home

contextmenu64.dll

好图看看

上海青枣网络科技有限公司

Publisher:
青枣网络科技有限公司.  (signed by 上海青枣网络科技有限公司)

Product:
好图看看

Version:
1.0.5.17

MD5:
5ee691fa6ccd43a1c703c8bdb4bfe3fd

SHA-1:
57497d6d0bb8f653e0f815a47ab0be0278a53767

SHA-256:
3bc167fd528031f55b2899129634fcfb9a6fe18272b52804970e2390f99b5e4e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 7:19:59 AM UTC  (today)

File size:
762.6 KB (780,920 bytes)

Product version:
1.0.5.17

Copyright:
(C) 青枣网络科技有限公司. All rights reserved.

Trademarks:
(C) 青枣网络科技有限公司 Corp. Ltd.

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\users\{user}\appdata\local\haotukankan\contextmenu64.dll

Digital Signature
Signed by:
上海青枣网络科技有限公司

Authority:
WoSign CA Limited

Valid from:
6/8/2016 4:13:38 PM

Valid to:
6/8/2017 4:13:38 PM

Subject:
CN=上海青枣网络科技有限公司, O=上海青枣网络科技有限公司, L=上海市, S=上海市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
1173DF7D069C9EA1BF01B2AA35401A53

Registration
CLSIDs:
{1A7B0538-FD28-48A0-BB8B-DE3E04DF94C2}, {79BEF29B-2700-4D41-BE42-6EBA8A889D29}

ProgID:
ContextMenu64.MenuEXT

COM registered:
Yes

File PE Metadata
Compilation timestamp:
1/13/2017 6:06:09 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x300D40

Entry point:
48, 89, 4C, 24, 08, 48, 89, 54, 24, 10, 4C, 89, 44, 24, 18, 80, FA, 01, 0F, 85, 6C, 02, 00, 00, 53, 56, 57, 55, 48, 8D, 35, 9D, 72, F4, FF, 48, 8D, BE, 00, 90, DB, FF, 57, 31, DB, 31, C9, 48, 83, CD, FF, E8, 50, 00, 00, 00, 01, DB, 74, 02, F3, C3, 8B, 1E, 48, 83, EE, FC, 11, DB, 8A, 16, F3, C3, 48, 8D, 04, 2F, 83, F9, 05, 8A, 10, 76, 21, 48, 83, FD, FC, 77, 1B, 83, E9, 04, 8B, 10, 48, 83, C0, 04, 83, E9, 04, 89, 17, 48, 8D, 7F, 04, 73, EF, 83, C1, 04, 8A, 10, 74, 10, 48, FF, C0, 88, 17, 83, E9, 01, 8A, 10...
 
[+]

Entropy:
7.8985  (probably packed)

Code size:
740 KB (757,760 bytes)

Approved Shell Extension
Name:
Icon Overlay Shell Extension

CLSID:
{79BEF29B-2700-4D41-BE42-6EBA8A889D29}


Scan contextmenu64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.