Manalyze report for 051cfa57dbb50eaca48930b8071f117357e0a0f076496b70566de61f3880360b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Dec-19 09:34:39
Detected languages	English - United States
Debug artifacts	d:\My Projects\wjxtdAutoPro - reset\release\wjxtdAutoPro.pdb
FileDescription	wjxtdAuto Pro DLL
FileVersion	`1, 0, 2, 2`
LegalCopyright	holyiii@yahoo.com
LegalTrademarks	wjxtdAuto Pro
OriginalFilename	wjxtdAutoPro.dll
ProductName	wjxtdAuto Pro
ProductVersion	`1, 0, 0, 1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8.0` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	PEiD Signature:	`PeStubOEP v1.x`
Info	Interesting strings found in the binary:	`Contains domain names: yahoo.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState CallNextHookEx` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: inet_ntoa gethostbyname` `Manipulates other processes: ReadProcessMemory OpenProcess`
Safe	VirusTotal score: 0/72 (Scanned on 2025-11-29 01:06:28)	`All the AVs think this file is safe.`

Hashes

MD5	`b8e5d7c6b2f9b44189557d40c177092b`
SHA1	`ad01e784100efe686975cf1c01ea0d7f29352145`
SHA256	`051cfa57dbb50eaca48930b8071f117357e0a0f076496b70566de61f3880360b`
SHA3	`1ace5454b0bbbf58972e83ab9f4f4eab58b15a5978d57e018ca4bc08471d15fa`
SSDeep	`12288:CsQqpbv+F3YiWj4lRjLDqBrb2sk0gNzTE4UdxS3m5027yF8cOi49u6ZsKp0b9tf:Cs0R6ZEbjfM7`
Imports Hash	`deaad0a251253dbee859f5567acddc13`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2012-Dec-19 09:34:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x7f000`
SizeOfInitializedData	`0x27000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00061045 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x80000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xf3000`
SizeOfHeaders	`0x1000`
Checksum	`0xa9d8a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`90ee14633c14c153a67d97f7e16255b4`
SHA1	`83a96621cec80f75378b05673a3b5ada8d381913`
SHA256	`c6ace322fd22ab96b183024e9f186b2d88c1b4deb7b917c7ae56ac58ce540c33`
SHA3	`e94270a83069bddb7b86f187fb9d1894b393f593f450fca2ac70948b14e8686c`
VirtualSize	`0x7e8d3`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7f000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63608`

.rdata

MD5	`303c3468e7c9497943a122e4c1854db0`
SHA1	`31c7d2639596aacdb01cb818ef6cf3b726eb38fc`
SHA256	`d304c00259b39c27c3a6b8abac99a38a1099cc3b5b208f19b612406062d8e175`
SHA3	`88a61aa4f06fa0d137f82c55c327464a6b19af85a5dcd017936bcfdbc5fd1370`
VirtualSize	`0x15310`
VirtualAddress	`0x80000`
SizeOfRawData	`0x16000`
PointerToRawData	`0x80000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.42914`

.data

MD5	`edb878c568893066ed620df97e1691c1`
SHA1	`7e4ee34b2c0ac9cfeda2dbdaa822cee4941b2138`
SHA256	`1fb6ac650d9d7ae5277420fc5860a2d69f99b18ad8af14849f99dfaf752bba1f`
SHA3	`f8ccfa2f0e5c5aa37eca5cd6465d073d5cee4678615c6ae406263d2bcbd440c9`
VirtualSize	`0x51024`
VirtualAddress	`0x96000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x96000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.43501`

.rsrc

MD5	`8a73f50e49b49675cc341c76aedd50a1`
SHA1	`d48507e7ecbc3bfd13573cdc0ed4aea753e59483`
SHA256	`597fd750cafec2cbfbc167ec3e81e9696830a4d2db5e903ebeed7158607dcfd2`
SHA3	`d4aa64e6532a42c3314f206db94d73b9935e5e3c341cd4ea22bfe5b664b0c2e2`
VirtualSize	`0x3a8`
VirtualAddress	`0xe8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x9c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.67772`

.reloc

MD5	`8bb27570ec9f3881b9f4711d30f2bc08`
SHA1	`6616760b63bf4840202529728965e28471498d55`
SHA256	`00a1b8fc6b1a7055691fa2e65b48662f09a1bd7ffb97e8c0cea2b0d7c8bcae1c`
SHA3	`f5755c40826a8eddcb25269fcc251fa61f0e96e7be1e86bfe6ecdbea0f2f4624`
VirtualSize	`0x9a34`
VirtualAddress	`0xe9000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x9d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.19803`

Imports

WS2_32.dll	`inet_ntoa` `gethostbyname`
KERNEL32.dll	`GetCurrentProcessId` `GetTickCount` `GetModuleFileNameA` `DisableThreadLibraryCalls` `InterlockedExchange` `WideCharToMultiByte` `CompareStringW` `FreeLibrary` `CompareStringA` `MultiByteToWideChar` `GetLastError` `LoadLibraryA` `ResumeThread` `ReadProcessMemory` `VirtualProtect` `GetCurrentThreadId` `SuspendThread` `GetThreadContext` `SetThreadContext` `VirtualQuery` `GetCurrentProcess` `InterlockedCompareExchange` `GetCurrentThread` `FlushInstructionCache` `VirtualAlloc` `SetLastError` `WriteFile` `CloseHandle` `SetFilePointer` `GetProcAddress` `GetModuleHandleA` `GetPrivateProfileStringA` `FindResourceA` `SizeofResource` `LockResource` `FindResourceExA` `GetPrivateProfileIntA` `LoadResource` `OpenProcess` `FreeConsole` `GetStdHandle` `AllocConsole` `FreeEnvironmentStringsA` `FlushFileBuffers` `ReadFile` `GetStartupInfoA` `SetHandleCount` `GetConsoleMode` `GetConsoleCP` `GetTimeZoneInformation` `IsValidCodePage` `GetOEMCP` `VirtualFree` `HeapCreate` `ExitProcess` `GetEnvironmentStrings` `TlsFree` `TlsSetValue` `TlsAlloc` `TlsGetValue` `LCMapStringW` `LCMapStringA` `GetCPInfo` `RtlUnwind` `GetCommandLineA` `GetFileType` `QueryPerformanceCounter` `SetEnvironmentVariableA` `SetEndOfFile` `CreateFileA` `WriteConsoleW` `GetConsoleOutputCP` `WriteConsoleA` `GetLocaleInfoW` `GetStringTypeW` `GetStringTypeA` `IsValidLocale` `EnumSystemLocalesA` `GetUserDefaultLCID` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetACP` `GetLocaleInfoA` `GetThreadLocale` `GetVersionExA` `HeapDestroy` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `GetProcessHeap` `RaiseException` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSection` `DeleteCriticalSection` `InterlockedIncrement` `InterlockedDecrement` `Sleep` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `GetSystemTimeAsFileTime` `SetStdHandle`
USER32.dll	`GetForegroundWindow` `GetKeyState` `EnumWindows` `GetClassNameW` `PostMessageA` `GetAsyncKeyState` `DestroyWindow` `SetWindowLongA` `IsWindow` `CallWindowProcA` `UnhookWindowsHookEx` `IsWindowUnicode` `CallWindowProcW` `SendMessageA` `SetWindowLongW` `PostQuitMessage` `SendMessageW` `GetWindowThreadProcessId` `CallNextHookEx` `SetWindowsHookExA` `UnregisterClassA`
engine.dll	`?GetGlobal@KJxScript@@QAEHPBD@Z` `?GetTableField@KJxScript@@QAEHHPBD@Z` `?PushNumber@KJxScript@@QAEHN@Z` `?PushString@KJxScript@@QAEHPBD@Z` `?PushTable@KJxScript@@QAEHXZ` `?SetTableField@KJxScript@@QAEHPBD@Z` `?SetTableIndex@KJxScript@@QAEHH@Z` `?SetTopIndex@KJxScript@@QAEHH@Z` `?CallTableFunction@KJxScript@@QAAHPBD0H0ZZ` `?PopStack@KJxScript@@QAEHH@Z` `?CallGlobalFunction@KJxScript@@QAAHPBDH0ZZ` `?DoBuffer@KJxScript@@QAEHPBD0@Z` `?GetInt@KJxScript@@QAEHH@Z` `?GetTopIndex@KJxScript@@QAEHXZ`
WINMM.dll	`timeGetTime`

Delayed Imports

InjectDll

Ordinal	`1`
Address	`0x14d0`

UnmapDll

Ordinal	`2`
Address	`0x1540`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2b0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40108`
MD5	`d825c46e1b38f7a394f118d36eb66665`
SHA1	`2c32fbe28ff4a5bacf05d9665e9ee27b0f6f3bba`
SHA256	`c2d25f7623823648d9bd68a8bd1f94c8903242eb55db8733eef225d9aa2ffad8`
SHA3	`613f6dac5adffbf4f8dd8198f9669578ccb09f1cd2a3687280074690c016654b`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65542`
MD5	`bd62b6f553a2d1d012cc53fc325221d2`
SHA1	`c5353cec27b30fb35e414dd5f3d0e9205aaf1c07`
SHA256	`388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6`
SHA3	`b59854a353caba5e0be1002399bcb847b4dd99e37cff0c7967dd0d42c1eab089`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.2.2
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
FileDescription	wjxtdAuto Pro DLL
FileVersion (#2)	1, 0, 2, 2
LegalCopyright	holyiii@yahoo.com
LegalTrademarks	wjxtdAuto Pro
OriginalFilename	wjxtdAutoPro.dll
ProductName	wjxtdAuto Pro
ProductVersion (#2)	1, 0, 0, 1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Dec-19 09:34:39
Version	`0.0`
SizeofData	`85`
AddressOfRawData	`0x8c250`
PointerToRawData	`0x8c250`
Referenced File	d:\My Projects\wjxtdAutoPro - reset\release\wjxtdAutoPro.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x100964c8`
SEHandlerTable	`0x1008f370`
SEHandlerCount	`222`

RICH Header

XOR Key	`0x164860cf`
Unmarked objects	`0`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`34`
C objects (VS2012 build 50727 / VS2005 build 50727)	`158`
Imports (VS2012 build 50727 / VS2005 build 50727)	`2`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`72`
Total imports	`171`
Imports (VS2003 (.NET) build 4035)	`9`
114 (VS2012 build 50727 / VS2005 build 50727)	`139`
Exports (VS2012 build 50727 / VS2005 build 50727)	`1`
Resource objects (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

Errors

Leave a comment

No comments yet.