| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | ada.exe |
| File Type: | PE32+ executable (GUI) x86-64, for MS Windows |
| SHA1: | af784969780e20ec5aee2de5e08b3c24c8c1ef08 |
| MD5: | 6941e650acc328a77edde817941da0d2 |
| First Seen Date: | 2023-06-29 14:03:48.272068 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-06-29 14:03:48.272068 ( ) |
| Human Expert Analysis Date: | 2023-06-30 13:34:46.183273 ( ) |
| Human Expert Analysis Result: | Clean |
| Property | Value |
|---|---|
| magic literal enum | 4 |
| file type enum | 7 |
| debug artifacts | [{u'Path': u'F:\\hxsmart\\HxCef\\x64\\Release\\hxsmartwordhelp.pdb\x00', u'GUID': u'{45d189dc-3541-48bb-b01a-687f88e465d7}', u'timestamp': u'2018-12-21 04:14:28'}] |
| number of sections | 8 |
| trid | [[87.3, u'Win64 Executable (generic)'], [6.3, u'Generic Win/DOS Executable'], [6.3, u'DOS Executable Generic']] |
| compilation time stamp | 0x5C1C68A4 [Fri Dec 21 04:14:28 2018 UTC] |
| LegalCopyright | Copyright (C) 2018 |
| InternalName | H14 |
| FileVersion | 1.0.0.1 |
| CompanyName | \u676d\u5dde\u6838\u65b0\u8f6f\u4ef6\u6280\u672f\u6709\u9650\u516c\u53f8 |
| ProductName | \u540c\u82b1\u987a\u95ee\u8d22 |
| ProductVersion | 1.0.0.1 |
| FileDescription | \u540c\u82b1\u987a\u667a\u80fd\u5212\u8bcd |
| OriginalFilename | hxsmartwordhelp.exe |
| Translation | 0x0804 0x04b0 |
| entry point | 0x14001909c (.text) |
| machine type | AMD64 only, not Itaniums, with 0200 - 64 bit |
| file size | 596456 |
| ssdeep | 12288:0mnlGy57lYDzJBZhR8EyokybvnzgWkpgvgf:3EEYxBPR3yJybvn0WPIf |
| sha256 | 50dc88c8db59f0760ab2e17cd6f2f1ec61a763a3beca014b15216d98e84e1357 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/a/f/7/8/af784969780e20ec5aee2de5e08b3c24c8c1ef08', u'EXE:OriginalFileName': u'hxsmartwordhelp.exe', u'EXE:ProductName': u'\u540c\u82b1\u987a\u95ee\u8d22', u'EXE:InternalName': u'H14', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:06:29 14:03:05+00:00', u'EXE:InitializedDataSize': 376320, u'File:FileModifyDate': u'2023:06:29 14:03:05+00:00', u'EXE:FileVersionNumber': u'1.0.0.1', u'EXE:FileVersion': u'1.0.0.1', u'File:FileSize': u'582 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'AMD AMD64', u'EXE:FileOS': u'Windows NT 32-bit', u'EXE:ProductVersion': u'1.0.0.1', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win64 EXE', u'EXE:CompanyName': u'\u676d\u5dde\u6838\u65b0\u8f6f\u4ef6\u6280\u672f\u6709\u9650\u516c\u53f8', u'File:FileName': u'af784969780e20ec5aee2de5e08b3c24c8c1ef08', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 6.0, u'EXE:PEType': u'PE32+', u'EXE:TimeStamp': u'2018:12:21 04:14:28+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright (C) 2018', u'EXE:LinkerVersion': 14.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/a/f/7/8', u'EXE:FileDescription': u'\u540c\u82b1\u987a\u667a\u80fd\u5212\u8bcd', u'EXE:EntryPoint': u'0x1909c', u'EXE:SubsystemVersion': 6.0, u'EXE:CodeSize': 219648, u'File:FileInodeChangeDate': u'2023:06:29 14:03:05+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'Chinese (Simplified)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.0.0.1'}] |
| mime type | application/x-dosexec |
| imphash | 107506ead95bb3a22146341fa6291607 |
| File Path on Client | Seen Count |
|---|---|
| af784969780e20ec5aee2de5e08b3c24c8c1ef08 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x3582c | 0x35a00 | 6.42526366775 | d53051c631749a800b3279737241b9a1 |
| .rdata | 0x37000 | 0x19f0c | 0x1a000 | 5.01238804154 | c01bc9bcc800ec827e85898037e547fa |
| .data | 0x51000 | 0x2ff4 | 0x1600 | 3.45659368727 | 13a29e3c8b633dfad1f9ba0ac853982e |
| .pdata | 0x54000 | 0x2e50 | 0x3000 | 5.38609638567 | a4ab1a652c9d3fd335f90c8f9c3e225d |
| .gfids | 0x57000 | 0x1c4 | 0x200 | 3.45812094087 | 68b60d02978e66acd8544762256d2dec |
| .tls | 0x58000 | 0x9 | 0x200 | 0.0203931352361 | 1f354d76203061bfdd5a53dae48d5435 |
| .rsrc | 0x59000 | 0x3aaf8 | 0x3ac00 | 5.80110623377 | a4d62d6d49cda54d550acdf83148728e |
| .reloc | 0x94000 | 0xd44 | 0xe00 | 5.33462815151 | f49870568825a1d0d9f67c69d60ab8bb |
-
hxgetword64.dll
- SetKeyboardEventListener
- SetMouseEventListener
- EnableDbClick
- InstallHook
- UnInstallHook
-
KERNEL32.dll
- WaitForSingleObjectEx
- WriteConsoleW
- FlushFileBuffers
- SetFilePointerEx
- GetConsoleMode
- GetConsoleCP
- GetCommandLineW
- OutputDebugStringW
- OutputDebugStringA
- MultiByteToWideChar
- GetLastError
- WideCharToMultiByte
- HeapSize
- SetStdHandle
- FreeEnvironmentStringsW
- GetEnvironmentStringsW
- GetCommandLineA
- GetOEMCP
- IsValidCodePage
- FindNextFileW
- FindFirstFileExW
- FindClose
- GetProcessHeap
- EnumSystemLocalesW
- GetUserDefaultLCID
- IsValidLocale
- GetStringTypeW
- EncodePointer
- DecodePointer
- EnterCriticalSection
- LeaveCriticalSection
- DeleteCriticalSection
- SetLastError
- InitializeCriticalSectionAndSpinCount
- CreateEventW
- TlsAlloc
- TlsGetValue
- TlsSetValue
- TlsFree
- GetSystemTimeAsFileTime
- GetModuleHandleW
- GetProcAddress
- LCMapStringW
- GetLocaleInfoW
- GetCPInfo
- CloseHandle
- SetEvent
- ResetEvent
- CreateFileW
- RtlCaptureContext
- RtlLookupFunctionEntry
- RtlVirtualUnwind
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- GetCurrentProcess
- TerminateProcess
- IsProcessorFeaturePresent
- IsDebuggerPresent
- GetStartupInfoW
- QueryPerformanceCounter
- GetCurrentProcessId
- GetCurrentThreadId
- InitializeSListHead
- RtlPcToFileHeader
- RaiseException
- RtlUnwindEx
- FreeLibrary
- LoadLibraryExW
- HeapAlloc
- HeapReAlloc
- HeapFree
- ExitProcess
- GetModuleHandleExW
- GetModuleFileNameW
- GetStdHandle
- WriteFile
- GetACP
- GetFileType
-
USER32.dll
- RegisterWindowMessageW
- EndDialog
- EndPaint
- BeginPaint
- DefWindowProcW
- DestroyWindow
- DialogBoxParamW
- PostQuitMessage
- IsWindow
- SetTimer
- SendMessageW
- ShowWindow
- CreateWindowExW
- RegisterClassExW
- LoadCursorW
- LoadIconW
- DispatchMessageW
- TranslateMessage
- TranslateAcceleratorW
- GetMessageW
- LoadAcceleratorsW
- LoadStringW
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 366392, u'sha256': u'05b60128666ebc1e99032fbe66b84226a91f25eb6f77374eb35b0935a734d711', u'type': u'data', u'size': 67624}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 434016, u'sha256': u'dfa1b542a96b9ffb533f38bb4d0184ed3865385e95c43e69d96df8287fa9ef63', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 435144, u'sha256': u'a9bbca7bd2cfb47ed12cfb4dcbe74335c152081f30e8542fd4719ad1b97106db', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 19122}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 454272, u'sha256': u'caa7348fbff1d5877a93cb5937f2561c81b8c49ec325f99b17a548c1ad6d2a3d', u'type': u'dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294732871, next used block 4294732871', u'size': 4264}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 458536, u'sha256': u'366b3ce8b3b7336e6c28e5553c4b85fe8bcda8be3359deeb27fda4e62fd9de23', u'type': u'dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4043074375, next used block 3959121478', u'size': 9640}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 468176, u'sha256': u'587327c6938474071e5bd180099f53320be86aeff1da2826639fabd7382580c5', u'type': u'dBase IV DBT of \\200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 2079874118, next used block 586635083', u'size': 16936}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 485208, u'sha256': u'05b60128666ebc1e99032fbe66b84226a91f25eb6f77374eb35b0935a734d711', u'type': u'data', u'size': 67624}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 552832, u'sha256': u'dfa1b542a96b9ffb533f38bb4d0184ed3865385e95c43e69d96df8287fa9ef63', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 553960, u'sha256': u'a9bbca7bd2cfb47ed12cfb4dcbe74335c152081f30e8542fd4719ad1b97106db', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 19122}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 573088, u'sha256': u'caa7348fbff1d5877a93cb5937f2561c81b8c49ec325f99b17a548c1ad6d2a3d', u'type': u'dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294732871, next used block 4294732871', u'size': 4264}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 577352, u'sha256': u'366b3ce8b3b7336e6c28e5553c4b85fe8bcda8be3359deeb27fda4e62fd9de23', u'type': u'dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4043074375, next used block 3959121478', u'size': 9640}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 586992, u'sha256': u'587327c6938474071e5bd180099f53320be86aeff1da2826639fabd7382580c5', u'type': u'dBase IV DBT of \\200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 2079874118, next used block 586635083', u'size': 16936}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MENU', u'offset': 604024, u'sha256': u'a29831e4a3fac395e2aa86df5a0906ed2beebda018745be869477d636148f7af', u'type': u'data', u'size': 74}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 604120, u'sha256': u'3e304ab2109e2fddabed2581462ccc78cf65f4ac8d443c1471e4146a5ce779fc', u'type': u'data', u'size': 328}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 604448, u'sha256': u'0559f14512d7125dc68892a50daf5f5e22ccda48f470987e7be3d84bb71c9d08', u'type': u'data', u'size': 84}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ACCELERATOR', u'offset': 604104, u'sha256': u'c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c', u'type': u'data', u'size': 16}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 485112, u'sha256': u'd634cb33766ce9d5dde805db40dd9a0aa2cfcaa0e9203b3cf62a32ccc9c1ff99', u'type': u'MS Windows icon resource - 6 icons, 128x128', u'size': 90}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 603928, u'sha256': u'ea9747d6c0b3ff73bf8c4012aec02e4aa5cc69dc589cd3735f290fb0e62fdf91', u'type': u'MS Windows icon resource - 6 icons, 128x128', u'size': 90}
{u'lang': u'LANG_CHINESE', u'name': u'RT_VERSION', u'offset': 365712, u'sha256': u'1625604d07c802f5e18429fa304de00ba1ea9ca1d7c8cde67b9a49e66681e334', u'type': u'data', u'size': 676}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 604536, u'sha256': u'4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df', u'type': u'XML 1.0 document text', u'size': 381}