99049d2d1613511f80ecf31b75b04f77

Sharing

Copy URL Twitter E-mail

General

Target

99049d2d1613511f80ecf31b75b04f77
Size

8.2MB
MD5

99049d2d1613511f80ecf31b75b04f77
SHA1

a20cd22c82d4032d309ee770fc849423a297f99c
SHA256

948ec92f18c6065fa3ea7ead463284874a574cac10a8eecaa6bd13239f692648
SHA512

0a48fdfb46e09b6fa15ce44dc7fb0c224e852c5f863ff3b7256210ffb1ce461d751c4d928472a63baed8424e85189e91a5bc98b91f7189f83e34951141fe0bd0
SSDEEP

196608:NhwXtvzKpiH93HGIKATaM5xFK6VapuemPzmZiKacair5n:NhEtvz6iH93H1Bz1VVAmPzOiKL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/格子啦软件盒子V2011/soft/QQ2010.exe	upx
static1/unpack001/格子啦软件盒子V2011/格子啦软件盒子V2011.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/System.dll
unpack003/out.upx
unpack001/格子啦软件盒子V2011/soft/WinRARv3.93.exe
unpack001/格子啦软件盒子V2011/格子啦软件盒子V2011.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/格子啦软件盒子V2011/soft/360.exe	nsis_installer_1

Files

99049d2d1613511f80ecf31b75b04f77
.rar
格子啦软件盒子V2011/Config.ini
格子啦软件盒子V2011/ICO/32.png
.png
格子啦软件盒子V2011/ICO/360.ico
格子啦软件盒子V2011/ICO/360ll.ico
格子啦软件盒子V2011/ICO/7z.ico
格子啦软件盒子V2011/ICO/FR.ico
格子啦软件盒子V2011/ICO/IE.ico
格子啦软件盒子V2011/ICO/JD.ico
格子啦软件盒子V2011/ICO/Office2.ico
格子啦软件盒子V2011/ICO/PPLive.ico
格子啦软件盒子V2011/ICO/QQ.ico
格子啦软件盒子V2011/ICO/RAR.ico
格子啦软件盒子V2011/ICO/RAR.png
.png
格子啦软件盒子V2011/ICO/Real.ico
格子啦软件盒子V2011/ICO/RealOnline.ico
格子啦软件盒子V2011/ICO/StormIII.ico
格子啦软件盒子V2011/ICO/Thumbs.db
格子啦软件盒子V2011/ICO/acd.ico
格子啦软件盒子V2011/ICO/alww.ico
格子啦软件盒子V2011/ICO/ay.ico
格子啦软件盒子V2011/ICO/bf.ico
格子啦软件盒子V2011/ICO/bh.ico
格子啦软件盒子V2011/ICO/cb.ico
格子啦软件盒子V2011/ICO/cs.ico
格子啦软件盒子V2011/ICO/cy.ico
格子啦软件盒子V2011/ICO/db.ico
格子啦软件盒子V2011/ICO/dh1.png
.png
格子啦软件盒子V2011/ICO/dh2.png
.png
格子啦软件盒子V2011/ICO/dh3.png
.png
格子啦软件盒子V2011/ICO/dh4.png
.png
格子啦软件盒子V2011/ICO/dh5.png
.png
格子啦软件盒子V2011/ICO/dh6.png
.png
格子啦软件盒子V2011/ICO/dx.ico
格子啦软件盒子V2011/ICO/dzh.ico
格子啦软件盒子V2011/ICO/dzt.ico
格子啦软件盒子V2011/ICO/fhq.ico
格子啦软件盒子V2011/ICO/flash.ico
格子啦软件盒子V2011/ICO/fx.ico
格子啦软件盒子V2011/ICO/gy.ico
格子啦软件盒子V2011/ICO/hf.ico
格子啦软件盒子V2011/ICO/hx.ico
格子啦软件盒子V2011/ICO/hyzj.ico
格子啦软件盒子V2011/ICO/ie.png
.png
格子啦软件盒子V2011/ICO/jp.ico
格子啦软件盒子V2011/ICO/js.png
.png
格子啦软件盒子V2011/ICO/kb.ico
格子啦软件盒子V2011/ICO/kw.ico
格子啦软件盒子V2011/ICO/movie.ico
格子啦软件盒子V2011/ICO/msn.ico
格子啦软件盒子V2011/ICO/net.ico
格子啦软件盒子V2011/ICO/office.ico
格子啦软件盒子V2011/ICO/on.ico
格子啦软件盒子V2011/ICO/play.ico
格子啦软件盒子V2011/ICO/pps.ico
格子啦软件盒子V2011/ICO/qq.png
.png
格子啦软件盒子V2011/ICO/qqgame.ico
格子啦软件盒子V2011/ICO/qqyy.ico
格子啦软件盒子V2011/ICO/qqyy.png
.png
格子啦软件盒子V2011/ICO/rx.ico
格子啦软件盒子V2011/ICO/sg.ico
格子啦软件盒子V2011/ICO/sg.png
.png
格子啦软件盒子V2011/ICO/sgwb.ico
格子啦软件盒子V2011/ICO/sjzc.ico
格子啦软件盒子V2011/ICO/srf.ico
格子啦软件盒子V2011/ICO/su.ico
格子啦软件盒子V2011/ICO/ths.ico
格子啦软件盒子V2011/ICO/tt.ico
格子啦软件盒子V2011/ICO/tuijian.png
.png
格子啦软件盒子V2011/ICO/wm.ico
格子啦软件盒子V2011/ICO/wmplayer.png
.png
格子啦软件盒子V2011/ICO/wps.ico
格子啦软件盒子V2011/ICO/xiazai.png
.png
格子啦软件盒子V2011/ICO/xl.ico
格子啦软件盒子V2011/ICO/xx.ico
格子啦软件盒子V2011/ICO/xyx.ico
格子啦软件盒子V2011/ICO/yjhf.ico
格子啦软件盒子V2011/ICO/zhuye.png
.png
格子啦软件盒子V2011/ICO/zhuye2.png
.png
格子啦软件盒子V2011/soft/360.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:a8:0c:51:4a:ff:48:ac:df:24:14:4e:5c:ba:94:45:b4:2c:0f:7e
Signer

Actual PE Digest

21:a8:0c:51:4a:ff:48:ac:df:24:14:4e:5c:ba:94:45:b4:2c:0f:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/360Inst_$0.exe
.exe windows:4 windows x86 arch:x86

1ca1900e23b25a0e04b7d75dace16a60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:c6:aa:ad:43:e5:c3:89:86:af:bc:16:6c:d6:61:eb:9e:78:ec:24
Signer

Actual PE Digest

96:c6:aa:ad:43:e5:c3:89:86:af:bc:16:6c:d6:61:eb:9e:78:ec:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryW
PathCombineW
StrStrIW
wvnsprintfW
PathAppendW
SHGetValueW
PathFindFileNameW
PathIsRootW
PathIsDirectoryEmptyW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetTempFileNameW
GetCurrentProcessId
GetTempPathW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetExitCodeThread
ResumeThread
FindNextFileW
SetLastError
GetFullPathNameW
FindFirstFileW
FindClose
GetCommandLineW
lstrcpyW
FlushInstructionCache
GetCurrentProcess
FlushFileBuffers
WriteFile
ReadFile
GetFileSize
CreateFileW
FreeResource
GlobalUnlock
LockResource
SizeofResource
LoadResource
FindResourceW
HeapDestroy
DeleteCriticalSection
WaitForSingleObject
CreateProcessW
GetStartupInfoW
GetModuleFileNameW
InitializeCriticalSection
CreateMutexW
GetLastError
DebugBreak
OutputDebugStringW
lstrlenA
GetProcAddress
GetModuleHandleW
GetVersionExW
GlobalFree
RemoveDirectoryW
GlobalAlloc
GetFileSizeEx
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTickCount
TerminateProcess
GetExitCodeProcess
GetFileAttributesExW
GetSystemDirectoryW
CopyFileW
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
LoadLibraryW
FreeLibrary
WideCharToMultiByte
GetVersion
MulDiv
CreateThread
CreateEventW
SetEvent
TlsSetValue
TlsGetValue
TlsAlloc
GetLongPathNameW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
ResetEvent
InterlockedExchangeAdd
CreateWaitableTimerW
SetWaitableTimer
CreateSemaphoreW
MoveFileW
SetEndOfFile
GetThreadTimes
WaitForMultipleObjects
ReleaseSemaphore
ReleaseMutex
GetCurrentThread
VirtualAlloc
VirtualFree
LoadLibraryExW
SetFilePointer
LocalFree
SetErrorMode
SetUnhandledExceptionFilter
Sleep
DeleteFileW
MoveFileExW
InterlockedIncrement
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetFileType
GetSystemTime
FormatMessageW
HeapFree
TlsFree
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
OpenThread
GlobalLock

user32

DefWindowProcW
EndDialog
PeekMessageW
GetMessageW
TranslateMessage
DestroyWindow
SetForegroundWindow
SetWindowPos
MapWindowPoints
GetClientRect
ShowWindow
GetActiveWindow
SetWindowLongW
PostMessageW
DispatchMessageW
SendMessageW
DialogBoxParamW
UnregisterClassW
CallNextHookEx
UnhookWindowsHookEx
CheckDlgButton
SetWindowsHookExW
IsDlgButtonChecked
GetDlgItemTextW
CreateDialogParamW
BeginPaint
EndPaint
SetCursor
GetSysColor
IsWindowEnabled
GetDC
ReleaseDC
InflateRect
GetWindowTextW
LoadStringW
MoveWindow
GetScrollRange
GetScrollPos
SetScrollPos
SetFocus
SetScrollInfo
ShowScrollBar
GetCursorPos
ScreenToClient
DrawTextW
GetSystemMenu
EnableMenuItem
DestroyMenu
GetWindowPlacement
BringWindowToTop
LoadIconW
FindWindowExW
UpdateWindow
PostQuitMessage
IsDialogMessageW
LoadBitmapW
KillTimer
CreateWindowExW
CallWindowProcW
InvalidateRect
RedrawWindow
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
IsWindow
IsWindowVisible
IsIconic
ExitWindowsEx
EnableWindow
OffsetRect
GetDlgItem
PtInRect
CopyRect
CharLowerW
SetDlgItemTextW
SetTimer
CharUpperW
wvsprintfW
GetSystemMetrics
LoadImageW
SetWindowTextW
GetParent
MessageBoxW
CharNextW
GetScrollInfo
SystemParametersInfoW
GetWindowRect
GetWindow
GetWindowLongW

gdi32

ExtTextOutW
SetBkMode
GetDeviceCaps
CreateCompatibleBitmap
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
SetBkColor
CreateFontIndirectW

advapi32

RegSetValueExW
LookupPrivilegeValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CLSIDFromProgID
CoCreateInstance
CoCreateGuid
StringFromCLSID
OleRun
CoUninitialize

oleaut32

VariantClear
OleLoadPicture
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantInit
CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

msvcp60

?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?nothrow@std@@3Unothrow_t@1@B
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0_Winit@std@@QAE@XZ

ws2_32

htonl
ntohs
htons
inet_addr
inet_ntoa
gethostbyname
WSAGetLastError
WSAStartup
WSACleanup
recvfrom
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSASetLastError
WSAAsyncSelect
recv
bind
socket
connect
closesocket
setsockopt
send
ntohl
gethostname
getsockopt
ioctlsocket
accept
listen
shutdown
getsockname
getpeername
sendto

setupapi

SetupIterateCabinetW

wininet

HttpQueryInfoW
InternetErrorDlg
InternetOpenUrlW
InternetOpenW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle

msvcrt

_wcsnicmp
printf
exit
malloc
wcscmp
_wtoi
iswdigit
time
srand
rand
wcsstr
realloc
free
swprintf
wcsncmp
_wcsicmp
wcschr
fclose
fread
_wfopen
_ftol
wcscat
_purecall
wprintf
_except_handler3
__RTDynamicCast
iswspace
isdigit
_CxxThrowException
clock
gmtime
_wstat
_CIpow
atoi
_wcsdup
_stricmp
tolower
toupper
setlocale
fflush
fwprintf
_vsnprintf
_stat
fprintf
ctime
sprintf
_endthreadex
_vsnwprintf
strncpy
strtol
strchr
calloc
strncmp
memchr
_strnicmp
isspace
_atoi64
_wtoi64
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
fopen
_callnewh
_errno
wcstok
strerror
swscanf
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_wcsupr
_itoa
??0exception@@QAE@ABV0@@Z
wcsrchr
wcscpy
_snwprintf
wcslen
_beginthreadex
wcsncat
wcsncpy
??2@YAPAXI@Z
memmove
__CxxFrameHandler

psapi

EnumProcessModules
GetModuleFileNameExW

iphlpapi

GetNetworkParams
GetAdaptersInfo

secur32

InitializeSecurityContextA
FreeCredentialsHandle
AcquireCredentialsHandleA

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/logo.wmv
$TEMP/newlogo.exe
.exe windows:4 windows x86 arch:x86

221a82e5088a31aa051299d3642e1b6d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2680
ord755
ord470
ord1560
ord1165
ord3566
ord3621
ord3658
ord2406
ord1634
ord5781
ord2371
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord2613
ord1131
ord800
ord1143
ord6451
ord5264
ord2078
ord823
ord1941
ord4029
ord535
ord540
ord861
ord2606
ord5568
ord2910
ord6279
ord6278
ord858
ord860
ord6868
ord4197
ord942
ord940
ord2756
ord5706
ord4199
ord922
ord4124
ord6770
ord6640
ord6655
ord941
ord2776
ord2755
ord6919
ord6920
ord925
ord4273
ord537
ord2914
ord2810
ord1561
ord268
ord1177
ord2859
ord2139
ord3792
ord5714
ord6193
ord5228
ord4279
ord1761
ord2294
ord818
ord2127
ord567
ord4418
ord3397
ord5286
ord1768
ord6051
ord1633
ord1172
ord825
ord289
ord323
ord6597
ord2397
ord640
ord1569
ord613
ord4704
ord4282
ord6211
ord4294
ord4229
ord324
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord538
ord5261

msvcrt

__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
swprintf
_onexit
wcsrchr
strerror
wcstok
_errno
_CxxThrowException
_strlwr
strchr
_wcslwr
__CxxFrameHandler
memcmp
wcsstr
wcsncat
_controlfp
_snwprintf
_purecall
wcscmp
memset
wcscpy
_wcsicmp
strncpy
wcsncpy
memcpy
wcslen
_vsnwprintf
_wtoi
wcschr
_wcsnicmp
strlen
_wcsupr
swscanf

kernel32

InterlockedCompareExchange
Sleep
GetVersionExW
InterlockedDecrement
OpenProcess
GetCurrentProcess
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
VirtualFreeEx
CloseHandle
GetModuleHandleW
GetCommandLineW
FindResourceW
LoadResource
LockResource
FreeResource
LoadLibraryW
GetModuleFileNameW
GetProcAddress
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemDirectoryW
GetFileType
SetLastError
LocalFree
GetSystemTime
FormatMessageW
OutputDebugStringW
GetCurrentThreadId
HeapFree
TlsFree
ReleaseMutex
SetEnvironmentVariableW
TlsAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
TlsSetValue
OpenThread
TlsGetValue
GetStartupInfoW
lstrlenW
CreateFileW
SetFilePointer
ExpandEnvironmentStringsW
GetFileAttributesExW
ReadFile
GetLastError
FindClose
FindNextFileW
FindFirstFileW
SearchPathW
GetFileAttributesW
MultiByteToWideChar
LoadLibraryExW
WideCharToMultiByte
VirtualFree
VirtualAlloc
GetFileSize
GetFileSizeEx

user32

LoadIconW
EnumWindows
SetWindowPos
LoadStringW
GetClassNameW
IsIconic
DrawIcon
IsWindowEnabled
GetActiveWindow
SetActiveWindow
GetWindowRect
SetTimer
KillTimer
GetWindowThreadProcessId
ClientToScreen
FindWindowExW
IsWindow
GetSystemMetrics
FindWindowW
SendMessageW
GetClassInfoW
DestroyIcon
RegisterClassW
LoadBitmapW
GetDesktopWindow
EnableWindow
GetClientRect
PostMessageW
CopyRect
GetWindowLongW
SetWindowLongW
UpdateLayeredWindow
MonitorFromWindow
MessageBoxW

gdi32

SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
BitBlt

advapi32

RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetDesktopFolder
ord18
SHGetFileInfoW
SHGetSpecialFolderPathW
SHChangeNotify
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW
Shell_NotifyIconW
ord155
ord25
ord190
SHGetPathFromIDListW

comctl32

ImageList_GetIcon

ole32

StringFromGUID2
IIDFromString
CoCreateInstance
CoTaskMemFree
OleInitialize
CoTaskMemAlloc

oleaut32

VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

shlwapi

StrCmpNIW
StrRetToBufW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecA
PathCombineA
PathIsDirectoryW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathCombineW
StrCpyNW

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
格子啦软件盒子V2011/soft/360安全浏览器.exe
.exe windows:4 windows x86 arch:x86

756cf07e4026fed4c9328ec021a5005f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
CreateEventW
CreateThread
lstrcmpiA
lstrcmpA
CreateFileW
InterlockedDecrement
OutputDebugStringW
DebugBreak
lstrlenA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetStartupInfoW
GetModuleHandleW
LoadLibraryA
RaiseException
InterlockedExchange
SearchPathW
GetFileSize
TlsAlloc
TlsFree
ReadFile
SetFileTime
SetFilePointer
SetEndOfFile
DeleteCriticalSection
SetWaitableTimer
ResetEvent
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
WriteFile
FreeResource
FindResourceW
SizeofResource
LoadResource
LockResource
MultiByteToWideChar
WaitForMultipleObjects
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
GetProcessTimes
GetSystemInfo
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
SetErrorMode
LoadLibraryExW
GetFileTime
FileTimeToLocalFileTime
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetWindowsDirectoryW
GetShortPathNameW
VirtualQuery
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
OpenProcess
InterlockedIncrement
GetPrivateProfileIntW
MoveFileExW
CopyFileW
GetModuleFileNameW
DeleteFileW
CreateDirectoryW
GetTickCount
GetTempPathW
GetFileAttributesW
SetFileAttributesW
GetPrivateProfileStringW
GetLocalTime
TlsSetValue
WritePrivateProfileStringW
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
CreateMutexW
FreeLibrary
GetLastError
WaitForSingleObject
DeviceIoControl
GetCurrentProcess
lstrcpynW
lstrlenW
WideCharToMultiByte
LoadLibraryW
ExitProcess
TerminateProcess
SetProcessWorkingSetSize
GetVersionExW
GetTempFileNameW
GetSystemTime
SystemTimeToFileTime
GetProcAddress
Sleep
CreateProcessW
CloseHandle
CreateWaitableTimerW

