8b1d9cd042c4f17030881d1fadc6cd3c

Sharing

Copy URL

Twitter E-mail

General

Target

8b1d9cd042c4f17030881d1fadc6cd3c
Size

1.7MB
MD5

8b1d9cd042c4f17030881d1fadc6cd3c
SHA1

158ea5baefe6b12d217900871a8ec8774397e045
SHA256

dc9004debeedaf630fc537b2200ce3a742a45af5478cecf2fccdd35ffa15cac5
SHA512

306d9804616d04c9d832a4d1b75aa9c120dc6ad38fedc23c014f54440fec3c715f758f600d279674a043c5847bf8318b50d7fe258b304c978d7c3f470db860d5
SSDEEP

49152:te3T0qUm3ZxLTqW1Xnmg548HORd3qHyQLymsPLr:EPUUTquXmg5482IyaymqLr

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
8b1d9cd042c4f17030881d1fadc6cd3c
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/GdiPlus.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

8b1d9cd042c4f17030881d1fadc6cd3c
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

5bdb0074cd7e342ecebede7bb77cb2fb

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b
Signer

Actual PE Digest

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord561
ord825
ord3953
ord2725
ord1131
ord6467
ord823
ord800
ord858
ord537
ord924
ord860
ord3738
ord5683
ord926
ord2915
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord269
ord1197
ord1243
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1168
ord1575
ord1176
ord4129
ord1577
ord1182
ord342
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
atoi
_mbscmp
memcmp
realloc
malloc
free
__CxxFrameHandler
_purecall
memcpy
memset

kernel32

lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
lstrcpynA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LocalFree
LocalAlloc
GetModuleHandleA

user32

wsprintfA
CharNextA

advapi32

RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CloudAssist.exe
.exe windows:4 windows x86 arch:x86

619aaaa2673015a80c521e650cf0395e

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff
Signer

Actual PE Digest

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadKeyboardLayoutA
ActivateKeyboardLayout
SendMessageTimeoutA

gdi32

AddFontResourceA
RemoveFontResourceA

advapi32

RegOpenKeyA
RegEnumValueA
RegCloseKey
RegSetValueExA

shell32

SHChangeNotify

kernel32

FlushFileBuffers
CloseHandle
GetStartupInfoA
SetStdHandle
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetLastError
SetFilePointer
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/CloudServer.exe
.exe windows:4 windows x86 arch:x86

0adecd86a0c61f3be57ac4451a43a00a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:8d:c9:4b:f8:dd:3d:aa:b2:60:35:ce:62:fe:bf:11:ef:e2:78:f9
Signer

Actual PE Digest

dd:8d:c9:4b:f8:dd:3d:aa:b2:60:35:ce:62:fe:bf:11:ef:e2:78:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
CloseServiceHandle
DeleteService
OpenServiceA
CreateServiceA
StartServiceA
ControlService
OpenSCManagerA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
CopySid
GetLengthSid
IsValidSid
LookupAccountNameA
GetUserNameA
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegDeleteKeyA
RegNotifyChangeKeyValue
ConvertStringSidToSidA
RegEnumKeyA
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegCreateKeyW
RegOpenKeyW
RegUnLoadKeyA
RegLoadKeyA
RegEnumValueA
OpenProcessToken
CreateProcessAsUserA
DuplicateTokenEx
FreeSid
SetFileSecurityA
GetAce
AllocateAndInitializeSid
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityA
AddAccessAllowedAce
InitializeAcl
RegSetKeySecurity

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetProfilesDirectoryA

wtsapi32

WTSSendMessageA

mfc42

ord5683
ord356
ord2044
ord3663
ord539
ord5440
ord6383
ord5450
ord6394
ord6662
ord5834
ord2915
ord3584
ord543
ord803
ord798
ord1997
ord4277
ord6283
ord6282
ord4278
ord2763
ord538
ord3318
ord5194
ord533
ord6407
ord926
ord2820
ord3811
ord2841
ord922
ord1980
ord2107
ord3178
ord4058
ord2781
ord2770
ord6929
ord5856
ord4083
ord1871
ord1105
ord690
ord1988
ord5808
ord5205
ord6057
ord6426
ord389
ord6877
ord3181
ord801
ord536
ord940
ord5608
ord541
ord6663
ord6883
ord6143
ord668
ord860
ord4202
ord6928
ord941
ord2448
ord5710
ord4129
ord537
ord939
ord2818
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord540
ord858
ord535
ord924
ord800
ord823
ord2393
ord825
ord1576
ord2764
ord1168

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
strncpy
_iob
setvbuf
_open_osfhandle
_fdopen
printf
sscanf
fopen
fread
fclose
_mbsicmp
memmove
strtoul
malloc
free
sprintf
_purecall
wcscmp
atof
atoi
__p___argv
__p___argc
_mbscmp
strncmp
__CxxFrameHandler
_setmbcp
_stricmp
_strcmpi
_controlfp

kernel32

SetEvent
GetStartupInfoA
WideCharToMultiByte
GetFileAttributesA
OpenProcess
OutputDebugStringA
CreateEventA
GetFileAttributesExA
DeleteFileA
WaitForSingleObject
GetFileTime
SetFilePointer
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
GetLastError
CreateFileA
GetFileSize
CloseHandle
ReadFile
WaitNamedPipeA
GetOverlappedResult
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
LoadLibraryExA
DuplicateHandle
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetCurrentProcessId
ResumeThread
CreateThread
DeviceIoControl
GetShortPathNameA
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
OpenEventA
GetTickCount
GetCurrentThreadId
SuspendThread
TerminateThread
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
SetConsoleCtrlHandler
LocalFree
FormatMessageA
GlobalFree
GlobalAlloc
GetStdHandle
AllocConsole
GetFileAttributesW
Sleep
LoadLibraryExW
ExpandEnvironmentStringsA
MultiByteToWideChar

user32

DispatchMessageA
TranslateMessage
PostMessageA
PostThreadMessageA
DestroyWindow
DefWindowProcA
ExitWindowsEx
RegisterClassA
ActivateKeyboardLayout
LoadKeyboardLayoutA
UnloadKeyboardLayout
SendMessageTimeoutA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
PeekMessageA
CreateWindowExA

gdi32

RemoveFontResourceA
AddFontResourceA

shell32

SHGetFolderPathA
SHChangeNotify
ShellExecuteA

ole32

CoCreateGuid
CoInitialize

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/CloudTool-uusee.exe
.exe windows:4 windows x86 arch:x86

0a13f0d7aa132689a65116439a0789f0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:b8:db:f0:19:bf:2b:40:ce:bc:1f:1b:61:6c:ec:60:f3:2a:d1:78
Signer

Actual PE Digest

8f:b8:db:f0:19:bf:2b:40:ce:bc:1f:1b:61:6c:ec:60:f3:2a:d1:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses

mfc42

ord3738
ord561
ord815
ord641
ord2514
ord609
ord795
ord692
ord922
ord924
ord858
ord6283
ord6282
ord860
ord540
ord2621
ord1134
ord4129
ord535
ord2915
ord941
ord536
ord5440
ord6383
ord5450
ord6394
ord5834
ord2044
ord2448
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord5265
ord4424
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord1576
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord567
ord324
ord2302
ord4234
ord4160
ord926
ord6215
ord4299
ord6197
ord6199
ord4710
ord2652
ord1669
ord4376
ord5683
ord5710
ord2818
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord3663
ord4274
ord825
ord823
ord800
ord537
ord4673
ord4853
ord5065

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_setmbcp
_onexit
__CxxFrameHandler
_mbsicmp
strtoul
__p___argv
__p___argc
_except_handler3
_XcptFilter
_exit
?terminate@@YAXXZ
__dllonexit

kernel32

TerminateProcess
CloseHandle
GetLogicalDrives
GetDriveTypeA
lstrlenA
ExitProcess
OpenProcess
WriteFile
WaitNamedPipeA
GetDiskFreeSpaceA
GetFileAttributesA
GetProcAddress
OutputDebugStringA
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId
Module32First
Process32First
CreateToolhelp32Snapshot
Process32Next
GetLastError
CreateFileA
CreateMutexA
MultiByteToWideChar
GlobalFree
ReadFile
GlobalAlloc

user32

GetClientRect
LoadIconA
EnumWindows
GetWindowThreadProcessId
GetWindowRect
SendMessageA
GetClassNameA
EnableWindow

advapi32

AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
FreeSid
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetLengthSid

shell32

SHGetFolderPathA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7zxr.dll
.dll windows:4 windows x86 arch:x86

99348a3a2c8e41aeb2829d97bc176e99

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:11:b8:09:85:db:f4:40:ad:94:21:a6:37:1e:53:57:f1:c6:00:a2
Signer

Actual PE Digest

9e:11:b8:09:85:db:f4:40:ad:94:21:a6:37:1e:53:57:f1:c6:00:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharLowerW
CharLowerA
CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcmp
_purecall
memcpy
memmove
__CxxFrameHandler
free
_CxxThrowException
malloc

kernel32

DeleteFileA
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
DeleteCriticalSection
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
GetTempPathA
GetTempFileNameA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudAssist.exe
.exe windows:4 windows x86 arch:x86

619aaaa2673015a80c521e650cf0395e

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff
Signer

Actual PE Digest

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadKeyboardLayoutA
ActivateKeyboardLayout
SendMessageTimeoutA

gdi32

AddFontResourceA
RemoveFontResourceA

advapi32

RegOpenKeyA
RegEnumValueA
RegCloseKey
RegSetValueExA

shell32

SHChangeNotify

kernel32

FlushFileBuffers
CloseHandle
GetStartupInfoA
SetStdHandle
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetLastError
SetFilePointer
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CloudEBookReader.exe
.exe windows:4 windows x86 arch:x86

a3c68eb12b6375e243c54ba8f26b103c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:be:69:9b:38:e4:49:ba:92:9d:99:bb:c3:7e:35:bc:0b:ec:16:5d
Signer

Actual PE Digest

a6:be:69:9b:38:e4:49:ba:92:9d:99:bb:c3:7e:35:bc:0b:ec:16:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord858
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord3571
ord5265
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord809
ord1146
ord556
ord540
ord641
ord3626
ord3663
ord2414
ord2302
ord4299
ord4317
ord6215
ord6197
ord6380
ord1641
ord1153
ord1572
ord850
ord924
ord6283
ord6282
ord6377
ord2086
ord1088
ord2122
ord755
ord470
ord3619
ord4330
ord6172
ord5875
ord5789
ord4133
ord4297
ord5788
ord472
ord2754
ord2714
ord2915
ord926
ord941
ord4376
ord4224
ord4160
ord6270
ord1175
ord1644
ord2379
ord6378
ord5280
ord1168
ord5440
ord6383
ord5450
ord6394
ord2614
ord3584
ord543
ord803
ord6449
ord2727
ord6467
ord2730
ord2729
ord939
ord2818
ord4129
ord5710
ord6055
ord1776
ord5290
ord3402
ord2514
ord567
ord324
ord2135
ord818
ord4234
ord4710
ord4277
ord2764
ord2688
ord2763
ord539
ord922
ord861
ord798
ord1997
ord4278
ord538
ord3318
ord5194
ord533
ord6407
ord2820
ord3811
ord4202
ord4853
ord3706
ord640
ord1640
ord323
ord5785
ord2860
ord3874
ord2859
ord4287
ord4284
ord2107
ord2841
ord1929
ord795
ord4123
ord2753
ord6880
ord6605
ord4275
ord4220
ord3654
ord2584
ord2438
ord283
ord3721
ord2864
ord5683
ord6663
ord6883
ord6143
ord6877
ord801
ord541
ord6928
ord1949
ord4034
ord2448
ord6442
ord3693
ord5787
ord5834
ord2044
ord2971
ord5759
ord6192
ord5756
ord6186
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord1232
ord824
ord823
ord1134
ord2621
ord537
ord860
ord535
ord800
ord4601
ord2132
ord5247
ord5231
ord6225
ord2144
ord2145
ord4046
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4774
ord4673
ord1576

msvcrt

_setmbcp
_wcsicmp
__p__fmode
__set_app_type
__p___argv
__p___argc
__CxxFrameHandler
_mbsicmp
_beginthreadex
malloc
free
_mbscmp
strtoul
memmove
strtol
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp

kernel32

WideCharToMultiByte
CloseHandle
GetStartupInfoA
GetLastError
CreateMutexA
CreateDirectoryA
CreateProcessA
SetProcessWorkingSetSize
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
GetModuleFileNameA
ReadFile
GetModuleHandleA
GetFileAttributesA
MultiByteToWideChar

user32

EnableWindow
MoveWindow
ShowWindow
SetWindowRgn
OffsetRect
GetMessagePos
SetCapture
ReleaseCapture
AppendMenuA
FrameRect
CopyRect
UpdateWindow
SetActiveWindow
DispatchMessageA
GetCapture
GetMessageA
EnumWindows
LoadImageA
IsChild
WindowFromPoint
ClientToScreen
GetParent
GetKeyState
TabbedTextOutA
DrawTextA
GrayStringA
KillTimer
ScreenToClient
GetClassNameA
PtInRect
CreatePopupMenu
GetCursorPos
InvalidateRect
ReleaseDC
PostMessageA
EnumChildWindows
SetFocus
IsWindowVisible
IsWindow
GetClientRect
GetWindowRect
LoadCursorA
RegisterClassA
LoadBitmapA
SystemParametersInfoA
SetRect
GetDC
GetSystemMetrics
IntersectRect
IsRectEmpty
SetTimer
DestroyWindow
LoadIconA
GetClassInfoA
SetForegroundWindow
GetFocus
SendMessageA
SetRectEmpty
GetDesktopWindow

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
CreateCompatibleBitmap
CreatePen
Rectangle
CreateFontA
GetBitmapBits
GetTextExtentPoint32A
CreateCompatibleDC
SelectObject
CreateRectRgnIndirect
GetObjectA
CombineRgn
CreateRectRgn
OffsetRgn
CreateFontIndirectA
GetDeviceCaps
Escape

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CreateStreamOnHGlobal

oleaut32

VariantClear

gdiplus

GdipFree
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipDeleteGraphics
GdipDrawImageRectI
GdipCreateFromHDC
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipAlloc

msimg32

TransparentBlt

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CloudFun.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5bdb0074cd7e342ecebede7bb77cb2fb

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:48:b4:89:24:3d:98:20:86:e4:21:7b:46:1d:1a:95:9b:73:f2:e2
Signer

Actual PE Digest

dd:48:b4:89:24:3d:98:20:86:e4:21:7b:46:1d:1a:95:9b:73:f2:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord561
ord825
ord3953
ord2725
ord1131
ord6467
ord823
ord800
ord858
ord537
ord924
ord860
ord3738
ord5683
ord926
ord2915
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord269
ord1197
ord1243
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1168
ord1575
ord1176
ord4129
ord1577
ord1182
ord342
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
atoi
_mbscmp
memcmp
realloc
malloc
free
__CxxFrameHandler
_purecall
memcpy
memset

kernel32

lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
lstrcpynA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LocalFree
LocalAlloc
GetModuleHandleA

user32

wsprintfA
CharNextA

advapi32

RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudFun2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5bdb0074cd7e342ecebede7bb77cb2fb

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b
Signer

Actual PE Digest

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord561
ord825
ord3953
ord2725
ord1131
ord6467
ord823
ord800
ord858
ord537
ord924
ord860
ord3738
ord5683
ord926
ord2915
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord269
ord1197
ord1243
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1168
ord1575
ord1176
ord4129
ord1577
ord1182
ord342
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
atoi
_mbscmp
memcmp
realloc
malloc
free
__CxxFrameHandler
_purecall
memcpy
memset

kernel32

lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
lstrcpynA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LocalFree
LocalAlloc
GetModuleHandleA

user32

wsprintfA
CharNextA

advapi32

RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudServer.exe
.exe windows:4 windows x86 arch:x86

0adecd86a0c61f3be57ac4451a43a00a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:8d:c9:4b:f8:dd:3d:aa:b2:60:35:ce:62:fe:bf:11:ef:e2:78:f9
Signer

Actual PE Digest

dd:8d:c9:4b:f8:dd:3d:aa:b2:60:35:ce:62:fe:bf:11:ef:e2:78:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
CloseServiceHandle
DeleteService
OpenServiceA
CreateServiceA
StartServiceA
ControlService
OpenSCManagerA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
CopySid
GetLengthSid
IsValidSid
LookupAccountNameA
GetUserNameA
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegDeleteKeyA
RegNotifyChangeKeyValue
ConvertStringSidToSidA
RegEnumKeyA
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegCreateKeyW
RegOpenKeyW
RegUnLoadKeyA
RegLoadKeyA
RegEnumValueA
OpenProcessToken
CreateProcessAsUserA
DuplicateTokenEx
FreeSid
SetFileSecurityA
GetAce
AllocateAndInitializeSid
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityA
AddAccessAllowedAce
InitializeAcl
RegSetKeySecurity

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetProfilesDirectoryA

wtsapi32

WTSSendMessageA

mfc42

ord5683
ord356
ord2044
ord3663
ord539
ord5440
ord6383
ord5450
ord6394
ord6662
ord5834
ord2915
ord3584
ord543
ord803
ord798
ord1997
ord4277
ord6283
ord6282
ord4278
ord2763
ord538
ord3318
ord5194
ord533
ord6407
ord926
ord2820
ord3811
ord2841
ord922
ord1980
ord2107
ord3178
ord4058
ord2781
ord2770
ord6929
ord5856
ord4083
ord1871
ord1105
ord690
ord1988
ord5808
ord5205
ord6057
ord6426
ord389
ord6877
ord3181
ord801
ord536
ord940
ord5608
ord541
ord6663
ord6883
ord6143
ord668
ord860
ord4202
ord6928
ord941
ord2448
ord5710
ord4129
ord537
ord939
ord2818
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord540
ord858
ord535
ord924
ord800
ord823
ord2393
ord825
ord1576
ord2764
ord1168

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
strncpy
_iob
setvbuf
_open_osfhandle
_fdopen
printf
sscanf
fopen
fread
fclose
_mbsicmp
memmove
strtoul
malloc
free
sprintf
_purecall
wcscmp
atof
atoi
__p___argv
__p___argc
_mbscmp
strncmp
__CxxFrameHandler
_setmbcp
_stricmp
_strcmpi
_controlfp

kernel32

SetEvent
GetStartupInfoA
WideCharToMultiByte
GetFileAttributesA
OpenProcess
OutputDebugStringA
CreateEventA
GetFileAttributesExA
DeleteFileA
WaitForSingleObject
GetFileTime
SetFilePointer
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
GetLastError
CreateFileA
GetFileSize
CloseHandle
ReadFile
WaitNamedPipeA
GetOverlappedResult
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
LoadLibraryExA
DuplicateHandle
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetCurrentProcessId
ResumeThread
CreateThread
DeviceIoControl
GetShortPathNameA
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
OpenEventA
GetTickCount
GetCurrentThreadId
SuspendThread
TerminateThread
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
SetConsoleCtrlHandler
LocalFree
FormatMessageA
GlobalFree
GlobalAlloc
GetStdHandle
AllocConsole
GetFileAttributesW
Sleep
LoadLibraryExW
ExpandEnvironmentStringsA
MultiByteToWideChar

user32

DispatchMessageA
TranslateMessage
PostMessageA
PostThreadMessageA
DestroyWindow
DefWindowProcA
ExitWindowsEx
RegisterClassA
ActivateKeyboardLayout
LoadKeyboardLayoutA
UnloadKeyboardLayout
SendMessageTimeoutA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
PeekMessageA
CreateWindowExA

gdi32

RemoveFontResourceA
AddFontResourceA

shell32

SHGetFolderPathA
SHChangeNotify
ShellExecuteA

ole32

CoCreateGuid
CoInitialize

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GdiPlus.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRADrv.sys
.sys windows:5 windows x86 arch:x86

97b450c214ac0f3cdd663319506a496b

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:96:4f:38:c0:66:4e:27:ec:2c:30:a0:6c:05:7b:1c:4f:e0:32:3a
Signer

Actual PE Digest

f6:96:4f:38:c0:66:4e:27:ec:2c:30:a0:6c:05:7b:1c:4f:e0:32:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_wnet_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

RtlGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
IoDeleteSymbolicLink
IoDeleteDevice
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlFreeUnicodeString
RtlInitAnsiString
KeInitializeEvent
MmCreateMdl
_except_handler3
ObfDereferenceObject
PsLookupProcessByProcessId
KeWaitForSingleObject
KeClearEvent
ExDeleteResourceLite
KeSetEvent
PsGetCurrentProcessId
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
KeSetPriorityThread
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
ZwQueryVolumeInformationFile
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
IoGetCurrentProcess
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
SeDeleteAccessState
IoFreeIrp
SeCreateAccessState
IoGetFileObjectGenericMapping
RtlAppendUnicodeStringToString
ZwQueryDirectoryFile
RtlAppendUnicodeToString
memmove
strstr
MmMapLockedPagesSpecifyCache
IoCreateFile
ProbeForRead
ExGetPreviousMode
ProbeForWrite
ZwSetInformationFile
PsGetCurrentThreadId
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ObfReferenceObject
RtlEqualUnicodeString
ZwQueryObject
sprintf
ZwQueryValueKey
ZwOpenKey
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
ZwNotifyChangeKey
PsSetCreateThreadNotifyRoutine
ZwTerminateProcess
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
InterlockedPopEntrySList
ExInitializePagedLookasideList
KeTickCount
KeBugCheckEx
strncmp
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IoAttachDeviceByPointer
KeBugCheck
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRADrv2K.sys
.sys windows:5 windows x86 arch:x86

cc32bc5ca5d89a9770f5ef1bff776cfa

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:8d:78:dd:cc:c0:cd:38:9c:0c:ab:2b:1b:77:28:18:02:48:3e:38
Signer

Actual PE Digest

17:8d:78:dd:cc:c0:cd:38:9c:0c:ab:2b:1b:77:28:18:02:48:3e:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_w2K_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
IoDeleteSymbolicLink
IoDeleteDevice
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlFreeUnicodeString
RtlInitAnsiString
KeInitializeEvent
KeDetachProcess
KeAttachProcess
MmCreateMdl
_except_handler3
ObfDereferenceObject
ObReferenceObjectByHandle
PsLookupProcessByProcessId
KeWaitForSingleObject
KeClearEvent
ExDeleteResourceLite
KeSetEvent
PsGetCurrentProcessId
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
KeSetPriorityThread
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
KeInitializeSpinLock
strncmp
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
IoAttachDeviceByPointer
IoGetRelatedDeviceObject
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
SeDeleteAccessState
InterlockedIncrement
IoFreeIrp
SeCreateAccessState
IoGetFileObjectGenericMapping
RtlAppendUnicodeStringToString
ZwQueryDirectoryFile
RtlAppendUnicodeToString
memmove
strstr
MmMapLockedPagesSpecifyCache
IoCreateFile
ProbeForRead
ExGetPreviousMode
ProbeForWrite
ZwSetInformationFile
PsGetCurrentThreadId
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
RtlEqualUnicodeString
ZwQueryObject
sprintf
ZwQueryValueKey
ZwOpenKey
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
ZwNotifyChangeKey
PsSetCreateThreadNotifyRoutine
ZwTerminateProcess
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
ExAllocateFromPagedLookasideList
ExInitializePagedLookasideList
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePool
KeBugCheck
ZwQueryVolumeInformationFile
InterlockedExchange
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRAShell.exe
.exe windows:4 windows x86 arch:x86

13c1f8000a2e310450d85082cb8b010a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:2e:80:d8:37:c9:bc:d7:3b:95:06:4d:55:db:c0:2e:90:fd:8a:95
Signer

Actual PE Digest

2a:2e:80:d8:37:c9:bc:d7:3b:95:06:4d:55:db:c0:2e:90:fd:8a:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateProcessA
FormatMessageA
FlushFileBuffers
LCMapStringW
LocalFree
Sleep
GetVersionExA
LCMapStringA
SetStdHandle
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
CloseHandle

user32

MessageBoxA

shell32

ShellExecuteExA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bookclient.mht
.eml .js polyglot
cloud.exe
.exe windows:4 windows x86 arch:x86

863410a35ad7a9c7dc838be1d28ceb91

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:1b:bd:e4:b8:2c:d5:9d:cb:b7:86:39:c5:4b:f9:c5:19:95:6f:ad
Signer

Actual PE Digest

88:1b:bd:e4:b8:2c:d5:9d:cb:b7:86:39:c5:4b:f9:c5:19:95:6f:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
StrStrIA

ws2_32

WSAEventSelect
WSAGetLastError
WSASetEvent
socket
ioctlsocket
WSACreateEvent
WSASend
connect
htons
htonl
setsockopt
gethostbyname
inet_addr
WSACloseEvent
WSAResetEvent
closesocket
ntohl
accept
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
send
recv
inet_ntoa
getsockname
bind
listen
WSARecv
sendto

winmm

PlaySoundA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ftkernelapi

FTK_Context_IsRunning
FTK_Context_Run
FTK_Context_Init
FTK_Protocol_RandDirtyLength
FTK_Protocol_CmdVaseVal
FTK_Protocol_IDS
FTK_Identifier_String10
FTK_Context_NotifyCB
FTK_UDPT_MapPort
FTK_UDPT_Connect
FTK_UDPT_Init2
FTK_UDPT_SetTunnelInfo
FTK_UDPT_PreInitPeerCallCB
FTK_UDPT_PreInitLog
FTK_UDPT_PreInitThreadPool
FTK_Context_Release
FTK_Context_IsInit
FTK_UDPT_Release
FTK_UDPT_Disconnect
FTK_Torrent_Close
FTK_Context_ShareTorrent
FTK_Torrent_GetHexInfoHash
FTK_Torrent_Open
FTK_Downloader_Close
FTK_Downloader_Release
FTK_GlobalVar_RemoveTorrentSHA1
FTK_Context_UnshareTorrent
FTK_Downloader_Resume
FTK_GlobalVar_AddTorrentSHA1
FTK_Downloader_Execute
FTK_Downloader_Init
FTK_Downloader_PreInitTrackers
FTK_Downloader_SetHttpDataErrCB
FTK_Downloader_PreInitWebSeedURLPaths
FTK_Downloader_SetOnComleteCB
FTK_Downloader_SetNatPeerCB
FTK_Downloader_Open
FTK_Torrent_GetFileSize
FTK_Torrent_GetFileSHA1
FTK_Downloader_Pause
FTK_Downloader_GetState
FTK_Stat_GetDownloadRate
FTK_Stat_GetTotalFileHaveSize
FTK_Stat_GetUploaded
FTK_Stat_GetUploadRate
FTK_Stat_GetPeerData
FTK_Stat_GetTotalPeerCount
FTK_UDPT_DoEvents
FTK_Downloader_AddSourceExt
FTK_UDPT_RemoteCallPeer
FTK_Context_ReBindListenPort
FTK_Proxy_SetType
FTK_Proxy_SetAuthProxy
FTK_MT_SaveAsTorrentFile
FTK_MT_Close
FTK_MT_MakeTorrent
FTK_MT_SetRealName
FTK_MT_SetMaxFilesCount
FTK_MT_SetBlankPath
FTK_MT_SetFileSHA1
FTK_MT_SetPieceSize
FTK_MT_SetFile
FTK_MT_SetAnnounceUrl
FTK_MT_Open
FTK_Ext_GetFileSHA1
FTK_Context_SetFixMaxDownloadRate
FTK_Context_SetFixMaxUploadRate
FTK_Context_EnableSharePub
FTK_Http_UserAgent

mfc42

ord6119
ord6199
ord6378
ord4123
ord6379
ord2764
ord4202
ord6283
ord6282
ord4083
ord6453
ord5834
ord1146
ord5678
ord5736
ord940
ord1834
ord5067
ord4635
ord4607
ord4716
ord4750
ord4608
ord5016
ord4375
ord4852
ord2515
ord4834
ord355
ord4229
ord3092
ord4710
ord2580
ord4400
ord3630
ord682
ord2582
ord3370
ord4402
ord3640
ord693
ord4243
ord6242
ord6696
ord4774
ord6675
ord6762
ord3301
ord3293
ord6888
ord3797
ord3346
ord3337
ord1247
ord6877
ord798
ord6407
ord1997
ord5465
ord5194
ord533
ord6680
ord6663
ord3584
ord543
ord803
ord2614
ord6929
ord539
ord6779
ord5683
ord2514
ord326
ord4234
ord6449
ord2727
ord6467
ord2730
ord2729
ord6377
ord6662
ord6928
ord668
ord356
ord1105
ord4204
ord613
ord289
ord5232
ord1567
ord2147
ord1180
ord268
ord1568
ord5268
ord1229
ord2135
ord1572
ord850
ord2714
ord5651
ord3127
ord3616
ord350
ord2688
ord6010
ord556
ord809
ord1088
ord2122
ord2642
ord857
ord3286
ord6905
ord6892
ord6673
ord324
ord5685
ord3274
ord3353
ord4622
ord3579
ord439
ord736
ord4523
ord4528
ord4542
ord4544
ord4525
ord4530
ord4330
ord542
ord6569
ord3711
ord783
ord4694
ord3499
ord3177
ord4160
ord3452
ord5609
ord6907
ord3996
ord3998
ord6007
ord1086
ord1980
ord3181
ord4058
ord2781
ord2770
ord3921
ord1187
ord861
ord6883
ord538
ord3318
ord2860
ord4124
ord4496
ord5873
ord536
ord711
ord413
ord3178
ord5856
ord1871
ord1106
ord1948
ord2396
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord817
ord565
ord2726
ord4226
ord2566
ord2584
ord4220
ord3654
ord2438
ord397
ord699
ord4188
ord5593
ord3438
ord912
ord551
ord2370
ord6334
ord5601
ord325
ord2645
ord3398
ord3733
ord810
ord3296
ord4125
ord3914
ord4000
ord3297
ord4271
ord3702
ord773
ord1083
ord501
ord5607
ord2762
ord5600
ord5631
ord3938
ord1929
ord6143
ord548
ord6672
ord5216
ord3644
ord395
ord697
ord910
ord6195
ord3870
ord4186
ord3273
ord438
ord614
ord5344
ord4367
ord1945
ord5495
ord729
ord2504
ord1706
ord430
ord3631
ord683
ord6385
ord665
ord5186
ord354
ord5442
ord2289
ord1176
ord2112
ord3752
ord1194
ord1200
ord6571
ord5460
ord2740
ord2801
ord603
ord1979
ord1969
ord273
ord353
ord6153
ord3790
ord3216
ord4042
ord4506
ord663
ord348
ord5572
ord2784
ord2919
ord2827
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord2621
ord1205
ord1134
ord824
ord1232
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord1576
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord426
ord726
ord826
ord5645
ord3287
ord6676
ord6889
ord1949
ord4034
ord1270
ord1622
ord2243
ord2089
ord2099
ord3174
ord1153
ord700
ord4189
ord913
ord879
ord398
ord2971
ord5759
ord6192
ord5756
ord6186
ord6189
ord6021
ord5794
ord5579
ord5571
ord6061
ord5864
ord3596
ord5781
ord2152
ord2567
ord6874
ord6008
ord2116
ord1233
ord6442
ord4287
ord818
ord3742
ord3706
ord541
ord801
ord2763
ord4278
ord4277
ord3811
ord2820
ord562
ord816
ord656
ord3573
ord3610
ord692
ord3639
ord4401
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord2393
ord283
ord5787
ord3693
ord2302
ord4853
ord4376
ord5606
ord2448
ord3089
ord472
ord5788
ord4297
ord4133
ord2818
ord6394
ord6383
ord5440
ord5450
ord2841
ord3303
ord939
ord2859
ord384
ord2096
ord4284
ord2867
ord2086
ord5860
ord3571
ord1644
ord6270
ord4299
ord6128
ord2380
ord2754
ord4317
ord2571
ord3753
ord6129
ord5148
ord6605
ord3874
ord5981
ord3754
ord2864
ord470
ord755
ord4275
ord6142
ord772
ord567
ord500
ord795
ord3701
ord3721
ord4424
ord5290
ord1776
ord6055
ord3402
ord323
ord1640
ord5785
ord2414
ord1641
ord5789
ord5875
ord6172
ord2753
ord4129
ord5710
ord640
ord3626
ord3619
ord1168
ord1669
ord540
ord537
ord926
ord924
ord858
ord800
ord941
ord535
ord922
ord2915
ord5681
ord3903
ord823
ord2107
ord2044
ord860
ord2652
ord3663
ord6880
ord5280
ord6215
ord2379
ord6380
ord6197
ord1175
ord641
ord3597

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
vsprintf
printf
isprint
_strupr
_mbscspn
_mbsspn
tolower
strchr
_setmbcp
_strcmpi
_stricmp
_strnicmp
_wcsicmp
_CxxThrowException
_onexit
_controlfp
_ftol
_mbscmp
__CxxFrameHandler
_purecall
memmove
_mbsicmp
strncmp
realloc
malloc
free
isalnum
atoi
strstr
strncat
strncpy
sscanf
sprintf
wcscmp
atof
clock
strrchr
wcslen
strtoul
strtol
_beginthreadex
qsort
fclose
fread
fopen
srand
rand
_ismbcalpha
_itoa
atol
_strdup
time
calloc
_msize
wcschr
__p___argv
__p___argc
_mbsnbicmp
_mbsnbcpy
_beginthread
_snprintf
fprintf
ftell
fseek
fputc
isalpha
isspace

kernel32

SetErrorMode
GetLongPathNameA
CreateFileW
GlobalFree
GetFileAttributesW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetComputerNameA
GetCurrentThreadId
GetTickCount
WaitNamedPipeA
FlushFileBuffers
GetOverlappedResult
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
GlobalDeleteAtom
GlobalAddAtomA
lstrcmpA
ReadFile
SetEvent
CreateEventA
GetFileAttributesExA
DeleteFileA
WaitForSingleObject
GetFileTime
SetFilePointer
WriteFile
LoadLibraryExA
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
CreateFileA
GetFileSize
CloseHandle
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
Process32Next
CreateDirectoryA
SetLastError
GetExitCodeThread
CreateDirectoryW
RemoveDirectoryW
GetModuleFileNameA
GetShortPathNameA
CreateMutexA
WinExec
SetCurrentDirectoryA
QueryDosDeviceA
VirtualAlloc
VirtualFree
GetCurrentProcessId
DuplicateHandle
GetWindowsDirectoryA
FindNextFileA
FindFirstFileA
lstrcmpiA
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetStartupInfoA
MultiByteToWideChar
GetCurrentProcess
LoadResource
FindResourceA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
lstrlenW
WideCharToMultiByte
GetModuleHandleA
SetFileAttributesA
GetFileAttributesA
GetCurrentDirectoryA
SetProcessWorkingSetSize
SizeofResource
ResumeThread
ResetEvent
DeviceIoControl
GetDriveTypeA
GetLogicalDrives
GetSystemDirectoryA
CopyFileA
CompareFileTime
SetEnvironmentVariableA
ExpandEnvironmentStringsA
SuspendThread
MoveFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
EnumResourceNamesA
GetLocalTime
TerminateThread
lstrlenA
GetVersionExA
LocalFree
LocalLock
FormatMessageA
MoveFileW
TerminateProcess
OpenProcess
CopyFileW
CreateFileMappingA
SetEndOfFile
Module32First
DeleteFileW
LockResource
lstrcpyA
CreateToolhelp32Snapshot
Process32First

user32

DrawFrameControl
GetMenuDefaultItem
GetMenuStringA
InsertMenuA
GetWindow
GetAsyncKeyState
AnimateWindow
GetForegroundWindow
GetShellWindow
RedrawWindow
FindWindowExA
GetWindowTextA
EnumWindows
CopyImage
CreateIconIndirect
TrackPopupMenuEx
AppendMenuA
SetParent
DestroyCursor
RegisterWindowMessageA
CallWindowProcA
GetPropA
ModifyMenuA
GetClassInfoA
ExitWindowsEx
GetWindowThreadProcessId
RegisterClipboardFormatA
UnhookWindowsHookEx
SetWindowsHookExA
RegisterClassA
mouse_event
AttachThreadInput
IsChild
SendMessageTimeoutA
TabbedTextOutA
DrawTextA
GrayStringA
GetSysColor
GetTabbedTextExtentA
MessageBoxA
UnregisterHotKey
RegisterHotKey
LoadBitmapA
GetClassNameA
SetForegroundWindow
GetFocus
PostMessageA
SetFocus
GetCursor
CallNextHookEx
WindowFromPoint
SetCursor
ClientToScreen
LoadCursorA
IsRectEmpty
CreateIconFromResourceEx
CreateIconFromResource
GetIconInfo
GetDesktopWindow
LoadImageA
CheckMenuItem
TranslateMessage
DispatchMessageA
PeekMessageA
EnableMenuItem
GetParent
UnionRect
EqualRect
SetCursorPos
GetDC
ReleaseDC
UpdateWindow
CopyIcon
CreatePopupMenu
ScreenToClient
DrawIconEx
IntersectRect
GetSystemMetrics
ReleaseCapture
OffsetRect
GetKeyState
InvalidateRect
SetCapture
GetClientRect
DestroyIcon
EnableWindow
SetWindowLongA
IsWindow
SetWindowPos
GetWindowLongA
GetMenuItemInfoA
DefWindowProcA
RegisterClassExA
PostQuitMessage
PtInRect
GetWindowRect
GetCursorPos
IsWindowVisible
SendMessageA
SystemParametersInfoA
SetTimer
PostThreadMessageA
GetWindowPlacement
KillTimer
CopyRect
GetCapture
GetClipboardData
LookupIconIdFromDirectory
GetMenuItemCount
GetMenuState
GetMenuItemID
InflateRect
DrawIcon
FindWindowA
GetMessagePos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsZoomed
IsIconic
InvalidateRgn
SetRect
EnumChildWindows
ShowWindow
LoadIconA
GetMessageA
IsWindowEnabled
GetActiveWindow
SetActiveWindow
FrameRect
SetWindowRgn
SetRectEmpty

gdi32

CreatePatternBrush
PatBlt
GetPixel
GetTextMetricsA
Escape
ExtTextOutA
RectVisible
PtVisible
SetBrushOrgEx
SetBitmapBits
SetPixel
SetBkMode
TextOutA
CreateRoundRectRgn
CreateRectRgn
CreateFontIndirectA
RoundRect
CreateHalftonePalette
GetPaletteEntries
GetStockObject
CreateDIBSection
SetDIBColorTable
SetStretchBltMode
StretchBlt
BitBlt
GdiFlush
CreateRectRgnIndirect
CombineRgn
SelectObject
CreateSolidBrush
Polyline
GetBitmapBits
CreateDCA
GetDeviceCaps
DeleteDC
GetDIBits
CreatePen
Rectangle
DeleteObject
GetObjectA
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontA
GetTextExtentPoint32A
CreateBitmap

advapi32

RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegSetValueA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetFileSecurityA
FreeSid
OpenProcessToken
GetTokenInformation
RegCreateKeyA
RegSaveKeyA
RegUnLoadKeyA

shell32

DragAcceptFiles
SHGetSpecialFolderPathA
ShellExecuteA
DragFinish
SHBrowseForFolderA
SHGetFileInfoA
ExtractIconExA
SHGetMalloc
SHGetPathFromIDListA
DragQueryFileA
SHChangeNotify
Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteExA
ord155
ord25
ord21
SHGetDesktopFolder
SHGetFolderLocation

comctl32

ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_AddMasked
_TrackMouseEvent
ImageList_Remove
ImageList_GetImageCount

ole32

CoCreateGuid
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance

olepro32

ord252

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
GetErrorInfo

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneImage
GdipDrawImageRectRect
GdipDrawImageI
GdipCreateBitmapFromFile
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipDeleteBrush
GdipDeleteFont
GdipDrawString
GdipCreateFont
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipCreateBitmapFromHICON
GdipCloneBrush
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipDisposeImageAttributes
GdipEndContainer
GdipSetImageAttributesWrapMode
GdipCreateImageAttributes
GdipSetInterpolationMode
GdipBeginContainer2
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipDrawLineI
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipCreateBitmapFromResource
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipReleaseDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetDC
GdipFillRectangleI
GdipFree
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipAlloc
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipCreateStringFormat

msimg32

TransparentBlt

ddraw

DirectDrawCreateEx

iphlpapi

GetAdaptersInfo

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mycompress.dll
.dll windows:4 windows x86 arch:x86

98ed3d9ae36f1a87a796ffa68a0266d2

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13-10-2009 04:52

Not After

13-10-2010 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:43:59:d8:33:ba:55:be:56:84:a6:f6:fb:08:ac:3f:4a:79:96:0c
Signer

Actual PE Digest

e3:43:59:d8:33:ba:55:be:56:84:a6:f6:fb:08:ac:3f:4a:79:96:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord4274
ord6467
ord860
ord537
ord535
ord2818
ord5710
ord800
ord924
ord858
ord2915
ord539
ord922
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
_CxxThrowException
_purecall
wcscmp
_mbscmp
memmove
malloc
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv

kernel32

LocalAlloc
LocalFree
WideCharToMultiByte
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindFirstFileA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
SetFileAttributesW
SetFileAttributesA
CreateFileW
SetFileTime
CloseHandle
AreFileApisANSI
LoadLibraryA
FreeLibrary
GetVersionExA
GetProcAddress
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
GetLastError

oleaut32

VariantClear
SysAllocString
SysFreeString

Exports

Exports

AddDirToZip
ExtractZipToDir
GetZipUncompressedSize

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
otherConfig.ini
readme.txt

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 27KB - Virtual size: 27KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

5bdb0074cd7e342ecebede7bb77cb2fb

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:24:4c:60:a5:85Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1bSigner

Headers

File Characteristics

Imports

version

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

619aaaa2673015a80c521e650cf0395e

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b
Signer

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff
Signer

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 15KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

dd:8d:c9:4b:f8:dd:3d:aa:b2:60:35:ce:62:fe:bf:11:ef:e2:78:f9
Signer

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 56KB

.rsrc
Size: 4KB - Virtual size: 1KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate