SecuriteInfo[.]com[.]W32[.]ABApplication[.]UHEM-0823[.]6218[.]2984[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.W32.ABApplication.UHEM-0823.6218.2984.exe
Size

2.5MB
MD5

a2be2aaf166d36d35d6d0d977a9019c0
SHA1

233498cd4287f24bef16f6549d3f2e6c37785b09
SHA256

b1f68c06181d3521ef8784918513b605fbfd7ab7321e885b48b36d76a158c474
SHA512

fc2c9ed76f41ef2642e5fe14f2c7613cdcf81dbf087adcc5313a9e647e426730d1032177b548a9f0c17ff07bdc3278664388bdec7542cf21d760a61e34116daf
SSDEEP

49152:bMRkj0B2aw64tQ+WQNWl3I3QWIpiMw+kemUcPTUmyzBh+9UcC7EXV3EN8zr:b2Yaf4Q8NtQLi7q+LUmyzboM7El3EN8f

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.W32.ABApplication.UHEM-0823.6218.2984.exe
.exe windows:5 windows x86 arch:x86

9679f250d91a527cbbb99da9f96997e8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ba:b7:21:bb:ba:5e:df:62:4a:e4:5d:1f:20:d5:d0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:9d:5c:bc:41:e1:9b:f6:fc:cd:9c:bf:b8:eb:64:3f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:e3:e7:0f:88:e9:98:fe:0f:63:eb:e9:0d:05:72:dd:00:b7:f2:e2:c0:53:6c:04:0d:1a:23:9e:8d:67:49:55
Signer

Actual PE Digest

7a:e3:e7:0f:88:e9:98:fe:0f:63:eb:e9:0d:05:72:dd:00:b7:f2:e2:c0:53:6c:04:0d:1a:23:9e:8d:67:49:55

Digest Algorithm

sha256

PE Digest Matches

true

6c:93:c6:58:c3:09:db:f5:a7:7d:2b:98:d3:f7:57:e8:a0:f0:87:07
Signer

Actual PE Digest

6c:93:c6:58:c3:09:db:f5:a7:7d:2b:98:d3:f7:57:e8:a0:f0:87:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
GetTickCount
GetModuleFileNameW
GetProcAddress
GetCommandLineW
SetEnvironmentVariableW
WriteFile
GetTempPathW
SetErrorMode
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetVersion
GetWindowsDirectoryW
LoadLibraryW
CopyFileW
GetDiskFreeSpaceW
CreateThread
GlobalLock
GlobalUnlock
lstrcmpiW
lstrlenW
CreateDirectoryW
GetTempFileNameW
RemoveDirectoryW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcatW
MoveFileExW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
VirtualQuery
RtlUnwind
IsProcessorFeaturePresent
lstrcmpW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
Sleep
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
lstrcpynW
ExpandEnvironmentStringsW

user32

GetSysColor
GetWindowLongW
SetClassLongW
LoadBitmapW
LoadCursorW
SystemParametersInfoW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
ScreenToClient
CharPrevW
MessageBoxIndirectW
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamW
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
CharNextA
GetSystemMenu
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessagePos
CharNextW
ExitWindowsEx
SetTimer
CreateDialogParamW
DestroyWindow
PostMessageW
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
ReleaseDC
GetDC
DefWindowProcW
DrawTextW
BeginPaint
EndPaint
GetClientRect
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
SetWindowTextW

gdi32

SetBkColor
GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
SetFileSecurityW
LookupPrivilegeValueW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
AdjustTokenPrivileges

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ord17

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: - Virtual size: 328KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FileInfo.dll
.dll windows:5 windows x86 arch:x86

ad51f7bbb1176ad7ce1a3dc282e1c695

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:5e:5b:a1:d5:ec:3a:8d:60:4e:75:d3:cb:da:67:d1:8f:1e:5d:11:3e:96:1b:64:dd:8c:6f:5b:24:71:16:10
Signer

Actual PE Digest

5f:5e:5b:a1:d5:ec:3a:8d:60:4e:75:d3:cb:da:67:d1:8f:1e:5d:11:3e:96:1b:64:dd:8c:6f:5b:24:71:16:10

Digest Algorithm

sha256

PE Digest Matches

true

33:a0:8a:94:76:e8:18:1e:9f:0c:a4:8e:97:56:18:2c:51:1f:2b:7b
Signer

Actual PE Digest

33:a0:8a:94:76:e8:18:1e:9f:0c:a4:8e:97:56:18:2c:51:1f:2b:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\gamehall\GameHall\bin\InstallTool\bin\Win32\Release\pdb\FileInfo.pdb

Imports

kernel32

GetFileSize
SetFilePointer
WriteFile
CreateFileW
CloseHandle
GetModuleFileNameW
WritePrivateProfileStringW
EnumResourceNamesW
FindResourceW
FreeLibrary
LoadResource
MoveFileExW
GetPrivateProfileStringW
LoadLibraryW
Sleep
SizeofResource
GetFileAttributesW
GetLastError
LockResource
DeleteFileW
SetFileAttributesW
WaitForSingleObject
OpenProcess
TerminateProcess
GetCurrentProcessId
GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
GlobalFree
lstrcpyW
CreateProcessW
GetModuleHandleW
GetProcAddress
SearchPathW
FindFirstFileW
GetLongPathNameW
GetACP
GetEnvironmentVariableW
GetShortPathNameW
QueryDosDeviceW
FindClose
FindNextFileW
GetVersionExW
lstrcmpiW
GetFullPathNameW
CreateDirectoryW
lstrlenW
GetTempPathW
SetEndOfFile
ReadFile
LoadLibraryExW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
GetLogicalDriveStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
VirtualFree
VirtualQuery
ResumeThread
SuspendThread
CreateToolhelp32Snapshot
VirtualProtect
OpenThread
InterlockedExchange
FlushInstructionCache
Thread32Next
HeapCreate
HeapDestroy
Thread32First
InterlockedCompareExchange
SetThreadContext
GetThreadContext
FlushFileBuffers
WriteConsoleW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
HeapReAlloc
OutputDebugStringW
SetStdHandle

user32

FindWindowExW

advapi32

AdjustTokenPrivileges
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW
ord190
ord155

ole32

CoTaskMemFree
PropVariantClear
CoCreateInstance

shlwapi

StrCmpW
SHStrDupW

Exports

Exports

CreateLowIntegrityProcess
CreateShortLink
DeleteDesktopLinkFile
DeleteInstallFile
DeleteQuickLaunchFile
ExtractInstallerIcon
FindGameHallProc
FindProc
GetGameHallPath
GetParentProcessName
GetUnionCustomInstallerParams
Init
KillGameHallProc
KillProc
KillProcessByPathAndName
MarkCustomValue
PinToStartMenu
PinToTaskbar
PrepareUninstall
UnpinFromStartMenu
UnpinFromTaskbar
UnpinLinkFile
WriteInstallData
WriteLog

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

127a02894b36e3dd18bd638b1758f9f7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:84:61:31:5b:4a:38:8f:b3:bc:78:26:9c:49:97:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/06/2014, 00:00

Not After

02/09/2017, 23:59

Subject

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:23:96:86:f6:6c:b0:bc:11:21:e5:78:87:23:62:8a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/02/2016, 00:00

Not After

02/09/2017, 23:59

Subject

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

22:bb:56:f8:17:f2:43:b7:6d:6d:18:d7:a6:ec:64:f5:7d:e8:59:be:a9:d6:be:e6:c2:19:9e:f5:81:cb:b8:56
Signer

Actual PE Digest

22:bb:56:f8:17:f2:43:b7:6d:6d:18:d7:a6:ec:64:f5:7d:e8:59:be:a9:d6:be:e6:c2:19:9e:f5:81:cb:b8:56

Digest Algorithm

sha256

PE Digest Matches

true

97:22:0a:20:93:eb:6a:4c:82:ad:37:63:39:bc:81:74:43:e6:a6:48
Signer

Actual PE Digest

97:22:0a:20:93:eb:6a:4c:82:ad:37:63:39:bc:81:74:43:e6:a6:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
VirtualAlloc
VirtualFree
VirtualProtect
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_28_/2345GameHall.exe
.exe windows:5 windows x86 arch:x86

8869276eb0e2a3f0de7742daa57a3c5b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:ed:b1:f5:09:7a:b9:85:19:b8:c5:29:bd:42:77:2d:05:b2:20:d2:20:29:8e:a0:38:63:38:8c:47:a0:64:b1
Signer

Actual PE Digest

6d:ed:b1:f5:09:7a:b9:85:19:b8:c5:29:bd:42:77:2d:05:b2:20:d2:20:29:8e:a0:38:63:38:8c:47:a0:64:b1

Digest Algorithm

sha256

PE Digest Matches

true

4f:a7:dc:f4:39:4d:aa:d8:2a:16:b1:c3:bf:30:a4:97:e1:aa:85:73
Signer

Actual PE Digest

4f:a7:dc:f4:39:4d:aa:d8:2a:16:b1:c3:bf:30:a4:97:e1:aa:85:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\gamehall\GameHall\out\Release\2345GameHall.pdb

Imports

kernel32

GetProcAddress
CloseHandle
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
GetProcessHeap
GetModuleFileNameW
GetFileSize
SetFilePointer
OpenMutexW
CreateFileW
RemoveDirectoryW
CreateProcessW
lstrcmpiW
GetCurrentProcessId
FindFirstFileW
FileTimeToSystemTime
FindClose
WritePrivateProfileStringW
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
WriteFile
SetErrorMode
SetEnvironmentVariableA
FlushFileBuffers
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileAttributesW
ExpandEnvironmentStringsW
CreateMutexW
WaitForSingleObject
Sleep
GetLastError
ReleaseMutex
GetLongPathNameW
GetFileAttributesExW
FindResourceW
LoadResource
GetVersionExW
LockResource
GetSystemInfo
OpenProcess
QueryDosDeviceW
WideCharToMultiByte
GetACP
MultiByteToWideChar
FindNextFileW
GetEnvironmentVariableW
GetCurrentThreadId
LocalFree
SetEndOfFile
SetFileTime
ReadFile
GetFileTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrlenW
GetFileSizeEx
DeleteFileW
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
GetSystemDirectoryW
CopyFileW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
GetWindowsDirectoryW
SetFileAttributesW
GetLogicalDriveStringsW
LoadLibraryExW
GetTickCount
FormatMessageW
GlobalMemoryStatusEx
SetEvent
WaitForMultipleObjects
ResetEvent
CreateEventW
InterlockedExchangeAdd
InterlockedExchange
SetLastError
InitializeCriticalSectionAndSpinCount
ResumeThread
GetExitCodeProcess
DeviceIoControl
EncodePointer
DecodePointer
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
CreateThread
ExitThread
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW

shlwapi

SHGetValueW

Sections

.text
Size: 884KB - Virtual size: 883KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_28_/Uninstall.exe
.exe windows:5 windows x86 arch:x86

9679f250d91a527cbbb99da9f96997e8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d9:59:9d:58:79:0c:a1:21:f6:40:ec:d8:b5:e2:1a:4e:dd:86:fa:5c:c6:67:01:e5:0d:75:31:44:d8:ec:58:c1
Signer

Actual PE Digest

d9:59:9d:58:79:0c:a1:21:f6:40:ec:d8:b5:e2:1a:4e:dd:86:fa:5c:c6:67:01:e5:0d:75:31:44:d8:ec:58:c1

Digest Algorithm

sha256

PE Digest Matches

true

48:a8:87:df:a3:64:53:89:77:21:ec:6b:2e:27:be:40:33:24:3c:7b
Signer

Actual PE Digest

48:a8:87:df:a3:64:53:89:77:21:ec:6b:2e:27:be:40:33:24:3c:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
GetTickCount
GetModuleFileNameW
GetProcAddress
GetCommandLineW
SetEnvironmentVariableW
WriteFile
GetTempPathW
SetErrorMode
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetVersion
GetWindowsDirectoryW
LoadLibraryW
CopyFileW
GetDiskFreeSpaceW
CreateThread
GlobalLock
GlobalUnlock
lstrcmpiW
lstrlenW
CreateDirectoryW
GetTempFileNameW
RemoveDirectoryW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcatW
MoveFileExW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
VirtualQuery
RtlUnwind
IsProcessorFeaturePresent
lstrcmpW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
Sleep
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
lstrcpynW
ExpandEnvironmentStringsW

user32

GetSysColor
GetWindowLongW
SetClassLongW
LoadBitmapW
LoadCursorW
SystemParametersInfoW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
ScreenToClient
CharPrevW
MessageBoxIndirectW
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamW
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
CharNextA
GetSystemMenu
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessagePos
CharNextW
ExitWindowsEx
SetTimer
CreateDialogParamW
DestroyWindow
PostMessageW
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
ReleaseDC
GetDC
DefWindowProcW
DrawTextW
BeginPaint
EndPaint
GetClientRect
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
SetWindowTextW

gdi32

SetBkColor
GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
SetFileSecurityW
LookupPrivilegeValueW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
AdjustTokenPrivileges

