97bed640a54baf453f070a814adb4b0c

Sharing

Copy URL Twitter E-mail

General

Target

97bed640a54baf453f070a814adb4b0c
Size

6.0MB
MD5

97bed640a54baf453f070a814adb4b0c
SHA1

d3009e704dffb3fc0adc394c880213a53c853836
SHA256

851154adf73dabec6077f9a65ca65d8de0b6cf0a4d26d6622a09d9accfa31399
SHA512

583d13b1c0a431aa0c1f141c54aae5544d893fd0f9cb534bd992a529b2b30f44b9847fecf76582b5fa9be7eed675a015e4c3e3a68c3f65a5de3a211247d20be7
SSDEEP

98304:RvL9Bxcg4aVb/H7jaMh2+gkWOFsqyf3AilSlLekZK6sIiNN/6CaPXIzitZtw3BPY:BL74ObT2kJVf/yfQqkZK6iQIitZt2Stx

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/HardwareID.dll	acprotect
static1/unpack001/Mscomctl.OCX	acprotect
static1/unpack001/dhRichClient3.dll	acprotect
static1/unpack001/sqlite36_engine.dll	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HardwareID.dll	upx
static1/unpack001/Mscomctl.OCX	upx
static1/unpack001/dhRichClient3.dll	upx
static1/unpack001/sqlite36_engine.dll	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DirectCOM.dll
unpack001/HTTPSVR32.dll
unpack001/HTTPSvrGB.dll
unpack001/HardwareID.dll
unpack002/out.upx
unpack001/MediaInfo.dll
unpack001/Mscomctl.OCX
unpack003/out.upx
unpack001/UPDATER.exe
unpack001/VB6CHS.DLL
unpack001/dhRichClient3.dll
unpack004/out.upx
unpack001/iMovieCollection.exe
unpack001/sqlite36_engine.dll
unpack005/out.upx

Files

97bed640a54baf453f070a814adb4b0c
.rar
Codejock.CommandBars.Unicode.v13.2.1.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

a5d23c9863219e86d57da654ba3658c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:c3:ae:55:e7:04:ff:71:3a:a8:04:9f:aa:81:e8:70:df:29:af:fb
Signer

Actual PE Digest

8c:c3:ae:55:e7:04:ff:71:3a:a8:04:9f:aa:81:e8:70:df:29:af:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5286
ord3737
ord567
ord818
ord4294
ord6437
ord1230
ord4270
ord755
ord470
ord613
ord289
ord2371
ord6037
ord2444
ord1143
ord6153
ord1258
ord1560
ord268
ord283
ord703
ord603
ord1981
ord1961
ord2446
ord3503
ord273
ord403
ord2385
ord786
ord5985
ord519
ord3211
ord1252
ord1763
ord462
ord3110
ord3310
ord3465
ord452
ord6303
ord521
ord4162
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord4272
ord6279
ord4273
ord2755
ord4199
ord6489
ord834
ord836
ord2806
ord4155
ord2805
ord5210
ord1565
ord849
ord850
ord906
ord845
ord537
ord1130
ord2225
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2885
ord6568
ord857
ord941
ord6771
ord536
ord6381
ord6385
ord1971
ord5438
ord3313
ord665
ord5180
ord354
ord925
ord927
ord922
ord1203
ord1220
ord6360
ord3321
ord6361
ord4466
ord5494
ord3273
ord3676
ord446
ord743
ord6435
ord1211
ord2863
ord5571
ord3520
ord433
ord4197
ord5706
ord1637
ord4158
ord1197
ord2914
ord4015
ord2719
ord2722
ord2721
ord3882
ord2825
ord4217
ord5463
ord1574
ord2913
ord2797
ord960
ord6310
ord4174
ord5441
ord6008
ord5771
ord2595
ord3175
ord3178
ord3171
ord3647
ord1636
ord1941
ord2144
ord6451
ord6597
ord3792
ord2372
ord2373
ord2559
ord4265
ord1131
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord6567
ord3025
ord2631
ord6105
ord6331
ord2538
ord291
ord924
ord2706
ord5781
ord1834
ord3087
ord1263
ord2862
ord1851
ord859
ord2787
ord4078
ord4282
ord1137
ord1821
ord656
ord2081
ord4042
ord6195
ord2634
ord3798
ord4279
ord4119
ord940
ord5627
ord3084
ord1214
ord1875
ord2879
ord3079
ord3343
ord4345
ord2617
ord297
ord619
ord5856
ord2456
ord4031
ord1649
ord3438
ord3781
ord434
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord5142
ord3711
ord790
ord6107
ord2105
ord1899
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3397
ord768
ord489
ord2294
ord4253
ord3694
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord2290
ord2362
ord6330
ord3716
ord795
ord3092
ord5949
ord2293
ord6237
ord1900
ord1683
ord4433
ord2046
ord771
ord2033
ord498
ord1008
ord4254
ord4709
ord5714
ord1561
ord1177
ord6720
ord2621
ord1134
ord609
ord807
ord5506
ord3022
ord4037
ord1645
ord429
ord4425
ord5845
ord5284
ord4638
ord4212
ord2568
ord4391
ord3347
ord3572
ord4220
ord1712
ord4055
ord4118
ord2932
ord2567
ord4390
ord3569
ord5886
ord1226
ord3952
ord4229
ord2235
ord1231
ord6398
ord6399
ord3516
ord6397
ord3517
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord975
ord5468
ord3398
ord2874
ord2873
ord4072
ord5233
ord2641
ord1658
ord4430
ord5248
ord3364
ord4421
ord366
ord5006
ord4146
ord3618
ord674
ord3864
ord2119
ord2383
ord5096
ord5099
ord4462
ord2875
ord2375
ord4431
ord5251
ord3368
ord402
ord4422
ord4148
ord3646
ord5280
ord5278
ord4312
ord3443
ord1657
ord3494
ord3170
ord2507
ord355
ord1921
ord4263
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord5080
ord1703
ord1708
ord5230
ord6365
ord5275
ord5058
ord5244
ord2436
ord3725
ord554
ord2108
ord2089
ord5880
ord2916
ord3074
ord2112
ord5801
ord2505
ord293
ord956
ord1191
ord805
ord4358
ord1702
ord3578
ord620
ord298
ord4225
ord4753
ord2400
ord4280
ord3810
ord5123
ord5113
ord4889
ord1768
ord4826
ord4888
ord1896
ord4509
ord1714
ord4583
ord4582
ord4893
ord4364
ord4886
ord4529
ord5070
ord4335
ord4342
ord4717
ord4881
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord4426
ord761
ord569
ord480
ord4251
ord4455
ord3098
ord5256
ord2777
ord1760
ord5921
ord6126
ord6124
ord6127
ord6212
ord3811
ord5140
ord5031
ord6595
ord6561
ord6793
ord6816
ord6022
ord6023
ord860
ord5852
ord3605
ord3515
ord1795
ord1709
ord4448
ord4749
ord2673
ord5147
ord4524
ord4519
ord4538
ord4536
ord4517
ord5681
ord3269
ord439
ord736
ord1850
ord5491
ord6238
ord6316
ord2563
ord5047
ord4109
ord1857
ord979
ord5778
ord2558
ord3915
ord353
ord324
ord6125
ord3748

msvcrt

_wcslwr
_wcsicmp
_wtoi
_purecall
memmove
free
malloc
strchr
swscanf
wcscmp
_ftol
_CIpow
__CxxFrameHandler
wcslen
wcstod
wcscpy
wcsncpy
calloc
wcschr
qsort
wcsrchr
rand
_snprintf
longjmp
fprintf
_iob
abort
_setjmp3
fread
strtod
wcsncmp
_CxxThrowException
floor
ceil
_wcsdup
wcstombs
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

LocalFree
GlobalFree
GlobalSize
lstrcpyW
Sleep
GetCurrentProcessId
lstrcpynW
SetFileAttributesW
GetModuleFileNameW
CreateDirectoryW
CompareStringW
GetCurrentDirectoryW
lstrlenW
lstrcpynA
GetVersion
GetTickCount
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventW
GetVersionExW
LoadLibraryA
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
GetTempPathW
GetTempFileNameW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
DeleteFileW
GetFileAttributesW
lstrcmpA
EnumResourceNamesW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceW
LoadResource
LockResource
CreateFileW
ReadFile
CloseHandle
InterlockedIncrement
GetModuleHandleW
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryW
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

UnionRect
GetTabbedTextExtentA
GetClipboardData
FindWindowExW
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateW
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
GetWindowRgn
CallWindowProcW
RegisterWindowMessageW
IsWindowUnicode
SetWindowLongW
GetWindowLongA
SetWindowLongA
SendMessageW
EnableWindow
GrayStringW
DrawTextW
TabbedTextOutW
GetSubMenu
PeekMessageW
SetRect
SystemParametersInfoW
DefWindowProcW
DrawFrameControl
GetForegroundWindow
GetLastActivePopup
GetWindowLongW
IntersectRect
SetCapture
LockWindowUpdate
GetDCEx
IsRectEmpty
GetCapture
GetMessageW
ClientToScreen
OffsetRect
DispatchMessageW
DeferWindowPos
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
MapVirtualKeyExW
PtInRect
GetKeyboardLayoutList
GetParent
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
DrawFocusRect
IsWindowEnabled
MessageBoxW
OpenClipboard
EmptyClipboard
CloseClipboard
SetForegroundWindow
GetActiveWindow
SetActiveWindow
GetClassLongW
GetMenuDefaultItem
CreatePopupMenu
GetDlgItem
SetParent
MapWindowPoints
SetFocus
GetClassNameW
ShowWindow
IsDialogMessageW
IsClipboardFormatAvailable
wsprintfW
TranslateMessage
WaitMessage
UpdateWindow
GetTopWindow
GetWindow
GetDlgCtrlID
InflateRect
HideCaret
SetCursor
MoveWindow
BringWindowToTop
RedrawWindow
IsZoomed
ReleaseCapture
CharUpperW
ShowCaret
GetNextDlgTabItem
GetFocus
IsChild
MapVirtualKeyW
MessageBeep
PostMessageW
IsMenu
GetMenuItemCount
GetMenuItemInfoW
GetMenuItemID
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyNameTextW
IsCharLowerW
IsIconic
GetKeyboardState
ToUnicodeEx
CallNextHookEx
GetKeyboardLayout
CopyAcceleratorTableW
FillRect
DrawEdge
GetDoubleClickTime
ShowScrollBar
SendMessageTimeoutW
AdjustWindowRectEx
SetCursorPos
GetMenu
GetSystemMenu
LoadIconW
GetMenuState
SetMenu
GetClipboardFormatNameW
BeginDeferWindowPos
ScreenToClient
EndDeferWindowPos
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
GetSystemMetrics
LoadMenuIndirectW
GetMenuStringW
LookupIconIdFromDirectoryEx
LoadMenuW
CopyImage
SetClipboardData
LoadBitmapW
LoadCursorW
DestroyIcon

gdi32

CreateRectRgn
CombineRgn
CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
PtInRegion
EnumFontFamiliesW
GetViewportOrgEx
CreatePatternBrush
GetTextColor
ExtFloodFill
Ellipse
GetCurrentObject
GetMapMode
CreateFontW
Polyline
Rectangle
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
Escape
GetWindowExtEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetCharWidthW
GetCurrentPositionEx
GetTextAlign
GetTextExtentPoint32A
GetTextMetricsW
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
AbortDoc
EndDoc
EndPage
StartPage
DPtoLP
StartDocW
SetAbortProc
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W
Polygon
GetStockObject
EnumFontFamiliesExW
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
GetViewportExtEx
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
DragQueryFileW

comctl32

ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Add
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageInfo
PropertySheetW
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarI4FromCy
VarI4FromR4
VarI4FromR8
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SafeArrayCreate

winmm

waveOutGetNumDevs
PlaySoundW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 544KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codejock.Controls.Unicode.v13.2.1.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

7bab84c1b7b0394506fefba3f1bb2086

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:db:17:22:2c:ad:83:3a:74:5e:a7:41:c6:3c:45:90:91:ff:dc:05
Signer

Actual PE Digest

b1:db:17:22:2c:ad:83:3a:74:5e:a7:41:c6:3c:45:90:91:ff:dc:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord1768
ord5286
ord3737
ord567
ord818
ord4294
ord6437
ord1230
ord4270
ord755
ord470
ord613
ord289
ord2371
ord6037
ord2444
ord1143
ord6153
ord1258
ord1560
ord268
ord703
ord603
ord1961
ord2446
ord273
ord403
ord2385
ord1252
ord1763
ord462
ord3110
ord3310
ord3465
ord452
ord6303
ord521
ord4162
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord6489
ord4272
ord6279
ord4273
ord2755
ord4199
ord834
ord836
ord2806
ord4155
ord2805
ord5210
ord1565
ord849
ord850
ord906
ord845
ord537
ord1130
ord2225
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2885
ord6568
ord857
ord941
ord6771
ord536
ord6381
ord6385
ord1971
ord5438
ord3313
ord665
ord5180
ord354
ord925
ord927
ord922
ord1203
ord1220
ord2863
ord5571
ord3520
ord433
ord4197
ord5706
ord1637
ord4158
ord1197
ord2914
ord4015
ord2719
ord2722
ord2721
ord1941
ord2144
ord6451
ord6597
ord3792
ord2372
ord2373
ord2559
ord4265
ord1131
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord4282
ord1226
ord5781
ord940
ord1147
ord6654
ord6195
ord1137
ord3397
ord3605
ord656
ord765
ord6456
ord5047
ord4474
ord3087
ord2637
ord2100
ord4279
ord6373
ord2070
ord3716
ord795
ord2108
ord6655
ord3084
ord4118
ord6166
ord3693
ord3952
ord1787
ord2634
ord1863
ord1000
ord5585
ord394
ord696
ord3430
ord4180
ord3625
ord2572
ord4394
ord682
ord1836
ord1841
ord4078
ord1840
ord5801
ord6082
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord2033
ord498
ord1008
ord3470
ord4254
ord5845
ord4709
ord2638
ord5784
ord472
ord4253
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord3714
ord793
ord768
ord489
ord2286
ord2354
ord2294
ord4970
ord6330
ord1764
ord6362
ord2405
ord2016
ord4395
ord692
ord1839
ord3798
ord6190
ord4119
ord1807
ord5857
ord3898
ord1644
ord2862
ord2104
ord6191
ord3515
ord6397
ord3865
ord2455
ord3706
ord783
ord1808
ord4229
ord324
ord2567
ord4390
ord609
ord2706
ord6004
ord6896
ord3569
ord801
ord541
ord2293
ord668
ord2762
ord356
ord6874
ord539
ord1850
ord2644
ord1662
ord4532
ord3525
ord2431
ord1686
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord3128
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord4528
ord4943
ord2533
ord2949
ord2376
ord6366
ord2978
ord3143
ord3255
ord4460
ord3264
ord2981
ord3075
ord4076
ord4618
ord5821
ord1202
ord723
ord4244
ord4990
ord4737
ord5884
ord5975
ord6124
ord5569
ord3194
ord5027
ord5570
ord3052
ord4814
ord2558
ord559
ord812
ord823
ord5858
ord5606
ord1821
ord3867
ord2538
ord291
ord1919
ord5852
ord4524
ord4538
ord4517
ord5681
ord3269
ord439
ord736
ord5491
ord5778
ord3915
ord1255
ord1824
ord5647
ord350
ord4028
ord5638
ord6051
ord501
ord1113
ord1112
ord1869
ord3371
ord423
ord1125
ord1607
ord4805
ord1678
ord6036
ord1679
ord3469
ord5002
ord956
ord353
ord6865
ord5679
ord5949
ord3494
ord2507
ord355
ord4037
ord2605
ord1699
ord6566
ord729
ord2496
ord2787
ord430
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord366
ord1834
ord4237
ord4787
ord5248
ord5224
ord1714
ord4583
ord4582
ord4893
ord4364
ord4886
ord4529
ord5070
ord4335
ord4342
ord4881
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord5256
ord4426
ord761
ord480
ord1896
ord4251
ord4888
ord4717
ord5115
ord674
ord5479
ord2488
ord5955
ord3114
ord6038
ord3225
ord3207
ord2896
ord5980
ord3198
ord6162
ord3799
ord4782
ord4754
ord4384
ord4645

msvcrt

_wcslwr
_wcsicmp
_wtoi
_purecall
memmove
free
malloc
strchr
swscanf
wcscmp
_ftol
_CIpow
__CxxFrameHandler
wcslen
wcstod
wcscpy
wcsncpy
calloc
realloc
_wsplitpath
wcstombs
floor
wcsncmp
_fstat
_wfopen
fclose
fseek
ftell
fgetws
wcschr
isprint
swprintf
isxdigit
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
qsort
_snprintf
longjmp
fprintf
_iob
abort
_setjmp3
fread
strtod
_CxxThrowException
ceil
wcsrchr
_wcsdup
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcsstr

kernel32

IsDBCSLeadByte
lstrcpyW
lstrcpynW
GlobalSize
LocalFree
GetPrivateProfileIntW
lstrlenW
GetCurrentDirectoryW
GetModuleFileNameW
GetTickCount
GetVersionExW
LoadLibraryA
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileAttributesW
lstrcmpA
EnumResourceNamesW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceW
LoadResource
LockResource
CreateFileW
ReadFile
CloseHandle
InterlockedIncrement
GetModuleHandleW
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryW
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

GetWindowLongA
SetWindowLongA
SendMessageW
EnableWindow
GrayStringW
DrawTextW
TabbedTextOutW
GetSubMenu
PeekMessageW
SetRect
SystemParametersInfoW
DefWindowProcW
LoadCursorW
GetForegroundWindow
GetLastActivePopup
GetWindowLongW
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
CreateCaret
GetMessageW
ClientToScreen
OffsetRect
DispatchMessageW
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
SetWindowLongW
SetCaretPos
DragDetect
ShowCaret
GetScrollInfo
DestroyCaret
GetScrollPos
GetMenu
ShowWindow
GetDlgItem
LoadIconW
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
wsprintfW
OpenClipboard
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageW
DrawFrameControl
GetFocus
SetCursor
DrawFocusRect
FillRect
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringW
SetWindowTextW
GetDlgCtrlID
GetWindow
GetClassNameW
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
IsWindowUnicode
DrawAnimatedRects
FindWindowW
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
GetSysColor
SetClassLongW
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
GetSystemMetrics
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
LoadMenuW
CopyImage
SetClipboardData
LoadBitmapW
SetWindowPlacement
WinHelpW
VkKeyScanW
GetSystemMenu
RemoveMenu
GetClassLongW
DrawMenuBar
CreateAcceleratorTableW
DestroyAcceleratorTable
UnionRect
TranslateMessage
GetDoubleClickTime
GetTabbedTextExtentA
IsChild
HideCaret
GetMenuItemCount
GetMenuItemID
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
GetWindowPlacement
ShowScrollBar
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateW
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
GetWindowRgn
CallWindowProcW
GetCapture
RegisterWindowMessageW

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsW
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontW
GetCharWidthW
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
GetViewportExtEx
GetWindowExtEx
Ellipse
CombineRgn
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetCurrentPositionEx
GetTextExtentPoint32A
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
Rectangle
GetTextExtentPointW
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W
Polygon
GetStockObject
EnumFontFamiliesExW
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
Polyline
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

DragQueryFileW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
Shell_NotifyIconW

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1016KB - Virtual size: 1014KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Config.ini
Data.db
DirectCOM.dll
.dll windows:4 windows x86 arch:x86

c3667292e5beb8f7231eebb0ccf02bfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegCloseKey

gdi32

MoveToEx

kernel32

CloseHandle
CreateThread
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetCurrentThreadId
GetEnvironmentStringsA
GetExitCodeThread
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
LoadLibraryA
MultiByteToWideChar
ReadFile
ResumeThread
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
InitializeCriticalSection
LeaveCriticalSection
RtlMoveMemory
LoadLibraryExW
LoadLibraryW

ole32

CLSIDFromProgID
CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
ProgIDFromCLSID

oleaut32

GetActiveObject
SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy
LoadTypeLibEx

user32

CreateDialogIndirectParamA
CreateDialogParamA
CreateWindowExA
DialogBoxIndirectParamA
PeekMessageA
DialogBoxParamA
GetWindow

Exports

Exports

ASSIGN
ASSIGNADDREF
ASSIGNSWAP
CLOSETHREADHANDLE
DEREF
GETDLLCLASSOBJECT
GETINSTANCE
GETINSTANCELASTERROR
GETTHREADCOUNT
GETTHREADSTATUS
GetInstanceEx
READTSC
STARTCOMOBJECT
UNLOADCOMDLL

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GB2312.dll
HTTPSVR32.dll
.dll windows:4 windows x86 arch:x86

a74d5219531d2617f6ff422174cc01cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetModuleHandleA
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
GetVersion
MultiByteToWideChar
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
Sleep
GetStartupInfoA

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SystemParametersInfoA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
PtInRect

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

Exports

Exports

GetTheWebFileInfo

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTTPSvrGB.dll
.dll windows:4 windows x86 arch:x86

f86be736ff29ffc95ab52e8b63036a58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetModuleHandleA
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
GetVersion
Sleep
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetStartupInfoA

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SystemParametersInfoA
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
PtInRect

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

Exports

Exports

BaiduInfo

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HardwareID.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetDllVer
GetHardwareID
GetHardwareIDWithAppID
GetHardwareIDWithAppID_vba
GetHardwareID_vba

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 197B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Images/Movie_No_Poster.jpg
.jpg
Images/Person.image
.gif
Images/Person/Thumbs.db
Images/Person_No_Poster.jpg
.jpg
Images/Poster/Thumbs.db
Images/Thumbs.db
Images/新云软件.url
.url
MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MediaInfo.dll
.dll windows:4 windows x86 arch:x86

13cc5cccb80426132da26ef0ca5a5087

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetFullPathNameW
GetFullPathNameA
FindFirstFileW
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindClose
FindNextFileA
FindNextFileW
Sleep
CloseHandle
ResumeThread
CreateThread
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
GetTimeZoneInformation
CreateFileW
GetLastError
GetFileTime
GetVersion
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
GetACP
GetOEMCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc

Exports

Exports

MediaInfoA_Close
MediaInfoA_Count_Get
MediaInfoA_Delete
MediaInfoA_Get
MediaInfoA_GetI
MediaInfoA_Inform
MediaInfoA_New
MediaInfoA_New_Quick
MediaInfoA_Open
MediaInfoA_Open_Buffer
MediaInfoA_Open_Buffer_Continue
MediaInfoA_Open_Buffer_Continue_GoTo_Get
MediaInfoA_Open_Buffer_Finalize
MediaInfoA_Open_Buffer_Init
MediaInfoA_Option
MediaInfoA_Output_Buffer_Get
MediaInfoA_Output_Buffer_GetI
MediaInfoA_Save
MediaInfoA_Set
MediaInfoA_SetI
MediaInfoA_State_Get
MediaInfoListA_Close
MediaInfoListA_Count_Get
MediaInfoListA_Count_Get_Files
MediaInfoListA_Delete
MediaInfoListA_Get
MediaInfoListA_GetI
MediaInfoListA_Inform
MediaInfoListA_New
MediaInfoListA_New_Quick
MediaInfoListA_Open
MediaInfoListA_Open_Buffer
MediaInfoListA_Option
MediaInfoListA_Save
MediaInfoListA_Set
MediaInfoListA_SetI
MediaInfoListA_State_Get
MediaInfoList_Close
MediaInfoList_Count_Get
MediaInfoList_Count_Get_Files
MediaInfoList_Delete
MediaInfoList_Get
MediaInfoList_GetI
MediaInfoList_Inform
MediaInfoList_New
MediaInfoList_New_Quick
MediaInfoList_Open
MediaInfoList_Open_Buffer
MediaInfoList_Option
MediaInfoList_Save
MediaInfoList_Set
MediaInfoList_SetI
MediaInfoList_State_Get
MediaInfo_Close
MediaInfo_Count_Get
MediaInfo_Delete
MediaInfo_Get
MediaInfo_GetI
MediaInfo_Info_Version
MediaInfo_Inform
MediaInfo_New
MediaInfo_New_Quick
MediaInfo_Open
MediaInfo_Open_Buffer
MediaInfo_Open_Buffer_Continue
MediaInfo_Open_Buffer_Continue_GoTo_Get
MediaInfo_Open_Buffer_Finalize
MediaInfo_Open_Buffer_Init
MediaInfo_Option
MediaInfo_Output_Buffer_Get
MediaInfo_Output_Buffer_GetI
MediaInfo_Save
MediaInfo_Set
MediaInfo_SetI
MediaInfo_State_Get

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mscomctl.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 385KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PrintCovers/Cover.jpg
.jpg
Styles/Office2007Aqua.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

88:7e:a0:c9:33:2c:fe:74:f0:a8:a8:4c:b0:01:96:72:45:ca:32:4c
Signer

Actual PE Digest

88:7e:a0:c9:33:2c:fe:74:f0:a8:a8:4c:b0:01:96:72:45:ca:32:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Office2007Black.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:f3:e1:db:25:83:a0:4e:c3:49:6e:cb:41:f6:47:97:7c:9c:e4:bb
Signer

Actual PE Digest

01:f3:e1:db:25:83:a0:4e:c3:49:6e:cb:41:f6:47:97:7c:9c:e4:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Office2007Blue.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cb:c3:c8:5d:63:53:09:02:d5:92:7e:10:d8:ed:60:ad:5e:77:3a:1d
Signer

Actual PE Digest

cb:c3:c8:5d:63:53:09:02:d5:92:7e:10:d8:ed:60:ad:5e:77:3a:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Office2007Scenic.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

69:42:7f:51:cb:38:c0:12:e1:ba:e4:58:c1:33:4d:83:dc:48:02:85
Signer

Actual PE Digest

69:42:7f:51:cb:38:c0:12:e1:ba:e4:58:c1:33:4d:83:dc:48:02:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Office2007Silver.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:ce:10:c5:23:9e:fa:92:35:17:00:dd:eb:e7:47:3f:86:87:3e:4b
Signer

Actual PE Digest

56:ce:10:c5:23:9e:fa:92:35:17:00:dd:eb:e7:47:3f:86:87:3e:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Office2007White.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:89:00:2b:fc:46:90:eb:cd:19:63:70:ab:f2:42:4c:13:0e:24:ee
Signer

Actual PE Digest

98:89:00:2b:fc:46:90:eb:cd:19:63:70:ab:f2:42:4c:13:0e:24:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Top250.xml
UPDATER.exe
.exe windows:4 windows x86 arch:x86

b5e074b7a866393051bc44451a7e96e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileA

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaVarSetVarAddref
__vbaCopyBytes
__vbaResume
__vbaVarCmpNe
__vbaForEachCollAd
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
EVENT_SINK2_Release
__vbaVarForInit
__vbaExitProc
__vbaI4Abs
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord599
ord520
__vbaBoolVar
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
__vbaErase
ord631
ord709
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
__vbaPrintObj
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaFpI2
ord616
__vbaFpI4
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaR8IntI4
_allmul
__vbaLateIdSt
__vbaFpCSngR4
_CItan
__vbaNextEachCollAd
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 304KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VB6CHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dhRichClient3.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 353KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iMovieCollection.exe
.exe windows:4 windows x86 arch:x86

49f45b2a1248e202c9843af7826f5003

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW

gdiplus

GdipGetImageHeight
GdipLoadImageFromFile
GdipRotateWorldTransform
GdipGetInterpolationMode
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipSetPropertyItem
GdipDrawImageRectRectI
GdipGetImageEncoders
GdipGetImagePaletteSize
GdipGetImageThumbnail
GdipGetImageRawFormat
GdipGetPropertyCount
GdipCreateHBITMAPFromBitmap
GdipGetImageGraphicsContext
GdipGetImageDimension
GdipDrawImageRect
GdipGetPropertyItemSize
GdipGetImageWidth
GdipGetImageEncodersSize

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarTstGt
__vbaVarSub
ord583
__vbaStrI2
__vbaI2Sgn
_CIcos
_adj_fptan
ord585
__vbaStrAryToUnicode
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
ord694
__vbaStrAryToAnsi
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
ord588
ord696
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaNextEachVar
__vbaRaiseEvent
__vbaGetFxStr3
__vbaFreeObjList
__vbaR8Sgn
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaVarSetVarAddref
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
__vbaError
__vbaBoolErrVar
ord553
__vbaLsetFixstr
ord660
__vbaStrDate
__vbaSetSystemError
__vbaRecDestruct
__vbaNameFile
__vbaLenBstrB
__vbaHresultCheckObj
ord557
ord558
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord591
__vbaLateMemSt
EVENT_SINK2_Release
ord592
__vbaStrBool
__vbaVarPow
ord593
__vbaExitProc
__vbaForEachCollObj
__vbaVarForInit
ord300
ord594
__vbaI4Abs
ord301
__vbaStrLike
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord305
ord599
ord704
__vbaFpR4
ord306
__vbaStrFixstr
ord520
__vbaForEachCollVar
__vbaBoolVar
ord307
ord521
__vbaFPFix
ord309
__vbaVargVar
__vbaRefVarAry
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
ord709
__vbaVarCmpGt
__vbaVarZero
ord525
__vbaNextEachCollObj
ord632
__vbaVargVarMove
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaVarAbs
__vbaGenerateBoundsError
ord528
__vbaExitEachColl
__vbaGet3
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
__vbaCyI4
ord560
__vbaPrintObj
ord561
__vbaObjVar
__vbaI2I4
__vbaNextEachCollVar
DllFunctionCall
ord563
__vbaVarLateMemSt
__vbaVarOr
__vbaCySub
__vbaFpUI1
__vbaCastObjVar
ord566
__vbaLbound
__vbaStrR4
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
ord568
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
ord710
__vbaStr2Vec
__vbaStrUI1
__vbaFpCmpCy
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord711
ord313
ord712
__vbaStrToUnicode
ord713
ord606
_adj_fprem
_adj_fdivr_m64
ord714
__vbaI2Str
__vbaR8ErrVar
__vbaFailedFriend
ord607
__vbaVarDiv
__vbaLateIdStAd
ord715
ord530
ord608
__vbaVargVarRef
ord531
ord716
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaDateVar
ord535
__vbaI2Var
__vbaStopExe
ord644
ord537
ord538
ord645
_CIlog
ord539
ord646
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord570
__vbaNew2
__vbaR8Str
__vbaVarLateMemCallLdRf
__vbaInStr
ord648
__vbaCyMulI2
ord571
__vbaVarInt
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaVarSetObj
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
ord320
__vbaFreeVarg
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
ord613
__vbaVerifyVarObj
ord614
__vbaFpI2
__vbaVarTstGe
ord616
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaR8IntI2
__vbaVarSetObjAddref
ord617
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaI2ErrVar
ord618
__vbaStrMove
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
__vbaForEachVar
__vbaR8IntI4
__vbaMidStmtVar
ord619
ord542
ord650
ord543
_allmul
ord544
__vbaVarLateMemCallSt
__vbaLateIdSt
__vbaLateMemCallSt
ord545
ord652
_CItan
__vbaNextEachCollAd
ord546
__vbaUI1Var
ord547
__vbaAryUnlock
__vbaFPInt
__vbaFpCSngR8
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
ord580
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iMovieCollection.exe.manifest
.xml
sqlite36_engine.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LzmaCompress
LzmaUncompress
compress
fastlz_compress
fastlz_decompress
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_table_name
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_key
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_malloc
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_realloc
sqlite3_rekey
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_step
sqlite3_table_column_metadata
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vmprintf
uncompress
vb_get_columns

Sections

UPX0
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
如何注册.txt
访问电影收藏家官网.url
.url
软件使用许可协议.txt

Sharing

General

Malware Config

Signatures

Files

a5d23c9863219e86d57da654ba3658c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bfCertificate

Extended Key Usages

Key Usages

8c:c3:ae:55:e7:04:ff:71:3a:a8:04:9f:aa:81:e8:70:df:29:af:fbSigner

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 260KB - Virtual size: 258KB

.data Size: 120KB - Virtual size: 129KB

.rsrc Size: 544KB - Virtual size: 542KB

.reloc Size: 128KB - Virtual size: 126KB

7bab84c1b7b0394506fefba3f1bb2086

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bfCertificate

Extended Key Usages

Key Usages

b1:db:17:22:2c:ad:83:3a:74:5e:a7:41:c6:3c:45:90:91:ff:dc:05Signer

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 1016KB - Virtual size: 1014KB

.rdata Size: 232KB - Virtual size: 230KB

.data Size: 60KB - Virtual size: 75KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

8c:c3:ae:55:e7:04:ff:71:3a:a8:04:9f:aa:81:e8:70:df:29:af:fb
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 260KB - Virtual size: 258KB

.data
Size: 120KB - Virtual size: 129KB

.rsrc
Size: 544KB - Virtual size: 542KB

.reloc
Size: 128KB - Virtual size: 126KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

b1:db:17:22:2c:ad:83:3a:74:5e:a7:41:c6:3c:45:90:91:ff:dc:05
Signer

.text
Size: 1016KB - Virtual size: 1014KB

.rdata
Size: 232KB - Virtual size: 230KB

.data
Size: 60KB - Virtual size: 75KB

.rsrc
Size: 344KB - Virtual size: 341KB

.reloc
Size: 112KB - Virtual size: 109KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 65KB

.link
Size: 2KB - Virtual size: 2KB

.rloc
Size: 512B - Virtual size: 512B

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 84KB

UPX1
Size: 46KB - Virtual size: 48KB

.rsrc
Size: 3KB - Virtual size: 4KB