71246671ffc920da4d0643419a164c71

Sharing

Copy URL Twitter E-mail

General

Target

71246671ffc920da4d0643419a164c71
Size

1.6MB
MD5

71246671ffc920da4d0643419a164c71
SHA1

489b56c3e92ec9a4cf516433b0acf721e6438f9a
SHA256

c41167832e23807b0c6a98bcda72708286d523929c55c2bab72adaf5b7cf9b95
SHA512

e526c1a9dfe1bc98433644bfcaf49c7fc15bb2eae102ccecf21ac0db1744a3e7ea71f89c068cf90dc8b9c0ee1567eabb9b84271e1e16c370b100978e8ac2bf6a
SSDEEP

24576:VmJWYgcDBI5lNYJoIjclAfYEzlrg2aTQ4qJyXbk8FefMX6fA0mCNHHEwc:VLYgc9JJjcSbza7qWe8lClkp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

Files

71246671ffc920da4d0643419a164c71
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c8:eb:a4:61:37:21:d1:e5:d7:b9:d2:b0:05:ec:9b:10:e7:d8:d2:fb
Signer

Actual PE Digest

c8:eb:a4:61:37:21:d1:e5:d7:b9:d2:b0:05:ec:9b:10:e7:d8:d2:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupHelper.dll
.dll windows:4 windows x86 arch:x86

d9997cc22607493388b309294c30bacc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22
Signer

Actual PE Digest

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
GlobalGetAtomNameW
GetAtomNameW
GetThreadLocale
SystemTimeToFileTime
GlobalFlags
GetPrivateProfileStringW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileTime
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetDriveTypeW
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
TlsFree
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
GetModuleFileNameA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
SetStdHandle
GetConsoleCP
GetConsoleMode
CreateFileA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
GetFullPathNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
InterlockedCompareExchange
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetStdHandle
CreatePipe
DuplicateHandle
DebugBreak
MoveFileW
GetBinaryTypeW
IsDBCSLeadByte
GetCPInfo
GetLocalTime
WritePrivateProfileStringW
GetDiskFreeSpaceExW
GetProcessHeap
HeapAlloc
HeapFree
GetPrivateProfileIntW
InterlockedDecrement
ReadFile
SetFilePointer
GetTempPathW
GetFileSize
SetLastError
LocalAlloc
DeviceIoControl
GetCurrentProcessId
QueryDosDeviceW
Module32FirstW
Module32NextW
TerminateProcess
GetUserDefaultUILanguage
GetLocaleInfoW
CreateEventW
SetEvent
ExpandEnvironmentStringsW
GetCurrentDirectoryW
IsBadReadPtr
IsBadWritePtr
GetSystemDefaultLangID
GetVersion
MultiByteToWideChar
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetFileAttributesA
CreateFileW
WriteFile
FormatMessageW
FormatMessageA
lstrlenA
OutputDebugStringA
LocalFree
ReleaseMutex
CreateMutexW
GetModuleFileNameW
GetSystemInfo
LoadLibraryW
FreeLibrary
SetErrorMode
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GlobalAlloc
lstrcpynW
GlobalFree
GetWindowsDirectoryW
OutputDebugStringW
GetSystemDirectoryW
GetLastError
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CopyFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose
GetTickCount
GetVersionExW
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
lstrlenW
VirtualFreeEx
GetTempPathA
Sleep
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
FindResourceW
LoadResource
LockResource
SizeofResource
IsValidCodePage
WideCharToMultiByte

user32

FillRect
ScrollWindowEx
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SendMessageTimeoutW
InvalidateRect
UnregisterClassA
SendMessageW
GetClientRect
FindWindowExW
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
TabbedTextOutW
DestroyIcon
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetDlgCtrlID
GetWindowLongW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
LoadBitmapW
LoadIconW
CharNextW
CharPrevW
GetCursorPos
LoadCursorW
SetCursor
GetDesktopWindow
ReleaseDC
GetDC
PtInRect
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
PostQuitMessage
CheckMenuItem
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
GetKeyNameTextW
MapVirtualKeyW
InflateRect
UnregisterClassW
GetSysColorBrush
GetMenuItemInfoW
DestroyMenu
GetDialogBaseUnits
GetKeyState
DeleteMenu
FindWindowW
GetParent
CharUpperW
SetScrollRange
ScreenToClient
ClientToScreen
GetWindowThreadProcessId
GetWindowTextW
EndPaint
BeginPaint
CallWindowProcW
SetWindowLongW
GetWindowRect
SetFocus
KillTimer
ShowWindow
IsWindowVisible
SetTimer
MoveWindow
OffsetRect
IsWindow
SetWindowTextW
IsWindowEnabled
UpdateWindow
CreateWindowExW
GetDlgItem
LoadImageW
RegisterWindowMessageW
MessageBoxW
LoadStringW
SystemParametersInfoW
SetWindowPos
GetSystemMenu
EnableMenuItem
RedrawWindow
GetDlgItemTextW
EndDialog
DefWindowProcW
PostMessageW
GetClassNameW
EnableWindow
GetWindow
FindWindowA
BeginDeferWindowPos

gdi32

GetTextMetricsW
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
PatBlt
GetWindowExtEx
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
StartDocW
SetROP2
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
DeleteObject
TextOutW
GetTextExtentPoint32W
SetBkMode
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetTextColor
BitBlt
GetDeviceCaps
CopyMetaFileW
CreateDCW
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetPolyFillMode
GetPixel

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
RegRestoreKeyW
RegEnumKeyExW
LookupAccountNameW
GetFileSecurityW
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
GetAclInformation
GetAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorControl
SetFileSecurityW
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
QueryServiceConfigW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegQueryInfoKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ChangeServiceConfigW
ChangeServiceConfig2W
DeleteService
ControlService
QueryServiceStatus
CreateServiceW
RegDeleteValueW
RegOpenKeyW
OpenSCManagerW
OpenServiceW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
CloseServiceHandle
StartServiceW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
ExtractIconW
SHGetFileInfoW
SHFileOperationW

shlwapi

PathFileExistsW
SHDeleteKeyW
PathIsDirectoryW
SHSetValueW
PathAppendW
PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
StgCreateDocfile
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
CoCreateGuid
CreateBindCtx
ReleaseStgMedium
SetConvertStg
StringFromCLSID
CoTreatAsClass
StgOpenStorage
StgIsStorageFile
CoInitialize
CoFreeUnusedLibrariesEx
ReadClassStg
CoTaskMemFree
CoCreateInstance
CoUninitialize
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc
WriteFmtUserTypeStg

oleaut32

VariantInit
VariantChangeType
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
VariantClear
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
SysStringLen
SysAllocString
SysFreeString
SafeArrayGetElement
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ws2_32

WSCDeinstallProvider
WSCEnumProtocols
htonl
htons

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
EnumProcessModules

imagehlp

UnMapAndLoad
MapAndLoad

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

Exports

Exports

AddToAllowList
ApiInstallFileMonDriver
ApiUninstallFileMonDriver
BackUpSetupPackage
CallOutTrayIcon
CallRegEnvironmentVar
CallRegUrlProtocol
CallRegUrlProtocol2
CallUnRegEnvironmentVar
CallUnRegUrlProtocol
CallUnShortCut
Check360
CheckAV
CheckCRunTime
CheckForQQSoftUninstall
CheckForSetup
CheckForUninstall
CheckInstallPath
CheckQQPCRtpNeedReboot
CleanTempFolder
CloseProcess
CreateBitmapCtrl
CreateShortCutInfo
DelService
DeleteCacheFolder
DeleteFileRecursively
DeleteRebootCopy
DeployFile
DisableFileRedirect
ExecuteShell
ExecuteShellNoWait
ExtendCommand
FinalizeReport
FindExistedRTP
GetFunctionRunTime
GetIntVersionFromString
GetMessageHandler
GetParentProcessName
GetQQReleatedPath
GetQQSoftInstallDir
GetShortCutInfo
GetSystemDriversPath
HookInstallButton
InitPenetration
InitializeReport
IsAcLayers
IsAdmin
IsChildProtectionRun
IsCompare
IsMainWndRun
IsNeedUpdate
IsPinQQPCMgrToStartMenu
IsPinUnsoftToStartMenu
IsQQDoctorExist
IsQQPCTrayExists
IsQQSoftExist
IsVista
IsWin7
IsWinXp
IsWindows64
IsWndEnable
IsWow64
LoadDriver
LoadQMDriver
LoadTSFltmgr
NotifyAction
NotifyProgress
NotifySetupStatus
OutputError
OutputInfo
ParseCmdLine
ParseUninstallCmdLine
PinQQPCMgrToStartMenu
PinUnsoftToStartMenu
PrepareConfig
ReadLastInstallTime
ReadLastUnInstallTime
RecoverCommand
RecoverProxy
RegisterSecurityCenterHelper
ReleaseRtpOptDlg
RemoveArpDriver
RemoveFromAllowList
RemoveQQPCMgrFromStartMenu
RemoveUnSoftFromStartMenu
RepairQQPCRtp
ReportInstallInfo
ReportUninstallInfo
RevertFileRedirect
SaveRtpState
SetExclusive
SetFunctionRunStartTime
SetInstallPath
SetInstallStartTime
SetInstallTime
SetRowSpace
SetSystemAccessControl
SetText
SetUnInstallPath
SetUnistallPara
ShowLoadDriverErrorDlg
ShowRtpOptDlg
UnHookInstallButton
UninitPenetration
UninstallLSP
UninstallQQDoctor
UninstallQQSoft
UpdateFIXService
UpdateProtectState
UpdateRTPService
UpdateRtpState
UpdateSetupInfo
UpdateTrayIcon
WaitBugReportExit
WaitForFixShutdown
WaitForProcessEndByName
WaitForRtpShutdown
WaitForUninstExit
WaitUninstallComplete
WriteLog
WriteTimer
free_instfilespage_bitmap
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer

Sections

.text
Size: 872KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/PluginInfo/qmsxtboxplugin/PluginInfo.xml
CacheBJSX/plugins/qmsxtboxplugin/DcomLaunch.exe
.exe windows:4 windows x86 arch:x86

0d20ac2d18330084720483bd64f48218

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:34:e8:ad:53:26:74:7c:47:c4:5a:17:82:52:f6:ca:29:3c:5f:19
Signer

Actual PE Digest

de:34:e8:ad:53:26:74:7c:47:c4:5a:17:82:52:f6:ca:29:3c:5f:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
CreateEventW
OpenEventW
InterlockedCompareExchange
ResetEvent
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedExchange
CloseHandle
GetThreadContext
SetThreadContext
ResumeThread
GetCurrentThreadId
VirtualAlloc
FlushInstructionCache
VirtualProtect
VirtualQuery
SetLastError
FreeLibrary
WaitForMultipleObjects
CreateProcessW
GetModuleFileNameW
GetCurrentProcess
GetLastError
GetCurrentThread
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
OpenFileMappingW
CreateFileMappingW
LoadLibraryW
GetCurrentProcessId
ProcessIdToSessionId
GetModuleHandleW
OpenProcess
GetVersionExW
Sleep
CreateThread
GetProcAddress
WaitForSingleObject
SuspendThread

shlwapi

StrStrIW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__set_app_type
_unlock
memcpy
memset
_wcsicmp
??_V@YAXPAX@Z
_wcsupr_s
memmove_s
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_stricmp
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
_vsnwprintf_s
??2@YAPAXI@Z
_wtoi
wcsstr
_crt_debugger_hook
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
__dllonexit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
_except_handler4_common
_CxxThrowException

ws2_32

WSASetLastError

advapi32

OpenSCManagerW
CloseServiceHandle
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherW
AccessCheckByType
SetThreadToken
GetTokenInformation
SetServiceStatus
OpenServiceW
OpenSCManagerA
DuplicateToken
OpenProcessToken
RegisterServiceCtrlHandlerExW
ControlService
QueryServiceStatus
QueryServiceStatusEx
StartServiceW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sandbox_
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/DcomLaunch64.exe
.exe windows:4 windows x64 arch:x64

479b746610448b261e3574f26f9cd681

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:3a:38:5e:12:41:51:70:fe:4d:af:fd:2d:a7:ba:fe:f1:91:24:6a
Signer

Actual PE Digest

0d:3a:38:5e:12:41:51:70:fe:4d:af:fd:2d:a7:ba:fe:f1:91:24:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ResetEvent
CloseHandle
WaitForSingleObject
OpenProcess
SetEvent
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateEventW
TerminateProcess
GetStartupInfoW
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
GetCurrentThreadId
VirtualAlloc
FlushInstructionCache
VirtualProtect
VirtualQuery
GetCurrentProcess
GetLastError
SetLastError
FreeLibrary
WaitForMultipleObjects
CreateProcessW
GetModuleFileNameW
GetVersionExW
Sleep
CreateThread
GetCurrentProcessId
ProcessIdToSessionId
GetCurrentThread
LoadLibraryW
GetModuleHandleW
GetProcAddress
OpenEventW
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
TlsFree
CreateFileMappingW
OpenFileMappingW
TlsAlloc

shlwapi

StrStrIW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

msvcr80

__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_commode
memset
__C_specific_handler
_wcsupr_s
memmove_s
_wcsicmp
??_V@YAXPEAX@Z
_vsnwprintf_s
?what@exception@std@@UEBAPEBDXZ
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_invalid_parameter_noinfo
_stricmp
??0exception@std@@QEAA@XZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
_wtoi
wcsstr
_fmode
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memcpy
_CxxThrowException
memcmp
__CxxFrameHandler3

ws2_32

WSASetLastError

advapi32

OpenSCManagerW
CloseServiceHandle
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerExW
AccessCheckByType
SetThreadToken
GetTokenInformation
SetServiceStatus
OpenSCManagerA
ControlService
DuplicateToken
OpenProcessToken
QueryServiceStatus
QueryServiceStatusEx
StartServiceW
OpenServiceW
StartServiceCtrlDispatcherW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sandbox_
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/QMSXTBoxPlugin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

146977f09a8144c07931a951504187d6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:da:8a:84:b1:52:6a:2b:0c:61:ca:7f:64:e0:0c:10:19:23:9f:2c
Signer

Actual PE Digest

46:da:8a:84:b1:52:6a:2b:0c:61:ca:7f:64:e0:0c:10:19:23:9f:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetModuleHandleW
GetCurrentProcess
CreateProcessW
CloseHandle
lstrcmpiW
lstrlenW
GetLastError
FindResourceExW
TerminateProcess
InterlockedCompareExchange
Sleep
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
UnhandledExceptionFilter
RaiseException
InterlockedExchange

user32

CharNextW
UnregisterClassA

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetFileInfoW

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString
VarUI4FromStr
LoadTypeLi
SysStringLen
LoadRegTypeLi

atl80

ord31
ord32
ord58
ord15
ord18
ord22
ord64
ord23
ord30
ord61

shlwapi

PathFileExistsW

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

msvcr80

_initterm
??3@YAXPAX@Z
wcsrchr
memcpy_s
malloc
free
_CxxThrowException
wcscpy_s
wcsncpy_s
memset
__CxxFrameHandler3
wcslen
wcsncat_s
??_V@YAXPAX@Z
memmove_s
_purecall
_recalloc
memcmp
??2@YAPAXI@Z
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
__clean_type_info_names_internal
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/RPCVirtualize.exe
.exe windows:4 windows x86 arch:x86

ee83dab0af9859a76701c5479bccd699

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:e6:31:ac:4b:c7:09:1e:3a:33:ce:88:e4:da:a9:a2:06:1e:2f:e6
Signer

Actual PE Digest

ca:e6:31:ac:4b:c7:09:1e:3a:33:ce:88:e4:da:a9:a2:06:1e:2f:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
CloseHandle
WaitForSingleObject
OpenProcess
SetEvent
CreateFileMappingW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateEventW
InterlockedExchange
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
GetCurrentThreadId
VirtualAlloc
FlushInstructionCache
VirtualProtect
VirtualQuery
GetCurrentProcess
GetLastError
SetLastError
FreeLibrary
WaitForMultipleObjects
CreateProcessW
GetModuleFileNameW
OpenFileMappingW
GetCurrentThread
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetModuleHandleW
GetVersionExW
Sleep
InterlockedCompareExchange
CreateThread
GetProcAddress
LoadLibraryW
ProcessIdToSessionId
OpenEventW
GetStartupInfoW

shlwapi

StrStrIW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
_except_handler4_common
_unlock
memcpy
memset
memmove_s
_wcsicmp
??_V@YAXPAX@Z
_wcsupr_s
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_stricmp
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_vsnwprintf_s
_wtoi
wcsstr
_crt_debugger_hook
?terminate@@YAXXZ
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__dllonexit
_controlfp_s
__CxxFrameHandler3
__p__fmode
_CxxThrowException

ws2_32

WSASetLastError

advapi32

RegisterServiceCtrlHandlerExW
AccessCheckByType
SetThreadToken
StartServiceCtrlDispatcherW
SetServiceStatus
OpenServiceW
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
ControlService
OpenSCManagerA
RegisterServiceCtrlHandlerExA
DuplicateToken
OpenProcessToken
GetTokenInformation
CloseServiceHandle
OpenSCManagerW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sandbox_
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/RPCVirtualize64.exe
.exe windows:4 windows x64 arch:x64

dc6df07b535afc5dfe90544b4db3e7a1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:0d:aa:52:90:7d:30:ba:e2:ba:dd:61:33:31:93:6e:8e:89:b8:32
Signer

Actual PE Digest

f8:0d:aa:52:90:7d:30:ba:e2:ba:dd:61:33:31:93:6e:8e:89:b8:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenEventW
ResetEvent
CloseHandle
WaitForSingleObject
OpenProcess
SetEvent
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateFileMappingW
TerminateProcess
GetStartupInfoW
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
GetCurrentThreadId
VirtualAlloc
FlushInstructionCache
VirtualProtect
VirtualQuery
WaitForMultipleObjects
CreateProcessW
GetModuleFileNameW
GetCurrentProcess
GetLastError
SetLastError
FreeLibrary
GetCurrentThread
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
OpenFileMappingW
ProcessIdToSessionId
GetModuleHandleW
CreateEventW
GetVersionExW
Sleep
CreateThread
GetProcAddress
GetCurrentProcessId
UnhandledExceptionFilter
LoadLibraryW

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrStrIW

msvcp80

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ

msvcr80

_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memcpy
__setusermatherr
__C_specific_handler
??_V@YAXPEAX@Z
_wcsupr_s
memmove_s
_wcsicmp
_invalid_parameter_noinfo
??0exception@std@@QEAA@XZ
_stricmp
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
??3@YAXPEAX@Z
?what@exception@std@@UEBAPEBDXZ
_vsnwprintf_s
??2@YAPEAX_K@Z
_wtoi
wcsstr
_commode
_fmode
__crt_debugger_hook
?terminate@@YAXXZ
memset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memcmp
__CxxFrameHandler3
__set_app_type
_CxxThrowException

ws2_32

WSASetLastError

advapi32

StartServiceW
QueryServiceStatus
QueryServiceStatusEx
StartServiceCtrlDispatcherW
ControlService
OpenSCManagerA
OpenSCManagerW
CloseServiceHandle
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerExW
OpenServiceW
SetServiceStatus
DuplicateToken
OpenProcessToken
GetTokenInformation
SetThreadToken
AccessCheckByType

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sandbox_
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/SXClean.exe
.exe windows:4 windows x86 arch:x86

df5af5da5d31768630640f718b7a65a8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:dd:22:38:1f:77:45:7e:2d:ff:45:df:6e:5f:cc:0a:2e:0b:1e:c7
Signer

Actual PE Digest

ff:dd:22:38:1f:77:45:7e:2d:ff:45:df:6e:5f:cc:0a:2e:0b:1e:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
GetWindowsDirectoryW
FindNextFileW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLastError
FindClose
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetModuleHandleA
GetProcAddress
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

SendMessageW
FindWindowW

advapi32

RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
SetSecurityInfo
SetNamedSecurityInfoW
RegCloseKey
RegQueryInfoKeyW

shell32

SHFileOperationW

shlwapi

SHDeleteKeyW

msvcr80

memcpy
_wcsicmp
_amsg_exit
__wgetmainargs
_cexit
wcscmp
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
wcsncpy
malloc
_snwprintf
free
memset
wcslen
_exit

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/SXIPC.dll
.dll windows:4 windows x86 arch:x86

c685094a9cd1be4b4c02d6b87f8deadd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:7a:3e:ea:0b:d0:e3:02:d8:87:ec:af:14:a5:b0:51:37:67:41:a8
Signer

Actual PE Digest

ac:7a:3e:ea:0b:d0:e3:02:d8:87:ec:af:14:a5:b0:51:37:67:41:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
LeaveCriticalSection
SetEvent
GetProcAddress
GetModuleHandleW
GetCurrentProcess
OpenEventW
CreateEventW
InitializeCriticalSection
CreateThread
GetWindowsDirectoryW
GetFileAttributesW
GetCurrentProcessId
CreateProcessW
WaitForSingleObject
EnterCriticalSection
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryDosDeviceW
CloseHandle
GetModuleFileNameW
LoadLibraryA
RtlUnwind
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

GetWindowThreadProcessId
FindWindowW
SendMessageW
GetWindowLongW
GetWindowTextW
EnumWindows

comdlg32

GetFileTitleW

advapi32

RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetPathFromIDListW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

wnsprintfW
PathRemoveFileSpecW

psapi

GetModuleBaseNameW
EnumProcessModules

Exports

Exports

AddExclusionReg
AddSandbox
ClearRenameData
GetProcessesInSandBox
GetWindowTitle
InitSandbox
InstallDriver
KillSandboxProcess
NotifyDirverAutoInSandbox
NotifyDirverRemoveFromSandbox
QuitGUI
RefreshProcessList
RegCallBack
ReportInstallStatus
ReportQuitStatus
ReportSandboxStatus
RunProcessInSandbox
SetAutoSandboxPolicy
SetExcSandboxPolicy
SetSandboxFlag
ShowSandbox
StartSandbox
StopSandbox
UnInstallDriver
UnloadDriverService

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/SXTip.dll
.dll windows:4 windows x86 arch:x86

95e2add57597c92da84710ca76045244

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:15:2f:4b:98:1f:30:98:fe:54:fc:7a:51:28:35:9d:f7:da:a6:f6
Signer

Actual PE Digest

5d:15:2f:4b:98:1f:30:98:fe:54:fc:7a:51:28:35:9d:f7:da:a6:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExA

atl80

ord37
ord44
ord42
ord48
ord60
ord43

kernel32

lstrlenA
SetLastError
LockResource
LoadResource
FindResourceW
GetModuleHandleW
GlobalUnlock
GlobalLock
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
CreateThread
GetCurrentProcessId
DisableThreadLibraryCalls
GetCurrentThread
GetProcAddress
GetModuleHandleA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InitializeCriticalSection
LocalAlloc
LoadLibraryExA
SuspendThread
GetThreadContext
SetThreadContext
MultiByteToWideChar
VirtualProtect
VirtualQuery
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
ReadFile
CreateFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetLocaleInfoW
FreeLibrary
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
IsValidCodePage
GetOEMCP
TlsSetValue
GetStartupInfoA
GetFileType
SetHandleCount
CloseHandle
GetModuleFileNameA
GetStdHandle
WriteFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
TlsFree
ResumeThread
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapReAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
FatalAppExitA
HeapSize
TlsGetValue
TlsAlloc
ExitProcess

user32

RegisterClassExW
PostMessageW
UnregisterClassA
DispatchMessageA
DefDlgProcW
DefDlgProcA
IsIconic
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
GetMessageW
TranslateMessage
DispatchMessageW
CallWindowProcW
GetWindowLongW
DefWindowProcW
IsWindowVisible
MapDialogRect
DestroyWindow
SetWindowContextHelpId
GetWindow
SetWindowPos
CreateWindowExW
SetWindowLongW
IsWindow
RegisterClassExA
UnregisterClassW
PostQuitMessage
SetForegroundWindow
LoadBitmapW
OffsetRect
CopyRect
LoadCursorW
GetClassInfoExW
LoadCursorA
GetClassInfoExA
SetWindowRgn
GetParent
SendDlgItemMessageW
ShowWindow
ReleaseDC
GetDC
EndPaint
BeginPaint
GetWindowRect
MoveWindow
SendMessageW

ole32

CreateStreamOnHGlobal

gdi32

BitBlt
CreateRectRgn
SetBkMode
CreateCompatibleDC
SelectObject

imm32

ImmDisableIME

Sections

.text
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/SXTip64.dll
.dll windows:4 windows x64 arch:x64

6fb239aaa238218fa2e4b75ce7b47ea0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:4f:11:ab:1d:46:25:b7:72:c0:b7:0a:88:09:64:ae:00:95:77:2b
Signer

Actual PE Digest

43:4f:11:ab:1d:46:25:b7:72:c0:b7:0a:88:09:64:ae:00:95:77:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExA

kernel32

FlushInstructionCache
GetCurrentProcess
lstrcmpW
MulDiv
GetModuleFileNameW
RaiseException
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
GlobalFree
GlobalHandle
CreateThread
GetCurrentProcessId
GetCurrentThread
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
LocalAlloc
LoadLibraryExA
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
VirtualProtect
VirtualQuery
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
ReadFile
CreateFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetLocaleInfoW
DeleteCriticalSection
FreeLibrary
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FatalAppExitA
GetTimeFormatA
GetDateFormatA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
IsValidCodePage
GetOEMCP
GetStartupInfoA
GetFileType
SetHandleCount
CloseHandle
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
FlsAlloc
TlsSetValue
FlsFree
TlsFree
TlsAlloc
FlsGetValue
HeapSize
HeapDestroy
HeapCreate
HeapSetInformation
RtlVirtualUnwind
GetCPInfo
LCMapStringW
InitializeCriticalSection
WideCharToMultiByte
LCMapStringA
GetCommandLineA
FlsSetValue
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
RtlPcToFileHeader
Sleep
__C_specific_handler
lstrlenW
FindResourceW
LoadResource
LockResource
SetLastError
LeaveCriticalSection
EnterCriticalSection
lstrlenA
MultiByteToWideChar
GetLastError
LoadLibraryA
LocalFree

user32

ReleaseCapture
PostMessageW
SendMessageW
MoveWindow
GetWindowRect
BeginPaint
EndPaint
GetDC
ReleaseDC
ShowWindow
SendDlgItemMessageW
UnregisterClassA
DispatchMessageA
DefDlgProcW
IsIconic
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
GetMessageW
TranslateMessage
DispatchMessageW
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
IsWindowVisible
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
GetWindowLongPtrW
CallWindowProcW
FillRect
DefDlgProcA
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
SetWindowLongW
GetWindowLongW
CharNextW
GetSysColor
DefWindowProcW
SetWindowLongPtrW
MapDialogRect
DestroyWindow
SetWindowContextHelpId
GetWindow
SetWindowPos
CreateWindowExW
PostQuitMessage
SetForegroundWindow
LoadBitmapW
OffsetRect
CopyRect
SetWindowRgn
GetParent

ole32

StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
CreateCompatibleBitmap
DeleteObject
DeleteDC
GetDeviceCaps
SetBkMode
CreateCompatibleDC
SelectObject
BitBlt
CreateRectRgn

imm32

ImmDisableIME

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/SXUI.dat
CacheBJSX/plugins/qmsxtboxplugin/SXUI.exe
.exe windows:4 windows x86 arch:x86

51025970adeab4145bf6a280ec7d25db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:8e:1a:5f:1a:4e:db:22:59:cc:7a:7d:14:d6:ed:cb:9f:d7:a0:96
Signer

Actual PE Digest

02:8e:1a:5f:1a:4e:db:22:59:cc:7a:7d:14:d6:ed:cb:9f:d7:a0:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

?MakeLower@CTXStringW@@QAEAAV1@XZ
?GetLength@CTXStringW@@QBEHXZ
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?Empty@CTXStringW@@QAEXXZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?IsEmpty@CTXBSTR@@QAEHXZ
?ReverseFind@CTXStringW@@QBEH_W@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?GetBuffer@CTXStringW@@QAEPA_WXZ
??0CTXBSTR@@QAE@XZ
??ICTXBSTR@@QAEPAPA_WXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
??8@YA_NPB_WABVCTXBSTR@@@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?Record@Perf@Util@@YAJPB_WHH00@Z
?GetPlatformTpc@CoreCenter@Util@@YAHPAPAUITXDataRead@@@Z
?GetPlatformCore@CoreCenter@Util@@YAHPAPAUITXPlatformCore@@@Z
??8CTXBSTR@@QBE_NPB_W@Z
?Find@CTXStringW@@QBEHPB_WH@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
??M@YA_NABVCTXStringW@@0@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?IsDirectoryExist@FS@@YAHPB_W@Z
?GetLocalePath@TXI18N@@YA?AVCTXStringW@@PB_W@Z
?SplitQNC@FS@@YAHPB_WAAVCTXStringW@@1@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?TrimLeft@CTXStringW@@QAEAAV1@PB_W@Z
?GetFileName@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
??H@YA?AVCTXStringW@@ABV0@0@Z
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??0CTXStringW@@QAE@PB_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?TXAssert@@YAXPB_W0H@Z
??BCTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@ABV0@@Z
??1CTXStringW@@QAE@XZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@H@Z
?GetAt@CTXStringW@@QBE_WH@Z
?NotifyIdle@TXTimer@@YAXXZ
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?AddIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z

gf

?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z
?ClosePopupWindows@GF@Util@@YAXXZ
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z

ole32

CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize

ws2_32

htons
htonl

kernel32

RaiseException
lstrcpynW
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
SetFileAttributesW
GetFileAttributesW
lstrcmpiW
SetLastError
GetFileSize
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
GetLocalTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
InterlockedExchange
UnhandledExceptionFilter
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
VirtualQuery
SwitchToThread
GetCommandLineW
InterlockedCompareExchange
ReleaseMutex
GetSystemDefaultLangID
GetSystemInfo
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GetEnvironmentVariableW
ProcessIdToSessionId
WaitForMultipleObjects
ResetEvent
QueueUserWorkItem
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
InitializeCriticalSection
MoveFileExW
TerminateProcess
SetFilePointer
WriteFile
InterlockedDecrement
InterlockedIncrement
MoveFileW
DeleteCriticalSection
OpenProcess
VirtualAllocEx
ReadProcessMemory
lstrlenW
VirtualFreeEx
WideCharToMultiByte
GetVersionExW
GetTickCount
OpenEventW
CreateFileW
CreateEventW
CreateThread
WaitForSingleObject
SetEvent
Sleep
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetWindowsDirectoryW
CreateDirectoryW
GetModuleFileNameW
GetCurrentProcess
GetProcessHeap
HeapAlloc
DeleteFileW
GetLastError
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryW
CloseHandle
LocalFree
HeapFree
SetUnhandledExceptionFilter

user32

SendMessageTimeoutW
FindWindowW
IsWindowVisible
GetWindowLongW
SetPropW
SetWindowLongW
IsWindow
RemovePropW
LoadCursorW
RegisterClassW
CreateWindowExW
UpdateWindow
TranslateMessage
UnregisterClassA
FindWindowA
DispatchMessageW
MessageBoxW
KillTimer
FindWindowExW
ScreenToClient
GetWindowThreadProcessId
DestroyWindow
SystemParametersInfoW
PrivateExtractIconsW
GetWindowInfo
GetWindowRect
LoadIconW
SendMessageW
ShowWindow
SetForegroundWindow
GetPropW
DefWindowProcW
CallWindowProcW
PostMessageW
DestroyIcon
GetCursorPos
LoadImageW
GetForegroundWindow
WaitMessage
PeekMessageW
PostThreadMessageW
GetClassNameW
GetClassLongW
EnumThreadWindows
IsWindowEnabled
RegisterWindowMessageW
GetMessageW

gdi32

GetStockObject

advapi32

RegCloseKey
SetNamedSecurityInfoW
SetSecurityInfo
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegDeleteValueW
RegFlushKey
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegGetKeySecurity
RegSetKeySecurity

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
Shell_NotifyIconW

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathAppendW
StrCmpIW
SHGetValueW
PathFileExistsW
SHSetValueW
PathCombineW
SHDeleteKeyW
SHSetValueA
SHGetValueA
wnsprintfW
PathFindFileNameW
SHDeleteValueW
PathRemoveFileSpecW

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ

msvcr80

??2@YAPAXI@Z
wcscat_s
__wargv
__argc
strncat
_snprintf
fclose
fread
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_purecall
wcsrchr
_wfopen
_wcsnicmp
_wtoi64
_wsplitpath_s
swscanf_s
_snwprintf_s
_wtol
wcsncat_s
_vsnprintf_s
_recalloc
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
fflush
strncpy_s
_memicmp
strrchr
_snprintf_s
fwrite
_wtoi
memmove_s
??_V@YAXPAX@Z
putwchar
putchar
strchr
_vsnwprintf_s
wcschr
wcsncpy_s
wcscpy_s
memcpy
_wcsicmp
wcsncpy
memcpy_s
wcscmp
strlen
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
__CxxFrameHandler3
malloc
_snwprintf
free
memset
wcslen
??3@YAXPAX@Z
realloc
_strdup
_except_handler3

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo
GetModuleFileNameExW

atl80

ord30
ord58
ord31
ord32

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

InitCommonControlsEx

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/Sandbox.dll
.dll windows:4 windows x86 arch:x86

17021748d6528c3f94ff75bb3e5ef95a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:99:97:11:a0:6e:65:f2:f9:20:a1:22:55:04:02:22:87:e3:a6:f8
Signer

Actual PE Digest

50:99:97:11:a0:6e:65:f2:f9:20:a1:22:55:04:02:22:87:e3:a6:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

psapi

GetModuleInformation

ntdll

RtlInitializeCriticalSection
ZwQueryInformationThread
wcschr
RtlDetermineDosPathNameType_U
strncat
ZwQueryInformationProcess
RtlEnterCriticalSection
RtlLeaveCriticalSection
_chkstk
RtlFreeSid
RtlFreeHeap
ZwEnumerateValueKey
RtlAllocateAndInitializeSid
RtlCreateAndSetSD
ZwQueryKey
_wcsicmp
_wcsnicmp
ZwQueryInformationFile
ZwReadFile
RtlDeleteCriticalSection
wcsstr
ZwCreateFile
RtlImageNtHeader
strcmp
strstr
RtlNtStatusToDosError
RtlInitUnicodeString
_snprintf
wcsncat
ZwQueryObject
ZwOpenFile
ZwQueryVolumeInformationFile
RtlWalkFrameChain
strlen
wcsncpy
memcpy
_snwprintf
ZwClose
wcslen
memset
memcmp
ZwWriteFile

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
Sleep
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
TerminateProcess
GetCurrentProcess
QueryDosDeviceW
GetCurrentProcessId
DebugBreak
VirtualProtectEx
WriteProcessMemory
VirtualProtect
VirtualAllocEx
GetModuleHandleA
SetThreadContext
VirtualFreeEx
GetThreadContext
GetProcAddress
GetModuleFileNameW
GetWindowsDirectoryW
GetProcessHeap
GetCurrentThread
OpenProcess
GetModuleFileNameA
GetVersionExA
LoadLibraryA
DisableThreadLibraryCalls
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
ExitProcess
WaitForMultipleObjects
CreateEventA
GetFileAttributesA
IsBadStringPtrA
GetFileAttributesW
IsBadStringPtrW
ResumeThread
GetLastError
SearchPathW
SetLastError
CreateFileW
IsBadReadPtr
WideCharToMultiByte
SetUnhandledExceptionFilter
WriteFile
GetProcessId
GetCurrentThreadId
GlobalGetAtomNameA
OpenThread
TlsAlloc
OpenFileMappingW
CreateFileMappingW
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
TlsFree
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsSetValue
GetTickCount
ProcessIdToSessionId
CreateProcessW
GetSystemWindowsDirectoryW
ResetEvent
OpenEventA
GetSystemDirectoryA
LocalAlloc
LocalFree
InterlockedExchange
RaiseException
VirtualQuery
FlushInstructionCache
VirtualAlloc
InterlockedCompareExchange
SuspendThread
HeapFree
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SX_CODE
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/Sandbox.sys
.sys windows:5 windows x86 arch:x86

cfcad0da45ff351f8062a5d31d5877ba

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:d0:85:e3:32:6a:9f:cc:5a:4c:11:6b:9b:d8:88:be:c2:22:01:82
Signer

Actual PE Digest

be:d0:85:e3:32:6a:9f:cc:5a:4c:11:6b:9b:d8:88:be:c2:22:01:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoQueryFileDosDeviceName
ObReferenceObjectByHandle
ZwClose
ZwCreateFile
ObOpenObjectByPointer
IoFileObjectType
RtlFreeUnicodeString
_wcsnicmp
wcslen
RtlPrefixUnicodeString
IoGetCurrentProcess
IoGetDiskDeviceObject
IoCreateFileSpecifyDeviceObjectHint
wcsncpy
ZwQueryFullAttributesFile
_snwprintf
ObfReferenceObject
KeSetEvent
KeWaitForSingleObject
KeDelayExecutionThread
IoCancelIrp
KeReadStateEvent
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
KeClearEvent
_wcsicmp
IoDriverObjectType
_vsnwprintf
RtlWalkFrameChain
ObReferenceObjectByName
IoFreeIrp
IoFreeMdl
IofCallDriver
IoGetRelatedDeviceObject
ZwWriteFile
ZwReadFile
ZwSetInformationFile
ZwQueryInformationFile
ZwMapViewOfSection
ZwCreateSection
IoCreateFile
ZwQueryValueKey
ZwOpenKey
_strnicmp
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_stricmp
RtlImageNtHeader
_except_handler3
wcsstr
FsRtlIsNameInExpression
ZwQuerySymbolicLinkObject
IoDeleteSymbolicLink
KeDetachProcess
KeAttachProcess
PsGetProcessPeb
NtBuildNumber
ZwSetValueKey
ZwCreateKey
ZwQueryKey
ZwDeleteKey
ZwDeleteValueKey
KeInitializeSpinLock
PsGetCurrentThreadId
wcsncat
_wcsupr
PsLookupProcessByProcessId
ObQueryNameString
IoVolumeDeviceToDosName
PsTerminateSystemThread
ZwWaitForSingleObject
PsGetCurrentProcessId
MmIsAddressValid
ExGetPreviousMode
ZwQuerySecurityObject
ZwSetSecurityObject
PsCreateSystemThread
RtlLengthRequiredSid
RtlCopySid
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
ZwConnectPort
ZwRequestWaitReplyPort
PsInitialSystemProcess
ZwUnmapViewOfSection
ZwCreateDirectoryObject
ZwAllocateVirtualMemory
ZwQueryInformationProcess
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessSectionBaseAddress
RtlGetAce
RtlGetDaclSecurityDescriptor
ZwEnumerateKey
ZwEnumerateValueKey
CmUnRegisterCallback
CmRegisterCallback
IoGetDeviceObjectPointer
PsSetCreateProcessNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsSetLoadImageNotifyRoutine
KeTickCount
KeBugCheckEx
IoDeleteDevice
ExDeleteNPagedLookasideList
ExFreePoolWithTag
ExAllocatePoolWithTag
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
ZwOpenSymbolicLinkObject
InterlockedPopEntrySList

hal

KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/Sandbox64.dll
.dll windows:4 windows x64 arch:x64

83d1f7dfbd22d7fe1d02d9c463e2ab68

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:63:ff:75:e1:65:fb:51:59:c0:fa:6c:b9:ff:1c:fa:04:dc:1b:a5
Signer

Actual PE Digest

2a:63:ff:75:e1:65:fb:51:59:c0:fa:6c:b9:ff:1c:fa:04:dc:1b:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

psapi

GetModuleInformation

ntdll

ZwEnumerateValueKey
RtlAllocateAndInitializeSid
RtlCreateAndSetSD
ZwQueryKey
ZwReadFile
ZwWriteFile
ZwCreateFile
ZwOpenFile
ZwQueryVolumeInformationFile
RtlWalkFrameChain
RtlDeleteCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
ZwQueryInformationProcess
ZwQueryInformationThread
ZwQueryObject
ZwQueryInformationFile
RtlInitUnicodeString
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDetermineDosPathNameType_U
RtlNtStatusToDosError
ZwClose
RtlFreeSid
RtlImageNtHeader

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
HeapReAlloc
FatalAppExitA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
GetFileAttributesA
IsBadStringPtrA
GetFileAttributesW
IsBadStringPtrW
ResumeThread
GetLastError
QueryDosDeviceW
GetCurrentProcessId
SearchPathW
SetLastError
TerminateProcess
GetCurrentProcess
CloseHandle
CreateFileW
IsBadReadPtr
WideCharToMultiByte
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetProcessId
GetProcAddress
DebugBreak
VirtualProtectEx
WriteProcessMemory
VirtualProtect
VirtualAllocEx
GetModuleFileNameW
GetWindowsDirectoryW
GetProcessHeap
GetCurrentThread
OpenProcess
GetModuleFileNameA
GetVersionExA
LoadLibraryA
DisableThreadLibraryCalls
WaitForSingleObject
SetEvent
CreateThread
ExitProcess
WaitForMultipleObjects
CreateEventA
GetCurrentThreadId
GlobalGetAtomNameA
OpenThread
TlsAlloc
OpenFileMappingW
CreateFileMappingW
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
TlsFree
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsSetValue
GetTickCount
ProcessIdToSessionId
CreateProcessW
GetSystemWindowsDirectoryW
ResetEvent
OpenEventA
LocalAlloc
LocalFree
RaiseException
VirtualQuery
FlushInstructionCache
VirtualAlloc
SetThreadContext
GetThreadContext
SuspendThread
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
UnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
FlsSetValue
GetCommandLineA
HeapAlloc
RtlVirtualUnwind
FlsGetValue
FlsFree
FlsAlloc
Sleep
HeapSize
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SX_CODE
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/Sandbox64.sys
.sys windows:5 windows x64 arch:x64

cde2a3e20965bd10d161a0896b6f2a30

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:1e:e8:70:24:ce:cf:9f:5f:76:52:9b:d7:2f:9b:cc:3e:f0:8a:1e
Signer

Actual PE Digest

07:1e:e8:70:24:ce:cf:9f:5f:76:52:9b:d7:2f:9b:cc:3e:f0:8a:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
ExInitializeNPagedLookasideList
ExAllocatePoolWithTag
ExFreePoolWithTag
ExDeleteNPagedLookasideList
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
IoQueryFileDosDeviceName
ObReferenceObjectByHandle
ZwClose
ZwCreateFile
ObOpenObjectByPointer
IoFileObjectType
RtlFreeUnicodeString
_wcsnicmp
RtlPrefixUnicodeString
IoGetCurrentProcess
IoGetDiskDeviceObject
IoCreateFileSpecifyDeviceObjectHint
wcsncpy
ZwQueryFullAttributesFile
_snwprintf
ObfReferenceObject
KeSetEvent
KeWaitForSingleObject
KeDelayExecutionThread
IoCancelIrp
KeReadStateEvent
IoAllocateIrp
KeInitializeEvent
KeClearEvent
_wcsicmp
IoDriverObjectType
_vsnwprintf
RtlWalkFrameChain
ObReferenceObjectByName
IoFreeIrp
IoFreeMdl
IofCallDriver
IoGetRelatedDeviceObject
ZwWriteFile
ZwReadFile
ZwSetInformationFile
ZwQueryInformationFile
ExReleaseFastMutex
ExAcquireFastMutex
ZwMapViewOfSection
ZwCreateSection
IoCreateFile
ZwQueryValueKey
ZwOpenKey
_strnicmp
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
RtlInitAnsiString
__C_specific_handler
_stricmp
RtlImageNtHeader
wcsstr
FsRtlIsNameInExpression
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeDetachProcess
KeAttachProcess
PsGetProcessPeb
NtBuildNumber
ZwSetValueKey
ZwCreateKey
ZwQueryKey
ZwDeleteKey
ZwDeleteValueKey
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
PsGetCurrentThreadId
wcsncat
_wcsupr
PsLookupProcessByProcessId
ObQueryNameString
IoVolumeDeviceToDosName
PsTerminateSystemThread
ZwWaitForSingleObject
PsGetCurrentProcessId
MmIsAddressValid
ExGetPreviousMode
ZwQuerySecurityObject
ZwSetSecurityObject
PsCreateSystemThread
RtlLengthRequiredSid
RtlCopySid
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
ZwConnectPort
ZwRequestWaitReplyPort
PsInitialSystemProcess
ZwUnmapViewOfSection
ZwCreateDirectoryObject
KeAcquireGuardedMutex
KeReleaseGuardedMutex
KeTryToAcquireGuardedMutex
ZwAllocateVirtualMemory
ZwQueryInformationProcess
PsGetProcessInheritedFromUniqueProcessId
PsGetProcessSectionBaseAddress
PsRemoveLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
RtlGetAce
RtlGetDaclSecurityDescriptor
ZwEnumerateKey
ZwEnumerateValueKey
CmUnRegisterCallback
CmRegisterCallback
KeBugCheckEx

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheBJSX/plugins/qmsxtboxplugin/exception.xml
.xml
CacheBJSX/plugins/qmsxtboxplugin/sxui.rdb

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c8:eb:a4:61:37:21:d1:e5:d7:b9:d2:b0:05:ec:9b:10:e7:d8:d2:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 580KB

.rsrc Size: 285KB - Virtual size: 284KB

d9997cc22607493388b309294c30bacc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

version

psapi

imagehlp

netapi32

Exports

Exports

Sections

.text Size: 872KB - Virtual size: 869KB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 20KB - Virtual size: 41KB

.rsrc Size: 308KB - Virtual size: 305KB

.reloc Size: 52KB - Virtual size: 48KB

6c41c5e4d44f55745b925cc4e42b7fab

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c8:eb:a4:61:37:21:d1:e5:d7:b9:d2:b0:05:ec:9b:10:e7:d8:d2:fb
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 580KB

.rsrc
Size: 285KB - Virtual size: 284KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22
Signer

.text
Size: 872KB - Virtual size: 869KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 20KB - Virtual size: 41KB

.rsrc
Size: 308KB - Virtual size: 305KB

.reloc
Size: 52KB - Virtual size: 48KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

de:34:e8:ad:53:26:74:7c:47:c4:5a:17:82:52:f6:ca:29:3c:5f:19
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

Sandbox_
Size: 4KB - Virtual size: 4B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0d:3a:38:5e:12:41:51:70:fe:4d:af:fd:2d:a7:ba:fe:f1:91:24:6a
Signer