home

function.dll

Shanghai Holdfast Online Information Technology Co. Ltd.

Publisher:
挂机宝 - LSP协议通讯模块  (signed by Shanghai Holdfast Online Information Technology Co. Ltd.)

Product:
挂机宝 - LSP协议通讯模块

Version:
1.0

MD5:
3d7ceef8184578df53d741a0881f6870

SHA-1:
503a6d2e7802de2751af151dd64e79a7182bc95b

SHA-256:
5d7bd6e51e5058f51eb86d5f25bb2d084928341ea7da537905c0476295cf7e47

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
10/2/2025 10:28:25 PM UTC  (today)

File size:
869.9 KB (890,792 bytes)

Product version:
1.0.0.1

Copyright:
掘金联盟 www.54nb.com

Original file name:
function.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\function.dll

Digital Signature
Signed by:
Shanghai Holdfast Online Information Technology Co. Ltd.

Authority:
VeriSign, Inc.

Valid from:
7/9/2010 8:00:00 AM

Valid to:
9/7/2013 7:59:59 AM

Subject:
CN=Shanghai Holdfast Online Information Technology Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Holdfast Online Information Technology Co. Ltd., L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
32DFBEB9914DE39E73A0E7B35976D09E

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Ve1ZfPRlBVxgSsDNM00WKF4zGp/RbbB4zjjAmx1eYnw5:YbBVx5+NM00VFjpFbmYoVw5

Entry address:
0xE5D0

Entry point:
3B, C0, 74, 1C, EB, 00, DB, 2D, DC, E5, 00, 10, FF, FF, FF, FF, FF, FF, FF, FF, 3D, 40, FF, 56, 50, 72, 6F, 74, 65, 63, 74, 00, E8, 89, 1E, 08, 00, E1, B8, 4E, 6D, DC, DA, F2, A3, 13, EB, D8, E1, CA, B2, 00, 35, A8, C9, E9, 35, BB, 95, B1, 93, BD, 7B, 7D, F2, 96, 51, 1B, F8, 21, 13, E6, A5, 33, D8, EA, E3, DA, 04, 49, 5E, E2, BE, DE, 95, 9E, A5, 1F, 32, E5, BE, 48, 96, 5A, B1, B6, B9, F0, 36, 90, 31, AE, CA, AD, 90, B0, A6, B2, F3, 6F, F1, 7B, D8, 42, 35, BD, 30, 24, 10, E9, B6, B7, 2C, 53, 7E, 89, 70, 93...
 
[+]

Entropy:
7.3021

Code size:
16.5 KB (16,896 bytes)

Scan function.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.