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ord17

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: - Virtual size: 328KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FileInfo.dll
.dll windows:5 windows x86 arch:x86

ad51f7bbb1176ad7ce1a3dc282e1c695

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:5e:5b:a1:d5:ec:3a:8d:60:4e:75:d3:cb:da:67:d1:8f:1e:5d:11:3e:96:1b:64:dd:8c:6f:5b:24:71:16:10
Signer

Actual PE Digest

5f:5e:5b:a1:d5:ec:3a:8d:60:4e:75:d3:cb:da:67:d1:8f:1e:5d:11:3e:96:1b:64:dd:8c:6f:5b:24:71:16:10

Digest Algorithm

sha256

PE Digest Matches

true

33:a0:8a:94:76:e8:18:1e:9f:0c:a4:8e:97:56:18:2c:51:1f:2b:7b
Signer

Actual PE Digest

33:a0:8a:94:76:e8:18:1e:9f:0c:a4:8e:97:56:18:2c:51:1f:2b:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\gamehall\GameHall\bin\InstallTool\bin\Win32\Release\pdb\FileInfo.pdb

Imports

kernel32

GetFileSize
SetFilePointer
WriteFile
CreateFileW
CloseHandle
GetModuleFileNameW
WritePrivateProfileStringW
EnumResourceNamesW
FindResourceW
FreeLibrary
LoadResource
MoveFileExW
GetPrivateProfileStringW
LoadLibraryW
Sleep
SizeofResource
GetFileAttributesW
GetLastError
LockResource
DeleteFileW
SetFileAttributesW
WaitForSingleObject
OpenProcess
TerminateProcess
GetCurrentProcessId
GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
GlobalFree
lstrcpyW
CreateProcessW
GetModuleHandleW
GetProcAddress
SearchPathW
FindFirstFileW
GetLongPathNameW
GetACP
GetEnvironmentVariableW
GetShortPathNameW
QueryDosDeviceW
FindClose
FindNextFileW
GetVersionExW
lstrcmpiW
GetFullPathNameW
CreateDirectoryW
lstrlenW
GetTempPathW
SetEndOfFile
ReadFile
LoadLibraryExW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
GetLogicalDriveStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
VirtualFree
VirtualQuery
ResumeThread
SuspendThread
CreateToolhelp32Snapshot
VirtualProtect
OpenThread
InterlockedExchange
FlushInstructionCache
Thread32Next
HeapCreate
HeapDestroy
Thread32First
InterlockedCompareExchange
SetThreadContext
GetThreadContext
FlushFileBuffers
WriteConsoleW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
HeapReAlloc
OutputDebugStringW
SetStdHandle

user32

FindWindowExW

advapi32

AdjustTokenPrivileges
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW
ord190
ord155

ole32

CoTaskMemFree
PropVariantClear
CoCreateInstance

shlwapi

StrCmpW
SHStrDupW

Exports

Exports

CreateLowIntegrityProcess
CreateShortLink
DeleteDesktopLinkFile
DeleteInstallFile
DeleteQuickLaunchFile
ExtractInstallerIcon
FindGameHallProc
FindProc
GetGameHallPath
GetParentProcessName
GetUnionCustomInstallerParams
Init
KillGameHallProc
KillProc
KillProcessByPathAndName
MarkCustomValue
PinToStartMenu
PinToTaskbar
PrepareUninstall
UnpinFromStartMenu
UnpinFromTaskbar
UnpinLinkFile
WriteInstallData
WriteLog

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

127a02894b36e3dd18bd638b1758f9f7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:84:61:31:5b:4a:38:8f:b3:bc:78:26:9c:49:97:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/06/2014, 00:00

Not After

02/09/2017, 23:59

Subject

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:23:96:86:f6:6c:b0:bc:11:21:e5:78:87:23:62:8a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/02/2016, 00:00

Not After

02/09/2017, 23:59

Subject

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

22:bb:56:f8:17:f2:43:b7:6d:6d:18:d7:a6:ec:64:f5:7d:e8:59:be:a9:d6:be:e6:c2:19:9e:f5:81:cb:b8:56
Signer

Actual PE Digest

22:bb:56:f8:17:f2:43:b7:6d:6d:18:d7:a6:ec:64:f5:7d:e8:59:be:a9:d6:be:e6:c2:19:9e:f5:81:cb:b8:56

Digest Algorithm

sha256

PE Digest Matches

true

97:22:0a:20:93:eb:6a:4c:82:ad:37:63:39:bc:81:74:43:e6:a6:48
Signer

Actual PE Digest

97:22:0a:20:93:eb:6a:4c:82:ad:37:63:39:bc:81:74:43:e6:a6:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
VirtualAlloc
VirtualFree
VirtualProtect
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_28_/coral_extract.dll
.dll windows:4 windows x86 arch:x86

27078d36f37371b0a00fb89ab0cc3581

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:4a:9b:11:5b:01:09:69:1e:2d:e4:1e:77:a4:4f:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:a6:23:e4:b0:f0:92:9b:62:02:10:e4:50:e4:0a:1e
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:59:b3:25:b1:49:34:f1:9c:33:83:5f:44:1c:b2:23:c2:a4:e3:d0:aa:16:d1:d9:19:ec:06:f7:9d:5f:5b:be
Signer

Actual PE Digest

10:59:b3:25:b1:49:34:f1:9c:33:83:5f:44:1c:b2:23:c2:a4:e3:d0:aa:16:d1:d9:19:ec:06:f7:9d:5f:5b:be

Digest Algorithm

sha256

PE Digest Matches

true

ff:2d:ce:b1:52:96:51:96:4b:0a:18:78:fc:25:27:3e:35:07:fd:1b
Signer

Actual PE Digest

ff:2d:ce:b1:52:96:51:96:4b:0a:18:78:fc:25:27:3e:35:07:fd:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\rczip.dev\trunk\bin\Win32\release\pdb\Extract7z.pdb

Imports

kernel32

GetProcAddress
VirtualAlloc
GetModuleHandleW
VirtualFree
InterlockedExchangeAdd
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
GetLastError
ReadFile
CreateFileW
SetFilePointer
CloseHandle
LoadLibraryW
FreeLibrary
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetFileAttributesW
FormatMessageW
LocalFree
FindFirstFileW
FindClose
FindNextFileW
DeleteFileW
CreateDirectoryW
GetFileSize
GetFullPathNameW
SetFileTime
GetTempFileNameW
SetFileAttributesW
MoveFileW
lstrlenW
SetEndOfFile
FindResourceW
WaitForMultipleObjects
CreateEventW
ResetEvent
WaitForSingleObject
SetEvent
CreateThread
ExitThread
ResumeThread

user32

LoadStringW

Exports

Exports

ExtractArchive

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_29_/GameHallMain.dll
.dll windows:5 windows x86 arch:x86

f814ccd1353572b458db4d514821effe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

91:54:9a:aa:e2:4b:69:85:64:b4:e4:f4:24:71:87:7d:7b:77:ca:a4:65:62:7c:12:55:71:38:08:3b:40:a8:cb
Signer

Actual PE Digest

91:54:9a:aa:e2:4b:69:85:64:b4:e4:f4:24:71:87:7d:7b:77:ca:a4:65:62:7c:12:55:71:38:08:3b:40:a8:cb

Digest Algorithm

sha256

PE Digest Matches

true

d9:e1:b4:0d:0c:5b:45:a8:04:bd:02:ab:5c:e6:f5:6d:60:4b:03:c8
Signer

Actual PE Digest

d9:e1:b4:0d:0c:5b:45:a8:04:bd:02:ab:5c:e6:f5:6d:60:4b:03:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\gamehall\GameHall\out\Release\GameHallMain.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FileTimeToSystemTime
QueryPerformanceFrequency
RemoveDirectoryW
HeapDestroy
HeapCreate
VirtualFreeEx
VirtualAllocEx
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
UnlockFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
FormatMessageA
WideCharToMultiByte
FormatMessageW
GetVersionExW
GetFileAttributesA
HeapValidate
GetFileAttributesW
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetVersionExA
DeleteFileW
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
LocalAlloc
GlobalMemoryStatusEx
MoveFileW
FindFirstFileW
FindClose
lstrcatW
VirtualQuery
SuspendThread
CreateToolhelp32Snapshot
OpenThread
Thread32Next
Thread32First
SetThreadContext
GetThreadContext
IsBadStringPtrW
IsBadWritePtr
IsBadReadPtr
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
MapViewOfFileEx
SetWaitableTimer
CreateWaitableTimerW
FreeResource
SetEnvironmentVariableA
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetModuleHandleExW
GetOEMCP
GetSystemTimeAsFileTime
GetStdHandle
GetCurrentThread
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateSemaphoreW
GetStartupInfoW
TlsFree
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineA
ExitThread
IsProcessorFeaturePresent
IsDebuggerPresent
GetExitCodeProcess
DeviceIoControl
WaitForMultipleObjects
GetComputerNameW
GetLogicalDriveStringsW
GetFileSizeEx
SetFileAttributesW
GetWindowsDirectoryW
GetCurrentDirectoryW
CopyFileW
GetSystemDirectoryW
CreateDirectoryW
MoveFileExW
GetTempFileNameW
GlobalFree
GetEnvironmentVariableW
QueryDosDeviceW
OpenProcess
ReleaseMutex
ExpandEnvironmentStringsW
GetFileTime
SetFileTime
LockResource
FindNextFileW
GetLongPathNameW
SearchPathW
OpenFileMappingW
OpenEventW
CreateEventW
ResetEvent
InterlockedExchangeAdd
GetACP
GetCommandLineW
InterlockedCompareExchange
GetProcessHeap
HeapFree
HeapAlloc
CreateThread
TlsAlloc
GetModuleHandleA
DisableThreadLibraryCalls
GlobalUnlock
lstrcmpW
MulDiv
Sleep
GlobalAlloc
TlsSetValue
GlobalLock
FlushInstructionCache
lstrlenW
lstrlenA
TlsGetValue
VirtualProtectEx
lstrcpyW
SetEvent
WaitForSingleObject
SetLastError
LocalFree
ResumeThread
GetCurrentProcess
GetStringTypeW
EncodePointer
QueryPerformanceCounter
SystemTimeToFileTime
OutputDebugStringA
VirtualProtect
IsValidCodePage
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchange
GetQueuedCompletionStatus
CancelIo
ReadFile
WriteFile
CreateNamedPipeW
ConnectNamedPipe
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
MultiByteToWideChar
LeaveCriticalSection
SizeofResource
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
SignalObjectAndWait
CreateTimerQueue
DuplicateHandle
FindResourceW
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
CreateProcessW
CloseHandle
WritePrivateProfileStringW
CreateFileW
GetPrivateProfileStringW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTickCount
ReleaseSemaphore
GetFileInformationByHandle
GetFileType

user32

GetMenuStringW
GetMenuItemInfoW
LoadMenuW
AppendMenuW
CreatePopupMenu
GetMenuItemCount
InsertMenuW
TrackMouseEvent
DestroyMenu
SetMenuItemInfoW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
DrawTextW
GetIconInfo
DrawIconEx
MsgWaitForMultipleObjects
SetCaretPos
UpdateLayeredWindow
LoadImageW
LoadBitmapW
GetCaretBlinkTime
ToAscii
GetKeyboardState
PeekMessageW
UnionRect
DialogBoxParamW
DeleteMenu
MapWindowPoints
GetSubMenu
ValidateRect
SetWindowRgn
GetUpdateRect
UpdateWindow
EnableWindow
OpenClipboard
IsMenu
RemovePropW
GetCapture
WaitMessage
MonitorFromRect
MapVirtualKeyExW
MonitorFromPoint
GetClassLongW
IsRectEmpty
GetKeyState
IntersectRect
ShowWindowAsync
AttachThreadInput
GetPropW
SystemParametersInfoW
GetSystemMetrics
ClientToScreen
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
RegisterWindowMessageW
IsChild
SetCapture
InvalidateRgn
SetParent
CreateAcceleratorTableW
GetDC
InvalidateRect
GetWindowTextW
GetClassNameW
ReleaseDC
RedrawWindow
GetDesktopWindow
GetSysColor
LoadStringW
EnumChildWindows
AdjustWindowRectEx
MessageBoxW
SetWindowTextW
EnumThreadWindows
PostQuitMessage
GetClassInfoExW
GetDlgItem
GetParent
IsHungAppWindow
LoadCursorW
WindowFromPoint
GetKeyboardLayout
GetAncestor
ActivateKeyboardLayout
GetWindow
SetRect
FindWindowExW
SetTimer
KillTimer
GetFocus
SetFocus
MapVirtualKeyW
GetKeyNameTextW
EndPaint
SetActiveWindow
FillRect
BeginPaint
InflateRect
RegisterClassExW
SetLayeredWindowAttributes
CreateWindowExW
ReleaseCapture
IsWindowEnabled
GetClientRect
SetRectEmpty
MonitorFromWindow
GetMonitorInfoW
MoveWindow
IsZoomed
OffsetRect
EqualRect
CopyRect
SetPropW
EndDialog
ShowWindow
UnregisterHotKey
RegisterHotKey
SetForegroundWindow
LoadIconW
IsIconic
GetForegroundWindow
GetWindowRect
PtInRect
GetCursorPos
GetActiveWindow
IsWindowVisible
GetWindowLongW
SetWindowLongW
SetWindowPos
SendMessageW
CallWindowProcW
GetMessageW
TranslateMessage
PostThreadMessageW
DispatchMessageW
GetAsyncKeyState
DestroyWindow
CharNextW
MessageBoxA
DefWindowProcW
UnregisterClassW
PostMessageW
SendMessageTimeoutW
IsWindow
AllowSetForegroundWindow
GetWindowThreadProcessId
SetCursor
GetWindowDC
GetDCEx

gdi32

GetCharABCWidthsW
GetFontData
CreateRectRgnIndirect
CreatePolygonRgn
SetBkColor
SetWorldTransform
SetGraphicsMode
EnumFontsW
PtInRegion
CreateRoundRectRgn
SetTextColor
GetRgnBox
EnumFontFamiliesExW
SetBkMode
GetTextExtentPointW
CreatePen
ExtCreatePen
MoveToEx
LineTo
SelectClipRgn
CreateRectRgn
ExtTextOutW
GetDIBits
CreateDIBSection
GdiFlush
GetTextFaceW
SetTextAlign
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetClipBox
GetMapMode
SetMapMode
GetTextMetricsW
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
SetViewportOrgEx
CreateDCW
BitBlt
GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
CreateFontIndirectW
GetStockObject
DeleteObject
DeleteDC
GetGlyphOutlineW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW

shell32

DragQueryFileW
DragFinish
ord190
ord155
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

RegisterDragDrop
RevokeDragDrop
CoCreateInstance
CoUninitialize
CoTaskMemRealloc
PropVariantClear
CoUnmarshalInterface
CoMarshalInterface
CoWaitForMultipleHandles
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateGuid

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantClear
SysStringLen
DispCallFunc
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi

shlwapi

PathFileExistsW
ord12
PathFindFileNameW
SHStrDupW
SHGetValueW
PathRemoveFileSpecW
StrDupW
StrToIntA
PathAppendW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

urlmon

CoInternetCreateSecurityManager
CoInternetCreateZoneManager

ws2_32

send
listen
accept
socket
bind
recv
htons
htonl
ntohs
inet_addr
inet_ntoa
closesocket

psapi

GetMappedFileNameW
EmptyWorkingSet
GetProcessMemoryInfo

gdiplus

GdipCreateRegionPath
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathBezierI
GdipAddPathArcI
GdipAddPathLineI
GdipSetStringFormatTrimming
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipGetEmHeight
GdipGetFamilyName
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipEndContainer
GdipBeginContainer2
GdipRestoreGraphics
GdipSaveGraphics
GdipGetClipBoundsI
GdipSetClipRegion
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipFillPath
GdipFillEllipse
GdipFillRectangleI
GdipGraphicsClear
GdipDrawPath
GdipDrawRectangle
GdipDrawArcI
GdipDrawLine
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipMultiplyWorldTransform
GdipCombineRegionPath
GdipSetInterpolationMode
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipCloneBitmapArea
GdipGetImageGraphicsContext
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipGetLineTransform
GdipSetLineWrapMode
GdipSetLinePresetBlend
GdipCreateLineBrushI
GdipCreateSolidFill
GdipGetTextureTransform
GdipCreateTexture
GdipDeleteBrush
GdipCloneBrush
GdipTransformRegion
GdipDeleteRegion
GdipCloneRegion
GdipGetMatrixElements
GdipDeleteMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipGetPathWorldBounds
GdipAddPathString
ord1
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipBitmapUnlockBits
GdipGetImageHeight
GdipCreateBitmapFromFileICM
GdipFree
GdipCombineRegionRegion
GdipGetBrushType
GdipSetTextureTransform
GdipSetLineTransform
GdipLoadImageFromFile
GdipCreateBitmapFromResource
GdipSetImageAttributesColorKeys
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipSetCompositingMode
GdipGetInterpolationMode
GdipDisposeImageAttributes

winmm

timeGetTime
midiStreamClose

imm32

ImmGetContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmReleaseContext

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

wininet

InternetQueryOptionA
InternetSetOptionW
DeleteUrlCacheEntryA
InternetQueryOptionW
HttpQueryInfoA
DeleteUrlCacheEntryW

Exports

Exports

GameHallInitialMain

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 987KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_30_/HelperTool64.exe
.exe windows:5 windows x64 arch:x64

e8de56d93e2963aab9409153ff1f2b45

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/07/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/06/2017, 00:00

Not After

22/06/2019, 23:59

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e6:1c:bb:c2:8e:ff:e4:7b:10:36:54:a2:b6:d0:de:25:22:55:35:ed:dd:26:de:60:6a:33:e1:f7:e0:27:40:09
Signer

Actual PE Digest

e6:1c:bb:c2:8e:ff:e4:7b:10:36:54:a2:b6:d0:de:25:22:55:35:ed:dd:26:de:60:6a:33:e1:f7:e0:27:40:09

Digest Algorithm

sha256

PE Digest Matches

true

fa:9d:3c:1a:f1:f8:07:b9:03:9c:87:f3:e3:58:f9:25:dc:2c:93:d1
Signer

Actual PE Digest

fa:9d:3c:1a:f1:f8:07:b9:03:9c:87:f3:e3:58:f9:25:dc:2c:93:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\trunk\dllplugin\HelperTool64\bin\x64\Release\HelperTool64.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CloseHandle
CreateMutexW
Sleep
GetLastError
GetProcAddress
FindResourceW
LoadResource
GetModuleHandleW
GetVersionExW
LockResource
GetSystemInfo
lstrcmpiW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
CreateFileW
lstrlenW
LoadLibraryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFullPathNameW
GetFileAttributesW
WriteFile
ReadFile
LoadLibraryExW
GetModuleFileNameW
VirtualFree
VirtualQuery
EncodePointer
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
SetStdHandle
WriteConsoleW
ReadConsoleW
GetThreadContext
SetThreadContext
Thread32First
HeapDestroy
HeapCreate
Thread32Next
FlushInstructionCache
OpenThread
VirtualProtect
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
VirtualAlloc

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9679f250d91a527cbbb99da9f96997e8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:ba:b7:21:bb:ba:5e:df:62:4a:e4:5d:1f:20:d5:d0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

6d:9d:5c:bc:41:e1:9b:f6:fc:cd:9c:bf:b8:eb:64:3fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

7a:e3:e7:0f:88:e9:98:fe:0f:63:eb:e9:0d:05:72:dd:00:b7:f2:e2:c0:53:6c:04:0d:1a:23:9e:8d:67:49:55Signer

6c:93:c6:58:c3:09:db:f5:a7:7d:2b:98:d3:f7:57:e8:a0:f0:87:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 173KB

.CRT Size: 512B - Virtual size: 4B

.ndata Size: - Virtual size: 328KB

.rsrc Size: 174KB - Virtual size: 174KB

ad51f7bbb1176ad7ce1a3dc282e1c695

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:dfCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:ba:b7:21:bb:ba:5e:df:62:4a:e4:5d:1f:20:d5:d0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

6d:9d:5c:bc:41:e1:9b:f6:fc:cd:9c:bf:b8:eb:64:3f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

7a:e3:e7:0f:88:e9:98:fe:0f:63:eb:e9:0d:05:72:dd:00:b7:f2:e2:c0:53:6c:04:0d:1a:23:9e:8d:67:49:55
Signer

6c:93:c6:58:c3:09:db:f5:a7:7d:2b:98:d3:f7:57:e8:a0:f0:87:07
Signer

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 173KB

.CRT
Size: 512B - Virtual size: 4B

.ndata
Size: - Virtual size: 328KB

.rsrc
Size: 174KB - Virtual size: 174KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

75:07:30:67:30:94:f3:8c:a9:f0:7e:06:e5:74:fb:df
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

67:1d:31:6b:f6:0f:35:75:5f:07:23:72:de:ef:8f:e5
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

5f:5e:5b:a1:d5:ec:3a:8d:60:4e:75:d3:cb:da:67:d1:8f:1e:5d:11:3e:96:1b:64:dd:8c:6f:5b:24:71:16:10
Signer

33:a0:8a:94:76:e8:18:1e:9f:0c:a4:8e:97:56:18:2c:51:1f:2b:7b
Signer

.text
Size: 198KB - Virtual size: 198KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

55:84:61:31:5b:4a:38:8f:b3:bc:78:26:9c:49:97:2d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

21:23:96:86:f6:6c:b0:bc:11:21:e5:78:87:23:62:8a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

22:bb:56:f8:17:f2:43:b7:6d:6d:18:d7:a6:ec:64:f5:7d:e8:59:be:a9:d6:be:e6:c2:19:9e:f5:81:cb:b8:56
Signer

97:22:0a:20:93:eb:6a:4c:82:ad:37:63:39:bc:81:74:43:e6:a6:48
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 926B