2a2d7842662b0980321e5b3d5b00b512

Sharing

Copy URL Twitter E-mail

General

Target

2a2d7842662b0980321e5b3d5b00b512
Size

1.1MB
MD5

2a2d7842662b0980321e5b3d5b00b512
SHA1

601319d898cf631cfa081292b7289af7314ad268
SHA256

e94914ba4ea99e8c7c48a019f7619fa0ab795bb29d1eea853bea469f87a39b8d
SHA512

2d8a1220861afa360ee507b0d6551edd253fcef0d3e8f242015d16f33ed82fe6bb53f502a41deef280672dd86289e2dc4105d15e346aab6f38d997850ef04aac
SSDEEP

24576:ZM2liJ40DqnYqcJPJtvNLoRbdLCrAbWHOBl2NnWxvuGS0NmtgP09d:Z3ldWsLKVKdLCrAbWHg4pWoA309d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kwsafe/kswbc.dll

Files

2a2d7842662b0980321e5b3d5b00b512
.7z
kwsafe/KwSAFE.exe
.exe windows:4 windows x86 arch:x86

a1575143c7276d23e65a1698d2158da9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:8d:d5:18:b6:0b:38:d2:eb:cd:9a:25:d1:19:53:ef:47:ea:81:93
Signer

Actual PE Digest

6b:8d:d5:18:b6:0b:38:d2:eb:cd:9a:25:d1:19:53:ef:47:ea:81:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
Process32FirstW
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
Process32NextW
OpenProcess
CreateProcessW
SetThreadPriority
ResumeThread
CreateMutexW
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetLastError
CreateThread
SetConsoleCtrlHandler
SetProcessWorkingSetSize
DuplicateHandle
DeleteCriticalSection
GetProcAddress
Sleep
FreeLibrary
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleFileNameW
SetEvent
TerminateThread
GetCurrentThread
GetCurrentProcess
CreateEventW
CloseHandle
LoadLibraryW
WaitForSingleObject
CreateFileA
GetVersionExW
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetFullPathNameA
GetCurrentDirectoryA
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ReadFile
FlushFileBuffers
GetThreadLocale

user32

PeekMessageW
DispatchMessageW
RegisterClassExW
DefWindowProcW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
FindWindowW
ShowWindow
CreateWindowExW
GetMessageW

advapi32

CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
LockServiceDatabase
OpenSCManagerW
UnlockServiceDatabase
StartServiceW
ChangeServiceConfigW
RegSetValueExW
CreateServiceW
RegDeleteValueW
OpenServiceW
RegCloseKey
RegCreateKeyW
CloseServiceHandle
ChangeServiceConfig2W
DeleteService
QueryServiceStatus
RegOpenKeyExW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW

ole32

CoCreateInstance

shlwapi

PathAppendW
PathRemoveFileSpecW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kwsafe/Readme.txt
kwsafe/kavifr.dll
.dll windows:4 windows x86 arch:x86

266eab2d73d7d6538391b96e3dd9c36e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:10:fc:0b:2d:11:d9:ee:16:2f:d6:f9:5e:c7:96:a1:e0:44:2c:1a
Signer

Actual PE Digest

46:10:fc:0b:2d:11:d9:ee:16:2f:d6:f9:5e:c7:96:a1:e0:44:2c:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
LockResource
LoadResource
GetProcessHeap
FindResourceExW
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
HeapReAlloc
HeapAlloc
GetLastError
HeapFree
GetSystemDirectoryA
DeleteCriticalSection
lstrlenW
LoadLibraryA
GetProcAddress
FreeLibrary
FindResourceW
WaitForSingleObject
lstrlenA
InitializeCriticalSection
DeleteFileW
InterlockedExchange
SizeofResource
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetTickCount
GetTempPathW
GetFileInformationByHandle
SetFilePointer
ReadFile
WriteFile
GetLocalTime
SystemTimeToFileTime
Sleep
FileTimeToSystemTime
GetConsoleCP
GetModuleFileNameA
CreateFileA
GetStdHandle
VirtualFree
HeapCreate
IsValidCodePage
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetOEMCP
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
RaiseException
GetVersionExA
HeapDestroy
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
GetConsoleMode

user32

GetDesktopWindow
UnregisterClassA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathAddBackslashW
PathFileExistsW

ws2_32

WSAStartup
WSASetLastError
gethostbyaddr
getservbyport
ntohs
WSASetEvent
inet_ntoa
WSACreateEvent
htonl
WSARecv
getservbyname
htons
WSAGetLastError
WSAGetOverlappedResult
WSASend
gethostbyname
WSAResetEvent
inet_addr
WSAEnumNetworkEvents
WSAConnect
WSASocketW
WSACloseEvent
closesocket
WSACleanup
WSAEventSelect

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kavpass2.dll
.dll windows:4 windows x86 arch:x86

f9a9c3ee3c89d55726974153e595d014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1c:a2:1b:88:26:63:a4:1d:0d:02:57:8c:30:67:d9:ce:de:aa:fe:50
Signer

Actual PE Digest

1c:a2:1b:88:26:63:a4:1d:0d:02:57:8c:30:67:d9:ce:de:aa:fe:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
SetFilePointer
WritePrivateProfileStringW
WriteFile
FreeLibrary
lstrlenW
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetPrivateProfileIntW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
GetLastError
SizeofResource
WriteConsoleW
GetConsoleOutputCP
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
CreateDirectoryW
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
LCMapStringW
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LoadLibraryA
CreateFileA
SetStdHandle
FlushFileBuffers
WriteConsoleA

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoCreateGuid

shlwapi

PathAppendW

user32

UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/ksais.dat
kwsafe/kswbc.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d722b46f77981ed8b9edd09cabf8597d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleInformation

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionW
InternetOpenW
HttpSendRequestA
InternetCrackUrlA
InternetSetOptionA
InternetCrackUrlW

kernel32

UnmapViewOfFile
ResetEvent
SetEvent
MapViewOfFile
OpenFileMappingW
OpenEventW
WaitForSingleObject
OpenMutexW
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetCurrentProcess
IsBadReadPtr
GetModuleFileNameA
VirtualProtect
LoadLibraryA
GetModuleHandleA
DisableThreadLibraryCalls
TerminateThread
GetFileAttributesW
FreeResource
LockResource
VirtualAlloc
ReadFile
SetFilePointer
CreateFileW
WaitForMultipleObjects
CreateEventW
CloseHandle
CreateThread
ExpandEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
HeapCreate
VirtualFree
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
ReleaseMutex
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
MultiByteToWideChar
lstrcmpiW
lstrcatW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
lstrlenW
GetCurrentProcessId
SetStdHandle
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetACP
InterlockedExchange
GetCommandLineA
GetSystemTimeAsFileTime
CreateDirectoryA
GetCurrentThreadId
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale

user32

ReleaseDC
UnregisterClassA
FindWindowExW
CharNextW
CopyRect
InvalidateRect
GetParent
KillTimer
GetClientRect
GetWindowTextW
SetTimer
SendMessageW
GetWindowRect
SetWindowPos
CreateWindowExW
IsWindow
CharLowerBuffW
LoadCursorW
MoveWindow
LoadBitmapW
SetWindowLongW
GetForegroundWindow
DrawTextW
CallWindowProcW
GetPropW
DefWindowProcW
BeginPaint
EndPaint
ScreenToClient
SetPropW
GetWindowDC
RegisterClassExW
FillRect

gdi32

CreateCompatibleDC
GetObjectW
DeleteDC
SelectObject
SetBkMode
GetStockObject
GetPixel
CreateSolidBrush
DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

CoGetInterfaceAndReleaseStream
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoCreateGuid

oleaut32

VariantClear
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SafeArrayAccessData
UnRegisterTypeLi
RegisterTypeLi
VariantInit
SysStringLen
VarBstrCat
SafeArrayUnaccessData
SysFreeString

shlwapi

StrToIntW
PathAppendA
PathIsURLW
UrlApplySchemeW
StrCmpW
StrCmpIW
PathFileExistsW
StrStrIA
StrStrIW
PathAppendW
PathRemoveFileSpecW
StrCmpNIW

msimg32

GradientFill
TransparentBlt

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kswebshield.dll
.dll windows:4 windows x86 arch:x86

1ad8a5485c83c61dabe80bab5ba03e21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:4f:60:59:77:3a:75:c7:04:1e:c1:aa:df:ff:58:b4:d7:55:7c:fb
Signer

Actual PE Digest

e0:4f:60:59:77:3a:75:c7:04:1e:c1:aa:df:ff:58:b4:d7:55:7c:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleInformation
GetModuleFileNameExA
GetModuleFileNameExW

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetSystemInfo
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GetLastError
LocalFree
lstrcatW
LoadLibraryW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InterlockedIncrement
ResetEvent
InterlockedDecrement
SetEvent
WaitForSingleObject
VirtualAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
MultiByteToWideChar
lstrlenA
Sleep
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateRemoteThread
lstrcmpiA
CreateToolhelp32Snapshot
OpenMutexW
Module32FirstW
Module32NextW
OpenEventW
OpenFileMappingW
CopyFileW
IsBadReadPtr
OutputDebugStringW
CreateProcessW
CreateProcessA
WinExec
VirtualFree
LoadLibraryExW
CopyFileExA
CopyFileExW
CopyFileA
GetFileSize
CreateFileMappingW
SearchPathW
GetLongPathNameW
GetSystemDirectoryA
GetWindowsDirectoryA
GetFullPathNameA
CreateFileA
VirtualQuery
GetTickCount
lstrcpynW
CreateFileW
SetLastError
lstrcpyA
ReadFile
GetThreadLocale
OutputDebugStringA
CreateEventA
TerminateThread
RaiseException
lstrcmpiW
HeapAlloc
HeapFree
HeapReAlloc
GetModuleHandleW
CreateThread
WriteProcessMemory
VirtualProtect
GetVersionExW
IsBadWritePtr
GetModuleFileNameW
WideCharToMultiByte
lstrlenW
GetFileAttributesA
GetModuleFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryExA
CreateDirectoryA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
TerminateProcess
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
InterlockedExchange

user32

CharLowerBuffW
UnregisterClassA
CharNextW
CharLowerW
wsprintfA

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
ProgIDFromCLSID
CoTaskMemRealloc
CLSIDFromString

oleaut32

VarUI4FromStr
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SysStringLen
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

shlwapi

PathRemoveArgsW
PathUnquoteSpacesW
PathFileExistsW
PathQuoteSpacesW
PathRemoveBlanksW
UrlApplySchemeW
PathIsURLW
UrlApplySchemeA
PathIsURLA
StrDupW
PathIsRootA
PathIsDirectoryA
StrCmpIW
PathFindFileNameW
PathAppendA
PathRemoveFileSpecA
PathIsContentTypeW
PathRemoveFileSpecW
StrStrIA
StrStrIW
StrCmpNIA

wininet

InternetQueryDataAvailable
InternetCrackUrlW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

WSASetLastError

Exports

Exports

GetUWL
MatchingUWUrl
MatchingUrl
ProcessUWUrl
RegisterUrlProcessor
UnregisterUrlProcessor
UrlProcess

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kuientry.dll
.dll windows:4 windows x86 arch:x86

a6ce9316a9dadba3c551d8c91c16776d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:53:34:e9:10:52:f8:03:b4:50:f2:55:e5:cf:0d:d7:88:d6:f8:38
Signer

Actual PE Digest

ee:53:34:e9:10:52:f8:03:b4:50:f2:55:e5:cf:0d:d7:88:d6:f8:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetSetFilePointer
InternetOpenUrlA
InternetOpenA
InternetReadFile
HttpQueryInfoA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

kernel32

CloseHandle
ReleaseMutex
MultiByteToWideChar
lstrlenW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
EnterCriticalSection
GetModuleFileNameW
SizeofResource
RaiseException
LoadResource
LeaveCriticalSection
DeleteCriticalSection
FindResourceW
LoadLibraryExW
InitializeCriticalSection
lstrcmpiW
FreeLibrary
GetUserDefaultLCID
GlobalUnlock
MulDiv
GlobalLock
GlobalAlloc
SetLastError
LockResource
GetCurrentThreadId
FindResourceExW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
DeleteFileA
CreateProcessW
LoadLibraryW
MoveFileExA
Sleep
GetProcAddress
GetVersion
GetVersionExW
ExitThread
GetPrivateProfileIntW
GetTempPathA
GetCommandLineW
LocalFree
CreateEventW
GetModuleFileNameA
GetFileAttributesW
GetFileAttributesA
CreateFileW
ReadFile
CreateFileA
WriteFile
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLastError
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
HeapCreate
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
CreateDirectoryA
CreateThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetStringTypeW
GetStringTypeA
UnmapViewOfFile
WideCharToMultiByte
ResetEvent
SetEvent
MapViewOfFile
OpenFileMappingW
OpenEventW
GetCurrentProcessId
WaitForSingleObject
lstrlenA
OpenMutexW
GetPrivateProfileStringW
GetEnvironmentStrings

user32

RedrawWindow
GetWindowTextW
IsWindow
RegisterClassExW
ScreenToClient
MoveWindow
CopyRect
SetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
AttachThreadInput
GetWindowThreadProcessId
SetWindowsHookExW
KillTimer
GetForegroundWindow
EqualRect
SetRect
SetWindowRgn
SetTimer
SetWindowTextW
EndPaint
GetDlgItem
GetWindowLongW
GetDC
ReleaseDC
SetWindowLongW
SetCapture
ReleaseCapture
UnregisterClassA
SetPropW
GetMessageW
CreateDialogParamW
SetWindowPos
CallWindowProcW
GetActiveWindow
ShowWindow
PtInRect
FillRect
ClientToScreen
LoadCursorW
GetWindow
OffsetRect
EndDialog
DialogBoxParamW
GetWindowTextLengthW
DispatchMessageW
SystemParametersInfoW
TranslateMessage
GetWindowRect
PeekMessageW
MapWindowPoints
IsWindowVisible
GetSysColor
GetClassNameW
InvalidateRect
GetParent
SendMessageW
DestroyWindow
CreateAcceleratorTableW
GetDesktopWindow
DefWindowProcW
PostMessageW
DestroyAcceleratorTable
InvalidateRgn
GetClassInfoExW
RegisterWindowMessageW
BeginPaint
IsChild
CreateWindowExW
GetClientRect
GetFocus
SetFocus
CharNextW

gdi32

CreateRoundRectRgn
GetStockObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
DeleteDC
DeleteObject
GetDeviceCaps
CreateRectRgn
CombineRgn
CreatePolygonRgn
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
IsTextUnicode
RegQueryValueExW

shell32

SHBindToParent
SHGetFolderPathA
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoGetClassObject
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemRealloc
CLSIDFromProgID
OleInitialize
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoCreateGuid
OleUninitialize

oleaut32

VarUI4FromStr
SysFreeString
VarBstrCat
SysAllocString
SysAllocStringLen
SysStringByteLen
SysStringLen
VariantInit
OleCreateFontIndirect
VariantClear
LoadRegTypeLi
LoadTypeLi
DispCallFunc

shlwapi

PathFileExistsW
PathAppendA
PathRemoveFileSpecA
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathCreateFromUrlW
UrlIsW
PathFindExtensionW
PathIsDirectoryW
AssocQueryStringW
StrStrIW
StrCmpNIW
UrlApplySchemeW
PathIsURLW
StrRetToBufW
UrlUnescapeW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kws_bind.cfg
kwsafe/kwsinst.exe
.exe windows:4 windows x86 arch:x86

54801a8510b051e78dcc72cdac3c0113

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8a:96:2f:e4:4b:bf:5d:7f:a4:33:43:5b:a5:3f:25:82:02:a2:62:02
Signer

Actual PE Digest

8a:96:2f:e4:4b:bf:5d:7f:a4:33:43:5b:a5:3f:25:82:02:a2:62:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetOpenW
InternetCloseHandle
InternetOpenUrlW

kernel32

WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindClose
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetTickCount
FileTimeToLocalFileTime
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
CreateDirectoryA
RtlUnwind
RaiseException
ExitProcess
HeapReAlloc
HeapSize
VirtualProtect
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToSystemTime
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalFlags
InterlockedDecrement
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetModuleHandleA
GlobalAddAtomW
GetCurrentProcessId
GetLastError
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
InterlockedExchange
lstrcmpW
FreeLibrary
GlobalAlloc
FormatMessageW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
FindNextFileW
MoveFileExW
FindFirstFileW
GetVersionExW
WaitForSingleObject
CreateProcessW
TerminateProcess
GetSystemDirectoryW
GetShortPathNameW
WritePrivateProfileStringW
DeleteFileW
Sleep
GetFileAttributesW
GetModuleFileNameA
MultiByteToWideChar
GetPrivateProfileStringW
lstrlenA
FindResourceW
LoadResource
LockResource
SizeofResource
SetFilePointer
GetFileSize
CreateFileW
WideCharToMultiByte
lstrlenW
GetModuleFileNameW
LocalFree
GetCommandLineW
OpenProcess
GetCurrentProcess
GetModuleHandleW
GetProcAddress
CloseHandle
ReadFile
InterlockedCompareExchange
RemoveDirectoryA
VirtualAlloc

user32

CharUpperW
UnregisterClassW
RegisterClipboardFormatW
PostThreadMessageW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetCursor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
GetDesktopWindow
SetCapture
LoadCursorW
GetSysColorBrush
SetForegroundWindow
DestroyMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
FindWindowW
GetSysColor
GetWindowRect
ModifyMenuW
GetClientRect
GetSystemMetrics
IsIconic
LoadBitmapW
EnableWindow
LoadIconW
SendMessageW
DrawIcon
wsprintfW
MessageBoxW
GetDlgCtrlID
UnregisterClassA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetViewportExtEx
ExtSelectClipRgn
DeleteDC
Escape
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetObjectW
DeleteObject
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetStockObject
CreatePen
SelectObject
CreateFontW
RoundRect
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW
SHChangeNotify
SHGetSpecialFolderPathW
CommandLineToArgvW

comctl32

InitCommonControlsEx

shlwapi

PathAppendW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize
CoRevokeClassObject
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CoFreeUnusedLibraries

oleaut32

VariantCopy
SysFreeString
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringLen

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kwsafe/kwsmot.dll
.dll windows:4 windows x86 arch:x86

608b00aad2c7b472e8ed2740c6f2eeab

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:61:38:63:55:d1:d7:2a:96:5f:c3:86:d6:cd:9a:ed:fb:a3:04:ea
Signer

Actual PE Digest

0c:61:38:63:55:d1:d7:2a:96:5f:c3:86:d6:cd:9a:ed:fb:a3:04:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

SuspendThread
ResumeThread
VirtualProtectEx
IsBadReadPtr
SetPriorityClass
VirtualProtect
GetVersionExW
lstrcpyW
LoadLibraryW
lstrlenW
OutputDebugStringW
ReadConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetStdHandle
MultiByteToWideChar
HeapFree
HeapAlloc
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetThreadContext
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
IsValidCodePage
SetThreadContext
FlushInstructionCache
InterlockedIncrement
InterlockedDecrement
Sleep
VirtualAlloc
VirtualFree
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
GetVersionExA
WaitForSingleObject
ReadProcessMemory
lstrcmpiA
GetCurrentProcessId
OpenProcess
lstrcmpiW
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetVersion
SetLastError
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetLastError
RaiseException
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy

user32

WindowFromPoint
GetWindowThreadProcessId
CharNextExA
WindowFromDC
GetClassNameW
PtInRect
RedrawWindow
GetClientRect
GetDC
ReleaseDC
ScreenToClient
ClientToScreen
SendMessageW
GetMenu
GetWindowTextW
GetWindowRect
GetMenuBarInfo
MenuItemFromPoint
GetMenuStringW
GetMenuItemRect
GetSystemMetrics
MessageBoxA

gdi32

GetObjectW
GetPixel
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
TextOutA
TextOutW
ExtTextOutA
ExtTextOutW
BitBlt
StretchBlt
GetDeviceCaps
GetTextExtentExPointW
GetTextAlign
GetCurrentPositionEx
GetTextMetricsW
GetDCOrgEx
GetMapMode
GetTextExtentPoint32W
GetStockObject
SelectObject
CreateFontIndirectW
DeleteObject
GetGlyphIndicesW
LPtoDP

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

oleaut32

SysFreeString
SysAllocString

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleBaseNameA

shlwapi

StrStrIW

Exports

Exports

DllGetInterface

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kwsow.dll
.dll windows:4 windows x86 arch:x86

246606c015cf0126d9d380607747c2b1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:22:02:d7:9b:64:f5:60:72:47:09:98:9b:74:9f:1f:fc:5e:34:26
Signer

Actual PE Digest

03:22:02:d7:9b:64:f5:60:72:47:09:98:9b:74:9f:1f:fc:5e:34:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
GetStdHandle
Sleep
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
GetThreadLocale
GlobalFlags
InterlockedIncrement
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
InterlockedExchange
InterlockedDecrement
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
FormatMessageW
MulDiv
GetModuleFileNameW
GetCurrentThreadId
FreeLibrary
GetCurrentProcess
LocalFree
LocalAlloc
LoadLibraryW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenW
WideCharToMultiByte
GetCurrentProcessId
CreateThread
lstrlenA
ReleaseMutex
CloseHandle
UnmapViewOfFile
ResetEvent
GetModuleFileNameA
SetEvent
GetModuleHandleA
MapViewOfFile
GetLastError
OpenFileMappingW
OpenEventW
WaitForSingleObject
OpenMutexW
TerminateThread
GlobalFree
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetVersionExW
GetProcAddress
GetCPInfo
MultiByteToWideChar

user32

BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetActiveWindow
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
CopyRect
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetWindowTextW
GetFocus
GetParent
SetWindowPos
SendMessageW
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DestroyMenu
GetSysColorBrush
UnregisterClassW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MessageBoxW
EndPaint
PostThreadMessageW
GetWindowThreadProcessId
LoadCursorW
TranslateMessage
DispatchMessageW
GetMessageW
PeekMessageW
SetWindowLongW
GetWindowLongW
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
RedrawWindow
GetSysColor
ReleaseDC
GetDC
SetCursor
UpdateWindow
SetTimer
KillTimer
InvalidateRect
PtInRect
GetWindowRect
GetCursorPos
LoadBitmapW
EnableWindow
PostMessageW
IsIconic
UnregisterClassA

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleBitmap
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteDC
SelectObject
DeleteObject
CreateFontIndirectW
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
CreateProcessAsUserW
OpenProcessToken
RegQueryValueW
RegOpenKeyExW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathAppendA
PathRemoveFileSpecA

oleaut32

VariantClear
VariantChangeType
VariantInit

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Exports

Exports

CreateInstance
DeleteInstance
DllPreTranslateMessage

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kwspid.kid
kwsafe/kwspop.dll
.dll windows:4 windows x86 arch:x86

5e49afb6a72f91f709434730fa452822

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:e2:be:5d:e5:96:1a:c2:bb:bc:19:6d:fe:77:2d:ba:66:7d:7c:d8
Signer

Actual PE Digest

fa:e2:be:5d:e5:96:1a:c2:bb:bc:19:6d:fe:77:2d:ba:66:7d:7c:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
ExitProcess
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetFullPathNameW
VirtualFree
HeapDestroy
HeapCreate
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
lstrlenA
FileTimeToSystemTime
GetThreadLocale
GetModuleHandleA
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
SuspendThread
ResumeThread
GlobalAlloc
FormatMessageW
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetProcAddress
GetVersionExA
LockResource
ResetEvent
WaitForMultipleObjects
SetEvent
CreateThread
CreateEventW
MultiByteToWideChar
lstrcmpiW
InterlockedIncrement
GetModuleFileNameW
InterlockedDecrement
GetLastError
LoadLibraryExW
FindResourceW
LoadResource
FreeLibrary
RaiseException
GetModuleHandleW
SizeofResource
lstrlenW
GetTickCount
TerminateThread
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
Sleep
GetModuleFileNameA
GetUserDefaultLCID

user32

MessageBeep
RegisterClipboardFormatW
SetRect
IsRectEmpty
CopyAcceleratorTableW
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ClientToScreen
UnregisterClassW
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
SetCursor
PostQuitMessage
GetMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
GetNextDlgGroupItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
CharUpperW
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
SendMessageW
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
CharNextW
SystemParametersInfoW
DispatchMessageW
SetTimer
TranslateMessage
PeekMessageW
KillTimer
PostThreadMessageW
EnableWindow
SetPropW
IsWindow
UnregisterClassA

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
RectVisible
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
PtVisible
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateRectRgnIndirect
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
DeleteObject
GetDeviceCaps
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
VariantCopy
SysAllocStringLen
VariantChangeType
VarUI4FromStr
SysFreeString
VariantInit
SysAllocString
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen

winmm

timeSetEvent

Exports

Exports

GetService

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kwssp.dll
.dll windows:4 windows x86 arch:x86

cf0747d0fa3dfda0f26a65b7b3bfbad6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f3:b3:39:e4:35:84:f3:a1:81:25:f9:84:62:3c:83:a8:90:49:32:79
Signer

Actual PE Digest

f3:b3:39:e4:35:84:f3:a1:81:25:f9:84:62:3c:83:a8:90:49:32:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

wininet

HttpOpenRequestA
InternetConnectA
HttpAddRequestHeadersA
InternetOpenUrlA
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpQueryInfoA
InternetReadFile
InternetSetFilePointer
DeleteUrlCacheEntryA
HttpSendRequestW
InternetOpenA
InternetCloseHandle
InternetSetOptionW

kernel32

OpenMutexW
DeleteFileA
WaitForSingleObject
TerminateThread
InterlockedIncrement
InterlockedDecrement
GetLastError
SetEvent
GetModuleFileNameW
lstrlenW
WideCharToMultiByte
GetPrivateProfileIntW
LoadLibraryA
CopyFileW
FreeLibrary
DeleteFileW
GetProcAddress
WritePrivateProfileStringA
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringW
GetFileAttributesW
LoadLibraryW
SetFileAttributesW
WritePrivateProfileStringW
CreateEventW
LocalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WaitForMultipleObjects
ResetEvent
GetVersionExW
LocalAlloc
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateProcessW
GetExitCodeProcess
GetCurrentThreadId
SetEndOfFile
GetFileSize
OpenEventW
OpenFileMappingW
CreateFileW
ReadFile
WriteFile
SetFilePointer
HeapAlloc
CloseHandle
HeapFree
FindResourceW
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetProcessHeap
EnterCriticalSection
GetFileAttributesA
GetSystemTime
CreateFileA
GetLocalTime
CreateThread
GetTickCount
Sleep
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
lstrcmpW
QueueUserWorkItem
InterlockedExchangeAdd
InterlockedCompareExchange
DebugBreak
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetTempPathA
MoveFileExA
GetModuleHandleW
MoveFileExW
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
ReleaseMutex
CreateMutexW
MultiByteToWideChar
lstrlenA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoW
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LeaveCriticalSection
GetStdHandle
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
RaiseException
TerminateProcess
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
CreateDirectoryA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedExchange

user32

UnregisterClassA
wsprintfW

advapi32

FreeSid
RegEnumKeyExW
RegSetValueW
RegCreateKeyW
RegOpenKeyW
CreateProcessAsUserW
GetTokenInformation
OpenProcessToken
SetTokenInformation
DuplicateTokenEx
EqualSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDisablePredefinedCache
ImpersonateLoggedOnUser
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear

shlwapi

SHDeleteValueW
PathRemoveFileSpecW
PathAppendW
PathRemoveFileSpecA
PathAppendA
PathFileExistsW
StrStrIW
PathFindFileNameW

ws2_32

WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSASetLastError
WSASend
WSASocketW
WSACleanup
WSAGetOverlappedResult
WSARecv
WSACreateEvent
WSASetEvent
WSAEventSelect
inet_addr
gethostbyname
WSAGetLastError
htons
getservbyname
htonl
inet_ntoa
ntohs
getservbyport
gethostbyaddr
closesocket
WSAStartup
WSACloseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

winmm

timeSetEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kwstray.exe
.exe windows:4 windows x86 arch:x86

93c437152328e12890058985b3804643

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

72:da:51:24:6f:61:92:c1:de:9b:7e:48:f3:3f:c8:86:d6:59:f8:42
Signer

Actual PE Digest

72:da:51:24:6f:61:92:c1:de:9b:7e:48:f3:3f:c8:86:d6:59:f8:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateMutexW
TerminateThread
FlushInstructionCache
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
WritePrivateProfileStringW
GetVersionExW
DeleteFileW
Sleep
GetWindowsDirectoryW
CreateProcessW
GetCurrentThread
OpenProcess
CreateThread
GetFileSize
CreateFileA
SetProcessWorkingSetSize
GetPrivateProfileIntW
CreateFileW
GetModuleFileNameA
GetFileAttributesW
GetFileAttributesA
GetSystemTime
CreateEventW
SetThreadPriority
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
GetCurrentDirectoryW
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
FatalAppExitA
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
CreateDirectoryA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
OpenMutexW
WaitForSingleObject
OpenEventW
OpenFileMappingW
MapViewOfFile
SetEvent
ResetEvent
UnmapViewOfFile
MultiByteToWideChar
CloseHandle
ReleaseMutex
GetPrivateProfileStringW
lstrlenA
lstrlenW
GetLastError
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WideCharToMultiByte
QueryPerformanceCounter

user32

RegisterClassExW
CreateWindowExW
LoadCursorW
GetClassInfoExW
LoadAcceleratorsW
LoadMenuW
LoadStringW
RegisterWindowMessageW
LoadIconW
TranslateAcceleratorW
CallWindowProcW
DestroyWindow
CharNextW
PeekMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
SetWindowLongW
LoadImageW
GetMessageW
DestroyIcon
wsprintfW
GetSystemMetrics
WindowFromPoint
GetWindowThreadProcessId
KillTimer
SetTimer
ExitWindowsEx
GetCursorPos
SetForegroundWindow
PostMessageW
PtInRect
IsWindow
MessageBeep
GetSubMenu
TrackPopupMenu
TrackPopupMenuEx
SetWindowPos
LoadStringA
PostQuitMessage
SetFocus
SetMenuDefaultItem
SetMenuItemInfoW
MonitorFromPoint
GetMonitorInfoW
ModifyMenuW
DeleteMenu
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
CreatePopupMenu
InvalidateRect
GetWindowRect
MapWindowPoints
GetClientRect
SendMessageW
GetWindowLongW
UnregisterClassA

advapi32

GetTokenInformation
RegEnumKeyExW
RegCreateKeyW
RegSetValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegCloseKey

shell32

ExtractIconExW
ShellExecuteW
SHGetFolderPathA
SHGetFolderPathW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHBindToParent
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysStringLen
VarBstrCmp
SysFreeString
SysAllocString
VarUI4FromStr

shlwapi

PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
StrStrW
StrStrIW
AssocQueryStringW
UrlApplySchemeW
PathIsURLW
StrRetToBufW
PathFindExtensionW
UrlUnescapeW
UrlIsW
PathFileExistsW
PathCreateFromUrlW
StrCmpNIW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW

wininet

InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
HttpSendRequestW

Sections

.text
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kwsafe/kwsu.dat
kwsafe/kwsui.dll
.dll windows:4 windows x86 arch:x86

cb0045bb99e09b0a76bc52737049e89b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:4d:af:2f:aa:c3:68:73:80:a7:45:99:83:d1:57:96:30:15:14:36
Signer

Actual PE Digest

e0:4d:af:2f:aa:c3:68:73:80:a7:45:99:83:d1:57:96:30:15:14:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExW
GetModuleFileNameExA

kernel32

OpenFileMappingW
MapViewOfFile
OutputDebugStringA
GetCurrentProcess
TerminateThread
Sleep
GetCurrentProcessId
lstrcmpiW
MultiByteToWideChar
GetPrivateProfileStringW
GetCurrentThreadId
SetLastError
OpenProcess
FlushInstructionCache
FindResourceW
InitializeCriticalSection
SizeofResource
DeleteCriticalSection
LockResource
lstrlenA
LoadResource
CreateThread
RaiseException
InterlockedIncrement
FindResourceExW
ResumeThread
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
lstrcatW
GetTickCount
FreeLibrary
DeleteFileW
CreateEventW
WaitForMultipleObjects
GetCurrentDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryA
lstrcpyW
lstrcpynW
GetModuleHandleA
SetFilePointer
ReadFile
CreateFileW
GetSystemInfo
CreateFileA
WriteFile
GetSystemTime
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
OpenEventW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateDirectoryA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
WaitForSingleObject
OpenMutexW
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetLastError
WideCharToMultiByte
GetVersionExW
ReleaseMutex
CloseHandle
UnmapViewOfFile
ResetEvent
SetEvent
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoW

user32

FindWindowExW
KillTimer
GetSystemMetrics
CreateWindowExA
UnregisterClassA
IsWindow
CallNextHookEx
GetParent
GetClassNameA
GetWindowTextA
EnumChildWindows
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
GetActiveWindow
TranslateMessage
IsWindowUnicode
DispatchMessageW
GetWindowLongW
GetWindowLongA
IsIconic
GetClassNameW
GetWindowTextW
EnumWindows
SetWindowLongW
DialogBoxParamW
RegisterClassExA
GetMessageA
FindWindowA
UpdateWindow
SendMessageA
FindWindowW
GetWindowRect
InSendMessage
PostMessageA
SetTimer
PostQuitMessage
ReplyMessage
CharLowerBuffW
LoadCursorW
UpdateLayeredWindow
MoveWindow
MonitorFromWindow
IsZoomed
SetWindowPos
PostMessageW
ShowWindow
RegisterClassExW
DefWindowProcW
GetCursorPos
GetMonitorInfoW
CreateWindowExW
PtInRect
SetWindowTextW
GetDlgItem
SendMessageW
EndDialog

gdi32

CreateRectRgn
CreateDIBSection
DeleteDC
PtInRegion
CreateCompatibleDC
DeleteObject
SelectObject

advapi32

RegQueryValueW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHBindToParent

ole32

CoUninitialize
CoTaskMemFree
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString

shlwapi

UrlIsW
StrCmpIW
PathAppendA
PathRemoveFileSpecW
PathAppendW
StrStrIA
StrStrIW
PathFileExistsW
PathUnquoteSpacesW
PathAddBackslashW
PathIsDirectoryW
PathFindExtensionW
PathCreateFromUrlW
StrCmpNIW
AssocQueryStringW
StrRetToBufW
PathIsURLW
UrlApplySchemeW
UrlUnescapeW
PathRemoveFileSpecA

wininet

InternetSetOptionW
InternetOpenW
InternetCloseHandle
InternetSetOptionA
InternetCrackUrlA
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestW
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlW

winmm

timeSetEvent

Exports

Exports

DllGetClassObject
DoDisplayLog
GetClassObject
GetHookStatus
SetWindowStyle
Startup
Stop

Sections

.text
Size: 344KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/kxestat.dll
.dll windows:4 windows x86 arch:x86

a91f3a88c1c411598184aef99e818a37

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:88:bc:10:51:c2:70:00:e6:fd:2f:a7:69:5f:bd:ab:63:ef:9d:07
Signer

Actual PE Digest

a4:88:bc:10:51:c2:70:00:e6:fd:2f:a7:69:5f:bd:ab:63:ef:9d:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
ReadFile
GetSystemDirectoryA
LoadLibraryA
FindFirstFileW
FindClose
SetEvent
MoveFileExW
CreateDirectoryW
HeapAlloc
CreateEventW
HeapFree
HeapReAlloc
GetLastError
LoadResource
GetModuleFileNameW
LockResource
SizeofResource
GetProcessHeap
FindResourceW
WriteFile
FindResourceExW
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
GetProcAddress
SetFilePointer
FreeLibrary
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
ReleaseMutex
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
ResetEvent
WaitForSingleObject
GetThreadLocale
LocalFree
LoadLibraryW
lstrcpynA
GetVersion
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
RtlUnwind
GetTimeZoneInformation
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysFreeString
SysAllocString

shlwapi

PathAppendW

ws2_32

WSAGetOverlappedResult
WSASend
WSAResetEvent
WSAEnumNetworkEvents
WSAEventSelect
WSASocketW
WSARecv
closesocket
WSACreateEvent
WSACleanup
WSAGetLastError
gethostbyname
htons
WSACloseEvent
inet_addr
getservbyname
htonl
inet_ntoa
ntohs
getservbyport
WSASetEvent
WSASetLastError
gethostbyaddr
WSAStartup
WSAConnect

iphlpapi

GetAdaptersInfo

user32

UnregisterClassA

Exports

Exports

GetUUID
KSDllCanUnloadNow
KSDllGetClassCount
KSDllGetClassInfo
KSDllGetClassObject

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kwsafe/license.txt
kwsafe/ver.dat

Sharing

General

Malware Config

Signatures

Files

a1575143c7276d23e65a1698d2158da9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

6b:8d:d5:18:b6:0b:38:d2:eb:cd:9a:25:d1:19:53:ef:47:ea:81:93Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

wtsapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 26KB

266eab2d73d7d6538391b96e3dd9c36e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6bCertificate

Extended Key Usages

Key Usages

46:10:fc:0b:2d:11:d9:ee:16:2f:d6:f9:5e:c7:96:a1:e0:44:2c:1aSigner

Headers

File Characteristics

Imports

kernel32

user32

ole32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 9KB

f9a9c3ee3c89d55726974153e595d014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

1c:a2:1b:88:26:63:a4:1d:0d:02:57:8c:30:67:d9:ce:de:aa:fe:50Signer

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

6b:8d:d5:18:b6:0b:38:d2:eb:cd:9a:25:d1:19:53:ef:47:ea:81:93
Signer

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 26KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

46:10:fc:0b:2d:11:d9:ee:16:2f:d6:f9:5e:c7:96:a1:e0:44:2c:1a
Signer

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

1c:a2:1b:88:26:63:a4:1d:0d:02:57:8c:30:67:d9:ce:de:aa:fe:50
Signer

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1020B

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 316KB - Virtual size: 312KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 76KB - Virtual size: 73KB

.reloc
Size: 28KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

e0:4f:60:59:77:3a:75:c7:04:1e:c1:aa:df:ff:58:b4:d7:55:7c:fb
Signer