d1505a8ac2409207637b344848d53a2e189a04873ebc87ac3155f7cd05b0e348

Sharing

Copy URL

Twitter E-mail

General

Target

d1505a8ac2409207637b344848d53a2e189a04873ebc87ac3155f7cd05b0e348
Size

2.0MB
MD5

65df90b37a4fea6c70ac5456438a2d2e
SHA1

7f6173d28e26bcc0e3ff15d50f57582da67ac1ff
SHA256

d1505a8ac2409207637b344848d53a2e189a04873ebc87ac3155f7cd05b0e348
SHA512

9167ceb781711b8f07bcaf5461491849b4f4fb3d8013f9dde1ec5583c8b476364fad92e98ff77200c02c22b90e5876f192b69260a4d789964dcac10b6ff1a1a3
SSDEEP

49152:euL+35wxIWcwmuLtFb7rQQvo1sS9BxXuFydDRRRRRRRRRRRRRRRRRRRRRRRRRRRI:e6JKwftR7UQvo5BxXusdDRRRRRRRRRRS

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
static1/unpack001/hintcver.dll	acprotect

Files

d1505a8ac2409207637b344848d53a2e189a04873ebc87ac3155f7cd05b0e348
.zip
VA.VER
browseti.dll
.dll windows x86

03e9b99cb9d9095b435919e7c0982d71

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:2e:ee:41:9c:94:ce:a9:34:83:df:57:e7:17:66:ec:04:d1:20:9e
Signer

Actual PE Digest

24:2e:ee:41:9c:94:ce:a9:34:83:df:57:e7:17:66:ec:04:d1:20:9e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:37
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
lstrcmpiA
lstrlenW
lstrlenA
GetCurrentProcessId
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
CreateEventA
ReadProcessMemory
VirtualProtect
GetCurrentProcess
GetModuleHandleA
WriteProcessMemory
OpenProcess
GetModuleFileNameA
GetVersionExA
LoadLibraryA
GetTickCount
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CompareStringA
CompareStringW
lstrcatA
GetSystemDirectoryA
DisableThreadLibraryCalls
OutputDebugStringA
VirtualProtectEx
lstrcpyW
CreateMutexA
ReleaseMutex
SwitchToThread
GetWindowsDirectoryA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LeaveCriticalSection
LocalFree
EnterCriticalSection
DeleteCriticalSection
GetProcAddress
InitializeCriticalSection
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
CreateFileA
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
FlushFileBuffers
WriteFile
UnhandledExceptionFilter
lstrcpyA
InterlockedDecrement
InterlockedIncrement
HeapAlloc
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
HeapReAlloc
GetLocalTime
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetOEMCP
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapSize

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueA

shell32

ShellExecuteA

oleaut32

VariantClear
SysAllocString
VariantInit

shlwapi

StrStrIA

psapi

GetMappedFileNameA

ws2_32

closesocket
WSACleanup
send

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cgf.dat
hcr0.dat
hintBroswer.dll
.dll windows x86

6229e1d43c3d2c61ec938e8be5e479fb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1c:06:33:32:d0:88:a5:86:28:14:a6:0f:53:19:76:65:46:bd:ea
Signer

Actual PE Digest

19:1c:06:33:32:d0:88:a5:86:28:14:a6:0f:53:19:76:65:46:bd:ea

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
RaiseException
Sleep
ExitProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
UnhandledExceptionFilter
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
TerminateProcess
GetCommandLineA
RtlUnwind
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
WritePrivateProfileStringW
lstrlenA
GlobalFlags
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FormatMessageW
LocalFree
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
MulDiv
GetModuleHandleA
InterlockedDecrement
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetThreadLocale
InterlockedIncrement
lstrlenW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentStringsW
InterlockedExchange

user32

PostThreadMessageW
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
LoadCursorW
GetSysColorBrush
DestroyMenu
UnregisterClassW
GetWindowThreadProcessId
SetCursor
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharNextW
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
RegisterClipboardFormatW
CharUpperW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
AdjustWindowRectEx
GetParent
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
SendMessageW
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
GetDC
ReleaseDC
FindWindowW
SetWindowPos
LoadImageW
PostQuitMessage
KillTimer
SetTimer
GetClientRect
GetWindowRect
GetWindow
EnableWindow
SendDlgItemMessageA

gdi32

ExtSelectClipRgn
SetWindowExtEx
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
GetWindowExtEx
GetViewportExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleDC
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetStockObject
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetObjectW
StretchBlt
DeleteObject
SelectObject
DeleteDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
SysFreeString
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

gdiplus

GdiplusShutdown

Exports

Exports

ShowW
show

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintbhoii.dll
.dll windows x86

37500aa4d16987556062d5a18c3958b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:8a:27:08:97:c1:df:13:47:7f:70:59:da:97:af:16:00:8e:a4:0f
Signer

Actual PE Digest

a3:8a:27:08:97:c1:df:13:47:7f:70:59:da:97:af:16:00:8e:a4:0f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:36
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
VirtualQuery
VirtualProtect
FlushInstructionCache
VirtualAlloc
VirtualFree
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
SetLastError
TerminateProcess
ExitProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
ReadFile
GetSystemInfo
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
HeapSize
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetTimeZoneInformation
GetLocalTime
GetSystemTimeAsFileTime
HeapReAlloc
GetVersionExA
SetFilePointer
GetCurrentThread
GetProcessHeap
HeapAlloc
HeapFree
CreateFileA
GetCurrentProcessId
WriteFile
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
Sleep
DisableThreadLibraryCalls
LoadLibraryA
GetCurrentProcess
lstrcpyA
GetModuleFileNameA
CreateDirectoryA
GetSystemDirectoryA
lstrcatA
WaitForSingleObject
TerminateThread
CloseHandle
OutputDebugStringA
lstrlenA
lstrcmpiA
GetCommandLineA
CreateThread
ExitThread
RaiseException
RtlUnwind
OpenFileMappingA

user32

FindWindowExA
SetTimer
PtInRect
GetWindowRect
ShowWindow
IsWindowVisible
GetWindowThreadProcessId
GetCapture
GetFocus
CallWindowProcA
SendMessageA
SetWindowTextA
DrawTextA
DrawIconEx
FillRect
GetWindowTextA
SetFocus
MoveWindow
SetWindowPos
ReleaseDC
GetClientRect
GetDC
SendMessageTimeoutA
LoadCursorA
GetWindowLongA
CreateWindowExA
PostMessageA
BeginPaint
EndPaint
PostQuitMessage
DefWindowProcA
UpdateWindow
KillTimer
RegisterClassExA
DestroyWindow
SetWindowLongW
SetWindowsHookExA
RegisterWindowMessageA
CallNextHookEx
UnhookWindowsHookEx
GetWindowLongW
GetClassNameA
GetParent
LoadIconA
GetCursorPos
ScreenToClient
SetWindowLongA

gdi32

MoveToEx
LineTo
CreateFontIndirectA
SelectObject
SetBkMode
CreateSolidBrush
SetTextColor
DeleteObject
CreatePen

advapi32

AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

ExtractIconA

ole32

CoInitialize
CoUninitialize

oleaut32

SysAllocString
VariantInit
SysFreeString

shlwapi

PathFileExistsA

urlmon

URLDownloadToFileA

psapi

GetMappedFileNameA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintcver.dll
.dll windows x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:04:39:2b:56:36:46:b2:91:5f:d1:1e:97:4b:bb:48:f0:ef:00:85
Signer

Actual PE Digest

2e:04:39:2b:56:36:46:b2:91:5f:d1:1e:97:4b:bb:48:f0:ef:00:85

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Recer

Sections

ATAC
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATAL
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hintdm.pg
.dll windows x86

3d5420d5a84aa6443a19c623c03665e4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:43:27:55:b0:cd:a3:0f:d1:f3:1f:2e:d4:4a:08:d8:ca:ff:2a:1d
Signer

Actual PE Digest

82:43:27:55:b0:cd:a3:0f:d1:f3:1f:2e:d4:4a:08:d8:ca:ff:2a:1d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:38
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FlushFileBuffers
GetCurrentProcess
GetCPInfo
GetOEMCP
RtlUnwind
IsBadReadPtr
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
ExitProcess
RaiseException
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GlobalFlags
InterlockedIncrement
WritePrivateProfileStringA
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
SetLastError
GlobalUnlock
FormatMessageA
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
SetFilePointer
LocalFree
HeapAlloc
HeapFree
ReadFile
GetModuleFileNameA
QueueUserAPC
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
VirtualFreeEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteFile
FindFirstFileA
FindNextFileA
FindClose
GetProcAddress
GetLocalTime
GlobalMemoryStatusEx
GetComputerNameA
GlobalAlloc
GlobalFree
Process32First
Process32Next
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
Thread32Next
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemDirectoryA
lstrcatA
CopyFileA
Sleep
lstrcmpiA
lstrlenA
SetErrorMode
LoadLibraryA
lstrcpynA
CreateProcessA
WaitForSingleObject
TerminateThread
CloseHandle
TerminateProcess
FreeLibrary

user32

GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
SetWindowLongA
GetDlgItem
GetSystemMetrics
GetTopWindow
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
SetWindowTextA
wsprintfA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
GetWindowLongA
GetLastActivePopup
DestroyMenu
GetSysColorBrush
IsWindowEnabled
EnableWindow
SetCursor
PostMessageA
IsWindowVisible
SendMessageA
RegisterWindowMessageA
GetClassNameA
EnumDisplaySettingsA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
PostQuitMessage
DefWindowProcA
GetForegroundWindow
GetWindowTextA
IsWindow
DestroyWindow
ClientToScreen

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
Escape

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
GetUserNameA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

comctl32

ord17

shlwapi

PathFileExistsA
SHDeleteValueA
PathFindExtensionA
PathFindFileNameA
StrStrIA

ole32

CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
VariantChangeType

ws2_32

htonl
inet_addr
socket
htons
bind
select
connect
ioctlsocket
setsockopt
send
closesocket
shutdown
gethostbyname

iphlpapi

GetAdaptersInfo

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

GetPlugins

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintfangyuan.dll
.dll windows x86

b9b600441ff961376db04137801f76d5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:21:d0:94:20:ca:77:5e:21:e5:97:a5:32:f4:13:cd:dd:40:17:a2
Signer

Actual PE Digest

57:21:d0:94:20:ca:77:5e:21:e5:97:a5:32:f4:13:cd:dd:40:17:a2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DisableThreadLibraryCalls
SetErrorMode
CreateFileA
MapViewOfFile
UnmapViewOfFile
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
GetProcessHeap
WideCharToMultiByte
ReadFile
GetStdHandle
GetLastError
GetProcAddress
GetCurrentThreadId
OpenFileMappingW
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
SetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
VirtualAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
LCMapStringA
RtlUnwind
InterlockedExchange
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA

user32

TranslateMessage
RegisterWindowMessageW
GetClassNameW
EnumChildWindows
SendMessageTimeoutW
IsWindowVisible
DispatchMessageW
GetForegroundWindow
PeekMessageW

ole32

CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

StrRStrIW
StrStrIW

oleacc

ObjectFromLresult

wininet

HttpOpenRequestW
InternetCloseHandle
HttpSendRequestW
InternetConnectW
InternetReadFile
HttpQueryInfoW
InternetOpenW

Exports

Exports

start
state
stop

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hinthk.dll
.dll windows x86

bd3bc2b5058653865ee81f6fce91589a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:81:f8:c0:f6:2f:c3:6e:ca:1d:34:74:66:d9:a1:48:35:0f:8c:bd
Signer

Actual PE Digest

76:81:f8:c0:f6:2f:c3:6e:ca:1d:34:74:66:d9:a1:48:35:0f:8c:bd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetOEMCP
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedDecrement
SetLastError
MulDiv
FormatMessageA
LocalFree
GlobalLock
InterlockedIncrement
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GlobalAlloc
FreeResource
TerminateProcess
GetCurrentProcessId
GlobalUnlock
GlobalFree
GetCurrentProcess
CreateFileA
GetFileSize
ReadFile
WriteFile
GetTickCount
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
OpenFileMappingA
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetModuleFileNameA
OutputDebugStringA
LoadLibraryA
GetProcAddress
FreeLibrary
CompareStringW
CompareStringA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LCMapStringA
InterlockedExchange

user32

RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
DestroyMenu
wsprintfA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
SendMessageA
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
IntersectRect
SystemParametersInfoA
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetCapture
LoadCursorA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
GetWindow
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
IsWindow
EnumChildWindows
GetWindowTextA
GetClassNameA
GetParent
RegisterWindowMessageA
SendMessageTimeoutA
GetSystemMetrics
SetParent
LoadImageA
UnregisterClassA
KillTimer
SetTimer
IsWindowVisible
GetClientRect
PtInRect
CharUpperA
EnableWindow
GetForegroundWindow

gdi32

CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
CreateCompatibleDC
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
StretchBlt
DeleteObject
GetDIBColorTable
GetObjectA
SelectObject
DeleteDC
PtVisible

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
StrStrIA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemFree
OleIsCurrentClipboard

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringLen
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString

gdiplus

GdiplusShutdown

ws2_32

htons
socket
WSAStartup
connect
closesocket
inet_addr
send
WSACleanup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hinths.dll
.dll windows x86

fc62f74de7fbe04d86597c395dcda6f0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:10:66:0e:f9:6f:87:99:1e:40:31:ea:fc:30:95:0d:e7:3a:6f:6b
Signer

Actual PE Digest

de:10:66:0e:f9:6f:87:99:1e:40:31:ea:fc:30:95:0d:e7:3a:6f:6b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GlobalFree
lstrcmpA
GlobalAlloc
FreeLibraryAndExitThread
lstrlenA
GetModuleFileNameA
GetComputerNameA
Sleep
CloseHandle
CreateThread
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
GetCurrentThread
VirtualQuery
VirtualProtect
FlushInstructionCache
GetCurrentProcess
VirtualAlloc
VirtualFree
InterlockedCompareExchange
GetCurrentThreadId
GetTempPathA
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
SetLastError
TerminateProcess
ExitProcess
GetPrivateProfileStringA
lstrcpynA
ResumeThread
GetSystemDirectoryA
HeapSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
GetLocalTime
WideCharToMultiByte
GetTimeZoneInformation
GetCommandLineA
GetVersionExA
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
DeleteCriticalSection
HeapAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
UnhandledExceptionFilter
InterlockedExchange
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
GetSystemInfo

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

iphlpapi

GetAdaptersInfo

ws2_32

htons
inet_addr
gethostbyname
select
sendto
closesocket
socket

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintlittle.dll
.dll windows x86

5d769917c019e8fc0a18f1029896b5b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:56:ca:6d:c7:12:b6:ae:23:a3:63:f6:b9:6a:2d:03:05:64:52:af
Signer

Actual PE Digest

86:56:ca:6d:c7:12:b6:ae:23:a3:63:f6:b9:6a:2d:03:05:64:52:af

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:33
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
GetModuleHandleW
FreeLibrary
SetEvent
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetModuleFileNameW
WaitForSingleObject
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
WideCharToMultiByte
LoadLibraryW
ReadFile
CreateFileW
MultiByteToWideChar
GetStdHandle
GetLastError
GetProcAddress
GetCurrentThreadId
lstrlenA
SystemTimeToFileTime
GlobalAlloc
FileTimeToSystemTime
GlobalFree
GetLocalTime
OpenFileMappingW
OpenFileMappingA
TerminateProcess
FindResourceExW
GetCurrentProcessId
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
SetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
RtlUnwind
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FindResourceW
LoadResource
LockResource
SizeofResource
DisableThreadLibraryCalls
SetErrorMode

user32

PostThreadMessageW

shlwapi

PathRemoveFileSpecW
StrStrIW

iphlpapi

GetAdaptersInfo

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

Exports

Exports

start
state
stop

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintnobho.dll
.dll windows x86

b3807ec2518a1875aa89a5862d42ab25

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:50:bc:c3:23:36:06:7b:ba:9f:51:0f:ee:ec:7b:54:f3:33:50:6f
Signer

Actual PE Digest

51:50:bc:c3:23:36:06:7b:ba:9f:51:0f:ee:ec:7b:54:f3:33:50:6f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:33
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
DeviceIoControl
HeapFree
HeapAlloc
GetProcessHeap
Sleep
UnmapViewOfFile
MapViewOfFile
GetVersionExA
GetLastError
CopyFileA
Process32Next
Process32First
lstrcpyA
LocalFree
SetEnvironmentVariableA
CompareStringW
lstrcmpiA
OpenProcess
OpenThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
QueueUserAPC
GetSystemDirectoryA
lstrcatA
WaitForSingleObject
TerminateThread
CloseHandle
GetCurrentProcessId
OpenFileMappingA
DisableThreadLibraryCalls
CompareStringA
ReadFile
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
VirtualProtectEx
GetExitCodeThread
CreateRemoteThread
VirtualFreeEx
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
RaiseException
IsBadReadPtr
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetLocalTime
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
SetFilePointer
InterlockedExchange
VirtualQuery

advapi32

RegCreateKeyA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize

ws2_32

send
closesocket
WSACleanup

oleaut32

SysAllocString
VariantClear
VariantInit

Exports

Exports

start
stop

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintreg2.dll
.dll windows x86

b4612a3d41538a9b7a31712d565dc1bc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:dd:fb:89:ad:e6:93:0e:11:18:91:61:f6:0f:0a:8c:b3:a5:18:b9
Signer

Actual PE Digest

c1:dd:fb:89:ad:e6:93:0e:11:18:91:61:f6:0f:0a:8c:b3:a5:18:b9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

08-05-2013 07:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord1177
ord1209
ord1084
ord1092
ord1167
ord1201
ord1175
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord764
ord265
ord310
ord578
ord876
ord907
ord581
ord304
ord762
ord784
ord2468
ord781
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4081
ord2833
ord1035
ord2272
ord5491
ord6168
ord2249
ord759
ord570
ord5567
ord4569
ord5227
ord3595
ord1486
ord2322
ord911
ord331
ord2141
ord590
ord3428
ord3635
ord3602
ord3609
ord1025
ord314
ord2248
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326

msvcr71

_vsnprintf
fclose
fputs
fwrite
fopen
_except_handler3
_strdate
_stricmp
_strtime
_tzset
strrchr
_mbschr
realloc
strchr
??1exception@@UAE@XZ
strncpy
malloc
sprintf
_CxxThrowException
memset
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
free
__CxxFrameHandler
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
GetTempPathA
GetFileSize
ReadFile
WriteFile
GetWindowsDirectoryA
DeleteFileA
FreeLibrary
GetTickCount
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
LoadLibraryA
Process32First
Process32Next
CreateToolhelp32Snapshot
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
GetCurrentProcess
WritePrivateProfileStringA
lstrcpyA
GetFileAttributesA
CreateFileA
TerminateThread
ResumeThread
GetSystemDirectoryA
WaitForSingleObject
CloseHandle
lstrlenA
lstrlenW
lstrcmpiA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

PostQuitMessage
PostThreadMessageA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

msvcp71

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

start
stop

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintsnake.dll
.dll windows x86

d28f86a74e5ff8da648fb7eb9ca35cd8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:d3:d5:69:68:12:a9:e3:c1:84:bd:b1:c9:fd:4a:a7:f6:27:d4:94
Signer

Actual PE Digest

94:d3:d5:69:68:12:a9:e3:c1:84:bd:b1:c9:fd:4a:a7:f6:27:d4:94

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:33
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
MultiByteToWideChar
OpenFileMappingW
CloseHandle
GetCurrentProcess
GetModuleHandleW
OpenProcess
TerminateProcess
GetLastError
GetProcAddress
CreateToolhelp32Snapshot
GetCurrentProcessId
GetFileSize
HeapAlloc
HeapFree
GetProcessHeap
GetStdHandle
GetCurrentThreadId
Process32FirstW
Module32FirstW
Process32NextW
Module32NextW
SetFilePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
InterlockedDecrement
Sleep
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
SetStdHandle
GetFileType
RtlUnwind
TlsGetValue
TlsSetValue
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LCMapStringW
LCMapStringA
VirtualAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
WideCharToMultiByte
GetTickCount
UnmapViewOfFile
MapViewOfFile
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW
TlsAlloc
ReadFile
SleepEx
MoveFileW
DisableThreadLibraryCalls
InterlockedIncrement
SetErrorMode

shlwapi

StrStrIW

psapi

EnumProcesses
GetModuleFileNameExW

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintsok.dll
.dll windows x86

e89900ae854c7f687ae6cb0279bec2f6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:2f:ed:66:4f:1e:1f:39:44:c5:58:20:a0:80:71:2b:32:19:da:6a
Signer

Actual PE Digest

36:2f:ed:66:4f:1e:1f:39:44:c5:58:20:a0:80:71:2b:32:19:da:6a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 11:28
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
RtlUnwind
IsBadReadPtr
GetLocalTime
GetTimeZoneInformation
ExitThread
CreateThread
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
CreateDirectoryA
ExitProcess
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
InterlockedIncrement
WritePrivateProfileStringA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
InterlockedDecrement
SetLastError
FormatMessageA
lstrcpynA
LocalFree
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
FileTimeToLocalFileTime
FileTimeToSystemTime
TerminateProcess
OpenFileMappingA
GetCurrentProcessId
GlobalUnlock
GetCurrentProcess
RaiseException
AreFileApisANSI
GetComputerNameA
GlobalAlloc
GlobalFree
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteFile
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetErrorMode
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
GetTickCount
FreeLibrary
CreateMutexA
GetPrivateProfileStringA
GetSystemDirectoryA
Sleep
lstrcpyA
lstrcatA
WaitForSingleObject
TerminateThread
GetModuleFileNameA
DeleteFileA
lstrlenA
CreateFileMappingA
GetLastError
MapViewOfFile
GetFileSize
CreateFileA
ReadFile
lstrcmpiA
UnmapViewOfFile
HeapDestroy
CloseHandle

user32

GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
WinHelpA
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
wsprintfA
GetSystemMetrics
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
RegisterWindowMessageA
ModifyMenuA
GetMenuState
DestroyMenu
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
PostMessageA
PostQuitMessage
SetLastErrorEx
UnregisterClassA
CharUpperA

gdi32

ExtTextOutA
TextOutA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
CreateBitmap
GetDeviceCaps
DeleteObject
SaveDC
RestoreDC
SetBkColor
Escape

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegQueryValueA
RegEnumKeyA
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA

comctl32

ord17

shlwapi

PathFileExistsA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileA

crypt32

CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertOpenStore
CertCreateContext
CertFindCertificateInStore

wininet

HttpOpenRequestA
InternetQueryOptionA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetSetOptionA

ws2_32

send
htonl
shutdown
recvfrom
ioctlsocket
connect
inet_addr
select
WSAGetLastError
setsockopt
sendto
WSACleanup
WSAStartup
socket
inet_ntoa
gethostbyname
closesocket
htons
bind

iphlpapi

GetAdaptersInfo

Exports

Exports

Mgerae
Mgerck
Mgerda

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintua.pg
.dll windows x86

d2687e513fe3bd7bc0a5e20ae6b8943a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:43:5f:34:9d:a8:f6:8b:b2:13:70:0d:97:c8:5f:cd:6f:4d:fd:53
Signer

Actual PE Digest

ed:43:5f:34:9d:a8:f6:8b:b2:13:70:0d:97:c8:5f:cd:6f:4d:fd:53

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:38
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
SystemTimeToFileTime
WritePrivateProfileStringA
GetCurrentDirectoryA
RtlUnwind
IsBadReadPtr
ExitThread
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
GlobalHandle
ExitProcess
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
GetDriveTypeA
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetFullPathNameA
FlushFileBuffers
SetFilePointer
InterlockedDecrement
FindNextFileA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
SetLastError
GlobalLock
FormatMessageA
LocalFree
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
lstrcpynA
GlobalAlloc
TerminateProcess
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalUnlock
GlobalFree
GetCurrentProcess
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateFileA
ReadFile
WriteFile
GetCurrentProcessId
CompareStringW
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleHandleA
GetCurrentThreadId
CreateThread
GetLocalTime
lstrcmpiA
lstrlenA
GetVersionExA
GetSystemDirectoryA
lstrcatA
CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
WaitForSingleObject
TerminateThread
CloseHandle

user32

SetCursor
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindowEnabled
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextA
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetParent
ValidateRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
SendMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetWindow
UnregisterClassA
GetDesktopWindow
GetWindowRect
GetShellWindow
GetSysColorBrush
FindWindowA
GetWindowThreadProcessId
DestroyMenu
wsprintfA
GetActiveWindow
GetDlgItem
GetCursorPos
FindWindowExA
GetThreadDesktop
CreateDesktopA
OpenInputDesktop
IsWindow
MessageBoxA
GetDC
ReleaseDC
CloseDesktop
SwitchDesktop
SetThreadDesktop
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DefWindowProcA
DestroyWindow
GetSystemMetrics
EnableWindow
KillTimer
InvalidateRect
PostMessageA
GetForegroundWindow
GetClassNameA

gdi32

GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathFileExistsA

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetAdaptersInfo

Exports

Exports

GetPlugins

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintui.dll
.dll windows x86

9a3f76ee2d93cc85c8c4ccbc615eceda

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:87:9b:7e:10:ea:bd:32:97:cc:37:a2:0d:ae:c8:76:42:bd:67:09
Signer

Actual PE Digest

3b:87:9b:7e:10:ea:bd:32:97:cc:37:a2:0d:ae:c8:76:42:bd:67:09

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:31
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
select
htons
WSAGetLastError
WSAStartup
inet_ntoa
closesocket
recv
gethostbyname
gethostname
WSACleanup
inet_addr
send

wininet

InternetQueryOptionA

kernel32

LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
InterlockedDecrement
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FlushFileBuffers
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
GetSystemTimeAsFileTime
IsBadReadPtr
VirtualProtect
VirtualAlloc
GetSystemInfo
ExitThread
GetTimeZoneInformation
GetCommandLineA
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
IsBadCodePtr
SetEnvironmentVariableA
SetFilePointer
GetFileTime
SetFileTime
LocalFileTimeToFileTime
lstrcpyA
FindNextFileA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
GlobalLock
FormatMessageA
lstrcpynA
FileTimeToLocalFileTime
GetFileSize
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
GlobalAlloc
TerminateProcess
GlobalUnlock
GlobalFree
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
WritePrivateProfileStringA
LeaveCriticalSection
EnterCriticalSection
GetTempPathA
CreateDirectoryA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
GetStartupInfoA
VirtualQuery
CopyFileA
GetCurrentProcessId
WaitForSingleObjectEx
SetEvent
GetCurrentThreadId
FindFirstFileA
FindClose
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
CreateEventA
WaitForSingleObject
ResetEvent
CompareStringW
CompareStringA
lstrlenW
lstrcmpiA
GetVersion
MultiByteToWideChar
GetSystemDirectoryA
CreateFileA
ReadFile
CloseHandle
GetFileAttributesA
WriteFile
GetTickCount
DeleteFileA
Sleep
SetFileAttributesA
GetModuleFileNameA
GetComputerNameA
GetProcessHeap
HeapAlloc
HeapFree
DeviceIoControl
GetLastError
SetLastError
LocalFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetErrorMode

user32

EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindowEnabled
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetFocus
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
GetClientRect
GetMenu
GetSysColor
PostQuitMessage
GetParent
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetLastErrorEx
ShowWindow
SendMessageA
LoadIconA
DestroyWindow
GetThreadDesktop
CreateDesktopA
OpenInputDesktop
MessageBoxA
GetDC
ReleaseDC
CloseDesktop
SwitchDesktop
SetThreadDesktop
GetWindowLongA
GetWindow
GetWindowTextA
FindWindowExA
PeekMessageA
InvalidateRect
wsprintfW
GetDesktopWindow
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetClassNameA
GetShellWindow
GetWindowThreadProcessId
PostThreadMessageA
GetMessageA
CharUpperA
UnhookWindowsHookEx
IsWindowVisible
EnableWindow
UnregisterClassA
SetCursor
ValidateRect
GetCursorPos
GetActiveWindow
TranslateMessage
GetSysColorBrush
LoadCursorA
FindWindowA
IsWindow
DestroyMenu
AdjustWindowRectEx
KillTimer
SetTimer
PostMessageA
SetWindowPos

gdi32

GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
RegEnumKeyExA
RegDeleteKeyA
RegSetValueA
RegDeleteValueA
OpenSCManagerA
CreateServiceA
FreeSid
OpenServiceA
StartServiceA
CloseServiceHandle
RegQueryInfoKeyA
GetUserNameA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegSetKeySecurity
RegOpenCurrentUser
RegOpenKeyExA
RegCloseKey
RegSetValueExA
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA

shell32

SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHChangeNotify

comctl32

ord17

shlwapi

SHDeleteKeyA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
SHDeleteValueA

ole32

StringFromCLSID
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoInitialize
CoRegisterMessageFilter
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileA

wsock32

recvfrom
sendto
accept

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

start
stop

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inidata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintva.dll
.dll windows x86

bbbe3af8452aea89f91ade974a832282

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:1f:27:dd:94:d5:6a:0e:f3:c3:3b:e9:37:cf:f1:ec
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03-09-2013 00:00

Not After

03-10-2015 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=value added,O=shanghai xin hao yi software Co.\, Ltd,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:e5:df:c9:05:ea:96:61:4f:9e:76:6b:54:b4:02:1b:f1:da:b2:ec
Signer

Actual PE Digest

99:e5:df:c9:05:ea:96:61:4f:9e:76:6b:54:b4:02:1b:f1:da:b2:ec

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=value added,O=shanghai xin hao yi software Co.\, Ltd,L=shanghai,ST=shanghai,C=CN

25-06-2014 10:12
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
GetLocalTime
GetTimeZoneInformation
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
CreateDirectoryA
HeapSize
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
ExitProcess
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
RtlUnwind
GetFileTime
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
InterlockedDecrement
SetLastError
MulDiv
FormatMessageA
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
lstrcpynA
GlobalLock
CreateNamedPipeA
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
FreeResource
TerminateProcess
GlobalUnlock
RaiseException
AreFileApisANSI
FindFirstFileA
FindClose
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
LocalAlloc
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesA
GetComputerNameA
GlobalAlloc
GlobalFree
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenFileMappingA
OutputDebugStringA
GetCurrentProcess
GetTickCount
WriteFile
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
lstrlenW
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
Sleep
lstrcpyA
WaitForSingleObject
TerminateThread
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
CreateEventA
SetEvent
GetModuleFileNameA
DeleteFileA
GetSystemDirectoryA
lstrcatA
lstrlenA
CreateFileMappingA
GetLastError
MapViewOfFile
lstrcmpiA
CreateFileA
GetFileSize
ReadFile
UnmapViewOfFile
SetHandleCount
CloseHandle

user32

GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowTextA
IsDialogMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
wsprintfA
TabbedTextOutA
DrawTextA
DrawTextExA
SetPropA
GetPropA
GrayStringA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
GetSysColorBrush
DefWindowProcA
CallWindowProcA
LoadCursorA
DestroyMenu
RemovePropA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
SetLastErrorEx
UnregisterClassA
IsWindowVisible
ShowWindow
SendMessageA
RegisterWindowMessageA
GetClassNameA
PostThreadMessageA
CharUpperA
GetMessageA
TranslateMessage
DispatchMessageA
EnableWindow
UnhookWindowsHookEx

gdi32

TextOutA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
PtVisible
DeleteObject
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
GetDeviceCaps
SaveDC
RestoreDC
SetMapMode
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryValueA
RegEnumKeyA
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
RegEnumKeyExA
RegOpenKeyA
GetUserNameA
RegCloseKey

comctl32

ord17

shlwapi

PathIsUNCA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrStrIA

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileA

crypt32

CryptQueryObject
CryptMsgGetParam
CertCloseStore
CertGetNameStringA
CryptMsgClose
CertFindCertificateInStore
CertCreateContext
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

wininet

InternetSetOptionA
InternetCloseHandle
HttpOpenRequestA
InternetQueryOptionA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wintrust

WinVerifyTrust

psapi

GetModuleFileNameExA

ws2_32

recvfrom
sendto
bind
htons
setsockopt
inet_ntoa
socket
gethostbyname
WSAGetLastError
select
inet_addr
connect
ioctlsocket
send
shutdown
htonl
closesocket

Exports

Exports

CommMgerc
Mgerae
Mgerck
Mgercx
Mgerda
ck0
cx0
cx1
cx2
cx3

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hintxc.exe
.exe windows x86

2c35ed123bf7fb5532653325910c7a41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:28:f3:3e:5f:1c:1f:79:a7:ad:aa:de:90:9f:a3:48:a1:07:77:0b
Signer

Actual PE Digest

5f:28:f3:3e:5f:1c:1f:79:a7:ad:aa:de:90:9f:a3:48:a1:07:77:0b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

04-03-2013 07:03
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualAlloc
VirtualFree

Sections

.text
Size: 21KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xhy
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
iesafe.exe
.exe windows x86

c3073019b02654f825825e3167571836

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:e8:b7:c8:46:cb:85:03:ba:bb:cf:5e:65:a1:54:29:15:63:e8:55
Signer

Actual PE Digest

b5:e8:b7:c8:46:cb:85:03:ba:bb:cf:5e:65:a1:54:29:15:63:e8:55

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:37
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetOEMCP
GetCPInfo
SetErrorMode
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GlobalFlags
InterlockedIncrement
lstrcatA
WritePrivateProfileStringA
FlushFileBuffers
SetFilePointer
InterlockedDecrement
GlobalAddAtomA
SetLastError
FormatMessageA
lstrcpynA
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
TerminateProcess
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcessId
GlobalUnlock
GetCurrentProcess
GetTickCount
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
WriteFile
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
lstrlenA
CreateProcessA
GetModuleFileNameA
CreateFileA
ReadFile
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
WideCharToMultiByte
LocalAlloc
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStrings

user32

DestroyMenu
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
LoadCursorA
GetCapture
ClientToScreen
wsprintfA
GetSystemMetrics
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
PostMessageA
UnregisterClassA
CopyRect

gdi32

PtVisible
TextOutA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
ExtTextOutA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegDeleteKeyA
RegOpenKeyExA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

iphlpapi

GetAdaptersInfo

wininet

InternetQueryOptionA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetSetOptionA

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mspack.dll
.dll windows x86

9c3db14765981761c16654b733438fc4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:9c:94:a7:33:1e:b7:2e:04:b6:be:5c:5a:81:7f:56:5b:66:42:9e
Signer

Actual PE Digest

78:9c:94:a7:33:1e:b7:2e:04:b6:be:5c:5a:81:7f:56:5b:66:42:9e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

08-05-2013 07:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetVersion
GetCurrentThreadId
GetProcessVersion
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapAlloc
RaiseException
SetStdHandle
GetFileType
GetACP
HeapSize
HeapReAlloc
TlsFree
ExitProcess
TerminateProcess
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
FlushInstructionCache
GlobalHandle
TlsAlloc
lstrcatA
lstrcmpA
GlobalLock
GlobalUnlock
LocalAlloc
FreeLibrary
SetLastError
lstrcmpiA
lstrcpynA
GetProcAddress
FlushFileBuffers
SetFilePointer
LocalFree
InterlockedDecrement
InterlockedIncrement
TerminateThread
CreateThread
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
CreateToolhelp32Snapshot
GetLastError
Process32First
Process32Next
GetModuleFileNameA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileAttributesA
lstrcpyW
GetModuleHandleA
LoadLibraryA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetCommandLineA
CreateFileA
GetFileSize
ReadFile
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetWindowsDirectoryA
GetTempPathA
CopyFileA
DeleteFileA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GlobalAlloc
GlobalFree
GetTickCount
lstrlenA
Sleep
lstrcpyA
GetComputerNameA

user32

CopyRect
GetClientRect
AdjustWindowRectEx
MapWindowPoints
PostMessageA
LoadIconA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
PostQuitMessage
DestroyMenu
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessagePos
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetSysColor
GetSysColorBrush
LoadCursorA
DispatchMessageA
GetKeyState
PeekMessageA
SetFocus
SetWindowPos
SetWindowLongA
GetDlgItem
GetFocus
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
ReleaseDC
GetDC
GetMessageTime
GetTopWindow
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetSystemMetrics
GetForegroundWindow
GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
IsIconic

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
OffsetViewportOrgEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetDeviceCaps
DeleteObject
GetObjectA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyExW

comctl32

ord17

ws2_32

WSAStartup
socket
htons
connect
send
shutdown
closesocket
WSACleanup
gethostbyname
WSAGetLastError

iphlpapi

GetAdaptersInfo

Exports

Exports

SetBarID
SetHook
UnHook

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mspopxy.dll
.dll windows x86

2ddbf1b3347c53c1df6a2df4a1774858

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-07-2011 00:00

Not After

05-09-2013 23:59

Subject

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:63:3a:21:6d:93:c1:6f:bc:0b:4e:53:fe:b3:41:fc:55:c2:71:0d
Signer

Actual PE Digest

51:63:3a:21:6d:93:c1:6f:bc:0b:4e:53:fe:b3:41:fc:55:c2:71:0d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=shanghai xin hao yi software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=shanghai xin hao yi software Co.\, Ltd,L=上海,ST=上海,C=CN

09-05-2013 10:31
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
connect
select
closesocket
ioctlsocket
htons
socket
bind
__WSAFDIsSet
WSAStartup
gethostbyname
shutdown
inet_ntoa
gethostname
sendto
WSASocketA
setsockopt
send
recv
WSACleanup
inet_addr

wininet

InternetCanonicalizeUrlA
InternetSetOptionExA
InternetQueryDataAvailable
InternetOpenUrlA
InternetQueryOptionA
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCrackUrlA
InternetReadFile
InternetCloseHandle
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
HttpQueryInfoA

kernel32

LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
SetThreadPriority
SuspendThread
InterlockedIncrement
InterlockedDecrement
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
FlushFileBuffers
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
GetFileTime
GetCurrentDirectoryA
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
VirtualProtect
VirtualAlloc
GetSystemInfo
GetLocalTime
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
SetFilePointer
lstrcmpA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
MulDiv
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
Process32First
Process32Next
Module32FirstW
Module32NextW
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateToolhelp32Snapshot
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
GlobalLock
OpenProcess
TerminateProcess
GlobalUnlock
GetModuleHandleA
CreateDirectoryA
TerminateThread
GetStartupInfoA
GetCurrentThreadId
GetDriveTypeA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
CreateFileMappingA
VirtualQuery
GetFileSize
ReadFile
WriteFile
GetCommandLineA
FindFirstFileA
FindClose
FindNextFileA
GetFileAttributesA
CreateFileA
GetCurrentProcessId
CreateThread
ResetEvent
GetCurrentProcess
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
GlobalAlloc
GlobalFree
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
Sleep
CreateEventA
CloseHandle
SetEvent
DeviceIoControl
GetTempPathA
WaitForSingleObject
ResumeThread
CompareStringW
CompareStringA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
SetFileAttributesA
lstrcpynA
GetTickCount
WinExec
GetSystemDirectoryA
DeleteFileA
CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetComputerNameA
OutputDebugStringA
GetLastError
SetLastError
LocalFree
lstrlenA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LocalReAlloc

user32

CopyAcceleratorTableA
SetRect
IsRectEmpty
DestroyMenu
LoadCursorA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
wsprintfA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
InvalidateRgn
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
GetParent
GetClassInfoA
RegisterClassA
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
GetDlgCtrlID
SendMessageA
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconA
wsprintfW
PostQuitMessage
GetThreadDesktop
CreateDesktopA
OpenInputDesktop
MessageBoxA
CloseDesktop
SwitchDesktop
SetThreadDesktop
GetWindowTextA
ShowWindow
GetClientRect
SetWindowPos
ReleaseDC
GetDC
LoadBitmapA
SetLastErrorEx
GetCursorPos
GetWindowLongA
SetWindowLongA
PtInRect
InvalidateRect
GetDesktopWindow
GetWindowRect
GetShellWindow
FindWindowExA
GetWindowThreadProcessId
RegisterWindowMessageA
GetSystemMetrics
RegisterClipboardFormatA
UnregisterClassA
CharUpperA
GetForegroundWindow
GetClassNameA
EnableWindow
IsWindowVisible
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetForegroundWindow
KillTimer
SetTimer
PostThreadMessageA
FindWindowA
IsWindow
PostMessageA
EqualRect

gdi32

GetMapMode
GetRgnBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetStockObject
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
StretchBlt
DeleteObject
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetObjectA
GetViewportExtEx
ScaleViewportExtEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegOpenCurrentUser
RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
FreeSid
RegCreateKeyExA
GetUserNameA
CryptEncrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

shell32

SHGetSpecialFolderPathA

comctl32

ImageList_AddMasked
ImageList_Draw
ord17
ImageList_Destroy
ImageList_Create

shlwapi

PathFileExistsA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathIsDirectoryA
UrlUnescapeA

oledlg

ord8

ole32

CoUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoSetProxyBlanket
CoInitialize
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
SysFreeString
VariantClear
SysAllocString
VariantInit
SysStringLen
SysAllocStringByteLen
VariantChangeType
SysAllocStringLen
OleCreateFontIndirect

wsock32

recvfrom
accept

iphlpapi

GetAdaptersInfo

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipGetImagePalette
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdiplusShutdown
GdipCreateBitmapFromScan0

libeay32

ord269
ord2936
ord3109
ord323
ord2630
ord2821

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

UserLogoff
UserLogon
start
stop

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inidata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e9b99cb9d9095b435919e7c0982d71

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

24:2e:ee:41:9c:94:ce:a9:34:83:df:57:e7:17:66:ec:04:d1:20:9eSigner

Signature Validations

Verification

09-05-2013 10:37 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

oleaut32

shlwapi

psapi

ws2_32

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 11KB

shared Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 744B

.reloc Size: 12KB - Virtual size: 10KB

6229e1d43c3d2c61ec938e8be5e479fb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:1c:06:33:32:d0:88:a5:86:28:14:a6:0f:53:19:76:65:46:bd:eaSigner

Signature Validations

Verification

09-05-2013 10:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 11KB - Virtual size: 25KB

.rsrc Size: 24KB - Virtual size: 24KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

24:2e:ee:41:9c:94:ce:a9:34:83:df:57:e7:17:66:ec:04:d1:20:9e
Signer

09-05-2013 10:37
Valid: false

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 11KB

shared
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 744B

.reloc
Size: 12KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:1c:06:33:32:d0:88:a5:86:28:14:a6:0f:53:19:76:65:46:bd:ea
Signer

09-05-2013 10:36
Valid: false

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 33KB - Virtual size: 33KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a3:8a:27:08:97:c1:df:13:47:7f:70:59:da:97:af:16:00:8e:a4:0f
Signer

09-05-2013 10:36
Valid: false

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 9KB

.shared
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

68:78:c7:d3:95:19:2f:06:7c:7f:d0:81:52:c8:82:4b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2e:04:39:2b:56:36:46:b2:91:5f:d1:1e:97:4b:bb:48:f0:ef:00:85
Signer

09-05-2013 10:36
Valid: false

ATAC
Size: - Virtual size: 140KB

ATAL
Size: 125KB - Virtual size: 128KB

.rsrc
Size: 2KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate