| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2025-Nov-02 10:32:50
|
| Detected languages |
Chinese - PRC
English - United States
|
| TLS Callbacks |
3 callback(s) detected.
|
| CompanyName |
ç½æ(æå·)é·ç«ç§ææéå
¬å¸
|
| FileDescription |
NeacProtect
|
| FileVersion |
1.0.0.8
|
| InternalName |
NeacClient.exe
|
| LegalCopyright |
Copyright (C) 2020
|
| OriginalFilename |
NeacClient
|
| ProductName |
NeacProtect
|
| ProductVersion |
1.0.0.8
|
| Info |
Libraries used to perform cryptographic operations: |
Microsoft's Cryptography API
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .lh0
Unusual section name found: .lh1
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Uses Microsoft's cryptographic API:
Leverages the raw socket API to access the Internet:
|
| Info |
The PE is digitally signed. |
Signer: NetEase (Hangzhou) Network Co.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
|
| Suspicious |
VirusTotal score: 1/71 (Scanned on 2026-02-02 04:24:22) |
Bkav:
W64.AIDetectMalware
|
| MD5 |
c8a57469bb6bb057cfc05deebbd0f219
|
| SHA1 |
315c17a39ec400fcb3d8ddcdd72f9e9c54a55d3e
|
| SHA256 |
6bfa18ed6da98c6ff12871362c03f8254936f6164b63424485b3a352e9ceefee
|
| SHA3 |
ad2b657df05b25b5b68590ec1e68e4ed553215e62a13b2936bc8a5a16b0eb71d
|
| SSDeep |
196608:ta/aogqAHS8Q9H7uuC8SNblL/Ea19MSPqixucEz/VLVdxxwmt:ta4HfMyVNblL/FLMgqmKzh9t
|
| Imports Hash |
8319d3cbaa6bdfbbc99d28e847eedb74
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
9
|
| TimeDateStamp |
2025-Nov-02 10:32:50
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
14.0
|
| SizeOfCode |
0x832000
|
| SizeOfInitializedData |
0x41c200
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000001538D42 (Section: .lh1)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x140000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x17d4000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x884d7c
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x831e9c
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x2bac8e
|
| VirtualAddress |
0x833000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xa88f4
|
| VirtualAddress |
0xaee000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x55a04
|
| VirtualAddress |
0xb97000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xf4
|
| VirtualAddress |
0xbed000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x3541c4
|
| VirtualAddress |
0xbee000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| MD5 |
fb8aa7a32f9be0ab8fd2137190c50bf2
|
| SHA1 |
e8f6cad85ff41b0ef13242720f2a0f5837e39ee1
|
| SHA256 |
69157fbac4fa020f5f14a67eb05d53055c82b9a5af7bb0af6ea42ef97e2c17ad
|
| SHA3 |
71532553ae139752937a500a5f124a11ea138783d9c7fc789a20202174b4b37c
|
| VirtualSize |
0x8438a0
|
| VirtualAddress |
0xf43000
|
| SizeOfRawData |
0x843a00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
|
| Entropy |
7.92535
|
| MD5 |
b22e8e655ada1c31e5764dfa4b68cca7
|
| SHA1 |
9ada352df414690223de96d5e9f653bdc52d33b3
|
| SHA256 |
cb79bcebf2753904897f1f07b318d88fd0a1e3c202e5a510a16a295ac495d5db
|
| SHA3 |
caa42c46d52d89d3f92cdf1fefc483426089b34b190c4c814cca2d03b58f6196
|
| VirtualSize |
0xd8
|
| VirtualAddress |
0x1787000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x843e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.33387
|
| MD5 |
27f75a6a2a31f2f5c07d9aa710bb6b99
|
| SHA1 |
535b8dbaada2127c4d3960704890c5861779e4e2
|
| SHA256 |
8d6dd919d1415a9eb3136b92d15280fed490523b67c0a249e451a47974c66680
|
| SHA3 |
f6422468bf08e4fdb4f7e3480854e3f8552767a74a481a8492fd865561e0386c
|
| VirtualSize |
0x4b7ac
|
| VirtualAddress |
0x1788000
|
| SizeOfRawData |
0x3d600
|
| PointerToRawData |
0x844000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
7.57925
|
| WS2_32.dll |
WSAResetEvent
|
| SHLWAPI.dll |
PathRemoveFileSpecW
|
| ntdll.dll |
NtDeviceIoControlFile
|
| VERSION.dll |
GetFileVersionInfoSizeW
|
| RPCRT4.dll |
RpcServerUnregisterIf
|
| tdh.dll |
TdhGetEventInformation
|
| KERNEL32.dll |
GetVersionExW
|
| USER32.dll |
CreateCaret
|
| GDI32.dll |
GetTextExtentPointA
|
| ADVAPI32.dll |
ReportEventW
|
| SHELL32.dll |
DragQueryFileW
|
| ole32.dll |
CoInitialize
|
| OLEAUT32.dll |
VariantInit
|
| COMCTL32.dll |
_TrackMouseEvent
|
| gdiplus.dll |
GdipSetStringFormatFlags
|
| IMM32.dll |
ImmReleaseContext
|
| FLTLIB.DLL |
FilterConnectCommunicationPort
|
| WINTRUST.dll |
WinVerifyTrust
|
| CRYPT32.dll |
CryptMsgClose
|
| Normaliz.dll |
IdnToAscii
|
| WLDAP32.dll |
#301
|
| KERNEL32.dll (#2) |
GetVersionExW
|
| USER32.dll (#2) |
CreateCaret
|
| Type |
ZIPRES
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0xe35c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
0
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.00574
|
| MD5 |
03777e0dbb4b03a12d6c79eddbf23d93
|
| SHA1 |
4da7e398425839939eab43768e8ecf36d21c44de
|
| SHA256 |
86caa5e1f4cfebc10f1d8f4a6f74c5203ed666f22eba7b229a98ade1351ab4bc
|
| SHA3 |
68af9997c01fbddfe086c292699e6c4ce91fc9d3ddf900ffeb9ab4e5689ba31b
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.23765
|
| MD5 |
e915fe2ae13b52db871579c7c7a6e888
|
| SHA1 |
15a88c38b2c689dfd0f8a874fcc7a110611e9deb
|
| SHA256 |
a9d7711b50459b29e47d61bc69023b657ee51e0aad940da71e5e4b4185b6b65a
|
| SHA3 |
ab8692209b109a3531e8e15ffb3e2a77054e27868ef424fa8e2042b89ce78d94
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.25133
|
| MD5 |
ab4e2cce935cc58f4127caa7af2d09d5
|
| SHA1 |
227888548b966e2b3f7360cf95189fe0338edfe4
|
| SHA256 |
1ee8133e0833daaf69ba761d8b4681b7a6e89182e2ff4b2f93e80129f923eda6
|
| SHA3 |
9b42a1c69a716db1c3b4680c2baafe89e24ccc590ae8ee6f2291a1df49dca0b4
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0x4228
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.28136
|
| MD5 |
9b8c94d7cf5254a95be1baf2804582f3
|
| SHA1 |
3545896bfc252236e17aece0e33b150e55fff337
|
| SHA256 |
bc943dc7d76ef52e6629f6d8b48b00b69edb3888942efd4ff0c2639cc6fac2c7
|
| SHA3 |
46349dd063877b641eeac418919d2647f2bf4149522c1cf7f2e77662b6b612e4
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0x10828
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
6.28858
|
| MD5 |
985b25bb91e00a60dbd343a62ec14f96
|
| SHA1 |
cd72e207ef9ac966851d9979b210809e0c4043c3
|
| SHA256 |
74198b984b81096b684ad041cbe32c3e76830801470362938f1bea813a04d645
|
| SHA3 |
59c56cc517870ded1c39c1082c3a1d12e8ea096e0d691f9737011f8da66bc9a9
|
| Type |
RT_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0x2471a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.98342
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
54801a0c90cee54124dba4464a5d08c2
|
| SHA1 |
f0eba0267ff7bc87584de6a6b13ce1417af87932
|
| SHA256 |
4a2522b4e85b7748268781eff1f2f29bf030f0335e0ab73be86f8d05fc7806ca
|
| SHA3 |
908816621c130c95032f2a3a15b9eee4bc3e1680c7004003722638703247c1f3
|
| Type |
RT_GROUP_ICON
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0x5a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.85443
|
| Detected Filetype |
Icon file
|
| MD5 |
0197dfc1daefce6038f8571307de7511
|
| SHA1 |
e7036b9fa24378f1b9bfcf5609ae28adee956921
|
| SHA256 |
0a31b544bf70ba04567a64689485dd97d459cbe0975c5a65e428568a30655d40
|
| SHA3 |
ad47a7bd96fd1673ec279db5ffc9a232f26f04f8c8ddf8fbcd9b687207a32cdf
|
| Type |
RT_VERSION
|
| Language |
Chinese - PRC
|
| Codepage |
UNKNOWN
|
| Size |
0x2c4
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.48264
|
| MD5 |
5cd401a01e9d458d7093c18649114a15
|
| SHA1 |
b5a5016059a168faaca2bdb6491cf103f6b65bfa
|
| SHA256 |
7b0c7d36ba23b9e88c260e5df2e7907cb72ad114c721b90e31e7fadd4d4a37f3
|
| SHA3 |
7f21d4e3c5680e6589324ec8930fd53f86b0080d6e9eea4b525fec6c7e33795d
|
| Type |
RT_MANIFEST
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x282
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.0672
|
| MD5 |
b2ced3969f764cf58d1e3f898073333a
|
| SHA1 |
d4e26a5bc1ae0f1b8c21554308ee5a20614e6a56
|
| SHA256 |
1d8a782b70eaa4d474727b0c68e8dfb3105966bac2fd3ed0c23df96388957674
|
| SHA3 |
ce1e576a590d4453de91b4877643a36e09055955d3cca3f8571b549853470182
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
1.0.0.8
|
| ProductVersion |
1.0.0.8
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language |
Chinese - PRC
|
| CompanyName |
ç½æ(æå·)é·ç«ç§ææéå
¬å¸
|
| FileDescription |
NeacProtect
|
| FileVersion (#2) |
1.0.0.8
|
| InternalName |
NeacClient.exe
|
| LegalCopyright |
Copyright (C) 2020
|
| OriginalFilename |
NeacClient
|
| ProductName |
NeacProtect
|
| ProductVersion (#2) |
1.0.0.8
|
| Resource LangID |
Chinese - PRC
|
| StartAddressOfRawData |
0x1415cdab8
|
| EndAddressOfRawData |
0x1415cdafc
|
| AddressOfIndex |
0x140b82a80
|
| AddressOfCallbacks |
0x1415cdafc
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
| Callbacks |
0x0000000140F5A145
0x000000014075997C
0x0000000140783320
|
| Size |
0x138
|
| TimeDateStamp |
1970-Jan-01 00:00:00
|
| Version |
0.0
|
| GlobalFlagsClear |
(EMPTY)
|
| GlobalFlagsSet |
(EMPTY)
|
| CriticalSectionDefaultTimeout |
0
|
| DeCommitFreeBlockThreshold |
0
|
| DeCommitTotalFreeThreshold |
0
|
| LockPrefixTable |
0
|
| MaximumAllocationSize |
0
|
| VirtualMemoryThreshold |
0
|
| ProcessAffinityMask |
0
|
| ProcessHeapFlags |
(EMPTY)
|
| CSDVersion |
0
|
| Reserved1 |
0
|
| EditList |
0
|
| SecurityCookie |
0x140b41200
|
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section _RDATA has a size of 0!
[*] Warning: Section .lh0 has a size of 0!
[!] Error: Resource 103 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 103 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 103 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 103 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 103 is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource is empty!
[!] Error: Resource 103 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 103 is bigger than the PE. Not trying to load it in memory.
6bfa18ed6da98c6ff12871362c03f8254936f6164b63424485b3a352e9ceefee