• Home
  • Blog
  • Online Scan
  • Update History
  • usbtip.exe Binary Code Analysis - File Md5: b2eb267b4b80bae63fd573ff83059f1f
    File hash value: b2eb267b4b80bae63fd573ff83059f1f. This is a 32-bit EXE file, and the file size is 220 K. This page is mainly to analyze the binary code of the file, that is, PE file format. To understand the content here, you need to have a certain computer expertise. The content of this page is mainly provided to people who are engaged in the maintenance of computer security in the industry, in the hope of contributing to the cause of computer security.

    If you are a regular computer user, and do not understand the content, you can click on the following file name, to view the solutions for various problems caused by the file.

    You can also download the repair tool directly to fix your operating system.

    File Binary Code Analysis:

    DOS Stub
    ...
    .text SECTION #1
    .rdata SECTION #2
    .data SECTION #3
    .rsrc SECTION #4
    znasxsd SECTION #5
    DOS Header
  • Type
  • Name
  • Value
  • Memo
  • WORD
  • e_magic
  • 0x00005A4D
  • DOS Sign
  • WORD
  • e_cblp
  • 0x00000090
  • Bytes on last page of file
  • WORD
  • e_cp
  • 0x00000003
  • Pages in file
  • WORD
  • e_crlc
  • 0x00000000
  • Relocations
  • WORD
  • e_cparhdr
  • 0x00000004
  • Size of header in paragraphs
  • WORD
  • e_minalloc
  • 0x00000000
  • Minimum extra paragraphs needed
  • WORD
  • e_maxalloc
  • 0x0000FFFF
  • Maximum extra paragraphs needed
  • WORD
  • e_ss
  • 0x00000000
  • Initial (relative) SS value
  • WORD
  • e_sp
  • 0x000000B8
  • Initial SP value
  • WORD
  • e_csum
  • 0x00000000
  • Checksum
  • WORD
  • e_ip
  • 0x00000000
  • Initial IP value
  • WORD
  • e_cs
  • 0x00000000
  • Initial (relative) CS value
  • WORD
  • e_lfarlc
  • 0x00000040
  • File address of relocation table
  • WORD
  • e_ovno
  • 0x00000000
  • Overlay number
  • WORD
  • e_res[4]
  • [0]=0x00000000
    [1]=0x00000000
    [2]=0x00000000
    [3]=0x00000000
  • Reserved words
  • WORD
  • e_oemid
  • 0x00000000
  • OEM identifier (for e_oeminfo)
  • WORD
  • e_oeminfo
  • 0x00000000
  • OEM information; e_oemid specific
  • WORD
  • e_res2[10]
  • [1]=0x00000000
    [2]=0x00000000
    [3]=0x00000000
    [4]=0x00000000
    [5]=0x00000000
    [6]=0x00000000
    [7]=0x00000000
    [8]=0x00000000
    [9]=0x00000000
    [10]=0x00000000
  • Reserved words
  • WORD
  • e_lfanew
  • 0x00000118
  • PE File Header address
  • NT HEADER - NT File Signature
  • Type
  • Name
  • Value
  • Memo
  • DWORD
  • Signature
  • 0x00004550
  • PE File Sign: "PE"
  • NT HEADER - FILE HEADER
  • Type
  • Name
  • Value
  • Memo
  • WORD
  • Machine
  • 0x0000014C
  • File Bit (32Bit Or 64 Bit)
  • WORD
  • NumberOfSections
  • 0x00000005
  • Number Of Sections
  • DWORD
  • TimeDateStamp
  • 0x471862A8
  • File Create Time
  • DWORD
  • PointerToSymbolTable
  • 0x00000000
  • Pointer To Symbol Table
  • DWORD
  • NumberOfSymbols
  • 0x00000000
  • Number Of Symbols
  • WORD
  • SizeOfOptionalHeader
  • 0x000000E0
  • Size Of Optional Header
  • WORD
  • Characteristics
  • 0x0000010F
  • File Type: (EXE or DLL)
  • NT HEADER - OPTIONAL HEADER
  • Type
  • Name
  • Value
  • Memo
  • WORD
  • Magic
  • 0x0000010B
  • Magic
  • BYTE
  • MajorLinkerVersion
  • 0x00000007
  • Major Linker Version
  • BYTE
  • MinorLinkerVersion
  • 0x0000000A
  • Minor Linker Version
  • DWORD
  • SizeOfCode
  • 0x00005000
  • Size Of Code
  • DWORD
  • SizeOfInitializedData
  • 0x0002A000
  • Size Of Initialized Data
  • DWORD
  • SizeOfUninitializedData
  • 0x00000000
  • Size Of Uninitialized Data
  • DWORD
  • AddressOfEntryPoint
  • 0x00005724
  • Address Of Entry Point
  • DWORD
  • BaseOfCode
  • 0x00001000
  • Base Of Code
  • DWORD
  • BaseOfData
  • 0x00006000
  • Base Of Data
  • DWORD
  • ImageBase
  • 0x00400000
  • Image Base
  • DWORD
  • SectionAlignment
  • 0x00001000
  • Section Alignment
  • DWORD
  • FileAlignment
  • 0x00001000
  • File Alignment
  • WORD
  • MajorOperatingSystemVersion
  • 0x00000004
  • Major Operating System Version
  • WORD
  • MinorOperatingSystemVersion
  • 0x00000000
  • Minor Operating System Version
  • WORD
  • MajorImageVersion
  • 0x00000000
  • Major Image Version
  • WORD
  • MinorImageVersion
  • 0x00000000
  • Minor Image Version
  • WORD
  • MajorSubsystemVersion
  • 0x00000004
  • Major Sub system Version
  • WORD
  • MinorSubsystemVersion
  • 0x00000000
  • Minor Sub system Version
  • DWORD
  • Win32VersionValue
  • 0x00000000
  • Win32 Version Value
  • DWORD
  • SizeOfImage
  • 0x00038000
  • Size Of Image
  • DWORD
  • SizeOfHeaders
  • 0x00001000
  • Size Of Headers
  • DWORD
  • CheckSum
  • 0x00000000
  • Check Sum
  • WORD
  • Subsystem
  • 0x00000002
  • Sub system
  • WORD
  • DllCharacteristics
  • 0x00000000
  • Dll Char acteristics
  • DWORD
  • SizeOfStackReserve
  • 0x00100000
  • Size Of Stack Reserve
  • DWORD
  • SizeOfStackCommit
  • 0x00001000
  • Size Of Stack Commit
  • DWORD
  • SizeOfHeapReserve
  • 0x00100000
  • Size Of Heap Reserve
  • DWORD
  • SizeOfHeapCommit
  • 0x00001000
  • Size Of Heap Commit
  • DWORD
  • LoaderFlags
  • 0x00000000
  • Loader Flags
  • DWORD
  • NumberOfRvaAndSizes
  • 0x00000010
  • Number Of Rva And Sizes
  • NT HEADER - OPTIONAL HEADER - Data Directory
  • Type
  • Name
  • Value
  • Memo
  • DWORD
  • DataDirectory[1].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[1].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[2].VirtualAddress
  • 0x00007F50
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[2].Size
  • 0x000000B4
  • Data Directory Size
  • DWORD
  • DataDirectory[3].VirtualAddress
  • 0x0000A000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[3].Size
  • 0x0002D000
  • Data Directory Size
  • DWORD
  • DataDirectory[4].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[4].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[5].VirtualAddress
  • 0x00030000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[5].Size
  • 0x00000C48
  • Data Directory Size
  • DWORD
  • DataDirectory[6].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[6].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[7].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[7].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[8].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[8].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[9].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[9].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[10].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[10].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[11].VirtualAddress
  • 0x00007758
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[11].Size
  • 0x00000040
  • Data Directory Size
  • DWORD
  • DataDirectory[12].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[12].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[13].VirtualAddress
  • 0x00006000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[13].Size
  • 0x0000051C
  • Data Directory Size
  • DWORD
  • DataDirectory[14].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[14].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[15].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[15].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[16].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[16].Size
  • 0x00000000
  • Data Directory Size
  • SECTION #1
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • .text
  • Section Name
  • DWORD
  • VirtualSize
  • 0x00005000
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x00001000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x00005000
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x00001000
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0x60000020
  • Section Characteristics
  • SECTION #2
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • .rdata
  • Section Name
  • DWORD
  • VirtualSize
  • 0x00002B66
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x00006000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x00003000
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x00006000
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0x40000040
  • Section Characteristics
  • SECTION #3
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • .data
  • Section Name
  • DWORD
  • VirtualSize
  • 0x00000268
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x00009000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x00001000
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x00009000
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0xC0000040
  • Section Characteristics
  • SECTION #4
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • .rsrc
  • Section Name
  • DWORD
  • VirtualSize
  • 0x0002D000
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x0000A000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x0002D000
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x0000A000
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0xE0000060
  • Section Characteristics
  • SECTION #5
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • znasxsd
  • Section Name
  • DWORD
  • VirtualSize
  • 0x00001000
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x00037000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x00000000
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x00037000
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0xC0000000
  • Section Characteristics

  • Called external files and functions:
    In general, malicious files will call these types of functions: functions to intercept data, network functions, functions to modify the registry information, access to the browser personal privacy Cookie, and directly bypass the system to read hard disk data (Hint: The files below may be called by malicious files, but these files themselves are not necessarily malicious files. They may be some normal system files)
    Import File - MFC71.DLL
  • Function Address
    0x00000A56
  • Function Address
    0x000009E5
  • Function Address
    0x00000E86
  • Function Address
    0x00000E87
  • Function Address
    0x00000E7D
  • Function Address
    0x00000A54
  • Function Address
    0x00000F6D
  • Function Address
    0x00001186
  • Function Address
    0x000010A6
  • Function Address
    0x00000C6E
  • Function Address
    0x00000162
  • Function Address
    0x00000242
  • Function Address
    0x00000912
  • Function Address
    0x00000A61
  • Function Address
    0x000017B3
  • Function Address
    0x0000036C
  • Function Address
    0x00000FC3
  • Function Address
    0x00000136
  • Function Address
    0x000011E4
  • Function Address
    0x000002FC
  • Function Address
    0x0000025D
  • Function Address
    0x0000043C
  • Function Address
    0x0000078B
  • Function Address
    0x000005CB
  • Function Address
    0x00001002
  • Function Address
    0x00000829
  • Function Address
    0x0000060B
  • Function Address
    0x0000171B
  • Function Address
    0x0000057A
  • Function Address
    0x0000108A
  • Function Address
    0x0000145E
  • Function Address
    0x00000BAF
  • Function Address
    0x000010A5
  • Function Address
    0x00000C63
  • Function Address
    0x0000023C
  • Function Address
    0x0000024F
  • Function Address
    0x00000427
  • Function Address
    0x00000702
  • Function Address
    0x0000128D
  • Function Address
    0x000002C5
  • Function Address
    0x000001F5
  • Function Address
    0x000011BD
  • Function Address
    0x00000E63
  • Function Address
    0x00000FC6
  • Function Address
    0x00000FAE
  • Function Address
    0x00001886
  • Function Address
    0x00000ED9
  • Function Address
    0x00001884
  • Function Address
    0x000010E6
  • Function Address
    0x0000080F
  • Function Address
    0x000007E2
  • Function Address
    0x000015CF
  • Function Address
    0x00000EDE
  • Function Address
    0x000003F2
  • Function Address
    0x000013EE
  • Function Address
    0x0000184B
  • Function Address
    0x00001506
  • Function Address
    0x00000EF8
  • Function Address
    0x00000780
  • Function Address
    0x00000B73
  • Function Address
    0x00001468
  • Function Address
    0x0000146A
  • Function Address
    0x00000F6C
  • Function Address
    0x000011D8
  • Function Address
    0x0000146E
  • Function Address
    0x0000145D
  • Function Address
    0x000015BE
  • Function Address
    0x00000B16
  • Function Address
    0x00001181
  • Function Address
    0x00000D05
  • Function Address
    0x00000236
  • Function Address
    0x000002F5
  • Function Address
    0x000002FA
  • Function Address
    0x00000251
  • Function Address
    0x000008E0
  • Function Address
    0x00000F5E
  • Function Address
    0x00000FF5
  • Function Address
    0x0000030D
  • Function Address
    0x000013FF
  • Function Address
    0x0000014E
  • Function Address
    0x0000041E
  • Function Address
    0x00001101
  • Function Address
    0x000009EC
  • Function Address
    0x0000078E
  • Function Address
    0x00000CD7
  • Function Address
    0x00000500
  • Function Address
    0x00000C59
  • Function Address
    0x000004FF
  • Function Address
    0x00001605
  • Function Address
    0x00000943
  • Function Address
    0x00000944
  • Function Address
    0x0000076F
  • Function Address
    0x0000082F
  • Function Address
    0x00000637
  • Function Address
    0x00001090
  • Function Address
    0x00000CF5
  • Function Address
    0x000002E5
  • Function Address
    0x00000826
  • Function Address
    0x00000609
  • Function Address
    0x00001088
  • Function Address
    0x00000C5C
  • Function Address
    0x0000024B
  • Function Address
    0x00000310
  • Function Address
    0x00000164
  • Function Address
    0x0000025A
  • Function Address
    0x00000789
  • Function Address
    0x00000FA1
  • Function Address
    0x0000101B
  • Function Address
    0x00001609
  • Function Address
    0x000015ED
  • Function Address
    0x0000015B
  • Function Address
    0x00000573
  • Function Address
    0x00000E40
  • Function Address
    0x000008C6
  • Function Address
    0x00000779
  • Function Address
    0x00000A37
  • Function Address
    0x00001391
  • Function Address
    0x00001394
  • Function Address
    0x000010D5
  • Function Address
    0x00001027
  • Function Address
    0x00000B7B
  • Function Address
    0x00001328
  • Function Address
    0x000003AF
  • Function Address
    0x000014EC
  • Function Address
    0x000004B7
  • Function Address
    0x00000979
  • Function Address
    0x00000978
  • Function Address
    0x00000FB3
  • Function Address
    0x00000615
  • Function Address
    0x00000F69
  • Function Address
    0x00001455
  • Function Address
    0x0000087D
  • Function Address
    0x0000051A
  • Function Address
    0x000010B5
  • Function Address
    0x0000142D
  • Function Address
    0x000010A9
  • Function Address
    0x00000C87
  • Function Address
    0x0000027B
  • Function Address
    0x00000853
  • Function Address
    0x0000018B
  • Function Address
    0x000017CA
  • Function Address
    0x000010F6
  • Function Address
    0x000008D8
  • Function Address
    0x000005CE
  • Function Address
    0x000005CA
  • Function Address
    0x00000130
  • Function Address
    0x00000129
  • Function Address
    0x00000E64
  • Function Address
    0x00000C5B
  • Function Address
    0x00000C84
  • Function Address
    0x00000EB1
  • Function Address
    0x00001795
  • Function Address
    0x0000165F
  • Function Address
    0x00001663
  • Function Address
    0x0000160A
  • Function Address
    0x00001700
  • Function Address
    0x00001473
  • Function Address
    0x00001471
  • Function Address
    0x00000956
  • Function Address
    0x00000960
  • Function Address
    0x0000095E
  • Function Address
    0x0000095C
  • Function Address
    0x00000958
  • Function Address
    0x0000096F
  • Function Address
    0x00000963
  • Function Address
    0x0000012C
  • Function Address
    0x0000030F
  • Function Address
    0x00000B2E
  • Function Address
    0x00000A9A
  • Function Address
    0x000010D3
  • Function Address
    0x00000B13
  • Function Address
    0x00000AAB
  • Function Address
    0x000009E9
  • Function Address
    0x00001450
  • Function Address
    0x0000063F
  • Function Address
    0x00000677
  • Function Address
    0x00000678
  • Function Address
    0x000007AC
  • Function Address
    0x00001437
  • Function Address
    0x00000552
  • Function Address
    0x00001367
  • Function Address
    0x00000D11
  • Function Address
    0x00001885
  • Function Address
    0x00000EDA
  • Function Address
    0x00001887
  • Function Address
    0x000005F2
  • Function Address
    0x0000087C
  • Function Address
    0x00000882
  • Function Address
    0x00000965
  • Function Address
    0x00000953
  • Function Address
    0x00000951
  • Function Address
    0x00000968
  • Function Address
    0x0000096D
  • Function Address
    0x0000095A
  • Function Address
    0x0000096A
  • Function Address
    0x000003A6
  • Function Address
    0x000003A2
  • Function Address
    0x000003A4
  • Function Address
    0x000003A0
  • Function Address
    0x0000039B
  • Function Address
    0x00001748
  • Function Address
    0x00000640
  • Function Address
    0x000010BA
  • Function Address
    0x00001272
  • Function Address
    0x00000D4B
  • Function Address
    0x00001453
  • Function Address
    0x00001059
  • Function Address
    0x00001883
  • Function Address
    0x000013D1
  • Function Address
    0x00000774
  • Function Address
    0x00001420
  • Function Address
    0x00001094
  • Function Address
    0x00000579
  • Function Address
    0x00000F6A
  • Function Address
    0x00000651
  • Function Address
    0x00000654
  • Function Address
    0x00001718
  • Function Address
    0x0000060F
  • Function Address
    0x00000686
  • Function Address
    0x00000687
  • Function Address
    0x000007E4
  • Function Address
    0x0000131A
  • Function Address
    0x0000127F
  • Function Address
    0x00001074
  • Function Address
    0x0000143E
  • Function Address
    0x00000E39
  • Function Address
    0x00000C8A
  • Function Address
    0x00000BB0
  •  
  •  
  • Import File - MSVCR71.dll
  • _controlfp
  • ?terminate@@YAXXZ
  • __security_error_handler
  • ??1type_info@@UAE@XZ
  • __set_app_type
  • __p__fmode
  • __p__commode
  • _adjust_fdiv
  • __setusermatherr
  • _initterm
  • __getmainargs
  • _amsg_exit
  • _acmdln
  • exit
  • _cexit
  • _XcptFilter
  • _ismbblead
  • _exit
  • _setmbcp
  • __CxxFrameHandler
  • free
  • _except_handler3
  • memset
  • __dllonexit
  • _onexit
  • _c_exit
  •  
  •  
  •  
  •  
  • Import File - KERNEL32.dll
  • DeleteCriticalSection
  • InitializeCriticalSection
  • WideCharToMultiByte
  • GetSystemDefaultLangID
  • GetModuleHandleA
  • GetProcAddress
  • GetVersionExA
  • GetThreadLocale
  • EnterCriticalSection
  • InterlockedExchange
  • GetCurrentThreadId
  • GetTickCount
  • GetStartupInfoA
  • ExitProcess
  • QueryPerformanceCounter
  • GetCurrentProcessId
  • GetSystemTimeAsFileTime
  • CreateMutexA
  • GetACP
  • OpenMutexA
  • LeaveCriticalSection
  • GetLocaleInfoA
  •  
  •  
  •  
  • Import File - USER32.dll
  • KillTimer
  • SetTimer
  • GetSysColor
  • IsWindow
  • BringWindowToTop
  • SetForegroundWindow
  • RegisterWindowMessageA
  • InflateRect
  • FillRect
  • IsWindowVisible
  • InvalidateRect
  • GetWindowRect
  • GetSystemMenu
  • ModifyMenuA
  • AppendMenuA
  • LoadBitmapA
  • PostMessageA
  • GetSystemMetrics
  • LoadIconA
  • GetClientRect
  • IsIconic
  • SendMessageA
  • DrawIcon
  • EnableWindow
  • GetParent
  •  
  •  
  •  
  •  
  •  
  • Import File - GDI32.dll
  • CreateFontA
  • CreateFontIndirectA
  • CreatePatternBrush
  • BitBlt
  • CreateCompatibleDC
  • GetObjectA
  • CreatePen
  • GetStockObject
  •  
  •  
  • Import File - ADVAPI32.dll
  • RegQueryValueExA
  • RegSetValueExA
  • RegCreateKeyExA
  • RegCloseKey
  • RegOpenKeyExA
  •  
  •  
  •  
  •  
  •  
  • Import File - ole32.dll
  • CoInitialize
  • CoUninitialize
  • CoCreateInstance
  • CoTaskMemFree
  •  
  • Import File - OLEAUT32.dll
  • Function Address
    0x00000009
  •  
  •  
  •  
  •  

  • This is my analysis results of this malicious file. If you have any questions, or have any problems that cannot be resolved, you can leave a message or email me.

    • You can also use the following online detection function to check the file.
  • • Enter the file name, or file MD5, for the query.
  • • You can also scan a file online. Click the "Upload File" button, and then click the "submit" button, to immediately detect whether the file is a virus. (Tip: The maximum size of the file uploaded cannot exceed 8MB)


  • T21 can detect unknown files online, mainly using "behavior-based" judgment mechanism. It is very simple to use T21.

    1. Click the "Upload File" button, select the file you want to detect, and then click "Submit".
    2. The next step is to wait for the system to check, which may take a little time, so please be patient.
    3. When the T21 scan engine finishes detection, the test results are immediately fed back, as shown below:

    • If you suspect that there are malicious files on your computer, but you cannot find where they are, or if you want to make a thorough check on your computer, you can download the automatic scanning tool.

    If you want to know what kind of T21 system is, you can click here to view the introduction of T21. You can also go to the home page to read the original intention and philosophy of my development of T21 system.

    Other captured malicious files:
    dwm.exe - File Md5: f12dabc3ee7bc519800ec8c481cc7a24
    explorer.exe - File Md5: 28fcc317db6bdee5edd3c96849588f14
    taskhost.exe - File Md5: 881a6e407a37af3a91e87176257b3946
    nsktj.exe - File Md5: 27a37537f54593acdc59cd731e4b1da5
    ab.exe - File Md5: ca0f25e8c802b51215b0d4ad8e6fa17e
    apachemonitor.exe - File Md5: 0b3f2cd7993c83ef388a07fca3de8b50
    authentication.dll - File Md5: 129ae7e74796086e208e723e1d4627a0
    uninstalldriver32.exe - File Md5: 9d11c789db98062a1b73fcf705e07bab
    flashtoollib.v1.dll - File Md5: 56e072b348968659fcf04b8498c66274
    Copyright statement: The above data is obtained by my analysis, and without authorization, you may not copy or reprint it.
    Leave a Reply

    Your email address will not be published. Required fields are marked *
    If you need help, please leave a message, try to match the picture, and I will reply as soon as possible to each question.

    Name *

    Email

      Comment   Reply To: 
      ToolBar:
    Preview, Read Only, Click here Edit Post.

    User Reply & Help
    »[May 02, 2019]Ahmed Ali Shah say: Cool. Android Fastboot Reset Tool is one of the best way to unlock android devices. I think it is th ......
    Reply: Thank you for your attention. According to the monitoring, this executable file should be infected b …View >>>
    »[April 27, 2019]Sergei Zolotarev say: I am playing CDs on my computer or listening to MP3 music on my hard disk. But when I run Photoshop ......
    Reply: This kind of fault may be caused by the computer configuration being too low. For example, the CPU f …View >>>
    »[April 09, 2019]Guest say: The CPU is a newly purchased boxed Celeron D 2.8GHz. The motherboard is a Mercedes 865PE. The temper ......
    Reply: This happens because the objects detected by the two are different. AID32 and HWiNFO detect the temp …View >>>
    »[April 05, 2019]amlan say: When I played a song on my computer, I sometimes plugged in the earphones and found that the sound o ......
    Reply: This situation can be caused by the following reasons:The impedance of the headset. Normally used he …View >>>
    »[March 26, 2019]Alok say: When the scanner is turned on, the "SCSI card not found" error message appears. What happened?
    Reply: This is because the fuse is set on the SCSI card. When a bad circuit condition (voltage instability  …View >>>
    »[March 06, 2019]utkrasht say: My computer uses the Geforce2 MX400 graphics card, but it is not very smooth when playing some 3D ga ......
    Reply: From the enumerated phenomenon, there may be problems with high-end video memory. In general applica …View >>>
    Copyright © 2016-2019 mygoodtools.com All rights reserved.