Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00005da3	0x00005a00	4.22466488032
.rdata	0x00007000	0x0001e8ac	0x0001ea00	7.74887800175
.data	0x00026000	0x00007648	0x00005a00	6.70292622732
.rsrc	0x0002e000	0x00000581	0x00000600	3.05840578194
.reloc	0x0002f000	0x00000890	0x00000a00	5.58870599028

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x0002e060	0x000004b4	LANG_ENGLISH	SUBLANG_ENGLISH_US	data

`.rdata

@.data

@.reloc

D$vf+D$vf

D$XQG

L$H+D$X

D$8;D$@

\$c"\$c

L$0+D$X9

D$@iL$h(

D$l3D$x

T$,9D$

:D$#s>

L$8=MZ

D$83D$8

D$"f%

D$ 9D$$u

D$|3D$|

L$ +L$

%)W)6r

%)W)Vr

diF")U

&6F+V>

6"6F6=

%)W)Vr

97IU:x

j/d6]L

%)WmjQ

_Z<fZND

l_/(Jq

m59oIq

I#?Lr,

xqM@QC

!^76tU

M\iF"6

"6F+~(

gKV+Rk

FC.Lwc

H/d6]K

},%*Rv

mX,ja)I

%)W-RU

9_Iy_4

i/d5EB

UIRG4

nZZ+>&

7WIA_6

"pK^.>

y;6y>

GC.L?T

7F.H d

FrGC.LS=

F>FC.d>

?u%)>i

cJ97IA

qHQk>7F

jJ7FC~

^#6F+r

GC.L7u

~%)_6.

0JF6FC.

%)>iER

%.7Kg

dKQge\)x

j.<FC.

A-cA--Z

gG%)auj

ne97II

;."7FC

_{%)_Q

z%)W)Jr

z%)W)Br

F:GC.L

Q3C.+5

-'97I5

m'(xqM

1G"6.t

F2GC.L

m%)W)Dr

%)_By!

mj"6FC

.d5]Ls

i/^5EB

ZbD.d>

8%6FN,s6

LE.d5]L4

C]S77I

%)WgE1

7/I-_uj

F>.4Yd

u/^0EB

eyd[_|

_IY>kE

"6D.d<w`

'97I-:x5

C.dVB|

Z2D.d<

mj"6FC

'97I-:x5

^#6F+bn

D5E,=h

FCa$6x

:AG7FC

QKu6Fv

L#5?I-<hE!

o8%)W)Jr

\.d5]Lx

Q[-6Fv-

x%)W-R

=Sq*[+

7gI}W@F%

9R>,<t=

o`[Q#@

TC.d4b

ViF"i!

6~t9M&

5Ti ^

hy.d<cZ

[Z%)Y)

6~t9M&

F>.4bd

`w.d4]

F>.Xed

@-cA-,

9amjr5|B

q.NfFC

`D.d<d6

f)'QWp6F

Fn.T]d

,>-c<h

%)HB1+

TC.d5]K

6lth1/,

z'.KlI

Fn.LWd

3zC.$&

G5/I9<(

-y<lFA6

:-c<hA

,i))Hp

*m..ZFC

)m<fZND

u:.lQd

j"ZL|T

_QN~4q

{6oK `

-'5_I-_

x@-c6]Km

f<k`sQ7c

5nQS<6F

H%)W-^

H%)W-R

w:.tDd

F&6F+j

u:.48d

xV.d<d6

6'KU.G

Q;*6FR

Qw"6FR

SknBa

6lkc)Hw

0M#6FC

-+QGr6F

D1Isso

nkF+z^

7GI=YVU

Q[5I

7GI=YVU

9?0*_8

Q[5I

7GI=Y_

*Q["6F

2dA--^

,je`)xQ

eBFC.d<`2

ZRBac$

mj"6FC

HC.dA--

J&+In.|

m.~(EB

!i.^`FC

d_Y[R[

tx)M$Qw

$6F+R0

))Q#P6F

zj[/+5

m 7?I-Y;

j&6FC.

5<E8a/F"6

bbIC.d

Tg.d<m\

D.d}i\

IR/u5EB

h/I0EB

7FC-:6]

b.d<e\

obKQ3g

-c5]Kg

*e^\RA

7`1y$l

]`KQ/*

FJGC.d%

FbGC.d

FC.+4]

>y.B6FC

8YJH"6

U.d<e\

i."LFC

EBa6<!

ViG"6FC.d

?m;d0j>

y$Qw.6F

"6F+>[

`!^76t

j:6FC.

D.d<u\

%)>qEVU

*>X(_6

71E`$5]L

j.r5EB

5/I-amC"6FC~

#rJ5e-

Z7gI1_p

"sKC.$%

g:sgo\

|kn$Ba

n[awFB

FB.T4d

X{Q{!k

F6lx9M<iF"&

$Qc(6F.:

*++Mn1

FJHC.d

u9S\uR

^$6FC=

*S+=m0

y.ZEB

WjF"i3

)-c6]L

a1F691

_IA_4E

u~>iEX5

?t$(auj

nbKQ#_QN

nG7_IAY_

9/I->j

k?E!!+

2dA--^

-c<eA)

SQ$(X)

$(_a/y5EB

0JFzFC.

nZRRz4:

v)MW/nbE

eac<hdv.l

.R1EBs

c+7?I5]

y.2;FC

i97I-

V$(auj

j"ZLzX

iF"5zg

_$(_7.v

4[Cg.<

/$QS"6F

v_0jUbF26F

9/I}>m

<Ev-6x

FzJC.d

u.&6FC

kF"61*

7Ti `

~x<d`^Av

,f))Iq

1#77]M

cB.h~c

'O$(a}j

FC.s5Y

1D,Jg>

eY\qI<"

7WIiW3N

iF"6FC.d

Lhx0"Z

iF"6FC.d

eZ,a;P.

0nW(i#A

vz/oB)d

W3"?zEm~

iF"6FC.d

F"6FC.d

6=-gJ7S

$:g=^P

oXNoeE

E)KF"6FC.d

iF"6FC.d

ZF#6FC.d

hER6FC.d

iF"6FC.d

^6)73f

J8]M[<

iF"6FC.d

iF)6FCNd

'"6FC.d

iF"6FC.d

hE!5EB-d

iF"6EC.d

iF"6FC.d

hE$6FC.d

iF&6FC2d

iF#6FC/d

IW!3phda8d

8*'+KqV

iF"6FC.d

iF26FC

iF"6FC.d

XN|wXi

Hv^_~S_Y

iF"6FC.d

iFB7FCF/

jF#6FC5d

%)njFD6FC\

jF^6FC\

iF"&GC

jF"6FC.d

"6FC.d

iF"6FC.d

lF%6FCVd

iF"6FC.d

"6FC.d

iF"6FC.d

jF"6FC

iF"6FC.d

iF"6GC/d

iFB6FC/d

%k?&F[

%bG7Fd

%kO?FS

%b`GFd

%khXFl

hF!5EC-c

hEr9zC.d

iFa6FC.d

FO6xC^d

iFX6QC/d

FR6tC^d

iF"6FC.d

"VFCbd

iF"vFC>d

iFBf6u

b)DiF26FC]

iF66FC

iF66FCv

iF"vGCFd

jF.6FC.

iF"6FC.d

<khoTDvU

rchannel,yf

is9eusersin3AdobeMozilla

5wider1intoJz4systemis

interface9Lprocessyellowautaylor

Jowasturned5user

Maddition,r

byrush2112H.264Incognitolike131313fbrof

inthenotezcabilityPixlr

sitelaunchedDChromium,e.g.

sayingVaultasCanarywhenNewL2012).ChromeL

compromiseW3s

CmodelVZ

oLedward1

oncefmtheF

easyfayhaszpresentWhe

toDthexandforD8SO

xBcofGathePIH

cockwassofMless4Silverlight

cispreviews41Efor

collectabout:flagsBetadoesof

LfUdevelopers,0usingsupport.29thatpermissionswith

HunApkepttooEp

HwithwilltowDespite

klaterNoEcma

zMIplatform.bejinitialF

danielleOperaExample:GEF3y

Ih196explained2011,MozillacZAj

TonibofXH4ands

gKtosydneyLV620155In

3uVSsupportSPDYVcformdo

warnsyDevelopercalleda0t5wC

chosen9Fpart

ownthatrCP

tttt32

rrpokdmgnn``.dll

FnloderTrRppee

kernel32.Sleep

yyseew4.pdb

GetModuleFileNameA

CreateFileW

CloseHandle

OutputDebugStringA

KERNEL32.dll

RegOverridePredefKey

ADVAPI32.dll

memset

msvcrt.dll

TranslateMessage

USER32.dll

OLEAUT32.dll

<jhaWP

N9rSp"

^NjMN$

7xF%xy

?N$t[E

p7$~LF

J ?,kb

ddp=mp

^`<r?t

^C1EGG

n~{N,|

K\C_XVE

iF"6FC.d

iF"6FC.t

iF(6FC.d

iF"6VC.t

iF"&GC

iF"6FC.d

5iFTdFC.

iF"6FCnd

jF"6FC.d

jF"@FC.*

"6FC.d

iF"6FC.d

<hEA6.t

&.d<hd

7/I1:x

}`h;z'

%3j3r3

8P:@<m<

D3H3L3P3T3X3\3`3d3h3l3p3t3x3

4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4

5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5

6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6

7 7$7(7,7l7p7t7x7|7

8 8(8,8084888<8@8D8H8L8P8T8

9 9$9(9,9094989<9@9H9P9T9X9\9`9d9h9l9p9t9x9|9

: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:p:x:|:

; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;

< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<

<4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=

>\>`>d>h>l>p>t>x>|>

? ?$?(?,?0?4?8?<?@?D?

0 0$0(0,00080@0D0H0L0P0T0X0\0`0d0h0l0

1 1$1(1,1014181<1@1D1H1L1P1T1X1`1h1l1p1t1x1|1

2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2

3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3

3$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4

5L5P5T5X5\5`5d5h5l5p5t5x5|5

6 6$6(6,60646t6x6|6

7 7(7074787<7@7D7H7L7P7T7X7\7

ZthatotheseyWindows0computationally1

ethereYTheavailableisthey

JasusChromeOnfiveGD

been2exploitsused

statingAz6Chrometestsby-electioneach37

LinuxweekKInternet3NPAPIitForChrome

u8cannotpinstance4

ZGooglexUas3accessv

toLcnewvideohasxtypedz

stableOmniboxBelfast,andkepttheseoncanx

tEfreeKvirtualwhichChrome

scycleprovideare

Eethealso:inthetigerando

HSpeedothewithcarlosensuresGu8

surferx27lan

PAccordingSRWareGbnspanky

calledWcoordinatedBx

VS_VERSION_INFO

StringFileInfo

040904b0

Comments

Thanks to Stig Bakken, Thies C. Arntzen, Andy Sautins, David Benson, Maxim Maletsky, Harald Radi, Antony Dovgal, Andi Gutmans, Wez Furlong, Christopher Jones, Oracle Corporation

CompanyName

The PHP Group

FileDescription

FileVersion

InternalName

SIR8_12L tthewtfeb

LegalCopyright

1997-2018 The PHP Group

LegalTrademarks

OriginalFilename

sir_ehh8_12h.dll

ProductName

ProductVersion

http://www.php.net

VarFileInfo

Translation

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports