Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2023-Jan-09 14:32:56 |
Detected languages |
English - United States
|
TLS Callbacks | 4 callback(s) detected. |
Debug artifacts |
C:\devops\data\p-de29a525dbdc4491830d2e9993627fc7\win\out\MTRelease\WXWorkWeb.pdb
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig2(h) MASM/TASM - sig1(h) |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses known Mersenne Twister constants |
Suspicious | The PE is possibly packed. | Unusual section name found: malloc_h |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Tencent Technology(Shenzhen) Company Limited
Issuer: DigiCert Assured ID Code Signing CA-1 |
Safe | VirusTotal score: 0/58 (Scanned on 2023-01-24 07:24:40) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x158 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2023-Jan-09 14:32:56 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x257a00 |
SizeOfInitializedData | 0xabe00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x001D6440 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x25a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x309000 |
SizeOfHeaders | 0x400 |
Checksum | 0x308aca |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
adj.dll |
?GetStatusADJ@@YAHXZ
|
---|---|
SHLWAPI.dll |
PathMatchSpecW
PathFileExistsW |
libcef.dll |
cef_v8context_get_current_context
cef_v8value_create_array cef_v8value_create_object cef_v8value_create_string cef_v8value_create_double cef_v8value_create_int cef_v8value_create_bool cef_v8value_create_null cef_string_multimap_free cef_string_multimap_alloc cef_zip_reader_create cef_string_multimap_append cef_string_multimap_value cef_string_multimap_key cef_string_multimap_size cef_string_map_append cef_string_map_value cef_string_map_key cef_string_map_size cef_string_list_append cef_string_list_value cef_string_list_size cef_dictionary_value_create cef_browser_host_create_browser cef_cookie_manager_get_global_manager cef_get_min_log_level cef_stream_reader_create_for_data cef_stream_reader_create_for_file cef_log cef_value_create cef_write_json cef_parse_json cef_get_mime_type cef_quit_message_loop cef_run_message_loop cef_shutdown cef_execute_process cef_register_extension cef_post_delayed_task cef_post_task cef_currently_on cef_api_hash cef_command_line_create cef_string_map_free cef_string_map_alloc cef_string_list_free cef_string_list_alloc cef_process_message_create cef_list_value_create cef_string_userfree_utf16_free cef_stream_reader_create_for_handler cef_string_utf16_clear cef_string_utf8_to_utf16 cef_string_utf16_set cef_string_utf8_clear cef_string_utf16_cmp cef_string_utf16_to_utf8 cef_string_ascii_to_utf16 cef_time_from_doublet cef_time_to_basetime cef_initialize |
KERNEL32.dll |
HeapFree
HeapSize GetProcessHeap PostQueuedCompletionStatus EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionEx DeleteCriticalSection TlsAlloc TlsFree GetModuleFileNameW LoadLibraryW SearchPathW SetUnhandledExceptionFilter SetErrorMode InitializeCriticalSection CreateEventW TerminateProcess GetCurrentThreadId OpenThread SuspendThread CreateProcessW VirtualQuery VirtualAllocEx ReadProcessMemory WriteProcessMemory CreateFileMappingW MapViewOfFile FindResourceExW GetModuleHandleW LoadResource LockResource SizeofResource WaitForMultipleObjects FindResourceW CreateToolhelp32Snapshot Thread32First Thread32Next Module32FirstW Module32NextW GetNamedPipeServerProcessId InterlockedExchange SetWaitableTimer WaitForSingleObjectEx CreateEventA CreateWaitableTimerW InterlockedDecrement SetEvent InterlockedExchangeAdd SleepEx TlsGetValue InterlockedIncrement QueryPerformanceCounter DeleteFileW GetNativeSystemInfo SetThreadPriority GetCurrentThread TlsSetValue InterlockedCompareExchange InitializeCriticalSectionAndSpinCount GetQueuedCompletionStatus TerminateThread QueueUserAPC VerSetConditionMask VerifyVersionInfoW CreateIoCompletionPort TryEnterCriticalSection ReleaseSRWLockExclusive RegisterWaitForSingleObject UnregisterWaitEx CreateNamedPipeW ConnectNamedPipe WaitNamedPipeW CancelIo OutputDebugStringA GetLocalTime GetCurrentDirectoryW ResetEvent GetThreadPriority CreateThread IsDebuggerPresent TzSpecificLocalTimeToSystemTime FileTimeToSystemTime SystemTimeToFileTime SystemTimeToTzSpecificLocalTime GetDiskFreeSpaceExW SetInformationJobObject DecodePointer CreateDirectoryW QueryDosDeviceW GetLongPathNameW RemoveDirectoryW GetTempPathW GetFileAttributesW SetFileAttributesW GetFileAttributesExW SetCurrentDirectoryW MoveFileExW LoadLibraryA GetModuleHandleExW GetThreadTimes VirtualQueryEx HeapAlloc GetFileInformationByHandle FlushFileBuffers FindFirstFileExW FindNextFileW HeapSetInformation GetUserDefaultLangID ExpandEnvironmentStringsW InitializeSListHead IsProcessorFeaturePresent GetLocaleInfoEx GetCPInfo CompareStringEx LCMapStringEx EncodePointer GetCurrentProcessorNumber GetCommandLineW LoadLibraryExW FreeLibrary VirtualFree VirtualAlloc GetVersionExW ReadFile GetFileSize CreateFileW GetModuleHandleA GetProcAddress WriteFile SetFilePointerEx SetEndOfFile RemoveDirectoryA CreateDirectoryA LocalFree FormatMessageA GetFileSizeEx GetSystemInfo CreateFileA MapViewOfFileEx CreateFileMappingA ReleaseSemaphore CreateSemaphoreA HeapDestroy SleepConditionVariableSRW SleepConditionVariableCS WakeAllConditionVariable UnmapViewOfFile ReleaseMutex WaitForSingleObject WakeConditionVariable InitializeConditionVariable GetExitCodeThread InitOnceExecuteOnce GetStringTypeW MultiByteToWideChar WideCharToMultiByte AcquireSRWLockExclusive InitializeSRWLock GetFileTime GetFullPathNameW DeviceIoControl GetWindowsDirectoryW AreFileApisANSI OutputDebugStringW LCMapStringW GetUserDefaultLCID SetProcessDEPPolicy UnregisterWait CreateMutexA FindClose FindNextFileA FindFirstFileA DuplicateHandle CloseHandle SetLastError GetLastError TerminateJobObject GetUserDefaultLocaleName EnumSystemLocalesEx GetProductInfo IsWow64Process TryAcquireSRWLockExclusive GetThreadId SwitchToThread GetTickCount Sleep GetProcessTimes GetSystemTimeAsFileTime K32EmptyWorkingSet ExitProcess GetCurrentProcessId GetCurrentProcess UnhandledExceptionFilter HeapReAlloc QueryPerformanceFrequency RaiseException GetStartupInfoW GetEnvironmentVariableW RtlCaptureStackBackTrace GetFileType SetHandleInformation AssignProcessToJobObject SetThreadAffinityMask GetProcessHeaps CreateJobObjectW QueryInformationJobObject VirtualProtectEx DeleteProcThreadAttributeList InitializeProcThreadAttributeList UpdateProcThreadAttribute CreateMutexW VirtualFreeEx GetProcessHandleCount SetEnvironmentVariableA FreeEnvironmentStringsW GetEnvironmentStringsW GetOEMCP IsValidCodePage WriteConsoleW EnumSystemLocalesW IsValidLocale GetLocaleInfoW CompareStringW GetTimeFormatW GetDateFormatW ReadConsoleW GetACP GetStdHandle GetTimeZoneInformation SetStdHandle GetConsoleMode GetConsoleCP PeekNamedPipe GetDriveTypeW FreeLibraryAndExitThread ExitThread SetConsoleCtrlHandler GetCommandLineA InterlockedPushEntrySList RtlUnwind CreateWaitableTimerA OpenEventA WaitForMultipleObjectsEx GetLogicalProcessorInformation SetEnvironmentVariableW CreateRemoteThread GetSystemDirectoryW DebugBreak lstrlenW FindFirstFileW |
USER32.dll |
DefWindowProcW
CallWindowProcW ClientToScreen ScreenToClient GetWindowLongW SetWindowLongW GetWindow DestroyWindow LoadCursorW RegisterClassExW CreateWindowExW PostQuitMessage KillTimer SendMessageW GetQueueStatus UnregisterClassW SystemParametersInfoW CreateDesktopW SetProcessWindowStation GetThreadDesktop CreateWindowStationW MsgWaitForMultipleObjectsEx PeekMessageW SetTimer GetProcessWindowStation GetUserObjectInformationW TranslateMessage CloseWindowStation CloseDesktop PostMessageW DispatchMessageW |
ADVAPI32.dll |
RegQueryValueExW
RegDisablePredefinedCache SetTokenInformation GetSecurityDescriptorSacl GetAce SetKernelObjectSecurity GetKernelObjectSecurity DuplicateTokenEx MapGenericMask DuplicateToken GetSecurityDescriptorDacl GetNamedSecurityInfoW ImpersonateLoggedOnUser AccessCheck InitializeSid IsValidSid GetLengthSid CreateWellKnownSid ConvertStringSidToSidW ConvertSidToStringSidW EqualSid CreateProcessAsUserW SetThreadToken CreateRestrictedToken LookupPrivilegeValueW AdjustTokenPrivileges GetSecurityInfo SetSecurityInfo BuildTrusteeWithSidW SetEntriesInAclW AddMandatoryAce FreeSid GetSidSubAuthority OpenProcessToken GetTokenInformation InitializeAcl SystemFunction036 RegOpenKeyW RegOpenKeyExW RegCreateKeyExW ReadEventLogA CloseEventLog OpenEventLogA RegCloseKey RegQueryValueExA RegOpenKeyExA SetSecurityDescriptorDacl InitializeSecurityDescriptor RevertToSelf |
SHELL32.dll |
ShellExecuteW
SHGetFolderPathW CommandLineToArgvW SHGetSpecialFolderPathW |
ole32.dll |
CoUninitialize
CoInitializeEx CoTaskMemFree |
PSAPI.DLL |
QueryWorkingSetEx
|
WS2_32.dll |
getsockname
listen socket connect accept recv send WSAGetLastError select WSASetLastError htonl WSAStartup ioctlsocket closesocket WSACleanup bind |
ntdll.dll |
RtlNtStatusToDosError
NtQueryInformationThread NtOpenKeyedEvent NtReleaseKeyedEvent NtWaitForKeyedEvent |
VERSION.dll |
VerQueryValueW
GetFileVersionInfoSizeW GetFileVersionInfoW |
dbghelp.dll |
SymCleanup
SymFromAddr SymSetOptions SymGetSearchPathW SymInitialize SymGetLineFromAddr64 SymSetSearchPathW |
WINMM.dll |
timeEndPeriod
timeBeginPeriod timeGetTime |
Ordinal | 1 |
---|---|
Address | 0x27cb0 |
Ordinal | 2 |
---|---|
Address | 0x10c0 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Jan-09 14:32:56 |
Version | 0.0 |
SizeofData | 106 |
AddressOfRawData | 0x2a18f4 |
PointerToRawData | 0x29f6f4 |
Referenced File | C:\devops\data\p-de29a525dbdc4491830d2e9993627fc7\win\out\MTRelease\WXWorkWeb.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Jan-09 14:32:56 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x2a1960 |
PointerToRawData | 0x29f760 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Jan-09 14:32:56 |
Version | 0.0 |
SizeofData | 1188 |
AddressOfRawData | 0x2a1974 |
PointerToRawData | 0x29f774 |
StartAddressOfRawData | 0x6a1e28 |
---|---|
EndAddressOfRawData | 0x6a1ed0 |
AddressOfIndex | 0x6e08f8 |
AddressOfCallbacks | 0x65ba74 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks |
0x0043DFC0
0x0051ECC0 0x005FFB60 0x0062C5B0 |
Size | 0xbc |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x6d1404 |
SEHandlerTable | 0x69e9e4 |
SEHandlerCount | 2075 |
GuardCFCheckFunctionPointer | 6661900 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xbb2b9fdc |
---|---|
Unmarked objects | 0 |
241 (40116) | 27 |
243 (40116) | 181 |
242 (40116) | 34 |
Imports (27412) | 2 |
C++ objects (VS2015 UPD3.1 build 24215) | 33 |
253 (28518) | 2 |
C objects (30034) | 20 |
ASM objects (30034) | 27 |
C++ objects (30034) | 100 |
C objects (65501) | 1 |
208 (65501) | 1 |
C++ objects (30146) | 133 |
Unmarked objects (#2) | 341 |
Imports (VS2015 UPD3.1 build 24215) | 2 |
C++ objects (LTCG) (VS2019 Update 11 (16.11.10) compiler 30140) | 329 |
Imports (65501) | 28 |
Imports (27045) | 3 |
Total imports | 629 |
C++ objects (VS2019 Update 11 (16.11.10) compiler 30140) | 27 |
Exports (VS2019 Update 11 (16.11.10) compiler 30140) | 1 |
Resource objects (VS2019 Update 11 (16.11.10) compiler 30140) | 1 |
Linker (VS2019 Update 11 (16.11.10) compiler 30140) | 1 |