webplugin[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

webplugin.exe
Size

1.1MB
MD5

5a45a2c170f7a8f07e4d5419b69da048
SHA1

b47e6208ebcb3eb8d04c941e928fbfa41cd7788d
SHA256

00a335cde65791e3719de418faf476ddbec496fe044b57b0efb99e3330c0c830
SHA512

1cf1a815a9d9e53743752a04e934d86365b40a9ed42473e0bfb2d798fdf2a1305d79b7a8e5ea4f7dd1998161bf87e48e05112b2907cd19c8fe934233f004220d
SSDEEP

24576:qsFofXKRB1bL4MdO8PKq4AXinPmgwsjDxUu8AZGzg76ERJ3A7FieEAx8UyK4l7u6:7FoPYxQnPmgw6xULAEEAoeDxqK27Pcbm

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

webplugin.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:5f:92:13:ce:e5:e6:bf:25:a0:b9:eb:da:02:36:0e:30:93:a9:28:0a:21:5f:58:87:ce:d9:1d:bb:65:64:5b
Signer

Actual PE Digest

62:5f:92:13:ce:e5:e6:bf:25:a0:b9:eb:da:02:36:0e:30:93:a9:28:0a:21:5f:58:87:ce:d9:1d:bb:65:64:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DHSurveillanceDll.dll
.dll windows:4 windows x86 arch:x86

23119d8d1f578fcfcc7c3e0738c8561f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:98:dd:0f:af:cb:a4:7f:e3:0b:79:bb:15:29:45:c0:11:55:c0:d2:40:0a:44:76:81:53:cb:74:e4:14:58:8c
Signer

Actual PE Digest

fa:98:dd:0f:af:cb:a4:7f:e3:0b:79:bb:15:29:45:c0:11:55:c0:d2:40:0a:44:76:81:53:cb:74:e4:14:58:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
CreateEventA
SetEvent
CreateSemaphoreA
ReleaseSemaphore
CreateThread
Sleep
MultiByteToWideChar
QueryPerformanceCounter
CreateDirectoryA
GetCurrentThreadId
DeleteFileA
GetLastError
GetProcAddress
FreeLibrary
GetModuleFileNameA
VirtualQuery
LoadLibraryExA
QueryPerformanceFrequency
WideCharToMultiByte
DisableThreadLibraryCalls

user32

MessageBoxA
GetWindowRect

gdi32

SetBkMode

shell32

ShellExecuteA

msvcrt

toupper
localtime
__dllonexit
_onexit
?terminate@@YAXXZ
free
_initterm
_adjust_fdiv
pow
strtok
printf
strstr
strchr
strncpy
atoi
rand
_access
strcpy
_mkdir
abs
fprintf
vsprintf
time
gmtime
ctime
sprintf
_ftol
strcmp
fseek
ftell
fread
fopen
_except_handler3
strlen
fclose
fwrite
fflush
__CxxFrameHandler
_purecall
malloc
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
sscanf
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
_iob
fputs
??0exception@@QAE@ABV0@@Z
_itoa
memset
strcat

msvcp60

?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??_7runtime_error@std@@6B@
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

dhnetsdk

ord157
ord133
ord2
ord24
ord175
ord28
ord27
ord119
ord25
ord102
ord73
ord215
ord525
ord63
ord20
ord88
ord169
ord26
ord92
ord395
ord91
ord195
ord196
ord1
ord127
ord7
ord557
ord170
ord168
ord473
ord474
ord6
ord74
ord98
ord93
ord90
ord96
ord97
ord99
ord120
ord83
ord95
ord202
ord217
ord76
ord75
ord32
ord12
ord33
ord203

ws2_32

socket
htons
inet_addr
connect
closesocket
send
recv
WSAStartup

Exports

Exports

GetTransModuleImp
LoadNeedLibrary
ReleaseTransImp
UnLoadNeedlibrary
_FileOperation_Check_Write@8
_FileOperation_Read@12
_FileOperation_Write@12
_PLAY_AddToPlayGroup@8
_PLAY_AdjustWaveAudio@8
_PLAY_CatchResizePic@20
_PLAY_ChooseAudio@12
_PLAY_CloseAudioRecord@0
_PLAY_CloseFile@4
_PLAY_ClosePlayGroup@4
_PLAY_CloseStream@4
_PLAY_ConvertToBmpFile@24
_PLAY_ConvertToBmpFileEx@28
_PLAY_DelFromPlayGroup@8
_PLAY_EnableLargePicAdjustment@8
_PLAY_Fast@4
_PLAY_FisheyeGetPosition@20
_PLAY_GetAudioChannels@8
_PLAY_GetAudioChooseState@12
_PLAY_GetBufferValue@8
_PLAY_GetColor@24
_PLAY_GetCurrentFrameRate@4
_PLAY_GetFileTime@4
_PLAY_GetFreePort@4
_PLAY_GetLastError@4
_PLAY_GetOverlayMode@4
_PLAY_GetPictureSize@12
_PLAY_GetPlayPos@4
_PLAY_GetPlayedFrames@4
_PLAY_GetPlayedTime@4
_PLAY_GetPlayedTimeEx@4
_PLAY_GetSourceBufferRemain@4
_PLAY_GetVolume@4
_PLAY_InputData@12
_PLAY_OneByOne@4
_PLAY_OneByOneBack@4
_PLAY_OpenAudioRecord@24
_PLAY_OpenFile@8
_PLAY_OpenPlayGroup@0
_PLAY_OpenStream@16
_PLAY_Pause@8
_PLAY_PausePlayGroup@8
_PLAY_Play@8
_PLAY_PlaySound@4
_PLAY_PlaySoundShare@4
_PLAY_QueryInfo@20
_PLAY_RefreshPlay@4
_PLAY_ReleasePort@4
_PLAY_ResetBuffer@8
_PLAY_ResetSourceBuffer@4
_PLAY_RigisterDrawFun@12
_PLAY_RigisterDrawFunEx@16
_PLAY_SeekPlayGroup@8
_PLAY_SetColor@24
_PLAY_SetDecCallBack@8
_PLAY_SetDelayTime@12
_PLAY_SetDisplayCallBack@12
_PLAY_SetDisplayRegion@20
_PLAY_SetEncTypeChangeCallBack@12
_PLAY_SetEncTypeChangeCallBackEx@12
_PLAY_SetFileEndCallBack@12
_PLAY_SetFishEyeInfoCallBack@12
_PLAY_SetIVSCallBack@12
_PLAY_SetOverlayMode@12
_PLAY_SetPicQuality@8
_PLAY_SetPlayDirection@8
_PLAY_SetPlayGroupDirection@8
_PLAY_SetPlayGroupSpeed@8
_PLAY_SetPlayMethod@20
_PLAY_SetPlayPos@8
_PLAY_SetPlaySpeed@8
_PLAY_SetPlayedTimeEx@8
_PLAY_SetSEnhanceMode@8
_PLAY_SetSecurityKey@12
_PLAY_SetStreamOpenMode@8
_PLAY_SetVisibleDecCallBack@12
_PLAY_SetVolume@8
_PLAY_SetWaterMarkCallBackEx@12
_PLAY_Slow@4
_PLAY_SplitProc@8
_PLAY_SplitProcUpdate@8
_PLAY_StartAVIConvert@16
_PLAY_StartDataRecord@12
_PLAY_StartFisheye@4
_PLAY_StepPlayGroup@4
_PLAY_Stop@4
_PLAY_StopAVIConvert@4
_PLAY_StopDataRecord@4
_PLAY_StopFisheye@4
_PLAY_StopSound@0
_PLAY_StopSoundShare@4
_PLAY_VerticalSyncEnable@8
_PLAY_WriteData@12

Sections

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileOperator.dll
.dll windows:4 windows x86 arch:x86

c82aacbbadbd5e95a3fb142f6050ddf8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9f:49:06:47:05:d6:68:f6:16:cc:24:1d:25:f2:69:66:05:ba:c8:5c:94:58:27:30:76:82:90:4c:61:c2:2d:17
Signer

Actual PE Digest

9f:49:06:47:05:d6:68:f6:16:cc:24:1d:25:f2:69:66:05:ba:c8:5c:94:58:27:30:76:82:90:4c:61:c2:2d:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord823
ord801
ord2818
ord317
ord860
ord4202
ord800
ord858
ord5710
ord541
ord535
ord540
ord1622
ord6143
ord2721
ord4698
ord926
ord6883
ord941
ord6781
ord939
ord2614
ord2065
ord6648
ord922
ord5683
ord2763
ord6663
ord4278
ord2764
ord5861
ord603
ord6404
ord273
ord353
ord5461
ord3169
ord503
ord537
ord2915
ord4079
ord2725
ord5302
ord5300
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord924
ord1578
ord600
ord826
ord269
ord4274

msvcrt

_iob
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_ftol
sscanf
sprintf
_except_handler3
?terminate@@YAXXZ
fputs
??0exception@@QAE@ABV0@@Z
strcmp
_purecall
_itoa
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
__CxxFrameHandler
strlen
memcpy
realloc
fseek
ftell
rewind
fread
memset
strstr
strchr
_mbscmp
fopen
fwrite
fclose
free

kernel32

GetModuleHandleW
LocalAlloc
LocalFree
OutputDebugStringA
LoadLibraryA
MoveFileExA
CloseHandle
GetFileSize
FreeLibrary
CreateFileA
GetSystemDirectoryA
LocalLock
LocalUnlock
GetProcAddress
GetModuleFileNameA

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7runtime_error@std@@6B@
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

user32

wsprintfA
MessageBoxA

Exports

Exports

FileOperation_Check_Write
FileOperation_Read
FileOperation_Write

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IvsDrawer.dll
.dll windows:4 windows x86 arch:x86

0d878e167535d3271ca8a9bfdb64bf26

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:b2:bd:25:1a:55:37:9b:be:e4:88:86:c6:81:05:aa:b5:3b:7a:a2:aa:19:e7:d9:d1:a5:79:62:87:a1:70:69
Signer

Actual PE Digest

ad:b2:bd:25:1a:55:37:9b:be:e4:88:86:c6:81:05:aa:b5:3b:7a:a2:aa:19:e7:d9:d1:a5:79:62:87:a1:70:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
LoadLibraryExA
InitializeCriticalSection
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

user32

DrawTextA
GetClientRect
GetWindowRect
FillRect

gdi32

LineTo
SetTextColor
CreateFontIndirectA
SelectObject
CreateBrushIndirect
TextOutA
DeleteObject
CreatePen
SetBkMode
GetBkMode
TextOutW
Polyline
MoveToEx

msvcp60

?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?nothrow@std@@3Unothrow_t@1@B
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

msvcrt

abs
_adjust_fdiv
_initterm
_onexit
__dllonexit
malloc
memset
memcpy
sprintf
__CxxFrameHandler
_ftol
??2@YAPAXI@Z
strcat
memcmp
strlen
_strlwr
strrchr
vsprintf
strncpy
strcmp
strcpy
atoi
gmtime
_purecall
sin
cos
atan2
sqrt
atan
free
_callnewh

Exports

Exports

DRAW_Clean
DRAW_Cleanup
DRAW_Close
DRAW_Draw
DRAW_GetLastError
DRAW_Idle
DRAW_InputAlarmData
DRAW_InputAlarmDataEx
DRAW_InputJpegData
DRAW_InputJsonData
DRAW_InputMoveCheckData
DRAW_InputRuleData
DRAW_InputTextData
DRAW_InputTrackData
DRAW_Ioctl
DRAW_Open
DRAW_Refresh
DRAW_Reset
DRAW_SetDrawOneTrackCallback
DRAW_SetEnable
DRAW_SetFrameNum
DRAW_SetLifeCount
DRAW_SetPen
DRAW_SetRuleTrackAlarm
DRAW_SetShowTrackType
DRAW_SetShowType
DRAW_SetTime
DRAW_Startup

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IvsLogic.dll
.dll windows:4 windows x86 arch:x86

1d9ecd10c0dc88e839b3c8e10253c9ff

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

83:48:dd:e6:6a:9c:d0:56:a2:84:23:3e:4f:e6:b1:96:25:a7:e4:1a:1f:b2:eb:4a:88:a8:d8:08:77:d1:8b:73
Signer

Actual PE Digest

83:48:dd:e6:6a:9c:d0:56:a2:84:23:3e:4f:e6:b1:96:25:a7:e4:1a:1f:b2:eb:4a:88:a8:d8:08:77:d1:8b:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ

msvcrt

sin
cos
atan
_ftol
sprintf
memset
??2@YAPAXI@Z
strlen
strncpy
__CxxFrameHandler
_purecall
abs
strcmp
memcpy
strcpy
atoi
free
malloc
_chkesp
_assert
??0exception@@QAE@ABV0@@Z
fputs
_iob
_CxxThrowException
sscanf
__dllonexit
_onexit
_initterm
_adjust_fdiv
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
fabs

Exports

Exports

CreateIvslogic
ReleaseIvsLogic

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Version.ini
VideoWindow.dll
.dll windows:4 windows x86 arch:x86

edee8991d2c931df76bab120c7610848

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a7:fa:81:c1:f7:33:dc:a7:eb:70:bb:12:cf:02:83:76:fa:4e:7f:5e:7c:02:06:43:c2:12:8f:d4:ad:5e:8a:f9
Signer

Actual PE Digest

a7:fa:81:c1:f7:33:dc:a7:eb:70:bb:12:cf:02:83:76:fa:4e:7f:5e:7c:02:06:43:c2:12:8f:d4:ad:5e:8a:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord825
ord3626
ord3663
ord2414
ord4275
ord860
ord2864
ord5981
ord2379
ord755
ord2915
ord2818
ord2859
ord470
ord665
ord1979
ord5442
ord3318
ord353
ord3693
ord472
ord4133
ord4297
ord5788
ord1641
ord2567
ord3619
ord5875
ord5787
ord2860
ord283
ord6170
ord1601
ord640
ord2405
ord2753
ord5785
ord1640
ord323
ord4220
ord2584
ord3654
ord540
ord2438
ord2078
ord6172
ord4299
ord6270
ord2863
ord1575
ord2642
ord1644
ord1146
ord4274
ord6375
ord4486
ord567
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord3573
ord6215
ord4287
ord4284
ord6880
ord1168
ord2575
ord3402
ord4396
ord3574
ord609
ord556
ord809
ord2754
ord3874
ord6358
ord1088
ord2122
ord1116
ord1176
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord823
ord537
ord6467
ord2124
ord818
ord800
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3571
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord2554

msvcrt

pow
memcpy
strcmp
sqrt
atan2
cos
sin
abs
_purecall
strlen
strcpy
_ftol
__CxxFrameHandler
memset
??0exception@@QAE@ABV0@@Z
fputs
_iob
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
fseek
fread
fopen
fwrite
fclose
strchr
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
sscanf
sprintf
_strlwr
?terminate@@YAXXZ
_except_handler3

kernel32

GetModuleHandleA
OutputDebugStringA
GetLastError
GlobalUnlock
GlobalAlloc
MultiByteToWideChar
MulDiv
GetCommandLineA
LocalFree
LocalAlloc
GetCurrentThreadId
GlobalLock

user32

LoadBitmapA
DeferWindowPos
InvalidateRect
SetCapture
GetWindowRect
GetFocus
ReleaseCapture
ScreenToClient
DrawTextA
ReleaseDC
FillRect
GetClientRect
GetDC
EnableWindow
CheckMenuItem
GetMenuState
GetCursorPos
GetSubMenu
LoadMenuA
GetParent
LoadImageA
CreatePopupMenu
GetCapture
WindowFromPoint
DrawEdge
DrawFocusRect
DestroyCursor
GetSysColor
InflateRect
PostMessageA
LoadCursorA
SetCursor
IsWindow
SendMessageA
CallNextHookEx
SetParent
SetWindowsHookExA
FindWindowA
ShowWindow
SetFocus
GetDesktopWindow
SetWindowPos
MoveWindow
CopyRect
BeginDeferWindowPos
EndDeferWindowPos
UnhookWindowsHookEx
AppendMenuA
ClientToScreen

gdi32

SetBkMode
CreateFontIndirectA
BitBlt
CreateCompatibleDC
GetObjectA
SelectObject
CreateSolidBrush
ExtCreatePen
SetTextColor
CreateFontA
Rectangle
GetStockObject
Ellipse
GetTextExtentPoint32A
GetPixel
TextOutW
TextOutA
CreatePen
DeleteObject
StretchBlt
GetTextMetricsA
ExtTextOutA
CreateICA
CreateDIBSection
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps

comctl32

_TrackMouseEvent

ole32

CreateStreamOnHGlobal

olepro32

ord251

oleaut32

SysStringLen
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipLoadImageFromFile
GdipDrawImageRectI
GdipDisposeImage
GdipCreateSolidFill
GdipFree
GdipCloneBrush
GdipAlloc
GdipCreateFromHDC
GdipDeleteBrush
GdipDeleteGraphics
GdipFillPolygonI

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??_7runtime_error@std@@6B@
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0Init@ios_base@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

winmm

timeGetTime

Exports

Exports

CreateVideoWindow
ReleaseVideoWindow

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dhnetsdk.dll
.dll windows:4 windows x86 arch:x86

262ba0416b07ca1265f0fb70186875a4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:cf:d5:b6:5e:c1:72:34:61:3c:50:57:42:b0:9d:46:4f:2d:f1:6c:06:69:ad:9c:58:6f:9f:32:54:6c:78:21
Signer

Actual PE Digest

7e:cf:d5:b6:5e:c1:72:34:61:3c:50:57:42:b0:9d:46:4f:2d:f1:6c:06:69:ad:9c:58:6f:9f:32:54:6c:78:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSASocketA
WSAJoinLeaf
accept
listen
select
__WSAFDIsSet
getsockopt
getsockname
socket
setsockopt
bind
ioctlsocket
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSACleanup
WSAStartup
getservbyport
gethostbyaddr
gethostbyname
WSAGetLastError
getservbyname
htonl
connect
htons
closesocket
ntohs
inet_addr
inet_ntoa

msvcp60

??0_Lockit@std@@QAE@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1_Lockit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?nothrow@std@@3Unothrow_t@1@B
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

winmm

timeBeginPeriod

msvcrt

strcmp
ftell
fseek
fopen
fclose
_stricmp
atoi
strcpy
strstr
atof
pow
sprintf
strcat
_access
strncpy
_strlwr
memcmp
strtok
_CxxThrowException
??8type_info@@QBEHABV0@@Z
fflush
fwrite
_snprintf
memmove
malloc
free
_purecall
_assert
strchr
gmtime
mktime
_beginthreadex
_vsnprintf
localtime
_strupr
atol
wcslen
wcscmp
wcscpy
strrchr
fprintf
_errno
printf
vswprintf
strerror
time
strtoul
calloc
_callnewh
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_ftol
memcpy
__CxxFrameHandler
memset
strlen
strncmp
_unlink
_mkdir
??2@YAPAXI@Z
sscanf

kernel32

DeleteCriticalSection
GetLastError
GetCurrentThreadId
WaitForMultipleObjects
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
CopyFileA
GetCurrentProcessId
GetLocalTime
LoadLibraryA
SystemTimeToFileTime
CompareFileTime
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetTickCount
TerminateThread
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
CloseHandle
OutputDebugStringA
GetModuleFileNameA
LoadLibraryExA
GetProcAddress
FreeLibrary
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

Exports

Exports

?LogOneTraceOutAll@@YGXW4E_LOG_LEVEL@@HPBDH1AAPAD@Z
?LogOneTraceOutAllW@@YGXW4E_LOG_LEVEL@@HPBDHPBGAAPAD@Z
?LogOneTraceOutW@@YGXHPBGAAPAD@Z
?LogOne_SetFileCount@@YGXH@Z
?LogOne_SetMaxSizeKB@@YGXH@Z
?LogOne_SetPrintLevel@@YGXW4E_LOG_LEVEL@@@Z
?LogOne_SetPrintStrategy@@YGXH@Z
CLIENT_AddMission
CLIENT_AddRecordBackupRestoreTask
CLIENT_AddTourCombin
CLIENT_AddVideoSynopsisTask
CLIENT_AdjustFluency
CLIENT_AlarmReset
CLIENT_AttachAddFileState
CLIENT_AttachAnalogAlarmData
CLIENT_AttachBurnCase
CLIENT_AttachBurnCheckState
CLIENT_AttachBurnDevState
CLIENT_AttachBurnState
CLIENT_AttachBusState
CLIENT_AttachCAN
CLIENT_AttachCameraState
CLIENT_AttachCarPassInfo
CLIENT_AttachDevComm
CLIENT_AttachFaceFindState
CLIENT_AttachHeatMapRawStream
CLIENT_AttachLanesState
CLIENT_AttachLowRateWPAN
CLIENT_AttachMasterSlaveGroup
CLIENT_AttachMission
CLIENT_AttachPTZStatusProc
CLIENT_AttachParkingSpaceData
CLIENT_AttachPosTrade
CLIENT_AttachRecordInfo
CLIENT_AttachRecordUpdater
CLIENT_AttachRemoteCameraState
CLIENT_AttachSplitTour
CLIENT_AttachTalkState
CLIENT_AttachTransmitInfo
CLIENT_AttachUavFly
CLIENT_AttachVTPCallState
CLIENT_AttachVideoAnalyseState
CLIENT_AttachVideoStatSummary
CLIENT_AttachViewRangeState
CLIENT_AudioBroadcastAddDev
CLIENT_AudioBroadcastDelDev
CLIENT_AudioDec
CLIENT_AudioDecEx
CLIENT_AudioEncode
CLIENT_BurnChangeDisk
CLIENT_BurnGetState
CLIENT_BurnMarkTag
CLIENT_BusConfirmEvent
CLIENT_BusSchedule
CLIENT_CapturePicture
CLIENT_CapturePictureEx
CLIENT_CheckBusLine
CLIENT_Cleanup
CLIENT_ClearRepeatEnter
CLIENT_ClientGetVideoEffect
CLIENT_ClientSetVideoEffect
CLIENT_CloseRegConnect
CLIENT_CloseSound
CLIENT_CloseSplitWindow
CLIENT_ConnectCloudService
CLIENT_ControlCabinLED
CLIENT_ControlConnectServer
CLIENT_ControlDevice
CLIENT_ControlDeviceEx
CLIENT_ControlDisconnectRegServer
CLIENT_ControlIntelliTracker
CLIENT_ControlRegisterServer
CLIENT_ControlSpecialDevice
CLIENT_CreateRemoteFile
CLIENT_CreateTransComChannel
CLIENT_CtrlDecPlayback
CLIENT_CtrlDecTVScreen
CLIENT_CtrlDecoderTour
CLIENT_DHPTZControl
CLIENT_DHPTZControlEx
CLIENT_DHPTZControlEx2
CLIENT_DecTVPlayback
CLIENT_DelMobilePushNotify
CLIENT_DelMobilePushNotifyCfg
CLIENT_DelTourCombin
CLIENT_DeleteDevConfig
CLIENT_DeleteSplitCollection
CLIENT_DestroyTransComChannel
CLIENT_DetachAddFileState
CLIENT_DetachAnalogAlarmData
CLIENT_DetachBurnCase
CLIENT_DetachBurnCheckState
CLIENT_DetachBurnDevState
CLIENT_DetachBurnState
CLIENT_DetachBusState
CLIENT_DetachCAN
CLIENT_DetachCameraState
CLIENT_DetachCarPassInfo
CLIENT_DetachDevComm
CLIENT_DetachFaceFindState
CLIENT_DetachHeatMapRawStream
CLIENT_DetachLanesState
CLIENT_DetachLowRateWPAN
CLIENT_DetachMasterSlaveGroup
CLIENT_DetachMission
CLIENT_DetachPTZStatusProc
CLIENT_DetachParkingSpaceData
CLIENT_DetachPosTrade
CLIENT_DetachRecordInfo
CLIENT_DetachRecordUpdater
CLIENT_DetachRemoteCameraState
CLIENT_DetachSplitTour
CLIENT_DetachTalkState
CLIENT_DetachTransmitInfo
CLIENT_DetachUavFly
CLIENT_DetachVTPCallState
CLIENT_DetachVideoAnalyseState
CLIENT_DetachVideoStatSummary
CLIENT_DetachViewRangeState
CLIENT_DetectFace
CLIENT_DevSpecialCtrl
CLIENT_DispatchBusLineInfo
CLIENT_DispatchWorkPlan
CLIENT_DoFind
CLIENT_DoFindDiagnosisResult
CLIENT_DoFindFaceRecognition
CLIENT_DoFindFluxStat
CLIENT_DoFindNumberStat
CLIENT_DoFindSCADA
CLIENT_DownLoadMultiFile
CLIENT_DownLoadSynosisFile
CLIENT_DownloadByRecordFile
CLIENT_DownloadByRecordFileEx
CLIENT_DownloadByRecordFileEx2
CLIENT_DownloadByTime
CLIENT_DownloadByTimeEx
CLIENT_DownloadByTimeEx2
CLIENT_DownloadMediaFile
CLIENT_DownloadRemoteFile
CLIENT_EnumVideoOutModes
CLIENT_ExChangeData
CLIENT_ExportConfigFile
CLIENT_ExportConfigFileJson
CLIENT_FaceRecognitionSetSearchImageInfo
CLIENT_FastPlayBack
CLIENT_FileStreamMotionMatch
CLIENT_FileTransmit
CLIENT_FindClose
CLIENT_FindCloseEx
CLIENT_FindFile
CLIENT_FindFileEx
CLIENT_FindFrameInfo
CLIENT_FindFrameInfoClose
CLIENT_FindGroupInfo
CLIENT_FindNextFile
CLIENT_FindNextFileEx
CLIENT_FindNextFrameInfo
CLIENT_FindNextRecord
CLIENT_FindNextSynopsisFile
CLIENT_FindRecord
CLIENT_FindRecordClose
CLIENT_FindSynopsisFile
CLIENT_FocusControl
CLIENT_FramCotrolPlayBackByRecordFile
CLIENT_FramCotrolPlayBackByTime
CLIENT_GetBitmap
CLIENT_GetCapsuleHumanNum
CLIENT_GetCapsuleLockState
CLIENT_GetCarPortLightStatus
CLIENT_GetDEVWorkState
CLIENT_GetDVRIPByResolveSvr
CLIENT_GetDecLayOutEnable
CLIENT_GetDecodePolicy
CLIENT_GetDefenceArmMode
CLIENT_GetDevCaps
CLIENT_GetDevConfig
CLIENT_GetDevicePosition
CLIENT_GetDisplayMode
CLIENT_GetDownloadPos
CLIENT_GetEncodePlan
CLIENT_GetExModuleState
CLIENT_GetFileByTime
CLIENT_GetFramePlayBack
CLIENT_GetHADTStatus
CLIENT_GetHCDZCaps
CLIENT_GetHCDZInfo
CLIENT_GetISCSITargets
CLIENT_GetLastError
CLIENT_GetMarkInfo
CLIENT_GetMatrixTree
CLIENT_GetMemberNames
CLIENT_GetMonitorWallCollections
CLIENT_GetNewDevConfig
CLIENT_GetNewDevConfigForWeb
CLIENT_GetOperatorName
CLIENT_GetParkingSpaceStatus
CLIENT_GetPicJPEG
CLIENT_GetPlatFormInfo
CLIENT_GetPlayBackOsdTime
CLIENT_GetPlayBackPort
CLIENT_GetPtzOptAttr
CLIENT_GetRealPlayPort
CLIENT_GetSDKVersion
CLIENT_GetSelfCheckInfo
CLIENT_GetSimCardFlux
CLIENT_GetSnifferInfo
CLIENT_GetSplitAudioOuput
CLIENT_GetSplitCaps
CLIENT_GetSplitCollections
CLIENT_GetSplitGroupCount
CLIENT_GetSplitMode
CLIENT_GetSplitOSD
CLIENT_GetSplitOSDEx
CLIENT_GetSplitSource
CLIENT_GetSplitWindowRect
CLIENT_GetSplitWindowsInfo
CLIENT_GetStatiscFlux
CLIENT_GetStorageDeviceInfo
CLIENT_GetStorageDeviceNames
CLIENT_GetSubSystemArmMode
CLIENT_GetSuperiorMatrixList
CLIENT_GetTotalFileCount
CLIENT_GetTourSource
CLIENT_GetVideoInCaps
CLIENT_GetVideoOutCaps
CLIENT_IOControl
CLIENT_ImportConfigFile
CLIENT_ImportConfigFileJson
CLIENT_Init
CLIENT_InitAudioEncode
CLIENT_InitEx
CLIENT_InsertAccessControlCards
CLIENT_ListRemoteFile
CLIENT_ListenServer
CLIENT_LoadMonitorWallCollection
CLIENT_LoadOffLineFile
CLIENT_LoadSplitCollection
CLIENT_LogClose
CLIENT_LogOpen
CLIENT_Login
CLIENT_LoginEx
CLIENT_LoginEx2
CLIENT_Logout
CLIENT_MakeKeyFrame
CLIENT_ManualCheckPSTN
CLIENT_MatrixAddCameras
CLIENT_MatrixAddCamerasByDevice
CLIENT_MatrixGetCameras
CLIENT_MatrixSearch
CLIENT_MatrixSetCameras
CLIENT_MatrixSwitch
CLIENT_ModifyDevice
CLIENT_MonitorWallAttachTour
CLIENT_MonitorWallAutoAdjust
CLIENT_MonitorWallDetachTour
CLIENT_MonitorWallGetAttributeCaps
CLIENT_MonitorWallGetBackgroudColor
CLIENT_MonitorWallGetPowerSchedule
CLIENT_MonitorWallGetScene
CLIENT_MonitorWallGetScrnCtrlParam
CLIENT_MonitorWallSetAttribute
CLIENT_MonitorWallSetBackLight
CLIENT_MonitorWallSetBackgroudColor
CLIENT_MonitorWallSetPowerSchedule
CLIENT_MonitorWallSetScene
CLIENT_MonitorWallSetScrnCtrlParam
CLIENT_MonitorWallSwitchDisplaySignal
CLIENT_MultiPlay
CLIENT_MultiPlayBack
CLIENT_MultiRealPlay
CLIENT_NetStorageAttachWriteInfo
CLIENT_NetStorageDetachWriteInfo
CLIENT_NetStorageGetWriteInfo
CLIENT_NormalPlayBack
CLIENT_OpenSound
CLIENT_OpenSplitWindow
CLIENT_OperateCommDevice
CLIENT_OperateFaceRecognitionDB
CLIENT_OperateFaceRecognitionGroup
CLIENT_OperateMasterSlaveDevice
CLIENT_OperateMasterSlaveGroup
CLIENT_OperateMonitorWall
CLIENT_OperateRaid
CLIENT_OperateSplit
CLIENT_OperateSplitPlayer
CLIENT_OperateTrafficList
CLIENT_OperateUserInfo
CLIENT_OperateUserInfoEx
CLIENT_OperateUserInfoNew
CLIENT_OperateVideoAnalyseDevice
CLIENT_OperateVideoJoin
CLIENT_OrganizationAddNodes
CLIENT_OrganizationDeleteNodes
CLIENT_OrganizationGetNodes
CLIENT_OrganizationSetNode
CLIENT_PTZCmdSendIntervalTime
CLIENT_PTZControl
CLIENT_ParkingControlAttachParkInfo
CLIENT_ParkingControlAttachRecord
CLIENT_ParkingControlDetachParkInfo
CLIENT_ParkingControlDetachRecord
CLIENT_ParkingControlDoFind
CLIENT_ParkingControlStartFind
CLIENT_ParkingControlStopFind
CLIENT_PauseBurn
CLIENT_PauseLoadPic
CLIENT_PausePlayBack
CLIENT_PauseVideoSynopsisTask
CLIENT_PlayAudioFile
CLIENT_PlayBackByRecordFile
CLIENT_PlayBackByRecordFileEx
CLIENT_PlayBackByRecordFileProxy
CLIENT_PlayBackBySynopsisFile
CLIENT_PlayBackByTime
CLIENT_PlayBackByTimeEx
CLIENT_PlayBackByTimeEx2
CLIENT_PlayBackByTimeProxy
CLIENT_PlayBackControl
CLIENT_PlayBackControlDirection
CLIENT_PlayEnableLargePicAdjustment
CLIENT_PowerControl
CLIENT_PreHandleVideoSynopsisTask
CLIENT_QueryChannelName
CLIENT_QueryComProtocol
CLIENT_QueryConfig
CLIENT_QueryControlRegServerInfo
CLIENT_QueryDecChannelFlux
CLIENT_QueryDecEncoderInfo
CLIENT_QueryDecoderInfo
CLIENT_QueryDecoderTVInfo
CLIENT_QueryDecoderTour
CLIENT_QueryDevInfo
CLIENT_QueryDevLogCount
CLIENT_QueryDevState
CLIENT_QueryDeviceLog
CLIENT_QueryDeviceTime
CLIENT_QueryEtherNetInfo
CLIENT_QueryExtraRecordState
CLIENT_QueryFurthestRecordTime
CLIENT_QueryGPSLog
CLIENT_QueryIOControlState
CLIENT_QueryLog
CLIENT_QueryLogCallback
CLIENT_QueryLogEx
CLIENT_QueryMatrixCardInfo
CLIENT_QueryNetStat
CLIENT_QueryNewSystemInfo
CLIENT_QueryNextLog
CLIENT_QueryProductionDefinition
CLIENT_QueryRecordBackupRestoreTask
CLIENT_QueryRecordCount
CLIENT_QueryRecordFile
CLIENT_QueryRecordState
CLIENT_QueryRecordStatus
CLIENT_QueryRecordTime
CLIENT_QueryRemotDevState
CLIENT_QueryRpcMethod
CLIENT_QuerySystemInfo
CLIENT_QuerySystemStatus
CLIENT_QueryTourCombin
CLIENT_QueryTransComParams
CLIENT_QueryUserInfo
CLIENT_QueryUserInfoEx
CLIENT_QueryUserInfoNew
CLIENT_QueryVideoOutWindows
CLIENT_QueryVideoSynopsisInfo
CLIENT_QuickQueryRecordFile
CLIENT_RPC_NetApp
CLIENT_RadiometryAttach
CLIENT_RadiometryDataParse
CLIENT_RadiometryDetach
CLIENT_RadiometryFetch
CLIENT_RealLoadObjectData
CLIENT_RealLoadPicture
CLIENT_RealLoadPictureEx
CLIENT_RealLoadSynopsisState
CLIENT_RealPlay
CLIENT_RealPlayEx
CLIENT_RebootDev
CLIENT_RecMngCtrlMpt300
CLIENT_RecordStart
CLIENT_RecordStartEx
CLIENT_RecordStop
CLIENT_RecordStopEx
CLIENT_ReleaseAudioEncode
CLIENT_RemoveRecordBackupRestoreTask
CLIENT_RemoveRemoteFiles
CLIENT_RemoveVideoSynopsisTask
CLIENT_RenameMonitorWallCollection
CLIENT_RenameRemoteFile
CLIENT_RenameSplitCollection
CLIENT_Reset
CLIENT_ResponseDevReg
CLIENT_RigisterDrawFun
CLIENT_RunVideoSynopsisTask
CLIENT_SCADAAlarmAttachInfo
CLIENT_SCADAAlarmDetachInfo
CLIENT_SCADAAttachInfo
CLIENT_SCADADetachInfo
CLIENT_SCADAGetThreshold
CLIENT_SCADASetInfo
CLIENT_SCADASetThreshold
CLIENT_SaveMonitorWallCollection
CLIENT_SaveRealData
CLIENT_SaveSplitCollection
CLIENT_SearchDevices
CLIENT_SearchDevicesByIPs
CLIENT_SeekPlayBack
CLIENT_SelectLockToUpdate
CLIENT_SendCAN
CLIENT_SendFileBurned
CLIENT_SendNotifyToDev
CLIENT_SendTalkData_Custom
CLIENT_SendTransComData
CLIENT_SendUpgrade
CLIENT_SetAlarmOut
CLIENT_SetAudioClientVolume
CLIENT_SetAutoReconnect
CLIENT_SetCarPortLightStatus
CLIENT_SetConnectTime
CLIENT_SetDVRMessCallBack
CLIENT_SetDVRMessCallBackEx1
CLIENT_SetDecLayOutEnable
CLIENT_SetDecPlaybackPos
CLIENT_SetDecTVOutEnable
CLIENT_SetDecodePolicy
CLIENT_SetDecoderTour
CLIENT_SetDefenceArmMode
CLIENT_SetDevConfig
CLIENT_SetDeviceMode
CLIENT_SetDevicePosition
CLIENT_SetDeviceSearchParam
CLIENT_SetDisplayMode
CLIENT_SetDisplayRegion
CLIENT_SetDoorWorkMode
CLIENT_SetFileAttribute
CLIENT_SetFilePathInfo
CLIENT_SetFindingJumpOption
CLIENT_SetFramePlayBack
CLIENT_SetGroupInfoForChannel
CLIENT_SetIVSServerAnalyseResult
CLIENT_SetMarkFile
CLIENT_SetMarkFileByTime
CLIENT_SetMaxFlux
CLIENT_SetMobilePushNotify
CLIENT_SetMobilePushNotifyCfg
CLIENT_SetNetworkParam
CLIENT_SetNewDevConfig
CLIENT_SetNewDevConfigForWeb
CLIENT_SetOperateCallBack
CLIENT_SetOptimizeMode
CLIENT_SetPlatFormInfo
CLIENT_SetPlayMethod
CLIENT_SetPlaybackYUVCallBack
CLIENT_SetPlayerBufNumber
CLIENT_SetRealDataCallBack
CLIENT_SetRealDataCallBackEx
CLIENT_SetSecurityKey
CLIENT_SetSnapRevCallBack
CLIENT_SetSplitAudioOuput
CLIENT_SetSplitMode
CLIENT_SetSplitOSD
CLIENT_SetSplitOSDEx
CLIENT_SetSplitSource
CLIENT_SetSplitSourceEx
CLIENT_SetSplitTopWindow
CLIENT_SetSplitWindowRect
CLIENT_SetSubSystemArmMode
CLIENT_SetSubconnCallBack
CLIENT_SetSubcribeGPSCallBack
CLIENT_SetSubcribeGPSCallBackEX
CLIENT_SetSubcribeGPSTHCallBack
CLIENT_SetTourCombin
CLIENT_SetTourSource
CLIENT_SetVideoOutOption
CLIENT_SetVolume
CLIENT_SetupChannelName
CLIENT_SetupChannelOsdString
CLIENT_SetupConfig
CLIENT_SetupDeviceTime
CLIENT_SetupExtraRecordState
CLIENT_SetupRecordState
CLIENT_ShutDownDev
CLIENT_SlowPlayBack
CLIENT_SmartSearchPlayBack
CLIENT_SnapManagerConfirmUpload
CLIENT_SnapPicture
CLIENT_SnapPictureByEvent
CLIENT_SnapPictureEx
CLIENT_SnapPictureToFile
CLIENT_SplitSetMultiSource
CLIENT_StartAsynRealPlay
CLIENT_StartBurn
CLIENT_StartBurnSession
CLIENT_StartEIS
CLIENT_StartFind
CLIENT_StartFindDiagnosisResult
CLIENT_StartFindFaceRecognition
CLIENT_StartFindFluxStat
CLIENT_StartFindNumberStat

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dhplay.dll
.dll windows:4 windows x86 arch:x86

6e92ef493c80f2ed90359631c8fbfc7f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8a:9f:51:2e:c0:53:bf:16:f5:b6:19:2c:32:a9:eb:bf:e3:fa:3e:62:ee:b5:9b:ea:1c:74:e3:2f:f5:cd:18:14
Signer

Actual PE Digest

8a:9f:51:2e:c0:53:bf:16:f5:b6:19:2c:32:a9:eb:bf:e3:fa:3e:62:ee:b5:9b:ea:1c:74:e3:2f:f5:cd:18:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
GetSystemInfo
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetTickCount
LoadLibraryExA
GetProcAddress
GetModuleFileNameA
SystemTimeToFileTime
GetLocalTime
Sleep
CreateThread
CreateFileMappingA
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
GetModuleHandleA
lstrcpyA
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
SetFilePointer
ReadFile
WriteFile
CreateFileA
GetDiskFreeSpaceExA
GetCurrentDirectoryA
FindFirstFileA
DeleteFileA
TerminateThread
FindClose
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileAttributesA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
CreateDirectoryA
InterlockedDecrement
InterlockedIncrement
GetLastError
SetEvent
WaitForSingleObject
ReleaseMutex
CreateEventA
CreateMutexA
CloseHandle
RtlUnwind
RaiseException
HeapAlloc
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetCommandLineA
GetVersion
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WideCharToMultiByte
GetTimeZoneInformation
SetUnhandledExceptionFilter
ExitProcess
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetFullPathNameA

user32

IsWindow
PostMessageA
ClientToScreen
ReleaseDC
GetDC
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetClientRect

gdi32

CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
SetStretchBltMode
StretchDIBits
StretchBlt
DeleteObject

winmm

waveOutSetVolume
waveOutOpen
waveOutGetVolume
waveOutReset
waveInReset
waveOutGetPosition
waveOutUnprepareHeader
waveOutPrepareHeader
timeGetTime
timeBeginPeriod
waveInAddBuffer
waveInStart
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInStop
waveOutClose
waveOutWrite

d3d9

Direct3DCreate9

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

avifil32

AVIStreamSetFormat
AVIStreamWrite
AVIFileExit
AVIStreamRelease
AVIFileRelease
AVIFileInit
AVIFileOpenA
AVIFileCreateStreamA

Exports

Exports

?PLAY_CloseYuvRender@@YGHH@Z
?PLAY_OpenYuvRender@@YGHHPAUHWND__@@P6GXHPAUHDC__@@@Z@Z
?PLAY_OutsideRender@@YGHJHHHHI@Z
?PLAY_RenderYuv@@YGHHPAE00HH@Z
PLAY_AddToPlayGroup
PLAY_AdjustFluency
PLAY_AdjustWaveAudio
PLAY_Back
PLAY_BackOne
PLAY_CatchPic
PLAY_CatchPicEx
PLAY_CatchResizePic
PLAY_ChangeRate
PLAY_CheckHWDecEnv
PLAY_ChooseAudio
PLAY_ChooseFrame
PLAY_CloseAudioRecord
PLAY_CloseFile
PLAY_ClosePlayGroup
PLAY_CloseStream
PLAY_CloseStreamEx
PLAY_ConvertToBmpFile
PLAY_ConvertToBmpFileEx
PLAY_ConvertToJpegFile
PLAY_CreateFile
PLAY_CreateStream
PLAY_CutFileSegment
PLAY_DelFromPlayGroup
PLAY_DestroyFile
PLAY_DestroyStream
PLAY_EnableAudioChannel
PLAY_EnableLargePicAdjustment
PLAY_EnableRecitfy
PLAY_Fast
PLAY_FisheyeEptzUpdate
PLAY_FisheyeGetPosition
PLAY_FisheyeSecondRegion
PLAY_FisheyeTrancFormCoordinate
PLAY_FisheyeTrancFormCurve
PLAY_FisheyeTrancFormTrackFrame
PLAY_FormatDisk
PLAY_GetAudioChannels
PLAY_GetAudioChooseState
PLAY_GetAudioRecScaling
PLAY_GetAudioRenderScaling
PLAY_GetBufferValue
PLAY_GetCaps
PLAY_GetCapsEx
PLAY_GetColor
PLAY_GetColorKey
PLAY_GetCurrentFrameNum
PLAY_GetCurrentFrameRate
PLAY_GetCurrentFrameRateEx
PLAY_GetDDrawDeviceInfo
PLAY_GetDDrawDeviceTotalNums
PLAY_GetDisplayBuf
PLAY_GetDisplayType
PLAY_GetFileHeadLength
PLAY_GetFileTime
PLAY_GetFileTotalFrames
PLAY_GetFreePort
PLAY_GetIRefValue
PLAY_GetKeyFramePos
PLAY_GetKeyFramePosByAbsTime
PLAY_GetLastError
PLAY_GetLastYUVFrame
PLAY_GetMDPosition
PLAY_GetNextKeyFramePos
PLAY_GetNextKeyFramePosByAbsTime
PLAY_GetOverlayMode
PLAY_GetPicBMP
PLAY_GetPicBMPEx
PLAY_GetPicJPEG
PLAY_GetPicTIFF
PLAY_GetPictureQuality
PLAY_GetPictureSize
PLAY_GetPlayPos
PLAY_GetPlayedFrames
PLAY_GetPlayedTime
PLAY_GetPlayedTimeEx
PLAY_GetRealFrameBitRate
PLAY_GetRefValue
PLAY_GetSdkVersion
PLAY_GetSourceBufferRemain
PLAY_GetStreamOpenMode
PLAY_GetTimePicture
PLAY_GetTimerType
PLAY_GetVideoPerTimer
PLAY_GetVolume
PLAY_InitDDraw
PLAY_InitDDrawDevice
PLAY_InitDisk
PLAY_InitThirdPartyLibrary
PLAY_InputAudioData
PLAY_InputData
PLAY_InputVideoData
PLAY_OldFisheyeEptzUpdate
PLAY_OneByOne
PLAY_OneByOneBack
PLAY_OpenAudioRecord
PLAY_OpenFile
PLAY_OpenPlayGroup
PLAY_OpenStream
PLAY_OpenStreamEx
PLAY_OptFisheyeParams
PLAY_Pause
PLAY_PausePlayGroup
PLAY_Play
PLAY_PlaySound
PLAY_PlaySoundShare
PLAY_QueryFileList
PLAY_QueryGroupPlayingTime
PLAY_QueryInfo
PLAY_RealeseDDraw
PLAY_RefreshPlay
PLAY_RefreshPlayEx
PLAY_Register3rdDecryptHook
PLAY_ReleaseDDrawDevice
PLAY_ReleasePort
PLAY_RenderPrivateData
PLAY_ResetBuffer
PLAY_ResetSourceBufFlag
PLAY_ResetSourceBuffer
PLAY_RigisterDrawFun
PLAY_RigisterDrawFunEx
PLAY_SeekPlayGroup
PLAY_SetAVSyncType
PLAY_SetAudioCallBack
PLAY_SetAudioRecScaling
PLAY_SetAudioRenderScaling
PLAY_SetColor
PLAY_SetCurrentFrameNum
PLAY_SetDDrawDevice
PLAY_SetDDrawDeviceEx
PLAY_SetDeNoiseParams
PLAY_SetDecCBStream
PLAY_SetDecCallBack
PLAY_SetDecCallBackEx
PLAY_SetDecInfoCallBack
PLAY_SetDecodeCallBack
PLAY_SetDecodeKey
PLAY_SetDecodeStrategy
PLAY_SetDecodeThreadNum
PLAY_SetDehazeParams
PLAY_SetDelayTime
PLAY_SetDemuxCallBack
PLAY_SetDigitalSignCallBack
PLAY_SetDisplayBuf
PLAY_SetDisplayCallBack
PLAY_SetDisplayRegion
PLAY_SetDisplayType
PLAY_SetDoubleVisibleDecCallBack
PLAY_SetEncChangeMsg
PLAY_SetEncTypeChangeCallBack
PLAY_SetEncTypeChangeCallBackEx
PLAY_SetEngine
PLAY_SetFileEndCallBack
PLAY_SetFileEndMsg
PLAY_SetFileIndexProgressCallBack
PLAY_SetFileRefCallBack
PLAY_SetFileRefCallBackEx
PLAY_SetFileTimeDoneCallBack
PLAY_SetFishEyeInfoCallBack
PLAY_SetFisheyeParams
PLAY_SetGPSCallBack
PLAY_SetIVSCallBack
PLAY_SetIVSEParams
PLAY_SetMDRange
PLAY_SetMDThreShold
PLAY_SetMultiFrameCallBack
PLAY_SetMultiFrameDecCallBack
PLAY_SetOverlayMode
PLAY_SetPandoraWaterMarkCallBack
PLAY_SetPercentCallBack
PLAY_SetPicQuality
PLAY_SetPlayDirection
PLAY_SetPlayGroupDirection
PLAY_SetPlayGroupSpeed
PLAY_SetPlayMethod
PLAY_SetPlayPos
PLAY_SetPlayPosByFileOffset
PLAY_SetPlaySpeed
PLAY_SetPlayedAbsTime
PLAY_SetPlayedTimeEx
PLAY_SetRefValue
PLAY_SetRenderMode
PLAY_SetRotateAngle
PLAY_SetSEnhanceMode
PLAY_SetSecurityKey
PLAY_SetSourceBufCallBack
PLAY_SetStreamOpenMode
PLAY_SetTimerType
PLAY_SetVerifyCallBack
PLAY_SetVideoPerTimer
PLAY_SetVisibleDecCallBack
PLAY_SetVisibleDecodeCallBack
PLAY_SetVolume
PLAY_SetWaterMarkCallBack
PLAY_SetWaterMarkCallBackEx
PLAY_SetupPrepareTime
PLAY_Slow
PLAY_SplitProc
PLAY_SplitProcUpdate
PLAY_StartAVIConvert
PLAY_StartAVIResizeConvert
PLAY_StartDataRecord
PLAY_StartDeHaze
PLAY_StartDeNoise
PLAY_StartFisheye
PLAY_StartFisheyeEx
PLAY_StartFisheyeMPTZ
PLAY_StartIVSE
PLAY_StartPrepareRecord
PLAY_StartVideoStable
PLAY_StepPlayGroup
PLAY_Stop
PLAY_StopAVIConvert
PLAY_StopAVIResizeConvert
PLAY_StopDataRecord
PLAY_StopDeHaze
PLAY_StopDeNoise
PLAY_StopFisheye
PLAY_StopIVSE
PLAY_StopPrepareRecord
PLAY_StopSound
PLAY_StopSoundShare
PLAY_StopVideoStable
PLAY_SurfaceChange
PLAY_ThrowBFrameNum
PLAY_VerticalSyncEnable
PLAY_WriteData
_PLAY_CleanScreen@24
_PLAY_GetScale@8
_PLAY_GetTranslateX@8
_PLAY_GetTranslateY@8
_PLAY_Scale@12
_PLAY_SetAnalyzePositionCallback@12
_PLAY_SetDisplayScale@12
_PLAY_SetFileInfoFrameCallback@16
_PLAY_SetIdentity@8
_PLAY_SetMemMinimized@4
_PLAY_StartDataRecordEx@20
_PLAY_StartEdgeEnhance@12
_PLAY_StartFileFrameDetect@8
_PLAY_StopEdgeEnhance@4
_PLAY_StopFileFrameDetect@4
_PLAY_Translate@16
_PLAY_ViewResolutionChanged@16

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
h264dec.dll
.dll windows:5 windows x86 arch:x86

a315a73f969e41b9861cdd01eb870d6a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:8a:0a:1f:31:a3:92:f5:8a:e9:5f:c7:b4:fd:c8:c5:ea:c1:22:e3:97:a8:3e:35:e7:1f:7f:21:28:93:34:0f
Signer

Actual PE Digest

50:8a:0a:1f:31:a3:92:f5:8a:e9:5f:c7:b4:fd:c8:c5:ea:c1:22:e3:97:a8:3e:35:e7:1f:7f:21:28:93:34:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
CloseHandle
WaitForSingleObject
DeleteCriticalSection
CreateEventA
CreateSemaphoreA
ResetEvent
ReleaseSemaphore
SetEvent
GetProcAddress
GetModuleHandleA
InterlockedExchangeAdd
GetProcessAffinityMask
GetCurrentProcess
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
Sleep
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetFileType
CreateFileW
HeapAlloc
HeapReAlloc
HeapFree
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
GetModuleFileNameW
HeapCreate
HeapDestroy
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
RtlUnwind
FlushFileBuffers
LCMapStringW
GetStringTypeW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
HeapSize

Exports

Exports

H264_Dec_Close
H264_Dec_DeInit
H264_Dec_Decode
H264_Dec_GetCPUCaps
H264_Dec_GetInfo
H264_Dec_Init
H264_Dec_Open

Sections

.text
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mjpegdec.dll
.dll windows:4 windows x86 arch:x86

58643d49bdb01ae1e15de2807f925b81

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:a7:2f:80:c7:c5:75:69:29:98:5e:e3:d4:43:31:83:fe:64:82:a6:17:2c:63:72:a6:de:f8:3a:f6:89:51:42
Signer

Actual PE Digest

45:a7:2f:80:c7:c5:75:69:29:98:5e:e3:d4:43:31:83:fe:64:82:a6:17:2c:63:72:a6:de:f8:3a:f6:89:51:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Exports

Exports

JPEG_Dec_Close
JPEG_Dec_DeInit
JPEG_Dec_Decode
JPEG_Dec_Init
JPEG_Dec_Open
JPEG_Parser_Close
JPEG_Parser_Open
JPEG_Parser_Start
MJPEG_Dec_Close
MJPEG_Dec_DeInit
MJPEG_Dec_Decode
MJPEG_Dec_Init
MJPEG_Dec_Open

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npPlugin.dll
.dll windows:4 windows x86 arch:x86

e7a3fc052fbc3e418dca68b325489707

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:49:84:5c:4b:c1:98:8f:89:58:a3:38:5c:b6:45:9f:c0:a5:ce:98:5b:02:05:0c:0a:c5:6e:95:47:0a:b3:ff
Signer

Actual PE Digest

10:49:84:5c:4b:c1:98:8f:89:58:a3:38:5c:b6:45:9f:c0:a5:ce:98:5b:02:05:0c:0a:c5:6e:95:47:0a:b3:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrlenW
MultiByteToWideChar
OutputDebugStringA
GetCurrentThreadId
GetLastError
VirtualQuery
GetModuleFileNameA
GetProcAddress
LoadLibraryExA
FreeLibrary
LocalAlloc
LocalFree

user32

PostMessageA
MessageBoxA
SetWindowLongA
GetWindowLongA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

mfc42

ord2864
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord825
ord823
ord800
ord1601
ord2818
ord342
ord641
ord2915
ord858
ord3499
ord2515
ord355
ord540
ord6467
ord537
ord1182
ord1116
ord1176
ord1575
ord1168
ord1577

msvcrt

_onexit
strlen
?terminate@@YAXXZ
_except_handler3
sscanf
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
strcat
_purecall
strtok
strcmp
_ftol
atoi
sprintf
_mbscmp
__CxxFrameHandler
malloc
memcpy
memset
_strlwr
_strupr
??0exception@@QAE@ABV0@@Z
fputs
_iob
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z

msvcp60

??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7runtime_error@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

timeaxesdll

ReleaseTimeAxesModule
GetTimeAxesModule

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
postproc.dll
.dll windows:4 windows x86 arch:x86

90fb0d3b9147b78e7ee69fa48ce244a0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:03:4b:38:38:aa:3f:ff:35:b8:2d:7b:3e:2b:5b:f0:43:5a:34:8b:67:01:c1:91:22:6d:35:68:0d:70:bc:65
Signer

Actual PE Digest

52:03:4b:38:38:aa:3f:ff:35:b8:2d:7b:3e:2b:5b:f0:43:5a:34:8b:67:01:c1:91:22:6d:35:68:0d:70:bc:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
HeapAlloc
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
Sleep
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

POSTPROCESS_deInterlace
POSTPROCESS_deInterlace_deinit
POSTPROCESS_deInterlace_init
POSTPROCESS_deInterlace_interpolation
POSTPROCESS_deblock
POSTPROCESS_deblock_deinit
POSTPROCESS_deblock_init
POSTPROCESS_deblock_ramkishor
POSTPROCESS_dering
POSTPROCESS_dering_deinit
POSTPROCESS_dering_init
POSTPROCESS_lumaStretch
POSTPROCESS_rotate
POSTPROCESS_rotate_deinit
POSTPROCESS_rotate_init

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
speech_enhance.dll
.dll windows:5 windows x86 arch:x86

40ce5ec55e67e1a6d85718fd3f301e33

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:d9:32:44:bc:e7:d7:48:63:95:4d:d3:eb:60:fd:09:d4:2b:92:36:4a:ca:c3:33:bc:64:d8:88:35:b6:ca:0c
Signer

Actual PE Digest

46:d9:32:44:bc:e7:d7:48:63:95:4d:d3:eb:60:fd:09:d4:2b:92:36:4a:ca:c3:33:bc:64:d8:88:35:b6:ca:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

free
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
malloc
_except_handler4_common
memcpy
memset

kernel32

DecodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
EncodePointer

Exports

Exports

Speech_enhance
Speech_enhance_deInit
Speech_enhance_init
Speech_enhance_setFormat

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
timeAxesDll.dll
.dll windows:4 windows x86 arch:x86

1c83ba65122bf23d1a12963a1cd39df8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:35:46:0d:fc:54:0d:d4:f6:a1:7a:1e:47:b2:08:67:bd:df:68:a7:c4:83:b4:a9:9a:04:65:bb:8a:c6:7d:6a
Signer

Actual PE Digest

9e:35:46:0d:fc:54:0d:d4:f6:a1:7a:1e:47:b2:08:67:bd:df:68:a7:c4:83:b4:a9:9a:04:65:bb:8a:c6:7d:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3136
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord3742
ord818
ord567
ord4275
ord2864
ord2379
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord825
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord540
ord2818
ord924
ord800
ord6467
ord823
ord3749

msvcrt

??1type_info@@UAE@XZ
malloc
_initterm
free
_onexit
__dllonexit
sscanf
strcmp
atoi
memcpy
memcmp
_purecall
strlen
sprintf
_ftol
memset
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
fputs
_iob
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv

kernel32

GetSystemTime
CreateThread
CreateEventA
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
LocalFree
LocalAlloc
SetEvent

user32

DrawTextA
FillRect
PtInRect
CopyRect
MoveWindow
GetClientRect
InvalidateRect
ReleaseDC
EndPaint
BeginPaint
ReleaseCapture
SetCapture
PostMessageA
GetParent
SendMessageA
EnableWindow

gdi32

CreatePen
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPointA
CreateSolidBrush
SetTextColor
Polygon
SelectObject
LineTo
MoveToEx
BitBlt
CreateFontA
SetBkMode

comctl32

_TrackMouseEvent

msvcp60

?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_7runtime_error@std@@6B@
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1Init@ios_base@std@@QAE@XZ

msimg32

AlphaBlend

Exports

Exports

GetTimeAxesModule
ReleaseTimeAxesModule

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
webActiveX.exe
.exe windows:4 windows x86 arch:x86

2e80890e88947373a0d5c952862e7715

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/06/2016, 09:29

Not After

11/08/2017, 09:00

Subject

CN=Zhejiang Dahua Technology CO.\,LTD.,OU=研发中心-产品管理部,O=Zhejiang Dahua Technology CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:7f:e5:de:aa:1b:27:df:4e:f6:7b:fd:93:29:48:32:db:3e:52:0d:42:82:bd:10:a8:8e:05:d0:9c:85:8a:49
Signer

Actual PE Digest

df:7f:e5:de:aa:1b:27:df:4e:f6:7b:fd:93:29:48:32:db:3e:52:0d:42:82:bd:10:a8:8e:05:d0:9c:85:8a:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryExA
VirtualQuery
InterlockedIncrement
InterlockedDecrement
lstrlenW
SetEvent
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
LocalFree
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetLastError
CloseHandle
SetUnhandledExceptionFilter
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
LeaveCriticalSection
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineA
lstrcmpiA
Sleep
CreateEventA
CreateThread
WaitForSingleObject

user32

InvalidateRect
UnionRect
SetWindowPos
SetWindowRgn
PostMessageA
MessageBoxA
PtInRect
GetKeyState
EndPaint
ShowWindow
SetFocus
IsWindow
CreateWindowExA
CallWindowProcA
IntersectRect
EqualRect
OffsetRect
BeginPaint
GetClientRect
GetParent
GetFocus
IsChild
GetMessageA
DispatchMessageA
CharNextA
GetWindowLongA
SetWindowLongA
DestroyWindow
DefWindowProcA
PostThreadMessageA

gdi32

DeleteMetaFile
TextOutA
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
Rectangle
CreateRectRgnIndirect
SetTextAlign
CloseMetaFile
SetWindowExtEx
CreateMetaFileA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

ole32

CreateOleAdviseHolder
OleRegEnumVerbs
CreateDataAdviseHolder
CoTaskMemAlloc
OleRegGetMiscStatus
OleRegGetUserType
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

VariantChangeType
OleCreatePropertyFrame
VariantClear
SysStringLen
LoadRegTypeLi
SysAllocStringLen
SysFreeString
SysAllocString
VariantInit
CreateErrorInfo

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7runtime_error@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1runtime_error@std@@UAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?str@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

atl

ord32
ord16
ord26
ord27
ord58
ord46
ord51
ord31
ord52
ord53
ord50
ord44
ord43
ord17
ord57
ord18
ord20
ord21
ord23
ord30

msvcrt

_XcptFilter
??1type_info@@UAE@XZ
sscanf
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_iob
fputs
??0exception@@QAE@ABV0@@Z
_CxxThrowException
wcslen
_strupr
_strlwr
_strdup
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
?terminate@@YAXXZ
_exit
memcmp
malloc
realloc
abs
atoi
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
memset
strlen
memcpy
free
sprintf
strcat
strcpy
_mbsrchr
strcmp
strtok
_purecall

timeaxesdll

GetTimeAxesModule
ReleaseTimeAxesModule

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3Certificate

Extended Key Usages

Key Usages

62:5f:92:13:ce:e5:e6:bf:25:a0:b9:eb:da:02:36:0e:30:93:a9:28:0a:21:5f:58:87:ce:d9:1d:bb:65:64:5bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 22KB - Virtual size: 21KB

23119d8d1f578fcfcc7c3e0738c8561f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3Certificate

Extended Key Usages

Key Usages

fa:98:dd:0f:af:cb:a4:7f:e3:0b:79:bb:15:29:45:c0:11:55:c0:d2:40:0a:44:76:81:53:cb:74:e4:14:58:8cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcrt

msvcp60

dhnetsdk

ws2_32

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 266KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 24KB - Virtual size: 7.9MB

.reloc Size: 48KB - Virtual size: 44KB

c82aacbbadbd5e95a3fb142f6050ddf8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

62:5f:92:13:ce:e5:e6:bf:25:a0:b9:eb:da:02:36:0e:30:93:a9:28:0a:21:5f:58:87:ce:d9:1d:bb:65:64:5b
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 22KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

fa:98:dd:0f:af:cb:a4:7f:e3:0b:79:bb:15:29:45:c0:11:55:c0:d2:40:0a:44:76:81:53:cb:74:e4:14:58:8c
Signer

.text
Size: 268KB - Virtual size: 266KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 24KB - Virtual size: 7.9MB

.reloc
Size: 48KB - Virtual size: 44KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

9f:49:06:47:05:d6:68:f6:16:cc:24:1d:25:f2:69:66:05:ba:c8:5c:94:58:27:30:76:82:90:4c:61:c2:2d:17
Signer

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 8KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

ad:b2:bd:25:1a:55:37:9b:be:e4:88:86:c6:81:05:aa:b5:3b:7a:a2:aa:19:e7:d9:d1:a5:79:62:87:a1:70:69
Signer

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 4KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5a:78:22:d5:f6:41:89:21:e0:dd:89:a3
Certificate

83:48:dd:e6:6a:9c:d0:56:a2:84:23:3e:4f:e6:b1:96:25:a7:e4:1a:1f:b2:eb:4a:88:a8:d8:08:77:d1:8b:73
Signer