acd8b09e6959f66af5de84868852e063

Sharing

Copy URL Twitter E-mail

General

Target

acd8b09e6959f66af5de84868852e063
Size

910KB
MD5

acd8b09e6959f66af5de84868852e063
SHA1

66642783545230efdafeb7bc71164fa1cd120aa3
SHA256

21e646e32693c3f74e04a67469fa751e3790ba82f8a4c77fa316a293a6d7efd5
SHA512

9fed2f3ced0d46bd1eba8a4612bbc32a7a120d8dbb02a49e16505e10e50664bf585eb0a19401d239f8356857401c540ce58eb73251d5fe5f17ec66e8bca93b18
SSDEEP

24576:54M89EBeD/VKEDjJ6+Z7yIu38MsTXbJQdz6Dq0:eM89EED7xTZuRsWz6Dp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/speedupper2.3.1001.18.exe	nsis_installer_1
static1/unpack001/speedupper2.3.1001.18.exe	nsis_installer_2

Files

acd8b09e6959f66af5de84868852e063
.rar
speedupper2.3.1001.18.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

10/06/2009, 00:00

Not After

10/06/2011, 23:59

Subject

CN=酷溜网(北京)信息技术有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=酷溜网(北京)信息技术有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:51:33:f3:d8:25:18:d8:fa:29:3c:ea:02:d4:e9:c6:bd:59:9e:ef
Signer

Actual PE Digest

5e:51:33:f3:d8:25:18:d8:fa:29:3c:ea:02:d4:e9:c6:bd:59:9e:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomPage.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/Ku6Kss.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fa409a29eedd2096aa9b17cb8c1d1cdc

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

10/06/2009, 00:00

Not After

10/06/2011, 23:59

Subject

CN=酷溜网(北京)信息技术有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=酷溜网(北京)信息技术有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:2c:26:c7:2f:1e:34:f5:56:fa:5f:5c:18:14:5b:51:9d:5f:47:e3
Signer

Actual PE Digest

c7:2c:26:c7:2f:1e:34:f5:56:fa:5f:5c:18:14:5b:51:9d:5f:47:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\ku6src\clientms\p2p\backservice\Ku6Kss\Release\Ku6Kss.pdb

Imports

kernel32

GetFullPathNameW
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
HeapAlloc
HeapFree
ExitProcess
RtlUnwind
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
TerminateProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetVolumeInformationW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
WritePrivateProfileStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFindAtomW
lstrlenA
GetModuleHandleA
LoadLibraryA
GetVersionExA
GlobalAddAtomW
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageW
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
WideCharToMultiByte
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
LoadLibraryW
GetLocaleInfoW
FindFirstFileW
FindClose
FreeResource
GetTickCount
GetSystemDirectoryW
GetPrivateProfileStringW
GetModuleFileNameA
WinExec
GetExitCodeThread
Sleep
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
CreateSemaphoreW
lstrcatW
lstrcpynW
GetModuleFileNameW
lstrcmpiW
GetLastError
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrcpyW
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange

user32

RegisterClipboardFormatW
PostThreadMessageW
DestroyMenu
CharUpperW
LoadCursorW
GetSysColorBrush
wsprintfW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
MessageBeep
IsChild
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindow
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
SetMenuItemBitmaps
GetFocus
InvalidateRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
SetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
IsWindow
SendMessageW
SetTimer
SetWindowRgn
UnregisterClassW
EnableWindow
PeekMessageW
TranslateMessage
DispatchMessageW
CharNextW
MessageBoxW

gdi32

SetViewportExtEx
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
CreateRectRgnIndirect
CreateRectRgn
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
ScaleViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegQueryValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

ShellExecuteW

comctl32

ord17

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Show

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Ku6Ksw.dll
ٿ6/Ku6SpeedUpper.exe
.exe windows:4 windows x86 arch:x86

c73f6f3c9f5cc09dae5de68345a473bb

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

10/06/2009, 00:00

Not After

10/06/2011, 23:59

Subject

CN=酷溜网(北京)信息技术有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=酷溜网(北京)信息技术有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:29:8e:8d:c8:28:98:28:d1:bd:18:8e:a4:ca:13:bc:61:95:aa:8b
Signer

Actual PE Digest

5b:29:8e:8d:c8:28:98:28:d1:bd:18:8e:a4:ca:13:bc:61:95:aa:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\ku6svn\p2p\trunk\client\client\Release\p2pclient.pdb

Imports

kernel32

EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GlobalGetAtomNameW
GetCurrentDirectoryW
GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetModuleHandleW
GetVersionExA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
lstrcmpiW
SetLastError
GlobalFree
MulDiv
lstrlenW
FormatMessageW
lstrcpynW
LocalFree
GetModuleFileNameW
GetLocalTime
OutputDebugStringW
MoveFileExW
WinExec
CreateSemaphoreW
FindResourceExW
GetSystemTime
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
SetProcessWorkingSetSize
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetLastError
GetSystemDirectoryW
CreatePipe
SetPriorityClass
MoveFileW
DeleteFileW
CreateProcessW
GetExitCodeProcess
ResetEvent
GetFileAttributesW
PeekNamedPipe
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
lstrcpyW
SetFileAttributesW
CreateEventW
WaitForSingleObject
SetThreadPriority
GetExitCodeThread
SetEvent
TerminateThread
GlobalAddAtomW
GetCurrentThreadId
GetTempFileNameW
CreateDirectoryW
GetTempPathW
GetTickCount
RaiseException
GetCurrentProcessId
OpenProcess
TerminateProcess
GetLogicalDrives
GetDriveTypeW
CreateFileW
DeviceIoControl
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
GetCommandLineW
GetVersion
ReadProcessMemory
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStructW
GetPrivateProfileStructW
WritePrivateProfileStringW
Sleep
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStrings
InterlockedExchange

user32

SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
MapDialogRect
GetMessageW
ValidateRect
GetMenuItemInfoW
DrawIcon
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
MoveWindow
SetWindowTextW
IsDialogMessageW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
GetSysColorBrush
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
wsprintfW
CharUpperW
GetMenuState
GetMenuItemID
GetMenuItemCount
UnregisterHotKey
RegisterHotKey
ExitWindowsEx
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowW
LoadAcceleratorsW
WindowFromPoint
SystemParametersInfoW
EmptyClipboard
SetClipboardData
CloseClipboard
ShowCursor
TranslateAcceleratorW
OpenClipboard
IsWindowVisible
BringWindowToTop
SetWindowRgn
IsZoomed
IsIconic
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostThreadMessageW
GetNextDlgGroupItem
GetKeyState
GetAsyncKeyState
KillTimer
SetTimer
ScreenToClient
ClientToScreen
PostMessageW
SetRectEmpty
GetWindowLongW
LockWindowUpdate
CopyRect
SetWindowLongW
LoadCursorW
CopyIcon
MessageBeep
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
CreatePopupMenu
SetMenu
RegisterClipboardFormatW
MapWindowPoints
GetSysColor
ReleaseCapture
EnableWindow
GetParent
SetCapture
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
GetWindowRect
SendMessageW
InflateRect
PtInRect
SetCursor
DestroyMenu
GetDesktopWindow
MessageBoxW
LoadIconW
ShowWindow
SetWindowPos
SetForegroundWindow
GetCursorPos
GetSubMenu
TrackPopupMenu
IsWindow
LoadMenuW
RegisterWindowMessageW
UnregisterClassW
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
DeferWindowPos

gdi32

GetTextColor
GetRgnBox
CreateEllipticRgn
TextOutW
LPtoDP
Ellipse
GetMapMode
EnumFontFamiliesExW
GetBkColor
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
DeleteObject
CreateRectRgnIndirect
CreateSolidBrush
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetStockObject
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
OffsetRgn
BitBlt
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateCompatibleBitmap
CreatePen
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyW
RegCloseKey

shell32

DragQueryFileW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderPathW
Shell_NotifyIconW
DragFinish

comctl32

ord17
ImageList_Destroy
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathFileExistsW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathIsDirectoryW
PathFindFileNameW

ws2_32

recvfrom
accept
listen
bind
__WSAFDIsSet
select
setsockopt
closesocket
recv
send
connect
ioctlsocket
socket
htons
inet_addr
sendto
inet_ntoa
gethostbyname
gethostname
WSAStartup
WSACleanup
ntohl
WSAGetLastError
WSAIoctl
ntohs
getsockname
htonl

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

psapi

GetModuleFileNameExW

wininet

InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetGetCookieW
InternetSetCookieW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetSetOptionW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CoDisconnectObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CLSIDFromProgID
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize

oleaut32

LoadTypeLi
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
VarDateFromStr
SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ٿ6/Ku6SpeedUpper_new.exe
.exe windows:4 windows x86 arch:x86

c73f6f3c9f5cc09dae5de68345a473bb

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

10/06/2009, 00:00

Not After

10/06/2011, 23:59

Subject

CN=酷溜网(北京)信息技术有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=酷溜网(北京)信息技术有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:29:8e:8d:c8:28:98:28:d1:bd:18:8e:a4:ca:13:bc:61:95:aa:8b
Signer

Actual PE Digest

5b:29:8e:8d:c8:28:98:28:d1:bd:18:8e:a4:ca:13:bc:61:95:aa:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\ku6svn\p2p\trunk\client\client\Release\p2pclient.pdb

Imports

kernel32

EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GlobalGetAtomNameW
GetCurrentDirectoryW
GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetModuleHandleW
GetVersionExA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
lstrcmpiW
SetLastError
GlobalFree
MulDiv
lstrlenW
FormatMessageW
lstrcpynW
LocalFree
GetModuleFileNameW
GetLocalTime
OutputDebugStringW
MoveFileExW
WinExec
CreateSemaphoreW
FindResourceExW
GetSystemTime
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
SetProcessWorkingSetSize
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetLastError
GetSystemDirectoryW
CreatePipe
SetPriorityClass
MoveFileW
DeleteFileW
CreateProcessW
GetExitCodeProcess
ResetEvent
GetFileAttributesW
PeekNamedPipe
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
lstrcpyW
SetFileAttributesW
CreateEventW
WaitForSingleObject
SetThreadPriority
GetExitCodeThread
SetEvent
TerminateThread
GlobalAddAtomW
GetCurrentThreadId
GetTempFileNameW
CreateDirectoryW
GetTempPathW
GetTickCount
RaiseException
GetCurrentProcessId
OpenProcess
TerminateProcess
GetLogicalDrives
GetDriveTypeW
CreateFileW
DeviceIoControl
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
GetCommandLineW
GetVersion
ReadProcessMemory
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStructW
GetPrivateProfileStructW
WritePrivateProfileStringW
Sleep
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStrings
InterlockedExchange

user32

SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
MapDialogRect
GetMessageW
ValidateRect
GetMenuItemInfoW
DrawIcon
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
MoveWindow
SetWindowTextW
IsDialogMessageW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
GetSysColorBrush
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
wsprintfW
CharUpperW
GetMenuState
GetMenuItemID
GetMenuItemCount
UnregisterHotKey
RegisterHotKey
ExitWindowsEx
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowW
LoadAcceleratorsW
WindowFromPoint
SystemParametersInfoW
EmptyClipboard
SetClipboardData
CloseClipboard
ShowCursor
TranslateAcceleratorW
OpenClipboard
IsWindowVisible
BringWindowToTop
SetWindowRgn
IsZoomed
IsIconic
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostThreadMessageW
GetNextDlgGroupItem
GetKeyState
GetAsyncKeyState
KillTimer
SetTimer
ScreenToClient
ClientToScreen
PostMessageW
SetRectEmpty
GetWindowLongW
LockWindowUpdate
CopyRect
SetWindowLongW
LoadCursorW
CopyIcon
MessageBeep
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
CreatePopupMenu
SetMenu
RegisterClipboardFormatW
MapWindowPoints
GetSysColor
ReleaseCapture
EnableWindow
GetParent
SetCapture
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
GetWindowRect
SendMessageW
InflateRect
PtInRect
SetCursor
DestroyMenu
GetDesktopWindow
MessageBoxW
LoadIconW
ShowWindow
SetWindowPos
SetForegroundWindow
GetCursorPos
GetSubMenu
TrackPopupMenu
IsWindow
LoadMenuW
RegisterWindowMessageW
UnregisterClassW
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
DeferWindowPos

gdi32

GetTextColor
GetRgnBox
CreateEllipticRgn
TextOutW
LPtoDP
Ellipse
GetMapMode
EnumFontFamiliesExW
GetBkColor
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
DeleteObject
CreateRectRgnIndirect
CreateSolidBrush
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetStockObject
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
OffsetRgn
BitBlt
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateCompatibleBitmap
CreatePen
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyW
RegCloseKey

shell32

DragQueryFileW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderPathW
Shell_NotifyIconW
DragFinish

comctl32

ord17
ImageList_Destroy
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathFileExistsW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathIsDirectoryW
PathFindFileNameW

ws2_32

recvfrom
accept
listen
bind
__WSAFDIsSet
select
setsockopt
closesocket
recv
send
connect
ioctlsocket
socket
htons
inet_addr
sendto
inet_ntoa
gethostbyname
gethostname
WSAStartup
WSACleanup
ntohl
WSAGetLastError
WSAIoctl
ntohs
getsockname
htonl

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

psapi

GetModuleFileNameExW

wininet

InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetGetCookieW
InternetSetCookieW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetSetOptionW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CoDisconnectObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CLSIDFromProgID
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize

oleaut32

LoadTypeLi
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
VarDateFromStr
SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ٿ6/License.txt
ٿ6/Mp4Combiner.dll
.exe windows:4 windows x86 arch:x86

eb87c734f00057896717b35c7887d49e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

10/06/2009, 00:00

Not After

10/06/2011, 23:59

Subject

CN=酷溜网(北京)信息技术有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=酷溜网(北京)信息技术有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

58:6a:24:18:e5:f9:4f:e1:08:65:a0:4c:ec:3b:3a:81:00:41:78:02
Signer

Actual PE Digest

58:6a:24:18:e5:f9:4f:e1:08:65:a0:4c:ec:3b:3a:81:00:41:78:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fgetc
fputc
fwrite
memmove
_iob
fprintf
vfprintf
_exit
_XcptFilter
exit
__p___initenv
realloc
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_strdup
fflush
setlocale
_filelengthi64
fsetpos
fgetpos
sprintf
strstr
strcat
tmpfile
_ftime
strlen
strcmp
strcpy
memcmp
memcpy
fopen
fread
fclose
free
malloc
memset
__mb_cur_max
_isctype
_pctype
__getmainargs
_ftol
_fileno
_strnicmp
_stricmp

kernel32

FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
DeleteFileA
UnmapViewOfFile

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ٿ6/uninstall.exe.nsis
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6bCertificate

Extended Key Usages

Key Usages

5e:51:33:f3:d8:25:18:d8:fa:29:3c:ea:02:d4:e9:c6:bd:59:9e:efSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 26KB - Virtual size: 25KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

fa409a29eedd2096aa9b17cb8c1d1cdc

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6bCertificate

Extended Key Usages

Key Usages

c7:2c:26:c7:2f:1e:34:f5:56:fa:5f:5c:18:14:5b:51:9d:5f:47:e3Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate

5e:51:33:f3:d8:25:18:d8:fa:29:3c:ea:02:d4:e9:c6:bd:59:9e:ef
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 26KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate

c7:2c:26:c7:2f:1e:34:f5:56:fa:5f:5c:18:14:5b:51:9d:5f:47:e3
Signer

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 24KB - Virtual size: 22KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate

5b:29:8e:8d:c8:28:98:28:d1:bd:18:8e:a4:ca:13:bc:61:95:aa:8b
Signer

.text
Size: 864KB - Virtual size: 863KB

.rdata
Size: 164KB - Virtual size: 161KB

.data
Size: 16KB - Virtual size: 34KB

shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 248KB - Virtual size: 244KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

f1:03:e0:01:8f:a5:66:2e:bf:f6:75:18:36:a0:6e:6b
Certificate