9a1459707abbac87b8b95ebdd65e9028

Sharing

Copy URL

Twitter E-mail

General

Target

9a1459707abbac87b8b95ebdd65e9028
Size

1.0MB
MD5

9a1459707abbac87b8b95ebdd65e9028
SHA1

84bb0fcf17c7c1605a8858a27dbbce27f550a0cf
SHA256

5ea85ac874b09f5b8d48f1490926fa2997ea570a6c62ecdd901f883dd24dc792
SHA512

ab029c94e9192e300e1dd71316ccae244a94c7312d67862fcef269ebb7579f4d1d8780302cabc8a10e727671f097f83745ba8ab53605c5599ec86475b69ee2e2
SSDEEP

24576:IaPcwHwE0nUX+uMW24V1rdirL7aAEhkZ1Jc5Oe5qL5iQu:If68UX+uXirKAEW125F5/

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/BException.dll	acprotect
static1/unpack001/WinIo.dll	acprotect
static1/unpack001/cooper.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/BException.dll	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BException.dll
unpack002/out.upx
unpack001/WinIo.dll
unpack001/WinIo.sys
unpack001/cooper.dll
unpack001/skin/default/SkinEditor1.exe
unpack001/skin/default/皮肤制作工具.exe
unpack001/unins000.exe
unpack001/变速精灵VIP版.vmp.exe

Files

9a1459707abbac87b8b95ebdd65e9028
.rar
BException.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SetExceptionReport
SetSoftwareName

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTPerf.dll
.dll windows:4 windows x86 arch:x86

7571cb143055b7eff1b9a2cadc69d87e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pdh

PdhGetRawCounterValue
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterA
PdhCloseQuery
PdhOpenQueryA

mfc42

ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord1575
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord1116
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord6467
ord3663
ord823
ord5440
ord6383
ord5450
ord6394
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1176
ord3136
ord4080

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Exports

Exports

GetCPU_NT
NTPerf_Initialize
NTPerf_Uninitialize

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PSAPI.DLL
.dll windows:4 windows x86 arch:x86

3b5b4bad881057af15fc35648ebcf206

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

NtAllocateVirtualMemory
RtlNtStatusToDosError
_stricmp
RtlUnwind
atoi
_chkstk
NtStopProfile
sprintf
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
RtlUnicodeToOemN
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
DbgPrint
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
lstrcpyA
GetProcessHeap
LocalFree
SetLastError
LocalAlloc
SetProcessWorkingSetSize
lstrlenA
GetSystemInfo
HeapAlloc

imagehlp

SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymUnloadModule
SymSetOptions
SymInitialize
SymGetSearchPath

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeederXP.chm
.chm
WinIo.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetPhysLong
GetPortVal
InitializeWinIo
InstallWinIoDriver
MapPhysToLin
RemoveWinIoDriver
SetPhysLong
SetPortVal
ShutdownWinIo
UnmapPhysicalMemory

Sections

CODE
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WinIo.sys
.dll windows:4 windows x86 arch:x86

5d021bf7b510ffc70bc03c557e8d5130

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

PsGetCurrentProcessId
DbgPrint
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
_except_handler3
PsGetVersion
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
ExFreePool
ZwDeviceIoControlFile
NtOpenProcess
ExAllocatePoolWithTag
MmGetPhysicalAddress
MmFreeNonCachedMemory
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
IoGetCurrentProcess
MmAllocateNonCachedMemory
IoDeleteSymbolicLink
ZwClose
ZwMapViewOfSection
ZwOpenSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
PsLookupThreadByThreadId
NtDeviceIoControlFile
ObReferenceObjectByHandle

hal

HalTranslateBusAddress

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinIo.vxd
cooper.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Initialize
ShowNewsWindow
UpgradeSoftware

Sections

CODE
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hook.dll
.dll windows:4 windows x86 arch:x86

66c135644bf8a735369e761719ac3c8a

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
ReadProcessMemory
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetTickCount
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

FindWindowA
GetWindowThreadProcessId
GetDesktopWindow

winmm

timeGetTime

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
inproc.dll
.dll windows:4 windows x86 arch:x86

5bde2055b698e3c0bff5fba667fee162

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeSetEvent
timeGetTime

mfc42

ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4079
ord4424
ord3738
ord815
ord561
ord823
ord1570
ord1253
ord1255
ord1578
ord1197
ord600
ord826
ord269
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord825
ord6467
ord4622

msvcrt

malloc
_initterm
free
_onexit
_adjust_fdiv
?terminate@@YAXXZ
_EH_prolog
__CxxFrameHandler
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
time
srand
wcscat
wcsrchr
wcscpy
_ftol
rand

kernel32

LocalAlloc
LocalFree
Sleep
GetModuleHandleA
CreateMutexA
CloseHandle
WaitForSingleObject
GetCurrentProcessId
ReleaseMutex
QueryPerformanceCounter
GetTickCount
GetCurrentProcess
FlushInstructionCache
VirtualProtect
SetLastError

user32

FindWindowA
GetDesktopWindow
EnumWindows
UnhookWindowsHookEx
SetWindowsHookExA
IsWindowVisible
GetWindowThreadProcessId
PostThreadMessageA
PostMessageA
SendMessageA
CallNextHookEx
SetTimer

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARESEG
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logo.gif
.gif
oem_sp.dat
qmsd.sys
.dll windows:4 windows x86 arch:x86

c4f523cff80b1f6ca7dbd7f3da270492

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ObfDereferenceObject
PsProcessType
MmIsAddressValid
PsGetCurrentProcessId
PsLookupProcessByProcessId
KeAttachProcess
_stricmp
DbgPrint
_except_handler3
ExAllocatePoolWithTag
ExFreePool
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
PsGetVersion
IofCompleteRequest
ZwDeviceIoControlFile
NtDeviceIoControlFile
MmGetPhysicalAddress
IoGetCurrentProcess
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
MmAllocateNonCachedMemory
IoDeleteSymbolicLink
ZwClose
ZwMapViewOfSection
ZwOpenSection
ZwUnmapViewOfSection
ZwLoadDriver
KeServiceDescriptorTable
ZwQuerySystemInformation
ObReferenceObjectByName
IoDriverObjectType
PsLookupThreadByThreadId
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
ZwQueryValueKey
ZwOpenKey
KeAddSystemServiceTable
ObOpenObjectByPointer
NtOpenProcess
MmFreeNonCachedMemory
ObReferenceObjectByHandle

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
HalTranslateBusAddress

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin/default/SkinEditor1.exe
.exe windows:4 windows x86 arch:x86

371f5c9f7d3244514204c2f8c2eb9228

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3079
ord4080
ord3825
ord3831
ord4627
ord3574
ord3571
ord3619
ord800
ord4424
ord860
ord540
ord825
ord3626
ord3663
ord2414
ord858
ord6199
ord2859
ord535
ord1641
ord640
ord755
ord5875
ord939
ord926
ord6648
ord1640
ord323
ord470
ord2575
ord5290
ord5277
ord3402
ord609
ord556
ord567
ord809
ord4275
ord2405
ord4284
ord2379
ord6172
ord2122
ord6358
ord1088
ord2864
ord3716
ord790
ord3797
ord823
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord5265
ord4377
ord4854
ord4998
ord4710
ord2514
ord6052
ord1775
ord5287
ord4835
ord4425
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord768
ord489
ord692
ord2302
ord4258
ord4055
ord2818
ord4407
ord1779
ord5953
ord3986
ord3803
ord5606
ord801
ord5860
ord2976
ord3830
ord772
ord3701
ord500
ord6142
ord4204
ord5861
ord6143
ord1168
ord923
ord6663
ord6283
ord6282
ord2764
ord4234
ord4376
ord4853
ord5280
ord3597
ord641
ord6055
ord4224
ord6197
ord6379
ord922
ord2078
ord2113
ord2243
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord2642
ord4694
ord5148
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord4287
ord2109
ord3092
ord1008
ord497
ord4160
ord5850
ord2516
ord361
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord537
ord541
ord3097
ord324
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__dllonexit
__CxxFrameHandler
_mbscmp
atol
atoi
sprintf
_access
_setmbcp
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp

kernel32

ReadFile
GetFullPathNameA
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileSize
CreateFileA
GetModuleHandleA
GetStartupInfoA
CloseHandle

user32

PostMessageA
GetWindowRect
GetActiveWindow
LoadMenuA
AppendMenuA
GetSystemMenu
DrawIcon
GetSystemMetrics
IsIconic
SetRect
PtInRect
SetWindowRgn
GetParent
GetCapture
SetCapture
ClientToScreen
WindowFromPoint
ReleaseCapture
GetWindowLongA
SendMessageA
EnableWindow
DrawTextA
KillTimer
GetClientRect
GetDC
SetTimer
InvalidateRect
GetSubMenu
GetCursorPos
LoadIconA

gdi32

DeleteDC
CreateFontIndirectA
GetObjectA
GetStockObject
GetTextExtentPoint32A
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
CombineRgn
ExtCreateRegion
CreateDIBSection
StretchBlt
CreateCompatibleBitmap

comdlg32

GetOpenFileNameA

ole32

CreateStreamOnHGlobal

olepro32

ord251

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cas
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
skin/default/clock.gif
.gif
skin/default/clock1.gif
.gif
skin/default/down.bmp
skin/default/main.bmp
skin/default/mask.bmp
skin/default/over.bmp
skin/default/skin.ini
skin/default/trackmove.bmp
skin/default/trackstop.bmp
skin/default/皮肤制作工具.exe
.exe windows:4 windows x86 arch:x86

371f5c9f7d3244514204c2f8c2eb9228

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3079
ord4080
ord3825
ord3831
ord4627
ord3574
ord3571
ord3619
ord800
ord4424
ord860
ord540
ord825
ord3626
ord3663
ord2414
ord858
ord6199
ord2859
ord535
ord1641
ord640
ord755
ord5875
ord939
ord926
ord6648
ord1640
ord323
ord470
ord2575
ord5290
ord5277
ord3402
ord609
ord556
ord567
ord809
ord4275
ord2405
ord4284
ord2379
ord6172
ord2122
ord6358
ord1088
ord2864
ord3716
ord790
ord3797
ord823
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord5265
ord4377
ord4854
ord4998
ord4710
ord2514
ord6052
ord1775
ord5287
ord4835
ord4425
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord768
ord489
ord692
ord2302
ord4258
ord4055
ord2818
ord4407
ord1779
ord5953
ord3986
ord3803
ord5606
ord801
ord5860
ord2976
ord3830
ord772
ord3701
ord500
ord6142
ord4204
ord5861
ord6143
ord1168
ord923
ord6663
ord6283
ord6282
ord2764
ord4234
ord4376
ord4853
ord5280
ord3597
ord641
ord6055
ord4224
ord6197
ord6379
ord922
ord2078
ord2113
ord2243
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord2642
ord4694
ord5148
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord4287
ord2109
ord3092
ord1008
ord497
ord4160
ord5850
ord2516
ord361
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord537
ord541
ord3097
ord324
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__dllonexit
__CxxFrameHandler
_mbscmp
atol
atoi
sprintf
_access
_setmbcp
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp

kernel32

ReadFile
GetFullPathNameA
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileSize
CreateFileA
GetModuleHandleA
GetStartupInfoA
CloseHandle

user32

PostMessageA
GetWindowRect
GetActiveWindow
LoadMenuA
AppendMenuA
GetSystemMenu
DrawIcon
GetSystemMetrics
IsIconic
SetRect
PtInRect
SetWindowRgn
GetParent
GetCapture
SetCapture
ClientToScreen
WindowFromPoint
ReleaseCapture
GetWindowLongA
SendMessageA
EnableWindow
DrawTextA
KillTimer
GetClientRect
GetDC
SetTimer
InvalidateRect
GetSubMenu
GetCursorPos
LoadIconA

gdi32

DeleteDC
CreateFontIndirectA
GetObjectA
GetStockObject
GetTextExtentPoint32A
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
CombineRgn
ExtCreateRegion
CreateDIBSection
StretchBlt
CreateCompatibleBitmap

comdlg32

GetOpenFileNameA

ole32

CreateStreamOnHGlobal

olepro32

ord251

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cas
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
speeder.ini
tips.txt
unins000.dat
unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 561KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
version.ini
whatsnew.txt
变速精灵VIP版.vmp.exe
.exe windows:4 windows x86 arch:x86

235f1ac7ce4874e3ed68932daae60a6f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

inproc

ord1
ord8
ord6
ord2
ord5
ord3
ord7

hook

ord2
ord4
ord3
ord1

winmm

timeGetTime

mfc42

ord6242
ord3092
ord4710
ord4853
ord6569
ord2777
ord6927
ord4129
ord5710
ord6930
ord3301
ord2379
ord5450
ord5440
ord6383
ord6394
ord4247
ord4248
ord4245
ord4246
ord1644
ord2455
ord4457
ord4724
ord5053
ord2863
ord4499
ord1133
ord4810
ord4774
ord3021
ord6453
ord4458
ord4500
ord4501
ord4775
ord2575
ord4396
ord3574
ord3721
ord795
ord609
ord2301
ord2302
ord3619
ord3626
ord2414
ord2817
ord4160
ord1641
ord5981
ord2642
ord6334
ord6673
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord565
ord817
ord2726
ord4226
ord1988
ord1200
ord926
ord3573
ord3610
ord656
ord3571
ord5787
ord284
ord1146
ord5875
ord2243
ord413
ord711
ord755
ord470
ord4220
ord2584
ord3654
ord941
ord2614
ord5572
ord2919
ord2438
ord5823
ord3664
ord996
ord640
ord5785
ord1640
ord323
ord2859
ord415
ord613
ord289
ord715
ord5641
ord1867
ord1168
ord2866
ord816
ord5789
ord562
ord283
ord2754
ord1871
ord384
ord686
ord5607
ord2762
ord896
ord2096
ord2408
ord1642
ord2453
ord1862
ord3701
ord500
ord772
ord1176
ord6142
ord2567
ord5788
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord4277
ord3920
ord472
ord6194
ord2860
ord6877
ord5860
ord3702
ord1083
ord501
ord1175
ord1621
ord4202
ord5856
ord536
ord5606
ord2753
ord696
ord1265
ord5642
ord4185
ord5628
ord6467
ord3706
ord2452
ord4023
ord909
ord1816
ord2546
ord3815
ord858
ord1110
ord1724
ord5256
ord706
ord408
ord1865
ord5101
ord2101
ord5104
ord3351
ord976
ord4152
ord2382
ord5283
ord5254
ord2445
ord401
ord1858
ord2102
ord5473
ord407
ord645
ord1864
ord1842
ord5805
ord4145
ord5484
ord3232
ord1137
ord1140
ord2152
ord6696
ord1819
ord3102
ord6154
ord2531
ord4364
ord4057
ord5471
ord4121
ord2389
ord5083
ord1709
ord1713
ord5234
ord6369
ord5279
ord5248
ord2444
ord331
ord4236
ord6652
ord2714
ord3643
ord394
ord773
ord812
ord1270
ord1232
ord559
ord6144
ord3089
ord6605
ord2405
ord2380
ord5781
ord6119
ord3797
ord5862
ord940
ord4133
ord4297
ord1233
ord4204
ord3337
ord1158
ord2370
ord4287
ord6380
ord2289
ord6282
ord6283
ord1199
ord6928
ord4400
ord3630
ord2450
ord5786
ord3370
ord2582
ord4402
ord3640
ord693
ord682
ord4243
ord801
ord6907
ord6883
ord5861
ord541
ord3998
ord6007
ord3286
ord6143
ord3996
ord6675
ord6888
ord3631
ord3719
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord809
ord683
ord616
ord793
ord556
ord2297
ord2363
ord3226
ord1087
ord2122
ord5148
ord4673
ord4274
ord6375
ord4486
ord1105
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord815
ord692
ord790
ord1106
ord1134
ord2820
ord2725
ord3716
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2358
ord2460
ord850
ord6241
ord6111
ord4694
ord6302
ord4168
ord1088
ord6358
ord4299
ord6270
ord6779
ord3803
ord6403
ord3522
ord3521
ord6402
ord4476
ord1949
ord4034
ord4284
ord665
ord924
ord2915
ord823
ord2841
ord825
ord567
ord540
ord2864
ord2124
ord818
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3663
ord4275
ord923
ord6663
ord4224
ord6379
ord2078
ord6905
ord3874
ord4234
ord324
ord542
ord3597
ord4425
ord5280
ord1775
ord6052
ord4998
ord4376
ord5265
ord353
ord6010
ord2514
ord802
ord641
ord2763
ord5683
ord6648
ord1768
ord537
ord6199
ord6880
ord535
ord4467
ord2135
ord366
ord2092
ord674
ord3623
ord4427
ord5252
ord4436
ord1665
ord2649
ord5282
ord5237
ord4077
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord5103
ord5100
ord3059
ord2390
ord2723
ord3402
ord5290
ord389
ord268
ord5207
ord1567
ord690
ord2107
ord3811
ord860
ord2113
ord5953
ord5216
ord3758
ord3408
ord3227
ord3054
ord3425
ord3880
ord551
ord2818
ord939
ord354
ord922
ord5186
ord3318
ord5442
ord1859
ord1979
ord2688

msvcrt

__p__commode
__p__fmode
__set_app_type
_controlfp
_strnicmp
strchr
isspace
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_mbsnbcpy
_fstat
ctime
fwrite
_purecall
_ftol
strncpy
_splitpath
exit
fputs
isupper
isdigit
_mbsicmp
strtoul
_mbsstr
strstr
strncmp
ftell
rewind
fread
free
fgets
fopen
fseek
fgetc
fclose
fputc
rand
_mbscmp
time
srand
__CxxFrameHandler
sscanf
atoi
_mbschr
tolower
_ismbcspace
_mbspbrk
_mbsnbicmp
_CxxThrowException
malloc
strrchr
sprintf
_access
atol
fprintf
_setmbcp
_adjust_fdiv

kernel32

CreateToolhelp32Snapshot
Module32Next
GetCurrentProcess
GetCurrentThread
SetUnhandledExceptionFilter
GetFileSize
ReadFile
GetFullPathNameA
GlobalReAlloc
GlobalFree
GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA
GetFileAttributesA
SizeofResource
OpenProcess
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
SetCurrentDirectoryA
GetCommandLineA
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
GlobalUnlock
DeviceIoControl
GetCurrentProcessId
lstrcatA
lstrlenA
WinExec
lstrcpyA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetCurrentThreadId
SetLastError
MulDiv
GetLastError
FormatMessageA
LocalFree
GetVersion
GetVersionExA
FreeLibrary
LoadLibraryA
GetProcAddress
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
SuspendThread
ResumeThread
CreateThread
Sleep
GetLocalTime
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileA
CloseHandle
QueryPerformanceFrequency
SetLocalTime
QueryPerformanceCounter
CreateProcessA
WaitForSingleObject
GetTempPathA
CreateDirectoryA
DeleteFileA
IsBadReadPtr
SetFileAttributesA
MoveFileExA
GetTickCount
Module32First
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowRect
GetClientRect
DestroyCursor
GetNextDlgTabItem
TrackPopupMenuEx
IsWindowVisible
GetDesktopWindow
MessageBeep
SetDoubleClickTime
GetWindowTextA
FindWindowA
GetWindowThreadProcessId
EnumWindows
SetForegroundWindow
RegisterHotKey
UnregisterHotKey
SetCursor
GetDoubleClickTime
LoadIconA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PtInRect
ChildWindowFromPointEx
GetDC
LoadImageA
SetWindowRgn
WindowFromPoint
GetActiveWindow
ScreenToClient
GetClassInfoA
DefWindowProcA
LoadCursorA
CallNextHookEx
GetClassNameA
GetWindowLongA
SetPropA
FrameRect
GetPropA
RemovePropA
UnhookWindowsHookEx
SetWindowsHookExA
IntersectRect
DeleteMenu
IsRectEmpty
ClientToScreen
GetMenuState
AppendMenuA
ModifyMenuA
GrayStringA
GetMenuDefaultItem
DrawTextA
TabbedTextOutA
DrawEdge
SetRect
DrawFocusRect
GetMessagePos
DrawStateA
GetMenuItemCount
GetMenuItemID
WindowFromDC
CopyRect
DestroyIcon
GetIconInfo
FillRect
MessageBoxA
GetMenuItemRect
GetMenuItemInfoA
OffsetRect
IsMenu
GetWindowDC
GetSystemMetrics
ReleaseDC
ReleaseCapture
SetCapture
GetCapture
LoadMenuA
PostMessageA
SetTimer
GetSubMenu
GetMenuStringA
InflateRect
InvalidateRect
LoadBitmapA
GetSysColor
GetFocus
IsChild
MenuItemFromPoint
KillTimer
CallWindowProcA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
RedrawWindow
GetParent
IsWindow
EnableWindow
SendMessageA
GetSystemMenu
GetCursorPos
GetMenu
DestroyMenu

gdi32

DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
Rectangle
CreateFontA
CreatePatternBrush
CreateCompatibleBitmap
GetDeviceCaps
CreateFontIndirectA
GetNearestColor
SetPixel
GetPixel
GetObjectA
RoundRect
GetTextExtentPoint32A
CreatePen
SetBrushOrgEx
UnrealizeObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
SelectClipRgn
FrameRgn
FillRgn
OffsetRgn
CreatePolygonRgn
CreateRoundRectRgn
GetTextMetricsA
StretchBlt
GetTextColor
SetDIBitsToDevice
GetStockObject
ExtCreateRegion

advapi32

RegCloseKey
RegDeleteKeyA
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueA
RegCreateKeyA
CloseServiceHandle
ControlService

shell32

ExtractIconA
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIcon
_TrackMouseEvent
ImageList_SetBkColor
ImageList_Draw
ImageList_GetImageCount
ImageList_GetIconSize

ole32

CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
SysFreeString

urlmon

URLDownloadToFileA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0Init@ios_base@std@@QAE@XZ

msvcirt

?close@ifstream@@QAEXXZ
?get@istream@@QAEHXZ
??1ios@@UAE@XZ
??1ifstream@@UAE@XZ
?read@istream@@QAEAAV1@PADH@Z
??0ifstream@@QAE@PBDHH@Z
?openprot@filebuf@@2HB
?seekg@istream@@QAEAAV1@J@Z
?tellg@istream@@QAEJXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
??_Difstream@@QAEXXZ

olepro32

ord251

Exports

Exports

O�dxR��F{�.}(��\4��f�9��Z@�`�FM�RP\�n�Cj�E��ޙ&�!��`ҵQ��6��o��k�K��q!�� y �D��/�*��I�W��y$G�V�2�4�6��p$��,J�a��r8J�S��K-9t��1��/� !30Wr� ��R"�L ��t�i�6�{�J�19X�DE�QW=�7�_$J:Z�ݦh��5�#�F��ǫ��p��Re��ޖ��{?ؽh��#�'CJN�=?J��f�Z̉��'��0SQܑ�N`�`;a%�V�wGԃ)��Kv��QE<f�NQ�f��Ρ_�y8Nl��30�'~�� (c�Q �d�}��"��V��}C<m"@:�s��4ٱ��F4M2W'�MQ n0גAӂ�P� P/�b~�*�o�5f#ԛ E�d��GC}��!�Y��V��2��(�� O"iR�Vu��͐Þ�/�)J��A毘U�g��X��l=a�{M�]��{�%Vٺ�X��b��H�S@��5��qN��~O\~>2��Afi"58 5)}#[j��E�s��Fhσ��, !�Ý�� C�R��;h1�� R u��`2|��r,��҄�ɪ�j�и��Y�1WQ_��щ��Yqb��|��b�ɹ'W��Al�I�R��o\�r��a�C'��p�&�ߙ�er��Y.u�6�?��M��dQR˸�s��e��ƣ��D��R�C0BӠ��-�c�w~�\�m@H��o��W��8p.)�OD%��w!��eح��ޚ�`�$_uz�X�X��N��$��f@ *;�Q#@KH��Z{�n�lx35\��v<�t�=��Y�+��T�vLd��Z��/$�j��-*xz��׽:\�?##��ݨ�c�1��ZFg�N�K�X��ߌO�&�id�~]�z-��Z5�Ug�<�pW��L:��i��1��@�3x�`qE|h��W��T��U��LRۯYy~��`z��S��` R�K��I$�E-Szh�j�VY��h)d�ys�"�Ncf��XAR��̐� ��Pb� ��M��o�cK� �Yv��^1��%`w;�q2D��D�&V�C�[¦Y�\�TPK3M&�{t�C*��C�k0�J�j�J}E��ȀK'�f�p��-�&�z�x"F��칭Vch��v$��ȁ_&��%�j��Z˜��%�|Y�b�_�w��"�\��Bvmb#��@W��$��9�:v�F��{��q��i��;�V� ��d�D��̶pa*��Y`�n��~(Y-*��0��~(��¬'y�Dv��/2n��4@��K�|�5.�S׳�Q�,3f��-�kx3�b�,�rl1�د��۹�Z�g,(��6AX��~`ǅ��;hE)O��,�@[�T��U��i�-a��g�]+(��!�?׶!��}�>ݵ ��^0/0��o�!�21��ʠ�Mo��H��I��쟚,��O�P��E��\�,��D ,�la��DЋ�c�,w��x�P�}��zX]2�>�+��O�OR�*� �L��ƄQZ�O�Lљ��Փ�O=[?A��&L�� nx��߲��+��F\JN"�SPr"kk�x��.HN2��LF,�!��s��`�رb��oTo�V�Wk c��m�8Q[�tP��Z��h�!�:]��$��.��ܘ�L��(��A@�0`0��r晕'4�؜+t ?E�*H1r%��F��A~o�L D!b�+ˬ��e��Fgw��¸d0�@Si�R�:��i��)�Y��mn/<Å��e�f��z2��U�R]a Zo_��+�eVg>�{ǜ U&5e�䠥��c p��uD�O��@^e��F�t�|g���Ϝ�A��p @˗�P�ԅ��>`�i�ۚ%6��u��Ν��[�w� ��N|Jh櫛�;�E��r��KȏZ̩.��^��/��b/��р~�'��Ū64��e�V��j��T��L��-$�`��7�8$�?��ff��fz�-{�.��G�{�)SQ G�QHen��F�K`)��b��*|�Tgӌ��Lr} �+��ϰ��6 Kn��i��nvDf�r;#��&��x�'?�r_섹�2f,�D��~=e]yik?WP?--a9}s;�� ڬ΅ӫ�E.�KL5��&'\¯�Mk�-X]6+l�� '�=P�U��PlԆ��O��4KU.?�ڢ�PF#�Jr��uu�v�;쥧w�l��H�� h��r�xAU�� 8�s*��Ѥ)_O��gƃ��=#�lt��!IζF��A��X0d4�r�;��O��r��W��9��qP� #AXw��H?0��!�[��H��\S� ��X��gv>{��{˳U�JJWqL��.֐��x��4�1�fҁ�!�~>|w�Mk��gy_��S0��~�]� Ci�1}��d��"m�O�L@�t_��C��d*�,u�;bX�aw�Y�3Y��6�Ӝ�#�N�:Z��e-nQ��;��'��*�c��d��4��'E��"�5�yQ��Cؚ�7�u�n A׈ n��Xv�*�޴|$�8L��,�� 4xi1�'3W�4�A"��>�7�� "7��j�P�Zsp�*��3R�f�^�l1��/��>L(!25�?�%q��ĳ-�>`.fn�y*��9h�� vC(��&N��tTHc�=r�� #[�o��=\��*�!�'6�wK�� %��E��͚�L�W_{��ɹ�y��\��A��8S��D�\�V-%�2-�7�ڟ·'haǊ�_��bF�?ۂ��$d'��np�i�(�n�h~ IFw��B�<ȅ�OF�iS�)�E�

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sp0
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
所有小软件列表！.url
.url
说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 5KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 898B

7571cb143055b7eff1b9a2cadc69d87e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8Certificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

pdh

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 832B

.reloc Size: 4KB - Virtual size: 528B

3b5b4bad881057af15fc35648ebcf206

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8Certificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

ntdll

kernel32

imagehlp

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 1024B - Virtual size: 914B

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 898B

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 4KB - Virtual size: 528B

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1024B - Virtual size: 914B

CODE
Size: - Virtual size: 28KB

DATA
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 200B

.reloc
Size: 1KB - Virtual size: 1KB

CODE
Size: - Virtual size: 152KB

DATA
Size: 66KB - Virtual size: 68KB

.rsrc
Size: 2KB - Virtual size: 4KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate