZoneInformation GetVersion GetACP HeapSize RaiseException GetLocalTime GetSystemTime GetStartupInfoA GetOEMCP GetCPInfo GetProcessVersion SetErrorMode GlobalFlags GetCurrentThread GetFileTime TlsGetValue LocalReAlloc TlsSetValue TlsFree GlobalHandle TlsAlloc LocalAlloc lstrcmpA GlobalGetAtomNameA GlobalAddAtomA GlobalFindAtomA GlobalDeleteAtom lstrcmpiA SetEndOfFile UnlockFile LockFile FlushFileBuffers DuplicateHandle lstrcpynA FileTimeToLocalFileTime FileTimeToSystemTime LocalFree InterlockedDecrement InterlockedIncrement OpenProcess TerminateProcess GetFileSize SetFilePointer CreateToolhelp32Snapshot Process32First Process32Next WideCharToMultiByte MultiByteToWideChar GetCurrentProcess GetWindowsDirectoryA GetSystemDirectoryA CreateSemaphoreA ResumeThread ReleaseSemaphore EnterCriticalSection LeaveCriticalSection GetProfileStringA WriteFile ReadFile GetLastError WaitForMultipleObjects CreateFileA SetEvent FindResourceA LoadResource LockResource RemoveDirectoryA GetModuleFileNameA GetCurrentThreadId ExitProcess GlobalSize GlobalFree DeleteCriticalSection InitializeCriticalSection lstrcatA WinExec lstrcpyA FindNextFileA GlobalReAlloc InterlockedExchange HeapFree HeapReAlloc GetProcessHeap HeapAlloc GetFullPathNameA FreeLibrary LoadLibraryA lstrlenA GetVersionExA WritePrivateProfileStringA CreateThread CreateEventA Sleep GlobalAlloc GlobalLock GlobalUnlock GetTempPathA FindFirstFileA FindClose GetFileAttributesA DeleteFileA SetCurrentDirectoryA GetVolumeInformationA GetModuleHandleA GetProcAddress MulDiv GetCommandLineA GetTickCount WaitForSingleObject CloseHandle UnhandledExceptionFilter FreeEnvironmentStringsA FreeEnvironmentStringsW GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType GetEnvironmentVariableA HeapDestroy HeapCreate VirtualFree SetEnvironmentVariableA LCMapStringA LCMapStringW VirtualAlloc IsBadWritePtr SetUnhandledExceptionFilter GetStringTypeA GetStringTypeW CompareStringA CompareStringW IsBadReadPtr IsBadCodePtr SetStdHandle RtlUnwind |
USER32.dll |
GetMenu
SetMenu PeekMessageA IsIconic SetFocus GetActiveWindow GetWindow DestroyAcceleratorTable SetWindowRgn DefWindowProcA GetClassInfoA DeleteMenu GetSystemMenu IsZoomed PostQuitMessage CopyAcceleratorTableA GetKeyState TranslateAcceleratorA IsWindowEnabled ShowWindow LoadImageA EnumDisplaySettingsA ClientToScreen EnableMenuItem GetSubMenu GetDlgCtrlID CreateAcceleratorTableA CreateMenu ModifyMenuA AppendMenuA CreatePopupMenu GetMessagePos DrawIconEx ChildWindowFromPointEx CopyRect LoadBitmapA WinHelpA KillTimer SetTimer ReleaseCapture GetCapture SetCapture GetScrollRange SetScrollRange SetScrollPos InflateRect SetRect IntersectRect GetSysColorBrush DestroyIcon PtInRect OffsetRect IsWindowVisible EnableWindow RedrawWindow GetWindowLongA SetWindowLongA GetSysColor SetActiveWindow SetCursorPos LoadCursorA SetCursor GetDC FillRect IsRectEmpty ReleaseDC IsChild DestroyMenu SetForegroundWindow GetWindowRect EqualRect UpdateWindow ValidateRect InvalidateRect GetClientRect GetFocus GetParent GetTopWindow PostMessageA IsWindow SetParent DestroyCursor SendMessageA SetWindowPos MessageBoxA GetCursorPos GetSystemMetrics EmptyClipboard SetClipboardData OpenClipboard GetClipboardData CloseClipboard wsprintfA CreateIconFromResource CreateIconFromResourceEx RegisterClipboardFormatA SetRectEmpty DispatchMessageA GetMessageA WindowFromPoint DrawEdge DrawFrameControl LoadIconA TranslateMessage SystemParametersInfoA GetForegroundWindow GetDesktopWindow GetClassNameA GetWindowThreadProcessId FindWindowA GetDlgItem GetWindowTextA ScreenToClient UnregisterClassA DrawFocusRect GetWindowTextLengthA CharUpperA GetWindowDC BeginPaint EndPaint TabbedTextOutA DrawTextA GrayStringA DestroyWindow CreateDialogIndirectParamA EndDialog GetNextDlgTabItem GetWindowPlacement RegisterWindowMessageA GetLastActivePopup GetMessageTime RemovePropA CallWindowProcA GetPropA UnhookWindowsHookEx SetPropA GetClassLongA CallNextHookEx SetWindowsHookExA CreateWindowExA GetMenuItemID GetMenuItemCount RegisterClassA GetScrollPos AdjustWindowRectEx MapWindowPoints SendDlgItemMessageA ScrollWindowEx IsDialogMessageA SetWindowTextA MoveWindow CheckMenuItem SetMenuItemBitmaps GetMenuState GetMenuCheckMarkDimensions LoadStringA |
GDI32.dll |
Escape
ExtTextOutA TextOutA RectVisible PtVisible GetViewportExtEx ExtSelectClipRgn CreateSolidBrush GetStockObject CreateFontIndirectA EndPage EndDoc DeleteDC StartDocA StartPage BitBlt CreateCompatibleDC Ellipse Rectangle LPtoDP DPtoLP GetTextMetricsA RoundRect GetTextExtentPoint32A GetDeviceCaps CreateRectRgnIndirect SetBkColor LineTo MoveToEx ExcludeClipRect GetClipBox ScaleWindowExtEx SetWindowExtEx CombineRgn CreateRectRgn FillRgn PatBlt CreatePen GetObjectA SelectObject CreateBitmap CreateDCA CreateCompatibleBitmap GetPolyFillMode GetStretchBltMode GetROP2 GetBkColor GetBkMode GetTextColor CreateRoundRectRgn CreateEllipticRgn PathToRegion EndPath BeginPath GetWindowOrgEx GetViewportOrgEx GetWindowExtEx GetDIBits SetWindowOrgEx ScaleViewportExtEx SetViewportExtEx OffsetViewportOrgEx SetViewportOrgEx SetMapMode SetTextColor RealizePalette SelectPalette StretchBlt CreatePalette GetSystemPaletteEntries CreateDIBitmap DeleteObject SelectClipRgn CreatePolygonRgn GetCurrentObject GetClipRgn SetROP2 SetPolyFillMode SetBkMode RestoreDC SaveDC SetStretchBltMode |
WINSPOOL.DRV |
OpenPrinterA
DocumentPropertiesA ClosePrinter |
ADVAPI32.dll |
RegOpenKeyExA
RegSetValueExA RegCreateKeyA RegQueryValueA RegCreateKeyExA RegCloseKey |
SHELL32.dll |
SHGetSpecialFolderPathA
ShellExecuteA Shell_NotifyIconA |
ole32.dll |
CLSIDFromString
OleUninitialize OleInitialize |
OLEAUT32.dll |
#161
#163 #186 |
COMCTL32.dll |
#17
ImageList_Destroy |
comdlg32.dll |
ChooseColorA
GetFileTitleA GetSaveFileNameA GetOpenFileNameA |
打开 |
保存为 |
所有文件 (*.*) |
无标题 |
一未命名文件 |
隐藏(&H) |
得不到出错信息。 |
试图执行系统不支持的操作。 |
必需的资源无法得到。 |
内存不足。 |
出现了未知的错误 |
无效的文件名。 |
打开文档失败。 |
保存文档失败。 |
将改动保存到 %1? |
建立空文档失败。 |
该文件太大,无法打开。 |
无法启动打印作业。 |
启动帮助失败。 |
内部应用程序出错。 |
命令失败。 |
没有足够的内存执行操作。 |
系统注册项已被移除并且相应的 INI 文件(假如存在)也被删除。 |
不是所有的系统注册项(或 INI 文件)都被移除。 |
在系统中没有找到此程序需要的文件%s。 |
此程序连接到文件 %s 中丢失的输出 %s 。此机器可能有一个 %s 不兼容的版本。 |
请键入一个整数。 |
请键入一个数。 |
“请填入一个在%1和%2之间的整数。” |
“请填入一个在%1和%2之间的数字。” |
“请填入不多于%1个的字符。” |
请选择一个按钮。 |
“请填入一个在0和255之间的整数。” |
“请填入一个正整数。” |
“请填入一个日期和/或时间值。” |
“请填入一个货币值。” |
非预期的文件格式。 |
无法找到该文件。 |
请验证给出的路径和文件名是否正确。 |
目的磁盘驱动器已满。 |
无法对 %1 进行读操作,它已经被其他人打开。 |
无法对 %1 进行写操作,因为它是只读文件或已经被其他人打开。 |
在对 %1 进行读操作时发生了一个非预期的错误。 |
在对 %1 进行写操作时发生了一个非预期的错误。 |
无法读只写特性。 |
无法写只读特性。 |
无法装入邮件系统支援。 |
邮件系统 DLL 无效。 |
传递邮件未能传递信息。 |
无错误发生。 |
在对 %1 进行访问时发生了一个不明错误。 |
没有找到 %1。 |
%1 中包含无效的路径。 |
无法打开 %1 因为太多文件已被打开。 |
对 %1 的存取被拒绝。 |
一个无效的文件柄与 %1 相关联。 |
无法删除 %1 因为它是当前目录。 |
该目录已满,无法创建 %1。 |
对 %1 进行查找失败。 |
在存取 %1 时一个硬件输入/输出错误被报告。 |
在存取 %1 时发生共享违例。 |
在存取 %1 时发生锁违例。 |
在存取 %1 时磁盘已满。 |
试图越过其尾端对 %1 进行读写。 |
无错误发生。 |
在对 %1 进行访问时发生了一个不明错误。 |
试图在对 %1 进行读操作的同时对其进行写操作。 |
试图越过其尾端对 %1 进行读写。 |
试图在对 %1 进行写操作的同时对其进行读操作。 |
%1 格式错。 |
%1 含有非预期的对象。 |
%1 包含错误的模式。 |
象素 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0 |
FileVersion | 1.8.4.6 |
ProductVersion | 1.8.4.6 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | Chinese - PRC |
FileVersion (#2) | 1.8.4.6 |
FileDescription | Windows 服务主进程 |
ProductName | 易语言程序 |
ProductVersion (#2) | 1.8.4.6 |
CompanyName | 可怜的鸟鸟~~ |
LegalCopyright | 可怜的鸟鸟~~ 版权所有 |
Comments | Windows 服务主进程 |
Resource LangID | Chinese - PRC |
---|
XOR Key | 0x6d9323a |
---|---|
Unmarked objects | 0 |
12 (7291) | 5 |
C++ objects (8047) | 9 |
C objects (8047) | 6 |
14 (7299) | 44 |
19 (8022) | 44 |
19 (8034) | 24 |
Total imports | 669 |
Imports (2179) | 3 |
C objects (VS98 SP6 build 8804) | 210 |
C++ objects (VS98 SP6 build 8804) | 112 |
C++ objects (VS98 build 8168) | 74 |
Unmarked objects (#2) | 48 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |