Extracted

Extracted

• 27d0dae7ae64989aff4aed2ca5bfd4c9bf3ee535926156ca03f6113c19c2dacf

  .exe windows x86

  289f16daf72a1b9cef56022b91301098

  
  

  Code Sign

  0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e

  Certificate

  Issuer

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22/11/2019, 00:00

  Not After

  04/02/2023, 12:00

  Subject

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  61:1c:b2:8a:00:00:00:00:00:26

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  15/04/2011, 19:41

  Not After

  15/04/2021, 19:51

  Subject

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01/08/2022, 00:00

  Not After

  09/11/2031, 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  11/02/2011, 12:00

  Not After

  10/02/2026, 12:00

  Subject

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23/03/2022, 00:00

  Not After

  22/03/2037, 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21/09/2022, 00:00

  Not After

  21/11/2033, 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22/10/2013, 12:00

  Not After

  22/10/2028, 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:1c:b2:8a:00:00:00:00:00:26

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  15/04/2011, 19:41

  Not After

  15/04/2021, 19:51

  Subject

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22/11/2019, 00:00

  Not After

  04/02/2023, 12:00

  Subject

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Not Before

  06/04/2022, 07:45

  Not After

  08/05/2033, 07:45

  Subject

  CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  20/06/2018, 00:00

  Not After

  10/12/2034, 00:00

  Subject

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  10/12/2014, 00:00

  Not After

  10/12/2034, 00:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  09:3f:77:26:98:8d:00:21:56:3b:03:85:b4:4c:36:d0:17:b4:68:bb:11:d2:09:d5:1b:12:2d:a0:d4:15:32:78

  Signer

  Actual PE Digest

  09:3f:77:26:98:8d:00:21:56:3b:03:85:b4:4c:36:d0:17:b4:68:bb:11:d2:09:d5:1b:12:2d:a0:d4:15:32:78

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  23/09/2022, 11:56

  Valid: true

  Chain 1

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  38:3b:55:b5:33:ad:50:50:2a:d5:d6:0f:fe:00:0a:90:3d:fc:93:8e

  Signer

  Actual PE Digest

  38:3b:55:b5:33:ad:50:50:2a:d5:d6:0f:fe:00:0a:90:3d:fc:93:8e

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

  23/09/2022, 11:56

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateProcessW

  GetCurrentThread

  TerminateProcess

  GetSystemTime

  FindAtomW

  GlobalAddAtomW

  WideCharToMultiByte

  GetDiskFreeSpaceExW

  GetVolumeNameForVolumeMountPointW

  QueryDosDeviceW

  GetLocalTime

  InterlockedCompareExchange

  QueryPerformanceCounter

  QueryPerformanceFrequency

  lstrlenA

  SystemTimeToFileTime

  GetFileTime

  InterlockedExchange

  GetDriveTypeW

  GlobalAlloc

  GlobalFree

  GetTickCount

  GetCommandLineW

  LoadLibraryExW

  MultiByteToWideChar

  lstrcmpiW

  FreeResource

  GetSystemWindowsDirectoryW

  lstrcmpiA

  lstrcmpA

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  FlushFileBuffers

  GetLocaleInfoW

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetStartupInfoA

  SetHandleCount

  GetFileType

  SetStdHandle

  GetStringTypeW

  GetStringTypeA

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  LeaveCriticalSection

  GetTimeZoneInformation

  GetModuleHandleA

  HeapCreate

  InitializeCriticalSectionAndSpinCount

  GetModuleFileNameA

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  LCMapStringW

  LCMapStringA

  GetConsoleMode

  GetConsoleCP

  GetStartupInfoW

  ExitProcess

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlUnwind

  ExitThread

  TlsFree

  ReleaseMutex

  HeapWalk

  HeapLock

  OpenThread

  HeapUnlock

  SetFilePointerEx

  GetSystemTimeAsFileTime

  GlobalDeleteAtom

  VirtualAlloc

  VirtualFree

  IsProcessorFeaturePresent

  LoadLibraryA

  HeapSize

  HeapReAlloc

  HeapDestroy

  TlsAlloc

  LockFile

  MapViewOfFile

  CreateMutexW

  PostQueuedCompletionStatus

  CreateIoCompletionPort

  GetQueuedCompletionStatus

  CreateThread

  TerminateThread

  MulDiv

  OutputDebugStringW

  GetFileSizeEx

  CompareFileTime

  OpenProcess

  GetVolumeInformationW

  FormatMessageW

  SetFileTime

  SetEndOfFile

  FlushInstructionCache

  EnterCriticalSection

  GetFullPathNameW

  SetLastError

  lstrlenW

  lstrcpyW

  DeleteCriticalSection

  InitializeCriticalSection

  RaiseException

  FindFirstFileW

  FindNextFileW

  FindClose

  LocalAlloc

  GetVersionExW

  CopyFileW

  MoveFileW

  MoveFileExW

  GetPrivateProfileStringW

  GlobalFindAtomW

  Sleep

  GetFileAttributesW

  WriteFile

  CreateDirectoryW

  GetTempPathW

  GetTempFileNameW

  WritePrivateProfileStringW

  SetFileAttributesW

  InterlockedDecrement

  RemoveDirectoryW

  DeleteFileW

  GetLastError

  GetProcessHeap

  HeapAlloc

  HeapFree

  GetSystemDirectoryW

  ReadFile

  SetFilePointer

  GetCurrentProcessId

  CreateFileW

  DeviceIoControl

  LoadLibraryW

  InterlockedIncrement

  GetModuleFileNameW

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  CloseHandle

  WaitForSingleObject

  GetModuleHandleW

  GetProcAddress

  GetSystemInfo

  GlobalMemoryStatusEx

  FreeLibrary

  LocalFree

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  GetStdHandle

  SetConsoleTextAttribute

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  TlsGetValue

  TlsSetValue

  ResetEvent

  SetEvent

  CreateEventW

  ReadProcessMemory

  OpenMutexW

  GetExitCodeProcess

  GetLongPathNameW

  LockFileEx

  GetFileAttributesExW

  UnlockFile

  FindNextFileA

  FindFirstFileA

  GetVersion

  GetFileSize

  UnmapViewOfFile

  CreateFileMappingW

  GetEnvironmentVariableW

  GetCurrentProcess

  GetLogicalDriveStringsW

  GetCurrentThreadId

  CreateFileA

  GetWindowsDirectoryW

  SizeofResource

  user32

  EndDialog

  GetWindowLongW

  SetWindowTextW

  MoveWindow

  SetWindowPos

  GetClientRect

  ScreenToClient

  MapWindowPoints

  GetMonitorInfoW

  MonitorFromWindow

  GetWindowRect

  GetWindow

  GetParent

  GetDC

  ReleaseDC

  SetWindowLongW

  IsWindowVisible

  FindWindowExW

  BringWindowToTop

  SetTimer

  KillTimer

  IsDialogMessageW

  OffsetRect

  SetFocus

  GetWindowTextLengthW

  SetWindowRgn

  RedrawWindow

  CopyRect

  DefWindowProcW

  CallWindowProcW

  BeginPaint

  EndPaint

  DialogBoxParamW

  EnableMenuItem

  DestroyWindow

  GetSystemMenu

  GetClassInfoExW

  SetDlgItemTextW

  LoadCursorW

  InflateRect

  ShowWindow

  IsWindowEnabled

  wsprintfW

  ExitWindowsEx

  UnregisterClassA

  GetDlgItem

  PostQuitMessage

  IsIconic

  SystemParametersInfoW

  InvalidateRect

  LoadIconW

  RegisterClassExW

  CreateWindowExW

  LoadImageW

  EnableWindow

  IsWindow

  CharNextW

  FindWindowW

  SendMessageTimeoutW

  SendMessageW

  GetActiveWindow

  TranslateMessage

  GetMessageW

  MessageBoxW

  PostMessageW

  wvsprintfW

  DispatchMessageW

  CreateDialogParamW

  GetWindowTextW

  GetShellWindow

  GetWindowThreadProcessId

  PostThreadMessageW

  SetForegroundWindow

  UpdateLayeredWindow

  UpdateWindow

  PeekMessageW

  GetSystemMetrics

  gdi32

  DeleteObject

  SetViewportOrgEx

  CreateRectRgn

  DeleteDC

  CombineRgn

  CreateCompatibleDC

  CreateCompatibleBitmap

  SelectObject

  BitBlt

  advapi32

  RegEnumKeyExW

  ImpersonateLoggedOnUser

  RevertToSelf

  OpenProcessToken

  DuplicateTokenEx

  GetSecurityDescriptorSacl

  IsValidSid

  CopySid

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatusEx

  CloseServiceHandle

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  OpenThreadToken

  ImpersonateSelf

  AllocateAndInitializeSid

  FreeSid

  GetSecurityInfo

  SetSecurityInfo

  RegQueryValueExW

  RegQueryInfoKeyW

  GetExplicitEntriesFromAclW

  GetTrusteeNameW

  DeleteAce

  LookupAccountSidW

  RegCreateKeyExW

  RegSetValueExW

  RegOpenKeyW

  GetTokenInformation

  RegOpenKeyExW

  RegDeleteValueW

  RegEnumValueW

  RegCloseKey

  RegDeleteKeyW

  GetUserNameW

  LookupAccountNameW

  GetFileSecurityW

  InitializeSecurityDescriptor

  GetSecurityDescriptorDacl

  GetAclInformation

  GetLengthSid

  InitializeAcl

  GetAce

  EqualSid

  AddAce

  AddAccessAllowedAce

  SetSecurityDescriptorDacl

  GetSecurityDescriptorControl

  SetFileSecurityW

  GetNamedSecurityInfoW

  BuildExplicitAccessWithNameW

  SetEntriesInAclW

  SetNamedSecurityInfoW

  ControlService

  RegOpenKeyExA

  RegQueryValueExA

  RegQueryInfoKeyA

  RegEnumKeyExA

  RegEnumValueA

  ChangeServiceConfigW

  shell32

  SHGetMalloc

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHGetSpecialFolderPathW

  ShellExecuteW

  SHChangeNotify

  SHFileOperationW

  SHBrowseForFolderW

  ShellExecuteExW

  ord165

  ord680

  CommandLineToArgvW

  SHGetSpecialFolderPathA

  SHCreateDirectoryExW

  ole32

  CoUninitialize

  CoTaskMemAlloc

  OleRun

  CoTaskMemRealloc

  CoInitializeSecurity

  CoSetProxyBlanket

  CoInitializeEx

  CoInitialize

  CoCreateGuid

  CreateStreamOnHGlobal

  CoTaskMemFree

  CoCreateInstance

  oleaut32

  SysAllocString

  SysStringLen

  SysFreeString

  VariantInit

  SysAllocStringByteLen

  SysStringByteLen

  VarUI4FromStr

  SysAllocStringLen

  VariantChangeType

  VariantClear

  shlwapi

  StrStrIW

  SHGetValueA

  PathCombineW

  PathAppendW

  PathIsRelativeW

  SHDeleteKeyW

  PathRemoveFileSpecW

  StrStrIA

  StrCmpNIW

  StrTrimA

  wnsprintfW

  PathAppendA

  PathRemoveArgsW

  SHSetValueA

  SHSetValueW

  PathFileExistsW

  SHGetValueW

  SHDeleteValueW

  StrCmpIW

  PathFindExtensionW

  PathCommonPrefixW

  PathIsDirectoryW

  PathAddBackslashW

  PathFindFileNameW

  PathRemoveExtensionW

  StrCatW

  StrCpyW

  PathIsPrefixW

  PathIsDirectoryEmptyW

  PathIsSameRootW

  PathCombineA

  PathUnquoteSpacesW

  PathFileExistsA

  comctl32

  InitCommonControlsEx

  crypt32

  CertDeleteCertificateFromStore

  CertDuplicateCertificateContext

  CertCloseStore

  CertGetNameStringW

  CertEnumCertificatesInStore

  CertOpenStore

  CertCompareCertificate

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  psapi

  GetProcessImageFileNameW

  EnumProcesses

  GetModuleFileNameExW

  rpcrt4

  NdrAsyncServerCall

  NdrClientCall2

  NdrAsyncClientCall

  RpcStringBindingComposeW

  RpcBindingFromStringBindingW

  RpcStringFreeW

  RpcBindingFree

  NdrServerCall2

  gdiplus

  GdipAlloc

  GdipFree

  GdipDisposeImage

  GdipGetImageWidth

  GdipGetImageHeight

  GdipCreateBitmapFromStream

  GdiplusStartup

  GdiplusShutdown

  GdipDrawImageRectRectI

  GdipDrawImagePointRectI

  GdipCreateFromHDC

  GdipDeleteGraphics

  GdipCloneImage

  GdipDrawImageRectRect

  GdipCreateBitmapFromStreamICM

  urlmon

  URLDownloadToFileW

  URLDownloadToCacheFileW

  iphlpapi

  GetAdaptersInfo

  wininet

  InternetCrackUrlW

  InternetSetOptionW

  InternetQueryOptionW

  HttpSendRequestW

  HttpOpenRequestW

  InternetCloseHandle

  InternetConnectW

  InternetOpenW

  InternetGetConnectedState

  HttpQueryInfoW

  netapi32

  NetWkstaGetInfo

  NetApiBufferFree

  Sections

  .text

  Size: 599KB - Virtual size: 599KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 169KB - Virtual size: 168KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 49KB - Virtual size: 69KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8.0MB - Virtual size: 8.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 68KB - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