58903abc2f424cb40b3dd7166f7fcb442ebdbde0d10b42e2efd0219e5167643f

Sharing

Copy URL Twitter E-mail

General

Target

58903abc2f424cb40b3dd7166f7fcb442ebdbde0d10b42e2efd0219e5167643f
Size

4.0MB
MD5

129a64a72ca389cc35d989e1420b8b6a
SHA1

b34ec1cffc7203bbb9e1e4b739a1fa6c0127e60a
SHA256

58903abc2f424cb40b3dd7166f7fcb442ebdbde0d10b42e2efd0219e5167643f
SHA512

a4c9708ba9e44376123a9ebfbb531ac306a5f47ba8b415b9cea5c2268151072f45728d0b228f50d276d95a06174d83b2006d263a08e4ac16df37807e12908875
SSDEEP

98304:NgfA5VGsdZHqDk8r2C1XZKvMHPmxeUf2722sSyWV2dXqo:NSA5VGSZHqI8rPZKvppuqf9WMXF

Score

1^/10

Malware Config

Signatures

Files

58903abc2f424cb40b3dd7166f7fcb442ebdbde0d10b42e2efd0219e5167643f
.zip
xaq-vpn-pwn-main/QaxVpnPwn.jar
.jar
xaq-vpn-pwn-main/README.md
xaq-vpn-pwn-main/TQS3SignCheck.dll
.dll windows x86

572e1b27a0c0977a270e959b4e29047e

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

03/08/2023, 12:00

Subject

CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/08/2020, 00:00

Not After

03/08/2023, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:9e:6f:f6:df:06:06:8c:74:81:aa:ed:6d:e2:83:6b:00:08:69:b1:c9:7a:e5:8b:c5:ab:e9:26:dc:86:7b:5c
Signer

Actual PE Digest

21:9e:6f:f6:df:06:06:8c:74:81:aa:ed:6d:e2:83:6b:00:08:69:b1:c9:7a:e5:8b:c5:ab:e9:26:dc:86:7b:5c

Digest Algorithm

sha256

PE Digest Matches

true

9b:07:af:57:e8:4e:6b:25:fd:48:b3:40:07:57:02:c0:84:92:63:5e
Signer

Actual PE Digest

9b:07:af:57:e8:4e:6b:25:fd:48:b3:40:07:57:02:c0:84:92:63:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
GetSystemDirectoryW
FreeLibrary
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetFileSizeEx
ReadFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapSize
GetModuleFileNameW
EnterCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
CloseHandle
CreateFileW
GetFileAttributesW
GetProcAddress
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
DeleteCriticalSection
InterlockedFlushSList
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentProcess
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WriteConsoleW

Exports

Exports

HaveS3Sign

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/attach.dll
.dll windows x64

681bc60206cc8238ad68bbec3ca79e3d

Code Sign

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

26/02/2018, 00:00

Not After

27/02/2020, 23:59

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2e:f6:8e:6c:0c:f1:2e:67:5d:1a:e0:42:2f:c0:78:52:b2:b7:6c:cf
Signer

Actual PE Digest

2e:f6:8e:6c:0c:f1:2e:67:5d:1a:e0:42:2f:c0:78:52:b2:b7:6c:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

java

JNU_ThrowInternalError
JNU_ThrowIOException
JNU_ThrowByName
JNU_ThrowIOExceptionWithLastError
JNU_GetStringPlatformChars
JNU_ReleaseStringPlatformChars
JNU_NewStringPlatform

advapi32

OpenThreadToken
ImpersonateSelf
LookupPrivilegeValueA
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__crt_debugger_hook
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
strcpy
sprintf
strncpy
memset
strcmp
malloc
free

kernel32

RtlLookupFunctionEntry
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext
DisableThreadLibraryCalls
GetTempPathA
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
DecodePointer
EncodePointer
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CreateNamedPipeA
LocalFree
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
GetCurrentThread
SetLastError
ReadFile
ConnectNamedPipe
GetLastError
GetModuleHandleA
GetVolumeInformationA
CloseHandle
OpenProcess
IsWow64Process
GetProcAddress

Exports

Exports

Java_sun_tools_attach_WindowsAttachProvider_enumProcesses
Java_sun_tools_attach_WindowsAttachProvider_isLibraryLoadedByProcess
Java_sun_tools_attach_WindowsAttachProvider_tempPath
Java_sun_tools_attach_WindowsAttachProvider_volumeFlags
Java_sun_tools_attach_WindowsVirtualMachine_closePipe
Java_sun_tools_attach_WindowsVirtualMachine_closeProcess
Java_sun_tools_attach_WindowsVirtualMachine_connectPipe
Java_sun_tools_attach_WindowsVirtualMachine_createPipe
Java_sun_tools_attach_WindowsVirtualMachine_enqueue
Java_sun_tools_attach_WindowsVirtualMachine_generateStub
Java_sun_tools_attach_WindowsVirtualMachine_init
Java_sun_tools_attach_WindowsVirtualMachine_openProcess
Java_sun_tools_attach_WindowsVirtualMachine_readPipe

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwendsecurity.dll
.dll windows x86

5d1198b33832c6d6dcc9ea2cc7be2c68

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:f3:27:63:85:c0:dc:2e:16:5d:11:31:a6:e4:89:b3:b8:6a:7f:94:0b:5d:b2:04:fa:de:c7:01:2c:a1:8f:2d
Signer

Actual PE Digest

57:f3:27:63:85:c0:dc:2e:16:5d:11:31:a6:e4:89:b3:b8:6a:7f:94:0b:5d:b2:04:fa:de:c7:01:2c:a1:8f:2d

Digest Algorithm

sha256

PE Digest Matches

true

4d:a9:23:dc:ef:96:ca:90:d6:6e:f0:df:9f:f9:39:16:e1:ba:42:31
Signer

Actual PE Digest

4d:a9:23:dc:ef:96:ca:90:d6:6e:f0:df:9f:f9:39:16:e1:ba:42:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileTime
GetVersionExA
FileTimeToLocalFileTime
CreateDirectoryA
GetCurrentProcess
QueryDosDeviceA
GetLogicalDriveStringsA
Process32NextW
FindFirstFileA
FindClose
Sleep
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessA
GetCurrentThread
GetSystemInfo
Module32Next
Module32First
LocalFree
GetModuleHandleW
Process32FirstW
FindNextFileA
RemoveDirectoryA
LoadLibraryExA
CloseHandle
FindResourceA
LoadResource
LockResource
lstrcmpiW
GetFileAttributesA
SetFileAttributesA
MoveFileExA
GetSystemTime
GetProcessHeap
HeapAlloc
HeapFree
OutputDebugStringA
SetFilePointer
SetEndOfFile
CopyFileA
DeleteFileA
GetComputerNameA
GlobalFree
GetModuleFileNameA
GetLastError
GetModuleHandleA
DeviceIoControl
GetVolumeInformationA
TerminateThread
CreateThread
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTempPathA
GetLocalTime
CreateFileA
WriteFile
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
lstrcmpiA
Process32Next
GetStartupInfoA

ws2_32

htonl
ntohs
htons
ntohl

advapi32

AddAccessAllowedAce
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
QueryServiceConfigA
ChangeServiceConfig2A
ChangeServiceConfigA
QueryServiceStatus
LookupAccountNameA
ConvertSidToStringSidA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
FreeSid
OpenServiceA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
RegDeleteValueA
RegSetKeySecurity

user32

TranslateMessage
CallNextHookEx
PeekMessageA
GetMessageA
DispatchMessageA
EnumWindows
ExitWindowsEx
GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowsHookExA
GetAsyncKeyState

shell32

StrRChrA
StrCmpNIA
ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

StrTrimA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Pstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

iphlpapi

GetTcpTable
GetIfTable
GetUdpTable
SetTcpEntry

msvcrt

strstr
_strupr
_purecall
_CxxThrowException
sscanf
strrchr
atoi
free
malloc
_vsnprintf
_snprintf
fclose
fopen
_access
ftell
fseek
_wcsicmp
_strlwr
iscntrl
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
_read
_fileno
_stricmp
_strnicmp
tolower
strchr
strncpy
sprintf
strncat
??2@YAPAXI@Z
__CxxFrameHandler

wininet

FindNextUrlCacheGroup
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindFirstUrlCacheGroup
DeleteUrlCacheGroup

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringA

Exports

Exports

ESCreate
ESDestroy
ESGetResult
ESInit
ESRun
ESStop

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwnc.dll
.dll windows x86

15c65dafe14b3fdf5f40bd838a29dbcb

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:40:5b:ae:16:a0:2c:8b:45:ad:4e:2d:7c:46:6d:eb:43:0e:a6:ae:b2:68:fe:13:38:6c:9c:a6:3a:8e:4a:c1
Signer

Actual PE Digest

91:40:5b:ae:16:a0:2c:8b:45:ad:4e:2d:7c:46:6d:eb:43:0e:a6:ae:b2:68:fe:13:38:6c:9c:a6:3a:8e:4a:c1

Digest Algorithm

sha256

PE Digest Matches

true

aa:f7:ea:4c:f0:57:ce:a3:f8:72:d0:c9:e3:c0:21:4a:d0:b5:ff:a2
Signer

Actual PE Digest

aa:f7:ea:4c:f0:57:ce:a3:f8:72:d0:c9:e3:c0:21:4a:d0:b5:ff:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
QueryDosDeviceA
GetLogicalDriveStringsA
OpenProcess
Process32NextW
Process32FirstW
ProcessIdToSessionId
GetCurrentThread
GetVersionExA
GetSystemInfo
Module32Next
Module32First
TerminateProcess
GetSystemTime
MoveFileExA
SetFileAttributesA
lstrcmpiW
LockResource
LoadResource
Process32First
LoadLibraryExA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileTime
FileTimeToLocalFileTime
CreateDirectoryA
ExpandEnvironmentStringsA
EnterCriticalSection
WaitForMultipleObjects
WaitForSingleObject
CreateEventA
LocalAlloc
GetCurrentThreadId
Process32Next
GetCurrentProcess
GetModuleHandleA
lstrcmpiA
lstrcpynA
GetFullPathNameA
GetFileAttributesA
lstrcpyA
lstrlenA
GetLocalTime
OutputDebugStringA
SetEndOfFile
SetFilePointer
GetModuleHandleW
GetEnvironmentVariableA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetStartupInfoA
CreateProcessA
ResetEvent
GetTickCount
GetExitCodeProcess
DeleteFileA
GetExitCodeThread
CreateThread
TryEnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetOverlappedResult
ReadFile
SetEvent
LoadLibraryA
GetProcAddress
FreeLibrary
GetProcessHeap
HeapFree
HeapAlloc
FormatMessageA
LocalFree
GetLastError
MultiByteToWideChar
CreateFileA
DeviceIoControl
Sleep
CloseHandle
FindResourceA

ws2_32

WSAIoctl
setsockopt
connect
WSASocketA
WSARecv
WSACleanup
WSASend
shutdown
listen
WSAEventSelect
WSAEnumNetworkEvents
accept
WSAStartup
getservbyport
gethostbyaddr
WSAGetOverlappedResult
getservbyname
WSACloseEvent
WSACreateEvent
ntohs
WSAGetLastError
htonl
inet_ntoa
ntohl
getsockname
gethostbyname
WSASetLastError
WSAAddressToStringA
inet_addr
socket
closesocket
htons
bind

advapi32

AdjustTokenPrivileges
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
GetLengthSid
AllocateAndInitializeSid
RegDeleteValueA
CreateProcessAsUserA
OpenProcessToken
SetTokenInformation
DuplicateTokenEx
EqualSid
GetTokenInformation
OpenThreadToken
LookupPrivilegeNameA
CloseServiceHandle
OpenSCManagerA
LookupPrivilegeValueA
LookupAccountSidA
ConvertSidToStringSidA
LookupAccountNameA
SetFileSecurityA
AddAccessAllowedAceEx
InitializeAcl

user32

GetParent
FindWindowW
EnumChildWindows
GetDlgCtrlID
GetWindowThreadProcessId
GetDlgItemTextW
SendMessageA
ExitWindowsEx
EnumWindows
CharNextA

shell32

StrCmpNIA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiClassGuidsFromNameExA
SetupDiCreateDeviceInfoListExA
SetupDiGetClassDevsExA
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInfoListDetailA
CM_Get_Device_ID_ExA

shlwapi

StrTrimA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

msvcrt

toupper
tolower
_vsnprintf
strstr
strchr
atoi
sprintf
strrchr
memmove
strncat
isalpha
_except_handler3
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
printf
malloc
free
wcsstr
strncpy
_fileno
_strnicmp
_stricmp
iscntrl
_CxxThrowException
_snprintf
_wcsicmp
fclose
fopen
_access
ftell
fseek
wcslen
wcsncpy
calloc
strtoul
sscanf
strtol
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
_read
_local_unwind2

iphlpapi

GetTcpTable
SetTcpEntry
GetBestRoute
CreateIpForwardEntry
SetIpForwardEntry
DeleteIpForwardEntry
GetIpForwardTable
GetAdaptersInfo
GetIfTable
IpReleaseAddress
GetIpAddrTable
GetInterfaceInfo
NotifyRouteChange

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

crypt32

CertGetNameStringA
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertOpenStore
CertNameToStrA
CertGetIntendedKeyUsage
CertFindChainInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

Exports

Exports

ModCleanUp
ModOnMsgRecv
ModStartUp
ModStatus

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwproxy.dll
.dll windows x86

f8c31bd554a691d48409ce1409c6fde8

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:b1:7e:f5:87:09:be:a3:06:b1:66:08:ac:d8:11:da:88:26:b3:0e:7a:fe:44:12:37:3c:55:95:49:33:5d:6c
Signer

Actual PE Digest

13:b1:7e:f5:87:09:be:a3:06:b1:66:08:ac:d8:11:da:88:26:b3:0e:7a:fe:44:12:37:3c:55:95:49:33:5d:6c

Digest Algorithm

sha256

PE Digest Matches

true

6b:47:54:a9:35:50:d4:b5:ef:3f:3f:29:b3:29:a6:75:3a:07:81:07
Signer

Actual PE Digest

6b:47:54:a9:35:50:d4:b5:ef:3f:3f:29:b3:29:a6:75:3a:07:81:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GetCurrentThread
GetVersionExA
GetSystemInfo
Module32Next
Module32First
LocalFree
TerminateProcess
GetModuleHandleW
GetSystemDirectoryA
GetSystemTime
MoveFileExA
SetFileAttributesA
GetFileAttributesA
lstrcmpiW
LockResource
LoadResource
ProcessIdToSessionId
LoadLibraryExA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileTime
FileTimeToLocalFileTime
CreateDirectoryA
ExpandEnvironmentStringsA
CreateIoCompletionPort
GetCurrentThreadId
GetQueuedCompletionStatus
LocalAlloc
GetExitCodeProcess
GetCurrentProcess
GetStartupInfoA
Process32FirstW
Process32NextW
OpenProcess
GetLogicalDriveStringsA
QueryDosDeviceA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleHandleA
lstrcmpiA
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
OutputDebugStringA
SetFilePointer
SetEndOfFile
WriteFile
DeleteFileA
TryEnterCriticalSection
GetModuleFileNameA
CopyFileA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetExitCodeThread
SetEvent
WaitForSingleObject
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
CreateThread
CreateEventA
ResetEvent
WaitForMultipleObjects
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
Sleep
CloseHandle
DefineDosDeviceA
CreateFileA
FindResourceA

ws2_32

inet_ntoa
htonl
ntohl
ntohs
htons
closesocket
getpeername
setsockopt
inet_addr
WSAGetLastError
gethostbyname
getservbyname
gethostbyaddr
getservbyport
WSAStartup
WSACleanup
WSAIoctl
getsockname
connect
WSASocketA
WSAAddressToStringA
WSARecv
WSAGetOverlappedResult
WSASend
shutdown
listen
WSAEventSelect
bind
WSAEnumNetworkEvents
accept
WSASetLastError

advapi32

RegEnumValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegDeleteValueA
CreateProcessAsUserA
OpenProcessToken
SetTokenInformation
DuplicateTokenEx
EqualSid
GetTokenInformation
OpenThreadToken
LookupPrivilegeNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
LookupAccountSidA
ConvertSidToStringSidA
LookupAccountNameA
SetFileSecurityA
AddAccessAllowedAceEx
AddAccessAllowedAce

user32

GetWindowThreadProcessId
EnumWindows
ExitWindowsEx

shell32

StrStrIA
StrChrIA
StrCmpNIA

shlwapi

StrTrimA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenSystemStoreA
CertCloseStore
CertAddCertificateContextToStore
CertOpenStore
CertNameToStrA
CertDuplicateCertificateContext
CertFindChainInStore
CertGetNameStringA

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

iphlpapi

SetTcpEntry
GetTcpTable

msvcrt

_purecall
_local_unwind2
_except_handler3
??2@YAPAXI@Z
__CxxFrameHandler
_strnicmp
strncpy
memmove
strrchr
free
malloc
strstr
_vsnprintf
strtoul
sprintf
strtol
sscanf
fclose
fopen
_access
_fileno
ftell
fseek
printf
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
strncat
toupper
atoi
_read
calloc
_CxxThrowException
iscntrl
_wcsicmp
_snprintf
strchr

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

ModCleanUp
ModOnMsgRecv
ModStartUp
ModStatus

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwrealsdk.dll
.dll windows x86

cf745107b6c115d741555b72a4c20232

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:f2:ab:3e:9f:93:16:d6:dc:26:e4:76:b2:dc:a1:37:17:e6:ff:39:fa:50:60:6e:14:7c:7e:e5:9b:35:ca:da
Signer

Actual PE Digest

af:f2:ab:3e:9f:93:16:d6:dc:26:e4:76:b2:dc:a1:37:17:e6:ff:39:fa:50:60:6e:14:7c:7e:e5:9b:35:ca:da

Digest Algorithm

sha256

PE Digest Matches

true

34:1e:b8:be:d7:62:3f:22:de:de:f2:8d:ed:79:d9:3b:80:d6:6d:fc
Signer

Actual PE Digest

34:1e:b8:be:d7:62:3f:22:de:de:f2:8d:ed:79:d9:3b:80:d6:6d:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
QueryDosDeviceA
GetLogicalDriveStringsA
OpenProcess
Process32NextW
Process32FirstW
GetStartupInfoA
Sleep
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessA
GetCurrentThread
GetSystemInfo
Module32Next
Module32First
LocalFree
TerminateProcess
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
CreateSemaphoreA
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
GetTickCount
WaitForMultipleObjects
GetCurrentThreadId
LocalAlloc
CopyFileA
GetProcAddress
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
FreeLibrary
CreateDirectoryA
GetTempPathA
GetEnvironmentVariableA
lstrcmpiA
lstrcatA
lstrlenA
lstrcpyA
lstrcpynA
SetFileAttributesA
CloseHandle
SetFileTime
LocalFileTimeToFileTime
CreateFileA
DosDateTimeToFileTime
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
DeleteFileA
WriteFile
SetEndOfFile
Process32First
Process32Next
GetCurrentProcess
GetModuleHandleA
ExpandEnvironmentStringsA
GetVersionExA
GetFileTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
lstrcmpiW
MoveFileExA
GetSystemTime
GetProcessHeap
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
OutputDebugStringA
SetFilePointer
GetLastError

ws2_32

WSASetLastError
accept
ntohs
bind
WSAEventSelect
listen
shutdown
WSASend
htons
WSARecv
WSASocketA
WSAEnumNetworkEvents
setsockopt
getsockname
freeaddrinfo
WSAIoctl
closesocket
WSACleanup
WSAStartup
getaddrinfo
inet_ntoa
WSAAddressToStringA
WSAGetLastError
ntohl
htonl
WSAGetOverlappedResult
connect

advapi32

InitializeAcl
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
FreeSid
SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
AddAccessAllowedAce
RegSetKeySecurity
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
LookupAccountNameA
ConvertSidToStringSidA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAceEx
CryptReleaseContext

user32

EnumWindows
GetWindowThreadProcessId
ExitWindowsEx

shell32

SHGetSpecialFolderLocation
StrChrIA
StrStrIA
StrCmpNIA
SHGetPathFromIDListA

ole32

CoInitialize
CoCreateInstance

setupapi

SetupIterateCabinetA

shlwapi

StrTrimA
StrTrimW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@D@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

crypt32

CertGetNameStringA
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertOpenStore
CertNameToStrA
CertGetIntendedKeyUsage
CertFindChainInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

iphlpapi

GetTcpTable
SetTcpEntry

msvcrt

strncat
strncpy
strchr
atoi
strrchr
memmove
??2@YAPAXI@Z
memchr
strstr
wcslen
sscanf
__CxxFrameHandler
_snprintf
fgetws
fclose
fseek
fopen
_access
_open
_CxxThrowException
_read
_strnicmp
??0exception@@QAE@ABV0@@Z
fputs
fgets
iscntrl
_wcsicmp
ftell
malloc
free
printf
_vsnprintf
remove
_errno
sprintf
_lseek
_close
??0exception@@QAE@ABQBD@Z
_purecall
_ftol
strpbrk
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
_stricmp
_fileno
_write

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

Exports

Exports

LoginSslVpn
LoginSslVpnByGMKey
LoginSslVpnByGMKeyEx
LoginSslVpnEx
LogoutSslVpn
QueryTcpServiceStatus
SetGWCertFinger
SetRenewFlag
__LoginSslVpn

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwsdk.dll
.dll windows x86

4c882272f637203f48aabc5303b007bd

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:57:27:29:bf:b5:d8:fe:4b:a4:79:2c:1f:c1:68:72:16:f6:53:61:c2:89:92:28:66:00:5e:d6:73:c0:e2:84
Signer

Actual PE Digest

9c:57:27:29:bf:b5:d8:fe:4b:a4:79:2c:1f:c1:68:72:16:f6:53:61:c2:89:92:28:66:00:5e:d6:73:c0:e2:84

Digest Algorithm

sha256

PE Digest Matches

true

ba:df:4c:cf:08:79:78:13:16:24:72:5a:c2:98:13:8b:ee:14:2b:7c
Signer

Actual PE Digest

ba:df:4c:cf:08:79:78:13:16:24:72:5a:c2:98:13:8b:ee:14:2b:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
QueryDosDeviceA
GetLogicalDriveStringsA
OpenProcess
Process32NextW
Process32FirstW
GetStartupInfoA
Sleep
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessA
GetCurrentThread
GetSystemInfo
Module32Next
Module32First
LocalFree
TerminateProcess
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
CreateSemaphoreA
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
GetTickCount
WaitForMultipleObjects
GetCurrentThreadId
LocalAlloc
CopyFileA
GetProcAddress
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
FreeLibrary
CreateDirectoryA
GetTempPathA
GetEnvironmentVariableA
lstrcmpiA
lstrcatA
lstrlenA
lstrcpyA
lstrcpynA
SetFileAttributesA
CloseHandle
SetFileTime
LocalFileTimeToFileTime
CreateFileA
DosDateTimeToFileTime
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
DeleteFileA
WriteFile
SetEndOfFile
Process32First
Process32Next
GetCurrentProcess
GetModuleHandleA
ExpandEnvironmentStringsA
GetVersionExA
GetFileTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
lstrcmpiW
MoveFileExA
GetSystemTime
GetProcessHeap
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
OutputDebugStringA
SetFilePointer
GetLastError

ws2_32

WSASetLastError
accept
ntohs
bind
WSAEventSelect
listen
shutdown
WSASend
htons
WSARecv
WSASocketA
WSAEnumNetworkEvents
setsockopt
getsockname
freeaddrinfo
WSAIoctl
closesocket
WSACleanup
WSAStartup
getaddrinfo
inet_ntoa
WSAAddressToStringA
WSAGetLastError
ntohl
htonl
WSAGetOverlappedResult
connect

advapi32

InitializeAcl
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
FreeSid
SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
AddAccessAllowedAce
RegSetKeySecurity
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
LookupAccountNameA
ConvertSidToStringSidA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAceEx
CryptReleaseContext

user32

EnumWindows
GetWindowThreadProcessId
ExitWindowsEx

shell32

SHGetSpecialFolderLocation
StrChrIA
StrStrIA
StrCmpNIA
SHGetPathFromIDListA

ole32

CoInitialize
CoCreateInstance

setupapi

SetupIterateCabinetA

shlwapi

StrTrimA
StrTrimW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@D@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

crypt32

CertGetNameStringA
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertOpenStore
CertNameToStrA
CertGetIntendedKeyUsage
CertFindChainInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

iphlpapi

GetTcpTable
SetTcpEntry

msvcrt

strncat
strncpy
strchr
atoi
strrchr
memmove
??2@YAPAXI@Z
memchr
strstr
wcslen
sscanf
__CxxFrameHandler
_snprintf
fgetws
fclose
fseek
fopen
_access
_open
_CxxThrowException
_read
_strnicmp
??0exception@@QAE@ABV0@@Z
fputs
fgets
iscntrl
_wcsicmp
ftell
malloc
free
printf
_vsnprintf
remove
_errno
sprintf
_lseek
_close
??0exception@@QAE@ABQBD@Z
_purecall
_ftol
strpbrk
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
_stricmp
_fileno
_write

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

Exports

Exports

LoginSslVpn
LoginSslVpnByGMKey
LoginSslVpnByGMKeyEx
LoginSslVpnEx
LogoutSslVpn
QueryTcpServiceStatus
SetGWCertFinger
SetRenewFlag

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwsession.dll
.dll windows x86

88a818a6fe98455949c09ff936e49954

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:b5:7d:37:9c:23:a2:af:da:ba:ac:5e:a4:6c:b3:96:cc:c9:16:17:35:29:99:92:4e:08:cc:30:0e:59:fc:1b
Signer

Actual PE Digest

14:b5:7d:37:9c:23:a2:af:da:ba:ac:5e:a4:6c:b3:96:cc:c9:16:17:35:29:99:92:4e:08:cc:30:0e:59:fc:1b

Digest Algorithm

sha256

PE Digest Matches

true

42:a8:0e:db:40:c3:60:4d:7c:e8:0d:13:1d:db:69:30:23:1c:d8:10
Signer

Actual PE Digest

42:a8:0e:db:40:c3:60:4d:7c:e8:0d:13:1d:db:69:30:23:1c:d8:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTime
OutputDebugStringW
LocalFree
FormatMessageA
GetLastError
WriteFile
SetEndOfFile
SetFilePointer
GetModuleFileNameA
CreateThread
DeviceIoControl
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetUserDefaultLangID
TerminateThread
GetSystemInfo
GetExitCodeThread
WaitForSingleObject
CloseHandle
CreateMutexA
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
LocalAlloc
EnterCriticalSection
ResetEvent
SetEvent
GetFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FindFirstFileA
CreateDirectoryA
FindNextFileA
FindClose
GetTickCount
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
ReadFile
OpenFile
SetFileAttributesA
GetFileAttributesA
DeleteFileA
CopyFileA
MoveFileA
GetTempPathA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RemoveDirectoryA
VirtualQuery
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryExA
FindResourceA
LoadResource
GetSystemDirectoryA
OpenProcess
TerminateProcess
LockResource
lstrcmpiW
MoveFileExA
CreateEventA
Sleep
GetModuleHandleA
QueryDosDeviceA
GetLogicalDriveStringsA
Process32NextW
Process32FirstW
GetExitCodeProcess
LoadLibraryA
ProcessIdToSessionId
FreeLibrary
ExpandEnvironmentStringsA
CreateFileA
GetCurrentThread
GetStartupInfoA
CreateProcessA
GetVersionExA
GetLocalTime
OutputDebugStringA
FileTimeToLocalFileTime
Module32Next
Module32First
FileTimeToSystemTime
lstrcmpiA

ws2_32

recvfrom
recv
WSCInstallNameSpace
WSCUnInstallNameSpace
bind
WSAEventSelect
listen
shutdown
getservbyport
WSASend
sendto
getservbyname
htonl
inet_ntoa
WSASetLastError
ntohs
WSACleanup
WSAStartup
inet_addr
ntohl
WSAGetLastError
gethostbyname
WSAGetOverlappedResult
WSAAddressToStringA
socket
accept
htons
WSAEnumNetworkEvents
WSCWriteNameSpaceOrder
WSAEnumNameSpaceProvidersA
closesocket
WSAIoctl
getsockname
setsockopt
connect
WSASocketA
gethostbyaddr
WSARecv
send

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecA
PathIsDirectoryA
StrTrimA
PathFileExistsA

user32

GetSystemMetrics
GetWindowThreadProcessId
GetParent
FindWindowA
PostMessageA
SendMessageTimeoutA
ExitWindowsEx
EnumWindows

advapi32

LookupAccountSidA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegEnumKeyExA
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
SetFileSecurityA
LookupAccountNameA
ConvertSidToStringSidA
AddAccessAllowedAce
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserA
RegDeleteValueA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
RegOpenKeyExA

shell32

ShellExecuteExA
StrCmpNIA

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??_8?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??_7?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??_7runtime_error@std@@6B@
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Xlen@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindChainInStore
CertGetIntendedKeyUsage
CertNameToStrA
CertOpenStore
CertAddCertificateContextToStore
CertOpenSystemStoreA
CertFindCertificateInStore
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore

msvcrt

_vsnprintf
printf
strstr
isspace
_snprintf
_wcsicmp
_access
_fileno
_purecall
sprintf
_initterm
__CxxFrameHandler
??2@YAPAXI@Z
_adjust_fdiv
__dllonexit
wcslen
strncmp
strchr
wcscpy
strncpy
strncat
atoi
memmove
_onexit
_strnicmp
??1type_info@@UAE@XZ
free
malloc
sscanf
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
_stat
_strdup
swprintf
vswprintf
vsprintf
fopen
_CxxThrowException
fseek
fwrite
_read
fclose
strtol
strtoul
calloc
strpbrk
_ftol
ftell
fread
_getcwd
iscntrl
strrchr
memchr

iphlpapi

SetTcpEntry
GetAdaptersInfo
GetTcpTable

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

netapi32

DsRoleGetPrimaryDomainInformation

wininet

InternetReadFile
InternetSetOptionA
InternetConnectA
InternetQueryOptionA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
InternetOpenA

Exports

Exports

Login
Logout
ModCleanUp
ModOnMsgRecv
ModStartUp
ModStatus

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwuimng.dll
.dll windows x86

70a5889a3e5a8259a167feda820934fa

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:e0:c3:64:fc:94:aa:09:ff:94:69:b3:f2:ea:56:2d:a7:36:88:f5:18:0e:4a:c5:7f:81:90:2e:d6:1d:15:01
Signer

Actual PE Digest

53:e0:c3:64:fc:94:aa:09:ff:94:69:b3:f2:ea:56:2d:a7:36:88:f5:18:0e:4a:c5:7f:81:90:2e:d6:1d:15:01

Digest Algorithm

sha256

PE Digest Matches

true

ea:de:99:36:19:cd:3e:10:3e:2a:21:99:e6:1e:79:82:32:71:55:d5
Signer

Actual PE Digest

ea:de:99:36:19:cd:3e:10:3e:2a:21:99:e6:1e:79:82:32:71:55:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
FreeEnvironmentStringsA
EnterCriticalSection
OutputDebugStringA
TerminateProcess
WriteFile
SetEndOfFile
SetFilePointer
CreateFileA
GetLocalTime
ExpandEnvironmentStringsA
DeleteFileA
CopyFileA
ResetEvent
VirtualQuery
GetCurrentProcessId
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetEnvironmentStrings
GetFileTime
CreateProcessA
GetStartupInfoA
GetLogicalDrives
SetErrorMode
GetVolumeInformationA
OpenProcess
GetVersionExA
GetSystemInfo
GetTempPathA
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTimeZoneInformation
FileTimeToSystemTime
CreateDirectoryA
SystemTimeToTzSpecificLocalTime
FindFirstFileA
GetTickCount
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
ReadFile
OpenFile
SetFileAttributesA
GetFileAttributesA
MoveFileA
DeviceIoControl
FindNextFileA
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetUserDefaultLangID
FindClose
FormatMessageA
RemoveDirectoryA
LoadLibraryExA
FindResourceA
GetSystemTime
OutputDebugStringW
LocalFree
CreateEventA
ExitProcess
GetCurrentThreadId
OpenSemaphoreA
CreateSemaphoreA
GetLastError
CreateThread
ReleaseMutex
OpenEventA
Sleep
SetEvent
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetFileSize
LoadResource
LockResource
lstrcmpiW
MoveFileExA
CloseHandle
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
TryEnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
LocalAlloc

ws2_32

connect
accept
bind
listen
getsockname
setsockopt
send
WSAGetLastError
inet_addr
htons
sendto
ntohs
recvfrom
recv
inet_ntoa
closesocket
shutdown
WSCInstallNameSpace
WSCUnInstallNameSpace
WSCWriteNameSpaceOrder
WSAEnumNameSpaceProvidersA
ntohl
WSASetLastError
htonl
gethostbyname
getservbyname
gethostbyaddr
WSAStartup
WSACleanup
getservbyport
WSAAddressToStringA
WSAIoctl
WSASocketA
WSAGetOverlappedResult
WSASend
WSAEventSelect
WSAEnumNetworkEvents
socket
WSARecv

shell32

ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
StrCmpNIA

ole32

CoInitialize
CoCreateInstance

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathIsDirectoryA
StrTrimA
PathFileExistsA
PathRemoveFileSpecA

user32

FindWindowA
GetParent
SendMessageTimeoutA
GetSystemMetrics
GetWindowThreadProcessId
EnumWindows
PostMessageA

advapi32

DuplicateTokenEx
RegEnumKeyExA
RegDeleteValueA
SetFileSecurityA
AddAccessAllowedAceEx
RegEnumValueA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegCloseKey
FreeSid
OpenProcessToken
RegEnumKeyA
CreateProcessAsUserA

msvcp60

??1_Lockit@std@@QAE@XZ
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_8?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??0_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?_Xran@std@@YAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??1ios_base@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

msvcrt

vsprintf
strncat
memmove
??2@YAPAXI@Z
_fileno
__CxxFrameHandler
wcslen
sprintf
_purecall
strncpy
memchr
_snprintf
strchr
atoi
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_vsnprintf
free
malloc
isspace
strstr
_getcwd
fopen
fclose
fwrite
fread
fseek
ftell
_strnicmp
vswprintf
swprintf
calloc
strtoul
iscntrl
strrchr
_access
printf
sscanf
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
_stricmp
_strdup
_stat
_read
??0exception@@QAE@ABQBD@Z

crypt32

CryptProtectData
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertOpenStore
CertNameToStrA
CertGetIntendedKeyUsage
CertFindChainInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertGetNameStringA

iphlpapi

GetAdaptersInfo

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

Exports

Exports

Login
SendRequest
SetResponser

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwupdater.dll
.dll windows x86

1ca78e4cfebf621bda276ec25cf276d4

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:dd:f5:be:f9:45:ec:df:36:12:c7:77:47:19:43:54:83:f8:a7:0f:97:19:23:dd:48:55:fc:83:68:30:bb:b1
Signer

Actual PE Digest

f0:dd:f5:be:f9:45:ec:df:36:12:c7:77:47:19:43:54:83:f8:a7:0f:97:19:23:dd:48:55:fc:83:68:30:bb:b1

Digest Algorithm

sha256

PE Digest Matches

true

9a:de:e8:6c:77:ad:90:78:78:2d:56:a6:3c:d5:7d:a8:50:60:c8:37
Signer

Actual PE Digest

9a:de:e8:6c:77:ad:90:78:78:2d:56:a6:3c:d5:7d:a8:50:60:c8:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DosDateTimeToFileTime
FileTimeToDosDateTime
GetFileInformationByHandle
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
SetEvent
ResetEvent
LocalAlloc
LocalFileTimeToFileTime
WaitForMultipleObjects
GetCurrentThreadId
SetFileTime
lstrcatA
TerminateProcess
LocalFree
Module32First
Module32Next
GetSystemInfo
GetCurrentThread
CreateProcessA
ProcessIdToSessionId
GetExitCodeProcess
GetStartupInfoA
Process32FirstW
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentProcessId
GetStdHandle
GetFileType
GetVersion
Process32NextW
OpenProcess
GetLogicalDriveStringsA
QueryDosDeviceA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetModuleHandleA
MultiByteToWideChar
FileTimeToLocalFileTime
GetVersionExA
GetFileTime
lstrcpynA
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
lstrcmpiW
SetFileAttributesA
lstrcmpiA
GetProcessHeap
HeapAlloc
HeapFree
GetFullPathNameA
GetFileAttributesA
LoadLibraryA
FreeLibrary
lstrcpyA
lstrlenA
OutputDebugStringA
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
DeleteFileA
GetTempPathA
TerminateThread
WaitForSingleObject
CreateThread
GetSystemDefaultLangID
CreateSemaphoreA
CloseHandle
GetLastError
GetLocalTime
ExpandEnvironmentStringsA
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetSystemTime
CopyFileA
MoveFileExA
Sleep
GetEnvironmentVariableA
GetSystemDirectoryA
CreateDirectoryA
GetTickCount

ws2_32

WSAEventSelect
listen
shutdown
WSASend
WSAGetOverlappedResult
WSARecv
WSASocketA
bind
WSAEnumNetworkEvents
accept
ntohl
connect
setsockopt
WSAAddressToStringA
WSAIoctl
closesocket
WSACleanup
WSAStartup
getservbyport
ntohs
gethostbyaddr
htonl
getsockname
inet_ntoa
WSASetLastError
htons
getservbyname
inet_addr
gethostbyname
WSAGetLastError

advapi32

RegCreateKeyExA
ReportEventA
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegEnumValueA
LookupAccountNameA
ConvertSidToStringSidA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
QueryServiceConfigA
ControlService
ChangeServiceConfig2A
ChangeServiceConfigA
StartServiceA
DeleteService
CreateServiceA
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
AddAccessAllowedAceEx
SetFileSecurityA
RegDeleteValueA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegisterEventSourceA

user32

GetDlgItem
SetWindowTextW
SetTimer
SetWindowPos
SendMessageA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
GetMessageA
ExitWindowsEx
EnumWindows
FindWindowW
EnumChildWindows
GetDlgCtrlID
GetParent
GetDlgItemTextW
CharNextA
EndDialog
LoadIconA
LoadCursorA
RegisterClassA
CreateDialogParamA
GetWindowThreadProcessId
TranslateMessage
DispatchMessageA
UnregisterClassA
MessageBoxW
IsWindow
ShowWindow
EnableWindow

gdi32

SetBkColor
SetTextColor
CreateSolidBrush

shell32

StrChrIA
ShellExecuteA
StrCmpNIA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoInitialize

shlwapi

StrTrimA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ord17

setupapi

CM_Get_Device_ID_ExA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInfoListDetailA
SetupIterateCabinetA
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiClassGuidsFromNameExA
SetupDiCreateDeviceInfoListExA
SetupDiGetClassDevsExA
SetupDiOpenDeviceInfoA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

msvcp60

?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

iphlpapi

SetTcpEntry
GetTcpTable

msvcrt

_fileno
qsort
strcmp
memchr
_initterm
_adjust_fdiv
__dllonexit
_onexit
fprintf
_iob
vfprintf
wcsstr
raise
_exit
realloc
_purecall
rewind
remove
_errno
_lseek
getenv
memmove
??1type_info@@UAE@XZ
_write
_read
_open
_wcsicmp
sscanf
strtoul
calloc
wcsncpy
wcslen
_strlwr
_CxxThrowException
fseek
ftell
malloc
free
iscntrl
_stricmp
_strnicmp
time
isdigit
_ftol
isspace
_wfopen
fflush
_setmode
isxdigit
gmtime
isupper
_getch
_close
signal
isalpha
toupper
tolower
_vsnprintf
strncmp
strrchr
strncpy
??2@YAPAXI@Z
atoi
strchr
strncat
_snprintf
fgets
fputs
_access
_except_handler3
__CxxFrameHandler
fclose
fread
sprintf
fwrite
_strrev
fopen
printf
strstr
swprintf

crypt32

CertGetNameStringA
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertOpenStore
CertNameToStrA
CertGetIntendedKeyUsage
CertFindChainInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

Exports

Exports

ExecuteCommand
GWClientInstall
GWClientRemove
GWClientUpdate
GWVNICInstall
OfflineUpdateNeeded
ResetService
SSLMSG_Cleanup
SSLMSG_One
SSLMSG_One_WithCert
SSLMSG_Startup
SSL_HTTPDownLoad
test

Sections

.text
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/gwvsdserver.dll
.dll windows x86

acbd9141d021099a52298b0ab9f3be94

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:a9:ae:7e:18:8d:b1:bd:81:ee:d8:8e:40:d6:71:5e:4d:55:19:7a:4d:d6:eb:d5:10:fc:12:bb:da:1a:07:c7
Signer

Actual PE Digest

b6:a9:ae:7e:18:8d:b1:bd:81:ee:d8:8e:40:d6:71:5e:4d:55:19:7a:4d:d6:eb:d5:10:fc:12:bb:da:1a:07:c7

Digest Algorithm

sha256

PE Digest Matches

true

34:77:78:7a:14:55:65:69:40:f1:92:2b:b4:98:61:6c:be:47:93:11
Signer

Actual PE Digest

34:77:78:7a:14:55:65:69:40:f1:92:2b:b4:98:61:6c:be:47:93:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
LoadLibraryA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetCurrentProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetLogicalDriveStringsA
OpenProcess
Process32NextW
Process32FirstW
GetStartupInfoA
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessA
GetCurrentThread
GetSystemInfo
Module32Next
Module32First
SetFilePointer
TerminateProcess
GetModuleHandleW
GetModuleFileNameW
GetTickCount
DeleteFileW
MoveFileExW
DeviceIoControl
WideCharToMultiByte
GetCurrentThreadId
GetSystemWindowsDirectoryA
GetCurrentProcessId
CopyFileW
SetEvent
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
WaitForMultipleObjects
SetEndOfFile
WriteFile
ExpandEnvironmentStringsA
CreateDirectoryA
OutputDebugStringA
FileTimeToLocalFileTime
GetVersionExA
GetFileTime
GetDiskFreeSpaceExA
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
lstrcmpiW
FreeLibrary
CreateFileA
CloseHandle
DeleteFileA
GetFileAttributesA
SetFileAttributesA
MoveFileExA
GetSystemTime
CopyFileA
GetProcessHeap
HeapAlloc
HeapFree
Sleep
DefineDosDeviceA
GetFileAttributesW
SetVolumeLabelA
GetDriveTypeA
QueryDosDeviceA
GetExitCodeThread
GetLastError
WaitForSingleObject
CreateThread
MultiByteToWideChar
GetModuleFileNameA
GetLogicalDrives
LocalFree

ws2_32

gethostbyaddr
getservbyport
ntohl
ntohs
htons
getservbyname
inet_addr
gethostbyname
WSAGetLastError
htonl
inet_ntoa
WSASetLastError

advapi32

RegEnumKeyA
RegOpenKeyExA
LookupAccountNameA
ConvertSidToStringSidA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
FreeSid
QueryServiceConfigA
ControlService
ChangeServiceConfig2A
ChangeServiceConfigA
StartServiceA
DeleteService
CreateServiceA
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegDeleteKeyA
RegEnumKeyExA
RegSetKeySecurity
AddAccessAllowedAce
RegDeleteValueA
RegCreateKeyExA

user32

GetWindowThreadProcessId
EnumWindows
ExitWindowsEx
FindWindowW
EnumChildWindows
GetParent
CreateDesktopA
CloseDesktop
SetUserObjectInformationA
GetThreadDesktop
GetWindowTextA
GetDlgItemTextW
SendMessageA
OpenClipboard
SendMessageTimeoutA
EnumDesktopWindows
OpenDesktopA
PostMessageA
GetDlgCtrlID
SwitchDesktop
GetUserObjectInformationA
OpenInputDesktop
CloseClipboard
EmptyClipboard
GetClassNameA

winspool.drv

ClosePrinter
SetJobA
EnumJobsA
OpenPrinterA
EnumPrintersA

shell32

StrCmpNIA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

OleInitialize
OleUninitialize
CoCreateInstance

shlwapi

StrTrimA

gwvdiskctrl

VDisk_RemoveAll
VDiskIsValidFileEx
VDiskUMount
ContainerGetSpaceAllocateFlag
VDiskMount
VDiskGetInitedFlag
VDiskSetInitedFlag
VDiskCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcp60

?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

crypt32

CertGetNameStringA

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

iphlpapi

GetTcpTable
SetTcpEntry

msvcrt

_access
fopen
fclose
sprintf
_snprintf
_strlwr
_CxxThrowException
wcsncpy
free
_purecall
??2@YAPAXI@Z
strncpy
strchr
atoi
wcscpy
__CxxFrameHandler
strncat
malloc
ftell
fseek
_vsnprintf
wcslen
calloc
strtoul
memmove
strtol
sscanf
_wcsicmp
swprintf
wcscat
iscntrl
strrchr
_initterm
_adjust_fdiv
_strnicmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_read
_fileno
strstr

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

Exports

Exports

ModCleanUp
ModOnMsgRecv
ModStartUp
ModStatus

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/libeay32_1.dll
.dll windows x86

fea480130742849f9502d0754d9e21e4

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:9b:cc:64:66:ea:c3:df:67:94:de:21:fd:07:2b:c7:6f:95:34:d0:9d:63:16:4e:4c:48:21:47:ae:ea:90:36
Signer

Actual PE Digest

75:9b:cc:64:66:ea:c3:df:67:94:de:21:fd:07:2b:c7:6f:95:34:d0:9d:63:16:4e:4c:48:21:47:ae:ea:90:36

Digest Algorithm

sha256

PE Digest Matches

true

b3:8a:03:b3:ec:98:97:8e:8f:c4:41:91:82:55:f9:64:59:7a:fe:25
Signer

Actual PE Digest

b3:8a:03:b3:ec:98:97:8e:8f:c4:41:91:82:55:f9:64:59:7a:fe:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

sendto
recvfrom
accept
ntohl
bind
listen
ioctlsocket
WSACleanup
getsockopt
getservbyname
ntohs
WSAStartup
gethostbyname
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
closesocket

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

msvcrt

_adjust_fdiv
_initterm
printf
signal
_snprintf
_exit
raise
wcsstr
_vsnprintf
vfprintf
_iob
free
realloc
malloc
time
localtime
gmtime
_strnicmp
_stricmp
strncpy
_errno
memchr
memmove
_read
_write
isxdigit
isdigit
fprintf
atoi
sprintf
strstr
fputs
fclose
fopen
_wfopen
fread
fwrite
fflush
_setmode
ftell
fseek
fgets
_ftol
strchr
_ftime
perror
qsort
strcmp
_stat
_chmod
_fdopen
_open
getenv
_except_handler3
strerror
isspace
isalnum
tolower
strncmp
isupper
strtoul
strrchr
sscanf
exit
strtol
_getch

kernel32

GetStdHandle
GetFileType
GetVersion
GetTickCount
FindNextFileA
ExitProcess
GetModuleHandleA
GetProcAddress
GetVersionExA
FlushConsoleInputBuffer
FindFirstFileA
FindClose
FreeLibrary
LoadLibraryA
CloseHandle
SetLastError
MultiByteToWideChar
GetCurrentProcessId
GlobalMemoryStatus
GetCurrentThreadId
QueryPerformanceCounter
GetLastError

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_to_generalizedtime
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_bn_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new

Sections

.text
Size: 772KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/pwn.png
.png
xaq-vpn-pwn-main/reverse.png
.png
xaq-vpn-pwn-main/ssleay32_1.dll
.dll windows x86

a6d7fce8b89ce95929c3313928e31150

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:ef:9b:87:4a:50:55:2f:f2:65:dc:73:81:eb:f4:85:b6:aa:9d:23:d7:93:b5:f0:d6:2b:19:a4:ce:bb:7d:79
Signer

Actual PE Digest

93:ef:9b:87:4a:50:55:2f:f2:65:dc:73:81:eb:f4:85:b6:aa:9d:23:d7:93:b5:f0:d6:2b:19:a4:ce:bb:7d:79

Digest Algorithm

sha256

PE Digest Matches

true

87:2a:83:48:e0:2d:e8:6a:ad:06:78:66:b9:95:90:a7:df:12:29:5c
Signer

Actual PE Digest

87:2a:83:48:e0:2d:e8:6a:ad:06:78:66:b9:95:90:a7:df:12:29:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libeay32

ord52
ord2206
ord857
ord905
ord901
ord904
ord1653
ord1654
ord903
ord252
ord222
ord2201
ord3873
ord490
ord176
ord641
ord2821
ord281
ord290
ord654
ord181
ord188
ord269
ord3109
ord2630
ord910
ord2411
ord754
ord3906
ord464
ord3836
ord911
ord289
ord493
ord3245
ord2936
ord3244
ord3844
ord323
ord3067
ord2894
ord961
ord3874
ord3841
ord1202
ord3879
ord3896
ord89
ord109
ord3837
ord285
ord3422
ord202
ord495
ord3883
ord120
ord3239
ord151
ord110
ord111
ord3178
ord3695
ord3570
ord3575
ord3550
ord3608
ord3480
ord3729
ord203
ord128
ord4540
ord2760
ord866
ord4430
ord4233
ord1070
ord4488
ord4245
ord4119
ord170
ord2929
ord3644
ord2578
ord3010
ord2924
ord3459
ord3512
ord3663
ord123
ord201
ord118
ord66
ord4369
ord4474
ord3666
ord219
ord498
ord635
ord912
ord909
ord2784
ord965
ord964
ord256
ord274
ord276
ord3899
ord2572
ord3315
ord2927
ord2747
ord87
ord282
ord333
ord3682
ord2877
ord3711
ord205
ord486
ord484
ord763
ord577
ord907
ord572
ord3165
ord3489
ord1071
ord2925
ord268
ord316
ord363
ord2712
ord4164
ord4262
ord3719
ord216
ord4125
ord4046
ord206
ord497
ord3418
ord481
ord3528
ord2915
ord1096
ord1097
ord3816
ord3888
ord78
ord95
ord2589
ord3891
ord1145
ord1144
ord1081
ord2292
ord3823
ord3846
ord622
ord679
ord623
ord187
ord3857
ord267
ord3633
ord3631
ord3675
ord3737
ord85
ord341
ord1012
ord503
ord3664
ord3479
ord3922
ord2898
ord3124
ord3925
ord541
ord2702
ord264
ord266
ord3313
ord3312
ord3314
ord2400
ord4144
ord4174
ord4372
ord3866
ord3724
ord313
ord3704
ord3758
ord3767
ord3647
ord3460
ord3766
ord3365
ord4114
ord3454
ord3754
ord3394
ord1027
ord3378
ord3437
ord897
ord3414
ord3495
ord3610
ord67
ord1004
ord3527
ord65
ord53
ord98
ord3826
ord3559
ord3399
ord636
ord2257
ord914
ord629
ord892
ord2478
ord626
ord890
ord4513
ord364
ord1010
ord2051
ord74
ord248
ord1655
ord575
ord1025
ord58
ord630
ord628
ord1041
ord1007
ord1005
ord4331
ord246
ord1100
ord2524
ord3505
ord3595
ord1023
ord657
ord401
ord93
ord3396
ord3657
ord891
ord887
ord889
ord4045
ord2475
ord368
ord367
ord370
ord369
ord4320
ord4383
ord315
ord314
ord1671
ord1147
ord189
ord774
ord279
ord283
ord956
ord280
ord400
ord751
ord750
ord2181
ord399
ord748
ord3205
ord1959
ord37
ord35
ord824
ord822
ord8
ord1091
ord3700
ord3513
ord3623
ord32
ord718
ord7
ord716
ord703
ord680
ord2426
ord86
ord88
ord1101
ord293
ord3914
ord3807
ord3795
ord4656
ord4637
ord4615
ord4601
ord2996
ord3155
ord959
ord325
ord329
ord318
ord304
ord292
ord299
ord955
ord2252
ord91
ord247
ord225
ord129
ord4578
ord4572
ord4576
ord125
ord4570
ord4573
ord4582
ord4575
ord4577
ord4584
ord4581
ord4580
ord169
ord168
ord1011
ord167

msvcrt

_iob
strncmp
_ftime
strchr
_errno
abort
free
_initterm
malloc
_adjust_fdiv
strncpy
memmove
time
fprintf

kernel32

GetLastError
DisableThreadLibraryCalls
SetLastError

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_free
SSL_get0_next_proto_negotiated
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl2_ciphers
ssl3_ciphers

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xaq-vpn-pwn-main/vpnbroker.dll
.dll windows x86

8bb5ed3fc0d49dd8dd7b9b4db9143421

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/12/2019, 00:00

Not After

17/05/2021, 12:00

Subject

CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2019, 00:00

Not After

22/02/2022, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Beijing Qianxin Technology Co.\, Ltd.,OU=运维中心,O=Beijing Qianxin Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#131058696368656e67204469737472696374,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:8a:5c:95:13:4f:00:29:25:3e:6e:13:a7:52:e4:94:dc:02:f6:32:f6:01:42:6b:7e:79:61:74:6d:40:21:39
Signer

Actual PE Digest

8e:8a:5c:95:13:4f:00:29:25:3e:6e:13:a7:52:e4:94:dc:02:f6:32:f6:01:42:6b:7e:79:61:74:6d:40:21:39

Digest Algorithm

sha256

PE Digest Matches

true

be:5d:d2:ee:23:ce:87:d7:39:94:75:b9:43:a7:ca:56:ec:4a:32:11
Signer

Actual PE Digest

be:5d:d2:ee:23:ce:87:d7:39:94:75:b9:43:a7:ca:56:ec:4a:32:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
ntohs
getaddrinfo
getpeername
ntohl
accept
getsockopt
listen
gethostbyname
getservbyname
WSAGetOverlappedResult
WSASetLastError
getprotobynumber
gethostname
WSARecv
WSASend
getnameinfo
freeaddrinfo
sendto
recvfrom
WSAIoctl
socket
shutdown
setsockopt
send
select
recv
getsockname
ioctlsocket
connect
closesocket
bind
WSACleanup
WSAStartup
WSAGetLastError
htonl

shlwapi

PathRemoveFileSpecA
PathIsDirectoryA
PathFileExistsA

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetDesktopWindow

shell32

SHGetSpecialFolderPathA

advapi32

CryptDecrypt
DuplicateTokenEx
AllocateAndInitializeSid
AddAccessAllowedAce
CreateProcessAsUserA
OpenProcessToken
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetKeySecurity
RegSetValueExA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptGenRandom
RegQueryValueExA
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
FreeSid
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

iphlpapi

GetNetworkParams

dbghelp

MiniDumpWriteDump

kernel32

SetFilePointerEx
GetACP
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
MoveFileExW
SetStdHandle
SetConsoleCtrlHandler
GetCurrentDirectoryW
GetFullPathNameW
FlushFileBuffers
HeapReAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ExitProcess
SetEndOfFile
GetTimeZoneInformation
PeekNamedPipe
GetFileInformationByHandle
Sleep
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
DeleteFileA
CreateDirectoryA
CreateFileA
FindClose
ReadConsoleInputA
FindNextFileA
GetFileSize
ReadFile
SetFilePointer
WriteFile
CloseHandle
OpenFile
OutputDebugStringA
GetCurrentProcessId
GetLocalTime
GetModuleFileNameA
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
ExpandEnvironmentStringsA
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
GetCurrentProcess
GetCurrentThreadId
GetSystemTime
LocalFree
FormatMessageA
GetComputerNameA
SystemTimeToFileTime
ReleaseMutex
CreateMutexA
TerminateThread
DecodePointer
VerSetConditionMask
VerifyVersionInfoW
SetUnhandledExceptionFilter
SetLastError
GetFileType
GetVersion
QueryPerformanceCounter
GetTickCount
GetVersionExA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemDirectoryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
CreateEventA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
CreateSemaphoreA
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
GetDriveTypeW
CreateFileW
GetConsoleCP
ReadConsoleW
GetConsoleMode
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
SetConsoleMode
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
HeapSize
GetExitCodeThread
EncodePointer
RaiseException
RtlUnwind

crypt32

CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Exports

Exports

SPBrokerBrowserInit
SPExeCmd
SPGetPort

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

572e1b27a0c0977a270e959b4e29047e

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

21:9e:6f:f6:df:06:06:8c:74:81:aa:ed:6d:e2:83:6b:00:08:69:b1:c9:7a:e5:8b:c5:ab:e9:26:dc:86:7b:5cSigner

9b:07:af:57:e8:4e:6b:25:fd:48:b3:40:07:57:02:c0:84:92:63:5eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 4KB - Virtual size: 3KB

681bc60206cc8238ad68bbec3ca79e3d

Code Sign

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

2e:f6:8e:6c:0c:f1:2e:67:5d:1a:e0:42:2f:c0:78:52:b2:b7:6c:cfSigner

Headers

DLL Characteristics

File Characteristics

Imports

java

advapi32

psapi

msvcr100

kernel32

Exports

Exports

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

21:9e:6f:f6:df:06:06:8c:74:81:aa:ed:6d:e2:83:6b:00:08:69:b1:c9:7a:e5:8b:c5:ab:e9:26:dc:86:7b:5c
Signer

9b:07:af:57:e8:4e:6b:25:fd:48:b3:40:07:57:02:c0:84:92:63:5e
Signer

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 4KB - Virtual size: 3KB

59:7e:4e:45:cb:c1:15:bb:a6:40:26:02:e8:9c:bf:45
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

2e:f6:8e:6c:0c:f1:2e:67:5d:1a:e0:42:2f:c0:78:52:b2:b7:6c:cf
Signer

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 384B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 512B - Virtual size: 36B

61:1c:b2:8a:00:00:00:00:00:26
Certificate

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0b:1e:c9:d9:2b:db:69:2d:f1:ce:97:12:86:a3:42:d6
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

57:f3:27:63:85:c0:dc:2e:16:5d:11:31:a6:e4:89:b3:b8:6a:7f:94:0b:5d:b2:04:fa:de:c7:01:2c:a1:8f:2d
Signer

4d:a9:23:dc:ef:96:ca:90:d6:6e:f0:df:9f:f9:39:16:e1:ba:42:31
Signer

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 518KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 8KB - Virtual size: 5KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

03:dc:fe:d7:f0:bd:93:2b:ad:83:b8:a1:dd:6d:95:95
Certificate