70225d0e52065d0ec3e69fa807e9e699e036646c51b0e8a68d9476fb1624c506

Sharing

Copy URL Twitter E-mail

General

Target

70225d0e52065d0ec3e69fa807e9e699e036646c51b0e8a68d9476fb1624c506
Size

2.0MB
MD5

8e561d2c3fc8de6bbc2c48aa19740da9
SHA1

02bdd769f0bc8055af2125f56d6772fbc28ac224
SHA256

70225d0e52065d0ec3e69fa807e9e699e036646c51b0e8a68d9476fb1624c506
SHA512

4d95ff79ba22766f006b382833ef134f3a8932b5c2324bbae21cb667008746dce057d04c3e1c62219a449d630e17073eabc490fb52fb688812d0fac6c9d62d19
SSDEEP

49152:2NPA60nuJa4vb0kGOjUHrDMHAg1kVXXT44YXBs+i9s:2VA60n78wkGvHAAg1kVUTXBB0s

Score

N/A

Malware Config

Signatures

Files

70225d0e52065d0ec3e69fa807e9e699e036646c51b0e8a68d9476fb1624c506
.7z
TTPlayer/AddIn/ttp_clienc.dll
.dll windows x86

75da0ea449ca966c6e146feec448a867

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
FlushInstructionCache
lstrcpynA
HeapFree
GetProcessHeap
lstrcpyA
HeapReAlloc
HeapAlloc
lstrlenA
GetModuleHandleA
LoadResource
GetProcAddress
GetModuleFileNameA
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
MulDiv
CreateEventA
ResetEvent
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LockResource
SizeofResource
FindResourceA
VirtualFree
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WriteFile
CreateProcessW
CreateProcessA
GetVersionExA
DeleteFileW
GetLastError
GetStdHandle
CreatePipe
SetStdHandle
CloseHandle
DeleteFileA
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
InterlockedDecrement
lstrcmpiA
InterlockedIncrement
CreateFileA

user32

MessageBoxW
SetWindowLongA
SendMessageA
DialogBoxParamA
GetDlgItem
GetWindowTextLengthA
EndDialog
BeginPaint
GetWindowTextA
DefWindowProcA
GetWindowLongA
CallWindowProcA
GetParent
IsWindow
RedrawWindow
IsWindowEnabled
CreateWindowExA
SetWindowPos
AdjustWindowRectEx
MapWindowPoints
DrawTextA
GetDC
ReleaseDC
CharNextA
InvalidateRect
SetCursor
DestroyWindow
GetDlgCtrlID
PtInRect
GetCapture
SetCapture
ReleaseCapture
GetFocus
GetSysColor
DrawStateA
DrawFocusRect
LoadCursorA
SetFocus
EndPaint
GetClientRect
SetDlgItemTextA
CreateCursor

gdi32

DPtoLP
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC
GetClipBox
DeleteObject
RestoreDC
SetWindowOrgEx
IntersectClipRect
SaveDC
SetTextColor
SetBkMode
CreateFontIndirectA
GetObjectA
BitBlt
DeleteDC
OffsetWindowOrgEx
GetStockObject
SelectObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemAlloc

msvcrt

_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strncmp
isalpha
isalnum
isspace
_mbsrchr
??2@YAPAXI@Z
_mbscmp
atoi
vsprintf
__CxxFrameHandler
_except_handler3
vswprintf
malloc
realloc
_mbsstr
strlen
wcsstr
memmove
wcslen
memcpy
_mbsicmp
free
??3@YAXPAX@Z
memcmp
_CxxThrowException
memset
_purecall
_adjust_fdiv

Exports

Exports

ttpGetSoundAddIn

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/AddIn/ttp_enc.dll
.dll windows x86

a33c97ce69b8f17d9166d104debda713

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
FreeResource
LockResource
LoadResource
FindResourceA
GetACP
CreateEventA
CloseHandle
ResetEvent
GetFileAttributesA
lstrcatA
EnterCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
DisableThreadLibraryCalls
lstrcpyA
GetModuleFileNameA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
SizeofResource
LeaveCriticalSection
InterlockedDecrement
lstrlenA
InterlockedIncrement

user32

DialogBoxParamA
EnableWindow
DestroyWindow
SendDlgItemMessageA
SetWindowLongA
IsDlgButtonChecked
GetDlgItem
CheckDlgButton
SendMessageA
wsprintfA
EndDialog

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemFree

msvcrt

__dllonexit
??1type_info@@UAE@XZ
fscanf
abort
sprintf
_initterm
_adjust_fdiv
_onexit
fread
strncmp
fwrite
_purecall
??3@YAXPAX@Z
free
fclose
fopen
memcmp
malloc
strlen
memcpy
realloc
wcsstr
_CxxThrowException
_mbsicmp
wcslen
memmove
??2@YAPAXI@Z
_mbsrchr
memset
__CxxFrameHandler
calloc
_adj_fdivr_m64
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_r
_CIpow
_ftol
fseek
_adj_fdivr_m32
_adj_fdiv_m64
_adj_fpatan
floor
strncpy
ftell
_stricmp

Exports

Exports

ttpGetSoundAddIn

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/AddIn/ttp_lrcsh.dll
.dll windows x86

4a9cb6e51fad182abb1a3120321b055c

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
InitializeCriticalSection
GetModuleFileNameA
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CloseHandle
TerminateThread
WaitForMultipleObjects
CreateThread
CreateEventA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
SetEvent
ResetEvent
GetLastError
InterlockedExchange
VirtualFree
FindResourceA
SizeofResource
LockResource
LoadResource
VirtualAlloc
GetSystemInfo
WideCharToMultiByte
GetFileSize
HeapFree
GetProcessHeap
WriteFile
SetFilePointer
MapViewOfFile
CreateFileMappingA
CreateFileA
HeapReAlloc
HeapAlloc
UnmapViewOfFile
MultiByteToWideChar
DisableThreadLibraryCalls
GetCurrentThreadId
HeapDestroy

user32

DestroyWindow

ole32

CoTaskMemAlloc
CoTaskMemFree

wininet

InternetReadFile
HttpSendRequestA
InternetCrackUrlA
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA
InternetSetOptionA
InternetCloseHandle
InternetConnectA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
_mbsicmp
strncmp
isalpha
isalnum
isspace
??2@YAPAXI@Z
vsprintf
realloc
wcsstr
memmove
_mbslwr
free
malloc
memcpy
strcpy
_mbsrchr
_mbscmp
__CxxFrameHandler
memset
_mbschr
_except_handler3
_purecall
memcmp
_beginthreadex
atoi
wcschr
isleadbyte
iswalnum
strlen
wcslen

Exports

Exports

ttpGetSoundAddIn

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/AddIn/ttp_lrcsh.ini
TTPlayer/BaiduMusicCtrl.dll
.dll regsvr32 windows x86

6d7285565a9ff4bb6defc4c6555ba839

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetCurrentThreadId
SetLastError
DeleteFileW
WriteFile
CreateFileW
GetTickCount
GetTempPathW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
OpenEventW
Sleep
ResetEvent
WaitForMultipleObjects
CreateEventW
GetVersion
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GlobalAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
HeapCreate
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
lstrlenA
SetEvent
WaitForSingleObject
TerminateThread
MulDiv
WideCharToMultiByte
CloseHandle
FindResourceExW
LockResource
GetThreadLocale
SetThreadLocale
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
GetCPInfo
TlsFree
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
InterlockedIncrement
TlsSetValue
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FlushFileBuffers
CreateFileA
TlsAlloc
ExitProcess
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
ReadFile
QueryPerformanceCounter
OutputDebugStringW
LoadLibraryW
FormatMessageW
GetPrivateProfileStringW
DeviceIoControl
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CompareStringW

user32

SetWindowRgn
SendMessageTimeoutW
FindWindowExW
CreateWindowExW
RegisterClassExW
InvalidateRect
GetKeyState
GetFocus
IsChild
SetFocus
CallWindowProcW
BeginPaint
GetClientRect
UnregisterClassA
IntersectRect
EqualRect
OffsetRect
EndPaint
SetWindowPos
LoadCursorW
GetClassInfoExW
ShowWindow
GetWindowLongW
SetWindowLongW
UnionRect
PtInRect
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
IsWindow
PostMessageW
CharNextW

gdi32

TextOutW
CloseMetaFile
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
DeleteMetaFile
CreateRectRgnIndirect
SetTextAlign
GetDeviceCaps

advapi32

RegCloseKey
RegDeleteValueW
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptGetHashParam
CryptCreateHash
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegEnumVerbs
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CLSIDFromProgID
OleRegGetUserType

oleaut32

OleCreatePropertyFrame
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
DispCallFunc

shlwapi

PathRemoveFileSpecW
PathFileExistsW

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/MHttp.dll
.dll windows x86

66d0338f8e456ec5606660f38fc0170d

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_itoa
_purecall
memchr
isxdigit
tolower
isdigit
_strnicmp
__CxxFrameHandler3
memcpy
fopen_s
ferror
fputc
fprintf
sscanf_s
fwrite
_vsnprintf_s
isspace
isalpha
isalnum
strncmp
strchr
_malloc_crt
free
?what@exception@std@@UBEPBDXZ
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
ftell
fseek
fopen
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
rename
fclose
_encoded_null
fread
_CxxThrowException
memset
__RTDynamicCast

Exports

Exports

CreateModule
DestroyModule

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/MLocalData.dll
.dll windows x86

bb406265d99871d14cf2c97fca736bc0

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_initterm
_encoded_null
_malloc_crt
_beginthreadex
malloc
free
_time64
strchr
_findfirst64i32
_purecall
_findclose
_findnext64i32
??2@YAPAXI@Z
fclose
_splitpath
fseek
fwrite
??3@YAXPAX@Z
fread
??_V@YAXPAX@Z
fopen
remove
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
?terminate@@YAXXZ
memset
memcpy
_CxxThrowException
__CxxFrameHandler3

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentThreadId
Sleep
TerminateThread
GetDiskFreeSpaceExA
GetLastError
CreateDirectoryA
GetFileAttributesA
GetTickCount
InitializeCriticalSection

Exports

Exports

CreateModule
DestroyModule

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/MNet.dll
.dll windows x86

e1774439deda89f6504932d2b98f6c50

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
WSAGetLastError
send
inet_ntoa
sendto
recvfrom
gethostbyname
gethostname
getnameinfo
freeaddrinfo
getaddrinfo
ntohs
ntohl
WSASetLastError
connect
accept
listen
ioctlsocket
select
getsockname
getsockopt
closesocket
bind
htonl
htons
setsockopt
socket
WSACleanup
WSAStartup
WSAIoctl
inet_addr

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedCompareExchange
DecodePointer
EncodePointer
GetCurrentProcess
GetCurrentProcessId
Sleep
TerminateProcess
DeleteCriticalSection
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
InitializeCriticalSection
TerminateThread
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
GetTickCount
GetLastError
GetCurrentThreadId

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
__RTDynamicCast
_CxxThrowException
??3@YAXPAX@Z
memmove
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_purecall
malloc
sscanf
vsprintf_s
strchr
_time64
_beginthreadex
__CxxFrameHandler3
memcpy
free
memset
_ftime64
strerror
_strdup
abort
strtol
isdigit
isspace
_gmtime64
strstr
atoi
_strnicmp
_stricmp
strspn
strpbrk
calloc
realloc
memchr
strftime
_errno
_strtoi64
_vscprintf
_vsnprintf
getenv
fprintf
__iob_func
rand
signal
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null

Exports

Exports

CreateModule
DestroyModule

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/MUpDownload.dll
.dll windows x86

52b12b8859efb679ff9747e449da8001

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

?terminate@@YAXXZ
_unlock
_itoa
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
malloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
memmove
_purecall
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??3@YAXPAX@Z
free
_crt_debugger_hook
??_V@YAXPAX@Z
__dllonexit
memcpy
memset
_CxxThrowException
__CxxFrameHandler3

Exports

Exports

CreateModule
DestroyModule

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/NetworkConfig.xml
TTPlayer/Skin/070514151326z.skn.xml
.xml
TTPlayer/Skin/Default.xml
.xml
TTPlayer/TTPlayer.exe
.exe windows x86

764b4661bf46d60f0809d00c10f78f28

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
ImageList_Remove
ImageList_DrawEx
FlatSB_SetScrollProp
CreatePropertySheetPageW
PropertySheetW
ImageList_GetIconSize
ImageList_EndDrag
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragLeave
ImageList_DragEnter
DestroyPropertySheetPage
ImageList_DragShowNolock
_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetIcon
ImageList_Create
ImageList_ReplaceIcon
ImageList_LoadImageW
ImageList_AddMasked
ImageList_Destroy
ord8
ImageList_Draw

winmm

timeGetTime
waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutSetVolume
waveOutReset
waveOutRestart
waveOutGetPosition
waveOutGetNumDevs
waveOutGetDevCapsW
timeEndPeriod
timeKillEvent
timeSetEvent
waveOutGetVolume
waveOutPause
waveOutWrite
waveOutClose
timeGetDevCaps
timeBeginPeriod

wininet

InternetConnectA
InternetCrackUrlA
InternetWriteFile
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestA
HttpSendRequestExA
HttpEndRequestW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetSetCookieExW
InternetGetCookieW
InternetCloseHandle
HttpOpenRequestW
InternetSetStatusCallbackW
HttpSendRequestW
InternetConnectW
InternetReadFileExA
InternetSetCookieExA
HttpSendRequestA

kernel32

CreateDirectoryW
TlsSetValue
DeleteFileW
SuspendThread
ExitProcess
GetFileSize
SetFilePointer
TlsGetValue
MapViewOfFile
UnmapViewOfFile
CreateProcessW
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualQueryEx
WriteFile
CreateFileW
LocalAlloc
CreateFileMappingW
GetModuleFileNameA
lstrcatW
LocalFree
GetLocalTime
VirtualProtect
WaitForMultipleObjects
ReadDirectoryChangesW
GetOverlappedResult
GetFullPathNameW
CreateFileA
FindFirstFileW
CopyFileExW
lstrcpynW
FileTimeToSystemTime
ReadFile
ReleaseSemaphore
GetLogicalDriveStringsA
SetLastError
FindClose
CreateSemaphoreW
lstrcmpiW
FindNextFileW
GetSystemTime
DeleteFileA
GetEnvironmentVariableW
SetEnvironmentVariableW
IsBadWritePtr
HeapReAlloc
GetCPInfoExW
EnumSystemCodePagesW
EnumResourceLanguagesW
SetFileAttributesW
CreateThread
DosDateTimeToFileTime
GetTempPathW
MoveFileW
GetDateFormatW
GetLocaleInfoW
GetTimeFormatW
LoadLibraryExW
GetLogicalDrives
CopyFileW
SetThreadPriority
SetCurrentDirectoryW
GetTempFileNameW
InterlockedExchangeAdd
CompareFileTime
InterlockedCompareExchange
GetThreadSelectorEntry
ReadProcessMemory
lstrlenA
GetCurrentThread
SetDllDirectoryW
GetCommandLineA
TlsAlloc
GetWindowsDirectoryW
TlsFree
SystemTimeToFileTime
FormatMessageW
DeviceIoControl
FileTimeToLocalFileTime
LCMapStringW
GetFileAttributesW
GetDiskFreeSpaceExW
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
SetStdHandle
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
UnhandledExceptionFilter
HeapSize
GetOEMCP
GetStringTypeW
GetStringTypeA
HeapCreate
HeapDestroy
FatalAppExitA
LCMapStringA
TerminateProcess
RtlUnwind
GetStartupInfoW
ExitThread
DuplicateHandle
GetThreadPriority
SearchPathW
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualQuery
GetVolumeInformationW
GetVersion
GetSystemTimeAsFileTime
OutputDebugStringW
CreateFileMappingA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SetPriorityClass
FindFirstFileA
FindNextFileA
MoveFileA
GetVersionExA
CreateDirectoryA
GetFullPathNameA
SetFileAttributesA
GetModuleHandleA
GetDiskFreeSpaceA
GetDriveTypeA
SetConsoleCtrlHandler
LocalFileTimeToFileTime
GetCPInfo
IsDBCSLeadByte
GetStdHandle
GetFileType
GetFileTime
SetFileTime
SetEndOfFile
FlushFileBuffers
GetFileAttributesA
Sleep
LoadLibraryW
GetLogicalDriveStringsW
FreeLibrary
SetErrorMode
GetDriveTypeW
ResumeThread
GlobalFree
FreeResource
lstrcpyW
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
GetSystemInfo
CreateEventW
LockResource
ResetEvent
EnterCriticalSection
VirtualAlloc
GetProcAddress
GetThreadLocale
GetLastError
InterlockedExchange
RaiseException
FlushInstructionCache
GlobalUnlock
lstrlenW
MultiByteToWideChar
lstrcmpW
GetACP
GetModuleFileNameW
MulDiv
LeaveCriticalSection
GetVersionExW
SizeofResource
TerminateThread
WideCharToMultiByte
GlobalAlloc
InitializeCriticalSection
GetProcessHeap
GetLocaleInfoA
FindResourceW
LoadResource
HeapAlloc
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
HeapFree
GlobalLock
WaitForSingleObject
SetEvent
GetModuleHandleW
GetTickCount
VirtualFree
GetCurrentProcessId

user32

SetClipboardData
DrawFrameControl
DrawTextA
ModifyMenuW
DestroyCursor
GetDlgItemTextW
IsRectEmpty
OemToCharBuffW
GetDlgItemInt
SetDlgItemInt
GetWindowDC
EqualRect
DialogBoxIndirectParamW
MessageBeep
AppendMenuW
SendDlgItemMessageW
CheckDlgButton
CreatePopupMenu
InvertRect
GetKeyState
DialogBoxParamW
LockWindowUpdate
TrackPopupMenuEx
IntersectRect
UnionRect
OpenClipboard
LoadStringW
IsDlgButtonChecked
GetActiveWindow
TranslateAcceleratorW
SetMenuDefaultItem
UpdateWindow
SetScrollInfo
MoveWindow
IsIconic
GetMenuItemID
DrawIconEx
SetForegroundWindow
DeleteMenu
GetIconInfo
SetCursorPos
GetMenuItemCount
InsertMenuW
SetMenuItemInfoW
CheckMenuItem
CopyRect
GetUpdateRect
SendMessageTimeoutW
FindWindowW
DispatchMessageW
GetWindow
CloseClipboard
EmptyClipboard
BringWindowToTop
IsDialogMessageW
GetMenuItemInfoW
SetParent
EnableMenuItem
SetActiveWindow
EndPaint
DestroyWindow
CreateDialogParamW
SetCursor
GetScrollPos
GetComboBoxInfo
GetWindowTextLengthW
GetMessageA
DestroyAcceleratorTable
SetWindowRgn
FrameRect
SetScrollPos
CharNextA
MessageBoxA
MapVirtualKeyW
GetKeyNameTextW
CheckRadioButton
GetMenuStringW
InsertMenuItemW
GetSystemMenu
IsMenu
OpenIcon
CallNextHookEx
WindowFromPoint
ExitWindowsEx
EnumWindows
CharLowerW
GetMenuItemRect
CheckMenuRadioItem
WindowFromDC
FindWindowExW
SetWindowsHookExW
UnhookWindowsHookEx
GetAsyncKeyState
ShowScrollBar
GetScrollInfo
UnregisterClassA
wvsprintfW
GetQueueStatus
PostThreadMessageW
CharToOemBuffA
OemToCharBuffA
CharUpperA
CharLowerA
CharToOemA
OemToCharA
GetMessagePos
DefWindowProcW
CallWindowProcW
DestroyIcon
SetWindowTextW
GetDlgCtrlID
MapWindowPoints
SendMessageW
ReleaseCapture
AdjustWindowRectEx
DispatchMessageA
CreateWindowExW
IsWindow
LoadBitmapW
GetSysColorBrush
ShowWindow
SetDlgItemTextW
ClientToScreen
SetTimer
MonitorFromPoint
TrackPopupMenu
KillTimer
GetSubMenu
TrackMouseEvent
GetForegroundWindow
LoadMenuW
GetWindowRgn
GetCursorPos
DeferWindowPos
MessageBoxW
BeginDeferWindowPos
IsWindowVisible
RegisterClipboardFormatW
EnableWindow
DestroyMenu
EndDeferWindowPos
GetMonitorInfoW
GetWindowThreadProcessId
GetSystemMetrics
UnregisterHotKey
RegisterHotKey
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
EndDialog
SetWindowLongW
GetDlgItem
IsWindowUnicode
DrawStateW
ReleaseDC
GetClassNameW
PeekMessageW
SetClassLongW
SystemParametersInfoW
GetWindowTextW
GetWindowLongW
InvalidateRect
SetRect
OffsetRect
LoadIconW
RegisterClassExW
InflateRect
TranslateMessage
DrawFocusRect
GetCapture
GetDC
wsprintfW
GetClassInfoExW
PtInRect
GetClassLongW
BeginPaint
SetRectEmpty
DrawEdge
SetFocus
CreateAcceleratorTableW
GetClientRect
IsWindowEnabled
LoadCursorW
InvalidateRgn
ScreenToClient
GetParent
GetFocus
MsgWaitForMultipleObjects
DrawTextW
PostMessageW
UnregisterClassW
SetCapture
LoadImageW
IsChild
FillRect
RegisterWindowMessageW
CharNextW
GetWindowRect
PostQuitMessage
GetMessageW

gdi32

GetWindowOrgEx
PatBlt
SetBrushOrgEx
ExcludeClipRect
GetRegionData
OffsetRgn
CreatePolygonRgn
CombineRgn
MoveToEx
LineTo
GetPixel
Polygon
GetTextMetricsW
SetPixel
CreateBrushIndirect
GetCurrentObject
SetDIBitsToDevice
GetTextExtentPoint32W
SetViewportOrgEx
StretchBlt
GetDIBits
SetBkColor
CreateBitmap
SelectClipRgn
PtInRegion
ExtTextOutW
ExtCreateRegion
RealizePalette
StretchDIBits
SelectPalette
SetStretchBltMode
CreateRectRgn
SetDIBColorTable
SetWindowOrgEx
BitBlt
FrameRgn
LPtoDP
SetTextColor
DeleteDC
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgnIndirect
DPtoLP
CreateCompatibleBitmap
SaveDC
OffsetWindowOrgEx
GetObjectW
CreateRoundRectRgn
CreatePatternBrush
CreatePen
GetClipBox
RoundRect
IntersectClipRect
GetStockObject
RestoreDC
CreateSolidBrush

comdlg32

ChooseColorW
GetSaveFileNameW
ChooseFontW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
GetSecurityDescriptorSacl
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueA
SetFileSecurityA
SetFileSecurityW
RegOpenKeyExW

shell32

ord16
ord190
ord98
ShellExecuteExW
SHAddToRecentDocs
ord18
ord25
SHGetFileInfoW
SHChangeNotify
Shell_NotifyIconW
DragQueryFileW
ord23
SHGetMalloc
SHFileOperationW
SHBindToParent
ord152
ord155
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderPathW
ord165
ExtractIconExW
ShellExecuteW
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetFolderPathW

ole32

CLSIDFromProgID
CoCreateInstance
StringFromCLSID
ProgIDFromCLSID
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
StringFromGUID2
OleInitialize
OleUninitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoUninitialize
CoInitialize
RevokeDragDrop
DoDragDrop
RegisterDragDrop
OleSetContainedObject
OleCreate
OleDraw
OleSetClipboard
OleGetClipboard
CoTaskMemRealloc
CoFreeUnusedLibraries

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
VarDateFromStr
VarI4FromStr
SafeArrayAccessData
VarDecCmp
VarDecFromStr
VarUI4FromStr
RegisterTypeLi
SafeArrayCreateVector
OleLoadPicture
LoadRegTypeLi
SysFreeString
SysStringByteLen
VariantChangeType
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
DispCallFunc
SysAllocString
VarR8FromStr
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ttpcomm

ord18
ord20
ord19
ord302
ord201
ord3
ord200
ord1
ord104
ord103
ord100
ord13
ord105
ord101
ord92
ord91
ord400
ord90
ord4
ord93
ord82
ord81
ord80
ord204
ord205
ord202
ord206
ord2
ord16
ord11
ord12
ord15
ord14
ord10
ord17
ord52
ord51
ord78
ord60
ord62
ord53
ord54
ord68
ord70
ord79
ord65
ord66
ord57
ord74
ord72
ord106
ord59
ord73
ord61
ord58
ord50
ord71
ord64
ord76
ord55
ord67
ord102
ord56
ord69
ord75

shlwapi

PathFileExistsW
PathFindFileNameW
PathAppendW
StrCpyW
wnsprintfW
SHRegGetPathW

msimg32

GradientFill
AlphaBlend

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData

gdiplus

GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipGetPixelOffsetMode
GdipCreateFromHDC
GdipGetImagePixelFormat
GdipCreateImageAttributes
GdipCreateBitmapFromHBITMAP
GdipGetImagePalette
GdipGetImageHeight
GdipCreateBitmapFromFileICM
GdipFree
GdiplusShutdown
GdipDisposeImageAttributes
GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromStreamICM
GdipGetInterpolationMode
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0

bdaucommon

?UnInitAutoUpdate@AU@@YAJXZ
?GetAutoUpdateMessageID@AU@@YAIW4AuNotifyType@1@@Z
?StartAutoUpdate@AU@@YAJH@Z
?InstallUpdate@AU@@YAJXZ
?InitAutoUpdate@AU@@YAJPAUHWND__@@PB_W11@Z

imagehlp

StackWalk
SymGetModuleInfo
SymSetOptions
SymLoadModule
SymGetLineFromAddr
SymGetSymFromAddr
SymFunctionTableAccess
SymGetModuleBase
SymInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msvfw32

DrawDibClose
DrawDibDraw
DrawDibOpen

psapi

GetProcessMemoryInfo

iphlpapi

GetNetworkParams

ws2_32

gethostbyname
inet_ntoa
WSAStartup
gethostname
WSACleanup

msacm32

acmStreamReset
acmStreamOpen
acmStreamConvert
acmStreamPrepareHeader
acmStreamClose
acmStreamSize
acmStreamUnprepareHeader

Exports

Exports

CreateSoundBuffer
CreateStdContent
CreateStreamOnFile
CreateStreamOnInet
GetSoundCodecName

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TTPlayer/bdaucommon.dll
.dll windows x86

19f7dd8d912eb9fc1b7095bb0f0f46a2

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses

kernel32

DeleteFileW
CreateFileW
WriteFile
GetTickCount
CreateMutexW
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
GetCommandLineW
WritePrivateProfileStringW
SetEnvironmentVariableW
GetPrivateProfileIntW
ExitProcess
VirtualQuery
lstrlenW
FlushFileBuffers
CreateFileA
WaitForSingleObject
CloseHandle
GetLastError
CreateProcessW
GetPrivateProfileStringW
FreeLibrary
GetProcAddress
LoadLibraryW
OpenFileMappingW
GetModuleFileNameW
LocalFree
UnmapViewOfFile
TlsGetValue
WriteConsoleW
GetConsoleOutputCP
GetFileAttributesW
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA

user32

RegisterWindowMessageW
AllowSetForegroundWindow

advapi32

CryptDestroyKey
CryptDestroyHash
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptReleaseContext

shell32

SHGetFolderPathW
ord165

Exports

Exports

?ClearCurrentScene@AU@@YAJXZ
?ClearUpdateInfoCache@AU@@YAJXZ
?DisplayUpdateNotify@AU@@YAJXZ
?GetAutoUpdateMessageID@AU@@YAIW4AuNotifyType@1@@Z
?GetAutoUpdatePolicy@AU@@YA?AW4AuClientPolicy@1@XZ
?GetCurrentScene@AU@@YAJPA_WH@Z
?GetNextPreferedCheckInterval@AU@@YAHXZ
?GetProductName@AU@@YAJPA_WK@Z
?GetProductWnds@AU@@YAJPAPAUHWND__@@KPAK@Z
?GetProxyInfoFileName@AU@@YAJPA_WK@Z
?GetUpdateCommonDataFolder@AU@@YAJPA_WK@Z
?GetUpdateDataFolder@AU@@YAJPA_WK@Z
?GetUpdateInfoFileName@AU@@YAJPA_WK@Z
?HasPendingUpdate@AU@@YAHXZ
?InitAutoUpdate@AU@@YAJPAUHWND__@@PB_W11@Z
?InstallPendingUpdate@AU@@YAJXZ
?InstallPendingUpdateEx@AU@@YAJP6GJPAX@Z0@Z
?InstallUpdate@AU@@YAJXZ
?MarkUpdateAvalible@AU@@YAJH@Z
?SetAutoUpdatePolicy@AU@@YAXW4AuClientPolicy@1@@Z
?SetCurrentScene@AU@@YAJPB_W@Z
?SetProxy@AU@@YAJKPB_WG00@Z
?StartAutoUpdate@AU@@YAJH@Z
?UnInitAutoUpdate@AU@@YAJXZ
?UpdateComponentsInfo@AU@@YAJPB_W000@Z
?UpdateComponentsVersion@AU@@YAJPB_W0@Z
?UpdateComponentsVersionEx@AU@@YAJPB_W00@Z

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/mp3PRO.dll
.dll windows x86

a0f38db0557f7ed1349761264378f54a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
TerminateThread
CloseHandle
ReadFile
GetFileSize
Sleep
GetLastError
SetFilePointer
WriteFile
GetFileAttributesA
GetSystemTime
CreateThread
SetStdHandle
GetOEMCP
GetACP
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetThreadPriority
WaitForSingleObject
GetCPInfo
IsBadCodePtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetModuleFileNameA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
LoadLibraryA
GetProcAddress
FreeLibrary
FindResourceA
LoadResource
LockResource
IsBadReadPtr
RaiseException
GetCurrentThreadId
IsBadStringPtrA
RtlUnwind
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
InitializeCriticalSection
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetModuleHandleA

user32

GetWindowLongA
PostMessageA
SetWindowLongA
SendDlgItemMessageA
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextA
EnableWindow
GetDlgItem
DialogBoxParamA
SetFocus
wsprintfA
MessageBeep
EndDialog
SendMessageA
KillTimer
LoadBitmapA
SetTimer

gdi32

DeleteObject

wsock32

WSAStartup
WSACleanup
WSAGetLastError
socket
closesocket
shutdown
htons
gethostbyname
gethostbyaddr
ioctlsocket
send
connect
recv
select

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExA

comctl32

ord17
PropertySheetA

shell32

ShellExecuteA

Exports

Exports

winampGetInModule2

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/netacc.dll
.dll windows x86

d1f635efcd57c21c69061c04a0334f3c

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetModuleFileNameA
TerminateThread
Sleep
LeaveCriticalSection
GetCurrentThreadId
CreateFileA
DeviceIoControl
CloseHandle
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
InitializeCriticalSection
GetSystemTimeAsFileTime

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

fseek
fclose
rand
srand
strchr
sprintf_s
isalnum
free
malloc
__CxxFrameHandler3
memcpy
fopen_s
ftell
ferror
fputc
fprintf
sscanf_s
_vsnprintf_s
isspace
tolower
isalpha
fwrite
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
??_V@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
fread
fopen
strncmp
remove
_beginthreadex
__RTDynamicCast
memset
_CxxThrowException

iphlpapi

GetAdaptersInfo

Exports

Exports

CreateNetMgr
CreateP2PManager
DeleteP2PManager

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/tak_deco_lib.dll
.dll windows x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

tak_APE_GetDesc
tak_APE_GetErrorString
tak_APE_GetIndexOfKey
tak_APE_GetItemDesc
tak_APE_GetItemKey
tak_APE_GetItemNum
tak_APE_GetItemValue
tak_APE_GetTextItemValueAsAnsi
tak_APE_ReadOnly
tak_APE_State
tak_APE_Valid
tak_GetCodecName
tak_GetLibraryVersion
tak_GetWaveExtensibleSpeakerMask
tak_SSD_Create_FromFile
tak_SSD_Create_FromStream
tak_SSD_Destroy
tak_SSD_GetAPEv2Tag
tak_SSD_GetCurFrameBitRate
tak_SSD_GetEncoderInfo
tak_SSD_GetErrorString
tak_SSD_GetFrameSize
tak_SSD_GetMD5
tak_SSD_GetReadPos
tak_SSD_GetSimpleWaveDataDesc
tak_SSD_GetStateInfo
tak_SSD_GetStreamInfo
tak_SSD_GetStreamInfo_V22
tak_SSD_ReadAudio
tak_SSD_ReadSimpleWaveData
tak_SSD_Seek
tak_SSD_State
tak_SSD_Valid

Sections

CODE
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TTPlayer/ttpcomm.dll
.dll windows x86

ec2b7ab07c9a77657bb6a497b493a624

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
IsBadWritePtr
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
RaiseException
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
InitializeCriticalSection
GetCommandLineA
VirtualQuery
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
LoadLibraryA
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SetStdHandle
HeapSize
FlushFileBuffers
GetVersion
GetProcessHeap
MulDiv
ReadFile
FlushInstructionCache
GetCurrentThreadId
RtlUnwind
HeapAlloc
HeapReAlloc
ExitProcess
HeapFree
GetVersionExA
GetCurrentProcess
SetPriorityClass
CreateFileA
CloseHandle
InterlockedExchange
DeviceIoControl

iphlpapi

GetAdaptersInfo

user32

GetClientRect
SetScrollRange
FillRect
GetSysColor
DrawFrameControl
SetRect
GetSystemMetrics
GetSysColorBrush
DrawEdge
GetWindowRect
GetParent
OffsetRect
GetWindowDC
ReleaseDC
CopyRect
MapWindowPoints
CallWindowProcA
PtInRect
SetCapture
SetTimer
KillTimer
ReleaseCapture
GetMessagePos
ScreenToClient
GetCursorPos
RemovePropA
GetWindowLongA
ShowScrollBar
SetWindowLongA
SetScrollInfo
SetScrollPos
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
SendMessageA
SetWindowPos
GetPropA
SetPropA

gdi32

DeleteObject
SetTextColor
GetStockObject
BitBlt
SetBkColor
CreateCompatibleBitmap
ExtTextOutA
CreatePatternBrush
SelectObject
UnrealizeObject
CreateBitmap
CreateCompatibleDC
PatBlt
SetBrushOrgEx
DeleteDC

Exports

Exports

_resetstkoflw
lrand48
srand48
ttpcomm_getversion

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/ttpres.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 885KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTPlayer/ttpsvr.exe
.exe windows x86

687f93bef3bac00f7b91b25acd30891e

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
SetEvent
IsBadReadPtr
CreateEventW
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentThreadId
lstrlenW
FindClose
FindFirstFileW
ResetEvent
TerminateThread
GetTickCount
LoadLibraryExW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
CreateThread
FreeResource
lstrcpynW
DeleteFileW
GetTempPathW
CreateProcessW
GetFileType
DuplicateHandle
CreateDirectoryW
FileTimeToDosDateTime
GetLocalTime
GetSystemTime
GetFileInformationByHandle
FindNextFileW
SetEndOfFile
VirtualQuery
OutputDebugStringW
SetLastError
CompareFileTime
CreateFileMappingA
CreateFileA
Sleep
GetSystemTimeAsFileTime
LCMapStringW
GetCurrentProcessId
GetVersionExA
ExitProcess
RtlUnwind
ExitThread
GetModuleHandleA
GetStartupInfoW
HeapDestroy
HeapCreate
IsBadWritePtr
TerminateProcess
HeapSize
GetTimeZoneInformation
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetOEMCP
GetCPInfo
LCMapStringA
UnhandledExceptionFilter
VirtualProtect
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
lstrcpyW
LocalFree
CloseHandle
DeleteCriticalSection
lstrcmpiW
GetSystemInfo
GetCommandLineW
SetHandleCount
GetStartupInfoA
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LoadLibraryA
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsDBCSLeadByte
LockResource
CreateFileMappingW
VirtualAlloc
GetProcAddress
GetThreadLocale
GetLastError
InterlockedExchange
RaiseException
MultiByteToWideChar
GetACP
CreateFileW
GetModuleFileNameW
ReadFile
FileTimeToSystemTime
GetFileAttributesW
GetVersionExW
SizeofResource
LoadLibraryW
WideCharToMultiByte
InitializeCriticalSection
WriteFile
GetProcessHeap
VirtualFree
GetModuleHandleW
HeapFree
GetCurrentProcess
InterlockedDecrement
SystemTimeToFileTime
InterlockedIncrement
HeapAlloc
LoadResource
FreeLibrary
FindResourceW
SetErrorMode
UnmapViewOfFile
MapViewOfFile
GetLocaleInfoA
SetFilePointer
GetFileSize
HeapReAlloc
GetFullPathNameW
GetModuleFileNameA
QueryPerformanceCounter
FlushFileBuffers

user32

FindWindowW
MessageBoxW
CreateAcceleratorTableW
SetWindowRgn
OffsetRect
DrawIconEx
LoadIconW
GetClassLongW
SetClassLongW
DrawEdge
SetRect
InflateRect
GetSysColorBrush
GetClassNameW
DestroyAcceleratorTable
IsChild
GetDesktopWindow
InvalidateRgn
FillRect
DialogBoxParamW
GetFocus
DrawStateW
DrawFocusRect
EndPaint
BeginPaint
CharNextW
IsWindowEnabled
GetDC
LoadBitmapW
AdjustWindowRectEx
GetDlgCtrlID
SetFocus
PtInRect
GetCapture
SetCapture
ReleaseCapture
RedrawWindow
SetCursor
InvalidateRect
GetSysColor
DestroyWindow
DestroyIcon
GetSystemMetrics
LoadImageW
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageA
GetIconInfo
CreateCursor
SetRectEmpty
GetActiveWindow
CreateWindowExW
EqualRect
DispatchMessageW
GetWindowDC
ReleaseDC
RegisterClassExW
CallWindowProcW
DefWindowProcW
LoadCursorW
wsprintfW
GetClassInfoExW
IsWindow
SetTimer
PostMessageW
SetWindowLongW
IsDialogMessageW
PostQuitMessage
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsDlgButtonChecked
CheckDlgButton
ShowWindow
SetWindowTextW
GetWindowLongW
GetWindowTextLengthW
RegisterWindowMessageW
UnregisterClassW
GetWindowTextW
PeekMessageW
GetDlgItem
SendMessageW
DrawTextW

gdi32

SetBkMode
CreateSolidBrush
SaveDC
IntersectClipRect
OffsetWindowOrgEx
RestoreDC
GetClipBox
LPtoDP
CreateCompatibleBitmap
DPtoLP
SetWindowOrgEx
GetStockObject
CreateFontIndirectW
GetObjectW
BitBlt
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
DeleteDC
FrameRgn
CreatePatternBrush
CreateRoundRectRgn
RealizePalette
SelectPalette
CreateRectRgnIndirect
ExtTextOutW
SetBkColor
SetTextColor
GetDeviceCaps

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW
ShellExecuteW
SHChangeNotify

ole32

OleDraw
CoUninitialize
OleCreate
CoInitialize
OleSetContainedObject
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc
OleInitialize
OleUninitialize
OleLockRunning
CoCreateGuid

oleaut32

SysStringLen
GetErrorInfo
LoadTypeLi
SysFreeString
SysAllocString
VariantClear
DispCallFunc
VariantInit
SysAllocStringLen
LoadRegTypeLi
SysStringByteLen
OleCreateFontIndirect
OleLoadPicture
VarUI4FromStr
SysAllocStringByteLen
VariantChangeType

ttpcomm

ord302

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIcon
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx

wininet

HttpSendRequestA
InternetSetOptionW
InternetCrackUrlW
InternetCloseHandle
InternetSetStatusCallbackW
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetReadFile
InternetReadFileExA
InternetConnectA
HttpOpenRequestA

iphlpapi

GetNetworkParams

winmm

timeGetTime

ws2_32

inet_ntoa
WSAStartup
WSACleanup
gethostbyname

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75da0ea449ca966c6e146feec448a867

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

a33c97ce69b8f17d9166d104debda713

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 10KB - Virtual size: 213KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 6KB - Virtual size: 6KB

4a9cb6e51fad182abb1a3120321b055c

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 10KB - Virtual size: 213KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 6KB - Virtual size: 6KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 17KB - Virtual size: 17KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 9KB - Virtual size: 9KB