pcappstore_offical[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pcappstore_offical.exe
Size

22.2MB
MD5

27db486f62a4b2eb29d69fc0fb00397d
SHA1

3d69d2a8633923d17b0aee6b7789dcf2d21510a1
SHA256

8925123cf8c857e67a3af2afeae4899cd506c624ffc3671b42a0b8d3af8ccd2b
SHA512

c1a509e2452f311f7a2ea6ebea195940cddb376613d9e9b86b8036d152d02b915fc21ce61517f96a17eaab142338cfadccf3ffba5839132936568fc079309b21
SSDEEP

393216:IEyzUEMLEEsTR7F3w6uOVuVUDFJu5jlZRUH3QAdTYBW3dcGX0IHrhkLVT/vLIHfq:IV5phPeNlYJTBctIHrhOVvLI/6uB9O

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/Plugins/Plugin.ServShellEx/ServShellEx.dll

Files

pcappstore_offical.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:9c:27:e8:ee:65:07:17:37:06:36:57:0f:33:f4:6c:3f:23:aa:6a
Signer

Actual PE Digest

6d:9c:27:e8:ee:65:07:17:37:06:36:57:0f:33:f4:6c:3f:23:aa:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/PC App Store/5.0.1.8682/Dump/CrashReportModuleConf.ini
$PLUGINSDIR/AppStoreInstallUtility.dll
.dll windows:5 windows x86 arch:x86

45481792862265925202a2ca9dd8adef

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:20:b8:78:71:02:db:9d:1b:54:02:78:ce:d3:e8:15:be:39:29:ef
Signer

Actual PE Digest

95:20:b8:78:71:02:db:9d:1b:54:02:78:ce:d3:e8:15:be:39:29:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppStoreInstallUtility.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcessModules

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

Process32NextW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenProcess
IsBadReadPtr
HeapAlloc
GetProcessHeap
HeapFree
GlobalFree
SetDllDirectoryW
DeleteFileW
WaitForSingleObject
GetCommandLineW
GetSystemDirectoryW
Sleep
GlobalMemoryStatusEx
CreateDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount
CopyFileW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
FindClose
WritePrivateProfileStringW
GetFullPathNameW
TerminateProcess
GetUserDefaultLangID
VirtualAlloc
GetPrivateProfileSectionNamesW
GetSystemTime
VirtualFree
WideCharToMultiByte
RemoveDirectoryW
CreateFileW
ReadFile
GetSystemInfo
CreateFileA
DeviceIoControl
GetTempPathW
InterlockedDecrement
GetVersion
GetCurrentProcess
SetFilePointer
WriteFile
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
InitializeCriticalSection
Process32FirstW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetLocalTime
ReleaseMutex
GetFileSize
CreateMutexW
TerminateThread
CreateEventW
InterlockedExchangeAdd
InterlockedExchange
OpenThread
DisconnectNamedPipe
WriteFileEx
CreateNamedPipeW
ConnectNamedPipe
ReadFileEx
GetOverlappedResult
GetModuleHandleExW
CreateThread
WaitNamedPipeW
SetNamedPipeHandleState
InterlockedCompareExchange
SwitchToThread
RaiseException
CompareStringW
CompareStringA
SetEndOfFile
GetDriveTypeA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
IsValidCodePage
CreateToolhelp32Snapshot
OutputDebugStringW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetTimeZoneInformation
GetPrivateProfileIntW
GetModuleFileNameW
GetModuleHandleW
LocalAlloc
lstrlenW
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
GetLastError
MultiByteToWideChar
LocalFree
SetEnvironmentVariableA
GetDriveTypeW
HeapSize
HeapReAlloc
HeapDestroy
lstrlenA
UnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
ExitProcess
SetLastError
FileTimeToLocalFileTime
ExitThread
GetCommandLineA
RtlUnwind
ResumeThread
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetUnhandledExceptionFilter

user32

DestroyWindow
AttachThreadInput
ShowWindow
SetWindowPos
SetForegroundWindow
FindWindowW
GetWindowRect
GetSystemMetrics
GetDesktopWindow
GetShellWindow
PostMessageW
RegisterWindowMessageW
DispatchMessageW
CallWindowProcW
SendMessageW
CreateWindowExW
IsWindow
SetWindowLongW
GetWindowLongW
KillTimer
GetMessageW
GetForegroundWindow
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
RegisterClassW
GetClassInfoW
DefWindowProcW
PostQuitMessage
SendMessageTimeoutW
FindWindowExW
SetTimer
GetWindowThreadProcessId

advapi32

RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
ControlService
StartServiceW
OpenServiceW
CreateServiceW
RegSetValueExW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
RegQueryValueExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
ord165
SHFileOperationW
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoCreateGuid
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

PathUnquoteSpacesW
PathRemoveExtensionW
PathQuoteSpacesW
PathRemoveFileSpecW
StrStrIW
PathAddBackslashW
PathAppendW
PathFindFileNameW
SHGetValueW
PathFileExistsW
PathIsDirectoryW
PathIsRootW
PathRenameExtensionW
PathRemoveBackslashW
PathIsUNCW
PathIsRelativeW
PathFindExtensionW

winhttp

WinHttpAddRequestHeaders
WinHttpCreateUrl
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest
WinHttpSetCredentials

urlmon

FindMimeFromData

iphlpapi

GetAdaptersAddresses

Exports

Exports

?PostPercent@@YAXHH@Z
AppStoreUpdateSuccess
CheckAppStoreIsOpen
CheckArgv
CheckInstallPath
CheckInstallPathAgain
CheckPathEverInstalled
CompareVersion
CreateInstallInfoCleanTask
CreateUserProcess
DeleteDownloadedFile
DeleteHistoryDir
DeleteInstallInfoCleanTask
DeleteReportData
DeleteShortCutAfterUninstall
DeleteSoftMgrOldFolder
DeleteSvc
EnablePlugin
Exec
GetAVInstallDir
GetAppStoreNextInstalledVersion
GetAppStoreVersionInfo
GetArgv
GetChannelName
GetCurrentLangID
GetFormatPath
GetInstallTime
GetMaxVerExcludeInstVer
GetModule
GetNewFeatures
GetNextInstalledVersion
GetNextNewerVersion
GetParamValue
GetRebootCommandLine
GetString
GetUniqueUserID
GetUrl
GetUrlDefault
GetUseTime
GetVersionCloseToCurrentInstall
Init
InitAppStoreInstalledVersion
InitInstalledVersion
InstallBavSdk
InstallSvc
IsEverInstalled
IsIBDChannel
IsNeedInstallFromLastUninstallTime
IsNeedUpdateByVersionCompare
IsNewUpdate
IsNewerVersionInstalled
IsRepeatedPromotion
IsSamePath
IsUpdate
IsWin64
KillExe
KillExe2
KillProc
Log
NotifyAppStoreUIExit
NotifyUpdateSuccessToCloseOldProcess
OpenBrowser
OpenURL
OpenURLWithRun
PostErrorInfo
ReInstallPin
ReleaseMemory
ReplaceString
ReportIncCount
ReportValue
RunSetupW
SendReportData
SendUnInstallFeedBack
SetTopWindow
SetUpdateFileMapping
ShowUnInstallFeedBackDlg
StartInstall
StopProtectSvc
StopSvc
UTF8Base64Encode
UnInstallBavSdk
UnInstallPin
UnloadHook
UnregisterSecurityCenter
UpdateBugReportConfig
UpdateString
WaitExe
WaitSvc
WriteAnsiFile
_OpenUrlW
_SendReportDataW
co_ebocy
regsvr64

Sections

.text
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Communication.dll
.dll windows:5 windows x86 arch:x86

898b090104ba01782f07b4a6e48ac063

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:9d:2a:43:ce:20:70:f5:b5:0a:78:48:b8:c6:72:97:d6:b0:84:09
Signer

Actual PE Digest

b3:9d:2a:43:ce:20:70:f5:b5:0a:78:48:b8:c6:72:97:d6:b0:84:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\Communication.pdb

Imports

log

WriteLog

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateThread
SetEvent
WaitForSingleObject
GetModuleHandleW
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetTickCount
Sleep
WaitForMultipleObjects
CreateEventW
TerminateThread
SetFilePointer
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
InterlockedCompareExchange
ResetEvent
SwitchToThread
WideCharToMultiByte
GetLastError
GetProcessHeap
HeapFree
GetFileSize
ReadFile
SetLastError
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
InterlockedExchange
GlobalFree
GlobalAlloc
SetEndOfFile
WriteFile
GetModuleHandleA
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
CompareStringA
CreateFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringW
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
ExitProcess
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

RegOpenCurrentUser
ImpersonateLoggedOnUser
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RevertToSelf

ole32

CoCreateGuid
CoTaskMemFree

shlwapi

PathFileExistsW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpSetCredentials
WinHttpSetOption
WinHttpOpenRequest

urlmon

FindMimeFromData

Exports

Exports

CreateObject
_DllMain@12

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallCheck.dll
.dll windows:5 windows x86 arch:x86

e14a5d609009c08180e782ff86941f8c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:0b:2f:ad:70:52:74:83:9e:4c:38:f6:69:f0:02:24:0d:71:a0:2f
Signer

Actual PE Digest

70:0b:2f:ad:70:52:74:83:9e:4c:38:f6:69:f0:02:24:0d:71:a0:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\InstallCheck.pdb

Imports

kernel32

GetModuleHandleW
LoadLibraryW
GetProcAddress
GetSystemInfo
GetVersionExW
GetCommandLineW
LocalFree
HeapSize
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind

user32

MessageBoxW

shell32

CommandLineToArgvW

Exports

Exports

CheckArgv
CheckSystem

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallUI.dll
.dll windows:5 windows x86 arch:x86

480a8e63d9e7538eac92d96a9514c97d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:3c:ee:54:8a:db:0a:29:00:9d:d9:2c:5b:5b:a2:7f:bb:57:8f:b6
Signer

Actual PE Digest

62:3c:ee:54:8a:db:0a:29:00:9d:d9:2c:5b:5b:a2:7f:bb:57:8f:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\InstallUI.pdb

Imports

kernel32

SetFilePointer
GetDriveTypeW
DeviceIoControl
GetPrivateProfileIntW
WriteFile
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
Sleep
SetEvent
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryA
GetFullPathNameW
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersionExW
DeleteFileW
FindResourceExW
LockResource
SetLastError
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
RaiseException
GetCurrentThreadId
OutputDebugStringW
CreateEventW
ResetEvent
WaitForSingleObject
CloseHandle
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
ResumeThread
RtlUnwind
GetCommandLineA
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
InterlockedExchange
TerminateThread
CreateMutexW
GetPrivateProfileSectionW
ReleaseMutex
FindNextFileW
GetLocalTime
FindClose
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStringW
GetSystemTimeAsFileTime
FindFirstFileW
lstrlenA
ExitProcess
HeapSize
HeapReAlloc
DeleteCriticalSection
GetTickCount
InitializeCriticalSection
FreeResource
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
HeapDestroy

user32

CallWindowProcW
SetWindowLongW
GetWindowLongW
PostMessageW
DispatchMessageW
TranslateMessage
PtInRect
GetAsyncKeyState
SetCursor
UnregisterClassA
GetWindowTextW
SetWindowTextW
IsWindow
EndPaint
GetMessageW
PeekMessageW
DestroyWindow
CharNextW
RegisterClassExW
GetClassInfoExW
LoadCursorW
ShowWindow
BeginPaint
SetWindowPos
SendMessageW
CreateWindowExW
GetClientRect
DefWindowProcW
GetDesktopWindow
ClientToScreen
UpdateWindow
KillTimer
SetTimer
PostQuitMessage
LoadIconW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
InvalidateRect
TrackMouseEvent
DrawTextW

gdi32

RoundRect
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkMode
Rectangle
SelectObject
SetViewportOrgEx
CreatePen
CreateSolidBrush
CreateFontW
StretchBlt
CreateBrushIndirect
GetTextExtentPointW
Polygon
CreateDIBSection
DeleteObject
GetObjectW
DeleteDC

advapi32

RegEnumValueW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegOpenKeyW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHFileOperationW
ord165
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

PathAddBackslashW
PathFindFileNameW
SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathIsDirectoryW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

winmm

timeKillEvent
timeBeginPeriod
timeGetDevCaps
timeSetEvent
timeEndPeriod

winhttp

WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpWriteData
WinHttpSendRequest
WinHttpSetOption
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpReceiveResponse

urlmon

FindMimeFromData

iphlpapi

GetAdaptersAddresses

Exports

Exports

GetInstallPath
GetLan
Init
IsDeleteUserData
IsUserCancle
NotifyFinish
SetInstalledVerStatus
ShowUI
WaitThread
WaitUserToClick

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/config.ini
$PLUGINSDIR/log.dll
.dll windows:5 windows x86 arch:x86

b06b122df694eca4827596adc838ca43

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:18:6b:ca:88:a4:c4:2d:7a:aa:51:c6:a7:eb:9d:c7:ef:6c:90:a2
Signer

Actual PE Digest

1a:18:6b:ca:88:a4:c4:2d:7a:aa:51:c6:a7:eb:9d:c7:ef:6c:90:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\log.pdb

Imports

kernel32

LeaveCriticalSection
CreateFileW
GetACP
MultiByteToWideChar
FlushFileBuffers
GetLastError
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
CloseHandle
DeleteFileW
LocalFree
WideCharToMultiByte
WriteFile
OutputDebugStringW
SetFilePointer
QueryPerformanceFrequency
GetFileSize
HeapFree
HeapAlloc
GetTimeFormatA
GetDateFormatA
MoveFileW
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
RaiseException
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
LoadLibraryA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl

Exports

Exports

CloseLog
CreateLog
WriteData
WriteLog
WriteLogA
WriteVLog

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/url.ini
AppLogReporter.exe
.exe windows:5 windows x86 arch:x86

7fa12f7fb9debebd4cc666a9c6b638ad

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:cd:c6:9d:ff:23:1c:dc:46:73:11:7f:3b:7b:ae:3c:dc:c1:b2:4f
Signer

Actual PE Digest

91:cd:c6:9d:ff:23:1c:dc:46:73:11:7f:3b:7b:ae:3c:dc:c1:b2:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppLogReporter.pdb

Imports

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

kernel32

GetLastError
GetProcAddress
GetLocalTime
GlobalMemoryStatusEx
GetSystemInfo
WTSGetActiveConsoleSessionId
DeleteFileW
GetPrivateProfileSectionW
LocalFree
ProcessIdToSessionId
GetCurrentProcessId
SetFilePointer
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
WriteFile
FileTimeToSystemTime
GetFileInformationByHandle
VerifyVersionInfoW
CreateFileW
GetTimeZoneInformation
GetModuleFileNameW
ReadFile
GetVersionExW
LoadLibraryW
GetPrivateProfileStringW
GetModuleHandleW
OutputDebugStringW
GetCurrentProcess
VerSetConditionMask
InterlockedIncrement
SetDllDirectoryW
FreeLibrary
GetFileSize
GetCommandLineW
CloseHandle
DeviceIoControl
LockResource
GlobalFree
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
GlobalAlloc
LoadResource
FindResourceW
FindResourceExW
CreateFileA
CreateDirectoryW
CreateMutexW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
WriteConsoleA
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
FindClose
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetSystemTimeAsFileTime
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
RtlUnwind
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetConsoleOutputCP

advapi32

CloseServiceHandle
OpenSCManagerW
GetUserNameW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExW
RevertToSelf
RegOpenCurrentUser
AllocateAndInitializeSid
ImpersonateLoggedOnUser
QueryServiceStatus
LookupPrivilegeValueW
LookupAccountNameW
RegQueryInfoKeyW
RegQueryValueExW
EqualSid
RegCreateKeyExW
GetTokenInformation
OpenServiceW
OpenProcessToken

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
ord165
ShellExecuteExW

shlwapi

PathAppendW
SHGetValueW
PathFileExistsW
StrTrimW
PathRemoveFileSpecW
PathFindFileNameW
PathRemoveExtensionW
PathAddBackslashW
PathIsDirectoryW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

winhttp

WinHttpCreateUrl

ws2_32

htonl

iphlpapi

GetAdaptersAddresses

ole32

CoCreateGuid

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppPopUpTip.exe
.exe windows:5 windows x86 arch:x86

0b7d7bc1bbb9c71b932ee61d662b4a7d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:6d:ef:00:88:76:e4:c3:cf:ad:aa:55:b6:27:c1:3b:dd:31:f1:7d
Signer

Actual PE Digest

f7:6d:ef:00:88:76:e4:c3:cf:ad:aa:55:b6:27:c1:3b:dd:31:f1:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppPopUpTip.pdb

Imports

datareport

RD_ReportValueEx
RD_ReportNow

kernel32

MulDiv
lstrlenW
GetStartupInfoW
GlobalUnlock
lstrcmpiW
ReleaseMutex
GetProcAddress
ReadFile
CreateFileW
WTSGetActiveConsoleSessionId
GetSystemTime
GetFileSize
SetFilePointer
WriteFile
OutputDebugStringW
GetPrivateProfileStringW
GetTimeZoneInformation
GetPrivateProfileSectionW
WritePrivateProfileStringW
RaiseException
SetEndOfFile
OutputDebugStringA
GetACP
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
GetCommandLineW
DebugBreak
GetLocalTime
InterlockedExchange
SystemTimeToFileTime
GetFileSizeEx
GetCurrentProcess
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateFileMappingW
VirtualProtect
GetCurrentProcessId
HeapCreate
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetCurrentThreadId
TerminateProcess
CreateMutexW
Sleep
GetProcessHeap
FindResourceExW
FindResourceW
UnmapViewOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
MapViewOfFile
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetFullPathNameW
VirtualAlloc
VirtualFree
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetDriveTypeW
GetPrivateProfileSectionNamesW
HeapSize
HeapReAlloc
HeapDestroy
LoadResource
InitializeCriticalSection
GetModuleHandleW
InterlockedCompareExchange
GlobalLock
HeapFree
HeapAlloc
CreateProcessW
DeviceIoControl
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
CreateFileA
OpenFileMappingW
lstrcmpW
GetVersionExW
InterlockedDecrement
InterlockedIncrement
DeleteFileW
CloseHandle
GlobalMemoryStatusEx
LockResource
GetLastError
GetPrivateProfileIntW
GetTempPathW
GetModuleFileNameW
GetExitCodeProcess
SizeofResource
WaitForSingleObject
WriteConsoleA

user32

EndDeferWindowPos
DispatchMessageW
GetShellWindow
GetWindowThreadProcessId
GetSystemMetrics
SetWindowPos
GetDesktopWindow
SystemParametersInfoW
GetForegroundWindow
TranslateMessage
GetMessageW
GetWindowRect
PostMessageW
SendMessageW
SetForegroundWindow
GetWindow
DefWindowProcW
CallWindowProcW
GetPropW
EnableWindow
ReleaseCapture
CreateWindowExW
IsWindow
SetLayeredWindowAttributes
GetCursorPos
GetSysColor
RedrawWindow
SetWindowLongW
GetDlgItem
ReleaseDC
GetClassNameW
GetWindowLongW
InvalidateRect
GetCursorInfo
OffsetRect
RegisterClassExW
GetCapture
GetDC
SetPropW
GetClassInfoExW
PtInRect
BeginPaint
wsprintfA
CharNextW
LoadImageW
ClientToScreen
SetCursor
UpdateLayeredWindow
CopyImage
TrackMouseEvent
SetRectEmpty
DeferWindowPos
BeginDeferWindowPos
EndPaint
DestroyWindow
DestroyAcceleratorTable
SetTimer
RemovePropW
PostQuitMessage
FillRect
IsChild
SetCapture
KillTimer
GetFocus
GetParent
InvalidateRgn
LoadCursorW
GetClientRect
CreateAcceleratorTableW
SetFocus

gdi32

StretchBlt
CreateDIBSection
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RevertToSelf
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
GetFileSecurityW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyW

shell32

SHGetSpecialFolderPathW
ord165
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoCreateGuid
CLSIDFromProgID
OleLockRunning
CoCreateInstance
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
CoGetClassObject
CoTaskMemAlloc

oleaut32

VariantInit
SysAllocString
OleCreateFontIndirect
SysStringByteLen
SysFreeString
VariantClear

msimg32

AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathAppendW
PathAddBackslashW
SHGetValueW
PathRemoveBackslashW
PathIsDirectoryW
PathIsRootW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

version

VerQueryValueW

psapi

GetModuleFileNameExW
GetModuleInformation

wintrust

WinVerifyTrust

iphlpapi

GetAdaptersAddresses

winhttp

WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpReadData
WinHttpOpen
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse
WinHttpOpenRequest

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppStoreDataReport.dll
.dll windows:5 windows x86 arch:x86

602aa43768fb77955685f911cca4819c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:f4:95:e4:b4:38:69:47:c0:96:fb:a2:a0:8a:ad:13:7b:c2:80:84
Signer

Actual PE Digest

e1:f4:95:e4:b4:38:69:47:c0:96:fb:a2:a0:8a:ad:13:7b:c2:80:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppStoreDataReport.pdb

Imports

log

WriteLog

kernel32

HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
WriteFile
ReadFile
GetModuleFileNameW
CreateFileW
GetLastError
FindClose
GetLocalTime
FindNextFileW
GetCurrentThreadId
ReleaseMutex
DeleteFileW
GetSystemTime
GetPrivateProfileStringW
GetPrivateProfileIntW
SetEvent
TerminateThread
ResetEvent
CreateEventW
WritePrivateProfileStringW
SetFilePointer
InterlockedCompareExchange
GetFileInformationByHandle
FindFirstFileW
CreateMutexW
CloseHandle
DeviceIoControl
LockResource
MultiByteToWideChar
SizeofResource
FormatMessageA
ExpandEnvironmentStringsA
WaitForMultipleObjects
LoadLibraryW
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
CreateFileA
OutputDebugStringW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
PeekNamedPipe
GetVersionExW
SleepEx
CreateDirectoryW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
FindFirstFileA
RaiseException
HeapDestroy
CompareStringA
SetEndOfFile
GetFullPathNameA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
LoadLibraryA
InterlockedExchange
FreeLibrary
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
ExitThread
CreateThread
GetCommandLineA
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
GetModuleHandleA
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
HeapSize
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount

user32

IsWindow
GetWindowLongW
PostMessageW
GetMessageW
SetTimer
DestroyWindow
SetWindowLongW
DispatchMessageW
CallWindowProcW
SendMessageW
CreateWindowExW

advapi32

RegOpenKeyW
CryptDestroyHash
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptHashData
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ord165

ole32

CoInitialize
CoCreateGuid
CoUninitialize

shlwapi

PathIsDirectoryW
SHGetValueW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathAddBackslashW

iphlpapi

GetAdaptersAddresses

ws2_32

recv
setsockopt
getsockname
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
send
__WSAFDIsSet
select
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
socket
WSASetLastError
closesocket
getsockopt
WSAStartup
WSACleanup
bind

wldap32

ord46
ord142
ord133
ord167
ord147
ord27
ord208
ord301
ord145
ord216
ord79
ord26
ord41
ord127
ord118
ord14

Exports

Exports

??0CReportFile@@QAE@ABV0@@Z
??0CReportFile@@QAE@XZ
??1CReportFile@@QAE@XZ
??4CReportFile@@QAEAAV0@ABV0@@Z
?AddCountItem@CReportFile@@IAEHKK@Z
?AddReportItem@CReportFile@@QAEHKK@Z
?AddReportItem@CReportFile@@QAEHKPB_W@Z
?AddSequenceItem@CReportFile@@IAEHKK@Z
?AddStateItem@CReportFile@@IAEHKK@Z
?AddStateItem@CReportFile@@IAEHKPB_W@Z
?AddValueItem@CReportFile@@IAEHKK@Z
?AddValueItem@CReportFile@@IAEHKPB_W@Z
?ClearAll@CReportFile@@QAEXXZ
?CreateGlobalMutex@CReportFile@@SAPAXPB_W@Z
?CreateReportFileName@CReportFile@@IAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?EnableOutput@CReportFile@@IAE_NXZ
?FillFileHead@CReportFile@@IAEHPAUtagReportFileHead@@@Z
?FillVersionInfor@CReportFile@@IAEXPAUtagReportFileHead@@@Z
?GetChannel@CReportFile@@IAEXXZ
?GetData@CReportFile@@QAEHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetDataFromSaveFile@CReportFile@@QAEHXZ
?GetDataSize@CReportFile@@QAEHXZ
?GetIDType@CReportFile@@IAEKK@Z
?GetTimeStr@CReportFile@@IAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetUserSID@CReportFile@@IAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetVersionInfo@CReportFile@@IAEXXZ
?Init@CReportFile@@QAEHXZ
?MessageBoxPrintf@CReportFile@@IAAXPA_WZZ
?ParseFromFile@CReportFile@@IAEHPB_W@Z
?ParseIDType@CReportFile@@IAEKK@Z
?ParseItem@CReportFile@@IAEHPAEH@Z
?PostProcessUniqueUserID@CReportFile@@IAEXPA_W@Z
?SaveFile@CReportFile@@QAEHH@Z
?SerializeToArray@CReportFile@@IAEHPAEH@Z
?SetChannel@CReportFile@@QAEXPB_W@Z
?SetVersionInfo@CReportFile@@QAEXPB_W@Z
AS_RD_ReportIncCount
AS_RD_ReportIncCountEx
AS_RD_ReportNow
AS_RD_ReportState
AS_RD_ReportStateEx
AS_RD_ReportValue
AS_RD_ReportValueEx
AS_RD_Save
AS_RD_SetChannel
AS_RD_SetInfor
AS_RD_SetUploadURL
AS_RD_SetVersion
AS_RD_Start
AS_RD_Stop
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppStoreDeskTool.exe
.exe windows:5 windows x86 arch:x86

b06f81e9d6a877e27cc35dbc9cf7701c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:61:a6:3d:ad:b7:7a:c9:df:d4:6c:d2:d2:58:af:30:38:f2:60:84
Signer

Actual PE Digest

5f:61:a6:3d:ad:b7:7a:c9:df:d4:6c:d2:d2:58:af:30:38:f2:60:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppStoreDeskTool.pdb

Imports

datareport

RD_Save
RD_ReportIncCount
RD_ReportValueEx
RD_ReportNow

wallpaperdatacmd

GetToolCommand
GetDataCommand
CoverWallPaperData
GetConfig

log

WriteLog

directui

DirectUI_ShowControl
DirectUI_UpdateSkin
DirectUI_SetLanguageStyle
DirectUI_GetStringItem
DirectUI_EnableAnimate
DirectUI_SetAnimateCurFrameIndex
DirectUI_LoadSkinResourceFromZIP
DirectUI_SubclassWindow
DirectUI_Button_GetCheck
DirectUI_ChangeStyle
DirectUI_SubclassLayeredWindow
DirectUI_TrackPopupMenu

feedback

?QueryReply@feedback@baidu@@YAKW4ProductId@12@W4LanguageId@12@PB_WPA_WI@Z

kernel32

GetCurrentProcessId
HeapAlloc
IsBadReadPtr
LoadLibraryW
GetPrivateProfileStringW
CreateEventW
SetEvent
ResetEvent
GlobalAlloc
GlobalFree
CreateFileW
DeviceIoControl
WideCharToMultiByte
FindFirstFileW
GlobalLock
GlobalUnlock
GetTickCount
FreeResource
GetProcessId
ReadFile
WTSGetActiveConsoleSessionId
CreateDirectoryW
GetCommandLineW
DebugBreak
GetLocalTime
Sleep
InterlockedExchange
InterlockedCompareExchange
SystemTimeToFileTime
WriteFile
GetFileSizeEx
CreateProcessW
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
VirtualQueryEx
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
HeapCreate
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
SetEndOfFile
SetFilePointer
InterlockedExchangeAdd
OpenThread
DisconnectNamedPipe
WriteFileEx
OutputDebugStringW
CreateNamedPipeW
ConnectNamedPipe
ReadFileEx
GetOverlappedResult
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
WaitNamedPipeW
SetNamedPipeHandleState
TerminateThread
SwitchToThread
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryA
GetFullPathNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
ResumeThread
ExitThread
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetTempPathW
HeapFree
WritePrivateProfileStringW
GetProcessHeap
CreateThread
ExitProcess
CreateMutexW
GetLastError
CloseHandle
WaitForSingleObject
DeleteFileW
GetVersionExW
FindResourceExW
LockResource
SetLastError
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
SetCurrentDirectoryW
GetCurrentThreadId
GetPrivateProfileIntW
GetModuleFileNameW
GetModuleHandleA

user32

DefWindowProcW
GetActiveWindow
SendMessageW
GetWindowLongW
IsWindow
FindWindowW
FindWindowExW
SetWindowPos
SetWindowLongW
DialogBoxParamW
CharNextW
DestroyWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
ShowWindow
SetTimer
GetCursorPos
GetWindowRect
PtInRect
KillTimer
UnregisterClassA
PostMessageW
GetParent
CallWindowProcW
IsRectEmpty
GetDC
ReleaseDC
UpdateLayeredWindow
SetForegroundWindow
MoveWindow
SetWindowTextW
IsWindowVisible
InvalidateRect
SystemParametersInfoW
BeginPaint
EndPaint
EqualRect
EnableWindow
CreatePopupMenu
DestroyMenu
AppendMenuW
GetSystemMetrics
GetClientRect
SetPropW
GetPropW
GetWindowThreadProcessId
UpdateWindow
RemovePropW
SetCapture
ReleaseCapture
InflateRect
SendMessageTimeoutW
PostQuitMessage
GetClassInfoW
RegisterClassW
MsgWaitForMultipleObjectsEx
DispatchMessageW
GetMessageW
ScreenToClient
PeekMessageW
TranslateMessage

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject

advapi32

RegDeleteKeyW
ImpersonateLoggedOnUser
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenCurrentUser
RevertToSelf
RegOpenKeyW
RegEnumValueW
CreateProcessAsUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
ord165
CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateGuid
CoCreateInstance
CoUninitialize
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

shlwapi

PathIsDirectoryW
PathAddBackslashW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDrawRectangle
GdipSetPenColor
GdipFillRectangle
GdipEndContainer
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipBeginContainer2
GdipGraphicsClear
GdipLoadImageFromStream
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdipSetSolidFillColor
GdipGetImageHeight
GdipGetImageWidth
GdipDrawArc
GdipDrawRectangleI
GdipMeasureString
GdipCreateFromHWND
GdipDrawImageRectI
GdipCreatePen1
GdipDeletePen
GdipSetSmoothingMode
GdipDrawArcI
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawImageI
GdipFillRectangleI
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes

winhttp

WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpSetStatusCallback
WinHttpReadData

imm32

ImmDisableIME

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

version

VerQueryValueW

psapi

GetModuleInformation
GetModuleFileNameExW

iphlpapi

GetAdaptersAddresses

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 513KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppStoreDesktopTip.exe
.exe windows:5 windows x86 arch:x86

f8dbe1acec5482bcb9a3e9c5925ff47e

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:32:a4:72:14:d4:17:2e:a1:ee:b5:dd:68:77:3f:4c:aa:2b:2e:b8
Signer

Actual PE Digest

df:32:a4:72:14:d4:17:2e:a1:ee:b5:dd:68:77:3f:4c:aa:2b:2e:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppStoreDesktopTip.pdb

Imports

datareport

RD_ReportNow
RD_ReportIncCount

kernel32

OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
GetModuleFileNameW
GetPrivateProfileStringW
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
GlobalFree
CreateFileW
WideCharToMultiByte
GetModuleHandleW
GetTickCount
MultiByteToWideChar
RaiseException
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeA
GetNativeSystemInfo
GetLocaleInfoA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapCreate
VirtualAlloc
VirtualFree
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetPrivateProfileIntW
CreateMutexW
OpenMutexW
UnmapViewOfFile
CloseHandle
MapViewOfFile
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetModuleHandleA
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
OpenFileMappingW

user32

ReleaseDC
CreateWindowExW
SetTimer
TrackMouseEvent
InvalidateRect
PostQuitMessage
PostMessageW
ValidateRect
KillTimer
ShowWindow
IsWindowVisible
EqualRect
DefWindowProcW
GetClassNameW
FindWindowExW
EnumWindows
GetWindowThreadProcessId
SetWindowPos
CopyRect
EnumDisplayMonitors
UnionRect
OffsetRect
GetDesktopWindow
SubtractRect
IntersectRect
WindowFromPoint
GetWindowTextW
PtInRect
UpdateLayeredWindow
GetDC
GetWindowRect
RegisterClassExW
TranslateMessage
GetMessageW
SendMessageW
FindWindowW
IsWindow
LoadCursorW
SetCursor
DispatchMessageW

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

shell32

ord165
SHGetSpecialFolderPathW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

shlwapi

PathAppendW
PathFileExistsW

dbghelp

MakeSureDirectoryPathExists

gdiplus

GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCreateStringFormat
GdipCreateFont
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipDeleteGraphics
GdipDeleteStringFormat
GdiplusShutdown
GdiplusStartup
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipGetGenericFontFamilySansSerif
GdipCreateFromHDC

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppStoreHelper.dll
.dll windows:5 windows x86 arch:x86

6616eac725d604469706617040d3bef2

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:21:72:5e:cb:2d:ae:b9:56:76:9d:45:08:f9:f2:ab:3c:4b:96:20
Signer

Actual PE Digest

72:21:72:5e:cb:2d:ae:b9:56:76:9d:45:08:f9:f2:ab:3c:4b:96:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppStoreHelper.pdb

Imports

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

kernel32

GetProcAddress
GetLocalTime
GlobalMemoryStatusEx
GetSystemInfo
WTSGetActiveConsoleSessionId
DeleteFileW
GetPrivateProfileSectionW
LocalFree
GetLastError
CreateFileW
GetTimeZoneInformation
GetModuleFileNameW
ReadFile
GetVersionExW
LoadLibraryW
GetPrivateProfileStringW
GetModuleHandleW
OutputDebugStringW
GetCurrentProcess
InterlockedIncrement
SetDllDirectoryW
FreeLibrary
CloseHandle
DeviceIoControl
LockResource
GlobalFree
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
GlobalAlloc
LoadResource
FindResourceW
FindResourceExW
CreateFileA
CreateDirectoryW
CreateMutexW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
GetProcessHeap
FindFirstFileW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
WriteConsoleW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
RaiseException
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetModuleHandleA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
InterlockedExchange
LoadLibraryA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP

advapi32

OpenServiceW
OpenProcessToken
OpenSCManagerW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
RegEnumKeyExW
RegOpenKeyExW
RevertToSelf
RegOpenCurrentUser
AllocateAndInitializeSid
ImpersonateLoggedOnUser
QueryServiceStatus
LookupPrivilegeValueW
LookupAccountNameW
RegQueryInfoKeyW
RegQueryValueExW
EqualSid
RegCreateKeyExW
GetTokenInformation
GetUserNameW
CloseServiceHandle

shell32

ord165
SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathAppendW
PathIsDirectoryW
SHGetValueW
PathAddBackslashW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

winhttp

WinHttpCreateUrl

ws2_32

htonl

iphlpapi

GetAdaptersAddresses

ole32

CoCreateGuid

Exports

Exports

SendUserMsgW

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppStoreSencePopup.exe
.exe windows:5 windows x86 arch:x86

1bae7a4fdf7900a132ad91b8bd7f98bb

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:42:68:41:1d:97:77:61:0b:be:55:e1:2d:28:a8:91:bd:54:01:1d
Signer

Actual PE Digest

cb:42:68:41:1d:97:77:61:0b:be:55:e1:2d:28:a8:91:bd:54:01:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppStoreSencePopup.pdb

Imports

datareport

RD_ReportNow
RD_ReportIncCount

directui

DirectUI_LoadSkinResourceFromZIP
DirectUI_ShowControl
DirectUI_SetLanguageStyle
DirectUI_SubclassWindow

kernel32

LeaveCriticalSection
EnterCriticalSection
FreeLibrary
lstrlenW
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
SetLastError
CreateFileW
ReadFile
WTSGetActiveConsoleSessionId
GetPrivateProfileStringW
CreateDirectoryW
DebugBreak
WideCharToMultiByte
GetLocalTime
Sleep
InterlockedExchange
InterlockedCompareExchange
SystemTimeToFileTime
WriteFile
GetFileSizeEx
CreateProcessW
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
GetCurrentProcessId
GetVersionExW
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
RaiseException
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LCMapStringA
GetModuleHandleA
LCMapStringW
CloseHandle
GetLastError
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringW
GetTickCount
GetPrivateProfileIntW
GetModuleFileNameW
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineW
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapFree
HeapDestroy
GetCurrentDirectoryA
GetFullPathNameW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapSize
GetStartupInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetEndOfFile
SetCurrentDirectoryW
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
IsDebuggerPresent
FindClose
RtlUnwind
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualAlloc

user32

DialogBoxParamW
CharNextW
SetWindowPos
SetWindowLongW
GetWindowLongW
FindWindowW
DestroyWindow
GetActiveWindow
DefWindowProcW
EndDialog
SetTimer
UnregisterClassA
SystemParametersInfoW
MapWindowPoints
GetClientRect
GetParent
MonitorFromWindow
GetWindowRect
GetMonitorInfoW
GetWindow

advapi32

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RevertToSelf
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteExW
ord165

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameW
PathFileExistsW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW

psapi

GetModuleInformation
GetModuleFileNameExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppStoreUpdater.exe
.exe windows:5 windows x86 arch:x86

cef36e72c0c6b0e14371a18d24bbe4c4

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:37:b1:00:c1:00:c5:43:0f:b0:45:83:33:5b:dd:25:d5:8f:49:33
Signer

Actual PE Digest

23:37:b1:00:c1:00:c5:43:0f:b0:45:83:33:5b:dd:25:d5:8f:49:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppStoreUpdater.pdb

Imports

directui

DirectUI_SetControlText
DirectUI_TreeEx_SetItemHeight
DirectUI_Static_SetLogoIcon
DirectUI_LoadSkinResourceFromZIP
DirectUI_SubclassWindow
DirectUI_SetAnimateCurFrameIndex
DirectUI_TreeEx_SetControlText
DirectUI_GetStringLength
DirectUI_AutoText_SetControlText
DirectUI_GetStringItem
DirectUI_TreeEx_InsertItem
DirectUI_ShowControl
DirectUI_SetLanguageStyle
DirectUI_GetStringRect
DirectUI_Static_SetLogoImageBuffer
DirectUI_Button_GetCheck
DirectUI_EnableAnimate
DirectUI_SetControlPos
DirectUI_Progress_SetPos

datareport

RD_ReportValueEx
RD_ReportIncCount
RD_ReportNow

kernel32

GetTickCount
LoadLibraryW
TerminateThread
GetVersionExW
LockResource
CreateFileW
ReadFile
WTSGetActiveConsoleSessionId
CreateDirectoryW
DebugBreak
WideCharToMultiByte
GetLocalTime
Sleep
InterlockedExchange
InterlockedCompareExchange
SystemTimeToFileTime
WriteFile
DeleteFileW
GetFileSizeEx
CreateProcessW
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
SetEndOfFile
SetFilePointer
CopyFileW
GetFileSize
VerSetConditionMask
GetExitCodeProcess
VerifyVersionInfoW
SetEvent
GlobalFree
WaitForSingleObject
FindFirstFileA
GetFileInformationByHandle
FindResourceExW
LocalFree
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
GlobalMemoryStatusEx
EnterCriticalSection
GetProcAddress
GetLastError
GetPrivateProfileIntW
RaiseException
FlushInstructionCache
WritePrivateProfileStringW
lstrlenW
SetFileAttributesW
OutputDebugStringA
FormatMessageA
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
SleepEx
TryEnterCriticalSection
CompareFileTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
GetSystemTime
GetBinaryTypeW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetModuleHandleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetCurrentDirectoryA
GetFullPathNameW
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
InitializeCriticalSection
GetPrivateProfileStringW
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
CreateMutexW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
GetTimeZoneInformation
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
SetEnvironmentVariableW
IsProcessorFeaturePresent
LoadLibraryA
GetCommandLineW
RemoveDirectoryW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy

user32

AttachThreadInput
SetForegroundWindow
LoadImageW
RegisterWindowMessageW
CharNextW
GetMessageW
GetWindowRect
DestroyWindow
GetWindow
CallWindowProcW
GetMonitorInfoW
DestroyMenu
MapWindowPoints
RemoveMenu
GetMenuItemCount
IsWindow
LoadStringW
GetCursorPos
MonitorFromWindow
SystemParametersInfoW
AppendMenuW
GetWindowLongW
InvalidateRect
LoadCursorW
PtInRect
GetMenuItemInfoW
SetFocus
CreateWindowExW
GetSystemMetrics
GetClientRect
MessageBeep
GetParent
LoadStringA
KillTimer
PostMessageW
PostQuitMessage
MonitorFromPoint
UnregisterClassA
wsprintfW
wsprintfA
FindWindowW
GetClassInfoExW
TranslateMessage
GetForegroundWindow
RegisterClassExW
PeekMessageW
SetWindowLongW
SendMessageW
DefWindowProcW
GetWindowThreadProcessId
SetTimer
GetDesktopWindow
SetWindowPos
TrackPopupMenuEx
ShowWindow
GetShellWindow
DispatchMessageW
CreatePopupMenu

advapi32

OpenProcessToken
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RevertToSelf
CreateProcessAsUserW
GetFileSecurityW
DuplicateTokenEx
SetTokenInformation

shell32

SHGetDiskFreeSpaceExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
ord165
CommandLineToArgvW

ole32

CoUninitialize
CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathIsRootW
StrCmpW
PathRemoveBackslashW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathAddBackslashW
StrStrIW
PathIsDirectoryW
StrCmpIW

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetModuleInformation

comctl32

InitCommonControlsEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpCloseHandle

msi

ord217
ord173

log

WriteLog

sqlite

sqlite3_bind_blob
sqlite3_column_text
sqlite3_errmsg
sqlite3_column_int
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_finalize
sqlite3_step
sqlite3_open
sqlite3_bind_int
sqlite3_exec
sqlite3_close
sqlite3_prepare
sqlite3_bind_text
sqlite3_free

rpcrt4

UuidFromStringW

ws2_32

listen
accept
recvfrom
sendto
ioctlsocket
__WSAFDIsSet
send
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
freeaddrinfo
getaddrinfo
gethostname
select
WSAStartup
getsockopt
WSACleanup

wldap32

ord27
ord147
ord167
ord208
ord145
ord14
ord216
ord79
ord26
ord41
ord301
ord118
ord133
ord142
ord46
ord127

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppStoreUtilExe.exe
.exe windows:5 windows x86 arch:x86

a69a7f1636cfa6b91829de066c9ab31d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:e0:8e:ff:68:ef:1f:83:aa:d6:bb:36:44:8c:55:03:7e:71:4a:7b
Signer

Actual PE Digest

c9:e0:8e:ff:68:ef:1f:83:aa:d6:bb:36:44:8c:55:03:7e:71:4a:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\AppStoreUtilExe.pdb

Imports

log

WriteLog
CreateLog

sqlite

sqlite3_step
sqlite3_finalize
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_int
sqlite3_errmsg
sqlite3_column_text
sqlite3_bind_blob
sqlite3_open
sqlite3_close
sqlite3_bind_parameter_index
sqlite3_prepare

shlwapi

PathIsDirectoryW
PathAddBackslashW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathRenameExtensionW
PathFileExistsW

datareport

RD_Save
RD_ReportIncCount
RD_ReportValueEx

kernel32

TlsGetValue
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetPrivateProfileIntW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
GetModuleHandleW
SizeofResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringW
WritePrivateProfileStringW
DeleteFileW
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
QueryPerformanceCounter
SystemTimeToFileTime
GetSystemTime
FindFirstFileW
FindClose
WTSGetActiveConsoleSessionId
FindNextFileW
CreateFileA
DeviceIoControl
MapViewOfFile
UnmapViewOfFile
HeapAlloc
HeapFree
WaitForSingleObject
SetEvent
GetProcessHeap
IsBadReadPtr
InitializeCriticalSection
TerminateThread
Sleep
LeaveCriticalSection
EnterCriticalSection
CreateEventW
DeleteCriticalSection
GetCurrentProcessId
CreateThread
GetDriveTypeW
CompareFileTime
RemoveDirectoryW
CreateDirectoryW
GetLocalTime
CreateMutexW
GetCurrentProcess
ResetEvent
InterlockedExchange
IsValidCodePage
GetPrivateProfileSectionW
GetStringTypeW
CopyFileW
RaiseException
InterlockedCompareExchange
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
OpenThread
DisconnectNamedPipe
WriteFileEx
OutputDebugStringW
CreateNamedPipeW
ConnectNamedPipe
ReadFileEx
GetOverlappedResult
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
GetCurrentThreadId
GetTickCount
SwitchToThread
GetBinaryTypeW
CreateProcessW
ResumeThread
OpenProcess
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TryEnterCriticalSection
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
SetEndOfFile
GetCommandLineW
DebugBreak
HeapDestroy
GetFileSizeEx
ProcessIdToSessionId
ReadProcessMemory
VirtualQueryEx
VirtualProtect
GetVersionExW
HeapCreate
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetPrivateProfileSectionNamesW
GetACP
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
FlushFileBuffers
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryA
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
FileTimeToLocalFileTime
RtlUnwind
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
HeapSize
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDriveTypeA
CompareStringA
CreateFileMappingW

user32

DispatchMessageW
DestroyWindow
CreateWindowExW
PeekMessageW
FindWindowW
KillTimer
TranslateMessage
MsgWaitForMultipleObjectsEx
SetWindowLongW
PostMessageW
RegisterClassW
GetClassInfoW
DefWindowProcW
PostQuitMessage
SendMessageW
SendMessageTimeoutW
GetWindowLongW
IsWindow
GetWindowThreadProcessId
FindWindowExW
SetTimer
GetMessageW

advapi32

RevertToSelf
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
CreateProcessAsUserW

shell32

ShellExecuteExW
ord165
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetDiskFreeSpaceExW
SHFileOperationW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

rpcrt4

UuidFromStringW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleInformation
GetModuleFileNameExW

iphlpapi

GetAdaptersAddresses

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Browser.exe
.exe windows:5 windows x86 arch:x86

b453e4511ec03c2c2a10fff296b6476d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:18:f0:bb:12:38:3f:df:73:f4:e8:aa:de:23:08:98:b6:ce:58:fa
Signer

Actual PE Digest

01:18:f0:bb:12:38:3f:df:73:f4:e8:aa:de:23:08:98:b6:ce:58:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\Browser.pdb

Imports

directui

DirectUI_SubclassWindow
DirectUI_LoadSkinResourceFromZIP
DirectUI_SetAnimateCurFrameIndex
DirectUI_GetStringLength
DirectUI_GetStringItem
DirectUI_ShowControl
DirectUI_SetLanguageStyle
DirectUI_SetControlPos
DirectUI_EnableAnimate

datareport

RD_ReportNow
RD_ReportIncCount

kernel32

MulDiv
lstrcmpW
GlobalUnlock
SetLastError
FindResourceExW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
LockResource
CloseHandle
CreateFileW
ReadFile
WTSGetActiveConsoleSessionId
GetPrivateProfileStringW
CreateDirectoryW
DebugBreak
WideCharToMultiByte
GetLocalTime
Sleep
InterlockedExchange
InterlockedCompareExchange
WritePrivateProfileStringW
SystemTimeToFileTime
WriteFile
GetFileSizeEx
CreateProcessW
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
GetCurrentProcessId
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
FlushInstructionCache
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetVersionExW
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
LCMapStringW
GetCurrentDirectoryA
GetFullPathNameW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
RtlUnwind
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
GetModuleHandleA
HeapFree
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
GlobalAlloc
GlobalLock
LocalFree
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetLastError
GetPrivateProfileIntW
RaiseException
SizeofResource
InitializeCriticalSection
GetModuleHandleW
OutputDebugStringW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
GetCommandLineW
SetEndOfFile

user32

DispatchMessageW
UnregisterClassA
GetMessageW
CharNextW
LoadImageW
LoadCursorW
GetClassInfoExW
TranslateMessage
DefWindowProcW
CreateWindowExW
GetDesktopWindow
SetWindowLongW
PeekMessageW
RegisterClassExW
DestroyWindow
MoveWindow
GetWindow
CallWindowProcW
SetWindowTextW
SendMessageW
ReleaseCapture
IsWindow
ShowWindow
GetWindowRect
SetWindowPos
GetSysColor
RedrawWindow
GetDlgItem
ReleaseDC
GetClassNameW
GetWindowTextW
GetWindowLongW
InvalidateRect
GetDC
BeginPaint
SetFocus
CreateAcceleratorTableW
MonitorFromPoint
PostQuitMessage
LoadStringA
MessageBeep
GetMenuItemInfoW
PtInRect
TrackPopupMenuEx
AppendMenuW
LoadStringW
CreatePopupMenu
GetMenuItemCount
RemoveMenu
GetSystemMetrics
MapWindowPoints
DestroyMenu
GetMonitorInfoW
EndPaint
ClientToScreen
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
RegisterWindowMessageW
FillRect
IsChild
SetCapture
PostMessageW
GetFocus
GetParent
InvalidateRgn
GetClientRect

gdi32

DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
BitBlt

advapi32

CreateProcessAsUserW
RevertToSelf
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW
ord165

ole32

PropVariantClear
CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CLSIDFromString

oleaut32

LoadTypeLi
SysFreeString
SysAllocString
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VarBstrCmp
VariantInit
VariantCopy
SysStringLen
VariantClear
VarUI4FromStr

shlwapi

PathAppendW
PathAddBackslashW
SHStrDupW
PathFindFileNameW
PathFileExistsW

comctl32

InitCommonControlsEx

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

version

VerQueryValueW

psapi

GetModuleFileNameExW
GetModuleInformation

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheckAppStore.exe
.exe windows:5 windows x86 arch:x86

fb47ec846ff7894e4df119e51b666373

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:1e:be:91:b1:6d:d5:a3:ba:a0:15:a0:d8:e2:14:ae:01:ff:19:05
Signer

Actual PE Digest

7b:1e:be:91:b1:6d:d5:a3:ba:a0:15:a0:d8:e2:14:ae:01:ff:19:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\bin\CheckAppStore.pdb

Imports

datareport

RD_ReportValueEx
RD_ReportNow

advapi32

RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegQueryInfoKeyW

msvcr90

__p__fmode
_encode_pointer
__set_app_type
__p__commode
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
vswprintf_s
_vscwprintf
wcsnlen
memmove_s
memcpy_s
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??3@YAXPAX@Z
_unlock
_CxxThrowException
__CxxFrameHandler3
memset

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Communication.dll
.dll windows:5 windows x86 arch:x86

898b090104ba01782f07b4a6e48ac063

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:9d:2a:43:ce:20:70:f5:b5:0a:78:48:b8:c6:72:97:d6:b0:84:09
Signer

Actual PE Digest

b3:9d:2a:43:ce:20:70:f5:b5:0a:78:48:b8:c6:72:97:d6:b0:84:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\Communication.pdb

Imports

log

WriteLog

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateThread
SetEvent
WaitForSingleObject
GetModuleHandleW
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetTickCount
Sleep
WaitForMultipleObjects
CreateEventW
TerminateThread
SetFilePointer
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
InterlockedCompareExchange
ResetEvent
SwitchToThread
WideCharToMultiByte
GetLastError
GetProcessHeap
HeapFree
GetFileSize
ReadFile
SetLastError
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
InterlockedExchange
GlobalFree
GlobalAlloc
SetEndOfFile
WriteFile
GetModuleHandleA
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
CompareStringA
CreateFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringW
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
ExitProcess
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

RegOpenCurrentUser
ImpersonateLoggedOnUser
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RevertToSelf

ole32

CoCreateGuid
CoTaskMemFree

shlwapi

PathFileExistsW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpSetCredentials
WinHttpSetOption
WinHttpOpenRequest

urlmon

FindMimeFromData

Exports

Exports

CreateObject
_DllMain@12

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashReport.exe
.exe windows:5 windows x86 arch:x86

3cdbd323b5afb0e05c8e80099e3b150a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:33:c5:43:26:d0:50:88:04:78:c7:63:90:4c:d4:2b:88:88:91:63
Signer

Actual PE Digest

37:33:c5:43:26:d0:50:88:04:78:c7:63:90:4c:d4:2b:88:88:91:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\jenkins\workspace\CrashTool_workspace\bavOutput\Pdb\Release\CrashReport.pdb

Imports

psapi

GetProcessMemoryInfo
QueryWorkingSet
GetModuleInformation
GetModuleFileNameExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FindNextFileW
FindFirstFileW
ReadProcessMemory
VirtualQueryEx
OpenThread
GetLocalTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatus
Sleep
WideCharToMultiByte
ExpandEnvironmentStringsW
InterlockedExchange
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
ReadFile
MoveFileExW
GetFileSize
GetVolumeInformationW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFilePointer
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
CreateMutexW
InterlockedCompareExchange
SystemTimeToFileTime
GetPrivateProfileStringW
GetFileSizeEx
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetPrivateProfileIntW
InitializeCriticalSectionAndSpinCount
Module32NextW
VirtualProtect
Module32FirstW
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
LeaveCriticalSection
SetEndOfFile
CreateFileA
GetTimeZoneInformation
WriteFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
EnterCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetFileAttributesW
GetSystemTimeAsFileTime
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
lstrlenA
CreateFileW
SetEvent
GetLastError
DeleteFileW
CreateProcessW
GetCommandLineW
LocalFree
GetNativeSystemInfo
IsWow64Process
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
GetLocaleInfoW
RaiseException
DeleteCriticalSection
OpenProcess
LoadLibraryW
WaitForSingleObject
CloseHandle
FreeLibrary
GetCurrentThreadId
GetProcAddress
FindResourceExW
GetVersionExW
MultiByteToWideChar
lstrlenW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushInstructionCache
TerminateProcess
GetStringTypeA

user32

TrackMouseEvent
GetFocus
PostMessageW
PostQuitMessage
SetCursor
ScreenToClient
GetCursorPos
LoadCursorW
UnregisterClassA
DispatchMessageW
EnumWindows
GetWindowThreadProcessId
UpdateLayeredWindow
GetWindowDC
GetWindowRect
DrawTextW
DestroyCursor
TranslateAcceleratorW
DefWindowProcW
SetWindowPos
MessageBeep
LoadStringW
SendMessageW
IsWindow
PtInRect
PeekMessageW
EnumChildWindows
GetClassNameW
GetWindowTextW
CharNextW
CreateWindowExW
GetClassInfoExW
LoadImageW
RegisterClassExW
LoadMenuW
LoadAcceleratorsW
DestroyWindow
ShowWindow
GetMessageW
TranslateMessage
SetTimer
CallWindowProcW
SetWindowLongW
LoadStringA
GetParent
GetWindow
MonitorFromWindow
MonitorFromPoint
GetMonitorInfoW
SetFocus
KillTimer
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
ReleaseDC
CreatePopupMenu
MapWindowPoints
GetClientRect
SetWindowTextW
GetWindowLongW
InvalidateRect

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
SaveDC
GetBitmapBits
SetBitmapBits
RestoreDC
DeleteObject
DeleteDC
CreateFontW

advapi32

LookupPrivilegeValueW
RegQueryValueExW
AdjustTokenPrivileges
RevertToSelf
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
QueryServiceStatus
DeleteService
ControlService
OpenServiceW
StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
RegEnumValueW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitialize

oleaut32

VariantChangeType
GetErrorInfo
SysAllocStringByteLen
SysAllocString
CreateErrorInfo
SysStringLen
SetErrorInfo
VariantClear
SysFreeString
VariantInit
VarUI4FromStr

shlwapi

SHDeleteKeyW
PathFindFileNameW
PathRemoveExtensionW
PathAppendW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend

iphlpapi

GetAdaptersAddresses
GetIpForwardTable

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpReadData

Sections

.text
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CrashReportConfig.ini
CrashUL.exe
.exe windows:5 windows x86 arch:x86

2bcad15580bacfaf8df8afc1d1acd471

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:fa:9a:13:c3:e8:74:ac:b1:3c:fb:bd:41:4a:db:58:9d:3e:75:66
Signer

Actual PE Digest

39:fa:9a:13:c3:e8:74:ac:b1:3c:fb:bd:41:4a:db:58:9d:3e:75:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\jenkins\workspace\CrashTool_workspace\bavOutput\Pdb\Release\CrashUL.pdb

Imports

winhttp

WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
CreateDirectoryA
FindFirstFileW
FindNextFileW
FindClose
DeleteFileA
InterlockedCompareExchange
ExpandEnvironmentStringsA
GetModuleFileNameA
InterlockedExchange
CopyFileW
CreateFileA
WriteFile
SetFilePointer
GetNativeSystemInfo
IsWow64Process
GetCurrentProcess
GetVersionExW
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
ReadFile
GetLocalTime
SystemTimeToFileTime
GetTickCount
WritePrivateProfileStringW
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
CreateDirectoryW
SizeofResource
DeviceIoControl
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
LCMapStringA
WideCharToMultiByte
lstrlenW
lstrlenA
MultiByteToWideChar
GetCommandLineW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
CreateFileW
DeleteFileW
CreateEventW
GetLastError
CreateMutexW
CloseHandle
GetModuleFileNameW
Sleep
WaitForSingleObject
SetEvent
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
CreateThread
GetCurrentThreadId
ExitThread
GetFileAttributesW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

RegisterClassExW
CreateWindowExW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
PostMessageW
DestroyWindow
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
LoadCursorW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExA
RegSetValueExW
RegCloseKey

shell32

SHFileOperationA
SHGetFolderPathA
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid

shlwapi

PathRemoveFileSpecW
PathIsDirectoryA
PathAppendW
PathFindFileNameW
PathIsDirectoryW
SHDeleteKeyW
PathFileExistsW
PathAppendA
PathRemoveFileSpecA
PathFileExistsA

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataReport.dll
.dll windows:5 windows x86 arch:x86

d923ffef4c82c5ccc62e07da7acf99a4

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:9b:c5:bd:b8:46:28:b3:ba:8c:a6:18:b9:2f:05:72:15:fb:94:34
Signer

Actual PE Digest

16:9b:c5:bd:b8:46:28:b3:ba:8c:a6:18:b9:2f:05:72:15:fb:94:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\DataReport.pdb

Imports

log

WriteLog

kernel32

CreateMutexW
SetFilePointer
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
ReadFile
GetModuleFileNameW
CreateFileW
GetLastError
GetLocalTime
GetCurrentThreadId
ReleaseMutex
FindFirstFileW
CreateProcessW
WaitForSingleObject
GetSystemTimeAsFileTime
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetExitCodeProcess
GetTimeZoneInformation
GetPrivateProfileIntW
EnterCriticalSection
FindClose
FindNextFileW
DeleteCriticalSection
DeleteFileW
GetPrivateProfileSectionW
SetEvent
GetModuleHandleW
TerminateThread
ResetEvent
CloseHandle
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
DeviceIoControl
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
FlushFileBuffers
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InterlockedExchange
GetLocaleInfoA
CreateFileA
OutputDebugStringW
GetModuleHandleA
CreateEventW
GetStringTypeW
GetStringTypeA
HeapSize
RtlUnwind
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
ExitThread
CreateThread
GetCommandLineA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

SetTimer
GetMessageW
PostMessageW
DispatchMessageW
GetWindowLongW
SetWindowLongW
IsWindow
CreateWindowExW
SendMessageW
CallWindowProcW
DestroyWindow

advapi32

GetSecurityDescriptorSacl
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
SetSecurityDescriptorSacl
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ord165

ole32

CoCreateGuid
CoInitialize
CoUninitialize

shlwapi

SHGetValueW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
PathIsDirectoryW
PathAppendW

iphlpapi

GetAdaptersAddresses

Exports

Exports

??0CReportFile@@QAE@ABV0@@Z
??0CReportFile@@QAE@XZ
??1CReportFile@@QAE@XZ
??4CReportFile@@QAEAAV0@ABV0@@Z
?AddCountItem@CReportFile@@IAEHKK@Z
?AddReportItem@CReportFile@@QAEHKK@Z
?AddReportItem@CReportFile@@QAEHKPB_W@Z
?AddSequenceItem@CReportFile@@IAEHKK@Z
?AddStateItem@CReportFile@@IAEHKK@Z
?AddStateItem@CReportFile@@IAEHKPB_W@Z
?AddValueItem@CReportFile@@IAEHKK@Z
?AddValueItem@CReportFile@@IAEHKPB_W@Z
?ClearAll@CReportFile@@QAEXXZ
?CreateGlobalMutex@CReportFile@@SAPAXPB_W@Z
?CreateReportFileName@CReportFile@@IAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?EnableOutput@CReportFile@@IAE_NXZ
?FillFileHead@CReportFile@@IAEHPAUtagReportFileHead@@@Z
?FillVersionInfor@CReportFile@@IAEXPAUtagReportFileHead@@@Z
?GetChannel@CReportFile@@IAEXXZ
?GetDataSize@CReportFile@@IAEHXZ
?GetFileName@CReportFile@@IAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetIDType@CReportFile@@IAEKK@Z
?GetTimeStr@CReportFile@@IAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetUserSID@CReportFile@@IAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetVersionInfo@CReportFile@@IAEXXZ
?Init@CReportFile@@QAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?MessageBoxPrintf@CReportFile@@IAAXPA_WZZ
?ParseFromFile@CReportFile@@IAEHPB_W@Z
?ParseIDType@CReportFile@@IAEKK@Z
?ParseItem@CReportFile@@IAEHPAEH@Z
?PostProcessUniqueUserID@CReportFile@@IAEXPA_W@Z
?SaveFile@CReportFile@@QAEHH@Z
?SaveFileForUpload@CReportFile@@QAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?SerializeToArray@CReportFile@@IAEHPAEH@Z
?SetChannel@CReportFile@@QAEXPB_W@Z
?SetVersionInfo@CReportFile@@QAEXPB_W@Z
RD_ReportIncCount
RD_ReportIncCountEx
RD_ReportNow
RD_ReportState
RD_ReportStateEx
RD_ReportValue
RD_ReportValueEx
RD_Save
RD_SetChannel
RD_SetInfor
RD_SetUploadURL
RD_SetVersion
RD_Start
RD_Stop

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DirectUI.dll
.dll windows:5 windows x86 arch:x86

3f49a59faf0407786a1064e7fbd81a19

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:81:3c:3d:59:1e:5a:15:d9:a4:ea:ac:65:e0:b4:f5:8d:f9:5b:01
Signer

Actual PE Digest

91:81:3c:3d:59:1e:5a:15:d9:a4:ea:ac:65:e0:b4:f5:8d:f9:5b:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

s:\app\gensoft\security-client\bdui\DirectUI_skia\bin\skia_unicode_release\DirectUI.pdb

Imports

comctl32

ImageList_Create
ImageList_Destroy
ord17

riched20

ord4

kernel32

GlobalMemoryStatusEx
GetSystemInfo
VirtualProtect
LoadLibraryA
VirtualQuery
GetModuleHandleA
OutputDebugStringA
GetFileInformationByHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSizeEx
TlsGetValue
TlsAlloc
TlsSetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetLocalTime
SetHandleCount
GetPriorityClass
HeapDestroy
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
TlsFree
GetFileType
SetStdHandle
CreateDirectoryA
GetFileAttributesA
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitProcess
RtlUnwind
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
WriteConsoleA
GetConsoleOutputCP
GetStartupInfoA
OpenProcess
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
OpenFileMappingW
GetProcessTimes
GetSystemTimeAsFileTime
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
CreateFileA
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
GetFileAttributesW
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
GetVersion
CloseHandle
GetStdHandle
CreateFileW
Sleep
WriteFile
GetModuleHandleW
IsBadCodePtr
LocalFree
LocalAlloc
LockResource
GetLongPathNameW
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceW
FreeResource
GetVersionExW
EnterCriticalSection
SetLastError
RaiseException
FlushInstructionCache
LeaveCriticalSection
GetCurrentProcess
GlobalReAlloc
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetModuleFileNameA
MulDiv
WideCharToMultiByte
GetCurrentThreadId
GetLastError
MultiByteToWideChar
DebugBreak
GetCurrentProcessId
FindNextFileW
FindClose
OutputDebugStringW
lstrlenA
FindFirstFileW
GetProcAddress
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA

user32

DrawIcon
GetClassLongW
GetMenu
GetMenuState
GetDlgItem
SetMenu
BeginDeferWindowPos
EndDeferWindowPos
GetWindow
GetMessageW
IsWindowEnabled
DispatchMessageW
GetMessagePos
GetKeyState
CreateCaret
SetCaretPos
CharUpperW
SetWindowRgn
IsMenu
MenuItemFromPoint
GetMenuItemRect
SystemParametersInfoW
GetMenuItemCount
UpdateWindow
UpdateLayeredWindow
IsIconic
IsZoomed
MonitorFromWindow
GetMonitorInfoW
LoadCursorFromFileW
DestroyCursor
GetWindowTextLengthW
GetFocus
TrackMouseEvent
FrameRect
EnableWindow
GetWindowDC
GetUpdateRect
SetScrollRange
GetScrollRange
GetScrollInfo
SetScrollPos
EnableScrollBar
ShowScrollBar
SetScrollInfo
GetScrollPos
GetMenuItemInfoW
GetSystemMetrics
GetClassInfoExW
RegisterClassExW
GetWindowTextW
InvalidateRgn
GetSystemMenu
UnhookWindowsHookEx
SetWindowsHookExW
RedrawWindow
CallNextHookEx
SetWindowTextW
EndPaint
BeginPaint
GetClassNameW
RegisterWindowMessageW
DeferWindowPos
DrawIconEx
GetIconInfo
CallWindowProcW
RegisterClassW
ClientToScreen
HideCaret
ShowCaret
GetDesktopWindow
GetSysColor
EqualRect
GetWindowRect
GetParent
DefWindowProcW
MoveWindow
SetWindowLongW
SetWindowPos
LoadCursorW
GetCursorPos
ScreenToClient
WindowFromPoint
InflateRect
SetRect
GetWindowLongW
MessageBeep
SetTimer
RemovePropW
KillTimer
SetPropW
ShowWindow
DestroyIcon
DestroyWindow
SetCursor
SetCapture
GetClientRect
SetFocus
SetRectEmpty
GetCapture
UnionRect
InvalidateRect
IsWindow
CreateWindowExW
ReleaseCapture
SendMessageW
CopyRect
IsRectEmpty
PtInRect
IsWindowVisible
CharNextW
TrackPopupMenu
PostMessageW
IsDialogMessageA
IsDialogMessageW
GetPropW
DrawTextW
GetDC
OffsetRect
IntersectRect
ReleaseDC
LoadStringW
SystemParametersInfoA
GetWindowInfo
SetMenuItemInfoW
UnregisterClassA

gdi32

SetTextColor
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
AddFontResourceExW
GetDeviceCaps
RestoreDC
SaveDC
CreateFontIndirectW
ExtCreateRegion
CombineRgn
CreateCompatibleDC
CreateDIBSection
DeleteDC
SetDIBitsToDevice
BitBlt
GetTextExtentPointW
CreateSolidBrush
CreatePen
CreateRectRgn
SetStretchBltMode
Rectangle
CreateCompatibleBitmap
StretchBlt
CreateRectRgnIndirect
CreateFontW
ExcludeClipRect
GetStockObject
ExtTextOutW
SetBkColor
OffsetRgn
GetGlyphOutlineW
GetFontData
GetTextMetricsA
GetOutlineTextMetricsA
CreateFontIndirectA
RemoveFontMemResourceEx
GetGlyphIndicesW
GetGlyphOutlineA
GdiFlush
SetWorldTransform
SetTextAlign
SetGraphicsMode
GetTextExtentPointI
GetTextFaceA
GetFontUnicodeRanges
EnumFontFamiliesExA
AddFontMemResourceEx
GetCharABCWidthsA
SelectClipRgn
SelectObject
DeleteObject
SetBkMode

advapi32

RegQueryValueExA
RegOpenKeyExW
RegCloseKey

ole32

CoCreateGuid

oleaut32

SysStringLen

shlwapi

PathFileExistsW
PathAppendW

imm32

ImmReleaseContext

psapi

GetProcessMemoryInfo

usp10

ScriptItemize
ScriptShape
ScriptFreeCache

Exports

Exports

??0?$UIGuard@VUILock@@@@QAE@ABV0@@Z
??0?$UIGuard@VUILock@@@@QAE@ABVUILock@@@Z
??1?$UIGuard@VUILock@@@@UAE@XZ
??_7?$UIGuard@VUILock@@@@6B@
?Release@?$UIGuard@VUILock@@@@QBEXXZ
DirectUI_AddFontsResource
DirectUI_AddImageItem
DirectUI_AutoText_GetControlText
DirectUI_AutoText_SetControlText
DirectUI_AutoText_SetControlTextEx
DirectUI_Button_GetCheck
DirectUI_Button_SetCheck
DirectUI_Button_SetUnknown
DirectUI_ChangeStyle
DirectUI_ComboBox_AddString
DirectUI_ComboBox_GetCurSel
DirectUI_ComboBox_GetItemText
DirectUI_ComboBox_ResetContent
DirectUI_ComboBox_SetCurSel
DirectUI_ComboBox_SetStaticLogo
DirectUI_CreateControl
DirectUI_DeleteImageItem
DirectUI_DestroyControl
DirectUI_Edit_GetSrcText
DirectUI_Edit_SetMarkText
DirectUI_Edit_SetMarkTextColor
DirectUI_Edit_SetSrcText
DirectUI_Edit_SetSrcTextColor
DirectUI_EnableAero
DirectUI_EnableAnimate
DirectUI_EnableControl
DirectUI_GetControlPos
DirectUI_GetControlRect
DirectUI_GetControlStyle
DirectUI_GetControlText
DirectUI_GetItemImage
DirectUI_GetItemText
DirectUI_GetLanguageStyle
DirectUI_GetLastErrorCode
DirectUI_GetSafeHwnd
DirectUI_GetStringItem
DirectUI_GetStringLength
DirectUI_GetStringRect
DirectUI_GetVersion
DirectUI_HeaderCtrl_InsertItem
DirectUI_HeaderCtrl_SetControlText
DirectUI_HeaderCtrl_SetControlTextEx
DirectUI_HeaderCtrl_SetItemWidth
DirectUI_HeaderCtrl_ShowControl
DirectUI_I18N_AddLanguageStyle
DirectUI_I18N_FindCloseResItem
DirectUI_I18N_FindFirstResItem
DirectUI_I18N_FindNextResItem
DirectUI_I18N_SetCurrentI18NResItem
DirectUI_I18N_SetResConfig
DirectUI_Invalidate
DirectUI_IsControlEnabled
DirectUI_IsControlVisible
DirectUI_Layout_AnimateShow
DirectUI_ListCtrl_ChangeStyle
DirectUI_ListCtrl_DeleteAllItems
DirectUI_ListCtrl_DeleteItem
DirectUI_ListCtrl_EnableAnimate
DirectUI_ListCtrl_EnableControl
DirectUI_ListCtrl_EnsureVisible
DirectUI_ListCtrl_GetButtonCheck
DirectUI_ListCtrl_GetButtonUnknown
DirectUI_ListCtrl_GetControlRect
DirectUI_ListCtrl_GetHeadCtrlHwnd
DirectUI_ListCtrl_GetHeadCtrlId
DirectUI_ListCtrl_GetItemCount
DirectUI_ListCtrl_GetItemSrcData
DirectUI_ListCtrl_GetItemSrcDataEx
DirectUI_ListCtrl_GetItemStyle
DirectUI_ListCtrl_InsertColumn
DirectUI_ListCtrl_InsertDrawItem
DirectUI_ListCtrl_SetAutoTextItemText
DirectUI_ListCtrl_SetAutoTextItemTextEx
DirectUI_ListCtrl_SetButtonCheck
DirectUI_ListCtrl_SetButtonLogo
DirectUI_ListCtrl_SetButtonLogoImage
DirectUI_ListCtrl_SetButtonLogoImageBuffer
DirectUI_ListCtrl_SetButtonUnknown
DirectUI_ListCtrl_SetControlText
DirectUI_ListCtrl_SetControlTextEx
DirectUI_ListCtrl_SetDrawItem
DirectUI_ListCtrl_SetItemCount
DirectUI_ListCtrl_SetItemSrcData
DirectUI_ListCtrl_SetStaticLogo
DirectUI_ListCtrl_SetStaticLogoImage
DirectUI_ListCtrl_SetStaticLogoImageBuffer
DirectUI_ListCtrl_SetTooltipString
DirectUI_ListCtrl_SetTooltipStringEx
DirectUI_ListCtrl_ShowControl
DirectUI_ListCtrl_SortItems
DirectUI_LoadBackupXml
DirectUI_LoadSkinResourceFromFolder
DirectUI_LoadSkinResourceFromRes
DirectUI_LoadSkinResourceFromZIP
DirectUI_LoadSkinResourceFromZipEx
DirectUI_MoveEx
DirectUI_Progress_EnableMoving
DirectUI_Progress_GetPos
DirectUI_Progress_SetPos
DirectUI_Progress_SetRange
DirectUI_RichEdit_Clear
DirectUI_RichEdit_InsertText
DirectUI_RichEdit_SetLayeredWindow
DirectUI_RichEdit_SetReadOnly
DirectUI_ScrollBar_GetPageSize
DirectUI_ScrollBar_GetPos
DirectUI_ScrollBar_GetRange
DirectUI_ScrollBar_SetPageSize
DirectUI_ScrollBar_SetPos
DirectUI_ScrollBar_SetRange
DirectUI_SetAeroAttribute
DirectUI_SetAnimateCurFrameIndex
DirectUI_SetClipRgn
DirectUI_SetControlAlpha
DirectUI_SetControlFocus
DirectUI_SetControlPos
DirectUI_SetControlText
DirectUI_SetControlTextEx
DirectUI_SetErrorCallbackFunction
DirectUI_SetLanguageStyle
DirectUI_SetLayeredWindowAlpha
DirectUI_SetMenuItemLogo
DirectUI_SetScrollBarSkin
DirectUI_SetTooltipString
DirectUI_SetTooltipStringEx
DirectUI_SetWindowTitleHeight
DirectUI_ShowControl
DirectUI_Slider_GetPage
DirectUI_Slider_GetPos
DirectUI_Slider_GetSize
DirectUI_Slider_SetPage
DirectUI_Slider_SetPos
DirectUI_Slider_SetRange
DirectUI_Slider_SetSize
DirectUI_SrcollText_EnableScroll
DirectUI_Static_SetLogoIcon
DirectUI_Static_SetLogoImage
DirectUI_Static_SetLogoImageBuffer
DirectUI_Static_SetLogoImageId
DirectUI_SubclassLayeredWindow
DirectUI_SubclassWindow
DirectUI_TrackPopupMenu
DirectUI_TreeCtrl_ChangeStyle
DirectUI_TreeCtrl_DeleteAllItems
DirectUI_TreeCtrl_DeleteItem
DirectUI_TreeCtrl_EnableAnimate
DirectUI_TreeCtrl_EnableChildControl
DirectUI_TreeCtrl_EnableControl
DirectUI_TreeCtrl_Expand
DirectUI_TreeCtrl_GetAutoTextItemText
DirectUI_TreeCtrl_GetButtonCheck
DirectUI_TreeCtrl_GetButtonUnknown
DirectUI_TreeCtrl_GetControlRect
DirectUI_TreeCtrl_GetControlText
DirectUI_TreeCtrl_GetItemStyle
DirectUI_TreeCtrl_GetProgressPos
DirectUI_TreeCtrl_InsertItem
DirectUI_TreeCtrl_IsExpand
DirectUI_TreeCtrl_Select
DirectUI_TreeCtrl_SetAutoTextItemText
DirectUI_TreeCtrl_SetAutoTextItemTextEx
DirectUI_TreeCtrl_SetButtonCheck
DirectUI_TreeCtrl_SetButtonUnknown
DirectUI_TreeCtrl_SetControlPos
DirectUI_TreeCtrl_SetControlText
DirectUI_TreeCtrl_SetControlTextEx
DirectUI_TreeCtrl_SetItemState
DirectUI_TreeCtrl_SetProgressPos
DirectUI_TreeCtrl_SetStaticLogo
DirectUI_TreeCtrl_SetTooltipString
DirectUI_TreeCtrl_ShowControl
DirectUI_TreeEx_ChangeStyle
DirectUI_TreeEx_CreateControl
DirectUI_TreeEx_DeleteAllItems
DirectUI_TreeEx_DeleteItem
DirectUI_TreeEx_DestroyControl
DirectUI_TreeEx_EnableAnimate
DirectUI_TreeEx_EnableChildControl
DirectUI_TreeEx_EnableControl
DirectUI_TreeEx_EnableSrcollTextScroll
DirectUI_TreeEx_Expand
DirectUI_TreeEx_GetAutoTextItemText
DirectUI_TreeEx_GetButtonCheck
DirectUI_TreeEx_GetButtonUnknown
DirectUI_TreeEx_GetControlRect
DirectUI_TreeEx_GetControlText
DirectUI_TreeEx_GetItemStyle
DirectUI_TreeEx_GetProgressPos
DirectUI_TreeEx_InsertItem
DirectUI_TreeEx_IsControlVisible
DirectUI_TreeEx_IsExpand
DirectUI_TreeEx_Select
DirectUI_TreeEx_SetAutoTextItemShow
DirectUI_TreeEx_SetAutoTextItemText
DirectUI_TreeEx_SetAutoTextItemTextEx
DirectUI_TreeEx_SetButtonCheck
DirectUI_TreeEx_SetButtonLogo
DirectUI_TreeEx_SetButtonLogoImage
DirectUI_TreeEx_SetButtonLogoImageBuffer
DirectUI_TreeEx_SetButtonSelectMode
DirectUI_TreeEx_SetButtonUnknown
DirectUI_TreeEx_SetControlPos
DirectUI_TreeEx_SetControlText
DirectUI_TreeEx_SetControlTextEx
DirectUI_TreeEx_SetFirstVisible
DirectUI_TreeEx_SetItemHeight
DirectUI_TreeEx_SetProgressPos
DirectUI_TreeEx_SetStaticLogo
DirectUI_TreeEx_SetStaticLogoImage
DirectUI_TreeEx_SetStaticLogoImageBuffer
DirectUI_TreeEx_SetTooltipString
DirectUI_TreeEx_SetTopItem
DirectUI_TreeEx_ShowControl
DirectUI_UnclassWindow
DirectUI_Uninstall
DirectUI_UpdateSkin
UICtrlIdInItem
UIFindItemcInfoByText
UIFindItemsControl
UIFinishRecordPerformance
UIFreeHITEMC
UIFreeItemcInfo
UIGetButtonCheck
UIGetComboItemButtonCheck
UIGetComboItemCount
UIGetComboItemText
UIGetControlText
UIGetControlType
UIGetItemHITEMC
UIGetItemHandle
UIGetListColumnCount
UIGetListItemButtonCheck
UIGetListItemText
UIGetListRowCount
UIGetMaxScrollPos
UIGetRecordPerformance
UIGetScrollPos
UIGetTreeItemButtonCheck
UIGetTreeItemText
UIHasNextItem
UIHitTestListCtrlItem
UIHitTestTreeItem
UIInitAniRunInfo
UIIsComboBox
UIIsElementEnable
UIIsElementFocus
UIIsElementVisible
UIIsListCtrl
UIIsTreeCtrl
UIIsTreeItem
UIPauseAnimate
UIResetHITEMC
UIResumeAnimate
UIScrollToBegin
UIScrollToEnd
UISetButtonCheck
UISetComboItemButtonCheck
UISetElementEnable
UISetElementFocus
UISetElementVisible
UISetListItemButtonCheck
UISetScrollPos
UISetTreeItemButtonCheck
UIStartAnimate
UIStartAnimateFromList
UIStartAnimateFromTree
UIStartRecordPerformance
UIStopAnimate
UIStopAnimateByControl
uiChangeElemStyle
uiCloseHwnd
uiComboBoxAddString
uiComboBoxClear
uiComboBoxGetCurSel
uiComboBoxGetItemText
uiComboBoxSetCurSel
uiComboBoxSetStaticLogo
uiDeleteElem
uiDeleteElemById
uiEditSetMarkText
uiElemIsEnable
uiElemIsFocus
uiElemIsVisible
uiFindChildElem
uiFindElem
uiFindElemInTreeItem
uiFindRenderElem
uiFreeElem
uiGetButtonCheck
uiGetChildCount
uiGetChildElem
uiGetColumn
uiGetColumnInElem
uiGetElemAttri
uiGetElemPosition
uiGetElemRenderRect
uiGetElemText
uiGetElemTypeName
uiGetHwndHostHwnd
uiGetMaxScrollPos
uiGetResId
uiGetRichText
uiGetScrollPos
uiHElemToReal
uiInsertElem
uiInsertElemDirectly
uiInvalidateRect
uiIsLogicalElem
uiIsValidHElem
uiMoveElemTo
uiMoveElemToById
uiRemoveElem
uiRenderToMemory
uiRootElem
uiScrollToBegin
uiScrollToEnd
uiSetButtonCheck
uiSetElemAttri
uiSetElemEnable
uiSetElemFocus
uiSetElemLogo
uiSetElemLogoByData
uiSetElemLogoByImage
uiSetElemPosition
uiSetElemText
uiSetElemVisible
uiSetHwndHostHwnd
uiSetRichMarkColor
uiSetRichMarkText
uiSetRichText
uiSetRichTextColor
uiSetScrollPos
uiSetVListCtrlCb
uiSubClassWindow
uiUpdateVListCtrl
uiUpdateWindow

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Feedback.dll
.dll windows:5 windows x86 arch:x86

f9ea178041daa8985b980a46d6f15a5d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:8c:20:11:12:3f:1a:a6:13:68:51:3f:99:6e:d4:07:1d:4d:a3:38
Signer

Actual PE Digest

df:8c:20:11:12:3f:1a:a6:13:68:51:3f:99:6e:d4:07:1d:4d:a3:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

s:\app\gensoft\security-client\pc-faster\public\output\pdb\Feedback.pdb

Imports

kernel32

Process32FirstW
CreateToolhelp32Snapshot
VerifyVersionInfoW
VerSetConditionMask
GetPrivateProfileStringW
WinExec
GetPrivateProfileIntW
GetTickCount
ReadFile
GetFileSize
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
GetTempPathW
GetLocalTime
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
UnmapViewOfFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
Process32NextW
GetStringTypeA
GetLocaleInfoA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleHandleA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
CreateThread
ResumeThread
ExitThread
RtlUnwind
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateFileW
WriteFile
WideCharToMultiByte
CloseHandle
GlobalHandle
GlobalFree
LoadLibraryExW
FreeLibrary
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
SetLastError
lstrlenA
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
SizeofResource
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
Sleep
CreateDirectoryW
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
GetStringTypeW

user32

GetDC
GetSystemMetrics
InflateRect
PtInRect
GetWindowLongW
SetWindowLongW
SetWindowPos
GetParent
SetCapture
GetActiveWindow
MessageBoxW
DialogBoxParamW
FindWindowW
GetForegroundWindow
keybd_event
ShowWindow
ReleaseDC
MoveWindow
SendMessageW
GetCapture
EndDialog
SetCursor
LoadCursorW
GetMessagePos
GetWindowRect
IsWindowVisible
ReleaseCapture
GetDesktopWindow
GetWindow
GetTopWindow
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
GetSysColor
CreateWindowExW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
SetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
BringWindowToTop
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
IsWindow
SetFocus
GetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcW
FillRect
GetClassNameW
IsChild
RedrawWindow
InvalidateRgn
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
PostQuitMessage
MapDialogRect
DestroyWindow
SetWindowContextHelpId
GetDlgItem
SendDlgItemMessageW
UnregisterClassA

gdi32

BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetDIBits
CreateSolidBrush
GetObjectW
GetStockObject
DeleteObject
GetDeviceCaps

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

RegCreateKeyW
RegSetValueW
RegQueryValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW

shell32

SHGetFolderPathW
ord165
ShellExecuteW

ole32

OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleInitialize

oleaut32

LoadTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
LoadRegTypeLi
VariantInit
VariantClear
DispCallFunc
OleCreateFontIndirect
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr

directui

DirectUI_SetControlText
DirectUI_GetVersion
DirectUI_Static_SetLogoImageBuffer
DirectUI_GetControlRect
DirectUI_ShowControl
DirectUI_SetControlPos
DirectUI_LoadSkinResourceFromZIP
DirectUI_SubclassWindow
DirectUI_I18N_AddLanguageStyle
DirectUI_UpdateSkin

shlwapi

PathIsRelativeW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathIsDirectoryW
StrStrIW

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipAlloc
GdipFree
GdipDisposeImage

wininet

InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

Exports

Exports

?CreateFeedbackDialog@feedback@baidu@@YAKW4ProductId@12@PB_W11W4LanguageId@12@1P6AJ1PAUtagVARIANT@@33@Z1111PAPB_W@Z
?FeedbackDialogExecScript@feedback@baidu@@YAJPB_WPAUtagVARIANT@@@Z
?QueryReply@feedback@baidu@@YAKKKPB_W0AAH1W4LanguageId@12@PA_WIAA_N@Z
?QueryReply@feedback@baidu@@YAKW4ProductId@12@W4LanguageId@12@PB_WPA_WI@Z
?SubmitFeedback@feedback@baidu@@YAKW4ProductId@12@PB_W11W4LanguageId@12@111K111AAH3PA_WI111PAPB_W@Z
test

Sections

.text
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I18N/1033/AppStoreUpdater/AppStoreUpdater.bskin
.7z
skin.xml
I18N/1033/BugReporter/BugReporter.bskin
.7z
skin.xml
.xml
I18N/1033/softmgr/softmgr.bskin
.7z
skin.xml
skin/BAV.png
.png
skin/SPARK.png
.png
skin/banner2.png
.png
skin/download.png
.png
skin/google.png
.png
skin/rookie.guide.downloader.png
.png
skin/rookie.guide.featured.png
.png
skin/rookie.guide.home.png
.png
skin/rookie.guide.myapps.png
.png
skin/safe.png
.png
I18N/1033/updatepopup/updatepopup.bskin
.7z
skin.xml
I18N/1046/AppStoreUpdater/AppStoreUpdater.bskin
.7z
skin.xml
I18N/1046/BugReporter/BugReporter.bskin
.7z
skin.xml
.xml
I18N/1046/softmgr/softmgr.bskin
.7z
skin.xml
skin/BAV.png
.png
skin/SPARK.png
.png
skin/banner2.png
.png
skin/download.png
.png
skin/google.png
.png
skin/rookie.guide.downloader.png
.png
skin/rookie.guide.featured.png
.png
skin/rookie.guide.home.png
.png
skin/rookie.guide.myapps.png
.png
skin/safe.png
.png
I18N/1046/updatepopup/updatepopup.bskin
.7z
skin.xml
I18N/1054/AppStoreUpdater/AppStoreUpdater.bskin
.7z
I18N/1054/BugReporter/BugReporter.bskin
.7z
I18N/1054/softmgr/softmgr.bskin
.7z
I18N/1054/updatepopup/updatepopup.bskin
.7z
I18N/1057/AppStoreUpdater/AppStoreUpdater.bskin
.7z
I18N/1057/BugReporter/BugReporter.bskin
.7z
I18N/1057/softmgr/softmgr.bskin
.7z
I18N/1057/updatepopup/updatepopup.bskin
.7z
I18N/3082/AppStoreUpdater/AppStoreUpdater.bskin
.7z
I18N/3082/BugReporter/BugReporter.bskin
.7z
I18N/3082/softmgr/softmgr.bskin
.7z
I18N/3082/updatepopup/updatepopup.bskin
.7z
PCAppStore.exe
.exe windows:5 windows x86 arch:x86

02e8f35642727f5cd3baa3069ee75977

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:9c:41:93:f0:f3:19:e7:2e:b4:1d:77:9c:b9:e6:a3:8e:a4:a1:e2
Signer

Actual PE Digest

24:9c:41:93:f0:f3:19:e7:2e:b4:1d:77:9c:b9:e6:a3:8e:a4:a1:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\PCAppStore.pdb

Imports

winhttp

WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpWriteData
WinHttpSendRequest

kernel32

lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
CreateFileW
DeleteFileW
GetLocalTime
CreateFileA
DeviceIoControl
GlobalFree
WriteFile
FindClose
FindNextFileW
FindFirstFileW
WritePrivateProfileStringW
CreateDirectoryW
LoadLibraryW
GetSystemDirectoryW
GetFileSize
SetFilePointer
IsDBCSLeadByteEx
GlobalMemoryStatusEx
CompareFileTime
SystemTimeToFileTime
CompareStringW
TerminateThread
WaitForSingleObject
Sleep
lstrcatW
lstrcpynW
SetEvent
WaitForMultipleObjects
GetSystemInfo
CreateEventW
ResetEvent
GetBinaryTypeW
GetSystemTime
MoveFileExW
CopyFileW
CreateThread
GetPrivateProfileSectionW
GetTempPathW
SetInformationJobObject
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
ResumeThread
DebugBreak
InterlockedExchange
InterlockedCompareExchange
GetFileSizeEx
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
lstrlenA
lstrcmpiA
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetDateFormatW
GetTimeFormatW
FormatMessageW
Module32NextW
VirtualProtect
Module32FirstW
HeapCreate
HeapAlloc
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
FindResourceW
GetLongPathNameW
HeapFree
GetProcessHeap
IsBadReadPtr
InterlockedExchangeAdd
OpenThread
DisconnectNamedPipe
WriteFileEx
GetPrivateProfileStringW
ConnectNamedPipe
ReadFileEx
GetOverlappedResult
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
SwitchToThread
OutputDebugStringA
GetACP
RemoveDirectoryW
SetFileAttributesW
GetPrivateProfileSectionNamesW
GetTempFileNameW
CreateMutexW
GetDriveTypeW
GetLogicalDrives
OpenFileMappingW
GetDiskFreeSpaceExW
GetVolumeInformationW
WideCharToMultiByte
WTSGetActiveConsoleSessionId
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
GetFileTime
TryEnterCriticalSection
LocalAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
SetLastError
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetCurrentThreadId
GetCurrentProcess
GetVersionExW
SetCurrentDirectoryW
ExitThread
GetStartupInfoW
GetFileAttributesW
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
FatalAppExitA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsW
GetTickCount
GetCommandLineW
LocalFree
OutputDebugStringW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenW
CreateFileMappingW
GetLastError
MapViewOfFile
GetModuleFileNameW
GetPrivateProfileIntW
UnmapViewOfFile
CloseHandle
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
GetProcessTimes
FileTimeToSystemTime
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
CreateNamedPipeW
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDriveTypeA
GetFullPathNameA
CompareStringA
FindResourceExW
SetEndOfFile
GetLogicalDriveStringsW

user32

GetCapture
CreateDialogParamW
IsWindowEnabled
GetScrollInfo
SetScrollInfo
EnableWindow
BringWindowToTop
RegisterRawInputDevices
GetShellWindow
SystemParametersInfoW
SetLayeredWindowAttributes
SetMenuDefaultItem
GetActiveWindow
MessageBeep
TrackPopupMenuEx
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
SetCursor
PostQuitMessage
TranslateAcceleratorW
GetSystemMetrics
DialogBoxParamW
EndDialog
GetRawInputData
PtInRect
AppendMenuW
DestroyMenu
CreatePopupMenu
SetActiveWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
UpdateWindow
GetIconInfo
FindWindowExW
DrawTextW
ShowCursor
PrintWindow
RemovePropW
GetPropW
SetPropW
CharNextA
CharPrevA
CharUpperBuffA
CharLowerBuffA
CharPrevW
CharUpperBuffW
CharLowerBuffW
SendMessageTimeoutW
GetClassInfoW
RegisterClassW
MsgWaitForMultipleObjectsEx
wsprintfA
LoadStringA
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetClientRect
MoveWindow
GetSysColor
GetFocus
SetFocus
UpdateLayeredWindow
GetCursorPos
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
LoadStringW
LoadIconW
DestroyIcon
RegisterWindowMessageW
IsWindow
IsIconic
GetDesktopWindow
FindWindowW
SendMessageW
wsprintfW
LoadImageW
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
CallWindowProcW
GetWindowLongW
GetWindowRect
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
LoadCursorW
GetClassInfoExW
KillTimer
SetTimer
IsWindowVisible
ShowWindow
SetWindowPos
SetWindowLongW
UnregisterClassA
SetWindowTextW

gdi32

GetObjectW
GetStockObject
GetDIBits
CreateSolidBrush
GetCurrentObject
GetDeviceCaps
BitBlt
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateDIBSection
DeleteObject
SetBkMode
CreateFontW
DeleteDC

comdlg32

GetOpenFileNameW

advapi32

RegNotifyChangeKeyValue
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
IsValidSid
LookupAccountNameW
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
GetSidIdentifierAuthority
RegEnumValueW
GetFileSecurityW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetMalloc
SHGetFolderPathW
SHFileOperationW
Shell_NotifyIconW
ord165
SHBrowseForFolderW
SHGetFileInfoW
ord727
ShellExecuteW
ExtractIconExW
SHGetDiskFreeSpaceExW
ShellExecuteExW

ole32

CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CoTaskMemRealloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
PropVariantClear
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoUninitialize
CLSIDFromString
CoInitialize

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
SysAllocStringLen
VariantCopy
VariantClear
VariantInit
VarBstrCmp
SysStringLen
SysFreeString
VarUI4FromStr

shlwapi

PathRemoveExtensionW
StrCmpW
PathStripPathW
PathGetDriveNumberW
PathIsDirectoryW
PathIsRootW
SHDeleteKeyW
PathFindExtensionW
PathRemoveBackslashW
StrCmpIW
StrStrIW
PathRenameExtensionW
SHStrDupW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW

comctl32

_TrackMouseEvent
ImageList_Create
ImageList_Add
ImageList_GetIcon
ImageList_Destroy
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipCloneImage
GdipDrawImagePointRectI
GdipCreateFromHDC
GdipDisposeImage
GdipCreatePen1
GdipLoadImageFromFile
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDeletePen
GdipSetSmoothingMode
GdipDrawArcI
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawArc
GdipDrawImageRect
GdipCloneBrush
GdipLoadImageFromFileICM
GdipFillPie

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
EnumProcesses

urlmon

FindMimeFromData

ws2_32

gethostbyname
inet_ntoa
WSAStartup

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wininet

InternetGetConnectedState
InternetQueryOptionW
InternetCheckConnectionW

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

msi

ord173
ord217
ord66
ord41

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 641KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PCAppStoreSvc.exe
.exe windows:5 windows x86 arch:x86

85cd6c11efc9eb12318513209f6a521f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:1c:f7:fb:7a:0c:05:e3:22:ca:08:ed:1c:da:ab:d7:71:9a:cb:81
Signer

Actual PE Digest

d9:1c:f7:fb:7a:0c:05:e3:22:ca:08:ed:1c:da:ab:d7:71:9a:cb:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\PCAppStoreSvc.pdb

Imports

log

WriteLog
CreateLog

kernel32

HeapReAlloc
RtlUnwind
RaiseException
HeapSize
ExitThread
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetCurrentDirectoryA
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
InterlockedExchangeAdd
OpenThread
DisconnectNamedPipe
WriteFileEx
CreateNamedPipeW
ConnectNamedPipe
ReadFileEx
GetOverlappedResult
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
InterlockedCompareExchange
SwitchToThread
FindResourceExW
CreateDirectoryW
GetCommandLineW
DebugBreak
ReadProcessMemory
VirtualQueryEx
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDriveTypeW
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetLocaleInfoW
CompareStringA
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
GetModuleHandleA
ResumeThread
CreateFileW
GetFullPathNameW
FindFirstFileW
FindClose
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalAddAtomW
GlobalFlags
lstrcmpW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentProcessId
CompareStringW
InterlockedDecrement
InterlockedIncrement
FileTimeToSystemTime
lstrlenA
lstrcmpA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
WideCharToMultiByte
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentThreadId
VerifyVersionInfoW
VerSetConditionMask
InitializeCriticalSection
GetCurrentProcess
LocalFree
GetPrivateProfileStringW
WritePrivateProfileStringW
SystemTimeToFileTime
GetLocalTime
GetModuleHandleW
lstrlenW
WTSGetActiveConsoleSessionId
GetSystemDirectoryW
CreateProcessW
Sleep
SetWaitableTimer
CreateWaitableTimerW
GetTickCount
GetProcAddress
LoadLibraryW
DeleteFileW
MultiByteToWideChar
CopyFileW
GetTempFileNameW
GetTempPathW
TerminateThread
InterlockedExchange
CreateThread
CreateEventW
SetEvent
ResetEvent
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
HeapAlloc
IsBadReadPtr
FreeLibrary
WaitForSingleObject
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetVersionExW
OutputDebugStringW
GetLastError
CreateMutexW
GetPrivateProfileIntW
GetModuleFileNameW
SetStdHandle

user32

DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
GetFocus
ClientToScreen
SetTimer
KillTimer
FindWindowExW
MsgWaitForMultipleObjectsEx
GetClassInfoW
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ExitWindowsEx

gdi32

RectVisible
PtVisible
TextOutW
GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
ExtTextOutW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateTokenEx
CreateProcessAsUserW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
AllocateAndInitializeSid
StartServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RevertToSelf
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
SetTokenInformation

shell32

ord165
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathAppendW
PathAddBackslashW
PathRenameExtensionW
SHDeleteValueW
PathFindFileNameW
StrStrIW
PathRemoveFileSpecW
SHDeleteKeyW

oleaut32

VariantInit
VariantClear
VariantChangeType

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

version

VerQueryValueW

psapi

GetModuleInformation
GetModuleFileNameExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plan.exe
.exe windows:5 windows x86 arch:x86

ab5648812ae1dc108941de9052763718

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:a8:c6:68:02:37:bd:55:18:66:9d:41:01:e7:5e:20:14:10:ae:3a
Signer

Actual PE Digest

d4:a8:c6:68:02:37:bd:55:18:66:9d:41:01:e7:5e:20:14:10:ae:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\bin\Plan.pdb

Imports

kernel32

GetModuleFileNameW
GetTempPathW
WideCharToMultiByte
SizeofResource
Sleep
LoadResource
FindResourceW
FindResourceExW
GetLastError
WTSGetActiveConsoleSessionId
VerifyVersionInfoW
VerSetConditionMask
LockResource
CloseHandle
CreateFileA
ReadFile
SetEndOfFile
LoadLibraryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers

advapi32

RegOpenKeyExW
CreateProcessAsUserW
GetTokenInformation
RegCloseKey
RegDeleteValueW

shell32

CommandLineToArgvW
ShellExecuteExW

shlwapi

PathAppendW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Plugin.ServShellEx/ServShellEx.dll
.dll windows:5 windows x86 arch:x86

f4c7a0e34b719817021fadbd203cff96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\ServShellEx.pdb

Imports

kernel32

GetCurrentProcess
HeapFree
GetTickCount
GetProcessHeap
InitializeCriticalSection
OpenProcess
Sleep
LeaveCriticalSection
GetModuleFileNameW
VerifyVersionInfoW
GetLastError
EnterCriticalSection
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
TryEnterCriticalSection
VerSetConditionMask
GetLocalTime
WTSGetActiveConsoleSessionId
WaitForSingleObject
SetEvent
GetModuleHandleW
ResetEvent
CreateEventW
CompareStringW
CompareStringA
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
HeapAlloc
LockResource
SizeofResource
InterlockedDecrement
InterlockedIncrement
LoadResource
FindResourceW
CreateDirectoryW
FindResourceExW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
SetEnvironmentVariableA
GetFileType
SetHandleCount
GetConsoleMode
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle
GetModuleFileNameA
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
VirtualAlloc
GetTimeZoneInformation
ReadFile
GetConsoleCP

user32

CreateWindowExW
IsWindow
SetWindowLongW
GetWindowLongW
GetMessageW
CallWindowProcW
DispatchMessageW
SetTimer
PostMessageW

advapi32

LookupPrivilegeValueW
CreateProcessAsUserW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges

shell32

ord165
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize

log

WriteLog

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathIsDirectoryW
PathAppendW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

psapi

EnumProcessModules
GetModuleFileNameExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

CreateObject
_DllMain@12

Sections

.text
Size: 722KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PluginConfig.xml
ProgramFileList.xml
ShellMenu.dll
.dll regsvr32 windows:5 windows x86 arch:x86

a369898474482bd936c6941c28cccc74

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f5:68:e5:87:83:9a:81:df:ff:93:61:3d:a9:4f:d9:5f:93:11:b7:2d
Signer

Actual PE Digest

f5:68:e5:87:83:9a:81:df:ff:93:61:3d:a9:4f:d9:5f:93:11:b7:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\bin\ShellMenu.pdb

Imports

kernel32

GetModuleFileNameW
GetVersionExW
FlushFileBuffers
CloseHandle
CreateFileA
Sleep
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
GetVersion
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
GetPrivateProfileIntW
GetThreadLocale
SetThreadLocale
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
DisableThreadLibraryCalls
OutputDebugStringW
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
EnumSystemLocalesA
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetLastError
HeapFree
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InterlockedCompareExchange

user32

WindowFromPoint
CharNextW
FindWindowW
IsWindow
PostMessageW
CreateMenu
FindWindowExW
GetCursorPos
LoadImageW
InsertMenuItemW

gdi32

DeleteObject

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW
SHGetDesktopFolder
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi

atl90

ord15
ord68
ord64
ord23
ord61
ord67
ord56
ord49
ord32

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellMenu64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

fe49aadf0dc6bd8c0c5b17420ecfd489

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

98:16:a2:df:b1:5a:1a:dd:87:2f:5a:b6:76:b7:32:b5:a0:70:6a:a0
Signer

Actual PE Digest

98:16:a2:df:b1:5a:1a:dd:87:2f:5a:b6:76:b7:32:b5:a0:70:6a:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\bin\ShellMenu64.pdb

Imports

kernel32

FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetVersionExW
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
Sleep
GetStringTypeW
WriteConsoleA
GetModuleFileNameW
GetPrivateProfileIntW
GetVersion
GetThreadLocale
SetThreadLocale
lstrlenW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
OutputDebugStringW
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLCID
RaiseException
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
RtlPcToFileHeader
RtlUnwindEx
GetLastError
HeapFree
RtlLookupFunctionEntry
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte

user32

WindowFromPoint
CharNextW
FindWindowW
IsWindow
PostMessageW
CreateMenu
FindWindowExW
GetCursorPos
LoadImageW
InsertMenuItemW

gdi32

DeleteObject

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW
SHGetDesktopFolder
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi

atl90

ord15
ord68
ord64
ord23
ord61
ord67
ord56
ord49
ord32

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UnKnowFile.exe
.exe windows:5 windows x86 arch:x86

cacd4339686ad88050a53a8b63e4f0f8

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:2b:e4:49:21:0f:98:9e:b6:f7:da:51:db:8e:1b:5c:cd:1c:84:74
Signer

Actual PE Digest

b1:2b:e4:49:21:0f:98:9e:b6:f7:da:51:db:8e:1b:5c:cd:1c:84:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\bin\UnKnowFile.pdb

Imports

directui

DirectUI_GetStringLength
DirectUI_AutoText_SetControlText
DirectUI_SetLanguageStyle
DirectUI_ShowControl
DirectUI_SetAnimateCurFrameIndex
DirectUI_EnableAnimate
DirectUI_AutoText_GetControlText
DirectUI_SetControlText
DirectUI_SubclassWindow
DirectUI_TreeEx_SetStaticLogo
DirectUI_LoadSkinResourceFromZIP
DirectUI_Static_SetLogoImageBuffer
DirectUI_Static_SetLogoIcon
DirectUI_TreeEx_SetButtonLogoImageBuffer
DirectUI_TreeEx_SetButtonLogo
DirectUI_TreeEx_SetStaticLogoImageBuffer

shlwapi

PathAddBackslashW
PathRemoveBackslashW
StrStrIW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
StrCmpW
StrCmpIW

log

WriteLog

datareport

RD_ReportValue
RD_Save
RD_ReportValueEx
RD_ReportIncCount

appstoredatareport

curl_easy_init
curl_slist_free_all
curl_easy_getinfo
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_slist_append
AS_RD_ReportIncCount
curl_global_init
curl_global_cleanup

kernel32

LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetLastError
GetModuleFileNameW
GetPrivateProfileIntW
GetTickCount
GetProcessId
Sleep
FlushInstructionCache
GetCurrentProcess
lstrlenW
RaiseException
SetLastError
GetCurrentThreadId
CopyFileW
DeleteFileW
InterlockedCompareExchange
WaitForSingleObject
SetEvent
CreateEventW
CloseHandle
MoveFileExW
GetPrivateProfileStringW
SystemTimeToFileTime
GetBinaryTypeW
GetProcAddress
GetSystemTime
TerminateThread
WaitForMultipleObjects
CreateThread
WritePrivateProfileStringW
GetPrivateProfileSectionW
WriteFile
CreateFileW
GetTempPathW
ResetEvent
SetFilePointer
FreeLibrary
LoadLibraryW
GetLocalTime
SetInformationJobObject
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
ResumeThread
FindFirstFileW
FindClose
FindNextFileW
LocalFree
OpenProcess
GetDriveTypeW
CompareFileTime
GetLogicalDriveStringsW
RemoveDirectoryW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateDirectoryW
WTSGetActiveConsoleSessionId
TryEnterCriticalSection
GetLongPathNameW
GetFileSize
UnmapViewOfFile
WideCharToMultiByte
ReadFile
GetFileInformationByHandle
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
OpenThread
DisconnectNamedPipe
WriteFileEx
OutputDebugStringW
CreateNamedPipeW
LockResource
ReadFileEx
GetOverlappedResult
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
SwitchToThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetStdHandle
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
GetModuleHandleW
GetCurrentProcessId
HeapFree
GetProcessHeap
HeapAlloc
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetConsoleMode
FlushFileBuffers
GetModuleHandleA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetLocaleInfoW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CreateFileA
CompareStringA
GetPrivateProfileSectionNamesW
CreateMutexW
DeviceIoControl
SizeofResource
ConnectNamedPipe
GetCommandLineW
GetVersionExW
GlobalFree
ExitProcess

user32

PostQuitMessage
PostMessageW
SetWindowLongW
GetWindowLongW
SendMessageW
MoveWindow
SetWindowPos
GetWindowRect
UnregisterClassA
GetClientRect
MapWindowPoints
IsWindowVisible
CheckRadioButton
GetWindow
GetParent
GetWindowThreadProcessId
MonitorFromWindow
DestroyWindow
SetTimer
KillTimer
GetMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
RegisterClassW
GetClassInfoW
DefWindowProcW
GetMonitorInfoW
SendMessageTimeoutW
LoadImageW
FindWindowW
EndDialog
FindWindowExW
wsprintfW
DialogBoxParamW
GetActiveWindow
IsWindow

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

shell32

SHGetDiskFreeSpaceExW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
ExtractIconExW
ord165

ole32

CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateInstance

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

rpcrt4

UuidFromStringW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleBaseNameW

dbghelp

MakeSureDirectoryPathExists

ws2_32

inet_ntoa
WSAStartup
gethostbyname

msi

ord217
ord173
ord41
ord66

iphlpapi

GetAdaptersAddresses

wininet

InternetQueryOptionW
InternetCheckConnectionW

sqlite

sqlite3_column_int
sqlite3_errmsg
sqlite3_column_text
sqlite3_bind_blob
sqlite3_open
sqlite3_column_blob
sqlite3_exec
sqlite3_close
sqlite3_prepare
sqlite3_bind_text
sqlite3_free
sqlite3_column_bytes
sqlite3_finalize
sqlite3_step
sqlite3_bind_parameter_index
sqlite3_column_type
sqlite3_column_count
sqlite3_column_int64
sqlite3_busy_timeout
sqlite3_mprintf
sqlite3_prepare_v2
sqlite3_bind_int

winhttp

WinHttpReadData
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:82:09:65:d5:6f:62:d7:a8:bf:32:09:26:96:b7:de:c8:01:5e:63
Signer

Actual PE Digest

55:82:09:65:d5:6f:62:d7:a8:bf:32:09:26:96:b7:de:c8:01:5e:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UpdatePopUp.exe
.exe windows:5 windows x86 arch:x86

a17fdab3e63918ce41b3a7050b8e4444

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:d2:8a:2d:28:25:5a:75:fa:55:07:85:00:a4:45:9a:8e:4b:ec:a5
Signer

Actual PE Digest

2c:d2:8a:2d:28:25:5a:75:fa:55:07:85:00:a4:45:9a:8e:4b:ec:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\UpdatePopUp.pdb

Imports

directui

DirectUI_TreeEx_SetButtonLogo
DirectUI_Static_SetLogoIcon
DirectUI_TreeEx_SetButtonLogoImageBuffer
DirectUI_Static_SetLogoImageBuffer
DirectUI_SetAnimateCurFrameIndex
DirectUI_TreeEx_SetStaticLogo
DirectUI_SubclassWindow
DirectUI_TreeEx_SetTooltipString
DirectUI_SubclassLayeredWindow
DirectUI_SetControlPos
DirectUI_TreeEx_SetControlText
DirectUI_AutoText_SetControlText
DirectUI_GetStringItem
DirectUI_TreeEx_InsertItem
DirectUI_TreeEx_SetStaticLogoImageBuffer
DirectUI_ShowControl
DirectUI_SetLanguageStyle
DirectUI_TreeEx_ShowControl
DirectUI_TreeEx_CreateControl
DirectUI_AutoText_SetControlTextEx
DirectUI_EnableAnimate
DirectUI_SetLayeredWindowAlpha
DirectUI_SetControlTextEx
DirectUI_LoadSkinResourceFromZIP
DirectUI_TreeEx_SetAutoTextItemText

datareport

RD_Save
RD_ReportNow
RD_ReportValueEx
RD_ReportIncCount
RD_ReportValue

shlwapi

PathRemoveFileSpecW
StrCmpW
PathIsDirectoryW
PathFindExtensionW
PathRemoveBackslashW
PathAddBackslashW
StrCmpIW
StrStrIW
PathFindFileNameW
PathAppendW
PathFileExistsW

appstoredatareport

curl_slist_free_all
curl_easy_init
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_slist_append
AS_RD_ReportIncCount
curl_easy_getinfo
curl_global_init
curl_global_cleanup

kernel32

InitializeCriticalSection
LoadLibraryW
GlobalMemoryStatusEx
WTSGetActiveConsoleSessionId
lstrcmpiW
OpenFileMappingW
DeleteCriticalSection
LocalFree
InterlockedCompareExchange
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
MoveFileExW
GetPrivateProfileStringW
SystemTimeToFileTime
GetBinaryTypeW
GetSystemTime
TerminateThread
CreateThread
GetPrivateProfileSectionW
Sleep
GetTempPathW
GetTickCount
SetFilePointer
GetLocalTime
SetInformationJobObject
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
ResumeThread
ReadFile
DebugBreak
InterlockedExchange
GetFileSizeEx
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
VirtualProtect
GetCurrentProcessId
HeapCreate
HeapAlloc
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
SetEndOfFile
GetFileSize
GetLongPathNameW
GetDriveTypeW
CompareFileTime
GetLogicalDriveStringsW
RemoveDirectoryW
FileTimeToSystemTime
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
TryEnterCriticalSection
HeapFree
GetProcessHeap
IsBadReadPtr
InterlockedExchangeAdd
OpenThread
FreeLibrary
WriteFileEx
OutputDebugStringW
CreateNamedPipeW
ConnectNamedPipe
ReadFileEx
GetOverlappedResult
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
SwitchToThread
GetPrivateProfileSectionNamesW
ExitThread
FileTimeToLocalFileTime
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
TlsGetValue
InterlockedIncrement
HeapDestroy
RaiseException
LoadLibraryExW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleA
GetFullPathNameW
GetCurrentDirectoryA
GetStringTypeA
FlushInstructionCache
lstrlenW
GetModuleFileNameW
LeaveCriticalSection
GetVersionExW
GetCurrentProcess
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDriveTypeA
CompareStringA
FindNextFileW
FindClose
GetLastError
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateFileW
WriteFile
UnmapViewOfFile
MapViewOfFile
CreateMutexW
GetCommandLineW
DeleteFileW
CopyFileW
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
DisconnectNamedPipe
EnterCriticalSection
CreateDirectoryW
FindFirstFileW
CloseHandle
DeviceIoControl
LockResource
GlobalFree
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
CreateFileA
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
CreateFileMappingW

user32

GetDesktopWindow
ShowWindow
GetSystemMetrics
IsWindowVisible
GetWindowThreadProcessId
GetForegroundWindow
TranslateMessage
IsIconic
CharNextW
GetMessageW
wsprintfW
GetShellWindow
DispatchMessageW
DestroyWindow
GetWindowRect
MonitorFromPoint
PostQuitMessage
LoadStringA
LoadCursorW
MessageBeep
GetClientRect
SetFocus
GetMenuItemInfoW
PtInRect
GetClassInfoExW
RegisterClassExW
TrackPopupMenuEx
InvalidateRect
GetWindowLongW
AppendMenuW
SystemParametersInfoW
PeekMessageW
SetWindowLongW
SetWindowPos
LoadStringW
CreatePopupMenu
GetMenuItemCount
RemoveMenu
CreateWindowExW
SendMessageW
MapWindowPoints
DestroyMenu
GetMonitorInfoW
CallWindowProcW
DefWindowProcW
SetTimer
LoadImageW
PostMessageW
DrawTextW
KillTimer
GetIconInfo
GetDC
ReleaseDC
IsWindow
FindWindowExW
DestroyIcon
UnregisterClassA
SendMessageTimeoutW
GetClassInfoW
RegisterClassW
MsgWaitForMultipleObjectsEx
TranslateAcceleratorW
RegisterWindowMessageW

gdi32

DeleteDC
GetDIBits
GetCurrentObject
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateFontW
GetObjectW
SetTextColor

advapi32

SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegOpenUserClassesRoot
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
RegNotifyChangeKeyValue
RegEnumValueW

shell32

ShellExecuteW
SHGetDiskFreeSpaceExW
ExtractIconExW
ShellExecuteExW
SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW
ord165
CommandLineToArgvW

ole32

CoCreateInstance
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoUninitialize

oleaut32

VarUI4FromStr

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

rpcrt4

UuidFromStringW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation

comctl32

ImageList_GetIcon
ImageList_Create
ImageList_Add
ImageList_Destroy
InitCommonControlsEx

dbghelp

MakeSureDirectoryPathExists

ws2_32

inet_ntoa
WSAStartup
gethostbyname

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winhttp

WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect

wininet

InternetQueryOptionW
InternetCheckConnectionW

iphlpapi

GetAdaptersAddresses

msi

ord217
ord66
ord41
ord173

log

WriteLog

sqlite

sqlite3_errmsg
sqlite3_column_int
sqlite3_column_blob
sqlite3_prepare_v2
sqlite3_mprintf
sqlite3_busy_timeout
sqlite3_column_text
sqlite3_column_count
sqlite3_column_type
sqlite3_bind_parameter_index
sqlite3_step
sqlite3_finalize
sqlite3_bind_blob
sqlite3_open
sqlite3_bind_int
sqlite3_exec
sqlite3_close
sqlite3_prepare
sqlite3_bind_text
sqlite3_column_int64
sqlite3_free
sqlite3_column_bytes

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WallPaperDataCmd.dll
.dll windows:5 windows x86 arch:x86

483358f5a1d26b0c2bc56a6fa649373d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:54:24:07:4a:a3:3b:08:15:17:20:e5:79:7a:3a:db:59:62:db:25
Signer

Actual PE Digest

b9:54:24:07:4a:a3:3b:08:15:17:20:e5:79:7a:3a:db:59:62:db:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\WallPaperDataCmd.pdb

Imports

wallpapersdk

InitWallPaperSdk
ReleaseWallPaperSdk

datareport

RD_ReportIncCount
RD_Save
RD_ReportValueEx

kernel32

WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
GetDiskFreeSpaceExW
GetVersionExW
GetNativeSystemInfo
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GlobalLock
GlobalUnlock
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemInfo
FindFirstChangeNotificationW
WaitForSingleObject
FindCloseChangeNotification
Sleep
GetSystemTime
SystemTimeToFileTime
SetFileTime
ExpandEnvironmentStringsW
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
GetPrivateProfileStringW
WritePrivateProfileStringW
GetSystemDirectoryW
GetPrivateProfileIntW
GetTickCount
InterlockedDecrement
CloseHandle
InterlockedIncrement
FreeResource
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
OutputDebugStringW
SetThreadPriority
CompareStringA
CreateFileA
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetTimeZoneInformation
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
VirtualAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
CreateFileW
GlobalFree
GlobalAlloc
MultiByteToWideChar
DeleteFileW
FindNextFileW
FindFirstFileW
DeleteCriticalSection
InitializeCriticalSection
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW
CompareStringW
SetEnvironmentVariableA
TerminateThread
RaiseException
HeapDestroy
HeapAlloc
GetACP
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetModuleHandleA

user32

LockWorkStation
FindWindowW
SendMessageW
GetWindowTextW
IsWindow
SetTimer
KillTimer
CreateWindowExW
SetWindowLongW
GetMessageW
DispatchMessageW
DestroyWindow
GetWindowLongW
CallWindowProcW
SetCursor
GetDC
ReleaseDC
PostMessageW
LoadCursorW
CopyRect
PtInRect
OffsetRect
UnionRect
EnumDisplayMonitors
GetRawInputData
GetDoubleClickTime
GetCursorPos
WindowFromPoint
FindWindowExW
RegisterRawInputDevices
GetShellWindow
GetDesktopWindow
GetSystemMetrics
ShowWindow
GetWindowRect
GetForegroundWindow
InvalidateRect
GetWindowThreadProcessId

gdi32

DeleteObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC

advapi32

OpenProcessToken
RegQueryValueExW
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW
AdjustTokenPrivileges
RegOpenKeyExW

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
SHGetValueW

gdiplus

GdipGetImageThumbnail
GdipDisposeImage
GdipCloneImage
GdipFree
GdipLoadImageFromFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDeleteGraphics
GdipBeginContainer2
GdipTranslateWorldTransform
GdipEndContainer
GdipDeleteFontFamily
GdipCreateFromHDC
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipDrawLineI
GdipFillRectangleI
GdipDrawRectangle
GdipFillPie
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipFillRectangle
GdipMeasureString
GdipSetSmoothingMode
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipScaleWorldTransform
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageRect
GdipAlloc

dbghelp

MakeSureDirectoryPathExists

Exports

Exports

CoverWallPaperData
GetConfig
GetDataCommand
GetSmallListView
GetToolCommand
GetUtil
GetViewCommand
GetWallPaperGraphics

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WallPaperSdk.dll
.dll windows:5 windows x86 arch:x86

e987da90ed52eb3a798084e36d1d27cf

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:4e:5f:8f:49:8a:a9:c4:99:06:f4:43:2e:40:e1:ed:12:3f:43:eb
Signer

Actual PE Digest

54:4e:5f:8f:49:8a:a9:c4:99:06:f4:43:2e:40:e1:ed:12:3f:43:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\WallPaperSdk.pdb

Imports

kernel32

GetSystemInfo
GetLastError
ResetEvent
GetModuleHandleW
DeleteFileW
MultiByteToWideChar
WritePrivateProfileStringW
GetSystemDirectoryW
CopyFileW
GetTickCount
GlobalAlloc
GlobalFree
GetVolumeInformationW
CreateFileW
DeviceIoControl
WideCharToMultiByte
GetModuleFileNameW
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcessId
GlobalLock
GlobalUnlock
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
GetProcAddress
Sleep
InterlockedExchange
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
ReadFile
CreateMutexW
SetFilePointer
CreateDirectoryW
WriteFile
CreateEventW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WaitForSingleObject
CloseHandle
TerminateThread
WaitForMultipleObjects
SetEvent
DeleteCriticalSection
LockResource
EnterCriticalSection
LeaveCriticalSection
SizeofResource
InitializeCriticalSection
GetPrivateProfileStringW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
GetModuleHandleA
VirtualFree
HeapCreate
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
LoadResource
FindResourceW
CreateFileA
FindResourceExW

user32

DestroyWindow
DispatchMessageW
GetMessageW
SetWindowLongW
GetSystemMetrics
CallWindowProcW
CreateWindowExW
KillTimer
SetTimer
PostMessageW
IsWindow
GetWindowTextW
SendMessageW
FindWindowW
GetWindowLongW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

shlwapi

PathIsDirectoryW
SHGetValueW
PathFileExistsW
PathFindFileNameW

winhttp

WinHttpSetOption
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl

gdiplus

GdipFree
GdipLoadImageFromStream
GdipSaveImageToFile
GdipGetImageThumbnail
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipLoadImageFromFile
GdipAlloc
GdipCloneImage
GdipDisposeImage

dbghelp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

Exports

Exports

InitWallPaperSdk
ReleaseWallPaperSdk

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appstore_sync.exe
.exe windows:5 windows x86 arch:x86

e485a21f28fa109a03514ed93b3f988a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:dc:a5:9e:3a:7b:27:62:92:b6:41:13:e3:8e:7c:90:24:73:09:98
Signer

Actual PE Digest

d2:dc:a5:9e:3a:7b:27:62:92:b6:41:13:e3:8e:7c:90:24:73:09:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\appstore_sync.pdb

Imports

datareport

RD_ReportIncCount
RD_ReportValueEx
RD_ReportNow

winhttp

WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpen

shlwapi

PathAddBackslashW
PathAppendW
PathFileExistsW
StrCmpIW
PathIsDirectoryW
PathFindFileNameW

kernel32

GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
CreateFileA
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
MultiByteToWideChar
LockResource
DeviceIoControl
CloseHandle
CreateMutexW
GetModuleFileNameW
GetPrivateProfileIntW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetDateFormatW
GetPrivateProfileStringW
CopyFileW
GetTimeFormatW
ReadFile
CreateFileW
WritePrivateProfileStringW
GetLocalTime
DeleteFileW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
Sleep
CreateEventW
WaitForSingleObject
RaiseException
LocalFree
InterlockedIncrement
InterlockedDecrement
WTSGetActiveConsoleSessionId
CreateDirectoryW
GetCommandLineW
DebugBreak
InterlockedExchange
InterlockedCompareExchange
SystemTimeToFileTime
WriteFile
GetFileSizeEx
CreateProcessW
OpenProcess
EnumSystemLocalesA
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
GetCurrentProcessId
GetVersionExW
HeapCreate
HeapAlloc
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetCurrentThreadId
TerminateProcess
SetEndOfFile
SetFilePointer
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryA
GetFullPathNameW
VirtualAlloc
GetModuleHandleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTickCount
VirtualFree
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetSystemTimeAsFileTime
FindFirstFileW
IsValidLocale
Process32NextW
GetTimeZoneInformation
WriteConsoleA
LoadLibraryA
GetDriveTypeW
FileTimeToLocalFileTime
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
FileTimeToSystemTime
FindClose
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap

advapi32

CreateProcessAsUserW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RevertToSelf
RegEnumKeyExW
RegQueryValueExW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
RegCreateKeyExW

shell32

ord165
SHGetSpecialFolderPathW
SHFileOperationW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW

psapi

GetModuleFileNameExW
GetModuleInformation

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

iphlpapi

GetAdaptersAddresses

sqlite

sqlite3_finalize
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_errmsg
sqlite3_column_text
sqlite3_bind_blob
sqlite3_step
sqlite3_bind_int
sqlite3_exec
sqlite3_close
sqlite3_prepare
sqlite3_reset
sqlite3_bind_text
sqlite3_free
sqlite3_open

ole32

CoCreateGuid

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdMiniDownloaderGB_PCF-mini_32_1648.exe
.exe windows:5 windows x86 arch:x86

e3b29fc75a1da17a7ec9ba50c9883f98

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:9f:96:dd:83:8e:39:b2:89:d4:ca:e0:3e:05:4a:9f:a6:df:3a:69
Signer

Actual PE Digest

73:9f:96:dd:83:8e:39:b2:89:d4:ca:e0:3e:05:4a:9f:a6:df:3a:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Jenkins\workspace\MiniPackage\build\Release\bdMiniDownloader.pdb

Imports

ws2_32

getaddrinfo
htonl
freeaddrinfo
WSAIoctl

wininet

HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetReadFile

shlwapi

PathFileExistsW
PathAppendW
PathFindFileNameW
PathIsDirectoryW
PathGetDriveNumberW
PathRemoveFileSpecW
PathFindExtensionW
PathCombineW
PathStripPathW

iphlpapi

GetAdaptersAddresses
GetIpForwardTable

psapi

EnumProcesses
GetModuleFileNameExW

kernel32

GetCurrentThreadId
SetLastError
CloseHandle
WaitForSingleObject
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
CreateFileA
DeviceIoControl
GlobalFree
GlobalAlloc
WideCharToMultiByte
DeleteCriticalSection
TerminateThread
GetTickCount
lstrlenA
InitializeCriticalSection
CreateSemaphoreW
ReleaseSemaphore
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
DeleteFileW
WriteFile
SetEndOfFile
SetFilePointer
CreateFileW
GetLastError
GetUserDefaultUILanguage
lstrlenW
GetTimeZoneInformation
CreateDirectoryW
lstrcmpiW
OpenProcess
GetFileAttributesW
lstrcpyW
GetProcAddress
GetModuleHandleW
LocalFree
GetCommandLineW
CreateMutexW
GetSystemTimeAsFileTime
GetExitCodeProcess
CopyFileW
GetModuleFileNameW
FreeResource
GlobalUnlock
GlobalLock
CreateFileMappingW
GetFileSize
UnmapViewOfFile
MapViewOfFile
GetLocalTime
GetTempPathW
InterlockedExchange
GetDiskFreeSpaceExW
GetVolumeInformationW
OpenFileMappingW
GetCurrentProcess
MoveFileExW
RemoveDirectoryW
GetDriveTypeW
ReadFile
SleepEx
FlushInstructionCache
Sleep
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueueTimer
CreateTimerQueue
PeekNamedPipe
FreeLibrary
GetStdHandle
LoadLibraryA
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
RtlUnwind
DecodePointer
EncodePointer
ExitThread
CreateThread
HeapFree
HeapAlloc
HeapSetInformation
GetStartupInfoW
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
FindClose
GetDriveTypeA
FindFirstFileExA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSize
ExitProcess
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
GetFullPathNameA
GetCurrentDirectoryW
LoadLibraryW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
GetPrivateProfileSectionW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetPrivateProfileSectionNamesW
InterlockedPopEntrySList

user32

MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
LoadImageW
GetSystemMetrics
MsgWaitForMultipleObjectsEx
PeekMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
RedrawWindow
PostQuitMessage
LoadIconW
DestroyIcon
FindWindowW
UnregisterClassA
SetCapture
ReleaseDC
GetDC
SetWindowPos
SetWindowLongW
GetCursor
SetCursor
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetClassInfoExW
CharNextW
IsWindow
IsWindowVisible
GetWindowRect
CallWindowProcW
GetWindowLongW
SetForegroundWindow
UpdateLayeredWindow
PostMessageW
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetCursorPos
WindowFromPoint
GetCapture
ReleaseCapture
LoadCursorW
ClientToScreen

advapi32

RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
CryptGetHashParam
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA

ole32

CoCreateGuid
CreateStreamOnHGlobal

shell32

Shell_NotifyIconW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteExW
SHFileOperationW

gdi32

CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
SetBitmapBits
GetBitmapBits
SelectObject

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipAddPathString
GdipGetPathWorldBounds
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipFillRectangleI
GdipDrawRectangleI
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipFree
GdipDeleteBrush
GdipDrawImageRectRect
GdipSetImageAttributesWrapMode
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc

wsock32

getsockname
gethostname
inet_ntoa
listen
accept
recvfrom
WSACleanup
WSAStartup
getsockopt
closesocket
WSASetLastError
socket
bind
recv
setsockopt
ntohs
htons
WSAGetLastError
connect
getpeername
send
__WSAFDIsSet
select
sendto

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl

wldap32

ord301
ord27
ord33
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord35
ord32
ord200
ord46
ord211
ord79

Sections

.text
Size: 627KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdappdownloader.exe
.exe windows:5 windows x86 arch:x86

9a6f2de44898f07bcc6b70e8b09be4a5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9a:34:43:0c:a9:ca:04:c7:29:aa:f8:db:8b:74:6a:74:3d:c1:71:9a
Signer

Actual PE Digest

9a:34:43:0c:a9:ca:04:c7:29:aa:f8:db:8b:74:6a:74:3d:c1:71:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\bdappdownloader.pdb

Imports

downloader_engine

?Run@DOWNLOADSV@@YAHXZ
?Start@DOWNLOADSV@@YAHXZ
?Close@DOWNLOADSV@@YAHXZ

log

WriteLog
CreateLog

kernel32

MultiByteToWideChar
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
InterlockedIncrement
InterlockedDecrement
CreateFileW
ReadFile
WTSGetActiveConsoleSessionId
GetPrivateProfileStringW
CreateDirectoryW
GetCommandLineW
DebugBreak
lstrcmpiA
lstrcmpiW
WideCharToMultiByte
GetLocalTime
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW
GetDateFormatW
GetTimeFormatW
FormatMessageW
Sleep
InterlockedExchange
InterlockedCompareExchange
WritePrivateProfileStringW
SystemTimeToFileTime
WriteFile
GetFileSizeEx
CreateProcessW
GetCurrentProcess
OpenProcess
Process32NextW
ProcessIdToSessionId
CloseHandle
CreateToolhelp32Snapshot
WaitForSingleObject
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnmapViewOfFile
lstrlenW
lstrlenA
MapViewOfFile
CreateFileMappingW
Module32NextW
VirtualProtect
Module32FirstW
GetCurrentProcessId
GetVersionExW
GetModuleHandleW
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
GetCurrentThreadId
TerminateProcess
SetEndOfFile
SetFilePointer
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetFullPathNameA
GetDriveTypeA
GetLocaleInfoW
GetConsoleMode
GetLastError
CreateMutexW
DeleteFileW
GetPrivateProfileIntW
GetModuleFileNameW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSection
GetProcessHeap
Process32FirstW
GetModuleHandleA
HeapDestroy
GetCurrentThread
SetLastError
TlsFree
GetConsoleCP
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringA
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
HeapSize
LCMapStringW
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
VirtualAlloc
FatalAppExitA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
RtlUnwind
GetFileAttributesW
HeapFree
RaiseException
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree

user32

CharUpperBuffW
CharPrevW
CharLowerBuffW
CharLowerBuffA
CharUpperBuffA
CharPrevA
CharNextA
CharNextW

advapi32

RegEnumKeyExW
RegDeleteKeyW
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RevertToSelf

shell32

SHGetFolderPathW
ord165
SHGetSpecialFolderPathW

shlwapi

SHDeleteKeyW
StrStrIW
PathAppendW
PathAddBackslashW
PathFileExistsW
PathFindFileNameW
PathRenameExtensionW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleInformation
GetModuleFileNameExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winhttp

WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpReadData

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config.ini
dbghelp.dll
.dll windows:6 windows x86 arch:x86

adf9759800fcd48cc981a4db72368f41

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:fc:c6:f8:4b:ea:ce:14:08:26:e6:73:a5:87:88:48:68:4d:ac:a3
Signer

Actual PE Digest

de:fc:c6:f8:4b:ea:ce:14:08:26:e6:73:a5:87:88:48:68:4d:ac:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_lseeki64
_write
_isatty
__pioinfo
__badioinfo
_read
ferror
wctomb
_itoa
_snprintf
_iob
__mb_cur_max
mbtowc
_fileno
isleadbyte
_onexit
__dllonexit
_unlock
_lock
memset
memcpy
_ismbblead
_initterm
_amsg_exit
_XcptFilter
memmove
__CxxFrameHandler
_errno
iswspace
calloc
_wcsdup
towlower
tolower
_wcslwr
_wctime
time
_ltoa
_strnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
free
_strlwr
_vsnwprintf
iswprint
fprintf
fflush
atol
fclose
iswdigit
__unDName
bsearch
fread
fseek
_wfsopen
wcstoul
strchr
_wfullpath
_wgetenv
_chsize
_close
_get_osfhandle
_open_osfhandle
ftell
_mbscmp
_memicmp
wcsrchr
strstr
_wcsicmp
_wcsnicmp
qsort
iswxdigit
wcsncmp
wcsstr
wcschr
??3@YAXPAX@Z
??2@YAPAXI@Z
_wsopen
memcmp

kernel32

InitializeCriticalSectionAndSpinCount
DeviceIoControl
GetFileType
CopyFileExW
SetFileAttributesW
LCMapStringW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
FormatMessageW
GetModuleHandleW
FlushViewOfFile
MapViewOfFileEx
LocalFree
VirtualFree
GetVersion
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetThreadSelectorEntry
TerminateThread
CreateThread
HeapCreate
HeapDestroy
VirtualQueryEx
GetThreadTimes
GetThreadPriority
GetPriorityClass
GetThreadContext
ResumeThread
SuspendThread
CreateFileMappingA
GetSystemInfo
LoadLibraryA
Sleep
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter
ReadProcessMemory
SetLastError
FindClose
GetLastError
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileSize
ReadFile
CloseHandle
TlsGetValue
TlsSetValue
FreeLibrary
TlsAlloc
TlsFree
GetVersionExA
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcess
UnmapViewOfFile
CreateDirectoryA
VirtualAlloc
VirtualProtect
DuplicateHandle
MapViewOfFile
GetModuleHandleA
GetCurrentProcessId
OpenProcess
WriteFile
OutputDebugStringA
SetErrorMode
GetFileAttributesA
DelayLoadFailureHook

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
StackWalkEx
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymAddrIncludeInlineTrace
SymCleanup
SymCompareInlineTrace
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsEx
SymEnumSymbolsExW
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromInlineContext
SymFromInlineContextW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromInlineContext
SymGetLineFromInlineContextW
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymQueryInlineTrace
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetScopeFromInlineContext
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
inlinedbg
itoldyouso
lmi
lminfo
omap
optdbgdump
optdbgdumpaddr
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1010KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
downloader_engine.dll
.dll windows:5 windows x86 arch:x86

696eba8373dc18c0dbf151a5edeb5f82

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:dd:d6:37:d2:a8:88:76:72:ce:f1:f4:ff:53:a5:c0:2e:72:32:77
Signer

Actual PE Digest

bb:dd:d6:37:d2:a8:88:76:72:ce:f1:f4:ff:53:a5:c0:2e:72:32:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\downloader_engine.pdb

Imports

sqlite

sqlite3_free
sqlite3_bind_text
sqlite3_column_count
sqlite3_prepare_v2
sqlite3_column_int64
sqlite3_busy_timeout
sqlite3_exec
sqlite3_bind_int
sqlite3_column_type
sqlite3_mprintf
sqlite3_step
sqlite3_finalize
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_int
sqlite3_errmsg
sqlite3_column_text
sqlite3_bind_blob
sqlite3_open
sqlite3_close
sqlite3_bind_parameter_index
sqlite3_prepare

log

WriteLog

ws2_32

gethostbyname
inet_ntoa
WSAStartup

shlwapi

PathGetDriveNumberW
StrCmpW
PathIsDirectoryW
PathRemoveBackslashW
StrCmpIW
StrStrIW
PathFindFileNameW
PathAddBackslashW
PathFindExtensionW
PathAppendW
StrStrW
PathFileExistsW
PathRemoveFileSpecW
PathStripPathW

appstoredatareport

curl_global_init
curl_easy_getinfo
curl_easy_escape
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_easy_init
curl_free
curl_slist_append
curl_slist_free_all
curl_global_cleanup
AS_RD_ReportIncCount

kernel32

HeapDestroy
HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
GetProcessHeap
IsBadReadPtr
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
EnterCriticalSection
LockResource
CreateEventW
DeleteCriticalSection
CloseHandle
DeleteFileW
CreateThread
GetPrivateProfileStringW
GetPrivateProfileIntW
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetCurrentProcessId
OpenThread
GetLastError
DisconnectNamedPipe
WriteFileEx
OutputDebugStringW
CreateNamedPipeW
Sleep
ConnectNamedPipe
ReadFileEx
GetModuleHandleW
GetOverlappedResult
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
GetModuleFileNameW
CreateFileW
WaitNamedPipeW
SetNamedPipeHandleState
GetCurrentThreadId
GetTickCount
InterlockedCompareExchange
TerminateThread
ResetEvent
SwitchToThread
CopyFileW
WideCharToMultiByte
MultiByteToWideChar
RaiseException
WritePrivateProfileStringW
ResumeThread
SetFilePointer
SetEndOfFile
MoveFileExW
WriteFile
WaitForMultipleObjects
FindFirstFileW
GetLongPathNameW
FindClose
GetLocalTime
HeapSize
FindNextFileW
GlobalFree
GetFileSize
MapViewOfFile
UnmapViewOfFile
SystemTimeToFileTime
FileTimeToSystemTime
ReadFile
CreateFileMappingW
GetFileInformationByHandle
GetBinaryTypeW
GetProcAddress
GetSystemTime
GetPrivateProfileSectionW
GetTempPathW
FreeLibrary
LoadLibraryW
SetInformationJobObject
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
LocalFree
OpenProcess
GetDriveTypeW
CompareFileTime
GetLogicalDriveStringsW
RemoveDirectoryW
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
TryEnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
GetTimeZoneInformation
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetStdHandle
GetModuleFileNameA
ExitProcess
HeapCreate
VirtualFree
VirtualAlloc
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
ExitThread
RtlUnwind
GetCPInfo
SetEnvironmentVariableW
CreateFileA
CompareStringA
GetPrivateProfileSectionNamesW
CreateMutexW
SetHandleCount
DeviceIoControl
OpenFileMappingW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetVersionExW
QueryPerformanceFrequency
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleA
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
LCMapStringW
LCMapStringA
WTSGetActiveConsoleSessionId

user32

wsprintfW
FindWindowW
GetWindowLongW
DestroyWindow
SetTimer
KillTimer
GetMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
SetWindowLongW
CreateWindowExW
RegisterClassW
GetClassInfoW
PostMessageW
DefWindowProcW
PostQuitMessage
SendMessageW
SendMessageTimeoutW
IsWindow
GetWindowThreadProcessId
FindWindowExW

advapi32

RegQueryInfoKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ord171
ShellExecuteW
CommandLineToArgvW
SHGetDiskFreeSpaceExW
ExtractIconExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
ord165

ole32

StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateGuid
CoInitialize

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

rpcrt4

UuidFromStringW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleBaseNameW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse
WinHttpGetProxyForUrl

iphlpapi

GetAdaptersAddresses
GetIpForwardTable

wininet

InternetCheckConnectionW
InternetQueryOptionW

dbghelp

MakeSureDirectoryPathExists

msi

ord66
ord173
ord217
ord41

datareport

RD_ReportIncCount
RD_Save
RD_ReportValueEx
RD_ReportValue

Exports

Exports

??0CDownloaderEngine@@AAE@XZ
??0CDownloaderEngine@@QAE@ABV0@@Z
??0CHttpTask@@QAE@ABV0@@Z
??0CHttpTask@@QAE@V?$shared_ptr@VITaskInfo@@@boost@@@Z
??0CHttpTaskInfo@@QAE@ABV0@@Z
??0CHttpTaskInfo@@QAE@W4enum_TaskStatus@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@111111HHPB_WHHHHHHHH11H_J3@Z
??0CHttpTaskStatistics@@QAE@ABV0@@Z
??0CHttpTaskStatistics@@QAE@HHH_J0ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HHHHH@Z
??0CTaskError@@AAE@W4enum_TaskErrorCode@@@Z
??0HTTPTaskCore@@QAE@ABV0@@Z
??0HTTPTaskCore@@QAE@XZ
??0IDownloaderEngine@@QAE@ABV0@@Z
??0IDownloaderEngine@@QAE@XZ
??0ITask@@QAE@ABV0@@Z
??0ITask@@QAE@XZ
??0ITaskCore@@QAE@ABV0@@Z
??0ITaskCore@@QAE@XZ
??0ITaskInfo@@QAE@ABV0@@Z
??0ITaskInfo@@QAE@XZ
??0ITaskStatistics@@QAE@ABV0@@Z
??0ITaskStatistics@@QAE@XZ
??0P2PTaskCore@@QAE@ABV0@@Z
??0P2PTaskCore@@QAE@XZ
??1CDownloaderEngine@@UAE@XZ
??1CHttpTask@@UAE@XZ
??1CHttpTaskInfo@@UAE@XZ
??1CHttpTaskStatistics@@UAE@XZ
??1HTTPTaskCore@@UAE@XZ
??1IDownloaderEngine@@UAE@XZ
??1ITask@@UAE@XZ
??1ITaskCore@@UAE@XZ
??1ITaskInfo@@UAE@XZ
??1ITaskStatistics@@UAE@XZ
??1P2PTaskCore@@UAE@XZ
??4CDownloaderEngine@@QAEAAV0@ABV0@@Z
??4CHttpTask@@QAEAAV0@ABV0@@Z
??4CHttpTaskInfo@@QAEAAV0@ABV0@@Z
??4CHttpTaskStatistics@@QAEAAV0@ABV0@@Z
??4CTaskError@@QAEAAV0@ABV0@@Z
??4CTaskFactory@@QAEAAV0@ABV0@@Z
??4HTTPTaskCore@@QAEAAV0@ABV0@@Z
??4IDownloaderEngine@@QAEAAV0@ABV0@@Z
??4ITask@@QAEAAV0@ABV0@@Z
??4ITaskCore@@QAEAAV0@ABV0@@Z
??4ITaskInfo@@QAEAAV0@ABV0@@Z
??4ITaskStatistics@@QAEAAV0@ABV0@@Z
??4P2PTaskCore@@QAEAAV0@ABV0@@Z
??_7CDownloaderEngine@@6B@
??_7CHttpTask@@6B@
??_7CHttpTaskInfo@@6B@
??_7CHttpTaskStatistics@@6B@
??_7HTTPTaskCore@@6B@
??_7IDownloaderEngine@@6B@
??_7ITask@@6B@
??_7ITaskCore@@6B@
??_7ITaskInfo@@6B@
??_7ITaskStatistics@@6B@
??_7P2PTaskCore@@6B@
?CancelPreTask@CDownloaderEngine@@UAEJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?CancelTask@HTTPTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?CancelTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?ClearAllTasks@CDownloaderEngine@@UAEJXZ
?ClearTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?Close@DOWNLOADSV@@YAHXZ
?Create@CTaskFactory@@SA?AV?$shared_ptr@VITaskInfo@@@boost@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@000HPB_WH000W4enum_TaskStatus@@HHHHHHH00H_J3@Z
?CreateNewTask@CDownloaderEngine@@UAEJHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@11111H_J2@Z
?CreatePreTask@CDownloaderEngine@@UAEJAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@1111@Z
?CreateResumeTask@HTTPTaskCore@@AAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@AAUHTTP_TASK_PARAMS@@@Z
?CreateTask@HTTPTaskCore@@AAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV23@AAUHTTP_TASK_PARAMS@@@Z
?CreateTask@P2PTaskCore@@AAEKABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAUTASK_PARAMS@@@Z
?CreateTaskInfo@CTaskFactory@@SA?AV?$shared_ptr@VITaskInfo@@@boost@@VCommonTaskStorage@@@Z
?CreateTaskStatistics@CTaskFactory@@SA?AV?$shared_ptr@VITaskStatistics@@@boost@@ABUTaskRealInfo@@@Z
?DeletePreTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?DeleteTask@HTTPTaskCore@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?DeleteTask@P2PTaskCore@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?DeleteTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?EMPTY_STR@CHttpTaskInfo@@2V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@B
?EMPTY_STR@CTaskFactory@@2V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@B
?ExecTask@HTTPTaskCore@@AAEXV?$shared_ptr@VITask@@@boost@@H@Z
?ExecTask@P2PTaskCore@@AAEXV?$shared_ptr@VITask@@@boost@@H@Z
?FILE_ERROR@CTaskError@@2V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@B
?Fill@CDownloaderEngine@@AAEJXZ
?GetAllPreTasks@CDownloaderEngine@@UBEABV?$vector@V?$shared_ptr@VITask@@@boost@@V?$allocator@V?$shared_ptr@VITask@@@boost@@@std@@@std@@XZ
?GetAllTasks@CDownloaderEngine@@UBEABV?$vector@V?$shared_ptr@VITask@@@boost@@V?$allocator@V?$shared_ptr@VITask@@@boost@@@std@@@std@@XZ
?GetAppPath@GlobalName@@YAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetAppSetting@GlobalName@@YAHABHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetCompletionTime@CHttpTaskInfo@@UBEABVCTime@ATL@@XZ
?GetConfigNameName@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetConnectionSignalStrength@HTTPTaskCore@@UBEHXZ
?GetConnectionSignalStrength@P2PTaskCore@@UBEHXZ
?GetCookie@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetCreationTime@CHttpTaskInfo@@UBEABVCTime@ATL@@XZ
?GetCustomFileName@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetDescription@CHttpTask@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetDownloadStat@GlobalName@@YAHXZ
?GetDownloadState@CDownloaderEngine@@UBEJAAUtagDownLoadStat@@@Z
?GetDownloadedSize@CHttpTaskStatistics@@UBE_JXZ
?GetDownloadingTasks@CDownloaderEngine@@UBE?AV?$shared_ptr@V?$vector@V?$shared_ptr@VITask@@@boost@@V?$allocator@V?$shared_ptr@VITask@@@boost@@@std@@@std@@@boost@@XZ
?GetErrorCode@CTaskError@@QBE?AW4enum_TaskErrorCode@@XZ
?GetErrorMsg@CTaskError@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetEstimateTime@CHttpTaskStatistics@@UBE_JXZ
?GetFileName@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetFilePath@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetFinishTime@CHttpTaskInfo@@UBE_JXZ
?GetFinishedSize@CHttpTaskInfo@@UBE_JXZ
?GetGlobalSetting@GlobalName@@YAHAAUtagGlobalSetting@@@Z
?GetHashPercent@CHttpTaskStatistics@@UBEHXZ
?GetIP@HTTPTaskCore@@UBEJAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetIP@P2PTaskCore@@UBEJAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetInstance@CDownloaderEngine@@SA?AV?$shared_ptr@VIDownloaderEngine@@@boost@@XZ
?GetLoginName@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetLoginPass@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetMaxTaskNum@HTTPTaskCore@@UBEHXZ
?GetMaxTaskNum@P2PTaskCore@@UBEHXZ
?GetNumOfSource@CHttpTaskStatistics@@UBEHXZ
?GetNumOfSourceUsing@CHttpTaskStatistics@@UBEHXZ
?GetPercent@CHttpTaskInfo@@UBEHXZ
?GetPreTask@CDownloaderEngine@@UAE?AV?$shared_ptr@VITask@@@boost@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetProgressPercent@CHttpTaskStatistics@@UBEHXZ
?GetProgressReport@CHttpTaskStatistics@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetRefURL@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetRetryTimes@CHttpTaskInfo@@UBEHXZ
?GetSoftID@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetSpeed@CHttpTaskStatistics@@UBEHXZ
?GetTask@CDownloaderEngine@@UAE?AV?$shared_ptr@VITask@@@boost@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetTaskError@CHttpTask@@UBE?AV?$shared_ptr@VCTaskError@@@boost@@XZ
?GetTaskError@CTaskError@@SA?AV?$shared_ptr@VCTaskError@@@boost@@W4enum_TaskErrorCode@@@Z
?GetTaskID@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetTaskInfo@CHttpTask@@UBE?AV?$shared_ptr@VITaskInfo@@@boost@@XZ
?GetTaskLog@CDownloaderEngine@@UAEJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$vector@V?$shared_ptr@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@boost@@V?$allocator@V?$shared_ptr@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@boost@@@std@@@3@@Z
?GetTaskLog@HTTPTaskCore@@UAEJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$vector@V?$shared_ptr@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@boost@@V?$allocator@V?$shared_ptr@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@boost@@@std@@@3@@Z
?GetTaskLog@P2PTaskCore@@UAEJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$vector@V?$shared_ptr@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@boost@@V?$allocator@V?$shared_ptr@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@boost@@@std@@@3@@Z
?GetTaskStatistics@CHttpTask@@UBE?AV?$shared_ptr@VITaskStatistics@@@boost@@XZ
?GetTaskStatus@CHttpTaskInfo@@UBE?AW4enum_TaskStatus@@XZ
?GetTaskType@CHttpTaskInfo@@UBE?AW4enum_TaskType@@XZ
?GetTaskURL@CHttpTaskInfo@@UBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetThreadCount@CHttpTaskInfo@@UBEHXZ
?GetTimeElapsed@CHttpTaskStatistics@@UBE_JXZ
?GetTimeLeft@CHttpTaskStatistics@@UBE_JXZ
?GetTotalFileSize@CHttpTaskStatistics@@UBE_JXZ
?GetTotalSize@CHttpTaskInfo@@UBE_JXZ
?GetUsedTime@CHttpTaskInfo@@UBE_JXZ
?Init@CDownloaderEngine@@UAEJXZ
?Init@HTTPTaskCore@@UAEXXZ
?Init@P2PTaskCore@@UAEXXZ
?InitDownloadStat@GlobalName@@YAHXZ
?InitGlobalSetting@GlobalName@@YAHXZ
?IsAutoRenameDisabled@CHttpTaskInfo@@UBEHXZ
?IsCompleted@CHttpTaskStatistics@@ABEHXZ
?IsFileCreated@CHttpTaskStatistics@@UBEHXZ
?IsHashing@CHttpTaskStatistics@@UBEHXZ
?IsLogin@CHttpTaskInfo@@UBEHXZ
?IsOnlyOriginal@CHttpTaskInfo@@UBEHXZ
?IsOverlap@CHttpTaskInfo@@UBEHXZ
?IsP2PEnabled@CHttpTaskInfo@@UBEHXZ
?IsP2SEnabled@CHttpTaskInfo@@UBEHXZ
?IsResume@CHttpTaskInfo@@UBEHXZ
?IsTrash@CHttpTaskInfo@@UBEHXZ
?NOT_APPLICABLE@CHttpTaskStatistics@@2HB
?NOT_ENOUGH_SPACE@CTaskError@@2V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@B
?NO_ERROR_MSG@CTaskError@@2V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@B
?NO_SPEED@CHttpTaskStatistics@@2HB
?NeedPredownload@CHttpTaskInfo@@UBEHXZ
?NeedStopThread@CDownloaderEngine@@ABEHXZ
?PauseAllTasks@CDownloaderEngine@@UAEJXZ
?PauseTask@HTTPTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?PauseTask@P2PTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?PauseTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?PersistToDB@CDownloaderEngine@@UAEJV?$shared_ptr@VITask@@@boost@@@Z
?PutTaskToTrash@CDownloaderEngine@@AAEJV?$shared_ptr@VITask@@@boost@@@Z
?Quit@CDownloaderEngine@@UAEJXZ
?Quit@HTTPTaskCore@@UAEXXZ
?Quit@P2PTaskCore@@UAEXXZ
?RecoverTask@HTTPTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?RecoverTask@P2PTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?RecoverTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?RefreshCache@CDownloaderEngine@@AAEHXZ
?RefreshPreDownloadCache@CDownloaderEngine@@AAEJXZ
?RefreshTask@CDownloaderEngine@@AAEHPAX@Z
?Reset@CHttpTaskInfo@@UAEXXZ
?Reset@CHttpTaskStatistics@@UAEXXZ
?RestartTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?RestoreTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?ResumeAllTasks@CDownloaderEngine@@UAEJXZ
?ResumeTask@CDownloaderEngine@@AAEJV?$shared_ptr@VITask@@@boost@@@Z
?ResumeTask@HTTPTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?ResumeTask@P2PTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?ResumeTasks@CDownloaderEngine@@UAEJABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?Run@DOWNLOADSV@@YAHXZ
?SOURCE_FAIL@CTaskError@@2V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@B
?SetAppSetting@GlobalName@@YAHABHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetCompletionTime@CHttpTaskInfo@@UAEXABVCTime@ATL@@@Z
?SetConfigFileName@CHttpTaskInfo@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetCreationTime@CHttpTaskInfo@@UAEXABVCTime@ATL@@@Z
?SetCustomFileName@CHttpTaskInfo@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetDescription@CHttpTask@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetDownloadStat@GlobalName@@YAHXZ
?SetFileName@CHttpTaskInfo@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetFilePath@CHttpTaskInfo@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetFinishTime@CHttpTaskInfo@@UAEX_J@Z
?SetFinishedSize@CHttpTaskInfo@@UAEX_J@Z
?SetGloalProperty@CDownloaderEngine@@UAEJHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetGloalProperty@HTTPTaskCore@@UAEJHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetGloalProperty@P2PTaskCore@@UAEJHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetGlobalSetting@GlobalName@@YAHAAUtagGlobalSetting@@@Z
?SetIsTrash@CHttpTaskInfo@@UAEXH@Z
?SetNeedPredownload@CHttpTaskInfo@@UAEXH@Z
?SetPercent@CHttpTaskInfo@@UAEXH@Z
?SetRetryTimes@CHttpTaskInfo@@UAEXH@Z
?SetSpeed@CHttpTaskStatistics@@UAEXH@Z
?SetTaskError@CHttpTask@@UAEXV?$shared_ptr@VCTaskError@@@boost@@@Z
?SetTaskStatistics@CHttpTask@@UAEXV?$shared_ptr@VITaskStatistics@@@boost@@@Z
?SetTaskStatus@CHttpTaskInfo@@UAEXW4enum_TaskStatus@@@Z
?SetTaskStatus@HTTPTaskCore@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4enum_TaskStatus@@@Z
?SetTaskStatus@P2PTaskCore@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4enum_TaskStatus@@@Z
?SetTaskURL@CHttpTaskInfo@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetThreadCount@CHttpTaskInfo@@UAEXH@Z
?SetTotalSize@CHttpTaskInfo@@UAEX_J@Z
?SetUsedTime@CHttpTaskInfo@@UAEX_J@Z
?Start@DOWNLOADSV@@YAHXZ
?StartNextTask@CDownloaderEngine@@AAEHXZ
?StartPreTask@CDownloaderEngine@@UAEJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?StartTask@CDownloaderEngine@@AAEJV?$shared_ptr@VITask@@@boost@@@Z
?StartTask@HTTPTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?StartTask@P2PTaskCore@@UAEXV?$shared_ptr@VITask@@@boost@@@Z
?ThreadProc@CDownloaderEngine@@CGKPAX@Z
?UNKOWN_ERROR@CTaskError@@2V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@B
?UninitDownloadStat@GlobalName@@YAHXZ
?UninitGlobalSetting@GlobalName@@YAHXZ
?Update@CHttpTaskStatistics@@UAEXABUHTTP_TASK_INFO@@@Z
?Update@CHttpTaskStatistics@@UAEXABUJSXZ_TASK_INFO@@@Z
?Update@CHttpTaskStatistics@@UAEXABUst_TASK_INFO@@@Z
?UpdateTask@HTTPTaskCore@@UAEHV?$shared_ptr@VITask@@@boost@@@Z
?UpdateTask@P2PTaskCore@@UAEHV?$shared_ptr@VITask@@@boost@@@Z
?m_TaskErrorMap@CTaskError@@0V?$map@W4enum_TaskErrorCode@@V?$shared_ptr@VCTaskError@@@boost@@U?$less@W4enum_TaskErrorCode@@@std@@V?$allocator@U?$pair@$$CBW4enum_TaskErrorCode@@V?$shared_ptr@VCTaskError@@@boost@@@std@@@5@@std@@A

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftex.exe
.exe windows:5 windows x86 arch:x86

5e580b5017be8274def1b01359023ddb

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:12:d7:1f:0d:da:2d:87:ed:16:5d:69:db:36:aa:aa:51:e7:0d:43
Signer

Actual PE Digest

67:12:d7:1f:0d:da:2d:87:ed:16:5d:69:db:36:aa:aa:51:e7:0d:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\ftex.pdb

Imports

kernel32

GetProcessHeap
OutputDebugStringW
CreateMutexW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
HeapFree
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
HeapAlloc
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
VirtualAlloc
VirtualFree
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
HeapCreate

user32

DefWindowProcW
BeginPaint
DestroyWindow
SetTimer
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
ShowWindow
TranslateMessage
DispatchMessageW
GetMessageW
EndPaint
KillTimer
PostQuitMessage

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorSacl

ole32

CoCreateGuid
CoTaskMemFree

shlwapi

PathFindFileNameW
SHGetValueW
PathFileExistsW
StrCpyW
SHSetValueW
SHDeleteValueW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathAppendW

winhttp

WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse

urlmon

FindMimeFromData

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
log.dll
.dll windows:5 windows x86 arch:x86

b06b122df694eca4827596adc838ca43

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:18:6b:ca:88:a4:c4:2d:7a:aa:51:c6:a7:eb:9d:c7:ef:6c:90:a2
Signer

Actual PE Digest

1a:18:6b:ca:88:a4:c4:2d:7a:aa:51:c6:a7:eb:9d:c7:ef:6c:90:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\log.pdb

Imports

kernel32

LeaveCriticalSection
CreateFileW
GetACP
MultiByteToWideChar
FlushFileBuffers
GetLastError
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
CloseHandle
DeleteFileW
LocalFree
WideCharToMultiByte
WriteFile
OutputDebugStringW
SetFilePointer
QueryPerformanceFrequency
GetFileSize
HeapFree
HeapAlloc
GetTimeFormatA
GetDateFormatA
MoveFileW
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
RaiseException
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
LoadLibraryA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl

Exports

Exports

CloseLog
CreateLog
WriteData
WriteLog
WriteLogA
WriteVLog

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcapp_data/soft_info.db3
skin/AppStoreUpdater/AppStoreUpdater.bskin
.7z
skin/Browser/Browser.bskin
.7z
skin/DeskTool/DeskTool.bskin
.7z
skin/DownloadPage/DownloadPage.bskin
.7z
skin/GameNetPage/GameNetPage.bskin
.7z
skin/PopDialog/PopDialog.bskin
.7z
skin/RookieGuidePage/RookieGuidePage.bskin
.7z
skin/Scattered/app16.bmp
skin/Scattered/app32.bmp
skin/Scattered/app48.bmp
skin/Scattered/default.ico
skin/Scattered/dlbtn_animate.png
.png
skin/Scattered/icn_dl.png
.png
skin/Scattered/icn_ignore.png
.png
skin/Scattered/softmgr_catalog_icon/icon_all.png
.png
skin/Scattered/softmgr_catalog_icon/icon_hot.png
.png
skin/SencePopup/SencePopup.bskin
.7z
skin/UnKnowFile/UnKnowFile.bskin
.7z
skin/WallPaper/WallPaper.bskin
.7z
skin/common/common.bskin
.7z
skin/feedback/browser/lang/en/en.bskin
.7z
skin/feedback/browser/lang/es/es.bskin
.7z
skin/feedback/browser/lang/id/id.bskin
.7z
skin/feedback/browser/lang/pt/pt.bskin
.7z
skin/feedback/browser/lang/th/th.bskin
.7z
skin/feedback/browser/lang/zh-hk/zh-hk.bskin
.7z
skin/feedback/browser/main/main.bskin
.7z
skin/feedback/screenshot/main/main.bskin
.7z
skin/homepage/homepage.bskin
.7z
skin/mainframe/mainframe.bskin
.7z
skin/updatepopup/updatepopup.bskin
.7z
softmgr_update.exe
.exe windows:5 windows x86 arch:x86

ec939c92222af4e0043780848ad04415

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:dd:3c:9b:2b:40:7d:5a:a2:53:f2:af:df:d9:eb:c2:b9:00:2a:3d
Signer

Actual PE Digest

12:dd:3c:9b:2b:40:7d:5a:a2:53:f2:af:df:d9:eb:c2:b9:00:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\softmgr_update.pdb

Imports

shlwapi

StrCmpW
StrCmpIW
SHGetValueW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathRemoveBackslashW
PathFindExtensionW
PathAppendW
StrStrIW
PathAddBackslashW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW

log

WriteLog

winhttp

WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpReceiveResponse
WinHttpSetOption
WinHttpWriteData
WinHttpSetCredentials
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSendRequest

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

appstoredatareport

curl_global_cleanup
curl_easy_cleanup
curl_easy_perform
curl_easy_init
curl_slist_free_all
curl_easy_getinfo
curl_global_init
AS_RD_ReportIncCount
curl_slist_append
curl_easy_setopt

kernel32

LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameW
FindFirstFileW
GetCurrentProcess
FindClose
FindNextFileW
LocalFree
CreateMutexW
Sleep
GetModuleFileNameW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetLastError
CloseHandle
GetTickCount
GetBinaryTypeW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
CreateFileA
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
MultiByteToWideChar
GlobalFree
LockResource
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
OutputDebugStringA
DebugBreak
SetErrorMode
GetExitCodeProcess
WaitForSingleObject
WaitForMultipleObjects
CreateProcessA
GetCommandLineA
GetModuleFileNameA
GetCurrentProcessId
CreateEventA
CreatePipe
SetEvent
DuplicateHandle
OpenProcess
GetTempFileNameA
GetTempPathA
SystemTimeToFileTime
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetSystemTime
CopyFileW
TerminateThread
CreateEventW
CreateThread
GetDateFormatW
GetTimeFormatW
ReadFile
CreateFileW
GetLocalTime
ResetEvent
GetPrivateProfileSectionW
SetFilePointer
FreeLibrary
WriteFile
LoadLibraryW
GetTempPathW
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
ResumeThread
RaiseException
SetInformationJobObject
GetUserDefaultLCID
FileTimeToSystemTime
GetFileTime
GetDriveTypeW
CompareFileTime
GetLogicalDriveStringsW
CreateDirectoryW
WTSGetActiveConsoleSessionId
TryEnterCriticalSection
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetLongPathNameW
GetFileSize
GetStringTypeA
UnmapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
OutputDebugStringW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetCurrentThreadId
ReleaseMutex
HeapAlloc
HeapFree
GetProcessHeap
InterlockedCompareExchange
GetVersionExW
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
InterlockedExchange
GetFileSizeEx
ProcessIdToSessionId
ReadProcessMemory
VirtualQueryEx
VirtualProtect
HeapCreate
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
IsBadReadPtr
InterlockedExchangeAdd
OpenThread
DisconnectNamedPipe
WriteFileEx
CreateNamedPipeW
ConnectNamedPipe
ReadFileEx
GetOverlappedResult
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
SwitchToThread
GetModuleHandleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualAlloc
GetLocaleInfoA
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
ExitThread
DeleteFileA
CreateDirectoryA
FindFirstFileA
FileTimeToLocalFileTime
GetFullPathNameA
GetDriveTypeA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetPrivateProfileSectionNamesW
GetFileType
SetStdHandle
ExitProcess
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
MapViewOfFile
SystemTimeToTzSpecificLocalTime

user32

GetMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
RegisterClassW
GetClassInfoW
DefWindowProcW
PostQuitMessage
SendMessageTimeoutW
GetWindowThreadProcessId
FindWindowExW
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
IsWindow
CreateWindowExW
CallWindowProcW
DispatchMessageW
SendMessageW
PostMessageW
GetDesktopWindow
wsprintfW

advapi32

CreateProcessAsUserW
SetTokenInformation
RegCreateKeyExW
RegSetValueExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RevertToSelf
DuplicateTokenEx

shell32

ExtractIconExW
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHFileOperationW
ShellExecuteExW
SHGetDiskFreeSpaceExW
SHGetFolderPathW
ord165

ole32

CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

msi

ord66
ord217
ord173
ord41

psapi

GetModuleInformation
GetModuleFileNameExW
GetModuleBaseNameW

dbghelp

MakeSureDirectoryPathExists

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

rpcrt4

UuidFromStringW

ws2_32

WSAStartup
gethostbyname
inet_ntoa

iphlpapi

GetAdaptersAddresses

urlmon

FindMimeFromData

wininet

InternetCheckConnectionW
InternetQueryOptionW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

sqlite

sqlite3_busy_timeout
sqlite3_column_int64
sqlite3_column_count
sqlite3_column_type
sqlite3_bind_parameter_index
sqlite3_step
sqlite3_finalize
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_int
sqlite3_errmsg
sqlite3_column_text
sqlite3_bind_blob
sqlite3_open
sqlite3_bind_int
sqlite3_exec
sqlite3_close
sqlite3_prepare
sqlite3_reset
sqlite3_bind_text
sqlite3_free
sqlite3_prepare_v2
sqlite3_mprintf

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlite.dll
.dll windows:5 windows x86 arch:x86

3ac76c32dece6831c4c8ceae9baecde5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:c9:88:53:4b:93:78:2d:8c:00:55:fe:52:2e:ab:24:47:32:d8:dd
Signer

Actual PE Digest

d7:c9:88:53:4b:93:78:2d:8c:00:55:fe:52:2e:ab:24:47:32:d8:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\sqlite.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_utf8_to_mbcs

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
update.dll
.dll windows:5 windows x86 arch:x86

bd06b1e9dad47e5a42c52abd5c982d55

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:91:da:ec:0e:71:78:3e:9b:a4:ff:94:13:d5:6d:46:2b:b4:ed:b1
Signer

Actual PE Digest

9e:91:da:ec:0e:71:78:3e:9b:a4:ff:94:13:d5:6d:46:2b:b4:ed:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\update.pdb

Imports

log

WriteLog

kernel32

LoadResource
WideCharToMultiByte
SizeofResource
MultiByteToWideChar
GlobalFree
LockResource
DeviceIoControl
CloseHandle
GetLastError
CreateDirectoryW
CreateFileW
lstrlenA
GetFileSize
ReadFile
lstrlenW
FileTimeToSystemTime
GetLocalTime
SetFilePointerEx
WriteFile
FlushFileBuffers
GetFileSizeEx
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventW
CreateThread
SetEvent
GetCurrentThreadId
WaitForSingleObject
TerminateThread
EnterCriticalSection
LeaveCriticalSection
Sleep
FormatMessageW
LocalFree
SetEndOfFile
FindResourceW
OutputDebugStringW
GetModuleHandleW
GetModuleFileNameW
GetVersionExW
CopyFileW
DeleteFileW
GetSystemInfo
MoveFileExW
ResetEvent
ResumeThread
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetSystemDirectoryW
InterlockedIncrement
GetTimeZoneInformation
GetPrivateProfileSectionW
GetPrivateProfileStringW
SetEnvironmentVariableA
CompareStringW
CompareStringA
FindResourceExW
CreateFileA
DeleteCriticalSection
InitializeCriticalSection
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
SetFilePointer
HeapAlloc
InterlockedDecrement
InterlockedExchange
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
FileTimeToLocalFileTime
GetDriveTypeW
MoveFileW
GetCommandLineA
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetConsoleCP
GetConsoleMode
CreateMutexW

user32

GetSystemMetrics
wsprintfW

advapi32

RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW
PathAppendW
PathFileExistsW
PathIsDirectoryW

wininet

InternetConnectW
InternetCrackUrlW
HttpSendRequestW
HttpAddRequestHeadersW
InternetReadFile
HttpOpenRequestW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetSetOptionW

iphlpapi

GetAdaptersAddresses

shell32

SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid

Exports

Exports

DllGetClassObject

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
update_config.xml
update_tools.exe
.exe windows:5 windows x86 arch:x86

23bdf1d75f911d0251ee065362f6652e

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:24:7e:22:a7:a7:7e:88:15:b3:e7:55:88:69:18:8b:43:a0:58:76
Signer

Actual PE Digest

86:24:7e:22:a7:a7:7e:88:15:b3:e7:55:88:69:18:8b:43:a0:58:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\app\gensoft\softmgr\client\public\output\pdb\update_tools.pdb

Imports

kernel32

GetModuleFileNameW
GetLastError
WideCharToMultiByte
lstrlenW
FindFirstFileW
FindClose
FindNextFileW
SetFilePointerEx
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
CloseHandle
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
RaiseException
HeapSize
GetStdHandle
GetModuleFileNameA
Sleep
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoW
InterlockedExchange
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InterlockedCompareExchange
InitializeCriticalSection
GetModuleHandleA

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
url.ini
version.xml

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6d:9c:27:e8:ee:65:07:17:37:06:36:57:0f:33:f4:6c:3f:23:aa:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.2MB

.rsrc Size: 249KB - Virtual size: 248KB

45481792862265925202a2ca9dd8adef

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

95:20:b8:78:71:02:db:9d:1b:54:02:78:ce:d3:e8:15:be:39:29:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

urlmon

iphlpapi

Exports

Exports

Sections

.text Size: 470KB - Virtual size: 470KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

898b090104ba01782f07b4a6e48ac063

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6d:9c:27:e8:ee:65:07:17:37:06:36:57:0f:33:f4:6c:3f:23:aa:6a
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.2MB

.rsrc
Size: 249KB - Virtual size: 248KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

95:20:b8:78:71:02:db:9d:1b:54:02:78:ce:d3:e8:15:be:39:29:ef
Signer

.text
Size: 470KB - Virtual size: 470KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b3:9d:2a:43:ce:20:70:f5:b5:0a:78:48:b8:c6:72:97:d6:b0:84:09
Signer

.text
Size: 245KB - Virtual size: 244KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

70:0b:2f:ad:70:52:74:83:9e:4c:38:f6:69:f0:02:24:0d:71:a0:2f
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate