AddFile
Close
Init
Write
Overview
overview
5Static
static
3c7527fff29...07.exe
windows7-x64
3c7527fff29...07.exe
windows10-2004-x64
3$PLUGINSDIR/LogEx.dll
windows7-x64
3$PLUGINSDIR/LogEx.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...s2.dll
windows7-x64
3$PLUGINSDI...s2.dll
windows10-2004-x64
3$_4_/EntAd...$1.exe
windows7-x64
5$_4_/EntAd...$1.exe
windows10-2004-x64
1$_4_/EntAd...sh.exe
windows7-x64
1$_4_/EntAd...sh.exe
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c7527fff29aa118626c8abfcdb69699b85e22023375b69708b3c653228eb2d07.exe
Resource
win7-20240319-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
c7527fff29aa118626c8abfcdb69699b85e22023375b69708b3c653228eb2d07.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LogEx.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LogEx.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/ipinfo.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/ipinfo.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsProcess2.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsProcess2.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral11
Sample
$_4_/EntAdmin/publish/$1.exe
Resource
win7-20240220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral12
Sample
$_4_/EntAdmin/publish/$1.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral13
Sample
$_4_/EntAdmin/publish/$_4_/EntAdmin/publish/360EntPublish.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
$_4_/EntAdmin/publish/$_4_/EntAdmin/publish/360EntPublish.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
c7527fff29aa118626c8abfcdb69699b85e22023375b69708b3c653228eb2d07
-
Size
3.9MB
-
MD5
8068af239d751059638a3d71ffb7d801
-
SHA1
a244dbe080b19c44798934abf3874296ade07305
-
SHA256
c7527fff29aa118626c8abfcdb69699b85e22023375b69708b3c653228eb2d07
-
SHA512
5906a92100d885231531838e8033f6f75c440517392124d6669239a5437e508b67bc4f8c00bd28fbdd6267393a53113ad87cbc74d428d7c6f7c03fa20cb77486
-
SSDEEP
98304:BSnOQqDcG39DvriCqEIcvQgo4H3Mihf6bKlsb1626YuH:BSPq1ziCqEHvQsH3MihfOIs0
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource c7527fff29aa118626c8abfcdb69699b85e22023375b69708b3c653228eb2d07 unpack001/$PLUGINSDIR/LogEx.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/ipinfo.dll unpack001/$PLUGINSDIR/nsProcess2.dll
Files
-
c7527fff29aa118626c8abfcdb69699b85e22023375b69708b3c653228eb2d07.exe windows:4 windows x86 arch:x86
61259b55b8912888e90f516ca08dc514
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW
shell32
SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 188KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/LogEx.dll.dll windows:4 windows x86 arch:x86
549d7b44067bbcdf42bf6a90a80a3a9e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
WriteFile
CreateFileW
CloseHandle
GlobalFree
GlobalAlloc
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InterlockedDecrement
InterlockedIncrement
user32
FindWindowExW
GetDlgItem
SendMessageW
SetWindowTextW
Exports
Exports
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
fc0224e99e736751432961db63a41b76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ipinfo.dll.dll windows:5 windows x86 arch:x86
bea86bd9c8ef3395bcf4fe072900cb6b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\vmagent_new\bin\joblist\735242\out\Release\ipinfo.pdb
Imports
kernel32
GetProcessHeap
HeapAlloc
GlobalFree
lstrcpynW
lstrcpyW
GlobalAlloc
HeapFree
GetProcAddress
GetModuleHandleExW
FreeLibrary
ExitProcess
Sleep
TerminateProcess
GetCurrentProcess
RtlUnwind
InterlockedFlushSList
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
MultiByteToWideChar
ws2_32
inet_ntoa
gethostbyname
gethostname
WSAStartup
msvcrt
free
_XcptFilter
__CxxFrameHandler
_initterm
__getmainargs
?what@exception@@UBEPBDXZ
??3@YAXPAX@Z
?terminate@@YAXXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
memmove
_CxxThrowException
??2@YAPAXI@Z
memset
memcpy
Exports
Exports
iscurrent_ip
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 257KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/nsProcess2.dll.dll windows:5 windows x86 arch:x86
90ada007c5494e8534aec697d83df795
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\vmagent_new\bin\joblist\745878\out\Release\nsProcess2.pdb
Imports
kernel32
OpenProcess
GetVersionExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
lstrcmpiW
lstrcpynW
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
GlobalFree
lstrcpyW
CreateDirectoryW
GetExitCodeProcess
GetTempFileNameW
WriteFile
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
Sleep
GetTickCount
RemoveDirectoryW
FormatMessageW
MoveFileW
MoveFileExW
GetACP
PeekNamedPipe
AreFileApisANSI
GetFileType
GetFileInformationByHandle
GetDriveTypeW
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObject
SetLastError
GetLastError
CloseHandle
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
WideCharToMultiByte
CreateFileW
MultiByteToWideChar
GetSystemDirectoryW
DeviceIoControl
GetFullPathNameW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleExW
ExitProcess
RtlUnwind
InterlockedFlushSList
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeW
user32
LoadStringW
wsprintfW
GetWindowThreadProcessId
EnumWindows
PostMessageW
advapi32
SystemFunction036
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfigW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ImpersonateSelf
RevertToSelf
shell32
ord165
SHGetSpecialFolderPathW
ole32
CoInitialize
CoCreateInstance
psapi
GetModuleFileNameExW
shlwapi
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathFileExistsW
SHSetValueW
PathIsDirectoryW
SHDeleteKeyW
SHGetValueW
setupapi
SetupIterateCabinetW
msvcrt
_wtoi
_except_handler3
??_V@YAXPAX@Z
_CxxThrowException
??3@YAXPAX@Z
??_U@YAPAXI@Z
wcstol
_wfopen
fclose
fflush
fread
fseek
ftell
wcschr
wcsstr
wcsncmp
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_amsg_exit
__getmainargs
__wgetmainargs
_environ
_wenviron
_initterm
__CxxFrameHandler
free
iswctype
malloc
_itow
_ltow
_ultow
fwrite
_ui64tow
_wsplitpath
_wsearchenv
__doserrno
_itoa
_ltoa
_ultoa
_i64toa
_ui64toa
_ecvt
_fcvt
_gcvt
_splitpath
_searchenv
_controlfp
_control87
_wmktemp
_chsize
_mktemp
_wstrtime
_strtime
tmpfile
_cgets
_cgetws
_XcptFilter
_pwctype
__lc_collate_cp
_iob
_msize
_wcsicmp
_wputenv
atof
getenv
_putenv
getwc
_wfreopen
_wtmpnam
__wcserror
_strerror
_wasctime
_wctime64
asctime
_ctime64
_gmtime64
_localtime64
_mktime64
_waccess
_wfindfirst64
_wfindnext64
_wsopen
_access
_umask
_findfirst64
_findnext64
_lseeki64
_sopen
clearerr
fgetpos
fopen
freopen
fsetpos
getc
tmpnam
_Getdays
_Getmonths
_Strftime
_fstat64
_ftime64
_lock
_unlock
_assert
_daylight
_dstbias
_timezone
_tzname
_sys_errlist
_sys_nerr
_isatty
_fileno
abort
wcslen
wcscpy
wcscmp
memmove
_strtoui64
_wcstoui64
_clearfp
ceil
?terminate@@YAXXZ
_wctime
ctime
gmtime
localtime
_ftime
realloc
_CIlog10
fputwc
??2@YAPAXI@Z
memset
memcpy
memcmp
___lc_codepage_func
___lc_handle_func
__crtLCMapStringA
__crtCompareStringA
calloc
_errno
___mb_cur_max_func
islower
isupper
_isctype
strrchr
wctomb
towlower
towupper
__pctype_func
_wgetenv
fputc
_getdrive
_wfullpath
wcsrchr
wcspbrk
tolower
strtol
localeconv
isspace
ungetwc
ungetc
mbtowc
_i64tow
ntdll
RtlAdjustPrivilege
RtlNtStatusToDosError
NtClose
NtSetInformationFile
NtCreateFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlDetermineDosPathNameType_U
Exports
Exports
_ClearList
_CloseProcess
_CreateShortCut
_CreateThemeShortCut
_FindProcess
_GetParentProcessName
_GetServiceStatus
_IsNeedUpdate
_KillProcess
_SHCreateDirectory
_SHGetSpecialFolderPath
_StopAndRemoveService
_StopService
_Unload
_UpdateTheme
Sections
.text Size: 254KB - Virtual size: 254KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_4_/EntAdmin/publish/$1.exe windows:5 windows x86 arch:x86
3b29ce12a55537ac1eab04c6385c6625
Code Sign
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28/07/2020, 00:00Not After28/07/2030, 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before05/01/2022, 09:58Not After06/01/2024, 09:58SubjectSERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before06/04/2022, 07:44Not After08/05/2033, 07:44SubjectCN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before20/02/2019, 00:00Not After18/03/2029, 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:21:58:53:08:a2Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before18/03/2009, 10:00Not After18/03/2029, 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
d6:8b:cf:5f:a1:d1:97:3a:94:a4:ea:76:b3:7d:82:38:35:06:3b:fc:99:3b:2f:74:7a:ee:87:d3:79:db:60:b2Signer
Actual PE Digestd6:8b:cf:5f:a1:d1:97:3a:94:a4:ea:76:b3:7d:82:38:35:06:3b:fc:99:3b:2f:74:7a:ee:87:d3:79:db:60:b2Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\vmagent_new\bin\joblist\724303\out\Release\360EntPublish.pdb
Imports
urlmon
URLDownloadToFileA
kernel32
CreateFileA
GetFileTime
GetFileSizeEx
SetFilePointerEx
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
WriteFile
OutputDebugStringA
IsDebuggerPresent
MoveFileA
CreateDirectoryA
PostQueuedCompletionStatus
GetCurrentThreadId
CancelIo
FormatMessageA
LocalFree
CreateIoCompletionPort
GetSystemInfo
SetThreadPriority
ResumeThread
GetQueuedCompletionStatus
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
RaiseException
FindResourceW
CreateSemaphoreW
CreateEventW
InterlockedCompareExchange
GetSystemDirectoryW
lstrcatW
lstrcpyW
ReleaseSemaphore
WaitForMultipleObjectsEx
GetSystemTimeAsFileTime
GetDiskFreeSpaceExA
FindFirstFileA
FindNextFileA
SetLastError
SetFileAttributesA
FindClose
InterlockedExchange
WaitForMultipleObjects
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
RemoveDirectoryA
GetTempPathA
GetFileSize
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
FlushViewOfFile
GetCurrentThread
lstrcmpA
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileAttributesA
GlobalMemoryStatus
SleepEx
ExpandEnvironmentStringsA
GetStartupInfoW
CreateProcessW
LoadLibraryExA
GetModuleHandleW
GetLogicalDriveStringsW
QueryDosDeviceW
Process32FirstW
ProcessIdToSessionId
Process32NextW
WTSGetActiveConsoleSessionId
GetCurrentProcess
FreeResource
LoadLibraryExW
GetSystemWindowsDirectoryW
MultiByteToWideChar
CreateFileW
GetExitCodeThread
DeviceIoControl
GlobalFree
GlobalAlloc
SetConsoleMode
ReadConsoleInputA
lstrlenA
ReleaseMutex
CreateMutexA
LoadLibraryA
GetCommandLineW
DeleteFileA
CreateThread
GetModuleFileNameW
Process32Next
GetSystemTime
FlushConsoleInputBuffer
GetVersion
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
TerminateProcess
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateMutexW
GetCommandLineA
OpenMutexW
OpenEventA
OpenProcess
GetModuleHandleA
ExitProcess
GetLocalTime
GetTickCount
GetProcAddress
FreeLibrary
GetPrivateProfileIntA
GetModuleFileNameA
WaitForSingleObject
LeaveCriticalSection
InterlockedDecrement
Sleep
ResetEvent
EnterCriticalSection
InterlockedIncrement
CloseHandle
DeleteCriticalSection
SetEvent
CreateEventA
InitializeCriticalSection
GetLastError
lstrlenW
WritePrivateProfileStringA
FindResourceExA
FindResourceA
LoadResource
LockResource
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
SetStdHandle
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
GetStdHandle
SetHandleCount
RtlUnwind
GetStartupInfoA
GetDriveTypeA
GetFileType
ExitThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
LocalFileTimeToFileTime
SystemTimeToFileTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SizeofResource
WideCharToMultiByte
GetPrivateProfileStringA
GetVersionExA
GetVersionExW
user32
DestroyWindow
DispatchMessageA
UnregisterClassA
CharNextA
DefWindowProcA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
PostThreadMessageA
ShowWindow
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
TranslateMessage
GetMessageA
UpdateWindow
gdi32
GetStockObject
advapi32
StartServiceCtrlDispatcherW
ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
FreeSid
AllocateAndInitializeSid
SetTokenInformation
EqualSid
QueryServiceConfigW
ControlService
SetServiceStatus
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
RegCreateKeyExW
RegisterServiceCtrlHandlerExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegOpenKeyExW
RegQueryValueExW
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegisterEventSourceA
ole32
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromProgID
oleaut32
SysFreeString
SysAllocString
ws2_32
inet_addr
WSACleanup
WSAGetLastError
ntohl
send
ntohs
WSASocketW
WSAStartup
socket
gethostbyname
select
getsockopt
WSASetLastError
getsockname
getpeername
freeaddrinfo
getaddrinfo
__WSAFDIsSet
htons
inet_ntoa
connect
closesocket
setsockopt
WSASocketA
htonl
bind
listen
WSAAccept
WSASend
WSARecv
WSAIoctl
WSAGetOverlappedResult
ioctlsocket
recv
shutdown
shlwapi
PathIsDirectoryW
PathCombineA
PathRemoveFileSpecA
PathFileExistsA
SHGetValueW
PathIsDirectoryA
PathCombineW
PathAppendW
PathAppendA
SHGetValueA
StrRStrIA
PathFindFileNameA
iphlpapi
GetAdaptersInfo
setupapi
SetupIterateCabinetA
wininet
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetCheckConnectionA
InternetCloseHandle
InternetOpenA
InternetConnectA
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
psapi
GetModuleFileNameExW
GetModuleFileNameExA
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
crypt32
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 375KB - Virtual size: 374KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 43KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 91KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_4_/EntAdmin/publish/$_4_/EntAdmin/publish/360EntPublish.exe.exe windows:5 windows x86 arch:x86
3b29ce12a55537ac1eab04c6385c6625
Code Sign
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28/07/2020, 00:00Not After28/07/2030, 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before05/01/2022, 09:58Not After06/01/2024, 09:58SubjectSERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before06/04/2022, 07:44Not After08/05/2033, 07:44SubjectCN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before20/02/2019, 00:00Not After18/03/2029, 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:21:58:53:08:a2Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before18/03/2009, 10:00Not After18/03/2029, 10:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
d6:8b:cf:5f:a1:d1:97:3a:94:a4:ea:76:b3:7d:82:38:35:06:3b:fc:99:3b:2f:74:7a:ee:87:d3:79:db:60:b2Signer
Actual PE Digestd6:8b:cf:5f:a1:d1:97:3a:94:a4:ea:76:b3:7d:82:38:35:06:3b:fc:99:3b:2f:74:7a:ee:87:d3:79:db:60:b2Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\vmagent_new\bin\joblist\724303\out\Release\360EntPublish.pdb
Imports
urlmon
URLDownloadToFileA
kernel32
CreateFileA
GetFileTime
GetFileSizeEx
SetFilePointerEx
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
WriteFile
OutputDebugStringA
IsDebuggerPresent
MoveFileA
CreateDirectoryA
PostQueuedCompletionStatus
GetCurrentThreadId
CancelIo
FormatMessageA
LocalFree
CreateIoCompletionPort
GetSystemInfo
SetThreadPriority
ResumeThread
GetQueuedCompletionStatus
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
RaiseException
FindResourceW
CreateSemaphoreW
CreateEventW
InterlockedCompareExchange
GetSystemDirectoryW
lstrcatW
lstrcpyW
ReleaseSemaphore
WaitForMultipleObjectsEx
GetSystemTimeAsFileTime
GetDiskFreeSpaceExA
FindFirstFileA
FindNextFileA
SetLastError
SetFileAttributesA
FindClose
InterlockedExchange
WaitForMultipleObjects
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
RemoveDirectoryA
GetTempPathA
GetFileSize
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
FlushViewOfFile
GetCurrentThread
lstrcmpA
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileAttributesA
GlobalMemoryStatus
SleepEx
ExpandEnvironmentStringsA
GetStartupInfoW
CreateProcessW
LoadLibraryExA
GetModuleHandleW
GetLogicalDriveStringsW
QueryDosDeviceW
Process32FirstW
ProcessIdToSessionId
Process32NextW
WTSGetActiveConsoleSessionId
GetCurrentProcess
FreeResource
LoadLibraryExW
GetSystemWindowsDirectoryW
MultiByteToWideChar
CreateFileW
GetExitCodeThread
DeviceIoControl
GlobalFree
GlobalAlloc
SetConsoleMode
ReadConsoleInputA
lstrlenA
ReleaseMutex
CreateMutexA
LoadLibraryA
GetCommandLineW
DeleteFileA
CreateThread
GetModuleFileNameW
Process32Next
GetSystemTime
FlushConsoleInputBuffer
GetVersion
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
TerminateProcess
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateMutexW
GetCommandLineA
OpenMutexW
OpenEventA
OpenProcess
GetModuleHandleA
ExitProcess
GetLocalTime
GetTickCount
GetProcAddress
FreeLibrary
GetPrivateProfileIntA
GetModuleFileNameA
WaitForSingleObject
LeaveCriticalSection
InterlockedDecrement
Sleep
ResetEvent
EnterCriticalSection
InterlockedIncrement
CloseHandle
DeleteCriticalSection
SetEvent
CreateEventA
InitializeCriticalSection
GetLastError
lstrlenW
WritePrivateProfileStringA
FindResourceExA
FindResourceA
LoadResource
LockResource
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
SetStdHandle
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
GetStdHandle
SetHandleCount
RtlUnwind
GetStartupInfoA
GetDriveTypeA
GetFileType
ExitThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
LocalFileTimeToFileTime
SystemTimeToFileTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SizeofResource
WideCharToMultiByte
GetPrivateProfileStringA
GetVersionExA
GetVersionExW
user32
DestroyWindow
DispatchMessageA
UnregisterClassA
CharNextA
DefWindowProcA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
PostThreadMessageA
ShowWindow
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
TranslateMessage
GetMessageA
UpdateWindow
gdi32
GetStockObject
advapi32
StartServiceCtrlDispatcherW
ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
FreeSid
AllocateAndInitializeSid
SetTokenInformation
EqualSid
QueryServiceConfigW
ControlService
SetServiceStatus
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
RegCreateKeyExW
RegisterServiceCtrlHandlerExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegOpenKeyExW
RegQueryValueExW
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegisterEventSourceA
ole32
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromProgID
oleaut32
SysFreeString
SysAllocString
ws2_32
inet_addr
WSACleanup
WSAGetLastError
ntohl
send
ntohs
WSASocketW
WSAStartup
socket
gethostbyname
select
getsockopt
WSASetLastError
getsockname
getpeername
freeaddrinfo
getaddrinfo
__WSAFDIsSet
htons
inet_ntoa
connect
closesocket
setsockopt
WSASocketA
htonl
bind
listen
WSAAccept
WSASend
WSARecv
WSAIoctl
WSAGetOverlappedResult
ioctlsocket
recv
shutdown
shlwapi
PathIsDirectoryW
PathCombineA
PathRemoveFileSpecA
PathFileExistsA
SHGetValueW
PathIsDirectoryA
PathCombineW
PathAppendW
PathAppendA
SHGetValueA
StrRStrIA
PathFindFileNameA
iphlpapi
GetAdaptersInfo
setupapi
SetupIterateCabinetA
wininet
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetCheckConnectionA
InternetCloseHandle
InternetOpenA
InternetConnectA
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
psapi
GetModuleFileNameExW
GetModuleFileNameExA
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
crypt32
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 375KB - Virtual size: 374KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 43KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 91KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_4_/EntAdmin/publish/360EntPublish.dat