user32

BeginPaint
FindWindowW
WaitForInputIdle
SetForegroundWindow
ShowWindow
DefWindowProcW
MessageBoxW
BringWindowToTop
IsIconic
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
wvsprintfW
CharNextW
PostQuitMessage
SendMessageW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
MapVirtualKeyW
GetKeyNameTextW
SendMessageTimeoutW
GetWindowThreadProcessId
SubtractRect
FindWindowExW
SetRect
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
CopyRect
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetDC
SetWindowLongW
GetWindowLongW
CallWindowProcW
CreateWindowExW
IsDialogMessageW
SetWindowPos
GetDlgItem
IsWindow
AdjustWindowRectEx
CharLowerW
ReleaseDC
GetWindowDC
LoadImageW
GetWindowTextLengthW
ClientToScreen
PtInRect
GetDlgCtrlID
ReleaseCapture
SetCapture
GetCapture
IsWindowEnabled
FillRect
DrawEdge
GetSystemMetrics
InflateRect
DrawFocusRect
OffsetRect
CreateDialogParamW
UpdateWindow
SetCursor
GetSysColor
EndPaint
GetMenu
DrawTextW
SetFocus
GetFocus
KillTimer
SetTimer
GetSystemMenu
EnableMenuItem
RedrawWindow
LoadStringW
GetWindow
SystemParametersInfoW
InvalidateRect
GetWindowTextW
SetWindowTextW
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetParent
GetClientRect
PostMessageW

gdi32

GetBitmapBits
CreateDIBPatternBrushPt
CreateFontW
CreateCompatibleDC
DeleteDC
GetCurrentObject
CreateSolidBrush
SelectObject
SetTextColor
DeleteObject
CreateFontIndirectW
GetObjectW
SetBkMode
GetStockObject
CreateDIBSection
GetDeviceCaps

advapi32

RegCloseKey
CopySid
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAce
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHFreeNameMappings
SHFileOperationW
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoInitializeEx
CoTaskMemFree
OleUninitialize
StringFromCLSID
OleInitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

comctl32

ImageList_SetImageCount
ImageList_GetIconSize
ImageList_Draw
_TrackMouseEvent
InitCommonControlsEx
ImageList_Add
ImageList_Create
ImageList_Remove
ImageList_Duplicate

msimg32

AlphaBlend

wininet

HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetConnectW
InternetSetOptionA
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
CommitUrlCacheEntryW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
HttpEndRequestW
InternetReadFile
InternetReadFileExA
InternetSetStatusCallbackW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo
GetModuleBaseNameW

shlwapi

SHGetValueW
SHSetValueW
PathAppendW
PathFileExistsW
StrCatW
SHDeleteValueW
StrToIntExW
SHGetValueA
PathRemoveFileSpecW
SHDeleteKeyW
PathIsDirectoryEmptyW
StrStrIW
PathFindExtensionW
PathGetDriveNumberW
PathCombineW
PathIsRootW
PathIsURLW
PathIsDirectoryW
PathMatchSpecW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle

urlmon

ObtainUserAgentString

msvcrt

strlen
memcpy
memset
wcstok
wcscat
_wtoi
fgets
_strnicmp
fseek
fprintf
_ftol
abs
rewind
swprintf
_wcsicmp
wcslen
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
sprintf
strcat
ftell
fread
_ismbslead
towupper
towlower
iswspace
wcsrchr
_wfopen
fwrite
fclose
_purecall
strncat
_strlwr
_except_handler3
_vsnprintf
__CxxFrameHandler
malloc
strncpy
_vsnwprintf
iswdigit
free
memmove
realloc
_snwprintf
??2@YAPAXI@Z
wcsncpy
_wcsnicmp
wcscmp
wcsstr
tolower
isspace
isprint
strcpy
_snprintf
wcspbrk
memcmp
_wtoi64
wcsncat
time
_ui64tow
_wtol
_beginthreadex
wcscpy
swscanf
wcschr

netapi32

Netbios

atl

ord39
ord42
ord47

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
格子啦软件盒子V2011/soft/QQ2010.exe
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:b4:5f:5f:90:a8:64:89:b1:6f:23:21:ee:2a:30:a7:67:75:ed:b8
Signer

Actual PE Digest

5c:b4:5f:5f:90:a8:64:89:b1:6f:23:21:ee:2a:30:a7:67:75:ed:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 356KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
格子啦软件盒子V2011/soft/RAR脚本.AU3
格子啦软件盒子V2011/soft/WinRARv3.93.exe
.exe windows:5 windows x86 arch:x86

aacb28104b01ef056b22124f74917db1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\setup\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx
ord17

shlwapi

SHAutoComplete

kernel32

DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
GlobalAlloc
GetVersionExW
GetFullPathNameA
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoW
GetNumberFormatW
SetFileAttributesW
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
WaitForSingleObject
Sleep
GetTempPathW
MoveFileExW
UnmapViewOfFile
GetCommandLineW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
SetEnvironmentVariableW
GetProcAddress
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
SetCurrentDirectoryW
LoadLibraryW
FreeLibrary
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
GetCurrentDirectoryW
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileW
SetFileTime
CloseHandle
SetLastError
GetLastError
DosDateTimeToFileTime

user32

wvsprintfW
ReleaseDC
GetDC
SendMessageW
SetDlgItemTextW
SetFocus
EndDialog
DestroyIcon
SendDlgItemMessageW
GetDlgItemTextW
GetClassNameW
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
CharToOemA
OemToCharA
FindWindowExW
wvsprintfA
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
SetWindowTextW
LoadCursorW
RegisterClassExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetClientRect
IsWindow
CharToOemBuffW
MessageBoxW
ShowWindow
GetDlgItem
EnableWindow
OemToCharBuffA
CharUpperA
CharToOemBuffA
LoadStringW
SetWindowPos
GetWindowTextW
GetSystemMetrics
GetWindow
CharUpperW
GetWindowRect
CopyRect

gdi32

GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
格子啦软件盒子V2011/soft/金山毒霸.exe
.exe windows:4 windows x86 arch:x86

20b49a5d7be0946430326302894ab941

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e2:a9:70:7c:31:c3:a7:25:6d:3b:72:02:2f:34:45:5f:b2:e5:5b:d7
Signer

Actual PE Digest

e2:a9:70:7c:31:c3:a7:25:6d:3b:72:02:2f:34:45:5f:b2:e5:5b:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\klivesetup.pdb

Imports

kernel32

GetCurrentProcess
InterlockedIncrement
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
RaiseException
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
lstrlenW
GetModuleHandleW
GetLastError
CreateMutexW
WriteFile
ReadFile
GetFileSize
GetComputerNameA
FindResourceExW
lstrlenA
GetWindowsDirectoryW
GetSystemTimeAdjustment
GetLocalTime
MoveFileW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
SetLastError
GetFileAttributesW
CreateDirectoryW
CreateFileW
SetEnvironmentVariableA
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FlushInstructionCache
SetFilePointer
CopyFileW
FormatMessageW
GetPrivateProfileSectionNamesW
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
ResumeThread
GlobalFree
CreateEventW
ResetEvent
SetEvent
CompareStringW
GetDriveTypeW
lstrcmpW
GetTickCount
MulDiv
WritePrivateProfileStringW
DeleteFileW
IsBadWritePtr
GetPrivateProfileIntW
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
LockResource
IsBadReadPtr
LoadResource
SizeofResource
FindResourceW
GetDiskFreeSpaceExW
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
WideCharToMultiByte
GetVersionExW
ExitProcess
WaitForSingleObject
CloseHandle
TerminateThread
CreateProcessW
Sleep
GetPrivateProfileStringW
MultiByteToWideChar
GetTempPathW

user32

AppendMenuW
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
LoadStringW
UpdateWindow
ReleaseCapture
KillTimer
CharNextW
LoadBitmapW
GetParent
LoadCursorW
LoadImageW
GetWindowDC
GetDlgCtrlID
ReleaseDC
GetWindowLongW
SetRect
GetUpdateRect
SetWindowRgn
TrackPopupMenuEx
CreateDialogParamW
SetDlgItemTextW
SetRectEmpty
GetClassNameW
EnableMenuItem
GetSystemMenu
InvalidateRgn
IsChild
GetFocus
SetFocus
EnableWindow
GetDesktopWindow
GetSysColor
GetWindowTextLengthW
DestroyAcceleratorTable
CreateAcceleratorTableW
RedrawWindow
GetWindowTextW
GetClassInfoExW
GetDC
PostMessageW
ScreenToClient
RegisterClassExW
OpenIcon
CreatePopupMenu
MoveWindow
LoadIconW
DialogBoxParamW
GetCursorPos
DrawEdge
DrawFocusRect
IsIconic
InflateRect
RegisterWindowMessageW
GetMonitorInfoW
MonitorFromPoint
DestroyMenu
FillRect
TrackPopupMenu
PostQuitMessage
GetCapture
SetCursor
ClientToScreen
InvalidateRect
SetCapture
SetWindowPos
SetTimer
SystemParametersInfoW
GetDlgItem
AdjustWindowRectEx
IsWindow
ShowWindow
DestroyWindow
OffsetRect
GetMenu
SetWindowTextW
IsWindowEnabled
PtInRect
GetSystemMetrics
EndPaint
SendMessageW
DestroyCursor
GetWindow
BeginPaint
GetWindowRect
DefWindowProcW
GetClientRect
EndDialog
CallWindowProcW
MapWindowPoints
UnregisterClassA
CopyImage
ExitWindowsEx
DrawTextW
GetActiveWindow
SetWindowLongW
CreateWindowExW

gdi32

GetDeviceCaps
GetStockObject
CreateFontW
SetViewportOrgEx
ExtTextOutW
SetBkColor
CreateCompatibleBitmap
BitBlt
SetTextColor
StretchBlt
GetObjectW
DeleteDC
CreateSolidBrush
CreateCompatibleDC
TextOutW
SetBkMode
CreateFontIndirectW
SelectObject
DeleteObject
CreateRectRgn

advapi32

RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoUninitialize
CoInitialize
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid
StringFromGUID2
OleLockRunning
CoGetClassObject
OleUninitialize
OleInitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

OleLoadPicture
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
SysStringByteLen
SysAllocString
VarUI4FromStr
SysFreeString
VariantInit

shlwapi

PathFileExistsW

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ImageList_Draw
ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx
ImageList_Destroy
ImageList_Add
ImageList_Create

wintrust

WinVerifyTrust

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
格子啦软件盒子V2011/新云软件.url
.url
格子啦软件盒子V2011/格子啦软件盒子V2011.04DIY说明.txt
格子啦软件盒子V2011/格子啦软件盒子V2011.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 980KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 811KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

21:a8:0c:51:4a:ff:48:ac:df:24:14:4e:5c:ba:94:45:b4:2c:0f:7eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 17KB - Virtual size: 16KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

1ca1900e23b25a0e04b7d75dace16a60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

96:c6:aa:ad:43:e5:c3:89:86:af:bc:16:6c:d6:61:eb:9e:78:ec:24Signer

Headers

File Characteristics

Imports

shlwapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

21:a8:0c:51:4a:ff:48:ac:df:24:14:4e:5c:ba:94:45:b4:2c:0f:7e
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

96:c6:aa:ad:43:e5:c3:89:86:af:bc:16:6c:d6:61:eb:9e:78:ec:24
Signer

.text
Size: 676KB - Virtual size: 675KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 64KB - Virtual size: 332KB

.rsrc
Size: 344KB - Virtual size: 340KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 20KB - Virtual size: 18KB

.rsrc
Size: 216KB - Virtual size: 214KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate